The Federal Communications Commission (FCC) declares that 5G and Wi-Fi are complementary technologies. This sanguine observation belies the intense competition between policy actors to secure finite radio spectrum for these technologies. Although consumers may experience the “seamlessness” enabled by wireless technologies, there are important economic, spectrum, and security differences between 5G and Wi-Fi. The technical elements of 5G and Wi-Fi have different security vulnerabilities in protocols, infrastructure, encryption, authentication, and equipment. The FCC spectrum allocation decisions have inherent security implications, particularly when it can deem a spectrum band for licensed or unlicensed use. To demonstrate the differences and the policy implications, the article reviews the FCC's C-band auction for 280 MHz for 5G and the FCC's 6 gigahertz (GHz) proceeding for 1200 MHz for unlicensed use, though Wi-Fi is considered the leading application. Although an imperfect analysis, a preliminary comparison suggests that the C-band spectrum provides 4.5 times more economic value per MHz than Wi-Fi in the 6 GHz band. The article briefly explores the role of institutional entrepreneurship to suggest that the FCC's spectrum decisions are not necessarily a straightforward comparison of the cost and benefits of the technologies but rather the outcome of a complex interplay of policy actors, particularly trade associations. The recent experience offers a counterpoint to the regulatory enthusiasm for unlicensed use and suggests a revisiting of the calculations of opportunity cost in spectrum allocation models.
The Federal Communications Commission (FCC) declares that 5G and Wi-Fi are complementary technologies. This sanguine observation belies the intense competition between policy actors to secure finite radio spectrum for these technologies. Although consumers may experience the “seamlessness” enabled by wireless technologies, there are important economic, spectrum, and security differences between 5G and Wi-Fi that have policy implications. 5G spectrum is acquired by a competitive bidding or other market process (e.g., auction or secondary transaction); Wi-Fi spectrum is allocated by an FCC's administrative decree and does not require a license. The former frequently involves a sizable payment to the Treasury for usage rights while the latter does not. The technical elements of 5G and Wi-Fi have different security vulnerabilities in protocols, infrastructure, encryption, authentication, and equipment. The FCC has limited statutory authority to address security issues, but its spectrum allocation decisions have inherent security implications, particularly when it can deem an entire band for licensed or unlicensed use. Although producers and consumers may take steps to secure their wireless experience, there are inherent vulnerabilities in different wireless systems and devices.
Two recent spectrum proceedings offer an opportunity for investigation. The recent C-band auction drove $94 billion in gross proceeds, the net proceeds of which, $81 billion, were deposited to the Treasury. The 280 MHz of C-band spectrum, once deployed, is expected to deliver $192 billion to the economy by 2026. This amount contrasts to the expected value of $83 billion to be delivered by Wi-Fi in the 6 gigahertz (GHz) band by 2025 with 1,200 MHz of similarly valuable mid-band spectrum. The article offers a preliminary comparison of these respective FCC decisions from economic, social, and policy perspectives.
The article briefly explores the role of institutional entrepreneurship to suggest that the FCC's spectrum decisions are not necessarily a straightforward comparison of the cost and benefits of the technologies but rather the outcome of a complex interplay of policy actors, particularly their respective trade associations. The sobering analysis of the 6 GHz proceeding offers a counterpoint to the regulatory enthusiasm for unlicensed use and suggests revisiting the calculations of opportunity cost in spectrum allocation models.
5G versus Wi-Fi: Economics
Telecom regulators and spectrum authorities allocate radio frequencies or spectrum to promote social, economic, and political goals.1 Bands are assigned to specific uses and/or users for commercial, governmental, and other purposes. Over the last century, spectrum allocation methods have included administrative grants of licensed and unlicensed access, lotteries, auction, and privatization. The use of spectrum licenses emerged to protect a right to transmit within a defined geographic area with the expectation of limited harmful interference. Unlicensed spectrum allows a freedom to transmit within a band, under technical conditions such as power levels and the threat of significant ex post penalties for “unlawful” interference with radio stations, global positioning system (GPS), and other specified systems. That is, anyone can transmit (no license required), but lawful interference is not managed. Lofquist and Reed observe that the focus on limiting interference is suboptimal because assessments and assumptions are made on worst-case scenarios and worst-performing devices, meaning that much valuable spectrum is wasted with inefficient technologies.2
Wi-Fi users experience interference-driven performance reduction most often in urban living environments where dozens of access points compete to serve users on the same spectrum. Depending on the volume, this can create the classic “tragedy of the commons” problem in which open access to shared resources (in this case, spectrum) leads to overconsumption and depletion.3 Once the spectrum is deemed for unlicensed use, it cannot be recovered for other purposes.
Before administrative spectrum allocation took hold, the United States enjoyed a period of common law property rights. Former FCC chief economist Thomas Hazlett details that prior to the 1927 Federal Radio Act, hundreds of radio stations flourished under free market, common law tenets, and a secondary market emerged with transferring rights with equipment.4 Parties met annually under the auspices of the Department of Commerce to make trades.
After some decades of administrative allocation of spectrum, Ronald Coase emerged to challenge the prevailing regulatory wisdom. His 1959 article The Federal Communications Commission exposed the fallacy of administrative allocation, which justified restricting spectrum use to limit interference.5 Coase showed that the same function can be performed more efficiently through a “price system.” Coase's proposals were mocked by policymakers of his day, and this delayed the first auction for spectrum rights until 1994.6
Today, however, spectrum auctions are practiced around the world and are considered de rigueur for telecom regulators and spectrum authorities. Coase's Nobel Prize and the legacy of his work (including the fact that he remains the most cited among Nobel Prize winners, in law, and in economics7) attest that he was correct on pricing and radio spectrum economics. Indeed, The Royal Swedish Academy of Sciences awarded the 2020 Economics Nobel Prize8 to Paul R. Milgrom and Robert B. Wilson “for improvements to auction theory and inventions of new auction formats” observing,
Their best-known contribution is the auction they designed the first time the US authorities sold radio frequencies to telecom operators. Radio frequencies that permit wireless communication—mobile phone calls, internet payments, or video meetings—are limited resources of great value to consumers, businesses and society. These frequencies are government owned, but private actors can often utilize them more efficiently.9
The Academy describes the folly of the FCC's other methods of allocation, notably “beauty contests” which “meant that telecom and media companies spent huge amounts of money on lobbying. The revenue generated by the process was limited, however.”
The FCC has made great strides to liberalize the allocation of some commercial spectrum, and this has become a model for countries around the world. Important FCC auction reforms include flexible use, competitive bidding, spectrum repacking, and incentive auctions. The FCC has also applied reverse auctions to the distribution of broadband subsidies to rural areas.10 The FCC operates the Universal Licensing System (ULS), a database that includes thousands of licenses holders (including individuals), the many uses of spectrum, and the number of licenses issued annually (more than 150,000 per year for almost a decade).11 This growth and diversification in licensing is a testament to market efficiency for allocation and suggests continued gains whether applied to federally held spectrum.
More largely, most spectrum authorities around the world have come to this consensus that market actors make more efficient allocations than government.12 Hazlett underscores the point, “The FCC had no idea that mobile would become a mass market (not a luxury niche), that handsets would become pocket (not car) phones, that texting and data (not just voice) would become standard, or that digital was superior to the analog standard it mandated. And that was after vast input from scientists, management consultants, broadcasters, Motorola, and AT&T.”13
Despite these realizations of the superiority of market-based allocation, the FCC continues to conduct significant administrative allocation without marginal spectrum valuation, or at least that which is made public. The FCC still conducts “beauty contests” in which it judges industrial proposals for the use of spectrum with opaque and unpublished criteria; for example, with the 6 GHz proceeding.
More largely, the total amount of spectrum that is available for competitive bidding and commercial bidding is relatively small. Most radio spectrum in the United States is held by the federal government, is underused, and understudied.14 Outside of a few exceptions, policymakers have not succeeded in wresting this spectrum from federal holders (notably the Department of Defense), whether through sharing, purchase, or reassignment. Indeed, the management of this spectrum by the Interdepartmental Radio Commission (IRAC) represents some of the least transparent areas of the federal government and one almost untouched by reform since its creation in 1922.15
Social Outcomes of Recent Spectrum Proceedings: C-Band and 6 GHz
To demonstrate the policy implications, the article reviews the FCC's C-band auction for 280 MHz for 5G and the FCC's 6 GHz proceeding for 1200 MHz for unlicensed use, though Wi-Fi is considered the leading application. For background, many economists have compared the value of licensed and unlicensed spectrum, albeit with some difficulty. Looking at TV white spaces, Bazelon (2008) observed that the price of an additional unit of licensed spectrum is equal to the increase in socially beneficial services it produces while an incremental unit of unlicensed spectrum is “based on the relief to congestion that the additional spectrum will provide” plus an option value from future innovations.16 That is to say that the value of unlicensed spectrum will only be realized when interference is low enough to let it operate. A subsequent analysis by Hazlett of the TV white spaces, or so-called “junk band” found that making the unlicensed band available for licensed services (and reassigning some 49 broadcast channels consuming some 300 MHz to cable and satellite) was worth $120 billion at 2008 auction prices. FCC delay and indecision precluded this economic development.17 Thereafter Bazelon and McHenry posit that spectrum value has two components, a “sea level spectrum value based on the general profitability of spectrum based services, and band or license specific adjustments to spectrum value due to band or license specific characteristics.” Matinmikko-Blue et al. (2018) summarized different valuation approaches, for example assessment by engineering, economics, or strategic value.18 Gomez, Lehr et al. note that spectrum value has been derived through mergers and acquisition and secondary markets, though they note that the traditional $/MHz-POP, derived from dividing the value of a spectrum transaction by the total population in the coverage area of the license times the bandwidth (in MHz) is an increasingly unreliable measure because of increasing complexity in the market introduced by sharing, 5G, small cell architecture, and the Internet of Things (IoT) with different spectrum usage patterns.19
The goal of spectrum valuation is to identify the marginal value of the frequency, or its next best use. By law, the FCC need not provide formal economic or quantitative analyses to justify its spectrum decisions. Although the academic literature demonstrates that no method of valuation is perfect, all spectrum allocations have tradeoffs. The FCC's adoption of one or some of the aforementioned spectrum valuations could improve transparency and decision-making. Spectrum is a scarce resource for which multiple actors are willing to pay for its use, and it is critically important to the US economy. In general, FCC decisions that are based on sound economic evidence are more likely to achieve the desired effect and less likely to be challenged in court, or at least more likely to be upheld, whether challenged.
The recent auction of the C-band, Auction 107 of 3.7 GHz for 280 megahertz (MHz) greatly exceeded expectation. Over 50 bidders competed heavily, with gross receipts totaling US$94 billion, a record for a US auction, an amount with reflects 40 percent of the total amount raised by FCC spectrum auctions.20 Of that amount, US$13 billion is reserved for spectrum clearing costs. The remaining $81 billion was deposited to the Treasury. Although such monies are not earmarked for telecommunications purposes, they have been used to fund the development of networks, such as FirstNet, the national public safety network funded by $7 billion in auction proceeds.21 Similarly, proceeds could be used as direct payments to low-income Americans to purchase broadband subscriptions and devices, a not insignificant proposition given that Congress has proposed $100 billion in broadband subsidies to come either from taxation or deficit spending.22
The key difference between 5G and Wi-Fi in spectrum allocation is that cellular operators pay up front for the right to use their spectrum; Wi-Fi actors do not. Hazlett summarizes the $223 billion in FCC gross auction proceeds as follows:
FCC auction receipts, 1994 to 2019: $117 billion.
FCC auction receipts, 2020 (Auctions 103 and 105): $12.1 billion.
Net auction receipts are deposited to the Treasury, which is just one part of the addition to the economy. Thereafter, wireless carriers invest in infrastructure and offer subscriptions, and application providers deliver their services.
In 2019, 4G long term evolution or LTE contributed US$1.01 trillion to the North America economy and accounted for 4.8 percent of North American 2019 gross domestic product (GDP).24 The 2018 report of the global association for the cellular industry GSMA stated that licensed wireless technologies contributed US$475 billion to US GDP and supported 4.7 million jobs. Accenture's 2018 5G report estimated that the licensed wireless industry will invest US$275 billion to build the nation's 5G networks, investment that in turn will boost annual GDP by US$500 billion.25 A commissioned report by CTIA, the US cellular mobile wireless industry association that represents carriers, equipment manufacturers, mobile app developers, and content creators, estimates that 400 MHz of mid-band spectrum for 5G will deliver $274 billion in additional GDP and 1.3 million new jobs, accounting for both direct and spillover effects through 2026.26 In 2018, GSMA estimated that millimeter-wave 5G will deliver $2.2 trillion by 2034 in GDP globally, $588 billion in tax revenue, and will account for 25% of the total value of 5G.27
The Wi-Fi Alliance, a trade organization of more than 800 global companies, led the advocacy for the 6 GHz proceeding.28 It predicts that the global value of Wi-Fi will grow $1.6 trillion between by 2025.29 The Wi-Fi Alliance claims that their members' future success requires free, unlicensed access to the entire 6 GHz band, and that they will need an additional 1500 MHz by 2023.30
In April 2020, the FCC voted unanimously to allocate 1,200 MHz of spectrum in the 6 GHz band for unlicensed use. Wi-Fi NOW called it a “wireless windfall for the ages. It could be the most important regulatory decision in a generation, and it's by a long shot more important than anything ‘5G’ will be able to do in the short term.”31 The FCC's decision amounted to doubling of the unlicensed spectrum available for Wi-Fi, a set of wireless networking protocols based on the IEEE 802.11 standards for local area networking (LAN) and Internet access. It also increased by five-fold the amount of mid-band spectrum for Wi-Fi, a section of the radio spectrum prized for its ability to send data over long distances.
|Amount of Spectrum (MHz)||Auction Proceeds||Value to Economy Once Deployed||Value per MHz|
|5G @ 3.7 GHz (C-Band)||280||$94 billion ($13 billion in clearing costs, and $81 billion in net proceeds)||$191.80 billion (based on Sosa $174 billion, prorated for 280 MHz over six years)||0.5871|
|Wi-Fi @ 6 GHz||1,200||$0||$153.76 billion (based on Katz $83.06 billion to gross domestic product (GDP), $67.78 billion in producer surplus; $2.92 billion in consumer surplus over six years)||0.128|
|Amount of Spectrum (MHz)||Auction Proceeds||Value to Economy Once Deployed||Value per MHz|
|5G @ 3.7 GHz (C-Band)||280||$94 billion ($13 billion in clearing costs, and $81 billion in net proceeds)||$191.80 billion (based on Sosa $174 billion, prorated for 280 MHz over six years)||0.5871|
|Wi-Fi @ 6 GHz||1,200||$0||$153.76 billion (based on Katz $83.06 billion to gross domestic product (GDP), $67.78 billion in producer surplus; $2.92 billion in consumer surplus over six years)||0.128|
The CTIA report by Sosa and Rafert estimate $274 billion in total economic benefit for 400 MHz of mid-band spectrum for 5G over six years. Raul Katz estimates the value for Wi-Fi by calculating the 1,200 MHz of unlicensed spectrum in the 6 GHz. He notes an indirect economic value of $83.06 billion in GDP, $67.78 billion in producer surplus, and $2.92 billion in consumer surplus between 2020 and 2025.32 We offer a simple summary of the calculations of the two uses without discounting.33
Note that the value per MHz for 5G does not include the auction proceeds, yet it is still 4.5 times greater than for Wi-Fi. In fact, the net auction proceeds of the C-band equal 53 percent of the total economic value of Wi-Fi projected for 6 GHz. Comparing the proceedings in these economic terms, auctions for spectrum rights are superior to unlicensed designations and suggests that the FCC was shortsighted to reject the proposal to halve the 6 GHz band into licensed and unlicensed portions.34 In any event, it would be helpful to have greater transparency into the FCC's decision.
Modern wireless communication networks (whether cellular, Wi-Fi, or other) leverage wide channel bandwidths to deliver high data throughput. IEEE 802.11ax (Wi-Fi 6) supports channel bandwidths up to 160 MHz. Due to spectrum crowding, 5G New Radio (NR) must work with channel bandwidths below 100 MHz in spectrum below 6 GHz (3GPP FR1), but may use channel bandwidths up to 400 MHz in the millimeter-wave (3GPP FR2) bands.35 Presuming wide channel bandwidths are available, spectrum between 1 and 10 GHz (known as “mid-band”) provides the optimal balance between information-carrying capacity and wide-area coverage while also having good signal propagation through structural walls and windows.36 Mid-band spectrum used for Wi-Fi is in fact ideal for creating wide-area cellular networks, whereas Wi-Fi and other local-area technologies don't require as much structural penetration capability, and could operate just as well in the higher end of the mid-band, or above the mid-band. The Wi-Fi Alliance argues that allocation of 6 GHz spectrum “extends connectivity to underserved areas,” but exclusive of a few municipal networks Wi-Fi is not typically used for wide-area network deployment, and so the economic benefit from mid-band's propagation and building penetration capabilities favors allocation of 6 GHz to wide-area cellular networks.37
Although the FCC may include some economic analysis in its decisions and the creation of the FCC Office of Economics and Analytics is an effort to elevate such analysis, the FCC has no statutory requirement to perform cost-benefit calculations. Rather the statutory requirement to make decisions for the “public interest, convenience and necessity” may be interpreted instead as a multiple-constituency approach in which the FCC co-creates spectrum policy with a set of successive industrial constituents.38
For many reasons, FCC relies heavily upon industry's analysis to inform its proceedings. The length and cost of these proceedings is not necessarily included in policy analysis and foregoes an approach which could be more flexible to consumer demand and technological innovation like the previously common law approach.39 A 2015 Telecom Policy Research Conference paper Does Today's FCC Have Sufficient Decision Making Throughput to Handle the 21st Century Spectrum Policy Workload? by FCC spectrum veteran Dr. Michael Marcus describes organizational challenges at the FCC that inhibit the agency's effectiveness on spectrum policy.40 He characterizes the agency's approach to spectrum as “triage” (a nontransparent ordering of issues because the agency lacks organizational bandwidth) and the blanket dismissal of “backlog” issues as “stale”—even on proceedings where petitioners had submitted required materials for months, if not years. Marcus suggests that the agency's triage approach hurts the potential for investment and innovation in new spectrum technologies.
Trade Associations and Institutional Entrepreneurship
5G and Wi-Fi compete for the finite resource of spectrum in a heavily regulated domain. The competition for these technologies can also be understood as a political contest between trade associations. Institutional theory describes how organizational structures and their associated processes, rules, norms, and routines become the established guidelines for behavior. Institutional entrepreneurship is a way to understand the relationship between actors, power, and interests.41
Institutional entrepreneurship refers to the “activities of actors who have an interest in particular institutional arrangements and who leverage resources to create new institutions or to transform existing ones.”42 The term is most closely associated with an American sociological construct that “new institutions arise when organized actors with sufficient resources see in them an opportunity to realize interests that they value highly.”43 These actors—institutional entrepreneurs—“create a whole new system of meaning that ties the functioning of disparate sets of institutions together.”44
Trade associations are an important, if under-researched, institutional entrepreneur.45 Rajwani observed the role of Pharmaceutical Research and Manufacturers of America (PhRMA) as more than mere informing public policy or engaging with legislators, but rather policy influencers. Rajwani calls trade associations “informal regulators” through their standard setting in norms of behavior as well as defining the boundaries of an industry through membership and acting as “the voice of an industry” by unifying disparate companies around a single message.46
Boléat described basic features of trade associations including membership of companies, governance structure reflective of their members, and action in the common interest of members, but most important is how trade associations act as a representative or collective to engage with the government, policymakers, and the media.47 Rajwani defines “Powerhouse” trade associations as large, heavily resourced organizations that arbitrate between private and public interests and develop relationships with policymakers for information exchange.48 Trade associations are also described as “institutional entrepreneurs”49 to set policy agendas, to create significant industry events, to influence or change the “rules of the game” in the collective's favor, and to create an institutional field to affect government decisions and actions.50
The FCC's Electronic Comment Filing System (ECFS) offers an important and valuable source of information to study policy development. It is a warehouse for submissions to the FCC, organized by proceeding, filer, and date. It includes “ex parte” filings that are written records of meetings and conversations between FCC staff and external parties on policy matters. The 6 GHz proceeding is just one of dozens, if not hundreds, of ongoing proceedings; it has some 3,000 submissions. The C-band proceeding has almost 2,500. Every year, CTIA and the Wi-Fi Alliance may submit hundreds of documents to the FCC on multiple topics. As of this writing, the ECFS notes the key filers in the 6 GHz are self-described health advocate on wireless radiation effects Kevin Mottus,51 Broadcom Inc., Facebook Inc., Apple Inc., Google LLC, Cisco Systems Inc., Hewlett Packard Enterprise, Microsoft Corporation, Qualcomm Incorporated, and Intel Corporation.52 The top filers in the C-band proceeding were satellite companies, CTIA, T-Mobile, Verizon, and Charter Communications.53
How Spectrum Proceedings Emerge
The FCC does not necessarily originate and identify spectrum bands for auction. Industry participants frequently petition the FCC to undertake spectrum proceedings. The financial success of the C-band auction is significant but was not preordained. The idea to repurpose C-band spectrum emerged by preexisting satellite license holders that wanted to fund a technology upgrade and pay off debt. They formed a group called the C-Band Alliance (now disbanded) with the hope they could get the permission to sell spectrum rights to spectrum-hungry 5G mobile operators while reducing their satellite spectrum use with more efficient technology.54
The C-Band Alliance's original proposal of a secondary market transaction with a payment to the Treasury was rejected by the FCC. A significant debate followed with many political actors. Ultimately, the FCC agreed to host a public auction with accelerated payments to satellite license holders in exchange for the speedy clearing of the spectrum. It appears that some elements of the auction model were designed by Paul Milgrom55 and proposed by the C-Band Alliance were incorporated into the FCC auction.
The decisions by Congress and the FCC to control tightly the amount of commercial spectrum for auction could make the price of spectrum artificially high versus a common law approach. Moreover, it is an interesting question whether and to what degree the FCC's grant of 1,200 MHz in the 6 GHz proceeding increased the value of C-band spectrum during auction. It may be that bids increased based on rational expectations that more commercial spectrum will not be available in future, so the need to secure spectrum for 5G today is heightened.
Had the common law property rights regime remained, it is possible that spectrum shortages would not be a problem because frequencies would be deployed to their most valuable use. In any event, the C-Band and the 6 GHz proceedings illustrate that the FCC is not necessarily engaged in long-term planning to optimize wireless networks for Americans under cost-benefit scenarios. A more likely explanation is that regulators “satisfice”; they make the best of the situation in which an optimal solution may never possible.56 The proceedings may also be studied in light of the FCC Chairman and the respective administration as political “to do lists.” This also speaks to the opportunity cost of Congress's and the President's reluctance to demand accountability and transparency of federal spectrum holders, as efforts to get federal holders to share or relinquish little used frequencies have not proven successful,57 save for relatively symbolic efforts with Citizens Broadband Radio Service (CBRS) (70 MHz) and the forthcoming 3.4 to 3.5 MHz (100 MHz).
FCC spectrum proceedings did not disclose the real-world costs of the work of thousands of lawyers and advocates and many FCC staff over months. Moreover, the suggested market value of unlicensed spectrum, however important, is not necessarily equivalent to social value.58 The distribution of market value across unlicensed applications is highly disproportional with a few applications counting for most of market value.59 A handful of US tech companies—Apple, Microsoft, Alphabet, Amazon, and Facebook—have a greater market value than the economy of the European Union.60 Notably, these companies have been key actors in the 6 GHz proceeding.
In its filing to the FCC, CTIA noted that an auction of 6 GHz spectrum could be significant, “north of $22 billion” according to Wells Fargo.61
Evaluating Commissioners' Perspectives on 6 GHz
FCC Commissioners extolled the 5-0 decision on the 6 GHz allocation and declared that Wi-Fi is a complementary technology to 5G. Chairman Pai asserted that Wi-Fi was vital to keep cellular networks from being overloaded.62 Pai quoted Cisco data asserting that 59% of mobile data traffic will be offloaded to Wi-Fi by 2022 and noted that cellular operators can augment their 5G mobile broadband services by using the 6 GHz band as 3GPP Release 16 includes a 5G NR specification for operation in unlicensed spectrum, called 5G NR-U (NR-Unlicensed).
Commissioner O'Reilly—who worked on the proceeding for some years—asserted, “… this allocation for unlicensed services will accelerate, rather than compete with, the American effort to deploy nationwide 5G advanced wireless services. In sum, 5G will happen faster and more widely with our action here.”63 He also cited Cisco data stating that, “[in the US] almost 76 percent of all mobile data traffic will be offloaded to Wi-Fi by 2022, that the amount of offloaded traffic will increase more than seven-fold between 2017 and 2022 … almost 50 percent of total IP traffic will be Wi-Fi within the next two years.”64 Commissioner Starks observed, “The 6 GHz spectrum is expected to complement 5G wireless service and unleash a wave of innovation for the Internet of Things.”65
That three FCC commissioners emphasized how 5G and Wi-Fi are complements may have been a way to soften the blow from the rejection of a competing proposal that would have halved the spectrum for licensed use and was perhaps intended to distract from the fact that the amount of spectrum made available for unlicensed use eclipses the amount of licensed mid-band spectrum for 5G. The designation of 1,200 MHz for unlicensed dwarfs the scant 743 MHz of spectrum currently available for licensed cellular in the sub-6 GHz range.66 This highly valuable mid-band spectrum is important for 5G because of its physical properties that enable high throughput over long distances, spectrum which can also enable 5G in rural areas. Note that this 743 MHz number purposely excludes the millimeter-wave bands initially made available for 5G, as they are technically challenged and an as-yet unproven value in practice.
Although implementation of 5G in unlicensed spectrum may be viable, it is more likely that spectrum crowded with uncoordinated heterogeneous technologies will be problematic for both Wi-Fi and NR users. However, crowding issues can be addressed by making more spectrum available, most importantly by reassigning federal spectrum that is presently underused.
The United States does not auction licenses on a nationwide basis; licenses are auctioned by Economic Area (EAs) or by county. Thus, a given carrier may—or may not—have succeeded in bidding for a nationwide license, or it may not have bid for licenses in all EAs or counties. Further, this already limited range of licensed spectrum includes 70 MHz for the hybrid-licensed CBRS where paying users share spectrum with nonpaying users. Excluding CBRS, there is no more than 673 MHz available to licensed cellular in the United States. The C-band auction adds 280 MHz, for a total of 953 MHz—an allocation less than the current allocation of unlicensed spectrum.
A complementary good is one such that its consumption tends to increase the consumption of related goods. For example, the purchase of razor handle will typically include, initially or subsequently, the purchase of razor blades. Indeed, the razor blade may be purchased at higher unit cost. As such, complementary goods can be more lucrative than substitutes. For example, Netflix is on one hand considered a substitute for cable content, but as cable channels are unbundled or offered on smaller “skinny” packages, Netflix becomes a complementary good. As subscribers pay less for cable, they can afford more complements; for example, Netflix, Disney+, Amazon Prime, and so on.
What FCC commissioners characterize as complementary services enabling a seamless wireless experience is enabled by complex engineering, standards development, and coordination. It also belies the intense competition in the background between policy actors to secure finite radio spectrum for these technologies.
Offloading of cellular data traffic onto Wi-Fi networks is cited as an economic benefit realized from unlicensed spectrum. During offload, the cellular network directs the user equipment to make connections via Wi-Fi if available.67 Wi-Fi calling is a commonly used example of cellular offload—the user's smartphone is controlled by the cellular network, and the encoded voice payload is carried by an available Wi-Fi network. This is a “best effort” system that lacks standardization and controls for quality of service, and one that exposes user traffic to interception on the Wi-Fi portion of the connection. The desire and exercise of offloading varies by carrier, as larger carriers prefer to maintain traffic on their networks so they can ensure quality of service, whereas smaller carriers may use offloading to compensate for a lack of network sites. As such, the FCC may overstate the benefit of offloading.
An important related issue is the amount of spectrum allocated for unlicensed technologies—currently far more than licensed cellular technologies. Given the glacial nature of spectrum auctions and the need to convert in situ legacy networks, the lack of sufficient licensed mid-band spectrum for 5G NR is a critical concern for national security and international competition.68 Compare the US approach to 5G with China's 700 MHz allocation for 5G. Japan, a country the size of California, has allocated 1,000 MHz for 5G.
The mid-to long-term expectation for 5G NR Access or 5G NR is that it will create new applications and industries in enhanced mobile broadband, positioning and deterministic timing applications, augmented and virtual reality (VR) for a wide variety of use cases, and support for massive numbers of network-connected devices—the so-called “IoT” and smart cities. However, the immediate application is broadband delivery to homes and businesses. Current broadband providers, which currently expend large amounts of money installing and sustaining a wireline network, will have the ability to reduce capital and operating costs by replacing the wired network with 5G NR. Wired infrastructure creates a natural monopoly due to the high costs of network construction and the franchise utility schemas implemented by local governments to manage the interaction between private companies and physical assets in the public right-of-way. In contrast, 5G NR offers potential competitors an opportunity to compete with the incumbent natural monopolists on a free market basis.
Alternatively, users who may have relied on 4G LTE wireless broadband can maintain wireless flexibility while using laptops, desktop computers, smart TVs, and other such devices on their 5G NR subscriptions. Moreover, 5G NR can also be offered in rural areas that have limited or no cellular network coverage, and to serve customers for whom satellite service is insufficient. As such, a key benefit of 5G NR in the short run is competition both in wireless technology (an order of magnitude or better performance improvement over 4G LTE) and in competition with wireline providers.
The Wi-Fi Alliance extolls Wi-Fi with similar ambitions for next generation connectivity, describing how it delivers reliability, security, and interoperability, capacity, improved speed, and lower latency to support next generation use cases such as augmented reality (AR), VR, Ultra high-definition (Ultra HD) video, multiparty gaming, IoT, and other immersive experiences.69 Notably, the providers of Wi-Fi inputs, services, and devices organize and coordinate to minimize tragedy of the commons problems with unlicensed spectrum. They set norms, standards, and certifications to improve spectrum efficiency and quality of service. They cite advantages to their approach being affordability because Wi-Fi operators do not need a spectrum license to transmit and that device makers typically can produce equipment without the need to license patented inputs, which increase cost. Similarly, users can access open Wi-Fi networks without subscriptions, suggesting ease and ability to self-deploy.
Both technologies have important attributes; however, it does not appear that the FCC has calculated the marginal cost of making one additional MHz for licensed versus unlicensed spectrum. This would seem to be an important—though politically challenging—calculation.
Obstacles at the Local Level
Deployments of wireless technologies—licensed and unlicensed—have encountered resistance. People and groups who believe, in contravention of established medical and academic evidence, that wireless technologies cause adverse health effects on humans or living things have opposed cellular deployment, wireless-connected utility meters (i.e., “smart meters”), and even Wi-Fi networks in public spaces or office buildings. The entrances to the county government buildings in Santa Cruz, California have signs alerting people that Wi-Fi networks are operating within the building. Yet, generally speaking, opposition groups have focused more on licensed cellular networks than on Wi-Fi or wireless broadband networks.
Although normally telecom policy would likely support the advent of next generation technology, some policy actors opposed the rollout of 5G NR as well as the spectrum allocation. It might be presumed that California would lead the nation in 5G NR adoption and deployment given its concentration of information technology firms and industry, but it appears the opposite happened. In California, at the local level, opposition to 4G LTE and 5G NR small cell deployments has come from groups including (perhaps ironically) the Communications Workers of America, which is advocating for “Fair 5G.”70 Several cities and towns in California's Silicon Valley region including Mill Valley, Piedmont, Berkeley, Sebastopol, Santa Rosa, Sonoma, Los Altos, Hillsborough, Danville, and so on have, in contravention to established regulatory and legislative frameworks and settled law, enacted various forms of explicit or effective prohibition to wireless facility deployments. In Cupertino, California, the home of Apple and the birthplace of the iPhone, a community effort to create siting exclusion zones of several hundred feet around residences, backed by some councilmembers, was only narrowly set aside by concerted effort from other councilmembers and the city staff who've been working for several years to modernize the city's wireless networks to a level that befits the birthplace of the iPhone.
In response to the FCC's effort to streamline municipal processes and pave the way for next-generation cellular networks via the Small Cell Order and Ruling of 2018, cities across the country joined the City of Portland v. United States & FCC lawsuit against the Small Cell Order. Ostensibly, their concerns were based on a desire to maintain local control and secure a “market rate” from wireless carriers and site operators for pole-attachment leases, but when a local government owns the poles there is no market—they have a natural monopoly, the effect of which is reflected in the wide variance of pole attachment rates found by the University of Pennsylvania Law School's Survey of Rates for Pole Attachments and Access to Rights of Way, which found a standard deviation of 1,265.19 and a rate range of over US$6,000 across the 402 jurisdictions studied.71 In late 2020, the US Ninth Circuit in a near-unanimous decision upheld the FCC Small Cell Order on rates, and also set aside a challenge from Montgomery County, Maryland that sought to question the FCC's decisions on electromagnetic safety guidelines.72
Meanwhile, Silicon Valley companies that on the one hand welcome 5G NR (which increases the bandwidth and performance for their increasingly wireless-dependent apps services) have pursued a competing strategy of delivering their services via unlicensed spectrum and Wi-Fi. Google has backed Citizens Broadband Radio System (sometimes referred to as “Private LTE” or “Unlicensed LTE”), joined the board of the Wireless Broadband Alliance (WBA), is seeking changes to the WBA's Passpoint 2.0 Wi-Fi authentication standard, and was active in the effort to prevent carriers from using U-NII unlicensed spectrum for delivery of LTE.73 In short, they're hoping for the success of commercial 5G NR while simultaneously supporting alternatives. Facebook's creation of the Telecom Infra Project (TIP), another unlicensed technology, attracted members from many technology companies—it has been said that “TIP is the Pepsi to 3GPP's Coke.” The lack of major wireless carriers among its membership is notable. It remains to be seen whether organizations like TIP and WBA and the innovations they pursue sufficiently address the question of security at the user, enterprise, and national security levels.
One notion to justify unlicensed spectrum for cable providers suggest that if they secured a costly franchise agreement that they are somehow entitled to radio spectrum. If that's the case, it should be spelled out. Moreover, it should follow that wireless carriers, which purchase rights to the airwaves should get automatic rights of way on the ground, and therefore the terrestrial rents for tower and antennas should be waived.
5G versus Wi-Fi: Security
The FCC's plan for 6 GHz allows overlay unlicensed uses on top of existing networks for transportation, electricity, public safety, and broadcasting in the 6 GHz radio frequency band where network owners have spectrum rights.74 The FCC believes this can be done without harming the underlying networks with transmissions rights, but incumbents disagree.75 Many technical analyses of interference were presented among the more than 2,200 submissions in the FCC's proceeding. The final Report and Order (which entails 142 pages) has significant discussion of interference and mitigation, but almost no discussion of security. Security did not appear to be a parameter for the 6 GHz proceeding, but it still worthwhile to review the network security of LTE/NR and Wi-Fi.
The introduction of unlicensed technologies into a vast swath of radio spectrum could have significant consequences, not the least of which is proliferation of products and services already restricted in federal networks because of their security vulnerabilities. Additional issues relate to the planned deployment of Wi-Fi, the leading application in unlicensed spectrum. Its weak security standards have been noted recently as hackers successfully defeated Wi-Fi Protected Access there before it came to market.76 Further Wi-Fi deficiencies include a lack of device management, inconsistent support for mobility handoff, and no mechanism for channel reassignment. Naturally, many participants in the Wi-Fi ecosystem tout the advanced security features Wi-Fi 6,77 but the crowdsourced and connectionless nature of the technology means that enforcement is hit or miss.
This section describes the security parameters with which to compare 5G and Wi-Fi. It begins with a brief discussion of the challenge of security in wireless network and then compares the different methods, infrastructures, and tools of security on the two networks. It describes additional concepts such as encryption, authentication, and vulnerability of equipment.
The Security Challenge on Wireless Networks
Wireless users face security challenges every day. Wireless networks themselves are large attack surfaces with many vulnerabilities: hardware, software, protocols, applications, end user devices, operators, and users. Security is deployed at different layers and points with various methods depending on the risk. Wireless networks are engineered as systems to be resilient against cyberattacks. Similarly, information communications network architects develop security requirements, roadmaps, budgets, scenarios, and timelines to improve the network experience. However, network security has costs, and it can reduce network resources and spectrum efficiency.78 Although 5G and Wi-Fi are both wireless networks that can run many of the same applications, the underlying network security architecture is different.
The coronavirus (SARS-CoV-2) pandemic has shown that broadband networks are essential. People sheltering in place have increasingly used wireless networks to work, learn, shop, obtain healthcare, and connect with others. However, they face greater security risks when accessing enterprise applications and sensitive enterprise data with unsecured networks and devices, as may be the case when people work from home. Individuals having endured extensive isolation during the pandemic are further vulnerable to phishing and social engineering attacks—if not outright hacking—when they increasingly multitask on computing devices connected to home Wi-Fi, a usable—but often architecturally insecure—connection technology. The following section describes the network security issues of the two technologies as well as some reference to competition.
Security of Connection-Oriented versus Connectionless Protocols
5G and Wi-Fi are different network technologies with important differences in security and connection management. Where users are known to each other, security is less important, and devices can manage their own connections. However, as the network grows larger with unknown users, it is prudent to adopt rigid security protocols, where the network manages the device connection. The use case also matters. A connection- oriented or connection-managed protocol (e.g., 4G WiMAX, 4G LTE, 5G NR) requires that an end-to-end data link between the sending node and receiver node be established both before and while data is transferred. Think of this data link like a telephone—you don't start speaking until you hear a voice on the other end. Connection-managed protocols have better reliability, predictability, and security because the encryption key exchange is end-to-end and must be completed before data is transferred.79
In a connectionless protocol like Wi-Fi, data is transferred from the sending node to the access point network without requiring an end- to-end link. Think of this like the postal system—you put a letter into a mailbox and hope for the best. Data can be lost, misrouted, intercepted—and there is no end-to-end security unless you layer a Virtual Private Network (VPN) on top of the connection. Indeed, the need for VPN security to correct Wi-Fi's limitations is so great there are hundreds of third-party VPN service options, and technology companies frequently offer VPN services to subscribers. Google recently began offering VPN as an add-on feature for higher tiers of their Google One support service, and numerous anti-virus vendors offer some form of VPN. Some wonder, “What becomes of my data after it leaves the VPN?” In 2019, Facebook Research paid subscribers in a beta trial to use a VPN service that was later revealed to compromise data privacy.80
Although VPNs are a solution for adding security to Wi-Fi, in most cases, they are implemented by users, and require activation and control by the user—which in most cases requires an advanced level of technical expertise. Exceptions to this are systems like Google Fi, a mobile virtual network operator (MVNO) that leverages Wi-Fi (either open or password-protected) and implements a VPN without user intervention. Comcast's Xfinity Mobile (another MVNO) leverages Wi-Fi connections from their subscribers' access points in homes and businesses. Again, these solutions only implement VPNs from the subscriber device to the provider's network. Additionally, some Wi-Fi networks block VPN traffic, requiring the user to choose between connectivity and an unsecure connection.81 VPNs are not yet a mass-market solution usable by the general public.
Wi-Fi, a connectionless protocol, is ideal for local area networks and most enterprise deployments in an office building, but wide area networks and large-scale infrastructure deployments (e.g., cellular, transportation, utilities, public safety) require connection management to ensure reliability and predictably, in addition to security. As such, connection-managed wireless networks such as 4G LTE and 5G NR offer scalability and inherently secure use cases for millions of simultaneous users.
Connection-managed wireless networks such as 4G/5G have many use cases, but mobility is key. A person can use a smartphone or portable hotspot while moving quickly across the coverage areas of multiple sites while keeping a secure, consistent connection. This is provided by a “handoff” system that shifts the connection to the best possible tower or site. In unlicensed connection-unmanaged systems like Wi-Fi, the client will remain attached to the access point until the connection is so poor that it fails.
Indeed, the challenges related to connectionless roaming can make some critical applications unusable on Wi-Fi; for example, calling and video conferencing. Although there are some enterprise solutions that try to make the Wi-Fi experience better, they typically require significant upfront investment by network owners, and the management software is maintained by an annual fee or subscription to obtain updates and maintain access.
Conversely, 4G/5G offer a series of patented features to ensure a quality experience; centralized authentication (intelligence in the device ensures network authentication); network rules for security of data transmission; protocols to avoid congestion; spectrum/channel steering, and resource allocation management.
Wi-Fi equipment vendors have attempted to develop solutions for congestion avoidance and spectrum/channel steering, but these are the exception, not the rule, for connection-unmanaged technologies in unlicensed spectrum. That is, they work within a given vendor's product suite, but are not necessarily interoperable with other vendor's hardware.
Wi-Fi networks are estimated to carry 55 to 65 percent of the total data consumed by mobile devices.82 This creates a challenge for the device's wireless carrier, because when attached to Wi-Fi the carrier has less control over the subscriber device. The Third Generation Partnership Project (3GPP) attempts to mitigate offload security issues by implementing standards such as Interworking Wireless LAN (I-WLAN)83 and Access Network Discovery and Selection Function (ANDSF,84 included in 3GPP Release 8) in the cellular core.85
From this we allow that Wi-Fi is clearly important to overall network operation. Clearly the cellular network would have to carry (if coverage existed) more than double the amount of data it carries today. Further evidence that Wi-Fi is less secure comes from considering the technical changes needed by the carriers and 3GPP to implement Wi-Fi offload in both devices and the network core. It may be that Wi-Fi offload is a necessary adaptation to cellular network limitations (e.g., spectrum capacity, and challenges in creating robust indoor coverage), but it's a solution that creates risks which may not be obvious to end users, and an economic benefit from Wi-Fi doesn't necessarily follow simply because offload is widely used.
Connection-managed networks are characterized by a centralized architecture where the interaction of user devices, the radio access network, and data interfaces with the Internet or private networks are orchestrated by the network core that enforces—among other things—security and authentication of user devices.
Physical Infrastructure: Access Points versus Cell Towers
Another point of security control is the radio access node in the network. This is managed differently depending on the technology. With 4G LTE small cell and 5G NR, mobile operators rent, own, and/or build locations to install several hundred to several thousand wireless communication facilities (or they work with a firm specializing in acquiring and managing site locations). These sites are centrally managed as part of the network and are regularly updated with security patches by the operators.
In contrast, a Wi-Fi access point can be set up anywhere by anyone, and there are many service and device vendors, though only members of the Wi-Fi Alliance who put their equipment through certification can display the Wi-Fi Certified trademark on their equipment. Many Wi-Fi access points are used for long periods, sometimes even after the vendor has abandoned the product line or gone out of business, so older equipment is often unpatched and vulnerable. Indeed, in 2018 large numbers of unmaintained “orphan” Wi-Fi access points were compromised by hackers using the Mirai/Gafgyt exploit to create a massive global botnet for launching cyberattacks.86
Although encryption is possible on Wi-Fi networks, the connection (especially in public Wi-Fi networks) is frequently unencrypted because implementing passwords incurs additional cost and complexity for the network provider and creates a barrier to users seeking to access the network.87 This places the burden of security on the end user, requiring the purchase of a VPN subscription, and for the user to manage the state of that VPN. In contrast, all data on 4G LTE and 5G NR networks is encrypted, automatically protecting users from hackers and eavesdroppers. To be sure, most popular online platforms and smartphone applications offer data encryption between the user and the platform's servers, but unbeknownst to the user an app might be insecure and vulnerable when used on an unsecured Wi-Fi network. The problem is so pervasive that the US Federal Trade Commission has a website dedicated to educating the public about public Wi-Fi's dangers.88
Rogue Wi-Fi access points are easy to create, as cybercriminals can use the same or similar Service Set Identifier (SSID) name as a legitimate access point or hotspot, ensnaring unwitting users—this is known as a “Man In The Middle” attack.89 4G LTE and 5G NR networks do not suffer from this risk. Moreover LTE/NR subscribers don't need passwords to access the mobile network, as authentication is provided automatically by a Subscriber Identity Module (SIM) card. Wi-Fi networks, however, require a username and password, making a user vulnerable each time they log in. Or worse, the access point is open, and the connection has no security at all. A typical Wi-Fi login entails a redirect to an authentication website, opening that segment of the security process to attack. The SSID, while adequate for a home or small office network, does not scale to a large number of users. Indeed, public Wi-Fi networks use this weak security measure to be user-friendly and accessible, but such open SSID exposes users to attack.
Equipment Vendor Vulnerabilities
Some security analysts suggest that current network security efforts over-focus on software threats, while downplaying—if not dismissing—hardware vulnerabilities.90 Wireless networks have a multitude of hardware components from a variety of vendors. At any one point, a hardware component could be damaged or defective. It may also be possible that a piece of hardware is compromised or has any number of vulnerabilities that make it susceptible to attack. An important and emerging field is supply chain security of wireless network devices.91 This policy domain has taken on greater importance in light of COVID-19 and the availability of critical equipment and supplies in a variety of industries whether pharmaceuticals, personal protective equipment, electronics, semiconductors, and other products and inputs.92 It has caused many to rethink centralization of supply chain in countries and regions where they could be vulnerable to geopolitical risk and to explore diversification of supply and sourcing.
Moreover, many countries experience increasing tensions with the People's Republic of China (PRC) for military, economic, and political reasons. Recent events in Hong Kong, Taiwan, and the autonomous provinces of Tibet and Xinjiang have raised concern about the PRC's increasingly aggressive, militant, and repressive actions. Note that these concerns have nothing to do with the Chinese people, a diverse complex of more than 50 ethnic groups, but rather the authoritarian government of the country. The growing geopolitical power of the PRC is expressed among other ways through its information technology industry and capabilities in what the bipartisan United States–China Commission calls the PRC's techno-nationalist strategy.93 Among the leading sources of advanced persistent threat (APT94) actors against the United States in cyberspace the PRC, Russia, North Korea, and Iran, only the PRC has a leading information technology industry, which it uses to enable theft, surveillance, espionage, and warfare.95
Just as the world is becoming more digitally integrated, so are cyberattacks growing in frequency and severity. The most common cyberattacks—data breaches, phishing, and hacking—come from organized crime and state-sponsored actors for financial and espionage reasons.96 Cyber attackers want valuable personal and financial information, intellectual property, proprietary product information, corporate account information about key employees and customers, corporate network access, and defense and intelligence information. Preventing and mitigating these attacks requires a range of methods, including database security; user education on how to identify and avoid falling prey to phishing (in addition to email and user credential security); and addressing vulnerabilities in networked systems.97
A related issue is the development of artificial intelligence, facial recognition, and other technologies in unethical situations, which are subsequently integrated in products and services consumed by Americans. For example in December 2020, the Washington Post described a chilling patent application by Huawei, the Chinese Academy of Sciences, and Megvii for the identification of Uighur Muslims at large in Western China and automatically reporting them to the police.98 The widespread deployment of Megvii's Face++ technology in consumer products such as smartphones made by Huawei, Xiaomi, and Vivo; “smile-to-pay” terminals by Alibaba; and laptops made by Lenovo (in addition to Lenovo seeding Face++ development99) have caused understandable concern.100 The PRC's development and use of surveillance technology for repression of human rights has sparked a global backlash from the Department of Commerce Entity List with its designation of Megvii for use of the technology on Uighur Muslims in Western PRC101; condemnation by Human Rights Watch,102 and a variety of bans and regulations proposed by the Council of Europe on the development of facial recognition.103
Notably, the 2020 US Presidential Executive Order on “Team Telecom” strengthened the cooperative strategic effort to align the US federal departments of Defense, Homeland Security, Justice, and their affiliated agencies with the FCC.104 The order streamlined the process to review, approve, deny, and revoke licenses and applications from foreign vendors, and to act to protect national security interests. China Unicom and China Telecom, whose licenses reportedly had not been reviewed in almost two decades, were put on notice and requested to explain how they—as state-owned entities—were not under the influence of the PRC and by extension the Chinese Communist Party.105 If it is the case that cyberattacks are largely state-driven, it follows that scrutiny should be applied to state-owned applicants for licenses within the United States.
Many assume that because the US federal administrative state exists, it does its job effectively. However, the 2020 Executive Order demonstrates that this important federal telecom security function had languished and needed an update to reflect a new threat environment. More largely, the earlier approval of licenses to PRC state-owned companies likely reflected the prevailing view at the time that the PRC was a “responsible stakeholder.”106 It is possible that over the years Team Telecom was reluctant to revisit earlier approval for fear of exposing that the earlier decision may have been misguided or miscalculated.
The FCC itself adopted a significant national security policy in 2019 by prohibiting the use of the Universal Service Fund (USF) to purchase equipment or services from companies posing threats to communications networks or supply chains, notably Huawei Technologies Inc. and ZTE.107 Ideally, the policy should be adopted by other state and federal agencies disbursing broadband subsidies like the National Telecommunications Information Administration (NTIA) and the US Department of Agriculture. For example, the American Recovery and Reinvestment Act of 2009 directed US$4.5 billion in broadband subsidies to 55 small carriers represented by the Rural Wireless Association (RWA).108 Many of these firms contracted with Huawei and ZTE to install hardware that in 2019 covered 25 percent of US territory and four million Americans.109 It appears the use of stimulus funds were not subject to security reviews, and thus unwittingly, taxpayer dollars were used to purchase insecure equipment from vendors with ties the Chinese government and military. In addition to the economic critique of subsidies being an inefficient use of taxpayer dollars,110 there exists a moral hazard in which Americans are forced to finance the procurement of unreviewed and insecure network elements, which endanger their safety and security.
Small carriers have offered various reasons of selecting Huawei, even though they were aware of the security risks,111 and almost $2 billion has been authorized by the FCC to reimburse these carriers to rip and replace the equipment.112 However, European carriers are ripping and replacing equipment without increasing capex or slowing rollout. Strand Consult estimates the rip and replace cost at $7 per European mobile subscriber. This suggests that small carriers don't necessarily need to be reimbursed and in fact, the reimbursement is effectively a reward for making bad security decision.113
As a related matter, Wi-Fi networks are teeming with hundreds of PRC government-owned technology providers such as Lenovo, Lexmark, Panda Electronics, Skyworth, SVA, TCL, Xiaomi, BOE, Changhong, Haier, Hisense, Konka, and DJI. Membership in the Wi-Fi Alliance gives these firms access and legitimization to US policymakers and processes. However, these firms operate under the PRC's draconian Internet, espionage, and algorithmic social credit laws and practices, which assert the PRC's sovereignty over the Internet and its authority to collect any data on any PRC-made device or service anywhere in the world. Many of these companies are restricted on US federal government networks, but their equipment presents the same vulnerabilities on commercial networks and on state government networks, where they are currently unrestricted. The FCC may deny USF subsidies to vulnerable PRC-owned vendors, but their products can still be purchased by companies and individuals at leading retail outlets like Amazon, BestBuy and so on. Moreover, once such vulnerable devices are deployed into unlicensed spectrum, they are unlikely be recovered. In fact, many Wi-Fi business models are predicated on the plethora of low-cost devices.114 These devices tend to be manufactured in the PRC by its firms.
Historically, any device could use unlicensed networks, provided it complied with the FCC's regulated power levels, a certification that comes with the FCC sticker on the back of the device. It is worth considering whether the FCC should restrict devices from malign state-owned manufacturers. Indeed, in June 2021, the FCC voted to start a process on the theme of “Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization Program.”115 This suggests that they are aware of security risks and are seeking comment on proactive measures to address these concerns. In an earlier proceeding, the FCC denied a license application by China Mobile,116 but its daughter company China Mobile Group Device Co. Ltd is a member of the Wi-Fi Alliance. In 2019, then Commissioner Rosenworcel called for a Secure IoT,117 it appears that she did not raise this concern in the 6 GHz proceeding.
Importantly, some Wi-Fi providers invest to make the service secure. For example, Comcast's Xfinity Wi-Fi offers a secure network SSID for subscribers, using the IEEE 802.1x standard, which encrypts traffic passing between a user's device and the hotspot.118 This encryption continuously encodes and decodes the user's data, helping to protect users from the risk of wireless eavesdropping. Xfinity's secure Wi-Fi uses 128-bit encryption, like financial services apps and websites. However, Xfinity also offers a less secure SSID, and Comcast differentiates between the “secure” and “open” versions of their services—the latter of which offers no encryption at all, and non-Xfinity users attached to the open network are potentially vulnerable.
Network security has grown complex and expensive, requiring significant resources to implement and maintain. Indeed, many IT products and services, including home and enterprise network solutions, compete on their security features. Proponents of unlicensed networks tout the low barriers to entry; anyone can use the spectrum for free, but there is no promise for the quality or security of the experience. Popular consumer technologies such as Wi-Fi are managed through a standards process in which participants conform to generally agreed principles. On the other hand, a key benefit of 4G LTE and 5G NR is strict user authentication and a security mechanism enforced by the network core at all times. Where reliability and predictability are required, a connection-managed network like 5G NR is a superior alternative.
Security Implications for Spectrum Allocations
Network architectures have inherent risks based on their engineering and design, and these risks extend to spectrum choices made through federal allocations. Although security is not an explicit topic necessarily discussed in spectrum proceedings, allocation decisions are not neutral nor immune to security risk. Different network architectures are deployed depending on the spectrum allocation and use. The FCC in choosing to designate whether spectrum is licensed or unlicensed, for example, makes implicit choices about network security. Thus, the amount, type, and location of spectrum allocations can have long-term consequences for security.
With few if any unallocated radio frequencies remaining, US spectrum policy decisions are contentious and consequential. These decisions entail trade-offs and path dependencies that could impact security goals in private and public networks. Regulatory responsibility for security exists in various federal agencies operating under different administrative structures, making the process to gather and evaluate security information difficult. Moreover, wireless networks are complex and diverse. They operate in different spectrum bands with varying technologies, business models, devices, and providers. Although cybersecurity naturally incorporates network security elements, the physical, economic, and policy characteristics of spectrum policy can also impact security.
In the past year, various policy actors have observed security risks arising from spectrum decisions. Critical infrastructure network providers for utilities, transportation, and public safety asked the FCC to slow, if not halt, a proceeding to open a 1,200 MHz swath of spectrum to unlicensed use in the 6 GHz band on the basis of potential interference, to say nothing of the potentially insecure and vulnerable devices, which would be deployed in that band. The Communications Act of 1934 does not explicitly stipulate that the FCC regulate the security of information technology, communications, or spectrum—and this article does not advocate for the FCC to do so. However, the authors do wish to bring attention to inherent security risks that result from spectrum and network architecture choices.
This article described economic, security, and spectrum policy challenges for 5G and Wi-Fi. It described how these technologies are asserted to be “complementary” and yet they are very different in their technical architecture, business models, and spectrum allocation. Moreover, they are subject to intense competition for scarce radio frequencies, led by institutional entrepreneurs, the “powerhouse” trade associations CTIA and Wi-Fi Alliance.
The FCC has been recognized for many improvements in spectrum allocations, notably the use of auctions, as the 2020 Nobel Prize in economics underscores. However, it appears that significant political elements remain in spectrum proceedings. This is illustrated simply with the recent experience of the C-band proceeding producing an outcome, which economic value is 4.5 times greater per MHz for 5G than for Wi-Fi. In fact, the granular average price of C-Band spectrum exceeds that of CBRS by more than a third ($0.35/MHz Pop vs. $0.217/MHz Pop). C-Band spectrum is thus more valuable because it's a larger swath (280 MHz vs. 70 MHz) with fewer restrictions such as power limits, tiered access, and incumbent users. Auctions provide the important information of price to commercial spectrum decisions, something which is absent from allocations to unlicensed and federal users.
Before taking on additional efforts to share spectrum and make more grants for unlicensed spectrum, policymakers should revisit the opportunity cost assumptions of these efforts. The FCC should reconsider the social cost of its 6 GHz proceeding, and lost revenue of leaving the band to unlicensed use. If the FCC cannot conduct an auction for the 6 GHz band, it should consider requiring a fee for its use, a common spectrum instrument used across developed countries. Alternatively, the FCC could allocate 6 GHz for CBRS use—creating a second band that combines the benefits of paid priority access with the open nature of unlicensed use. The Wi-Fi Alliance or another entity could form a spectrum consortium that purchases spectrum on behalf of its members and thus ensures quality of service, security, and so on.
Moreover, Wi-Fi Alliance members like Google, Microsoft, and Amazon are sophisticated spectrum users with their own network strategies and significant cash. They could purchase spectrum to ensure the delivery of their services. If spectrum is critical to the Wi-Fi industry, it follows that the Wi-Fi industry should pay for it. It is not logical that spectrum is exempt from payment when businesses must purchase every other input (land, labor, capital) from the market. Spectrum should not be a “windfall” particularly when it is scarce and when large commercial interests expect to monetize it.
Economic theory suggests that there will also be more uses for spectrum than the availability of spectrum itself. However, the most important task to improve spectrum policy requires Congress to rationalize federal holdings, a domain which has been almost untouched for a century. Failing its ability to demand accountability of Executive Branch agencies, Congress can at least clarify the processes for how the agencies work with the FCC on spectrum.
This study was first presented at TPRC48: The Research Conference on Communications, Information, and Internet Policy, February 17-19, 2021.
Cave, Doyle, and Webb.
Mark and David.
Frank et al.
Hazlett, “The 1927 Radio Act.”
Coase, “The Federal Communications Commission,” 1–40.
Coase, “Comment on Thomas W. Hazlett,” 577–80.
Landes and Lahr-Pastor, S383–401
“The Sveriges Riksbank Prize in Economic Sciences in Memory of Alfred Nobel 2020.”
Nobel Prize Committee.
“FCC Establishes a 5G Fund for Rural America.”
“FCC Licenses at a Glance.”
Blackman and Srivastava.
Thomas Hazlett. “Commentary: The Best Way.”
“Testimony of Roslyn Layton.”
Hazlett, “Tragedy TV,” 83.
Matinmikko-Blue et al.
Gomez et al.
Hazlett, “Ajit Pai FCC.”
“Klobuchar, Clyburn Introduce.”
“Accelerating Future Economic.”
Sosa and Rafert.
“Study on Socio-Economic Benefits of 5G Services Provided in MmWave Bands.”
“Wi-Fi Alliance® Applauds FCC Action on 6 GHz Spectrum.”
“Value of Wi-Fi.”
Comments of Wi-Fi Alliance to Federal Communications Commission, February 15, 2019, https://ecfsapi.fcc.gov/file/10215883110307/Wi-FiAlliance6GHzComments2.15.2019.pdf
We recognize the assistance with the calculation from Petrus Potgieter at the Institute for Technology and Network Economics.
CTIA. Petition for Partial Reconsideration. Docket No. 18-295 and GN Docket No. 17-18.
Wi-Fi Alliance, comments to the NTIA, Docket No. 18113099-8999-01. CTIA, comments to the FCC, ET Docket 18-295.
Connolly, Conlon, and Deutsch.
Supra Hazlett, Honig
Garud, Hardy, and Maguire.
Hardy and Maguire, 198–217.
Smith et al.
Garud, Jain, and Kumaraswamy, 196–214.
Phillips, Rajwani, and Lawton.
Streeck and Schmitter, 119–38.
Maguire, Hardy, and Lawrence, 657–79.
“Kevin Mottus | Health Advocate” (Kevin Mottus, December 11, 2018), http://kevinmottus.com. He is also associated with the US Brain Tumor Association: “US Brain Tumor Association,” US Brain Tumor Association (blog), February 2, 2015, https://usbraintumorassociation.org/.
“ECFS Filings Results.”
Hazlett and Honig.
“Top Ranking Websites in United States.”
See footnote 14. CTIA. “Petition for Partial Reconsideration.”
Cisco, VNI Mobile Forecast Highlights Tool, United States, Mobile/Wi-Fi Traffic Profiles, https://www.cisco.com/c/m/en_us/solutions/service-provider/forecast-highlights-mobile.html# (“In the United States, 18.2 exabytes of mobile data traffic will be offloaded to Wi-Fi by 2022 compared to 2.5 exabytes in 2017).
“Sub-6 GHz Spectrum Screen.” “Mobile Carrier Spectrum Ownership Analysis Tool (USA).”
Witkowski, Bridging the Gap 21st.
“The National Security Importance of Winning the Race to 5G.”
“Next generation Wi-Fi.”
“Survey of Rates for Pole Attachments and Access to Rights of Way.”
“UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT.”
“FCC Proposes More Spectrum for Unlicensed Use.”
“Unlicensed Use of the 6 GHz Band, ET Docket No. 18-295.”
“Wi-Fi CERTIFIED 6.”
Salameh et al., e3317.
Meister, Janson, and Svobodova, 1164–73
Kyunghan et al., 425–26.
Aijaz et al.
Witkowski et al., Public Wi-Fi Supercluster.
US Federal Trade Commission.
Montasari, et al., 397–411. Alves, and Thomas, 259–66. Regazzoni and Polian.
Yang, Forte, and Tehranipoor.
Salidjanova. Ostry and Nelson.
Ghafir and Prenosil.
“2020 Data Breach Investigations Report.” “Significant Cyber Incidents.”
“Overview of Cyber Vulnerabilities.”
“Lenovo Capital and Incubator Group.”
“Facial Recognition Specialist Megvii Plans Share Sale.”
“Addition of Certain Entities to the Entity List.”
“Consultative Committee of the Convention.”
“Executive Order on Establishing.”
Layton, “China Telecom Rebuke.”
“Protecting National Security Through FCC Programs.” “ZTE Petition for Reconsideration of Security Threat Designation Denied.”
“REPLY COMMENTS OF THE RURAL WIRELESS.”
Hauge and Prieger.
“Starks Remarks to Supply Chain Integrity Workshop.”
“FCC Acts to Protect National Security.”
“The Real Cost to Rip and Replace Chinese.”
Kaiser et al.
Layton, “FCC Right to Reject.”
“Remarks of Commissioner Jessica.”