By Charles Duan
December 4, 2018 at 5:00 am ET
The battle royale between Apple and Qualcomm has an air of spectacle: Two technology giants fighting it out in multiple United States courts, through two federal agencies and across three continents. One may wonder if this is merely the sport of kings, with no real implications other than which company ultimately has to pay out to the other.
Yet in fact, this litigation could have massive impact by shaping the landscape of mobile cybersecurity for years to come.
The dispute centers on baseband processors — the chip in every cellphone that mediates communication between the phone and cell towers. Qualcomm is the dominant vendor and was Apple’s sole supplier of the chips for years. But recently, Apple dramatically switched from Qualcomm to Intel chips. In response, Qualcomm went to a federal trade agency, the International Trade Commission, asking for an importation ban on several Intel-chip-containing iPhone models on the grounds that iPhones infringed Qualcomm’s patents.
An administrative law judge of the ITC refused to recommend that importation ban on the grounds that it would effectively kick Intel out of the baseband processor market (Apple is Intel’s only major client for these chips) and hand Qualcomm a monopoly right as 5G becomes available. He is likely right. Qualcomm already has over 50 percent of the overall market share in baseband processors, and it has a history of monopolistic behavior as documented by competition agencies in the United States, Europe, South Korea and more. Qualcomm claims that it is only seeking compensation based on its patent rights, but the company’s actions — failure to accuse non-Intel iPhones of infringement at the ITC and renunciation of infringement damages in other cases — suggest that the company is not all that interested in remuneration. Dominance in the baseband processor market, particularly the coming 5G market, is almost certainly what Qualcomm is after.
To see how a solid monopoly over 5G baseband processors creates cybersecurity issues, recall another technology monopoly: operating systems in the early 2000s. In a famous series of papers (including one titled “Monopoly Considered Harmful”), security consultant Dan Geer and his co-authors explained that a “monoculture” of Microsoft Windows created a systemic cybersecurity problem rising to the level of a national security risk. With every computer running Windows and thus subject to the same security vulnerabilities, viruses and attacks could spread quickly across networks, what Geer called a “cascade failure,” rapidly taking down businesses, infrastructure and government. As with agricultural monocultureswiped out by a single pest, Geer’s proposed solution was greater diversity: Multiple operating systems, each with different vulnerabilities, would be more resilient to cascade failure.
As mobile devices have overtaken desktop computers, the Microsoft monoculture is being replaced with a Qualcomm monoculture that could have equally bad effects for cybersecurity. Baseband processors are notoriously vulnerable because they run proprietary software and are difficult to study. Researchers who do study them report numerous potential insecurities to be exploited. Consider that the IMSI catcher, the device favored by law enforcement to capture cellphone calls, functions essentially by exploiting a flaw in the baseband processor communication protocols. The ability of governments to conduct mass surveillance because of baseband processor insecurity is a classic example of a cascade failure exploited.
A competitive market between Intel and Qualcomm would be categorically better for cybersecurity, both by avoiding monoculture and also because competition would lead to better products. Qualcomm and Intel would hire security firms to poke holes in each other’s products and would improve their own products to beat out their competitor. And the two companies would likely participate in developing 5G standards; their competing interests would push the standards in better, more secure directions.
Qualcomm’s answer has been, essentially, that it is fine for Qualcomm to dominate 5G development because it is the biggest and the best; “that monopolies,” in the words of the company’s expert witness, “can actually increase innovation.” That proposition is plainly contrary to basic economics, leading the ITC judge to discredit the witness entirely.
But it points to a more systemic problem: Judges and federal officers decide cases like Apple-Qualcomm from an economic and patent-law perspective but not necessarily with an eye to cybersecurity. Decision makers need to be aware of how their rulings could fundamentally affect the security of next-generation mobile infrastructure, and experts need to bring those broader concerns to light in a dispute that could otherwise appear to be merely a royal Game of Phones.
Charles Duan is the director of technology and innovation policy at the R Street Institute, a nonprofit research organization in Washington, D.C.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.