Today, commercial satellite services are going mainstream, driven by technological progress and a global unconnected consumer base hungry for high-speed broadband — often in rural or developing regions.
This means that rather than remaining niche players with limited regulatory concerns, commercial satellite networks are now — or soon will be — transmitting and receiving data from millions of people and devices around the world. The net result is that satellite network operators will soon be saddled with the same regulatory responsibilities as terrestrial network players. These responsibilities include protecting users’ privacy, ensuring cybersecurity, and striking the right balance between encrypting user data and complying with lawful intercept rules.
In other words, satellite companies are crashing straight into “techlash.”
On one hand, this is uncharted territory for the satellite industry. To survive regulatory risk, operators must quickly map a way forward to evade unwanted attention from regulators, avoid potentially costly penalties, and ensure that individual, enterprise and government consumers continue to trust satellite services.
On the other hand, it should not be surprising that satellite companies are now facing many of the same regulatory responsibilities as Silicon Valley tech companies. After all, the aerospace industry played a key role in the birth of Big Tech. Semiconductor companies like Fairchild built some of the earliest silicon chips used in Apollo mission guidance computers.
In the face of techlash-related regulatory challenges, it’s vital that satellite companies remind policymakers that the industry has been a key enabler and beneficiary of innovation since its birth. However, that alone will not be enough to head off the knee-jerk impulses of policymakers and regulators. Satellite companies should also consider taking deliberate, strategic actions to prevent data regulations from severely impacting their business operations.
For example, the commercial satellite industry should initiate a campaign to generate a risk-based voluntary cybersecurity framework for satellites that is endorsed by both the satellite industry and key policy stakeholders. Multi-stakeholder efforts for industry cybersecurity standards have borne fruit across a variety of industry segments, but cybersecurity standards are lacking.
Second, satellite operators need to start doing the hard work to map their regulatory obligations by country based on their data collection and transmission practices, as well as gateway and data center locations. New regulations governing privacy, data protection and cross-border data transfers are cropping up across the globe. Europe’s General Data Protection Regulation is perhaps the best known, and it applies to companies, including satellites, that process personal data of EU individuals, even if the company is not located in the EU. In other cases — like if an operator were to transmit data via a gateway in China and function as a “critical information infrastructure operator” under the regulatory framework — the operator may be required to store the data within China or the country where the gateway is located.
Third, satellite companies should expand participation in multilateral organizations – specifically, the upcoming International Telecommunication Union’s World Telecommunication Standardization Assembly in November 2020. The event, which occurs every four years, produces international standards that shape how national regimes govern the use of information and communications technology. This year’s meeting will be an opportunity for satellite companies to shape international standards around security, privacy, and trust for the Internet of Things, as well as cybersecurity more broadly, with major downstream effects on national policies across the globe.
The mainstreaming of the commercial satellite industry is one of the great technological success stories of the past half-century. However, with great success comes great regulatory responsibility, and this is true now more than ever for the industry. Unfortunately for operators, the public and regulators around the world have lost trust in technology companies’ ability to safeguard data, putting a target on the back of every company that handles sensitive data. To ensure that individual, enterprise and government consumers continue to trust satellite services, satellite companies must adopt a fresh perspective on their regulatory exposure, understand the risk landscape and proactively head off policymakers’ worst impulses.
Richard Upchurch is a policy manager at Access Partnership, a leading global technology policy consultancy. He conducts research on policy developments relevant to satellite operations, and supports satellite interests at multilateral fora. He is an alumnus of U.S. Embassy Beijing and a graduate of the Johns Hopkins School of Advanced International Studies.