> Banning corporations from doing that in their own commercial networks is another thing
I'd argue that it depends.
Many of the corporations that would run this type of equipment end up transmitting, storing, or using sensitive and/or secret information (ranging from corporate trade secrets/IP to classified information), or could be open to abuse in other meaningful ways (cell towers recording private phone calls from important people, etc). There's no real limit to the potential abuse.
We only have to look at what the US Govt has done already, and that's with a legal system designed to prevent such a thing, as well as needing voluntary cooperation from independent private companies. Change all that to largely nationalized companies and a legal system which doesn't care... and you can see where it can go.
Ideally the network equipment would never see anything but encrypted traffic. There is no reason why a cell tower should be able to get access to the voice data of a call.
Now of course we all know that the crypto at least in GSM was horribly weak and optional, because that is the way the US and France liked it, whereas countries such as Germany wanted strong crypto, fearing surveillance by then-enemy Russia next door.
EDIT: Anyone know how that is going to be in 5G? I would be surprised if we get decent end to end encryption, but did they at least limit the number of network elements that can access the voice data?
If US government wanted us secure, they'd let us buy Type 1- and TEMPEST-certified gear that is strong enough to stop their pentests with minimal side channels, too. That's Defense-only. The stuff they recommend for rest of us are built on things like Linux which consistently has vulnerabilities, some of which they and foreign hackers use.
I'd consider blocking foreign products that might be insecure if they'd:
(a) Let me buy their secure products for same use cases. The WAN encryptors and Inline, Media Encryptors w/ trusted paths come to mind.
(b) Start recommending, sponsering, and evaluating more high-security systems like they did under TCSEC. Especially covering the costs of the platform with open, permissively-licensed code so others have fewer excuses not to build on it.
I'd argue that it depends.
Many of the corporations that would run this type of equipment end up transmitting, storing, or using sensitive and/or secret information (ranging from corporate trade secrets/IP to classified information), or could be open to abuse in other meaningful ways (cell towers recording private phone calls from important people, etc). There's no real limit to the potential abuse.
We only have to look at what the US Govt has done already, and that's with a legal system designed to prevent such a thing, as well as needing voluntary cooperation from independent private companies. Change all that to largely nationalized companies and a legal system which doesn't care... and you can see where it can go.