The $20 billion proposed merger between U.S. cellular carrier Sprint/Nextel and Japan’s SoftBank seems like a good match. Sprint would partner with one of the most dynamic cellular companies in the world, whose latest claim to fame is the Advanced Extended Global Platform (AXGP), the fastest mobile broadband network serving Tokyo and other Japanese cities. But Sprint has another suitor, the TV satellite provider DiSH Network. DiSH would actually offer Sprint shareholders more money than SoftBank, and offer significant synergies that benefit consumers.

Yet there is more to this than innovative platforms, synergies and returns for shareholders. There is the potential for a SoftBank-acquired Sprint cellular network to serve as a convenient transmission path for malware and spyware, courtesy of SoftBank’s Chinese business partners or their government.

If you think that’s overblown, consider this. Last Fall, the House Permanent Select Committee on Intelligence (HPSCI) publicly released a bipartisan report on China’s aggressive cyber-spying efforts. In addition to state-run organizations, the HPSCI report pointed an accusatory finger directly at two of China’s major cellular equipment manufacturers, Huawei and ZTE, saying that both companies served as fronts for China’s cyber-espionage operations.  It just so happens that SoftBank has significant business relationships with both companies. Just a click on the SoftBank website shows several Huawei and ZTE handsets SoftBank customers can buy, but their relationship with SoftBank goes far beyond that. Huawei built AXGP, that ultra-fast mobile broadband network SoftBank uses to handle its Tokyo traffic.

You might think that any security risk posed by a merger between SoftBank and Sprint could be mitigated by moving a lot of sensitive data to landlines. Think again. We are now moving into the Mobile Cyber Age. The proliferation of smartphones and tablets means that more of these mobile devices will be used instead of desktops and laptops. It also means that more sensitive data will be moved on to cellular and mobile broadband networks. In one fell swoop, any attempt to protect the nation’s critical infrastructure from cyberattacks could be circumvented if these mobile networks aren’t secured first.

As Japan’s third-largest cellular carrier, SoftBank’s networks already carry sensitive Japanese government and commercial traffic. In the US, Sprint has contracts or blanket purchase agreements with the DOD, FBI, DEA and ATF. The company has worked with the U.S. Military for over 20 years and is active on more than 150 bases around the world. A combined SoftBank / Sprint would have unprecedented access to the US communications infrastructure, in addition to its already extensive access to the networks of key US ally Japan. In short, such access to the US and Japanese cyber networks is a Chinese spymaster’s dream – especially if you take note of recent rising tensions between these nations. 

While SoftBank has explicitly stated it would not use Huawei equipment on the Sprint network, the facts are that Huawei equipment already exists on subsidiary networks. There’s no question this merger requires a lot more scrutiny before it can become reality. 

Leighton is a retired US Air Force colonel and the founder and president of Cedric Leighton Associates, a strategic risk consultancy.