- Huawei, the US ban, and links to Chinese spying explained
- Long standing ties
- Is there any actual evidence of spying?
- Ban vs. better transparency
- So what happens now?
- Is Huawei a security threat? Seven experts weigh in
- Robert Williams, executive director, Paul Tsai China Center, Yale Law School
- Sen. Marco Rubio (R-FL)
- Qing Wang, professor of marketing & innovation, University of Warwick
- Sen. Mark Warner (D-VA)
- Nicholas Weaver, staff researcher at the International Computer Science Institute, University of California, Berkeley
- Francis Dinha, CEO of OpenVPN
- William Snyder, professor of law, Syracuse University
Huawei, the US ban, and links to Chinese spying explained
On May 15, 2019, US President Donald Trump declared a national emergency, signing an executive order banning US companies and government agencies from utilizing telecommunications equipment that pose a risk to national security. While the initial announcement did not mention Huawei by name, members of congress didn't hesitate to reference the massive Chinese company directly.
Soon after Trump's announcement the US Commerce Department added Huawei to what is referred to as the Entity List.
Covering everything from businesses to individuals, placement on the list essentially bans an entity from doing business in the United States.
There is little doubt the initial executive order was primarily geared at restricting Huawei's ability to do business in the United States.
Within days of the government action, the repercussions for Huawei began to hit hard.
Google quickly ended its business dealings with the Chinese company, meaning Huawei would have no early access to the Android ecosystem, ultimately locking its smartphones the Google Play Store and apps Gmail and Maps.
Intel, Broadcom and Qualcomm all reportedly ceased business with Huawei, cutting off the supply of hardware fundamental to several of the company's major products.
These dramatic events were the culmination of years of suspicion surrounding Huawei's ties to the Chinese government. For well over a decade the company has been accused by governments around the world of working with Chinese national spy agencies. But what evidence is there to back up these serious claims, and what are the repercussions of this new US Huawei ban?
Long standing ties
Huawei's deep ties with the Chinese government go all the way back to the company's founding in 1987. Ren Zhengfei, Huawei's founder, has long been deeply connected with the Chinese government, working as an engineer for the People's Liberation Army before moving into commercial electronics in 1983.
Through the 1990s Huawei demonstrated strong ties with the Chinese government, and by 1996 it was labeled a “national champion” following major contracts to construct the country's national telecommunications network.
Alongside this, experts have claimed the growth of the company has been financially supported by Chinese state agencies – an allegation the company has consistently denied.
For years Huawei has been beset by international legal issues.
From accusations of intellectual property theft, to major international sanction violations, the company inarguably has a messy record of operating on the fringes of global law.
Perhaps the most dramatic development was the arrest of Huawei's Chief Financial Officer in late 2018. Meng Wanzhou, daughter of Huawei founder Ren Zhengfei, was arrested in Canada on charges of bank fraud at the request of the US.
Wanzhou is currently entrenched in a Canadian court battle as the United States attempts to extradite her, while her lawyers, and the Chinese government, claim the entire exercise is simply an attempt by Western governments to stifle the success of Huawei's international business dealings.
Unrelated to Wanzhou's legal troubles, and the company's other criminal and civil problems, many countries around the globe are slowly introducing bans on Huawei technology a single allegation … that the company's independence and integrity has been compromised by the Chinese government and its technology is being used to spy on other countries.
Is there any actual evidence of spying?
Over the last decade these spying allegations have consistently hounded Huawei, however, no clear evidence has ever been presented to prove there are backdoors or surveillance spyware installed on any Huawei devices. An expansive 18-month security review from US government agencies was reported to have concluded in 2012 that there was no evidence Huawei was working with the Chinese government to spy on US citizens.
Experts working on the US government review at the time suggested that, while no singular “smoking gun” could be found proving Huawei equipment had been compromised, its systems were “riddled with holes.
” These coding errors and vulnerabilities were found to make some of Huawei's equipment more open to being hacked, however, no one could establish whether these were simple software mistakes or explicit backdoors left open for espionage reasons.
For some, questions over how secure Huawei equipment actually is, are merely questions of potential.
Australia, New Zealand, and Japan have already banned Huawei equipment from forthcoming 5G infrastructure roll-outs, claiming the risks for 5G network gear to be compromised through software updates make security evaluations incredibly difficult.
This idea that the security risk inherent to Huawei's equipment is one possibility rather than actuality is frequently raised by US lawmakers and experts.
“This is not about finding “backdoors” in current Huawei products – that's a fool's errand,” said Democrat senator Mark Warner recently to The Verge.
“Software reviews of existing Huawei products are not sufficient to preclude the possibility of a vendor pushing a malicious update that enables surveillance in the future.
Any supposedly safe Chinese product is one firmware update away from being an insecure Chinese product.”
Ban vs. better transparency
However, not every Western government is jumping on the Huawei prohibition bandwagon. Literally hours after Trump's recent executive order that moved toward a total US Huawei ban, French President Emmanuel Macron revealed his country would not be proceeding with similar actions, despite months of rumors his government was moving in that direction.
“I think launching a trade or tech war vis-a-vis any country is not appropriate,” said Macron. “First, it's not best way to defend national security, second it's not best way to the defend the ecosystem.”
Several European Union reviews are currently underway examining security procedures to accompany 5G infrastructure roll-outs, and despite significant lobbying from US diplomats calling for the EU to institute an outright ban, many union leaders are suggesting the better way forward will be to establish clear safeguards.
Francis Dinha, CEO of OpenVPN, agrees a ban is not the solution, despite Huawei potentially being a security risk. Dinha suggests the way forward is better, more transparent network security, as there will always be potential for core equipment to be compromised.
“Rather than relying on our network to be secure, we ought to seriously consider building an overlay secure virtual network across the 5G infrastructure that could provide end-to-end security, controlled and managed by the 5G network operators,” Dinha explains.
So what happens now?
Although currently there has been no clear evidence showing Huawei equipment contains security “backdoors” allowing Chinese government access, rumors still swirl that evidence may exist. Just over the last month several stories have appeared suggesting the truth is out there.
One story alleged the CIA has proof Huawei received funding from Chinese state security agencies, while another revealed the Dutch intelligence agency AIVD has discovered an elusive Huawei backdoor in a major local telecom firm.
However, both stories are still very much unverified, and so far every significant investigation into Huawei's association with Chinese intelligence has found no explicit evidence to solidify the years of allegations.
It is also difficult to separate this latest major US move from its ongoing trade war with China. Last year Huawei overtook Apple to become the second-largest smartphone manufacturer in the world.
This happened alongside the company revealing it was stepping the general US consumer tech market.
So while a US Huawei ban is not particularly relevant to the company's global market share in smartphones, laptops and telecommunications equipment, it may affect the its ability to produce that tech for its international market.
These problems are compounded by the loss of access to US-built software, specifically that from Google, which is ly to influence the future purchasing decisions of consumers around the globe.
Google's move to suspend business operations with Huawei to comply with the US government ban has sparked confusion amongst owners of existing devices worried they would no longer have access to updates for Android OS, and Google services such as Maps, and the Play store. Both Google and Huawei have sought to allay fears by saying existing devices wouldn't be affected, and yesterday the US Commerce Department awarded Huawei a license allowing it to purchase US goods until August 19, giving mobile device owners time to access software updates and telecom providers time to seek alternatives.
But once that date passes, owners of existing devices face the prospect of not being able to access any future updates, potentially making their devices less secure, while future devices will ly not have access to the above mentioned Google services through dedicated apps.
There are rumors Huawei has long expected this potential scenario, so it has been developing an alternative operating system for its smartphones. But what does this mean for its burgeoning laptop market? Its sleek MateBook has been becoming increasingly impressive over its last few generations, yet this new US ban would essentially disallow Microsoft from supplying Huawei with a Windows OS.
It is unclear how all this will ultimately play out.
More investigations will roll out, trying to uncover the elusive, and possibly non-existent, piece of evidence to finally show whether Huawei is conspiring with the Chinese government.
The EU will decide whether it will block Huawei from the European Union. The repercussions of the US ban will not only harm Huawei but a raft of other American businesses that sell goods to the massive company.
This recent escalation in the conflict by the United States does not bring us closer to ending these tensions, but until there is clear evidence Huawei is a company not to be trusted, all current prohibitions are ultimately potential future scenarios and not publicly available facts.
Is Huawei a security threat? Seven experts weigh in
Update, May 22nd, 2019: Since this article was published, the United States has issued measures effectively blacklisting Huawei.
Under a new executive order, US businesses looking to sell to Huawei will need to obtain government approval for the transactions, dealing a severe blow to the Chinese company.
In light of the order, we are re-publishing the below article from March, which details the broader concerns that led up to that decision.
The United States government is cracking down hard on Huawei.
Lawmakers and intelligence officials have claimed the telecommunications giant could be exploited by the Chinese government for espionage, presenting a potentially grave national security risk, especially as the US builds out its next-generation 5G network.
To meet that threat, officials say, they’ve blocked government use of the company’s equipment, while the Justice Department has also accused Huawei’s chief financial officer of violating sanctions against Iran, and the company itself of stealing trade secrets.
Huawei’s response has been simple: it’s not a security threat. Most importantly, the company’s leaders have said the US has not produced evidence that it works inappropriately with the Chinese government or that it would in the future.
Moreover, they say, there are ways to mitigate risk — ones that have worked successfully in other countries. Huawei’s chairman has even gone so far as to call the US government hypocritical, criticizing China while the National Security Agency spies around the globe.
The company has also denied any criminal wrongdoing.
Huawei’s response has been simple: it’s not a security threat
Earlier this month, Huawei upped the stakes again. In a lawsuit, the company asked a court to find that the US government’s ban on its products is unconstitutional. Huawei’s rotating chairman said that, after failing to convince US lawmakers that its products were secure, they had “no choice” but to make a legal challenge.
Regardless of how the suit shakes out, it will hardly be the last volley in the ongoing battle. Is the US right to target Chinese equipment makers Huawei, or has the company, as it maintains, been unfairly maligned? The Verge convened experts, from prominent China-watchers to Sen. Marco Rubio, to give their views.
Responses have been lightly edited for length and consistency.
Robert Williams, executive director, Paul Tsai China Center, Yale Law School
If one views 5G telecommunications networks as critical infrastructure, then the lack of smoking-gun evidence that a company has previously rigged its hardware at the behest of a foreign government is not dispositive of whether to allow that company’s equipment in 5G networks.
The question is whether the risks of espionage or sabotage are unacceptably high, which depends in part on whether the company can credibly claim to be independent of the foreign government in question.
This may help to explain why Western governments broadly agree that Huawei poses security risks, even as they may differ over how to manage or mitigate those risks.
Sen. Marco Rubio (R-FL)
Huawei is a Chinese state-directed telecom company with a singular goal: undermine foreign competition by stealing trade secrets and intellectual property, and through artificially low prices backed by the Chinese government.
The Communist Chinese government poses the greatest, long-term threat to America’s national and economic security, and the US must be vigilant in preventing Chinese state-directed telecoms companies, Huawei and ZTE, from undermining and endangering America’s 5G networks.
Future, cutting-edge industries driverless vehicles and the Internet of Things will depend on this critical technology, and any action that threatens our 21st-century industries from developing and deploying 5G undoubtedly undermines both our national and economic security.
I am not sure we can trust an audit on Huawei any more than we can trust the Chinese government to hand over intelligence showing they do not steal intellectual property from American companies. No audit can reveal a future order from the Chinese government to turn over data to them.
The US must develop a long-term, whole-of-government strategy to protect against state-sponsored technology theft and risks to critical supply chains.
We must also recognize that the continued threat posed by the Chinese government’s assault on US intellectual property, US businesses, and our government networks and information has the full backing of the Chinese Communist Party.
Qing Wang, professor of marketing & innovation, University of Warwick
Is Huawei a security threat? There is no hard evidence to support this notion, and some of the reasons put forward for this notion are weak. For example, the background of the chairmen of Huawei. Huawei founder Mr.
Ren Zhengfei once served in the People’s Liberation Army. As we know, serving in the army was one way of getting poverty for people in the countryside, which is where Mr. Ren is from.
His time in the army was a short one and he was not in any important position.
“Is Huawei a security threat? There is no hard evidence to support this notion”
In terms of the background of the company, un state-owned enterprises such as China Mobile and China Railway Corporation, Huawei is a private enterprise, Alibaba, Tencent, and Haier, that emerged from the economic reform of China in the 1980s. These enterprises would have never existed, let alone grew, if there was no economic reform and move from planned economy to market economy.
State-owned enterprises operate differently from private enterprises. The CEOs of state-owned enterprises are government officials and are directly appointed by the government; they are the products of the old communist legacy. On the other hand, the CEOs of the private enterprises are either the founders themselves, or their offspring who succeed their family businesses.
These enterprises have developed their technological capabilities and business acumen through market mechanisms both inside and outside China, and adopted the same business practice and competed with their Western counterparts without preferential treatment from the government.
At most, government resources and supports are directed to the state-owned enterprises because they are no longer fit for the new market economy.
For someone me who has studied emerging market enterprises for decades, Huawei is the textbook case of a great company in the making; unfortunately, it has fallen victim to the anti-globalization policy and sentiment of the US and the ongoing trade war with China.
Huawei has been accused of close or even dubious relationships with the Chinese government — hence, a security threat to the Western world. It is true that now that these companies have become competitive in the global market, creating jobs and tax revenue for the government, the government is keen to see that their success can continue.
If anything, it is in the interest of Huawei and the government to see the reputation and technological leadership continue rather than being ruined by scandals such as espionage.
Sen. Mark Warner (D-VA)
There is ample evidence to suggest that no major Chinese company is independent of the Chinese government and Communist Party — and Huawei, which China’s government and military tout as a “national champion,” is no exception.
Allowing Huawei’s inclusion in our 5G infrastructure could seriously jeopardize our national security and put critical supply chains at risk. It could also undermine U.S. competitiveness at a time when China is already attempting to surpass the U.S.
technologically and economically through the use of state-directed and state-supported technology transfers.
This is not about finding “backdoors” in current Huawei products — that’s a fool’s errand. Software reviews of existing Huawei products are not sufficient to preclude the possibility of a vendor pushing a malicious update that enables surveillance in the future. Any supposedly safe Chinese product is one firmware update away from being an insecure Chinese product.
Nicholas Weaver, staff researcher at the International Computer Science Institute, University of California, Berkeley
Sabotage can be really, really subtle. There are entire contests around how you make sabotage almost undetectable, such as the “underhanded C contest.” It is even more so in hardware. For example, you could sabotage the cryptographic random number generator so that if you knew the secret you could predict it, but if not, you can’t.
“Sabotage can be really, really subtle”
This is worse in telecommunications systems, as those systems are specifically designed to be wiretapped, so a little bit of sabotage in the specific wiretap-enabling routines and it would be very, very hard to detect.
Plus, you also have the manufacturing: just because the design is what you “certified” doesn’t mean that the thing you buy is what you certified.
A single microscopic difference: the addition of a small sabotage chip, and now you lose all your assurances.
Francis Dinha, CEO of OpenVPN
The US is right to treat Huawei as a security threat, but I don’t believe any ban on any equipment is the right solution. No matter what equipment we use for 5G, there will be security risks.
With such an exponentially higher amount of data, there will inherently be an exponentially higher risk.
But taking a competitor the market could lead other companies to get complacent, which would mean US innovation and development could be slowed — which presents an even more severe security risk overall.
Rather than relying on our network to be secure, we ought to seriously consider building an overlay secure virtual network across the 5G infrastructure that could provide end-to-end security, controlled and managed by the 5G network operators. We need guidelines to improve network security, and we need to push to make software for this equipment open-source. Open-source means transparency and security, which is exactly what we need as we move to 5G.
Huawei is a risk, certainly — but there are other ways besides a ban to mitigate that risk. No matter who is making our 5G equipment, we need to be proactive about cybersecurity.
William Snyder, professor of law, Syracuse University
Huawei is a threat to US national security, but that misses the bigger point.
Vulnerabilities in the supply chain of network hardware and software is, has been, and will continue to be a threat to the national security of the United States and many other countries, including China.
It remains very difficult to audit that a chip with millions of embedded transistors or software with millions of lines of code does only what consumers know and consent to it doing.
Even if Huawei is not committing the sort of crimes for which a US grand jury indicted it, any company that supplies such a large percentage of the market for components of telecommunications networks and has such ties to the People’s Liberation Army is a threat. Huawei’s need to operate under Chinese laws about cooperation with Chinese military and intelligence agencies is of concern.
“Huawei’s status as a threat is hardly unique”
Huawei’s status as a threat is hardly unique. Not only are other Chinese companies such as ZTE and China Mobile embedded in the supply chain, but so are those of other countries. Huawei itself buys components from major US firms, including Qualcomm. Those companies are subject to US laws concerning cooperation with US intelligence agencies.
Given the essentially free market economy of the United States, rarely, if ever, will a US company be as closely tied to the government as Chinese companies are.
Still, if you are a security policymaker of a nation India — with several times the population of the US — wouldn’t you worry about how many major militaries have back doors into your networks?
As long as conflict occurs at the nation-state level while critical cyber networks are designed and manufactured internationally, we all must be very careful. This is a systemic problem. Currently, Huawei’s size and ties to the PLA make it the focus of concern. In the future, another supply chain threat will take center stage.
“,”author”:”Colin Lecher”,”date_published”:”2019-03-17T14:00:00.000Z”,”lead_image_url”:”https://cdn.vox-cdn.com/thumbor/D4mEviu6V_1wrC9G7eVghbqTw6w=/0x215:3000×1786/fit-in/1200×630/cdn.vox-cdn.com/uploads/chorus_asset/file/15959548/acastro_190305_3265_huawei_congress_0001.jpg”,”dek”:null,”next_page_url”:null,”url”:”https://www.theverge.com/2019/3/17/18264283/huawei-security-threat-experts-china-spying-5g”,”domain”:”www.theverge.com”,”excerpt”:”The Verge convened authorities to hear their opinions”,”word_count”:1955,”direction”:”ltr”,”total_pages”:1,”rendered_pages”:1}