The problems with Huawei
On 1 December 2018 a woman was arrested at Vancouver Airport and charged with bank fraud, wire fraud, and conspiracy to break the US sanctions on Iran. Holding seven passports, Meng Wanzhou was the subject of an extradition order from the United States and is currently under house arrest in Canada. She is also the CFO of Huawei, and daughter of the company’s founder.
The event capitulated China’s major technology company into Western headlines, a position from which it has rarely shifted in the intervening months. This coincides with the UK currently considering if it will allow Huawei to be involved in its national 5G infrastructure. Is the company trustworthy, safety conscious enough; is China trustworthy, who will be the 21st Century’s global power? It may only be internet coverage, but its implications extend beyond how easy it will be to stream Love Island.
This is a story about newspaper leaks, corporate espionage, geopolitical power plays, the mobile phone in your pocket, and how it talks to your fridge.
As the UK’s new prime minister gets acquainted with his new offices, staff and responsibilities there will be a decision to make about a company that has links to the Chinese government, questionable ethics regarding intellectual property, but who are the market leader in an industry tipped to spark a revolution in how we use the internet to work, rest and play. Oh, and a decision needs to be made before we start dusting off our tinsel and sharing jokes about Brussel sprouts.
Unlocking your phone
The first issue with Huawei is the company’s long standing preponderance for creating vulnerable products. Ian Lavery, The chief technician at the UK’s National Cyber Security Centre in London, has called Huawei’s coding “sloppy”. Put simply, security is not a priority for Huawei. You get what you pay for. Huawei skimp a little on security and testing, save a bit of time, save a bit of money and pass those savings on to customers.
There is nothing particularly unusual about this. Every company is looking to find its niche. Primark is not competing for the same customers as Burberry. Apple put all their pips in the ‘make the company cool’ basket, Blackberry went after business customers. You can’t be good at everything; those that try fail.
That is Huawei’s decision. They’ve made their choice and looking at their market position and global profits ($108bn last year) it’s hard to argue they made the wrong one.
For the consumer, that presents you with a decision when buying a phone. Do you want complete security, or to save a few quid? That same decision, on a slightly bigger scale, now faces those who are piecing together the new 5G network. Do you go for security, or do you save a few quid that you can then pass on to consumers lowering the barrier to entry and thus hope to expand a new market and reap the economic benefits along the way?
This is where the analogy ends. For a start, 5G will be a national infrastructure project. There will be no competitors once the system is up and running. There won’t be the option to spend a bit more and get better security further down the line. If you are not happy with the product provided by John Loudon McAdam you need to make that clear before his tarmac is used to surface every road in the country, not after.
The current mood music around the industry is not singing to Huawei’s tune. Big tech is having something of a midlife crisis over data and privacy. Anybody who works in an office will have been confronted with General Data Protection Regulation (GDPR). The fallout from the Cambridge Analytica scandal (which mined people’s Facebook data without their permission), and huge recent fines levied by the Information Commissioner against British Airways and Marriott hotels for not protecting their customers’ data all show this issue is not to be taken lightly.
Back in 2014, when Huawei first arrived in the UK to work on the 4G network the government set up the Huawei Cyber Security Evaluation Centre Oversight Board. Its role is to keep an eye on Huawei and report back every year on what they are up to in the UK. Since its inception, the annual report card has essentially read: ‘Performing well, could do better.’
But in the last couple of years there has been a step change, and in March the report said “further significant technical issues have been identified in Huawei’s engineering processes” and “No material progress has been made by Huawei in the remediation of the issues reported last year.” Ah. No one wants cracks in their windows, but when cracks do appear you want them fixed quickly.
If this was just about putting your photos or credit card details in jeopardy that would be bad enough. But vulnerabilities in systems are at the forefront of a new frontier rolling into view: cyber weapons.
At the US’s National Security Agency (the NSA), homed in an austere looking glass box halfway between Washington, D.C. and Baltimore, they spent a lot of time poking around computer systems looking for vulnerabilities in all sorts of systems. In 2012 they found one such vulnerability in the Microsoft operating system, Windows.
The decision makers at the NSA were then faced with a choice. Tell Microsoft so that the problem can be fixed, or hoard the information so that they could exploit it as and when they needed to. They chose the latter. They horded it for five years under the code name Eternal Blue.
Then, in 2017, an anonymous group called Shadow Brokers announced they had stolen it and then released it for free on the internet. Not much is known about Shadow Brokers, but the actions of this unknown quantity had global consequences. Eternal Blue was used in the WannaCry ransomware attack on the UK’s National Health Service and in the NotPetya attack that crippled Ukraine and caused over $10 billion in damage. The same vulnerability has been used recently to attack the city of Baltimore and take the city’s municipal computers offline.
At the time of the first attack, the NSA notified Microsoft and the company developed and released a patch to fix the vulnerability, but all it takes is for one person not to update their computer and that system remains vulnerable.
This matters as 5G expansion is rolled out enabling the internet of things to kick start what techies are enthusiastically calling the fourth industrial revolution (the first three being steam, oil and gas, and electric).
“This is only a foretaste of what is to come, and only the shadow of what is going to be.” — Alan Turing
It probably doesn’t matter if hackers can access your fridge to find out how much cheese you eat, but if your driverless car (or ambulance), conversation about the next tech unicorn you just invented, or controls to a cities power grid are not on a secure network it that starts to look real important real quick.
Who are Huawei?
These threats, while real, are the price of cheaper technology sources from a benevolent (if sloppy) supplier.
The question on the lips of national security advisors from Washington to Canberra and every capital in between (except Beijing) is: are Huawei a benevolent supplier?
To the company’s founder Ren Zhengfei the answer is, of course, yes. In his words, Huawei is a private company with commercial interests it would do nothing to jeopardise. On the face of it that looks like a compelling argument. In 2018, Huawei announced revenue of $108.5 billion, it is the second largest manufacturer of smartphones globally (after Samsung), and as of 2017, the company has invested $13.8 billion in research and development. A tidy sum they say is reaping rewards now they have stolen a march on their rivals in the 5G battle field. Industry analysts suggesting the company is 18 months ahead of its rivals and between 10–20% cheaper.
The company is not quite as clean cut as its founder, or its palatial Disney-like headquarters would have you believe. The company has a long rap sheet of pilfering corporate secrets from rivals. There was, allegedly, a company reward scheme in place for those Huawei employees light fingered enough to find a new home for other’s commercial property. Infamously, this included T-Mobile’s imaginably titled ‘Tappy’ the robot. The machine would, yes you’ve guessed it, tap on the screen of a new device and track its receptiveness to Tappy’s faux human touch.
After a no doubt polite request to license Tappy from T-Mobile was rejected the robot’s arm mysteriously turned up in the laptop bag of a Huawei employee visiting T-Mobile’s headquarters.
A curious case indeed that the courts decided should cost Huawei $4.8 million. Motorola and Cisco have also sued Huawei for stealing IP.
A US House Intelligence Committee report has labelled Huawei a threat to national security due to it “pattern of disregard” for US intellectual property law. But perhaps the greater concern is a nagging feeling that Huawei isn’t only acting for its own enrichment.
Trojan dragons
According to John Demers, US Assistant Attorney General for National Security, 90 per cent of the economic espionage targeting the US comes from China. By economic espionage he means information stolen by the direction, or for the benefit of a foreign state.
Demers told an audience at the Royal United Services Institute last summer that most of the activity they witness is consistent with Beijing’s Made in China 2025 strategy which names 5G as an important strategic industry.
Could Huawei be helping the Chinese state to steal intellectual property for the greater good of China? Researchers at the Henry Jackson Society certainly think it is possible.
Their web of suspicion beings at the top, with Ren Zhengfei. Huawei’s founder spent 20 years in the People’s Liberation Army as a military technologist. The company also has an established professional relationship with the Chinese Army, and an ownership structure that means it is 99 percent owned and controlled by a trade union committee, which, the Henry Jackson Society claims, are part of the state bureaucracy and paid for by the Chinese treasury. Not to mention the tight control the Chinese state exerts over every aspect of its domestic economy. As a result, the HJS argues Huawei’s claim to be a private company is debatable and that at the very least the company enjoys a special relationship with the Chinese state machinery.
On the face of it, having a company that has a cosy relationship with an autocratic regime at the heart of an industry suffering an existential crisis over data privacy might be enough on its own to cause countries to pause and consider awarding Huawei important contracts.
Then, in June 2017, China passed a new National Intelligence Law that raised red flags across the Western world.
The law grants China’s national intelligence institutions the ability to reach out and ask individuals or organisations for help, and compels those same individuals or organisations to acquiesce to their overtures.
In summary, the Communist Party can ask Huawei to spy for it and Huawei has to agree. At least that is the interpretation doing the rounds in security think tanks from Washington to Whitehall.
Huawei has claimed it has never been asked to spy and would never agree to do so if it were.
Appearing before a UK’s House of Commons select committee in July, John Suffolk, Huawei’s cyber security chief in the UK, said their legal advice was the Huawei was not under any obligation to cooperate with the Chinese state. The assertion was labeled “entirely unbelievable” by MP Julian Lewis.
It’s a characterisation shared by those in powerful places in Washington, D.C.
US Secretary of State, Mike Pompeo is bullish in his appraisal of Huawei. The former director of the CIA has called the company an instrument of the Chinese government. On a visit to the UK earlier this year, Pompeo said if the US could not trust the network used by allies it would have to reevaluate its intelligence sharing protocols.
General Curtis M. Scaparrotti, NATO’s Supreme Allied Commander Europe, warned earlier this year that the US would be reluctant to deploy troops into areas where it was not comfortable about the security of the communications network.
Whether or not this is grandstanding, the threat remains that the US might not abide by NATO Article 5 order (than an attack on one member is an attack on all) because Huawei built some antennae. This is potentially hugely damaging for the collective defence of NATO members, some of whom cannot afford to use Huawei’s competitors.
Whether or not directly related to this, Australia and New Zealand, both members of the Five Eyes Anglosphere intelligence sharing group, have put in place partial or total bands against the use of Huawei in their 5G networks. The US has taken a stance; Canada has not yet made a decision, neither, officially has the UK.
Yet in April this year the Daily Telegraph published a piece saying the UK was poised to allow Huawei to work on some, but not all, of its network. The information came from the National Security Council, and the leak cost the then defence secretary Gavin Williamson his job, despite his denials regarding his culpability.
The long awaited report on supply chains was published this summer without recommendations regarding Huawei. The can got kicked from the old prime minister to the new.
There is no evidence that Huawei has actually spied for China. There are incidences that come pretty close. Two years ago, media reports surfaced of huge data transfer from the African Union headquarters to servers in Shanghai in the middle of the night. Both China and the AU deny any foul play.
All members of the Five Eyes have access to the same intelligence regarding Huawei. That they are coming to different conclusions is maybe not a good look, but is in response to the different calculus each country faces.
Put simply, China is not a strategic threat to the UK. There may be aspects of the regime’s behaviour we do not like, but the rise of China does not precipitate the decline of the UK. The same cannot be said for the US. You don’t need to adhere to Donald Trump’s zero-sum power based understanding of geopolitics to see that there can only be a maximum of one dominant power in the world. Since the Second World War, that has been the US. But now China threatens to depose it at least from its top spot on the economic tree, a process that could be accelerated if Chinese companies become the dominant players in the next industrial revolution.
This changes the calculus for the US when it comes to Huawei and its role in 5G
5 dimensional digital chess
This leads into the murkier, less tangible realm of strategic geopolitics. This summer saw the anniversary of Neil Armstrong’s giant leap for mankind, off the steps of the Apollo 11 lander and onto the surface of the moon. It was the culmination of the space race; a 14 year battle for prestige between the globe’s two great powers to one up each other and be the first nation (and politico-economic system) into space, and then to land a man on the moon. It cost millions of pounds and claimed the lives of 14 astronauts and cosmonauts.
The space race gave us some tangible benefits, Velcro for one, and unprecedented acts of human achievement. The motivation? To be top dog. To have the cache and prestige and to be able to exert that influence.
Since the collapse of the Soviet Union, the US has grown accustomed to not having to compete for influence. Influence that can be used to shape global norms and rules in ways that are beneficial to you, sometimes overtly, sometimes subtly. For example, loans from the IMF and World Bank (to which the US is the biggest single lender) require domestic reforms that US companies are better positioned to exploit and profit from than local business.
The US likes to speak about itself as a citadel on the hill, a shining example of the transformative power of government of the people, by the people, for the people. As a superpower it has spread democracy, often by military or economic force. Democracies are generally a good thing, but they also benefit the US by often being accompanied by free markets, which with over a century of mass produced capitalism behind them, US companies are primed to exploit. The US national myth is a seductive one and creates deference to it, especially amongst new democracies around the world. This, in turn, helps the US’s soft power and influence.
The UK pushed itself to the top of the tree by harnessing the industrial revolution, the US primed its pump first with manufacturing and then with financial services. China has its eye on 5G.
China wants 5G to do for it what the industrial revolution and mass manufacturing did for the UK and US; put it at the forefront of the next economic transformation and reap the tangible and intangible benefits.
The US would prefer China did not do this. Preventing a company the US government is convinced is an arm of the Chinese state from becoming the dominant player is a potential revolutionary technology is one way to move towards this goal.
This has already led to talk of a digital iron curtain. Of a world split with two different networks and systems pushing 5G around the world. Integration and compatibility problems are certainly a problem, but there is another, final, issue at stake when a country considers Huawei. One of values.
Uncle Sam, Big Brother and Winnie the Pooh
Underpinning all of this is a sort of existential dread regarding China. Here, for the first time in nearly 200 years is global power we have to trade with that is not white, liberal, and Western. (Russia was blockaded out, but China owns more US debt than any other country).
Huawei has been involved in some of the worst aspects of Chinese state behaviour, supplying the technology that aides mass surveillance and has been implicated in identifying people who have ended up in “reeducation” centres in Xinjiang.
With this come values that we don’t agree with and a realisation that despite our sugar coated words about the positive influence of our dominance we expect the taste of our own medicine to be extremely bitter.
This is a case that is being made more and more by the US in its lobbying efforts. Speaking at RUSI earlier this year, US Deputy Assistant Secretary for Cyber, Robert Strayer said: “This is not just about security, but about the type of Internet we want to see.”
“I’ve heard talk of creating two separate systems. But this concedes the point of moral equivalence. We think the internet should be free and open and we shouldn’t abandon people to another system because they live in another country,” said Strayer.
Even if you set aside the espionage, the vulnerabilities, geopolitics, and strategic competition the simple question of which provider you use for your 5G infrastructure still contains fundamental questions of political theory, of liberalism and authoritarianism. Heavy.
Too close for comfort
This is a fiendishly difficult dilemma, one where it is easy to conflate the various issues involved, but where the sheer number of issues leads many observers to opt for the precautionary principle.
Henry Kissinger once said that decisions made by the president are rarely more clear cut than 51–49. If the decision was clearer it wouldn’t have made it to the president’s desk.
The use of Huawei is one of those 51–49 decisions. If the leaks to the Daily Telegraph are to be believed Theresa May gave the 51 to Huawei. In public at least, Johnson has been circumspect. Speaking positively about both the potential of Chinese foreign investment, and the need to defend the UK’s intelligence sharing.
Throw this into the Brexit mess and sooner or later the UK will be knocking at the door of the two global superpowers enquiring about trade deals having just ignored one or other of them on a matter of fundamental importance for the future of the economy.
The decision is yours, Mr. Johnson. Do you want to phone a friend? Which friend might that be?
