High-Speed Networks, High-Stakes Risks
United States warns against using Chinese telecom giant Huawei as a vendor
Despite its status as the world’s largest seller of communications equipment and the second-largest smartphone maker, China’s Huawei Technologies Co. finds some of its markets closing due to concerns that it could be an instrument of espionage.
As nations dive into the next wave of mobile technology by building 5G wireless networks, Huawei is now banned from providing the equipment in Australia and the United States. Other countries are also closely watching as leaders, including the secretary-general of NATO, warn of the dangers posed by Huawei’s close ties to the Chinese Communist Party (CCP).
U.S. Vice President Mike Pence urged all U.S. allies to turn their backs on the telecommunications giant, saying the company posed a severe security threat.
“Chinese law requires them to provide Beijing’s vast security apparatus with access to any data that touches their networks or equipment,” Pence said during a February 2019 speech at the annual Munich Security Conference, according to the business journal Nikkei Asian Review. “We must protect our critical telecom infrastructure, and the United States is calling on all our security partners to be vigilant and to reject any enterprise that would compromise the integrity of our communications technology or national security systems.”
The U.S. House Permanent Select Committee on Intelligence concluded as far back as 2012 that equipment made by Huawei and ZTE Corp, a telecommunications rival in China, could undermine U.S. security interests. Adding to the concern is the sheer enormity of Huawei. The company passed Sweden’s LM Ericsson in 2017 to become the No. 1 global seller of wireless network gear. Its smartphone brand passed Apple in mid-2018 as the world’s No. 2 seller behind Samsung Electronics, according to a report by The Associated Press (AP). The 5G projects Huawei wants to build would vastly expand the reach of networks to support such things as self-driving cars, factory equipment and internet-linked medical devices.
Despite Huawei’s insistence that it is not involved in spying, politicians, academics and intelligence officials offer a range of reasons for why more vigilance is needed before Huawei and other Chinese companies can be allowed to participate in the buildout of critical information systems.
Chinese Law Mandates Cooperation
In his Munich speech, Pence pointed to laws enacted by the People’s Republic of China (PRC) that burden companies with helping the government gather information. The PRC’s National Security Law enacted in 2015 states that citizens and businesses have the “responsibility and obligation to maintain national security.” Perhaps even more significant is the 2017 National Intelligence Law that requires Chinese companies to “support, assist and cooperate with” the government’s intelligence-gathering agencies.
In an analysis for the Lawfare Institute, a Washington, D.C.-based organization dedicated to exposing legal abuses and protecting human rights, Dr. Murray Scot Tanner argued that the 2017 law was a “uniquely troubling milestone in Beijing’s [then-] 4-year-old campaign to toughen its security legislation.” Tanner, who has published books on Chinese law and the country’s internal security apparatus, previously worked as an analyst for the U.S. government. The 2017 intelligence law, he wrote, is intended to be used as an offensive weapon instead of a protective security measure.
“Of special concern are signs that the intelligence law’s drafters are trying to shift the balance of these legal obligations from intelligence ‘defense’ to ‘offense’ — that is, by creating affirmative legal responsibilities for Chinese and, in some cases, foreign citizens, companies or organizations operating in China to provide access, cooperation or support for Beijing’s intelligence-gathering activities,” he wrote.
PRC law permits authorities to detain or criminally punish people who obstruct intelligence gathering, but it doesn’t distinguish obstruction from merely failing to cooperate. Tom Uren, Australian Strategic Policy Institute’s international cyber policy expert, said the risk of Chinese companies cooperating with intelligence-gathering efforts is high. “There’s risk of Huawei being used to enable either espionage or sabotage,” he told the Daily Mail Australia newspaper. “The Chinese Communist Party has great control over enterprises. They prioritize their own security over anything else.”
A Revealing Pattern
While Huawei insists that no evidence exists to prove it spies on foreign companies or governments, examples to the contrary abound. U.S.-based technology firm Cisco, for example, accused Huawei in a 2003 lawsuit of stealing its source code, the commands used to run software. Both sides eventually settled the lawsuit.
A U.S. jury in 2017 found Huawei guilty of stealing intellectual property from telecommunications company T-Mobile. In a 2019 indictment, the U.S. Justice Department said Huawei repeatedly tried to steal design information for a T-Mobile robot.
Allegations, besides trade secret theft, follow the company. The U.S. in January 2019 unsealed an indictment against Huawei Chief Financial Officer Meng Wanzhou, daughter of company founder Ren Zhengfei. The indictment alleges that Huawei defrauded U.S. banks to do business with Iran in violation of U.S. sanctions. Canadian authorities detained Meng in December 2018, and the U.S. is seeking her extradition. The indictment said Meng in 2013 repeatedly lied to a bank executive about her company’s relationship with an Iran-based firm called Skycom.
Private or State-owned?
Despite concerns raised by Australia, the U.S. and other countries that Huawei is possibly controlled by the CCP, company executives remain adamant that they would not turn over information to their government.
“There is no obligation on Huawei’s part to cooperate with the government in the way in which the Americans are indicating,” Tim Watkins, Huawei’s vice president for Western Europe, told BBC radio.
Scholars who have studied Huawei’s ownership claims cast doubt on those assertions.
“Huawei calls itself employee-owned, but this claim is questionable, and the corporate structure described on its website is misleading,” wrote Christopher Balding and David Weaver, authors of an April 2017 report titled, “Who Owns Huawei?” Balding, an associate professor of economics at Fulbright University Vietnam, and Weaver, a research professor at George Washington University Law School, said a holding company owns 100% of Huawei, and founder Ren owns 1% of the holding company. The other 99% is owned by an entity called a “trade union committee” for the holding company.
In the PRC, trade union members have no rights to assets held by a trade union. What Huawei has referred to as “employee shares” in the company are “in fact at most contractual interests in a profit-sharing scheme,” the authors wrote.
“Given the public nature of trade unions in China, if the ownership stake of the trade union committee is genuine, and if the trade union and its committee function as trade unions generally function in China, then Huawei may be deemed effectively state-owned,” the report stated.
Ren’s military history and ties to the CCP also have raised suspicion. India, for example, while not issuing a ban on Huawei, is considering a plan to keep the company out of its 5G buildout in sensitive border areas where India has territorial disputes. Media reports cite the billionaire Ren’s party ties as one reason. After growing up poor in the southwestern province of Guizhou, Ren eventually studied at the Chongqing Institute of Civil Engineering and Architecture and later joined the military in the 1970s, according to a report in The Guardian newspaper. He joined the CCP in 1978 and was invited to attend its 12th national congress in 1982.
The Larger Threat
The roiling debate about whether Huawei is allowed to build 5G networks often centers on two potential risks: A company that is closely linked to the PRC government would have a window into critical national telecommunications systems, so it theoretically could provide Beijing a “kill switch” to shut down vital mobile networks during a crisis or confrontation, according to various media accounts.
Another concern is the company’s potential access to secret government or proprietary information. In March 2019, Microsoft revealed that Huawei equipped some of its laptops with a so-called backdoor flaw that could allow unauthorized access to information on the computers. Microsoft said it informed Huawei of the flaw, and Huawei released a patch on January 9, 2019. Microsoft engineers traced the suspect code to a device-management software called PC Manager, which is preinstalled onto Huawei’s Matebooks. The software originally included a driver that would allow unprivileged users to upgrade their access levels.
Professor Alan Woodward, a computer security expert at Surrey University in the United Kingdom, told BBC News that the backdoor on the laptops was introduced at the manufacturing stage, but no one knows how it got there. He said he didn’t see any evidence it was introduced intentionally by the government or the company, but the question remains: “How did the software engineering processes allow this on?” he asked. “This is not going to help their [Huawei’s] case or reduce people’s concerns.”
Huawei, however, is merely a small part of the overall threat when it comes to information security concerns about the PRC. In a June 2018 report titled “How China’s Economic Aggression Threatens the Technologies and Intellectual Property of the United States and the World,” the White House Office of Trade and Manufacturing Policy said the PRC wants to capture emerging high-tech industries that will drive future economic growth. To do this, the government engages in state-sponsored internet protocol theft, cyber espionage, evasion of export control laws, counterfeiting and piracy, the report said.
While cyber espionage is the most common tactic used by the PRC, technological advances are sometimes physically stolen. In September 2016, a U.S. federal judge sentenced a Chinese woman to nearly two years in prison for illegally shipping parts for submersible vehicles to a Chinese university, including some that she tucked in her suitcase, the Orlando Sentinel newspaper reported. Prosecutors accused Amin Yu, who was 55 at the time of her sentencing and a former employee at the University of Central Florida, of failing to disclose that she worked on behalf of the PRC government and of lying about what she was shipping to China. She pleaded guilty to exporting goods to a foreign country without registering as a foreign agent and conspiring to commit international money laundering. U.S. District Judge Roy B. Dalton Jr. sentenced her to 21 months.
Military targets are often in the crosshairs of Chinese hackers. In July 2018, a U.S. federal judge sentenced Chinese businessman Su Bin to nearly four years in prison after he pleaded guilty to conspiring to hack the networks of the Boeing Co. and other U.S. military contractors. He traveled to the U.S. at least 10 times from 2008 to 2014 to steal data with two unidentified co-conspirators based in China. The three stood accused of stealing plans for the C-17 military transport plane as well as the F-22 and F-35 stealth fighters.
Even while the eyes of the world were trained on Huawei as the company expanded its business, it fought another public relations battle when one of its employees was charged with espionage in Poland.
In January 2019, Polish authorities arrested two people, including a Chinese employee of Huawei, and charged them with spying for Beijing, according to a report in The New York Times newspaper. Polish television said the Huawei employee graduated from Beijing Foreign Studies University with a degree in Polish studies and once worked at the Chinese Consulate in Gdansk, Poland.
Huawei responded by promptly firing him. The company said it “decided to terminate the employment of Mr. Wang Weijing, who was arrested on suspicion of breaking Polish law,” according to an AP report. Polish authorities said they arrested Wang, a former Chinese diplomat, along with a Polish cyber security expert who had held several top government cyber security jobs.
Huawei maintained that Wang’s actions “have no relation to the company” and that he was fired because “the incident in question has brought Huawei into disrepute.” Those protestations did little, however, to diminish the concerns of those who see the company as a national security risk.
NATO Secretary-General Jens Stoltenberg in May 2019 warned U.K. leaders about the risks of using a Chinese company to build out 5G networks. He acknowledged that all NATO members have the right to make their own choices.
“Having said that, of course, what matters for NATO is that these decisions are made in a way that makes sure that they have secure networks,” Stoltenberg said, according to an Agence France-Presse report.