UK Suggests US Worries About Huawei Spying Are Being Overblown
from the protectionism-by-another-name dept
So, while there's really no denying that Chinese smartphone and network gearmaker Huawei engages in some clearly sketchy behavior, it's not anything that can't be matched by our own, home-grown sketchy telecom companies. And while the Trump administration has been engaged in a widespread effort to blackball Huawei gear from the American market based on allegations of spying on Americans, nobody's been able to provide a shred of public evidence that this actually occurs. At the same time, we tend to ignore the fact that the United States broke into Huawei to steal code and implant backdoors as early as 2007.
In short, this subject is more complicated that the blindly-nationalistic U.S. press coverage tends to indicate, and a not-insubstantial portion of this hand-wringing is driven by good old-fashioned protectionism.
Throughout this whole thing, Huawei executives have been right to note that in the decade-plus of these allegations and hand-wringing, you'd think some security researcher would have been able to prove that Huawei gear is spying on Americans wholesale. And last week, as news emerged that the Trump administration was finally considering a full domestic ban on using Huawei gear, our closest surveillance allies in the UK made it clear that the Huawei threat is likely being overstated by the United States:
The United Kingdom could undermine an American-led campaign to keep Chinese tech company Huawei out of super-fast 5G mobile networks around the world. The National Cyber Security Centre, part of the UK intelligence service, has concluded that there are ways to limit the risks of using Huawei to build next-generation wireless networks, according to a report by the Financial Times.
The report reiterated past concerns that while some Huwei gear may pose a security threat, it's likely because the products can sometimes be shitty, but not because they're being intentionally backdoored by the Chinese government:
If anybody knows just how Huawei works and the threat it might pose to the UK's security, it is the National Cyber Security Centre.
This arm of GCHQ has been in charge of an annual examination of the Chinese telecoms giant's equipment, and expressed concerns in its most recent report - not about secret backdoors, but sloppy cyber-security practices.
That's of course pretty common with most hardware coming out of China (especially in the internet of things space), which sort of makes the point that the Chinese don't need backdoors in Huawei gear to spy on Americans, since we're willfully putting a wide variety of shitty, half-baked IOT gear on our networks, providing industrious hackers and intelligence agencies an entire universe of attack vectors into millions of U.S. homes and businesses. Still, the solution for this is to only install gear you know to be secure, not by banning an entire company from doing business (something we aren't all that keen on when it happens to us).
If you've paid attention, U.S. gearmakers have been ginning up Huawei security fears for years, simply because they don't want to have to compete with cheaper gear. The Trump administration appears pretty happy to play along, dressing up simple protectionism as national security. And because the U.S. tech press often can't see past its own patriotism, it's coming along for the ride. Again, none of this is to say that Huawei doesn't engage in sketchy shit, just that if we're going to blackball a company for spying--providing some actual evidence of said spying is a pretty important first step.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: china, spying, telco equipment, uk, us
Companies: huawei
Reader Comments
Subscribe: RSS
View by: Time | Thread
So far the only country known to have used Huawei kit for spying is the USA, and they want the world to use their kit?
[ link to this | view in chronology ]
It's pretty common with most hardware (especially IoT), period. This makes it sound like the security of Chinese hardware is particularly bad, but AFAIK this is the one area where they're not much worse than others... Possibly it's simply because the bar is so low you literally can't noticeably lower it, but still.
[ link to this | view in chronology ]
Re:
Right, but China is particularly associated with cheap electronics, so there's a pretty strong association between Chinese manufacture and cheap hardware running shoddily-configured software.
Obviously that's not true across the board; many high-end electronics are also manufactured in China.
[ link to this | view in chronology ]
Defaults
Given that most people never change the default password on their internet crap, who needs a backdoor in the first place? Between people not changing the password, and people who choose crappy passwords, backdoors seem kinda redundant.
[ link to this | view in chronology ]
of course they are but it's the sort of grand standing that Trump and his associates love! and lets face it, which company is going to be used if Huawei is kicked into touch, especially after the way that the USA has performed against Meng Wanzhou, encouraging her arrest and trying to get her extradited to the USA. what a fucking cheek! i'm convinced that Trump wont be happy until he's either started WWIII or launched a nuclear strike against China, implementing the end of the Planet! what a plum!!
[ link to this | view in chronology ]
huawei is a risk but not to "government" spying
Huawei is a risk to competitiveness. They've done shady shit as in explicit corporate espionage with both apple and t-mobile but that's not the type of spying people might be thinking of.
Example: https://www.zdnet.com/article/huawei-regularly-tried-to-steal-apple-trade-secrets/ https://psmag.com /news/the-us-charges-chinese-telecom-company-huawei-with-stealing-trade-secrets https://www.theguard ian.com/technology/2019/jan/28/huawei-china-telecoms-charged-us-trade-secrets-fraud
[ link to this | view in chronology ]
Re: huawei is a risk but not to "government" spying
So they're like every other Chinese company!!!
[ link to this | view in chronology ]
Re: huawei is a risk but not to "government" spying
Right, but that's a separate issue.
It's fair to criticize Huawei for dodgy corporate tactics, but that's not the same thing as accusing them of deliberately bundling malware into their phones.
[ link to this | view in chronology ]
Overblown?
Note the NCSC didn't say that Huawei equipment was trustworthy but "there are ways to limit the risks of using Huawei to build next-generation wireless networks".
The concerns aren't that people's home cameras will start spying on them but that Huawei equipment will be used in critical parts of critical networks.
There's no public evidence perhaps because those who know how it might be done don't want to share any secrets. However, Huawei have close ties to the Chinese state who are no friends of anyone but themselves and all their silicon and software is Chinese. It's not hard to imagine some hidden functions which can be enabled on receipt of a certain signal, indeed the NSA did just that with their firmware upgrades.
[ link to this | view in chronology ]
Security theatre
The problem is not "fake news" it is evidence free assertion.
When those assertions come from powerful organisations that have lied repeatedly in the past and are largely operate in secret (looking at you CIA + NSA) I tend to translate their claims. Here's the obvious:
"Huawei equipment poses security risks" (a.k.a they'll spy on you) translates as "We cant hack the Huawei gear, so we can spy on you".
[ link to this | view in chronology ]