Rick Klepper: 678.588.1622 | Doug Wilson: 205.903.3272 | Kerry Gossett: 205.281.5681 | Doug Hughes: 205.527.0876 staff@counterthreatgrp.com

A year ago, I wrote about how skepticism toward the China-based tech giant Huawei is legitimate, and should stay at the forefront of national security considerations. Since then, it seems the world’s largest telecommunications equipment manufacturer cannot seem to stay out of the headlines, and as benign as Huawei may wish to seem, the attention the company attracts is all too often negative. But when a tech-giant advocates for internet censorship, ignores security concerns, bolsters repressive regimes, and violates trade sanctions, it is bound to attract some unfavorable news coverage. Despite widespread criticism of the company’s practices, the debate surrounding Huawei’s trustworthiness continues, as nations across the globe weigh the benefits of a cheaper 5G network with major security concerns. Yet Huawei’s tarnished reputation should be a glaring sign that the Chinese Communist Party (CCP) puppet cannot be trusted to build 5G networks and connect to any nation’s critical infrastructure. Ultimately, free and democratic nations must never compromise on freedom of information and protecting vital communications networks.

Much has come to light in the last year that further strengthens the case against Huawei playing a key part in building 5G networks across the globe. For instance, in January, British Prime Minister Boris Johnson announced that Huawei would be building part of the U.K.’s 5G network. However, in March, Britain’s parliamentary defense committee announced an investigation into the security of the country’s 5G network, specifically citing national security concerns surrounding Huawei. This announcement could be in part due to the fact that the U.K.’s Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board has repeatedly identified “significant software engineering and cyber security problems” of which Huawei had not remedied as of 2019 when the Board’s last report was completed. These significant security problems include vulnerabilities that could allow network attackers to “affect the operation of the network, in some cases causing it to cease operating correctly”. It is no wonder the U.K. government is taking extra precautions towards Huawei and its less-than-stellar security record.

Huawei appeared in headlines again in March for introducing the “new IP” at the UN’s International Telecommunication Union (ITU). Huawei, in collaboration with China’s Ministry of Industry and Information Technology (MIIT), China Unicom, and China Telecom, argued that the current IP suite used in the internet is “unstable” and “vastly insufficient” to keep up with advancing technological requirements. The group cited holograms and self-driving cars as examples of technology that will require more advanced network capabilities. The group claims this “new IP” will be able to support high bandwidth requirements and even strengthen network security. However, many critics argue that the top down design of the “new IP” means it would put power over the internet in the hands of service providers, which in China’s case, are state-run. Although relatively little information about the “new IP” has been made public at this stage, it sounds like yet another initiative Huawei is spearheading to put the flow of information in the hands of repressive regimes.

Huawei has not just been in the news for what it has done in the last year. It has also been in the news for things that have just recently come to light but the company has been doing for many years. Such new revelations include Huawei’s use of “back doors” on mobile devices. “Back doors” are used by law enforcement to access mobile devices after following proper legal protocols such as obtaining a warrant. Telecommunications equipment manufacturers, such as Huawei, are not supposed to have access to these “back doors” without consent from the network operator. However, the US government has gathered classified evidence proving that Huawei has had this capability for over a decade. This capability effectively allows Huawei to access private information without consent from users or local governments. Unfortunately, this is not the only issue that has led many to question the company’s respect for privacy.

Further evidence of the company’s disregard for privacy came to light recently when it was discovered that Huawei employees have helped repressive governments in two African countries spy on political dissidents. In Uganda, Huawei technicians helped government officials track down Bobi Wine, an outspoken political opponent of President Yoweri Museveni. The technicians used spyware to access Wine’s WhatsApp chat group and discovered “plans to organize street rallies”. Local authorities then arrested the politician “and dozens of his supporters,” according to WSJ reporting. In Zambia, Huawei technicians helped government officials gain access to phones and social media profiles belonging to a group of opposition bloggers who had spoken out against the Zambian President. As was the case with Huawei’s contribution in Uganda, the technicians’ assistance in the operation in Zambia also led to the arrest of the bloggers. Needless to say, privacy is not Huawei’s top priority.

The controversy surrounding Huawei’s role in the international community does not stop in Africa. Recently released internal documents from Huawei revealed that the company violated U.S. trade sanctions by supplying Iran with American-made computer equipment and software. This further bolsters the larger case the U.S. has made against Huawei, including an indictment, alleging that the company has run a fraudulent operation to move money and equipment in and out of Iran. The sanctions are designed to curb the Iranian government’s support for terrorism across the Middle East, proliferation of weapons of mass destruction, and glaring human rights abuses carried out against its own people, just to name a few things the repressive regime has done to destabilize the surrounding region and harm the Iranian people. But based on Huawei’s actions, it would seem they are not concerned about doing business with such a destructive government.

So, what does all this new information about Huawei mean for the U.S. and its allies? For starters, traditional alliances are being threatened by concerns surrounding Huawei’s ties to the Chinese government and the company’s clear disregard for privacy and freedom of information. The U.K. deciding to allow Huawei to build part of its 5G network is placing a great deal of strain on its relationship with the U.S., which is by far one of the most significant alliances in the western world. The U.S. government has gone so far as to tell the U.K. that information sharing, especially when it comes to counterterrorism and the U.K.’s role in the Five Eyes Agreement, will likely decrease significantly between the two partners if Huawei build’s the British 5G network. U.S. government leaders argue it is simply not worth the risk of China getting ahold of sensitive information. The U.K.’s decision to hire Huawei is also straining its relationship with another close ally, Australia. In fact, a member of Australia’s Parliamentary intelligence committee during a meeting with the British Foreign Secretary was quoted saying “How would you feel if the Russians laid down infrastructure in your own networks? That’s how we feel about Huawei”. Australian members of parliament have also canceled a trip to London as a sign of disapproval of the U.K.’s decision. Clearly, this is not just a concern for the U.S., and a network of long-time alliances may soon be threatened by Huawei’s role in 5G network development.

Is a cheaper 5G network really worth destabilizing longtime alliances in addition to opening a vulnerable network to an untrustworthy vendor? It is evident that Huawei favors maintaining control over networks and the data that flows across them, and aligns with the CCP in the effort to surveil and censor people across the globe. The company has also proven that it is willing to ignore security vulnerabilities in its equipment such as those identified by the HCSEC Oversight Board. This is particularly unsettling when considering 5G, which will reach an unprecedented degree of pervasiveness across critical infrastructure including water and electric utilities, hospitals, and transportation systems. 5G also carries the potential for greater cyber security vulnerabilities than in previous generations, if not properly managed. Based on the company’s lax record on security, it would seem Huawei does not have the capability to maintain a secure 5G network.

Hypothetically, if Huawei does have the capability to provide a secure 5G network, several glaring questions remain. Firstly, can we trust them not to maintain illegal access to our networks as they have done with the mobile devices they manufacture? Can we trust them to remain neutral and not allow the CCP with which it is so closely connected to have special insight into our networks? And can we trust them to not use the leverage over our networks to transform the free and “democratic” internet we know now into an internet used to suppress freedom of speech, track political dissidents, and surveil innocent people? Earlier this year the world got a sneak peek of what such a scenario would look like when Chinese social media platforms and search services were directed to “create a good cyberspace environment to win the battle against the [coronavirus] epidemic”. In other words, social media profiles belonging to those discussing the coronavirus in China were shut down, and news and blog articles dealing with the pandemic were blocked. Not to mention the fact that Huawei is also pushing for the “new IP”, which has raised red flags within the tech community for allowing service providers to “have control and oversight of every device connected to the network and be able to monitor and gate individual access”. Now the company’s employees have been found to go as far as directly aid in the apprehension of political dissidents. Based on the evidence, I tend to think the response to these issues is simple. No, Huawei cannot be trusted, and no, free nations simply cannot afford to risk the security of their critical infrastructure or compromise the free flow of information. Fortunately, the U.S. government, Australia, and several other outspoken nations are leading the call to ban Huawei from global 5G network development. It remains to be seen how the rest of the world will react.

Some still question whether or not the controversy surrounding Huawei is worth all the hype. Yet when it comes to considering a vendor that will produce an advanced network with an unprecedented reach in connectivity, particularly within critical infrastructure, such controversy needs to be taken into account. A tech company with blatant ties to the CCP, one of the world’s greatest advocates of censorship, with a consistent habit of ignoring security concerns, violating local laws, and even directly aiding repressive regimes in tracking political dissidents is probably not the best candidate for such a responsibility. A cheaper 5G network is simply not worth the strain on traditional alliances, the vulnerability to critical infrastructure, or the threat to freedom of information. Here’s hoping the rest of the free world comes to realize the high price of doing business with Huawei before such things cannot be undone.

Photo credit: Medium.com