Does Huawei Support China's Monitoring Laws?
Huawei recently published on its website an open letter to the U.S. government regarding its attempt to acquire 3Leaf and the ruling of CFIUS (Committee on Foreign Investment in the United States) which opposed it. The letter's authors have attempted to allay fears in the U.S. that Huawei has deep ties with the PLA and the State Council, and that its hardware may be utilized by the Chinese government to conduct offensive cyber operations such as sabotage or espionage.
Huawei's letter isn't remarkable for what it says, but for what it doesn't say. According to Huawei's annual financial report (2009), it is "the largest network equipment provider for China Unicom's WCDMA networks and China Telecom's CDMA2000 EV-DO networks; and it provides over 30% TD-SCDMA network equipment used by China Mobile." An early look at Huawei's 2010 annual report (by China Technology News) confirms Huawei's continuing support of China's three carriers. Since the supervision and monitoring of "all wireless frequencies, satellite orbits, telecommunications network numbering, Internet protocol addresses and Internet domains used to realize telecommunications functions" is mandated by Chinese law, and since Huawei provides the majority of the hardware for China Telecom and its sister companies, isn't it reasonable for Western governments to be suspicious that the same Huawei technology which supports the Chinese government's monitoring requirements may also be used in like manner outside of China?
If Huawei wants to convince Western governments that its hardware doesn't contain backdoors or other hidden malicious code, my suggestion as someone who regularly speaks and writes on this topic for U.S. and foreign governments is to provide details on how your equipment is being used as part of China's information acquisition and processing program within the PRC. That level of full disclosure would probably go a long way in establishing trust in a world where there currently is none.
UPDATE: This article has been cross-posted at The Diplomat's Flashpoints blog.
Huawei's letter isn't remarkable for what it says, but for what it doesn't say. According to Huawei's annual financial report (2009), it is "the largest network equipment provider for China Unicom's WCDMA networks and China Telecom's CDMA2000 EV-DO networks; and it provides over 30% TD-SCDMA network equipment used by China Mobile." An early look at Huawei's 2010 annual report (by China Technology News) confirms Huawei's continuing support of China's three carriers. Since the supervision and monitoring of "all wireless frequencies, satellite orbits, telecommunications network numbering, Internet protocol addresses and Internet domains used to realize telecommunications functions" is mandated by Chinese law, and since Huawei provides the majority of the hardware for China Telecom and its sister companies, isn't it reasonable for Western governments to be suspicious that the same Huawei technology which supports the Chinese government's monitoring requirements may also be used in like manner outside of China?
If Huawei wants to convince Western governments that its hardware doesn't contain backdoors or other hidden malicious code, my suggestion as someone who regularly speaks and writes on this topic for U.S. and foreign governments is to provide details on how your equipment is being used as part of China's information acquisition and processing program within the PRC. That level of full disclosure would probably go a long way in establishing trust in a world where there currently is none.
UPDATE: This article has been cross-posted at The Diplomat's Flashpoints blog.
This makes no sense. Hauwei is not China Telecom.
ReplyDeleteHauwei sells electronics and software. China Telecom operates networks and complies with China's monitoring laws.
The software they sell is tested by third parties and Hauwei would not have access to the gear anyway after is was operating in a network here. The network operator controls access to their gear.
There is no more software "backdoor" risk in gear from this company than there is from Cisco, Motorola, or Ericson