The US Congress’s House Intelligence Committee warned on Oct. 8 that doing business with Chinese telecommunication firms Huawei and ZTE could give the Chinese government the power to spy on US citizens and infiltrate control systems that run the country’s electricity, water and gas providers, banking system and rail and shipping channels. Sound alarmist? It probably is. Here are some reasons why.
Huawei, the world’s second largest telecoms company, has long been suspected of stealing trade secrets from companies like Cisco to fuel its rise. It has operated in the United States since 2001 with 14 offices in cities like Chicago, Atlanta and its headquarters in Plano, Texas. ZTE is the world’s fifth largest telecoms firm. Both companies’ US sales come mostly from selling handsets through US carriers like Verizon, Sprint and T-Mobile.
ZTE for its part came under examination when a backdoor was found on ZTE-made Android phones in May. The company has said that it was an accident. It is also under investigation for supplying equipment to Iran despite US sanctions, allegations that may have led US telecom firm Cisco to end its seven-year partnership with ZTE.
The committee’s report is based on classified and unclassified information based on hours of interviews of industry analysts, government officials and employees of Huawei and ZTE as well as sworn testimony by heads of each company. It should be taken seriously, some argue. But during the almost year-long investigation, officials did not find cases of Chinese espionage or intellectual property theft by either company.
Instead, most of the complaints are over the companies’ failure to answer questions about their ownership and government ties to the committee’s satisfaction. And indeed the report describes a certain evasiveness on the part of company officials. But it seems to clutch at straws for evidence that Huawei and ZTE pose major risks. For instance, it finds suspicious (pdf, p. 24-25) the fact that when Ren Zhengfei, Huawei’s CEO, pulled together 21,000 renminbi—around $5,600 at the time—in 1987, together with five other investors (a legal requirement, Huawei said). Ren had worked with none of them before and one of them had “previous affiliation with the government,” the report said. This, in a country where the government was and still is omnipresent, is hardly the stuff of conspiracy theories.
The committee’s chairman also said that anonymous US users of Huawei routers said there were unauthorized shipments of large amounts of data to China late at night, but did not detail the accusations because of ”proprietary concerns.” Ultimately, the report simply concludes that “Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems.”
“Huawei has long been suspected but there has never been a smoking gun,” said Steven Bellovin, a researcher on computer networking and security who teaches at Columbia University in New York. “But I don’t think we’re going to find a smoking gun,” he said, noting the difficulty of finding any “bug, beacon, or backdoor” (to use the committee’s language) inserted in hardware used in US infrastructure.
The most damning evidence linking Huawei to the Chinese government is the fact that its Ren served in China’s People’s Liberation Army. While it is true that China does not have universal military service, biographies of Ren note that he served for about five years, was in the engineering corps, and left the PLA 30 years ago. Besides, he is not from an elite Chinese communist family, as is common for most of the country’s main movers and shakers.
China certainly has a history of economic espionage, and this tars Huawei and ZTE by association. American officials have publicly called China the number one perpetrator of economic espionage against the US and expect the number of cases to increase. “You cannot be certain whether or not the Chinese government is stealing data or spying. That’s why it’s all about the risk assessment,” said Eva Galperin, freedom of expression coordinator at the Electronic Frontier Foundation.
But if Huawei can sell its equipment to telecoms in the UK with safeguards in place, why can’t it do so in the US? Huawei is investing $2 billion in the UK over the next five years, and set up a “Cyber Security Evaluation Center” in 2010 that cooperates with GCHQ, Britain’s signal-intelligence agency, to check that networking equipment and software Huawei sells to British telecom firms cannot be exploited by cyber-criminals or foreign spies.
Huawei, in disputing the Intelligence Committee’s report, makes the point that much telecom equipment made by its competitors, other non-US companies like Ericsson, Alcatel-Lucent, and Nokia Siemens Networks, is manufactured in China. It’s not clear why Huawei’s equipment should be a bigger risk than that of these firms. Huawei also contends that for it to bow to Chinese state demands to spy or damage US infrastructure would be the equivalent of corporate suicide.
It’s also worth noting that a federal law known as CALEA requires all telecommunications in the US provide the ability for wiretapping by law enforcement. That means that most networking equipment should have built-in capabilities to wiretap citizens, regardless of what country the equipment was made in.
Perhaps personal experience more than anything else is why US officials are so nervous about Chinese telecoms in the US market. The US has spied on its citizens and possibly continues to under the current administration. Meanwhile Cisco, a US telecom firm and competitor to Huawei and ZTE, has long been accused of helping the Chinese government censor the internet or spy on dissidents like the Falun Gong through an internet censorship project in the late 1990s called the “Golden Shield”, now known as China’s “Great Firewall.”
For the US to be suspicious of China’s intentions is certainly warranted. To ask questions about Chinese-held firms is prudent. But the committee does not seem to have established that equipment made by Huawei and ZTE poses an exceptional threat; and if it does, then so might the equipment from almost any other supplier.