With all of the recent revelations about the US National Security Agency’s surveillance programs, it must be hard for the Chinese telecom equipment manufacturer Huawei not to gloat a little bit.
After all, the leaks from former contractor Edward Snowden showed that the NSA enlisted US technology companies to enable its snooping on global telecommunications networks—which is exactly what US intelligence officials have accused Huawei of doing on behalf of the Chinese government.
Until now, Huawei has largely declined to directly address Snowden’s leaks and what they might mean for its business—a touchy subject since many US firms are now seen as potential NSA collaborators, and analysts have estimated that the leaks could end up costing the US technology industry as much as $180 billion in lost business.
But with Huawei still largely blocked from operating in the US, and its American competitors facing new challenges in the rest of the world due to the NSA leaks, the company is trying to take the high road by calling for transparency and global standards to restore trust in the industry.
“It is time to press the reset button on the security challenge and ask ourselves if we wish the future to be different from the past, and indeed today, in what way will we work together to define and agree new norms of behavior, new standards, new laws and create a new realism in the balance between privacy and security,” John Suffolk, Huawei’s global cyber security officer, said today in prepared remarks for the Seoul Conference on Cyberspace.
Sunlight as disinfectant
Huawei’s newly released cyber security white paper urges the IT industry to share best practices, develop a framework to reconcile conflicting national laws, and create simplified requirements for suppliers in the global supply chain. Although short on specific recommendations, the paper also lays out Huawei’s own policies and procedures for making sure that its own products are secure.
“Someone recently said to me that government spying is probably the second-oldest profession in the world—that is never going to change,” Suffolk told reporters in Seoul. But Snowden’s leaks are “already changing the debate,” he said. “The reality is you’re seeing countries who are seeing we want to bring things back to our borders … I think we’ll see a lot more openness and transparency from the IT industry. We have lost a little bit of trust as an industry based on what’s happened.”
The Guardian, the New York Times and Pro Publica drew on documents obtained by Snowden to report that the NSA was “collaborating with technology companies in the United States and abroad to build entry points into their products,” without identifying the companies that participated.
Given the huge levels of disttrust in today’s technology industry, Huawei’s idea of finding common standards that all governments and private sector firms will adhere to is bound to be a Herculean task. Rightly or wrongly, Huawei has become a magnet for Western fears about China’s rapidly growing technology sector, along with its counterparts like ZTE and Lenovo. This week financial markets largely dismissed reports that Lenovo might bid for troubled smartphone maker Blackberry, for example, because of doubts that the deal would be approved on national security grounds.
Huawei has repeatedly denied accusations that it is in league with the Chinese government. “We can confirm that we have never received any instructions or requests from any Government or their agencies to change our positions, policies, procedures, hardware, software or employment practices or anything else, other than suggestions to improve our end-to-end cyber security capability,” said Huawei deputy chairman Ken Hu, in a forward to the company’s white paper. “We can confirm that we have never been asked to provide access to our technology, or provide any data or information on any citizen or organization to any Government, or their agencies.”
Who inspects the inspectors?
Even if the industry adopts Huawei’s stated mantra of “assume nothing, believe no-one and check everything,” and assumes the worst about equipment makers and the governments they may be cooperating with, what then?
Finding intentionally-introduced vulnerabilities in computer hardware is notoriously tricky, since it’s relatively easy to hide them inside vast amounts of computer code and sneak them into a dizzying supply chain that reaches around the globe.
For its part, Huawei has set up a secure center where the British government can inspect the company’s equipment to make sure it doesn’t contain any “back doors” that would allow foreign governments to monitor or interrupt communications.
“We do this at great risk to our own intellectual property because the source code for any telecom equipment company, it’s your crown jewels,” said Scott Sykes, Huawei’s head of international media affairs. But even that initiative has not been without controversy: Parliament’s intelligence committee flagged concerns that the “security-cleared personnel” inspecting Huawei’s gear for vulnerabilities were employed by Huawei itself.
Locked out of the US
Even with these attempts at transparency, the company seems resigned to the fact that political opposition in the United States means that it won’t have any significant business in one of the world’s largest telecoms markets for the foreseeable future.
“If you look at the US and the challenges we face there, it’s about finger pointing and trade protectionism, and it’s done nothing to improve the state of security of networks in the United States,” said Sykes. “Whatever issues are happening in the US have nothing to do with Huawei. We have less than 1% market share there. We’ve been essentially prohibited from being allowed to freely compete for business amongst the large telecommunications operators there, and US networks are no more secure than before that decision happened.”
With the US market largely closed to Huawei, the company has been rapidly expanding elsewhere, especially in continental Europe and Britain. Huawei CEO and founder Ren Zhengfei—a former Chinese military engineer—met with UK Chancellor George Osborne on Thursday during Osborne’s trade mission to China, and confirmed that Huawei plans to build a $200 million R&D center in Britain as part of its overall $2 billion UK investment program.
Huawei and Suffolk, formerly the chief information officer for the UK government, have clearly been thinking about these issues long before Edward Snowden’s leaks were made public. In March, just weeks before the first articles about the NSA documents were made public, he wrote in a prophetic blog post: “Maybe this is why America doesn’t want us to sell our equipment to American companies; maybe they will worry that we will see what they do with American citizens’ personal data, monitoring and storing of everything that passes through telecommunications.”
Quartz asked Suffolk on Friday whether he feels vindicated by what has come to light about US surveillance conducted with the complicity of US technology firms.
“We are as a company incredibly passionate about getting the world to use technology … anything that dampens that I think for us is a bad thing, but what i think we all can do is drive forward to the next level of transformation as an industry,” he said. “There will be silver linings, but I don’t feel vindicated, I feel saddened.”