Home / Blogs

Let’s Have an Honest Conversation About Huawei

On May 29, I attended an AEI event on “International economics and securing next-generation 5G wireless networks,” with Ambassador Robert Strayer, who heads the U.S. State Department’s CIP team. But the focus of the talk was not really on 5G security, international trade or 5G development. In fact, there was no constructive agenda at all. The talk was an extended attack on China and the Chinese-based telecommunications vendor Huawei—another episode in an ongoing U.S. government campaign to shut Huawei and other Chinese firms out of the U.S. market, and to convince every other country in the world to do the same.

One would expect that from a Trump administration State Department official. A few months later, however, Jason Healey, once a respected cybersecurity professor at Columbia University, repeated all the same stuff in a blog on the Council on Foreign Relations. In a short piece called “Five Security Arguments against Huawei 5G,” Healey tried to shore up the fraying U.S. campaign against Huawei with another broadside.

It’s clear that this is part of an organized, government-led campaign. But the real issues underlying the U.S. challenge to Huawei are not being stated directly. Red flags are being waved and diversionary tactics used in the service of an objective that is not openly stated.

U.S. policy toward Huawei must be put in the broader context of increasingly fraught U.S.-China relations. In this broader view, we must talk about China as a potential geopolitical rival to the U.S., the role of technology trade in international relations, the Hong Kong protests and the Belt and Road initiative. And when this is done, it becomes clear that the anti-Huawei campaign is part of a dangerous and ultimately counterproductive move away from liberalism and toward tech nationalism in the U.S. Information and communication technology trade and development are at risk of being held hostage by military and national security interests in a way that threatens to dismember the global internet. As much as we would like to attribute this problem to President Trump, it’s clear that it goes much deeper than that. The campaign predates his presidency by nearly a decade and has roots in the U.S. military and intelligence community. That conflict is complicated by the contest of values between the U.S. and China, symbolized by public attitudes here towards the Hong Kong protests.

The litany

Strayer and Healey delivered what is now the standard litany of USG resistance to Huawei. It consists of four major components:

  • Huawei 5G equipment poses severe cybersecurity threats
  • Huawei steals intellectual property
  • Huawei gets government subsidies
  • Huawei is inseparable from and a tool of the Chinese government

Each argument is politically potent in U.S. political scenarios, but surprisingly weak when subjected to basic logical and empirical scrutiny. In this, the first of two articles, I will deal with the first three parts of the litany. The second part will take on the last one, which is the core premise of the campaigners and the real source of the problem.

Huawei and cybersecurity

Strayer, Healey, and the U.S. intelligence entities argue that the presence of Huawei equipment or software in a 5G network means that the entire system is compromised. Mistrust of China and opposition to its authoritarianism is projected onto Huawei equipment. Healey takes this line of thinking to new heights of fantasy. Perhaps, he muses,

Huawei has not just a backdoor but a?kill switch. Huawei gear around the world would operate as normal, year after year, until a precipitating crisis.

No need for any facts, spreading fear will do. This is exactly the kind of nationalistic paranoia that motivates the Russian “Sovereign RUNet” efforts. It’s a technological McCarthyism.

For some time now, those making this argument have repeatedly failed to come up with any discoveries of specific backdoors in Huawei kit. The best the Huawei critics can do is to charge that the software is sloppy. A report by the U.K.‘s Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board concluded that there are:

”...serious and systematic defects in Huawei’s software engineering and cyber security competence.”

Another key conclusion of the report, however, is never mentioned: The U.K.‘s National Cyber Security Centre “does not believe that the defects identified are a result of Chinese state interference.” The U.K. report goes on to make another important but underreported qualification:

“the architectural controls in place in most U.K. operators limit the ability of attackers to engender communication with any network elements not explicitly exposed to the public which, with other measures in place, makes exploitation of vulnerabilities harder.”

So not only has the threat of Communist-planted backdoors been discredited, but so has the idea that the vulnerabilities in its software could instantly make a nation’s entire telecom infrastructure a tool of Xi Jinping. At worst, Huawei stands accused of bad software engineering.

The rhetorical trick here is to turn the unavoidable risks of complex ICT systems into a problem that Huawei and Huawei alone causes. In fact, all 5G systems, being heavily software-dependent, pose a new set of risks.1 Those risks are not reducible to the national origin of the manufacturer or developer. One is tempted to ask what would happen if the Microsoft or Android operating systems were exposed to the same level of scrutiny as Huawei.

Recently, Huawei’s CEO Ren Zhengfei, made an interesting move to address these concerns. He told the New York Times’ Thomas Friedman that he is prepared to “license the entire Huawei 5G platform to any American company that wants to manufacture it and install it and operate it, completely independent of Huawei.” That’s a pretty major concession. A refusal to take him up on the deal indicates that it is not mainly cybersecurity that is driving U.S. resistance.

Don’t get me wrong: Chinese cyber espionage is a problem for the U.S. (and vice-versa). But of the many Chinese cyber espionage problems the U.S. or any other country has experienced in the past 10 years, not one has relied on the target’s use of Huawei products. In inter-state cyber conflict, what matters are cyber vulnerabilities generically, not the use of a specific vendor’s products. The cybersecurity argument, on its own, does not provide a basis for singling out Huawei.

As an added caution, the whole notion of a “Chinese” supplier obfuscates the globalization of the 5G supply chain and standards. Huawei is a major consumer of U.S. chips and other components, for example. South Korea’s Samsung is dominant in 5G antennae. Taiwan and China, not exactly the best of friends, are highly interdependent in this sector. Cisco core routers could be combined with Huawei radio access networks.

Supply chain cybersecurity should be—and is already becoming—a concern for all vendors and suppliers. But we cannot reduce the problem of supply chain security to the national origin of one company assembling or even designing the equipment. Any attempt to do so is profoundly threatening to the system of free trade in technology and ICT services that the U.S. has worked hard to create, and which benefits the general public tremendously. And yet we see, in the orchestrated attack on Huawei, an attempt to do precisely that. Why?

Asian copycats?

The second part of the litany is that Huawei steals intellectual property. Here we find a familiar mix of exaggeration and hypocrisy. Claims about Huawei are not differentiated from any and every form of Chinese IPR copying that ever took place in history. So “China steals IPR” slides into “Huawei steals IPR” which becomes “Huawei has no original technology and its equipment is only competitive because they copied it from us.”

Let’s begin by noting that Huawei’s research and development (R&D) investment in 2018 surpassed that of Microsoft, Apple and Intel. It was ranked 4th among the global tech companies in R&D expenditure. It leads the world in the number of 5G patents. As indicated later, it’s likely that American government critics of Huawei are more concerned about Huawei’s production of IPR than its theft of it. The IPR theft charge is mainly just a smear tactic.

It is true that there are cases, fairly old ones, in which Huawei has been accused of infringing patents. In 2003, Cisco sued Huawei for infringing on its patents and copying the source code used in routers and switches. The lawsuit succeeded in getting Huawei to remove the contested code, manuals and command-line interfaces, and the case was settled. In 2010 Motorola and Huawei settled a lawsuit around Huawei’s alleged conspiracy with former employees to steal trade secrets.

But let’s put this in context. I.P. theft claims and counterclaims are endemic to all high-tech companies. Palo Alto Networks’ founders were accused of infringing patents that had been invented by them when they were employees of Juniper Networks. Juniper Networks has been the subject of numerous patent lawsuits in the past ten years. Cisco and Arista finally settled years of patent litigation with a $400 million payment. Just a few months ago, Cisco was found liable for infringing a cybersecurity patent. And everyone knows about the titanic patent battles between Apple, Samsung and Qualcomm. It is inevitable that major, innovative high-tech firms bump up against the borders of each other’s patents. The courts work it out, as it did in both Huawei cases. There is no life-threatening problem here, and nothing unique to Huawei.

In Healey’s article, the only evidence of I.P. theft cited was a link to a Trump Administration Justice Department criminal indictment about Huawei’s alleged theft of T-Mobile’s “Tappy” robot. Healey claims that keeping Huawei out of U.S. markets is thus a matter of “justice.” What a joke. Anyone with knowledge of the “Tappy” situation knows how absurdly trumped up this charge is. Tappy was a device to test handsets. As such, it is not a strategically important technology and has no bearing on the core 5G equipment and software markets Huawei tries to contest. Tappy became an issue because it didn’t work right on Huawei (and other) phones. Huawei wanted to find out why. As Columbia University Professor Moshe Adler explained in a devastating refutation, “the problem was not that [Huawei] did not understand how Tappy works [and wanted to steal it], the problem was that Tappy did not work and that T-Mobile was reluctant to acknowledge it…” A civil claim by T-Mobile against Huawei has already been settled with minor damages awarded and some charges dismissed. For Healey and others to use this minor fracas as evidence of why Huawei should be excluded from U.S. markets, and for the U.S. Department of Justice to turn this into a criminal case, shows that this is a politicized effort, part of a broader campaign.

On the whole, the entry of new foreign competitors in high-tech markets has increased the level of competition and innovation. Economist Stephen Roach observed that Japan was portrayed as the greatest economic threat to the United States, and allegations of intellectual property theft were a big part of Americans’ vilification of the country. “Thirty years later,” Roach writes, “Americans have made China the villain, when, just like three decades ago, they should be looking squarely in the mirror.” It would be more reasonable to see Huawei as a replay of Sony or Samsung than as an illegitimate industrial thief.

Subsidies

Americans like to throw around the charge that Huawei is competitive only because it is subsidized. Any evidence? Huawei attackers thought they had their “aha!” moment when the Times of London reported that American intelligence shown to Britain says that Huawei has “taken money” from the People’s Liberation Army, China’s National Security Commission and a third branch of the Chinese state intelligence network. Note first that this is a third-hand report of unverifiable information. Second, ask what does “taking money” mean? If it means that Huawei has contracts with the Chinese government, then it’s a pretty weak argument. Having government contracts is not the same thing as having major government subsidies.

It’s impossible to conceive of how a major ICT vendor would not have contracts with civilian and military agencies of their own government. Cisco has a Joint Enterprise Level Agreement with the U.S. Department of Defense. Amazon provides cloud services to the CIA and is trying to sell facial recognition software to police agencies and federal intelligence agencies. More ominously, AT&T’s secret deal with the NSA to provide warrantless wiretapping is well known. They are all “taking money” from the military, lots of it. Are they agents of the State?

Huawei is an agent of the Chinese state

The anti-Huawei litany only makes sense when one realizes that the Chinese state, not a global telecommunication equipment manufacturer based in China, is the target of this attack. It means that our military and intelligence agencies are making trade in ICT equipment and services a hostage of their international security and military goals. They are seeking to militarize and nationalize technology in order to pursue great power games. This is the hidden agenda behind the attack, and it needs to come out in the open.

In the next part of this article, I will examine this aspect of the claim in greater detail and explore its implications for Internet governance.

This article originally appeared on the website of the Internet Governance Project.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Milton Mueller, Professor, Georgia Institute of Technology School of Public Policy

Filed Under

Comments

Good analysis Anthony Rutkowski  –  Oct 22, 2019 1:59 PM

Great to see people standing up to the Trump insanity here.

A witchhunt by another name Carlton Samuels  –  Oct 22, 2019 9:29 PM

Like Milton said, subject to ‘basic logic and impirical scrutiny’ sure looks like this witch won’t hunt. Nuff respect, Milton.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC