Australia has drawn a very public line through certain Chinese tech companies, effectively blocking them from selling various network technologies in Australia for critical infrastructure projects such as the much vaunted 5G network.
Is this fair? Or reasonable? Justified? Or are we simply further propagating a slightly xenophobic, Australia-centric, fear-based view?
Feverish social commentary aside, it is perhaps worth exploring some of the reasons that this decision might have been taken by Australia. (And the UK, USA and others.)
Huawei, ZTE and other Chinese tech companies... what’s the big deal?
The story of these companies is commercially amazing – growth numbers unheard of outside of the Valley social media startup darlings, astonishing rates of adoption, customer base growth and technological advancement… quite the story. And some of their kit is good. In Huawei's case it's really good. However over time, less savoury elements to those stories started to appear.
For example, between 2010 and 2015 it was the era of the war of the smartphones – Samsung + Android v Apple + iOS. Then suddenly, 2016 was the year of the Huawei phone. By August 2017 Huawei was selling almost as many handsets as Apple. Of course, the price was incredibly appealing. Rumours and allegations started to surface around how much R&D hadn’t actually gone on, and accusations of IP theft and hardware backdoors etc started to circulate, all of which were denied.
Except these weren’t always just rumours and innuendo. In 2012, ZTE was caught red handed as their Score M Android handset was found to have a hard-coded backdoor admin password on the phone. Not cool.
ZTE - Not A Fan?
In April this year, the UK’s National Cyber Security Centre – formed within GCHQ in 2016 specifically to analyse potential cyber threats on a global scale in response to cyber being nominated as the UK’s number one focus for national and economic security – issued a formal warning to British telecoms companies and the government about ZTE phones and networking equipment. It stated in no uncertain terms that using ZTE equipment "would present risk to UK national security that could not be mitigated effectively or practicably". No specifics were given, as is not unusual with such agencies, but it’s not exactly an unambiguous statement.
So ZTE – probably a fair cop to block them from potentially sensitive projects. It’s been established almost to irrefutable certainty that it was originally a State-Owned Enterprise that spun out of the Ministry of Aerospace in China. Admissions from the company suggest current and historical ties to the Chinese Government and military that can’t really be rationally explained any other way. Basically, they appear to be a tech company from China, aligned with the Chinese Government, that won’t open its doors for anyone, other than to issue statements flat out denying any allegations made. Until of course they get caught. ZTE is hence not a company that Western economies seem to fancy trusting with potentially sensitive stuff.
What About Huawei?
Huawei on the other hand, is an ostensibly private company, ‘owned’ by its’ employees. Do yourself a favour and check out its founder, Ren Zhengfei, and his journey… it’s quite a story.
Here's his Huawei bio page. And check out this fascinating article from The Economist in 2011 as a starter for ten. He sounds like a very, very smart, very motivated guy.
Huawei's response to Western suspicion appears to have been a little different to that of ZTE, and in fairness, in some instances quite commendable.
In the UK in 2010, Huawei established the Huawei Cyber Security Evaluation Centre (or HCSEC), which promptly copped the nickname "the Cell", being located just down the road from GCHQ’s pad in Banbury.
The Centre takes full source code sets for all Huawei products and rebuilds the binaries to replicate functionality from the ground up and independently assess. So basically, HCSEC allowed the UK’s top cyber spooks to pull Huawei kit and code apart and share what they found.
Whilst this Centre has been acknowledged as largely a success and that risks have been ‘sufficiently mitigated’ (whatever that means) a recent report from its Oversight Board noted that this wasn’t always easy due to "complex and subtle technical issues". Again, nothing much else was elaborated on, but you get a sense of it being a slightly British case of “nothing really to see here, but don’t touch the stuff in that pile over there please.”
Which brings us to why Huawei, with what appears to be valid attempts at transparency and openness, are still being blacklisted.
I believe it stems from the inconclusive nature of the outcomes from a series of very thorough investigations and inquiries into Huawei, ZTE and others over a period of years, by multiple governments; into how they behave as companies, who they do business with, and how they respond to legitimate concern and enquiry.
One of the more comprehensive reports into Huawei and ZTE that we as mere citizens can access was done in 2012 by members of the Permanent Select Committee on Intelligence in US Congress. If you're a sucker for bureaucratic authoring you can read it here if you like.
One of the more salient points one can take away from this admittedly unflattering report is this statement (authors highlights):
“This unclassified report discloses theunclassified information the Committee received when trying to understand the nature of these companies, the formal role of the Chinese government or Chinese Communist Party within them, and their current operations in the United States…. Theclassified annex provides significantly more information adding to the Committee’s concerns. That information cannot be shared publicly without risking U.S. national security.”
In plain English - "There’s some uncool stuff going on that we’re not real happy about; but be aware that there’s a whole bunch more very uncool stuff going on that we can't talk about".
Some of the more pressing issues with these companies can be summarised as below, derived from both the above-mentioned reports, as well as several other declassified and non-classified inquiries, documents, reports and papers you might care to look up.
In no particular order they include:
Neither company appears able to adequately address security concerns as and when raised by governments
Neither company appears to be able to answer questions completely and clearly when questioned by multiple agencies and governments
Neither company appears willing to address fully and openly their relationships (if any) with the Chinese Government, Chinese Military or Chinese Communist Party (CCP)
Huawei could not adequately explain how the company structure and in particular the employee ‘benefits’ and ‘ownership’ structures work, at least in a manner that explains and supports the growth the company has experienced
Both companies deny any influence from the Chinese Government or CCP; yet as an example, both were found to maintain internal Chinese Party Committees, the function, oversight, management of and reasons for which could not be adequately explained
Neither company appear to be able to adequately show financial independence of the Chinese Government, current or historical
Neither company appears to be able to adequately explain their commercial relationships with client countries such as Iran and North Korea, as well as other sanctioned countries
Neither company could they explain how they could simultaneously comply with international sanctions and laws with respect to trading with sanctioned countries, and yet trade with them. This point isn’t helped by incidents such as ZTE being investigated for selling around $130M USD worth of prohibited US surveillance and communications equipment to Iran in 2012, or Huawei for stating that it was complying with sanctions however in the light of ‘ongoing contractual commitments to existing customers’ or words to that effect, they weren’t going to stop trading in / with Iran
Neither company appear to be able to support their assertions that they provide no R&D, technical development or support for the Chinese Government, military or intelligence services. In at least one report, rather cryptically described ‘other documents’ are referenced which apparently suggest otherwise
This article isn’t intended to be a comprehensive assessment, nor a Huawei or ZTE or China tech bash by the way. Huawei in particular make some very cool kit. However it is a topic that has come up multiple times in recent weeks, so I thought I'd share some information on same, as well as point out where and how you might start to look for more information should you be so inclined and find this topic of interest.
Basically, to quote Billy Joel: it’s a matter of trust.
See you on the swings!
D