fbpx

[Analytics] Partnering with Huawei is riskier than you think

A man walks by a Huawei logo at a shopping mall in Shanghai, China, Dec. 6, 2018. REUTERS/Aly Song. Sketched by the Pan Pacific Agency.

The US government’s ongoing offensive against Chinese tech flagship Huawei is sometimes portrayed as ham-handed American protectionism. This is also true of Washington’s restrictions on ZTE and several other Chinese surveillance-product companies. Tom Coyner specially for the Asia Times.

The sanctions extend to companies supplying chips to Huawei and are also designed to dissuade or prevent companies and countries from using Huawei to build their 5G networks – an area where the Chinese firm is a world leader. Many allege that Washington is attempting to cripple the Chinese player in order to allow US firms to catch up.

But as someone who has worked in computer and networks technology in the US, Japan and Korea, and as someone who is by no means a Donald Trump supporter personally, I welcome his administration’s initiative in the area.

Tech risk, human risk

In 1988, with a then-freshly minted MBA, I made a career switch. Thanks to that switch, I was given deep dives into some of the arcane intricacies of computer and networks technologies.

Among those intricacies, no area is more complex than network security. As we surf the Internet, we take for granted the mind-numbing security challenges and confirmations taking place in real time as computers and network components work in tandem to assure efficient and secure communications.

But no matter how well designed the technology, it is ultimately susceptible to human overrides – overrides that are intentional and often illegal.

Human risk factors trump the finest engineering. It would take a book even to briefly cover all these factors and that book would likely be out of date by the time it could be published.

But to mention a few concerns that have been linked to Huawei and other network providers: There exist trapdoors in operating systems and even in firmware that are routinely (though inappropriately) used by client companies’ system engineers as shortcuts to do ongoing maintenance.

If these shortcuts are unknown, the systems are safe. But once discovered, entire networks and datasets are endangered. And the shocking truth is that many of the risks are represented by in-house or contracted staff.

It was no accident that whistleblower Edward Snowden was hired as a systems engineer by a National Security Agency contractor, Booz Allen Hamilton. That gave him the run of the cyber office, and the ability to circumvent various safeguards.

Moreover, trapdoors can be purposely built into software and firmware code to allow a vendor or government agency access. Similarly, “software keys” for data access are sometimes intentionally shared with government intelligence and security agencies for national security reasons, such as during wars on terror, wars on drugs, and others.

Some technology providers refuse or resist this kind of cooperation demand from government agencies. Other companies do not. And even without hidden trapdoors and surrendered software keys, mischief is limited only by human creativity.

I have witnessed a network’s benign features being used to red flag or trigger back-office computers to initiate activities totally unintended by the network’s provider.

More commonly, a hacker will look among the various security levels of schemes found in computers’ operating systems, network security protocols and any other conceivable gateway when a personal computer, or even a smartcard, is verified.

That verification is an interaction within a security scheme which in turn provides a conceivable entry point for the bad guys.

Buyer, beware

In this regard, one may argue that it really doesn’t matter if network technology is American, German, French, Finnish or Chinese. That is a fair argument.

However, there is a key component even more basic to all of this sophisticated, if at times vulnerable, technology. That component is human trust.

When a technology buyer selects a vendor, the assumption – indeed, the demand – is that the vendor is on “the same team” as the buyer. That means the vendor will do whatever is necessary to protect the buyer’s legitimate interests.

The situation is like trusting the engineering of your car, regardless of which country you may drive it. Such trust relationships are givens in all buyer-seller relationships – or should be.

This issue is not simply about companies, it extends to countries. And while all companies, it could be argued, may compete with some degree of equality in related business global sectors, not all countries are the same, compete the same, or have the same systems of governance.

Even though China is undertaking “capitalism with Chinese characteristics” it is still firmly ruled by the Communist Party of China (CPC). The party’s management and potential interference in all and any aspects of Chinese life and commerce has to be acknowledged.

Being a good party member is being a compliant party member, and compliance with the state is a feature of corporate practice. On Wednesday, the party’s United Front Work Department issued guidelines to strengthen the “guidance and supervision” of private businesses, while demanding that “owners and managers keep “up to speed” on party tenets and President Xi Jinping’s thoughts.

In liberal democracies, such as those found in North America and Europe, it is expected that technology providers will push back or even openly challenge their governments’ secretive snooping into customers’ networks and data. That is not the case of China.

Moreover, it is worth noting that Huawei’s founder and chairman, Ren Zhengfei, was a deputy regimental chief in the People’s Liberation Army and remains a senior member of the CPC. While Chairman Ren has repeatedly assured the public that he would do his utmost to protect his customers, one needs to be mindful of his relationship with his government.

Huawei has already been forced to deny allegations of its technology being used by the Xinjiang internal security forces for data analysis, and that companies operating in the Xinjiang region supplying Huawei use forced labor.

Even if the above – and other allegations of intellectual property theft and patent infringement – are false, another ongoing episode related to Huawei and the geopolitical complications that surround it should be born in mind by those who reside in democracies with rule of law.

Canadian complication

That episode is the current hostage game being played out involving Chairman Ren’s daughter, Meng Wanzhou, former Huawei chief financial officer, and two Canadians arrested for unspecified “national-security violations” in China.

The US government accuses Meng of violating long-standing sanctions on Iran, including against the exportation of US technology goods into Iran. On August 22, 2018, a New York court issued an arrest warrant for Meng to stand trial in the US.

On December 1, 2018, Meng was arrested in Canada at the request of US authorities. Judicial proceedings are currently underway over her possible extradition to the US.

In China, in the same month, Beijing detained two resident Canadians, Michael Spavor and Michael Kovrig, on charges of endangering the state. The detention of the two has been widely analyzed as being linked to Meng’s detention.

But while Meng has been under house arrest and must wear an ankle detection device while reading books and doing her oil painting, Spavor and Kovrig were reported at one time to be held in isolation without being allowed outdoors, kept under lighting and surveillance 24 hours a day, with hours of interrogations per day.

The British Broadcasting Corporation has noted that during regular Chinese Foreign Ministry press briefings, various spokespeople routinely mention the fate of the Canadians and that of Huawei founder’s daughter in the same response – whether they’ve been prompted to do so or not by reporters.

Party media outlets have been barefaced in demanding that Canada release Meng if the Canadians want their former diplomat and businessman back. However, the Canadian government and judiciary are firewalled, preventing ad hoc compliance. The Chinese government has no such constraints.

Some may say that concerns about CPC involvement in Huawei technologies in customers’ networks have yet to be proved. That may be true. But more broadly, we have the above example of the CPC taking action on behalf of Huawei, suggesting that the two parties are connected at the hip.

Furthermore, when theft is copying rather than physical removal, the crime is usually discovered – if at all – only after the fact.

At the end of the day, technology providers are guardians of their clients’ most valuable data and competitive advantages. Everyone wants those guardians to be willing to do whatever it takes to fulfill the mission.

While Chinese guardians may be generally loyal to their customers, in a country where business and politics are so tightly interlinked, the limits of this loyalty to overseas customers whose governments may be at odds with Beijing could prove minimal.

Tom Coyner worked for more than 20 years in the US, Japan and Korea in computer systems and large networks hardware and software, including as a Japan country marketing director and as Korea country manager. Currently he provides business consulting services to companies dealing with the Korean market as well as contributing text and photography to international media.

Share it


Exclusive: Beyond the Covid-19 world's coverage