I am not an expert on technology, and hence have trouble understanding the danger posed by Huawei, the Chinese supplier of telecommunications infrastructure. Thus I’ve been reading up on the issue, trying to better understand the exact nature of the threat. Today’s Financial Times provides one explanation:
UK prime minister Boris Johnson insists that Huawei will be limited to supplying 35 per cent of “non-core” network infrastructure. So while Huawei 5G may not touch critical national infrastructure such as the oil and gas sector, or nuclear and electric grids, it may have access to consumer and citizen data. That might seem of little concern at the individual level, but at societal level, the risk is not trivial — if metadata around consumer trends is at the disposal of a trade competitor, there is no reason to think that the competitor will abstain from creating further monopolies to undercut the UK economy.
That’s it? After reading the FT article, I am more confused than ever. What does “creating further monopolies” even mean? And is there a danger that the firms supplying the other 65% of non-core network infrastructure will also “create further monopolies”?
The UK is considered a trusted ally of the US, part of the so-called “five eyes” security system. In theory, the US is supposed to be willing to share important security information with the UK. But the US refuses to provide British intelligence with the evidence that it claims it has regarding the threat posed by Huawei:
British officials and executives at wireless companies have said the United States did not share smoking-gun evidence that would justify a ban of the Chinese company.
That makes me think this is not really about national security; it’s part of the Trump administration’s goal of preventing China from becoming a great power. That might well be a valid objective, but if that’s what this is all about then we should say so.
Tyler Cowen directed me to a very informative post by Christopher Balding. But while the post provided lots of information suggesting that Huawei was not independent of the Chinese government, the conclusions reached were not very persuasive:
Is Huawei a National Security Threat?
Defining national security broadly yes. For instance, we know that Huawei is continuing to deal with Iran having evidence of their continued dealings as late as November 2018. Huawei built the mobile network for North Korea. They are one of the dominant cloud providers of data collected on foreigners for China. They have provided security, surveillance, and censoring services to authoritarian governments. Even if we exclude the question of whether there are backdoors, very weak, or problematic security on their network gear, defined more broadly, they clearly pose a national security risk to democratic states.
1. I don’t see how Huawei dealings with Iran are a national security threat to the US. The real threat comes from the Trump administration’s decision to walk away from the recent multinational agreement with Iran, against the advice of our allies, which has caused Iran to re-start its nuclear program.
2. I don’t see why a mobile network in North Korea is a national security threat to the US. President Trump’s emotional and highly volatile attitude toward North Korea seems like a much greater risk.
3. What sort of data is being collected on “foreigners?”
4. Don’t US firms also provide technical assistance to authoritarian governments (such as Saudi Arabia, India and Philippines)?
I do see why people would be opposed to using Huawei infrastructure in military-related facilities. Beyond that, I’m having trouble understanding the risk.
Does anyone seriously think the Chinese would try to use Huawei devices to sabotage the British oil and gas sector? Think about that from the Chinese perspective. What are the costs and benefits of that sort of action? The potential benefit would be trivial, whereas the costs to China could be utterly catastrophic.
There’s a tendency of people to lose all sense of proportion when thinking about these issues. In the long run, the best hope for a safer world is for the entire world to become as rich as the West, and also much older, in which case the world will be mostly composed of highly risk averse older middle class people, who have a lot to lose from any major disturbance in the global economy.
That means it’s in our interest to become much more closely integrated with China, and for China to become much richer. Siamese twins have no incentive to fight with each other.
READER COMMENTS
Mark
Jan 29 2020 at 3:22pm
It seems quite sensible to want diversification here and Huawei provides that. You wouldn’t want a US president to be able to shut down your entire communications network through sanctions. And if the concern is that Huawei will use its superior access to consumer data to give other Chinese companies an advantage in the marketplace, this seems highly unrealistic as most consumer companies are Western companies that do all the marketing and distribution and just use Chinese suppliers for manufacturing, and even if it could happen could be dealt with through antitrust laws that apply equally to all companies instead of singling out Chinese ones. The Balding question is very revealing though—he (like our foreign policy establishment) is construing “national security” to mean things like preventing Iran and North Korea from having cell phone networks. “National security” has simply become a euphemism for “global empire” the way “department of war” was changed to “department of defense.”
Grant Gould
Jan 29 2020 at 3:37pm
(background: I had the misfortune to work in telecom technology for many years, mostly in the early 3G era) There are two issues I am aware of, the technological and the cultural.
Technical: The persistent refusal of telecoms protocol designers to build in proper end-to-end encryption based on open, public standards leaves every telecoms system vulnerable to eavesdropping by equipment vendors; this was historically viewed as one of the great prerogatives of national governments and their telecom monopolies.
As multinational and “foreign” companies increasingly supply network gear, the fact that cellular data encryption is pretty much garbage goes from being a great convenience to the government to being a great concern for “national security”.
Cultural: Nearly every telecoms vendor either is, was, or is the merged descendant of a “national champion” “natural monopoly” company. This is why they all prefer to deal in local monopolies, market segmentation, and license-regulated domains. Such companies know, deep in their DNA, that their competitors are dangerous, foreign, and probably subversive. A Verizon is the exact cultural opposite of a Google, a Huawei the exact opposite of an NVidia.
To such a company the notion that another such company might compete with (or, worse, interoperate with) them within the territory of any nation, is the same as saying that territory or nation is weak and foolish and vulnerable. They will sell that story to all licensing agencies and bureau chiefs (and now apparently economists? I despair!) forever.
In summary: Telecoms equipment companies view their products like battleships, and ask if you would buy a battleship from a military rival. In fact it is their business models that are mostly like battleships, and are uncompetitive, badly designed, and largely obsolete.
Scott Sumner
Jan 29 2020 at 11:04pm
Thanks. That’s useful information.
Chris
Jan 30 2020 at 4:39pm
I came from telco once upon a time and agree with the above.
There is another aspect as well. Theoretically, the Huawei gear could have a kill switch that the Chinese government could take advantage of. Under normal times this is mostly irrelevant, but the Chinese would potentially have the power to cause massive disruption to US economy, etc, etc.
It’s the 21st century equivalent of mutual assured destruction going out of balance due to Reagan’s Star Wars.
David S
Jan 30 2020 at 4:57pm
As a network security guy, the real concerns I see are:
Access to private communications. The Chinese government will know what porn the national security advisor is into. (User encryption does not help that much, as the source and destination cannot be encrypted)
Denial of service. The Chinese government can turn off or degrade service to the whole country of any part of it.
Attack platform. The Chinese government can send viruses and Trojans from inside your network firewalls, bypassing virtually all of your security.
Of course, you could say that the US has that capability now. Sort of true, but I think there is a pretty big difference between those parties.
Basically, if your router is Chinese, then the Chinese government can almost certainly gain full/root access to any machine on your network.
Jens
Jan 30 2020 at 2:44am
Interesting perspective.
What i don’t really see why end-to-end encryption and authentication has to happen at the network or transport layer at all. It’s not necessary to trust those layers. After all i also think this is a government/business interest thing. Of course there mustn’t be any restrictions on the software and device side. That’s the main problem.
David S
Jan 30 2020 at 4:58pm
The reason end-to-end is important is to encrypt the source and destination. I don’t need to be a genius to figure out your political views if 1 TB flows between your IP address and IHateTrump.com.
Jens
Jan 30 2020 at 5:52pm
End-to-end encryption and anonymity are two different things. With end-to-end encryption and end devices without backdoors and unrestricted software, Service X can be used to (indirectly) access IHateTrump.com and no one will know. Where X can be a decentralized anonymization network, a private VPN service provider or something else. Sure, you have to trust X but that’s something you can decide for yourself. Of course, you are then at the point that you can again generally suspect contact with X. So anonymity also plays a certain role, but basically this is a different problem than encryption. The main problem are restrictions and backdoors to software and end devices.
With regard to the reliability of the network infrastructure and the fear that the Chinese will be given a kill switch, there is only one way that the implementation of this infrastructure (hardware and software) in the critical parts must be open sources. But this actually applies regardless of the question of whether the stuff comes from China or elsewhere.
David S
Feb 3 2020 at 2:21am
the critical parts must be open sources
Unfortunately this is not enough. Perhaps it is not well known (https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html), but there have been incidents in the real world where the code compiler on a machine was compromised so that a code review would show clean code, while the compiled output allowed the machine to be fatally compromised.
So seeing the code to the router is not enough. For major players (like China), it is not possible to trust them. They can change the hardware to allow remote access – Intel has done this inadvertently many times. These hardware changes would not be detectable without using an electron microscope to reverse engineer the chips.
Jens
Feb 5 2020 at 7:08am
I can not reply to David S Feb 3 2020 at 2:21am above, probably due to limits in nesting levels of comments, so i do it here ..
I could now answer that you also have to review the compilers and verify the hardware (regularly or by default). E.g. compiling process could be bootstrapped with a verified, standardized binary to prevent the attack Thompson demonstrated in the linked source. But of course in full-out paranoia mode everything becomes hilariously complicated and expensive. You may also have to worry about the fact that there is secret technology that remotely changes memory contents in a given infrastructure component (a kind of reversed Van Eck phreaking) and thus completely independent of an absolutely secure and uncompromised initial state. Perhaps the chinese could build “microcode antennas” into their stuff to alleviate this. We are talking about wireless equipment after all. Such possibilities cannot be completely ruled out, like the enduring presence of aliens.
But that all doesn’t change the fact that – regardless of where infrastructure components come from – you have to deal with how to use them. If you actually come to the conclusion that you are dealing with black boxes in general, where you have no way of understanding or verifying what is going on in them, then you should also act as if it were so. E.g. it is always a bad idea not to encrypt (strongly) or to rely on monocultural infrastructure. And most important of course: No regulation regarding encryption or legally demanded back doors. But that all is generic and has nothing to do with the question whether the parts come from China or not. Not in the real world – https://www.republik.ch/2020/01/31/nils-melzer-about-wikileaks-founder-julian-assange.
Lorenzo from Oz
Jan 29 2020 at 6:49pm
The British and German economies were pretty highly integrated in 1914. Their elites intermarried. Turned out not to matter a whole lot come the guns of August.
The Beijing regime has the same difficulty the Second Reich had. The process of economic modernisation its society and economy are undergoing tends to undermine the existing form of political authority within the state.
I am fine with the notion that trade is a good thing, just not sold that it is anywhere near the buffer against bad strategic outcomes that the post implies.
Matthias Görgens
Jan 29 2020 at 10:40pm
Perhaps it is?
Don’t just look at August 1914. Also look at all the crises before that didn’t lead to war.
Scott Sumner
Jan 29 2020 at 11:07pm
Generalities are not refuted by a single observation. And Europe was moving away from free trade and toward protectionism prior to WWI.
And there were no nuclear weapons in 1914. Today both the US and China have lots of them. In 1914, people did not understand the cost of modern war. Today they do, and the costs are far higher than in 1914.
Kurt Schuler
Jan 30 2020 at 4:04pm
Generalities *are* refuted by a single observation if it’s sufficiently weighty.
Benjamin Cole
Jan 29 2020 at 7:25pm
Why has increased globalization coincided with increased government repression?
India is becoming more repressive under their pro-business president Modi.
Beijing is getting worse by the day.
Southeast Asia and the Philippines are slowly declining, in terms of human rights.
The Mideast trades more with the world, yet we see there pogroms and social and governmental collapses.
I suspect globalization leads to income stratification and alienation of government from the governed. Multinationals have a stake not a democracy but in stable regimes. See China.
P Burgos
Jan 29 2020 at 11:29pm
If I had to guess, the “five eyes” government all know what kind of data they collect on their own telecom networks, and would strongly prefer China’s government not to collect that data.
Some of it probably relates to espionage, as I bet that cell data and GPS info is useful in identifying who is a spy, and perhaps can be put together with other datasets to identify people likely to do some spying for China.
My other suspicion is that authoritarian governments are much more capable of using information to influence democratic societies than vice versa. It seems like a reasonable thing to fear that a nation like China is constantly trying to influence media and officials in the US so as to degrade the ability of US institutions to function effectively, and that China having access to telecom data would make them even more effective.
Of course, one may not think that such public relations campaigns by foreign governments are all that effective. But I suspect that when those campaigns are based around generating mistrust, as opposed to trying to achieve some particular policy or electoral outcome, they are effective. And the US constitution has given the nation a system of government that requires some degree of trust among people who disagree with each other. What’s in it for the parliamentary countries that simply let majorities govern I cannot really say.
Scott Sumner
Jan 30 2020 at 2:40pm
Do you think that the Trump administration is worried about foreign governments interfering in US elections, given that Trump himself has publicly encouraged such interference?
P Burgos
Feb 1 2020 at 8:28pm
Well, given what some folks in the Trump administration might know about what role Russia did or did not play in the 2016 elections, I think that they might actually be concerned that foreign governments act against their political ambitions.
Thomas Sewell
Jan 30 2020 at 7:17am
Presumably, like the Germans, the Brits don’t want Chinese Intelligence to have a back door into their networks. Unfortunately, device providers like Huawei and Cisco have developed a reputation for leaving unannounced access in for ease of “service” and testing and the like, not so coincidentally leading them to have access their customers may not approve of or even know about.
It’s risky to have your communications depend on a rival country’s intelligence service when they potentially have access to modify the source code of the devices you’re running. I’d bet more on industrial than government spying as the primary threat, but you’d likely be exposed to some of both as a result of the lack of true security.
Sabotage? Probably not without an actual shooting war. Subtle information gathering? Sure.
Scott Sumner
Jan 30 2020 at 2:41pm
Information from the oil and gas industry?
Thomas Sewell
Jan 30 2020 at 6:54pm
Yeah, if they’re really worried, the split between consumer networks and “critical infrastructure” doesn’t make a lot of sense except in the case of an all out shooting war. Trying to steelman them here, but I suppose they’re treating it like ensuring that batch of critical materials you need to build munitions is available in your own country.
jj
Jan 30 2020 at 10:29am
Using Huawei equipment gives the Chinese government a kill switch on your national communications infrastructure. It’s debatable how much leverage that gives them if any, but that’s what it is.
The closest comparable is Russia supplying natural gas to Europe.
Michael Pettengill
Feb 5 2020 at 6:07am
But how is a kill switch flipped by a Chinese agent in the switch gear center and worse that the same guy just pulling the plus?
Or do you believe China has invented or discovered mental telepathy waves and built it into the hardware, concealed by invisibility cloaking China discovered?
Of course, the same people spreading FUD to block Huawei sales also claim china can never invent or innovate, thus they must steal from the US.
Meaning Huawei is putting top secret undetectable spying technology stolen from the NSA, and that the NSA/CIA have forced CISCo, Lucent to secret put in all hardware sold globally to spy on everyone, like Chancellor Angela Merkel.
Note, Congress passed laws requiring all hardware sold include technology allowing everyone to be spied on, and that requires orders you get to spy on people be kept secret, with attempts to use the Federal Courts to question the orders for you to spy on people a violation of espionage laws. When this “leaks”, this results in Casablanca “I’m shocked” responses from the members of Congress and the Executive who wrote these laws.
I remember well the debate in the 80s with Reagan administration demanding backdoors and declaring all encryption an illegal munition. That was challenged by Zimmerman writing PGP, undergoing FBI et al threats, with the code published in a book that could be easily scanned, making encryption a first amendment right.
That the FBI is back demanding backdoors be inserted by Apple, with almost no one remembering the debate in the 80s, 90s, and the beginning and end of the 00s, proves bad ideas can never be stomped out, with FUD and lies used freely, with almost everyone buying the lies.
The biggest motivation is China has adopted US industrial policy before Reagan which resulted in the US leading both innovation and MANUFACTURING. Since Reagan, manufacturing’s requirement to pay workers cost too much in profits so conservatives favored outsourcing manufacturing to cut the costs of paying factory workers.
China mandates businesses pay ever more labor costs in manufacturing. Firms like Huawei have quotas for increased labor costs to meet, so the products must be sold at cost and deliver good performance in order for it to meet national goals.
Very few US firms sell products at cost, with government policy arguing for extremely high profits. Eg, pills costing a $1, even with all R&D included, priced at $10,000. Even generics outsourced to China sell at high profits in the US mostly since the 90s and 00s.
China “cheats” by not charging high prices to generate economic rents and profits. Huawei has grown rapidly as a result.
jens
Feb 5 2020 at 7:09am
at least the first half of your reply is spot on
Thaomas
Jan 30 2020 at 12:02pm
The trade war with China undermines the US’s professed concern with Huawei, especially if the trade war is seen as motivated by a desire to slow the relative increase in Chinese power (~ GDP) vis a vis the US.
TMC
Jan 30 2020 at 5:15pm
As many stated above, owning the equipment give you great access to any information going over it. There are ways to secure, but also ways to get around that security. A lot of the questioning here is about motive. The Chinese spend billions every year to get information on us, such as the OPM hack, and to steal IP – Boeing ect. You hear about Chinese nationals being arrested for stealing IP every other week. Why would they not use one of the most effective methods to steal this information? I’m in security, and anecdotally, an insurance firm I was with a few years ago would get 10 million hits a month from China probing the firewalls.
Comments are closed.