SHENZEN — Huawei this week again defended itself against U.S. government claims that data running over its telecommunications gear around the globe is spied upon by Chinese government officials.
However, there’s a catch. A spokesman for Huawei told several U.S.–based reporters meeting in Shenzen that “I don’t know” what happens with data running on the gear of Chinese carriers who are providing data interconnection capabilities with carriers outside of China. Such interconnections allow data and voice to flow from one carrier serving a region to another in a different region.
Huawei and other companies based in China are required under a 2017 cybersecurity law to make data running on their servers available to Chinese officials. Since China state security can access such data, U.S. officials and analysts have argued that data running on Huawei branded servers, routers and other gear running anywhere is vulnerable to surveillance and attack.
Joe Kelly, vice president of international media affairs for Huawei, objected to the U.S. raising such concerns because the Chinese security law only applies to companies based in China.
Interconnection agreements with Chinese carriers are not covered by the law, and Kelly said, “I don’t know” when asked if that omission has created any vulnerability. Generally, he defended Huawei as a private company separate from Chinese government influence, adding it would not be in Huawei’s interest to hurt its customers by making them vulnerable.
“We’ve never been asked by our government to do anything” to jeopardize customer data, Kelly said. “We’ve never received” a Chinese government data intercept request.
More broadly, he mirrored comments by other Huawei officials in recent weeks that Huawei is being confronted by U.S. allegations of wrongdoing without proof.
“There’s never any evidence we’ve done anything wrong,” Kelly said. “If we were doing bad stuff, you’d know about it.” He added that because so many people and companies use various forms of Huawei gear for wireless and wireline communications they would come forward to complain. The Chinese government has no role in how Huawei operates, he stressed.
Huawei’s denials of wrongdoing have been contradicted by U.S. officials and some security analysts. They point to numerous lawsuits brought by Huawei’s competitors over allegations of theft of intellectual property, among other concerns, as providing a smoking gun about Huawei’s future actions.
Analysts doubt China
Roger Entner, an analyst at Recon Analytics and former U.S. government security specialist, said in an interview with FierceWireless that there is sufficient concern about cybersecurity with the Chinese to distrust Huawei. “I don’t trust Chinese state security,” he said.
Entner said U.S. intelligence and cybersecurity experts haven’t divulged all they know about the ways Chinese state security can infiltrate Huawei and other systems because the U.S. “doesn’t want to give the Chinese remedial lessons on how the Chinese can do their jobs better.”
Entner contended that because of the 2017 cybersecurity law in China, “everything in the world is accessible to Chinese state security. China doesn’t need back doors to get this data. They can go in the front door, and then they can tap into servers and base stations and listen in live. China doesn’t need brute force. They have the key to log in.”
Other analysts said a Signaling System 7 (SS7) hack attack can create a vulnerability for Chinese officials to infiltrate smartphones and other devices, including those of Huawei. The SS7 protocol is used to exchange data between network devices in a global network infrastructure used by hundreds of carriers. Even end-to-end encrypted applications are vulnerable to an attack because account verification over a network can be done via SMS or a mobile call, outside of the encryption.
Entner said Huawei faces “deep trouble” with recent U.S. Commerce Department and White House actions that ban U.S. companies from providing components and software to Huawei. But he also conceded that President Trump and the U.S. Congress face a dilemma because there are no homegrown U.S. manufacturers of 5G base stations.
American companies have failed at providing vital 5G networking gear because of marketplace realities in a capitalist culture where 5G competitors from abroad have dominated, he added. “American companies don’t cut it, I’m sorry,” Entner added. “We don’t have these companies because we don’t socialize company losses. Can you imagine the outrage of Congress if it had to fully fund a 5G base station supplier?”