Latest Huawei 'Smoking Gun' Still Doesn't Prove Global Blackball Effort's Primary Justification
from the ill-communication dept
We’ve noted a few times now how the protectionist assault against Huawei hasn’t been supported by much in the way of public evidence. As in, despite widespread allegations that Huawei helps China spy on Americans wholesale, nobody has actually been able to provide any hard public evidence proving that claim. That’s a bit of a problem when you’re talking about a global blackballing effort. Especially when previous investigations as long as 18 months couldn’t find evidence of said spying, and many US companies have a history of ginning up security fears simply because they don’t want to compete with cheaper Chinese kit.
That said, a new report (you can find the full thing here) dug through the CVs of many Huawei executives and employees, and found that a small number of “key mid-level technical personnel employed by Huawei have strong backgrounds in work closely associated with intelligence gathering and military activities.” This full Twitter thread by the study’s author is also worth a read:
So it is finally here: reveal day. I am proud to announce I have written a paper with help from a variety of people that comes from a massive leaked database of Chinese CV's that shows just how close Huawei and Chinese state security services are. 1/n https://t.co/Knyo4OCz5B
— Huawei HR Director Balding (@BaldingsWorld) July 5, 2019
Yes, Huawei’s claims that it had absolutely no meaningful ties to state intelligence services has always likely been bullshit. And many of the connections between the military and intel services and these employees are fairly obvious. Some employees went so far as clearly indicating that they worked for the government and Huawei simultaneously. 11 employees attended a Chinese a military academy that also researches ?information warfare,” though the report doesn’t indicate if they actually participated in said research.
That said, the paper isn’t the smoking gun it’s being covered as on some fronts. The paper clearly notes that while some employees may have flitted between government and intel services and Huawei, actually connecting them to any hostile actions or spying in the US or UK wasn’t possible. Like here in the paper, for example:
Third, in addition to titular and experiential activity that ties Jingguo to state security activities, it is possible to tie work from his CV to reported cases of Huawei information gathering. It is not possible to directly tie his routers or his code to the specific products in question, but based upon the timeline, work described, and geographic responsibility, there is a clear match with work described on Huawei activity in Italy and network security with code being injected that would allow Huawei to access the network and traffic.
So, yes, some folks in the Chinese military and intelligence services have also worked at Huawei. And many likely used those experiences to help the company craft surveillance technologies likely used in China. Given intelligence agencies around the world routinely cultivate, implant, or recruit folks in industry, this kind of cross germination really isn’t all that surprising.
That said, these kinds of connections aren’t that uncommon in the US or UK, either. AT&T, for example, is effectively bone grafted to the NSA at this juncture. AT&T’s ties to the NSA are so total, you’d be fairly hard-pressed to point out where AT&T ends and the NSA begins, especially if you’ve spent any time reading about the allegations by whistleblowers like Mark Klein, or AT&T and the NSA’s often shady surveillance buildings peppered across the country. AT&T’s employees are embedded with the US government. The relationship is so uniform, AT&T employees frequently act as intel analysts.
Would we be cool then with, say, overseas companies banning AT&T from global markets given obviously close ties to US intelligence? While there’s little doubt that China engages in some horrific behaviors when it comes to censorship, surveillance, torture, and worse, the narrative du jour continues to be that when the US or UK does this sort of stuff (like that time the NSA hacked into Huawei to backdoor gear) a patriotic press deems it “good.” But when the Chinese do it, it requires massive wholesale blackballing efforts and endless pearl clutching. On this front, the press often lets patriotism muddy the waters.
And again, the Huawei blackballing effort (which some smaller companies say will actually hurt them) is based largely on the claim that Huawei routinely spies on Americans specifically, something there’s still no clear evidence of. The question also needs to be asked: If you don’t trust Huawei, who is OK to trust? Do we trust Cisco, whose hardware has been intercepted by the NSA in transit to aid US surveillance efforts? Do we trust AT&T? Do we trust anybody? Are these standards applied evenly across companies and countries? Is this concern being extended to the Chinese gear in the internet of broken things, your router, or smart fridge? If Chinese gear is in everything, why stop with just Huawei?
There are plenty of folks arguing that you can be concerned about Huawei’s potential security issues without engaging in ham-fisted protectionism. Folks argue that there are better, systemic approaches to improving internet security that don’t require the sort of herky-jerky, protectionist policy hyperventilation of the Trump administration. But these voices have pretty routinely been drowned out by those driven more by patriotism or profits than any genuine, measured interest in a consistently fact-based approach to better security.