US Takes Baby Steps Toward Providing Actual Public Evidence Of Huawei Spying
from the ill-communication dept
We’ve noted a few times now how US claims that Huawei routinely spies on Americans haven’t been supported much in the way of actual public evidence, a bit of a problem given that’s the primary justification for the country’s global blackballing efforts. Previous White House investigations 18 months in length couldn’t find evidence of said spying, and many US companies have a history of ginning up security fears simply because they don’t want to compete with cheaper Chinese kit.
The US has been making its blacklisting case for much of the last year, but had been criticized previously by Germany and the UK for being a bit light on actual evidence. That shifted slightly this week courtesy of a report in the Wall Street Journal (paywalled, here are Ars Technica and Gizmodo alternatives), which quoted US National Security Adviser Robert O’Brien as saying the US has hard evidence that Huawei has backdoor access to mobile-phone networks around the world:
“We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world.”
Again, this is a step up from previous US claims that it didn’t actually need to provide public evidence to justify a massive global blackballing effort that’s been debated and discussed for more than a decade:
“The US kept the intelligence highly classified until late last year, when American officials provided details to allies including the UK and Germany, according to officials from the three countries. That was a tactical turnabout by the US, which in the past had argued that it didn’t need to produce hard evidence of the threat it says Huawei poses to nations’ security.”
US officials quoted in the piece say they’ve known about the backdoors “since observing it in 2009 in early 4G equipment,” though officials declined to say whether the US has actually observed Huawei using this access. The Journal notes how telecom operators are required by law to build backdoors for authorities to access the networks “for lawful purposes,” but they “are also required to build equipment in such a way that the manufacturer can’t get access without the consent of the network operator,” restrictions the US claims Huawei is violating in several countries:
“US officials say Huawei has built equipment that secretly preserves the manufacturer’s ability to access networks through these interfaces without the carriers’ knowledge. The officials didn’t provide details of where they believe Huawei is able [to] access networks. Other manufacturers don’t have the same ability, they said.”
Still, some were quick to note that claims of evidence isn’t the same as public evidence, while some infosec reporters lamented the report for being a bit vague:
This story is vague and fuzzy. Needs more verification and details. https://t.co/tsE8B08dl8
— Kim Zetter (@KimZetter) February 11, 2020
Again, there are certainly plenty of valid security concerns about both China and Huawei. Huawei is certainly no saint, and like so many telecom giants has some truly grotesque and greasy habits. But a healthy chunk of the hand-wringing over China and Huawei is the product of competitors like Cisco, who adore over-hyping Huawei’s issues in DC for competitive gain. Without public, verifiable evidence, it remains difficult to assess what percentage of the US hand-wringing is valid cybersecurity concern, and what percentage is just K Street bullshit (see: the “race to 5G“).
There’s also the fact that the United States continues to dole out surveillance ethics lectures despite having an abysmal track record on the subject. Recall the NSA broke into Huawei as early as 2009 to install its own backdoors, and has also been busted intercepting Cisco products in transit to embed them with surveillance tech. There was also this blockbuster Washington Post story this week highlighting how the US bought cryptography company Crypto AG, then abused that ownership for decades to weaken encryption and spy on its allies.
The US of course absolutely loves backdoors. And the US loves using companies like AT&T as an extension of its global surveillance efforts, to the point where you truly can’t tell where the NSA ends and AT&T begins. But were foreign companies to then suggest that AT&T should be banned from doing business worldwide, the backlash and demands for transparent and open evidence from these exact same sources would register on the Richter scale. This “do as we say, not as we do” logic only has the effect of making it harder to take the US seriously when it suddenly expresses concern about rampant surveillance.
In short if the US truly wants to convince the world to not only ban Huawei, but to also spend the money needed to rip its equipment out of every network on Earth, (a particular issue for cash-crunched rural operators) it’s going to need to provide more than some unverified claims in the Wall Street Journal.