In January 2013, I wrote a blog post about Huawei’s twisty, winding path to prominence. There were plenty of oddities, e.g. Huawei was supplier to the Taliban and nearly acquired by GOP presidential Mitt Romney… but not a the same time!
Huawei is back in the limelight. Curiously, the problem is not one of Chinese state interference but of sloppy software development. I’ll get to that, but first, let’s take an illustrated tour of the Huawei story.
A casual Huawei timeline
2001 – Huawei India faces allegations that it had developed telecommunications equipment used by the Taliban in Afghanistan.
2010 – Reuters reports that a major Iranian partner of Huawei tried to sell embargoed Hewlett-Packard computer equipment to Iran‘s largest mobile-phone operator.
2011 – The Australian government excludes Huawei from tendering contracts with a government-owned corporation constructing a broadband network.
2012 – The Canadian government excludes Huawei from plans to build a secure government communications network.
2013 – The U.S.- China Economic & Security Review Commission advised Congress about Chinese government influence on Huawei.
[LANL] had installed devices made by H3C Technologies Co [which] raises questions about procurement practices by U.S. departments responsible for national security.
The devices were Chinese-made switches used for managing data traffic on LANL computer networks. Huawei’s relationship with Chinese military was mentioned.
What is H3C?
According to Reuters, Huawei’s ties to H3C were the following
- H3C began as a joint venture between Huawei and 3Com.
- Huawei sold its stake in H3C to 3Com in 2007.
- In 2008, Huawei and Mitt Romney-affiliated Bain Capital gave up their bid for 3Com after a U.S. intelligence panel rejected the deal because of national security concerns. (Merely four years later, Mitt was the GOP general election nominee for President of the United States.)
- Hewlett-Packard acquired H3C in 2010.
- H3C’s website (as of 2014) still describes Huawei as a partner, and that they “work together on projects”.
- An HP spokesman said Huawei no longer designs any H3C hardware: “There has never been a shred of substantive proof that Huawei gear is any less secure than that of our competitors.”
Challenge from Quora’s own UK mobile tech VC and tech expert
After writing about the Huawei story on Quora in 2013, I had a mildly tense exchange in the comments. I will reproduce them here. I acknowledge that Rupert is more knowledgeable about mobile device technology and carriers than I am. I was contrite.
I should have stood my ground a bit more firmly. Underconfidence is a terrible thing. I totally caved in. It is kind of embarrassing.
I have no right to crow now, but I will take satisfaction where I can get it.
Vindication for me in 2019
Equipment from China’s Huawei has major security flaws, U.K. says (via Wall Street Journal’s MarketWatch, 28 March 2019)
U.K. officials said they were particularly concerned that Huawei hasn’t implemented company wide cybersecurity practices that it vowed to put in place in 2012, the same year a report from the U.S. Congress labeled Huawei a national security threat. The congressional report effectively banned Huawei from the U.S. Washington has pressured its allies to join its ban, but many countries—like Germany—haven’t followed suit, seeking specific proof that Huawei is a cybersecurity threat.
Recall that Australia, Canada, and the United States were aligned regarding such matters since 2012. The UK, Germany, Belgium, Iran and the Taliban thought Huawei was okay.
Here is the part that I found most amusing: Huawei products might have security flaws that anyone, not just the Chinese government, can exploit. Lack of commitment to security basics can have the same consequences as malicious intent. According to the U.K.’s National Cyber Security Centre:
British officials said Huawei’s “poor software engineering” is the problem, adding that they don’t believe “the defects identified are a result of Chinese state interference.” UK officials identified engineering shortfalls that they said led to discrepancies between Huawei software examined in the lab and software used in British networks. It found that Huawei’s engineering processes couldn’t re-create the same software from scratch twice.
U.K. officials grew impatient with Huawei for not rolling a fix out more quickly. The Thursday report said the $2 billion investment promised from Huawei, “while welcome, is currently no more than a proposed initial budget for as yet unspecified activities.”
…it is probable that the lab would find more vulnerabilities in the future, especially with new products which may include 5G equipment.
Impact on 5G and driverless automobiles
Wireless carriers world-wide are almost ready to upgrade from 4G to 5G. 5G is the cellular tech that could enable driverless cars and various Internet of Thing things aka “smart” this and that.
Huawei is crucial for current 4G cellular tech too
The WSJ also mentioned that Huawei’s prevalence in existing global telecom networks make it “nearly impossible” to continue to support current 4G cellular tech, as well as 5G service in the near future.
Huawei operates in the carrier, enterprise, and consumer segments of the market. Because the company is not public, is not traded on any stock market, and is not based in the U.S., Huawei is not required to submit filings to the U.S. Securities Exchange Commission (SEC).
Corporate governance is different in China
Huawei is privately held by the company’s China-based employees only, but anyone working for the company outside of China cannot buy into the company. The company’s shareholders admit, however, that they don’t understand the company’s structure, are not provided updated information on their holdings, and have no voting power. Thirty-three union members elect nine candidates to attend the annual shareholder meeting.
WHY would the most technologically advanced nations choose Huawei (an opaquely private company based in the People’s Republic China, whose own shareholders don’t even have any knowledge of its corporate governance and structure) as their primary global communications infrastructure provider?
The Wall Street Journal offers a 3 minute video which explains Germany’s reason: Huawei is inexpensive. Actually, the expression was “cheap to use”.
Suomi awaits in the wings
Will there be a global communications setback due to inadequate Huawei security standards? There is a lot of hand wringing going on about that right now. The Wall Street Journal ends on a note of hope, although the extent is unclear: