As published on the British Foreign Policy Group website
By Tiwa Agiri & Ella Lane
Huawei is facing an existential crisis throughout Europe and North America. The Chinese tech giant is the world’s largest telecommunications equipment maker and has recently overtaken Apple in becoming the world’s second-largest supplier of smartphones. Founded in 1987, boasting 180,000 employees and over $92.55 billion in revenue, Huawei has been deemed the crown jewel of Chinese tech. Huawei has won over 25 commercial 5G contracts worldwide. It has supplied equipment to primary UK telecommunications networks such as BT, EE and Vodafone. Huawei is now however, locked in intense legal disputes regarding its alleged breaches of US sanctions and was recently hit with 23 US sanctions. There is growing fear amongst Western leaders about whether Huawei is a vessel for espionage for the Chinese government. The West has already acted to limit if not rescind Huawei’s involvement in infrastructure. The EU’s technology commissioner has warned that countries “have to be worried” about Chinese manufacturers. The US has banned all Huawei products in infrastructure. The UK’s National Cyber Security Centre (NCSC) recently concluded however, that the risks posed by Huawei can be mitigated and should not be banned from UK networks. This article will explore whether Huawei poses a genuine threat to the UK. New legislation requires private companies in China to “cooperate” with intelligence agencies and previous cases of espionage through private entities illustrate the potential threat. Some commentators argue that no private company in China is truly free from extensive government influence. Conversely, others assert that the UK has robust safeguards and Huawei can be considered an anomaly. The tech giant received NCSC approval and is closely monitored by GCHQ. This regulatory scrutiny from our security agencies should provide sufficient assurance that the potential risks of undue influence are duly mitigated. We will explore the merits of these arguments and consider the extent of action required by the UK, if any.
Huawei has become integral in the UK’s network infrastructure but there is growing evidence of the tech giant’s potential threat to national security. Whilst Huawei is keen to portray itself as wholly independent from the Chinese government, critics question how free any major Chinese business can be from government influence. China’s 2017 National Intelligence Law stipulates that organisations must “support, co-operate with and collaborate in national intelligence work.” On the surface this legislation could oblige private companies to disclose confidential information of any nature or even carry out espionage if requested. The introduction of this legislation has raised serious security questions about Huawei and other Chinese tech firms.
Additionally, Huawei’s denial of government influence cannot necessarily be taken at face value. There are several cases where China has been found to be stealing trade secrets through private and state-owned companies. In November 2018, the US Justice Department charged state backed chipmaker Fujian Jinhua Integrated Circuit Co. Semiconductors, with stealing trade secrets from US semiconductor company, Micron. Fujan Jinhua denies all allegations. In October, Bloomberg revealed that chips were inserted in computer motherboards manufactured in China for US-based supplier Super Micro Computer, a company which supplies the likes of Amazon and Apple. China also refutes any wrongdoing.
In January 2019, a Huawei executive was arrested in Poland after being charged with spying for the Chinese government. Huawei claimed this was a rogue employee and had nothing to do with the company’s operations. The Polish security services concurred. The Polish Prime Minister did, however, urge for joint NATO action to restrict Huawei, illustrating the global concerns over security.
Huawei’s CEO Ren Zhengfei was recently asked how the company could deny a request from the Chinese government to access data or to create network “back-doors”. Zhengfei stated “China’s ministry of foreign affairs has officially clarified that no law in China requires any company to install mandatory back doors….Huawei and me personally have never received any request from any government to provide improper information.” It is not clear however, the extent of collaboration required by the National Intelligence legislation or what is classed as “improper information”. While Huawei is not obligated to install back doors, they ostensibly have no legal power to decline a government request for data. Therefore, Zhengfei’s assurance does little to alleviate concerns. There is mounting evidence against Huawei, illustrating that the company poses a risk to the UK’s national security and governmental action is warranted.
Many commentators argue Huawei’s threat is overstated as the UK’s network infrastructure security framework is robust. Furthermore, unnecessary restrictive action against Huawei could come at the expense of the UK’s development of 5G technology, given Huawei’s position as a trailblazer in the technology. This is a fair assessment as in the UK, Huawei’s security threat is mitigated. The UK government setup the Huawei Cyber Security Evaluation centre in 2010, which monitors Huawei’s UK operations in collaboration with GCHQ’s national cybersecurity centre. The government regularly subjects Huawei equipment to GCHQ intelligence agency testing and over the years GCHQ had consistently provided assurances that the company poses no risk to national security. The last GCHQ report however, found “shortcomings” in products and could only give “limited assurance” that the firm posed no threat to national infrastructure. Subsequently, Huawei agreed to a series of GCHQ technical demands that strengthen its products against attackers. Huawei’s willingness to cooperate and take remedial action undermines the allegations of mandatory backdoors. Crucially, a NCSC recent review claims that as long as precautions are taken, they are confident that risks can be sufficiently mitigated, undermining any potential security threat.
In addition, unlike most billion-dollar Chinese companies, Huawei is not government owned and is transparent with its ownership. Huawei’s CEO holds 1.4% while the rest is held on behalf of employees and “no external institution or government institution owns shares”. Without state ownership the influence of the government is substantially reduced.
The British government should act proportionately to the identified threat, as has been done in previous cases. State-controlled Chinese telecommunications equipment maker ZTE was phased out from the UK in 2015 after the National Cyber Security Centre warned of national security threats. This illustrates that where legitimate threats are identified, action has been taken. Fundamentally, the government is well placed to identify risk and take appropriate action. Huawei may pose a threat but we should follow the guidance of our security services who are confident that any threats are managed effectively by this close monitoring and therefore, does not warrant a total ban.
Taking all into account, Huawei does
pose a legitimate risk to the UK. In December 2018, UK Defence Minister Gavin
Williamson revealed “grave concerns” about Huawei. The Chinese government
exercises significant influence over all large Chinese private companies and
the National Intelligence legislation could facilitate espionage. Robert Hannigan,
former director of GCHQ best summarises the dilemma facing the UK government.
He notes “It’s a difficult balance…..We want the benefits of Chinese technology
and inward investment and we should find ways of managing the risks, pushing
back where necessary.”
Telecoms equipment was the UK’s largest import from China account for 14% of
our total trade,
illustrating the importance of striking this balance. The concerns raised over
Huawei are however, substantial enough to warrant action. These concerns could
prove to be misplaced but whilst they exist it would be irresponsible not to
take them seriously. The government’s current approach is proportionate and
adequate, given that the monitoring of Huawei significantly mitigates the
highlighted risks. This is the view of the NCSC, but the UK government is yet
to make a decision on the matter. For now, we won’t be saying our goodbyes to
Huawei just yet.
 Cyber Security Intelligence Blog https://www.cybersecurityintelligence.com/blog/canada-is-suspicions-of-huawei-3749.html
 Financial Times – https://www.ft.com/content/d37edb56-1882-11e9-9e64-d150b3105d21
 Parliament Research Briefings http://researchbriefings.files.parliament.uk/documents/CBP-7379/CBP-7379.pdf i