back to article No backdoor, no backdoor... you're a backdoor! Huawei won't spy for China or anyone else, exec tells MPs

The UK Parliament’s Science and Technology Select Committee yesterday asked experts whether Huawei poses a threat to national security. It was a question the answers to which exposed the many problems with trying to ban a manufacturer that’s been a part of the country’s telecommunications landscape for nearly two decades. The …

Page:

  1. Bronek Kozicki Silver badge

    quite sensible

    MP questioning aside, seems like expert opinion actually was ... expert. Even Hauwei's own man seem to know what he's talking about "We want people to find things – whether they find one thing or 100. We are not embarrassed by what people find.". I wonder if Cisco exec would say the same, with the hardcoded credentials etc.

    1. 0laf Silver badge
      Boffin

      Re: quite sensible

      Treading a careful path as well but not mentioning the NSA putting pressure on US manufacturers to introduce 'their' backdoors into hardware and software. I'm sure it's not beyond the UK's intelligence servcies to do the same whatever the law says. Effectively you can't trust anything so we should operate on the assumption of zero trust.

      I agree the expert opinion in this case appeared to be knowledgable and pragmatic.If the politicians on the committee were using Godwin's Law this quickly I thikn that highlights just how out of their depth they were resorting to hyperbole to be seen to make a point.

      1. Anonymous Coward
        Anonymous Coward

        Re: quite sensible

        Still, you fail to notice that UK services have a "special relationship" with US services - not with Chinese ones. It's not a small difference....

      2. Jason Bloomberg Silver badge
        Thumb Down

        Re: quite sensible

        If the politicians on the committee were using Godwin's Law this quickly I thikn that highlights just how out of their depth they were resorting to hyperbole to be seen to make a point.

        The committee's jibes about Zyklon B were utterly and deeply offensive. And they didn't just let it slide when it was treated with the disdain it deserved, but pushed to have Huawei admit they are the most evil company walking on God's good earth.

        I had already been convinced this is a politically motivated witch hunt. After that I have no doubt.

        1. Yet Another Anonymous coward Silver badge

          Re: quite sensible

          So long as British phones use ARM processors owned by those bastions of moral rectitude in Saudi Arabia.

    2. Anonymous Coward
      Anonymous Coward

      "Even Hauwei's own man seem to know what he's talking about"

      LOL! He's not a Chinese (so they have no way to ensure his "loyalty") - if ever the China government has plans to use Huwaei equipment for espionage, they are not going to tell him. And yes, any Cisco executive would say the same.

      And any expert that assert that private businesses - especially telcos - should be in charge of national security, should change job, even if it means he will lose all that nice money telcos pay him to say such things.

      1. Pascal Monett Silver badge

        It's all good and nice to be wary of The Man, but telcos are the de facto custodians of our telecommunications, so it falls on their shoulders to make sure our comms are secure.

        Unless you prefer your phone provider to just be the NSA ?

        1. Anonymous Coward
          Anonymous Coward

          "it falls on their shoulders to make sure our comms are secure."

          Without oversight and policies set by some one who don't think about "PROFIT!S!!!!!" only?

          Would you trust your telco to keep wholly safe your data and communications,and don't sell them to the highest bidder?

          It's still a matter of separation of powers - the telco do their job, and someone ensures they don't take dangerous shortcuts doing it because of "PROFITS!!!!!!!!".

          1. Anonymous Coward
            Anonymous Coward

            Re: "it falls on their shoulders to make sure our comms are secure."

            <cough> Phorm <cough>

        2. Claptrap314 Bronze badge

          As a USAian, trust the telcos for national security/privacy? Hahahahahahahahahahaha! Trust the NSA? IEEEEEEEEEEE!

          The telcos don't even have the theoretic motivation to tend to national security. There is no profit there. The NSA, like pretty much every government bod, just ignores its charter.

          1. jmch Silver badge

            AFAIK US telcos are happy to sell their customers information

    3. Anonymous Coward
      Anonymous Coward

      Re: quite sensible

      Its PR guff. The reporting channels are private and contracts enforce their use.

    4. TheVogon Silver badge

      Re: quite sensible

      But if they were forced to add backdoors, presumably they would also be required to deny it?

      1. teknopaul Bronze badge

        Re: quite sensible

        Thats how it works in the UK. Govt can force you to backdoor a website and you are not allowed ever to mention it. Only option is to close up and do business elsewhere.

        1. Paul

          Re: quite sensible

          In the UK it's called "technical measures" which mean backdoors, key escrow, wiretaps, anything they want basically with no discussion or appeal.

          1. jmch Silver badge

            Re: quite sensible

            It makes sense that law enforcement be allowed monitoring powers without whoever is being monitored being aware of the fact - otherwise what's the point? Of course law enforcement can't just rock up at the telco and demand access, they need a warrant. If telcos are served with a warrant, why would they appeal? I would only see pushback from telcos if they start to get what they believe is an unreasonably large amount of warrants.

            AFAIK telcos actually do publish (though maybe hidden away in some annual statement) the number of 'technical measures' they have been required to comply with. If I remember correctly, Google, Apple etc also went ahead and published some metadata about the number of law enforcement access requests (even though they weren't permitted to do so) exactly because they wanted to have more transparency on the process, and to push back against excessive overrreach.

            There's no easy way out except to trust that the judges are keeping law enforcement in check.

    5. streaky Silver badge

      Re: quite sensible

      I wonder if Cisco exec would say the same

      Of course they would. They'd be talking nonsense but they'd say the same without thinking twice.

      Only way to be sure is to test. Huawei are tested and are happy to go along with that testing. My thing is I don't mind much what we do as long as we're holding everybody to the same standard.

  2. Anonymous Coward
    Anonymous Coward

    'If we were put under any pressure by any country that we felt was wrong, we would prefer to close the business'

    They WOULD say that, but what if they're NOT ALLOWED to shut down OR say why, on pain of prison or worse? Just how far is he REALLY willing to go?

    1. JetSetJim Silver badge

      The key bit was "that we felt was wrong". Lots of wiggle room there.

      Saying that ,a good cogent defense, and more thorough than anything Cisco have provided.

    2. MGJ

      For the real view of the British civil service/Government of Chinese telecoms companies, perhaps do an FOI for instructions on what to do with IT equipment that has been used in China outside of the secure room in the Embassy. It's always hacked into in minutes and cannot be used again for connection to a government network. Private Offices used to have piles of Blackberry's and laptops that had been in China for staff to take away with them at their own risk. The vast majority of hacking threats to the UK (used to) come from those at least pretending to be the Chinese military.

    3. PassingStrange

      So - that's not a "No", then...

      There's a yawning gap between "we would prefer to" and "we would".

      Come to that, there's a chasm between "If we were..." and "We haven't been...", too.

      No prosecuting counsel worth their salt would fail to draw attention to that degree of prevarication.

  3. Pen-y-gors Silver badge

    No laws?

    There are no laws in China that obligate us to work with the Chinese government on anything whatsoever,

    No, but this is China we're talking about. They don't need laws. If the government say jump, you jump, regardless of the 'law', or you end up in the organ banks.

    1. seven of five

      Re: No laws?

      Unlike in the US, where you end up in Guantanamo.

      (yes, exaggaration, but you get the drift...)

      1. Anonymous Coward
        Anonymous Coward

        Re: No laws?

        Probably you still have more rights in Guantanamo than in any Chinese camp - and you may not even know where Chinese detention camps are. And nobody in China can even protest about the existence of them. Feel free to go to live in China, anyway, nobody forces you to live in these horrible Western countries.... still I see Chinese emigrating here, not vice versa.

      2. SolidSquid

        Re: No laws?

        You wouldn't end up in Guantanamo, but you might get a national security letter which instructs you to provide information and binds you to keep quiet about the existence of that instruction, refusal to cooperate with either of which can lead to jail time

        1. Claptrap314 Bronze badge

          Re: No laws?

          Which is entirely the same as having your organs removed, I see...

    2. sal II

      Re: No laws?

      The end result is no different from the USA where the PATRIOT act etc. legalize the snooping.

      1. MrTuK

        Re: No laws?

        There is no real difference between any Gov of any Country and anyhow can USA complain about Huawei when it uses any security vulnerabilities it can in order to access any hardware it can especially Cisco. Infact they have teams of people looking for Vuln's so they can exploit them (rather than make them known so they can be plugged the the manufacturer) and I imagine China and all other Gov's secret service do the same especially USA because Eddy Snowden let that one slip !

        There is one final twist worth thinking about, maybe Huawei is more secure or doesn't have one particular security hole that other manufacturer's do and that is why the USA doesn't like Huawei !

        1. Jason Bloomberg Silver badge

          Re: No laws?

          There is one final twist worth thinking about, maybe Huawei is more secure or doesn't have one particular security hole that other manufacturer's do and that is why the USA doesn't like Huawei !

          "He's sitting here, telling us they'll never do any spying or snooping, no matter what the threat or consequences. That's no fucking good for us".

          Imagine there's a joke icon attached if you choose to ->

        2. aks Bronze badge

          Re: No laws?

          Huawei have offered to share their tests with others. If all of the 4G and 5G suppliers competed in a form of hackfest to break each others' offerings, we'd have a more robust system.

          The suspicion is that the USA like having vulnerabilities in their own suppliers. China and Russia would delight in breaking other peoples systems and publishing them. If the USA and Europe did likewise, we'd all be a lot more secure. The USA didn't like Kapersky locating NSA malware. China would not want others to break into their systems. We can trust each of them not to trust each other and to have a common motive to discover other people's weak points.

        3. jmch Silver badge

          Re: No laws?

          "There is no real difference between any Gov of any Country"

          As bad as governments of western countries can be, your statement above is so obviously wrong it's astounding. Keep in mind that China is far, far, far away from being the worst offender.

          You want to go live in Yemen, Venezuela, Syria, Zimbabwe etc etc and then see how you feel?

    3. Anonymous Coward
      Anonymous Coward

      Re: No laws?

      "No, but this is China we're talking about. They don't need laws."

      Indeed. Unlike the UK and US which do have laws to force companies to hand over any information they want and not tell anyone about it (section 54 of UK RIPA and SCA non disclosure orders in the US).

      1. amanfromMars 1 Silver badge

        Re: No laws? Except for Abiding Rules of Deep and Dark Jungles

        Unlike the UK and US which do have laws to force companies to hand over any information they want and not tell anyone about it (section 54 of UK RIPA and SCA non disclosure orders in the US). ..... Anonymous Coward
        .

        Companies hand over diddly squat/zilch/nada, persons of interest hand over information and presumably because it is leading intelligence whenever it is diligently sought and/or desperately needed.

    4. Anonymous Coward
      Anonymous Coward

      Re: No laws?

      The same is true in the US, as the Palm CEO experienced even before the PATRIOT act was a thing.

    5. JoMe

      Re: No laws?

      While it's true they don't need laws, there is a law requiring this. And having worked in various ITAR, S, and TS organizations I can confirm that we've received hardware that included additional technology with back doors.

    6. Anonymous Coward
      Anonymous Coward

      Re: No laws?

      "There are no laws in China that obligate us to work with the Chinese government on anything whatsoever,"

      Then how do they explain this?

      1. Yes Me Silver badge
        Flame

        Re: No laws?

        You mean the bit where it says:

        the Cybersecurity Law states that network operators, which include telecommunications companies such as Huawei, have to provide “technical support and assistance” to government offices
        No, Huawei is not a "network operator", and if the journalist who wrote that piece could make such an elementary blunder, I don't trust a word of the story.

    7. SomeRandomFaggot

      Re: No laws?

      "We" is his employer "HUAWEI TECHNOLOGIES (UK) CO., LTD." which is on this side of the HCSEC firewall.

      There are no laws in China that can compel "HUAWEI TECHNOLOGIES (UK) CO., LTD." to break the law in the UK, because that company must comply with UK law. This has the hilarious effect of being technically correct whilst at the same time having absolutely no effect whatsoever on the legions of spies that work for the Chinese government - that is what the HCSEC is for. HCSEC fulfils the role of being a deterrent to overt backdoors. In other words - the reason they haven't found any backdoors may very well be because they are looking for backdoors.

      If Huawei does indeed play host to Chinese government spies, this still does not constitute an actual request from the Chinese government - it is easily possible for the Chinese to attempt to conduct intelligence operations without involving the company's executive branch and in fact any covert operation would only be hindered by a request to the company as any such request that the UK branch of the company became aware of would result in GCHQ being immediately notified of the request, blowing the whole thing open and permanently ruining it for the Chinese. So you can bet your ass that the Chinese are not going to make any such request.

      The success of any Chinese intelligence operation therefore depends solely on the effectiveness of covert intelligence and UK counterintelligence operations, of which Mr John "I used to be HMG's CIO" Suffolk is a part. Having occupied such a sensitive position in the government he must continue to comply with the requirements set by his HMG security clearance until the day he dies. I would be very surprised if it is even possible for him to cut ties to the UK intelligence services - if he did so, I expect that he would quickly find himself committing suicide by chopping himself up, bundling himself into a sports bag, and throwing himself in the river. In short, Huawei's Global Cyber Security Officer is a de-facto GCHQ informant.

      It's a very strange relationship between two countries where extreme mutual distrust has had to coexist with an extreme mutual desire to make money. Ironically enough Huawei products are probably safer from deliberate backdoors than those of any other provider, specifically as a result of this scrutiny. I would say there is a case to be made for subjecting all equipment providers to similar levels of scrutiny but that would be very expensive.

      Or maybe we could just build our own telecoms gear?

  4. Anonymous Coward
    Anonymous Coward

    I watched a large section of the proceedings

    The article is a good representation of what went on and that the respondents were indeed knowledgeable.

    When the MP's were digging hard on political pressure and state law I though that the respondents were excellent at not mentioning that Cisco et al have bowed under this pressure in the US in the past (see the Snowden leaks).

    I thought that the MP trying to accuse Hauwei of being complicit like the Nazi gas suppliers was well below the belt!

    I am familiar with some of the Hauwei code. Some of the third party stuff is very good, some of the 'home-brew' is less professional, but still pretty good - not unlike most commercial code I see! The same goes for the Cisco and Juniper code I've seen. (All legitimately examined I must add.)

    Come on, let's have less of the 'witch-hunt'. Assume that everyone is spying on everyone else, end-to-end encrypt if you feel you need to, and lets get on with life using the appropriate technology.

    1. Chris G Silver badge

      Re: I watched a large section of the proceedings

      From the clip I watched, trying to compare Huawei with IG Farben wasn't in context. It wss just thrown in so that it could be used as a sound bite later.

    2. Anonymous Coward
      Anonymous Coward

      "was well below the belt"

      Maybe you should spend some time in China telling them you're a muslim Uyghur....

      Or just look what's happening in Hong Kong....

      Even Chamberlain thought Germany was not so bad, after all....

      1. Anonymous Coward
        Anonymous Coward

        Re: "was well below the belt"

        Maybe you should spend some time in China telling them you're a muslim Uyghur....

        Try the US if you're non-white, not a *cough* "Christian" *cough*, not rich or even happen to have the same name as someone else on the no-fly list.

        Oh, and no problem if you're abroad either, that's what extraordinary rendition is for. Best don't go out after dark.

        Each country has its dark sides. That does not justify atrocities, but it also makes it kinda hard not to end up in a pot vs kettle situation. However, most importantly, it does not change the legal and facts-based arguments one iota. If my chain of trust starts with the ability to inspect the mechanics and people who I trust have given the OK, that matters. The US can wave its pretend Democracy banner for all it wants, but Cisco has not been inspected in a similar fashion which means bye bye Cisco in my book.

        And yes, I want any updates examined in a similar manner, of course.

        1. Cuddles Silver badge

          Re: "was well below the belt"

          "Maybe you should spend some time in China telling them you're a muslim Uyghur....

          Try the US if you're non-white, not a *cough* "Christian" *cough*, not rich or even happen to have the same name as someone else on the no-fly list."

          More to the point, how is this even relevant. Does the CEO of Huawei personally roam the streets beating Muslims? Does the CEO of Cisco regularly lynch black people? Many countries have issues with human rights to varying extents, but how exactly is that relevant to which company I might want to purchase a router from? If there's evidence a company is clearly and deliberately complicit in abuses that might be a factor in the decision, and of course if there's evidence their equipment might actually be compromised in some way that's very important. But saying "Country A has done bad things, therefore everything produced by Company from Country A is bad" is just meaningless nonsense.

          1. Anonymous Coward
            Anonymous Coward

            Re: If there's evidence a company is clearly and deliberately complicit in abuses

            As regards Huawei and the treatment of muslim Uyghurs by the Chinese state, you may or may not regard the following links as containing (or reporting) evidence of something of concern.

            https://www.theglobeandmail.com/world/article-huaweis-partnership-with-china-on-surveillance-raises-concerns-for/

            https://www.theepochtimes.com/huawei-a-pressing-problem-that-demands-serious-work_2868529.html

            No doubt other reporting can be found; these were just some which came up after a quick search.

            It seems to me that without a consideration of specific behaviours, it is hard to pick between the "bad Huawei" and "but everyone does bad things" rhetorical positions. What specific comparisons might we make between what Huawei reportedly assists in Xinjiang, and what (e.g.) Cisco reportedly do? What are the actions, how many people are affected, and which people are affected?

          2. Anonymous Coward
            Anonymous Coward

            Re: "was well below the belt"

            Not sure what point you’re trying to make, white Christians are the ONLY persecuted group in the US these days

          3. Anonymous Coward
            Anonymous Coward

            Re: "was well below the belt"

            Check out the demographics of Silicon Valley if you think that you need to be a white Christian.

            That's not to say you won't find bias, and plenty of it. Some companies are heavily... monocultural. You have to be from a specific part of India to be in management, or speak Russian, or Chinese.

            A little closer to the main topic, I'm pretty sure that John Suffolk would be called a "diversity hire" in slightly different circumstances. He is unlikely to wield true policy influence. PR bad enough to impact sales is the thing that does that.

        2. Anonymous Coward
          Anonymous Coward

          "Try the US"

          Do you see re-education camps in US? Really, US can be blamed for many things, but it will take still a long road to become like China and Russia - btw they don't need "renditions", they simply poison people abroad.

          Sure, Trump and some of his supporters would like it - but people trying to put on the same plane the Western world - with all its defects - and authoritarian states that killed millions of people and would have no issue to start again are trolls or simply "useful idiots".

          1. Sir Runcible Spoon Silver badge
            Mushroom

            Re: "Try the US"

            Facebook and the other scummy media companies are de-facto training camps for the re-education of the masses.

            1. Claptrap314 Bronze badge

              Re: "Try the US"

              The government schools have been captured by the socialists. They're skipping the "re-" part.

        3. SomeRandomFaggot

          Re: "was well below the belt"

          This is not a pot V kettle situation when looked at using any objectively measurable parameter. It never will be, not even between two almost identical countries, but comparing the US and China is an extreme example. Not all sins are equal - saying that "every country has it's dark side" is like saying "the unethical behaviour exhibited by US and Chinese authorities is morally equivalent". It isn't.

          The US is way more tolerant than China and it is a false equivalency to attempt to draw any kind of parallel between China and the US in terms of ideological persecution. Even if Trump builds the wall and starts shooting immigrants at the border, you are still not even getting close.

          And the racism goes both ways - you think Chinese people aren't racist AF? They are way more insular than even USAians.

          But you're right - f**k cisco.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019