back to article Huawei pens open letter to UK Parliament: Spying? Nope, we've done nothing wrong

Huawei has admitted "room for improvement" in its product design processes in an open letter to the UK Parliament – but strongly refuted allegations of spying. The five-page letter (PDF) from Ryan Ding, Huawei's carrier business group (CBG) president, states that Huawei's commercial reputation would be destroyed if it was …

  1. Nightkiller

    Huawei, you could enhance your credibility if you had your kit banned in China.

  2. Voyna i Mor Silver badge

    Iran

    Much as I detest the Iranian government, the US attempt to carry out a trade war against Iran by bullying other countries into submission is despicable.

    Also, they know no history. Napoleon's Continental System (a trade war against Britain) not only was ineffective but in the end turned other countries against him.

    1. Pascal Monett Silver badge
      Coat

      Re: Iran

      Yeah, but nobody is interested in the past. There's no votes or bonuses to get there.

    2. Anonymous Coward
      Anonymous Coward

      @Yoyna i Mor Re: Iran

      Seems you don't know your world history.

      I guess you weren't even born when the Iran and Iraq war was fought.

      There's a reason why some Iranians liked to be called Persians and not Iranians.

      This begs the question... were you even alive when the Shah fell?

      1. TonyJ Silver badge

        Re: @Yoyna i Mor Iran

        I think you'll find though, that the toppling of the Shah was far more to do with us (Britain) and British Pettroleum than it was anyone else.

        1. Bumpy Cat

          Re: @Yoyna i Mor Iran

          No.

          Britain and BP had a hand in the ousting of Mossadegh in 1953 (along with the US, the Iranian military *and* the Iranian Islamic leadership, although the latter are curiously quiet on that point nowadays).

          The toppling of the Shah in 1979 was pretty much an internal affair, by leftists/communists/Islamists. The Islamists proceeded to murder all the leftists and communists, leaving just the ayatollahs in charge.

    3. Anonymous Coward
      Anonymous Coward

      "the US attempt to carry out a trade war against Iran"

      With Iran, is not a trade war. It's the fear their nuclear program could alter the region status quo - and it already used the Syrian disaster to expand its influence -, and become a real menace for Israel - which is anyway the only trusted US ally in the region. Sanctions are aimed at hindering the nuclear program.

      If they are more effective than the agreement reached previously is questionable - but anyway it's not a "trade war", it's a "cold war".

      Actually, Iran has little to export beyond oil, while there are a lot of money to be made selling the much needed goods and services it needs, and US sanctions hurt a lot of Western industries too.

      Yet sanctions are a double edged sword - they can also alienate those people who don't agree with their government.

  3. Anonymous Coward
    Anonymous Coward

    Surely the issue isn't what they're currently doing or have done in the past but what they could have the potential to do in the future? If their products are substantially embedded in all these 5G networks around the world, what happens one day if relations between China and western countries significantly deteriorates potentially to the point of war? I can't see them telling the Chinese government that they're unable to do anything because it'll hurt their reputation.

    I'm not saying it will ever happen (and I hope it never does) but it's not completely beyond the realms of possibility. It would make sense in that case to at least spread the risk a bit instead of one company having a near monopoly.

    1. MiguelC Silver badge

      By that logic, every nation on earth should only use home grown kit, without using a single foreign designed or sourced component or technology.

      Yeah, right.

      1. Anonymous Coward
        Anonymous Coward

        It's down to more probable scenarios. Any kind of "war" between US and UK is not probable now as it was 250 years ago. While a confrontation between US/UK/others and China is much more probable now. It may not be an open war, but the relations could deteriorate a lot - and having your main networks depending on hardware and software developed by a company in a country you may need to confront, isn't a great idea.

        It is true that you should not blindly trust allies either, but if you don't trust your allies at all, and prefer to trust enemies just because ideology, well, you'll end up to give your top jet engine technology to Stalin - one of the biggest mistake UK ever made.

        Anyway EU should develop its own networking capabilities to not depend on either US and China.

    2. OhThatGuy
      Trollface

      I thought this was about Huawei, not Cisco.

  4. martinusher Silver badge

    Don't confuse politics with engineering

    One of my complaints about modern technology is that it appears to have crossed the threshold to become 'magic' for many people. A company provides you with a piece of kit that does a job and somehow we're supposed to assume that there's absolutely no way for anyone to determine whether this kit is just doing the job or is doing a bit of extra spying on the side. This is nonsense; like the 'spy chip' that was supposed to be secretly embedded in Chinese made motherboards, its the sort of assertion that's made by someone who doesn't work in the field so has no real understanding about how things are built and tested.

    Politicians are for the most part technically ignorant. They take input from lobbyists and their cousins, the think tanks. They never really stop to think about the agenda these organizations have, or their technical bona fides, they just know that's where the money comes from. That's how they're able to come out with the most ridiculous things, they're led around by the nose. Its frustrating for technical people because nobody asks us, treating us as unreliable (see the typical media portrayal of a programmer or systems engineer), they just spout BS and so not only miss the point as they spout about 'the dangers' but also miss the point entirely about what really are potential dangers.

    The only satisfaction I'll get from the Huawei witchhunt is knowing that ultimately it will harm its proponents a lot more than it will bother that company. We are in a commercial and technical struggle for supremacy and our attempts to hold back the competition by legislative means is merely holding us all back, widening the gap until ultimately it will become too wide to bridge.

    1. stiine
      FAIL

      Re: Don't confuse politics with engineering

      You, sir, are apparently hard-of-thinking and short of memory.

      A short visit to this page:

      https://blogs.cisco.com/news/huawei-and-ciscos-source-code-correcting-the-record

      Of course, you can continue to believe what you want, its funnier that way..

      Here's an excerpt from a separate article from CNet from this URL:

      https://www.cnet.com/news/huawei-admits-to-a-little-copying/

      "Huawei's system contains text strings, file names and bugs identical to Cisco's source code,"

      They even copied the bugs....how stupid do you have to be?

      1. JetSetJim Silver badge

        Re: Don't confuse politics with engineering

        That just means the yanks knew how to access Huawei kit behind the scenes while they were using Cisco code

    2. as2003

      Re: Don't confuse politics with engineering

      How do you stop (or even detect) someone hiding a secret co-processor on the main CPU die?

      https://www.youtube.com/watch?v=_eSAF_qT_FY

      1. FHR

        Re: Don't confuse politics with engineering

        I thought this is about Huawei and not Intel.

    3. TonyJ Silver badge

      Re: Don't confuse politics with engineering

      "...One of my complaints about modern technology is that it appears to have crossed the threshold to become 'magic' for many people...

      I'm almost in agreement with this sentiment but I see it slightly differently - for me, certainly in the UK, we've gone from seeing engineering and science as worthwhile activities, from holding people with an interest in those fields to turning them into "weirdos".

      Look around - we've got people who want to be "famous" when they grow up. Not a famous singer, actor, sportsperson etc, but simply "famous".

      We laud men who can kick a ball around but can't string a sentence together as somehow being "heroic".

      With this in mind, is it really any wonder that people look at, say, a TV and think it's driven by magic and pixies?

      It's a rather sad indictment of our modern society.

      I saw a meme doing the rounds recently that went something like showing a picture of a EDL-type march and the caption "Yes Gary, Mohamed the brain surgeon is taking your job, you with your three GCSE's and all" (paraphrasing it, but you get the drift).

  5. Anonymous Coward
    Anonymous Coward

    Imaginary conspiracy?

    I know there are certain Chinese elements to be wary of, but this does rather smack of paranoia to me.

    1. A. Coatsworth
      Coat

      Re: Imaginary conspiracy?

      Paranoia?! we must keep the purity of our vital fluids 5G networks at any cost!

      I for one am glad to see our overlords are fending this new Red Menace with the same success McCarthy fought the last one.

    2. Voyna i Mor Silver badge

      Re: Imaginary conspiracy?

      It occurs to me that the reason for the accusations in the US may be that as Huawei has its own silicon made for it, to make a case that they are transferring US IP to Iran they need to make accusations of spying.

    3. as2003

      Re: Imaginary conspiracy?

      It may just be a handy excuse for what essentially amounts to economic sanctions, but it certainly has a whiff of hypocrisy. Does no one remember the NSA was slipping chips into Cisco gear, destined for foreign shores, not so long ago (and probably still does)?

  6. raving angry loony

    Evidence?

    There is far more evidence for American corporations handing over information to the American government than there is for Huawei spying. So either they're really, really good at it, so good that even tearing apart their kit hasn't revealed anything, or they aren't doing it.

    This is just American commercial warfare taken to a new level. So far all I've heard is lies and innuendo, but *nobody* has presented any actual evidence.

    The Chinese companies are eating America's lunch. They hate it when they aren't the ones winning.

    1. Chris G Silver badge

      Re: Evidence?

      If you look at how much 'American' kit is actually manufactured in China, I expect American Corporations are guilty of handing over a great deal more of American IP to China than Huawei could actually steal.

      1. Nathan11

        Re: Evidence?

        This is my take also. Where is the evidence? Who stands to lose the most? OH, the U.S technological stranglehold, you say. And they're just going to sit back and let this happen, are they? No, of course not, they will out-engineer the hell out this and regain their dominance, surely. Yeah right. Or they could just throw around enough spying allegations that some of it might stick. That would work too. And nobody would suspect a thing. Haa-ha-ha-ha-ha-ha-ha-haaaa... Wait, who are those kids over there? What's that dog doing?

  7. Anonymous Coward
    Anonymous Coward

    Everyone assumes that if they would do it

    Then every other country must be doing it.

    1. stiine

      Re: Everyone assumes that if they would do it

      You're unfotunately correct.

  8. Yes Me Silver badge
    WTF?

    The Bloomberg story...

    ...doesn't even have the whiff of a smoking gun. You get a sample of an alleged miracle product from a startup. Its claimed virtue is strength. You test it to destruction and therefore send it back broken, with a few slivers missing. What's the problem?

  9. IceC0ld Bronze badge

    Huawei cited a study of Chinese law by Clifford Chance that concluded the People's Republic does not oblige vendors to plant backdoors or other eavesdropping methods in telco equipment, and no sanctions exist against a company which has refused such a request.

    ====

    I doubt very much if ANY country has anything like that WRITTEN DOWN .....................

    and internal sanctions ........... China has a certain reputation in that direction, and then charging the family for the bullet used to 'execute' said sanction .............

    T - otally

    I - ndependant ?

    T - his

    S - pies

    U - nwanted

    P - erformance

    1. JetSetJim Silver badge

      So, all it says is "Chinese law will not punish you if you don't do what we ask", unwritten, it seems therefore feasible that Chinese equipment makers *will* be asked...

  10. Bitsminer

    Risk is not solid evidence

    "they have never substantiated these allegations with solid evidence"

    Risk is not about evidence. Risk is about the future, and the future is unknowable. However, being human, we like to think we know something about the future and so as not to look too stupid we call it "risk management" instead of fortune-telling.

    Huawei products are a risk because their products might be re-purposed to hacking, nation-state-spying, or telephone sanitizing. Same with Nokia or Ericsson kit.

    The question to be answered is: Do the Chinese state actors, with their very personal connections to the allegedly private Huawei corporation, pose a significantly higher threat than Finnish state actors with their strange language and preference for naked saunas? Well? Which is it?

  11. Walter Bishop Silver badge
    Terminator

    Room for improvement with Huawei product design processes.

    In the interests of security, the first thing Huawei should do is to remove hyperlinks and metadata from their PDF documents, this one was created with ApeosPort-IV C3373. This embedded URL http://purl.org/dc/elements/1.1/ points to a persistent URL that can be remotely redirected to a different resource, which means you have no real idea as to what it is opening. The second thing I would do is check the firmware in the ‘FujiXerox ApeosPort-IV C3373’. The third thing I would do is task someone for checking Huawei devices for security violations before shipping to the market.

  12. Anonymous Coward
    Anonymous Coward

    I got hacked by the Chinese once

    But half an hour later I was alright again.

  13. Streaker1506

    Enlightened times

    Remember, we in the UK once had an telecoms electronics industry. It was GEC Marconi and the main customer was BT

    The deal BT got from Huawei was too good and could never be matched by GEC. We all know what happened to GEC

    So, I believe Huawei were / are predatory and will do say or anything to get a contract. I would trust them as far as they could be thrown.

    My 2p worth

  14. Anonymous Coward
    Anonymous Coward

    Re: Puzzling

    I imagine the UK wouldn't allow Australian products in their network at all, seeing as we now have a law that specifically says the government can ask technology companies to include wiretap functionality in whatever products the government wants!

  15. Milton Silver badge

    Capabilities and Intentions

    It's possible that no one at any level in any Chinese-controlled company has the slightest intention of committing espionage ... but it doesn't matter.

    What matters is that China's regime is authoritarian, undemocratic, repressive and murderous, imprisoning citizens by the million and killing them by the thousand. That this huge and increasingly wealthy nation is engaging in a massive military buildup and demonstrates clear territorial expansionism. That it has a long history of stealing technological IP or compelling companies to "share" it, ignoring other nations' patent and copyright entitlements, along with a vast espionage apparatus and a track record of penetrating rivals' computer systems. That in such a country there is no such thing as a free and separate judiciary and that any citizen or organisation can be compelled to do whatever the state orders—and remain silent about it.

    The intent of Chinese organisations is irrelevant, because (a) the state's intent and control is absolutely clear and (b) the state has the capability itself, and through those people and organisations, to pursue its nefarious goals.

    In any remotely sensitive context (national or corporate security, IP, business confidentiality etc) you have to be aware of capabilities first and intentions second, and in that case you simply cannot allow yourself to depend upon any Chinese-controlled entity. And "depend upon" in this context clearly means allowing data or communications of any kind to touch Chinese-controlled equipment, services or software.

    The recent kerfuffle about supposed tiny spy-chips in motherboards may have been off the mark, but again, it didn't matter, because it is certainly possible for Chinese-controlled manufacturers to hide such devices in circuitry. If they had the opportunity to build spy-chips into equipment that might end up in, say western ballistic missile submarines, there is an argument that they would be foolish not to. And there are hundreds of such potential locations, ranging from government computers at the tax office to Lockheed (as if they had any secrets left) to Airbus to nuclear power stations to the national phone network.

    The intentions of the Chinese government have been clear for many years. Its capabilities are now the only thing that concerns us.

    So if you have a secret, or a process, that needs safeguarding—you do not use, at any point, anything that could be compromised by China.

    1. Anonymous Coward
      Anonymous Coward

      Re: Capabilities and Intentions

      I work in the industry, and have worked on Huawei, Infinera, Cisco and other fiber systems. The capability to eavesdrop is already there; and it's in everyone's gear. All vendors, at least in the more modern gear, can dial into the network and access every single node on the network. Right now we can tell when they are in, but it only needs a software update to change that. Or does it?

      The software may already be in there, allowing the vendor to log into the gear anonymously and select circuits to copy and send. The hardest part of this is physically getting the data out of the network undetected, but all the spy agency would need is to buy a few point to point circuits using a shell company. The gear could then mirror the data going across the selected circuit and send it down the second circuit. All modern fiber gear allows for remote provisioning, and allows for seamless 1:1 protection, so the hardware is already in place in a way that it would not be noticed. If the gear can be set to split and send data down two paths at once, it can be set to send it down a third. This is not a what-if. The gear allows for one circuit to be mirrored and sent down two separate paths, and the distant end receives both inputs and decides which to use, and is normally used by companies like stock traders and banks that can't afford to lose a single byte of data.

      It's not going to be easy to find, either. It's not like there's a big red plug on the boards that says "SPY MODULE". Any extra gear needed on the boards can be built in as extra components with their own circuit traces. Fiber optic gear is repaired by plucking and chucking cards, not by replacing components with a soldering iron. Defective cards get sent back for repair, so nobody outside the manufacturer really knows what all those components really do.

      It's also a lot easier to catch the US government spying than it is the Chinese government. The US government is far more open than the Chinese government, and the Chinese government is far more likely to imprison or execute you than the US government is. You can get shot for a minor governmental embarassment in China.

      Anon, not that it matters, because they can find me if they... hey, who are you? What are you doing in my

  16. This post has been deleted by its author

  17. darklord

    But what about other third parties in order to get information into the wrong hands.

    And if they are so sure they're doing nothing wrong why not apply for NCSC CIPS accreditation. for secure networks. Are they worried what will be discovered.

    If they get that then there's no reason anyone would question the possibility of back doors and data leakage from the devices

  18. Anonymous Coward
    Anonymous Coward

    Re: Imaginary conspiracy?

    It seems to me that part of the Americans' reasons for objecting to other countries using Huawei gear is that it implies the other country will use less American gear.

    And quite apart from the loss of revenue, that also means that there'll be less gear installed in the other country that has American spy malware built-in.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019