Huawei, you could enhance your credibility if you had your kit banned in China.
Huawei has admitted "room for improvement" in its product design processes in an open letter to the UK Parliament – but strongly refuted allegations of spying. The five-page letter (PDF) from Ryan Ding, Huawei's carrier business group (CBG) president, states that Huawei's commercial reputation would be destroyed if it was …
Wednesday 6th February 2019 17:31 GMT Voyna i Mor
Much as I detest the Iranian government, the US attempt to carry out a trade war against Iran by bullying other countries into submission is despicable.
Also, they know no history. Napoleon's Continental System (a trade war against Britain) not only was ineffective but in the end turned other countries against him.
Thursday 7th February 2019 03:57 GMT Anonymous Coward
Thursday 7th February 2019 08:07 GMT TonyJ
Friday 8th February 2019 00:34 GMT Bumpy Cat
Re: @Yoyna i Mor Iran
Britain and BP had a hand in the ousting of Mossadegh in 1953 (along with the US, the Iranian military *and* the Iranian Islamic leadership, although the latter are curiously quiet on that point nowadays).
The toppling of the Shah in 1979 was pretty much an internal affair, by leftists/communists/Islamists. The Islamists proceeded to murder all the leftists and communists, leaving just the ayatollahs in charge.
Thursday 7th February 2019 08:54 GMT Anonymous Coward
"the US attempt to carry out a trade war against Iran"
With Iran, is not a trade war. It's the fear their nuclear program could alter the region status quo - and it already used the Syrian disaster to expand its influence -, and become a real menace for Israel - which is anyway the only trusted US ally in the region. Sanctions are aimed at hindering the nuclear program.
If they are more effective than the agreement reached previously is questionable - but anyway it's not a "trade war", it's a "cold war".
Actually, Iran has little to export beyond oil, while there are a lot of money to be made selling the much needed goods and services it needs, and US sanctions hurt a lot of Western industries too.
Yet sanctions are a double edged sword - they can also alienate those people who don't agree with their government.
Wednesday 6th February 2019 17:47 GMT Anonymous Coward
Surely the issue isn't what they're currently doing or have done in the past but what they could have the potential to do in the future? If their products are substantially embedded in all these 5G networks around the world, what happens one day if relations between China and western countries significantly deteriorates potentially to the point of war? I can't see them telling the Chinese government that they're unable to do anything because it'll hurt their reputation.
I'm not saying it will ever happen (and I hope it never does) but it's not completely beyond the realms of possibility. It would make sense in that case to at least spread the risk a bit instead of one company having a near monopoly.
Wednesday 6th February 2019 18:30 GMT MiguelC
Thursday 7th February 2019 08:36 GMT Anonymous Coward
It's down to more probable scenarios. Any kind of "war" between US and UK is not probable now as it was 250 years ago. While a confrontation between US/UK/others and China is much more probable now. It may not be an open war, but the relations could deteriorate a lot - and having your main networks depending on hardware and software developed by a company in a country you may need to confront, isn't a great idea.
It is true that you should not blindly trust allies either, but if you don't trust your allies at all, and prefer to trust enemies just because ideology, well, you'll end up to give your top jet engine technology to Stalin - one of the biggest mistake UK ever made.
Anyway EU should develop its own networking capabilities to not depend on either US and China.
Wednesday 6th February 2019 19:57 GMT martinusher
Don't confuse politics with engineering
One of my complaints about modern technology is that it appears to have crossed the threshold to become 'magic' for many people. A company provides you with a piece of kit that does a job and somehow we're supposed to assume that there's absolutely no way for anyone to determine whether this kit is just doing the job or is doing a bit of extra spying on the side. This is nonsense; like the 'spy chip' that was supposed to be secretly embedded in Chinese made motherboards, its the sort of assertion that's made by someone who doesn't work in the field so has no real understanding about how things are built and tested.
Politicians are for the most part technically ignorant. They take input from lobbyists and their cousins, the think tanks. They never really stop to think about the agenda these organizations have, or their technical bona fides, they just know that's where the money comes from. That's how they're able to come out with the most ridiculous things, they're led around by the nose. Its frustrating for technical people because nobody asks us, treating us as unreliable (see the typical media portrayal of a programmer or systems engineer), they just spout BS and so not only miss the point as they spout about 'the dangers' but also miss the point entirely about what really are potential dangers.
The only satisfaction I'll get from the Huawei witchhunt is knowing that ultimately it will harm its proponents a lot more than it will bother that company. We are in a commercial and technical struggle for supremacy and our attempts to hold back the competition by legislative means is merely holding us all back, widening the gap until ultimately it will become too wide to bridge.
Wednesday 6th February 2019 22:52 GMT stiine
Re: Don't confuse politics with engineering
You, sir, are apparently hard-of-thinking and short of memory.
A short visit to this page:
Of course, you can continue to believe what you want, its funnier that way..
Here's an excerpt from a separate article from CNet from this URL:
"Huawei's system contains text strings, file names and bugs identical to Cisco's source code,"
They even copied the bugs....how stupid do you have to be?
Thursday 7th February 2019 03:57 GMT as2003
Thursday 7th February 2019 08:12 GMT TonyJ
Re: Don't confuse politics with engineering
"...One of my complaints about modern technology is that it appears to have crossed the threshold to become 'magic' for many people...
I'm almost in agreement with this sentiment but I see it slightly differently - for me, certainly in the UK, we've gone from seeing engineering and science as worthwhile activities, from holding people with an interest in those fields to turning them into "weirdos".
Look around - we've got people who want to be "famous" when they grow up. Not a famous singer, actor, sportsperson etc, but simply "famous".
We laud men who can kick a ball around but can't string a sentence together as somehow being "heroic".
With this in mind, is it really any wonder that people look at, say, a TV and think it's driven by magic and pixies?
It's a rather sad indictment of our modern society.
I saw a meme doing the rounds recently that went something like showing a picture of a EDL-type march and the caption "Yes Gary, Mohamed the brain surgeon is taking your job, you with your three GCSE's and all" (paraphrasing it, but you get the drift).
Wednesday 6th February 2019 19:59 GMT Anonymous Coward
Wednesday 6th February 2019 21:25 GMT raving angry loony
There is far more evidence for American corporations handing over information to the American government than there is for Huawei spying. So either they're really, really good at it, so good that even tearing apart their kit hasn't revealed anything, or they aren't doing it.
This is just American commercial warfare taken to a new level. So far all I've heard is lies and innuendo, but *nobody* has presented any actual evidence.
The Chinese companies are eating America's lunch. They hate it when they aren't the ones winning.
Wednesday 6th February 2019 21:44 GMT Chris G
Thursday 7th February 2019 13:10 GMT Nathan11
This is my take also. Where is the evidence? Who stands to lose the most? OH, the U.S technological stranglehold, you say. And they're just going to sit back and let this happen, are they? No, of course not, they will out-engineer the hell out this and regain their dominance, surely. Yeah right. Or they could just throw around enough spying allegations that some of it might stick. That would work too. And nobody would suspect a thing. Haa-ha-ha-ha-ha-ha-ha-haaaa... Wait, who are those kids over there? What's that dog doing?
Wednesday 6th February 2019 22:36 GMT Anonymous Coward
Thursday 7th February 2019 00:01 GMT Yes Me
Thursday 7th February 2019 00:23 GMT IceC0ld
Huawei cited a study of Chinese law by Clifford Chance that concluded the People's Republic does not oblige vendors to plant backdoors or other eavesdropping methods in telco equipment, and no sanctions exist against a company which has refused such a request.
I doubt very much if ANY country has anything like that WRITTEN DOWN .....................
and internal sanctions ........... China has a certain reputation in that direction, and then charging the family for the bullet used to 'execute' said sanction .............
T - otally
I - ndependant ?
T - his
S - pies
U - nwanted
P - erformance
Thursday 7th February 2019 01:07 GMT Bitsminer
Risk is not solid evidence
"they have never substantiated these allegations with solid evidence"
Risk is not about evidence. Risk is about the future, and the future is unknowable. However, being human, we like to think we know something about the future and so as not to look too stupid we call it "risk management" instead of fortune-telling.
Huawei products are a risk because their products might be re-purposed to hacking, nation-state-spying, or telephone sanitizing. Same with Nokia or Ericsson kit.
The question to be answered is: Do the Chinese state actors, with their very personal connections to the allegedly private Huawei corporation, pose a significantly higher threat than Finnish state actors with their strange language and preference for naked saunas? Well? Which is it?
Thursday 7th February 2019 02:22 GMT Walter Bishop
Room for improvement with Huawei product design processes.
In the interests of security, the first thing Huawei should do is to remove hyperlinks and metadata from their PDF documents, this one was created with ApeosPort-IV C3373. This embedded URL http://purl.org/dc/elements/1.1/ points to a persistent URL that can be remotely redirected to a different resource, which means you have no real idea as to what it is opening. The second thing I would do is check the firmware in the ‘FujiXerox ApeosPort-IV C3373’. The third thing I would do is task someone for checking Huawei devices for security violations before shipping to the market.
Thursday 7th February 2019 08:04 GMT Streaker1506
Remember, we in the UK once had an telecoms electronics industry. It was GEC Marconi and the main customer was BT
The deal BT got from Huawei was too good and could never be matched by GEC. We all know what happened to GEC
So, I believe Huawei were / are predatory and will do say or anything to get a contract. I would trust them as far as they could be thrown.
My 2p worth
Thursday 7th February 2019 10:13 GMT Anonymous Coward
Thursday 7th February 2019 10:23 GMT Milton
Capabilities and Intentions
It's possible that no one at any level in any Chinese-controlled company has the slightest intention of committing espionage ... but it doesn't matter.
What matters is that China's regime is authoritarian, undemocratic, repressive and murderous, imprisoning citizens by the million and killing them by the thousand. That this huge and increasingly wealthy nation is engaging in a massive military buildup and demonstrates clear territorial expansionism. That it has a long history of stealing technological IP or compelling companies to "share" it, ignoring other nations' patent and copyright entitlements, along with a vast espionage apparatus and a track record of penetrating rivals' computer systems. That in such a country there is no such thing as a free and separate judiciary and that any citizen or organisation can be compelled to do whatever the state orders—and remain silent about it.
The intent of Chinese organisations is irrelevant, because (a) the state's intent and control is absolutely clear and (b) the state has the capability itself, and through those people and organisations, to pursue its nefarious goals.
In any remotely sensitive context (national or corporate security, IP, business confidentiality etc) you have to be aware of capabilities first and intentions second, and in that case you simply cannot allow yourself to depend upon any Chinese-controlled entity. And "depend upon" in this context clearly means allowing data or communications of any kind to touch Chinese-controlled equipment, services or software.
The recent kerfuffle about supposed tiny spy-chips in motherboards may have been off the mark, but again, it didn't matter, because it is certainly possible for Chinese-controlled manufacturers to hide such devices in circuitry. If they had the opportunity to build spy-chips into equipment that might end up in, say western ballistic missile submarines, there is an argument that they would be foolish not to. And there are hundreds of such potential locations, ranging from government computers at the tax office to Lockheed (as if they had any secrets left) to Airbus to nuclear power stations to the national phone network.
The intentions of the Chinese government have been clear for many years. Its capabilities are now the only thing that concerns us.
So if you have a secret, or a process, that needs safeguarding—you do not use, at any point, anything that could be compromised by China.
Sunday 10th February 2019 05:42 GMT Anonymous Coward
Re: Capabilities and Intentions
I work in the industry, and have worked on Huawei, Infinera, Cisco and other fiber systems. The capability to eavesdrop is already there; and it's in everyone's gear. All vendors, at least in the more modern gear, can dial into the network and access every single node on the network. Right now we can tell when they are in, but it only needs a software update to change that. Or does it?
The software may already be in there, allowing the vendor to log into the gear anonymously and select circuits to copy and send. The hardest part of this is physically getting the data out of the network undetected, but all the spy agency would need is to buy a few point to point circuits using a shell company. The gear could then mirror the data going across the selected circuit and send it down the second circuit. All modern fiber gear allows for remote provisioning, and allows for seamless 1:1 protection, so the hardware is already in place in a way that it would not be noticed. If the gear can be set to split and send data down two paths at once, it can be set to send it down a third. This is not a what-if. The gear allows for one circuit to be mirrored and sent down two separate paths, and the distant end receives both inputs and decides which to use, and is normally used by companies like stock traders and banks that can't afford to lose a single byte of data.
It's not going to be easy to find, either. It's not like there's a big red plug on the boards that says "SPY MODULE". Any extra gear needed on the boards can be built in as extra components with their own circuit traces. Fiber optic gear is repaired by plucking and chucking cards, not by replacing components with a soldering iron. Defective cards get sent back for repair, so nobody outside the manufacturer really knows what all those components really do.
It's also a lot easier to catch the US government spying than it is the Chinese government. The US government is far more open than the Chinese government, and the Chinese government is far more likely to imprison or execute you than the US government is. You can get shot for a minor governmental embarassment in China.
Anon, not that it matters, because they can find me if they... hey, who are you? What are you doing in my
Friday 8th February 2019 11:24 GMT darklord
But what about other third parties in order to get information into the wrong hands.
And if they are so sure they're doing nothing wrong why not apply for NCSC CIPS accreditation. for secure networks. Are they worried what will be discovered.
If they get that then there's no reason anyone would question the possibility of back doors and data leakage from the devices
Friday 8th February 2019 17:10 GMT Anonymous Coward
Re: Imaginary conspiracy?
It seems to me that part of the Americans' reasons for objecting to other countries using Huawei gear is that it implies the other country will use less American gear.
And quite apart from the loss of revenue, that also means that there'll be less gear installed in the other country that has American spy malware built-in.