In a CNBC interview, Huawei USA Chief Security Officer and former Department of Homeland Security top cybersecurity official Andy Purdy told the news outlet that Huawei is no more a threat to the US than other foreign companies such as Nokia and Ericsson are. This statement has been made after hearing the congressional rule in the Defense Authorization Act of 2018 that will become effective on Wednesday.
Andy Purdy says that the there has been no evidence of wrongdoing on Huawei’s part and that the US should have a risk mitigation program with Huawei as it does with Nokia and Ericsson, companies that both have deep ties to the Chinese state. Germany and the United Kingdom are trying to work with Huawei in their countries. Just recently, the United Kingdom turned down the consideration of a national Huawei Ban.
Purdy was asked about Huawei being a privately owned firm and the owner of Huawei. Purdy responded that Huawei is a privately owned company and that CEO Ren Zhengfei owns about 2% of the company, though he didn’t give any further details about who owns the majority stock in Huawei.
Andy Purdy says that the US does business with Nokia and Ericsson, both of which have “deep ties” to China, and that Huawei is somehow unfairly treated though it is no more a threat than those companies.
But Huawei is more of a threat. Nokia CTO Marcus Weldon has said on record that Nokia couldn’t compete in China because of Huawei’s government subsidies. Beijing has an unhealthy affinity for Huawei, and Huawei’s favorite status is the problem. Beijing wouldn’t love Huawei if Huawei didn’t advance Beijing’s interests, including espionage.
Purdy speaks as an American when he says that cybersecurity is important and that the US must be vigilant with regard to all of it, not just focus on Huawei. And while that is true, Huawei is a problem that won’t go away. Congress is passing the rule from the Defense Authorization Act of 2018 because of Huawei’s dominance in the telecom industry.
The Defense Authorization Act allows companies that must eliminate their Huawei equipment to receive funds to purchase new equipment. It’s no secret that Huawei prices its telecoms equipment affordably in order to compete with other companies — and it’s winning the price war.
But it is the company’s ties to Beijing that make Huawei dangerous. The company’s name is Chinese, meaning Hua (China) + Wei (advancement) = “the advancement of China.” The company that is all about China’s advancement is the same company that has deep ties to the People’s Liberation Army (PLA).
The PLA is a tool of the Chinese government, and Huawei’s military projects show that the company, though private, is all tangled up in public affairs. The government subsidies it receives shows that, despite its private status, Huawei still has government support in what it does — which could prove problematic for international Huawei clients down the line.
There are no known examples where Huawei has spied on US citizens for any malevolent or suspicious reasons. And if some countries and American citizens are looking for that concrete evidence, they won’t find much. However, it isn’t about what Huawei has done yet but the potential to do espionage down the line that must be used to make a proactive decision about the company beforehand.
One doesn’t wait until a hurricane strikes to assess the seriousness of a hurricane, barrel down store windows, and buy food and water supplies to hunker down through the storm. In the same vein, if Huawei could prove to be a problem down the road (and the state-supported company could, seeing that Huawei is the top phone maker in China), then it doesn’t make sense to wait until after espionage has been committed to say, “See, we’ve found the evidence.” Prevention must be done beforehand, which means that one cannot wait to find the evidence to act on risk and probability thereof.
One issue with Huawei concerns its software loopholes and vulnerabilities. Huawei says that it doesn’t intend to spy on American citizens, nor has it, but does the company intend to spy on Chinese citizens? Espionage is at play here, as the Huawei-backed Huawei Cyber Security Evaluation Centre (HCSEC) discovered earlier this year that Huawei still maintains software loopholes and vulnerabilities from its report a year earlier.
This is problematic because it combines with Finite State’s report about potential backdoors in 55% of Huawei mobile devices. Why keep all these potential backdoors and loopholes instead of fixing them?
If someone is told that they have a fallen power line, and it could endanger neighbors, visitors, innocent guests to their home, why wouldn’t the individual call the electricity company to come repair it? If a neighbor knows his tree is on the line between his home and his neighbors, and that, in a terrible hurricane or tornado, the tree could fall on his neighbor’s home and hurt it, why wouldn’t he call someone to cut down the tree?
When someone is made aware of a life risk and fails to take care of it, he or she is guilty of injury and death due to neglect. The same can be said for Huawei: its software vulnerabilities make it guilty of neglect and, in the case of Beijing’s decision, espionage.