30 Jan 2019
Huawei has blown the trust that's needed in high technology
By Tom Uren
Huawei's alleged behaviour coupled with the Chinese government's wide-ranging commercial espionage are eroding trust in the global supply chain. Rebuilding this trust will take work.
Two sensational indictments unsealed on Tuesday paint a picture of Huawei acting with utter disregard for laws and agreements in pursuit of commercial advantage. In one indictment Meng Wanzhou, Huawei's CFO and company founder's daughter is charged with deliberately lying about the company in order to subvert US trade sanctions against Iran. In the second, it's alleged Huawei was concertedly trying to steal technology from 'Tappy', a smartphone testing robot owned by US telecommunications operator T-mobile.
Both indictments say Huawei intentionally broke US laws and then covered its tracks by destroying and concealing evidence, or by conducting internal 'investigations' that minimised the crimes, used individual employees as scapegoats and tried to absolve the company itself of wrongdoing.
Strikingly, this alleged pattern of wrongdoing and concealment is very similar to ZTE's behaviour. ZTE, another Chinese telecommunication equipment manufacturer, was found to be violating sanctions and selling US technology to Iran in the early 2010s. Even while it was being investigated by US law enforcement, ZTE engaged in ever-more elaborate schemes to hide continuing sales to Iran, including using new partners to sell to Iran, lying to US investigators, and deleting and sanitising Iran-related records from its accounting database.
This pattern of amoral deception is concerning for companies that could be placed at the heart of our telecommunications networks. But the risk involved is exponentially increased because these companies can be pressured and compelled by the Chinese Communist Party, which believes that Chinese companies and even Chinese people exist to support the Party.
China has conducted espionage to gather government and military secrets—what Western governments would consider 'legitimate' espionage—but also espionage in search of trade secrets and commercial-in-confidence material from Western companies such as BHP, Rio Tinto, Fortescue Metals, Yahoo, Google and many more. A single hack of Rio Tinto is reported to have cost them £800 million in lost revenue because of "commercial disadvantage in contractual negotiations". From China's point of view commercial espionage could be viewed as important to maintain a growing economy, critical to keeping the population employed and happy and therefore crucial to national security.
It is all about trust.
Our relationship with technology relies on faith and the trust that our phones, gadgets and computers will do only what we expect. We must rely on trust or blind faith because information technology is so complex that it is difficult if not impossible to prove that products won't do what they shouldn't. How can you prove that your smartphone won't accidentally send your personal photos to your contacts? Mostly, we have to trust that this won't happen as we can't prove it beforehand.
Unfortunately for Huawei and ZTE their behaviour and that of the Chinese government—their wide-ranging commercial espionage, and laws that compel companies to assist in intelligence efforts—has eroded the unquestioning trust that once existed.
Since Australia made the decision to ban Huawei from its 5G network a number of other countries have either followed suit or expressed reservations including New Zealand, Japan, Germany, and Czechoslavakia.
But 5G and telecommunications are merely the thin edge of the wedge. The global debate over Huawei and 5G networks makes it clear that we no longer exist in a world where we can trust in the products we buy as an article of faith. How can we trust any technology product when the heart of the global electronics supply chain is in China?
Both governments and companies have a role here.
Governments need to step in and assess equipment when there are broad-based security concerns about critical and important services that underpin the Australian economy. The debate about Huawei being involved in the 5G network is a good example; for any individual Australian the threat represented by Huawei's involvement is not high, but as a community we absolutely need a robust and secure telecommunications network for our future. Government also needs to lead efforts on how to build transparency and trust with foreign manufacturers and suppliers.
Companies need to understand and manage the risk exposure that comes with technology products they use—and not just those that are manufactured in China. Some collaboratively developed software, known as open source software, can provide companies with low-cost robust software, and is widely used across many industries. But this software can be insecure, or can be quietly modified without oversight such that some of these open source software projects have been hijacked to steal personal data or credit card details. With a holistic consideration of the costs and benefits many of these risks can be sensibly managed once they are identified.
Beyond understanding their own risk companies also need to be transparent and communicate how they are dealing with these risks. This transparency will provide consumers and clients with some confidence that due diligence has been done, and that sensible mitigations are in place. In other words, transparency will build trust.