#1263339: No backdoor, no backdoor... you're a backdoor! Huawei won't spy for China or anyone else, exec tells MPs
The UK Parliament’s Science and Technology Select Committee yesterday asked experts whether Huawei poses a threat to national security. It was a question the answers to which exposed the many problems with trying to ban a manufacturer that’s been a part of the country’s telecommunications landscape for nearly two decades.
The main event involved the grilling of John Suffolk, Global Cyber Security and Privacy Officer at Huawei - and a former UK government CIO. Norman Lamb MP, chairman of the Commons select committee, kicked off the proceedings by asking the executive about Huawei's involvement with governments that have records of corruption and human rights abuses – zeroing in on the government of the Xinjiang region of China, which is a customer of Huawei and has been widely reported to carry out illegal detention of Muslim citizens.
Suffolk replied that Huawei was operating in 170 countries, and was always following local laws, without “creating moral judgements.”
Lamb went as far as to claim Huawei was “complicit” in human rights violations, and, of course, the Chinese state was compared to Nazi Germany – you can’t escape Godwin's law, even offline. Some of the other wonderful things mentioned, as the session went on, included gas chambers and the poisonous gas Zyklon B.
Next, politicians went straight to the core of the Huawei question: whether it could resist potential attempts by the Chinese state to modify or backdoor its equipment so that it can be used to covertly spy on foreigners abroad.
“We’re quite clear, and it’s quite proven, we’re an independent company,” Suffolk answered. "No one can put us under pressure – we’ve made it very clear, regardless of who the country would be, if we were put under any pressure by any country that we felt was wrong, we would prefer to close the business."
"That we felt was wrong" is an interesting caveat, we note: if Huawei felt the pressure was justified, would it be happy installing a backdoor? And wouldn't it be ordered to deny the bug's existence? In any case, according to the Huawei man, the much-cited requirement to cooperate with Chinese secret services, and install backdoors in networking gear on demand, simply didn’t exist.
“There are no laws in China that obligate us to work with the Chinese government on anything whatsoever," Suffolk continued. "We have looked at all of the Chinese laws: we have taken on board professors in Chinese law, and we had their views validated via Clifford Chance in London, and there is no requirement on us or any other company to undertake what you’re suggesting.
“We’ve had to go through a period of clarification with the Chinese government that have come out and made it quite clear that it’s not a requirement on any company.”
Suffolk said Huawei has never built any security holes into its software, but vulnerabilities in the equipment maker's firmware have emerged, and required regular doses of patches – just like any other kind of software. He then explained the role of the Huawei Cyber Security Evaluation Centre (HCSEC) that attempts to squash the bugs in its software.
“Our model is this: we allow any country and any company to come and review and inspect our products," said Suffolk. "Not because we expect them to find 100 per cent of the issues, because if we did that, we wouldn’t be in the telecommunications business, we would be in the software engineering business.
“Because we believe passionately that the more people are looking, the more people are inspecting and poking and prodding, the more chance you have to find something.
“We want people to find things – whether they find one thing or 100. We are not embarrassed by what people find. We stand naked in front of the world and it may not be a pretty sight most of the time, but we would prefer to do that because it enables us to improve our products."
Suffolk also remarked on the complexities of the modern supply chain: “Only about 30 per cent of the components in a Huawei product are Huawei’s – the rest come from the global supply chain. We inspect that global supply chain, by coming in at manufacturing, taking them apart and we check. We are building in segregation of duties, so one person doesn’t have access to all of the products. We limit what engineers can do – so whenever we have a part of the process, we looked to build controls into everything we do, and HCSEC is one of those controls.”
In conclusion, he reiterated that Huawei “has never been asked by the Chinese government, or any other government, to do anything that might weaken security.”
|Date added||June 12, 2019, 7:31 p.m.|