Huawei And The Dog That’s Not Barking

Huawei and the dog that's not barking

“Is there any point to which you would wish to draw my attention?”

“To the curious incident of the dog in the night-time.”

“The dog did nothing in the night-time.”

“That was the curious incident,” remarked Sherlock Holmes.

  — “Silver Blaze,” The Memoirs of Sherlock Holmes, Sir Arthur Conan Doyle

The United States is spearheading a multinational effort to destroy Huawei Technologies. Although Huawei is not well known to consumers in the US, Huawei is one of the largest tech companies in the world – the largest telecom equipment manufacturer and the second-largest smartphone manufacturer (ahead of Apple, behind Samsung). Its 2018 revenue exceeded $100 billion, and it employs nearly 200,000 people.

The US actions now cast doubt on the company’s ability to survive.

Our stated justification for punishing Huawei is a compelling need to protect US security against Chinese cyberthreats. Our government alleges that Huawei is “creating and exploiting vulnerabilities in information and communications technology and services . . . in order to commit malicious cyber-enabled actions, including economic and industrial espionage against the United States and its people.” According to the official explanations, it is a coincidence that this occurs while we are also pursuing a trade deal with China and possibly launching a trade war in the process.

Let me give you some background – and then explicitly point out the dog that’s not barking.

Background

Huawei is a Chinese company with a global presence. It makes consumer items, including top-rated phones and laptops. More importantly, it makes networking equipment relied on by many telecom operators worldwide. In our complex world, Huawei depends on technology and equipment supplied by US companies, just as US companies depend heavily on Huawei components. We’ll talk about some examples below where neither side has good alternatives. Huawei is one of the only worldwide suppliers capable of building the equipment for the next telecom upgrade to 5G wireless networks.

In the last 15 years, Huawei has faced a number of allegations of intellectual property and trade secret theft. I look at roundups like this (a compilation by the Wall Street Journal of alleged trade secret thefts by Huawei) and I don’t see anything shocking. Similar lists of misdeeds could be compiled about most of the large tech companies in the last 15 years, including Chinese companies like Lenovo. Many lawyers have made very nice livings from the endless lawsuits among Apple, Samsung, Qualcomm, Intel, and many others, all claiming that engineers have been poached and intellectual property has been stolen and patents have been infringed. But, okay, let’s say Huawei plays fast and loose to obtain some of its tech.

Huawei is not in the news because it allegedly steals trade secrets.

US government officials allege that Huawei networking equipment, phones, and laptops are a cybersecurity risk because Huawei has inserted backdoors that allow the company to do surveillance for the Chinese government, or to take control of the equipment or shut it down remotely. The US alleges that Huawei is effectively controlled by China’s ruling Communist Party, doing the bidding of the Chinese government or prepared to do it on demand.

The official US attitude towards Huawei has been fairly hostile for years. There was one striking moment at CES in January 2018 when Huawei intended to boost its US presence by announcing a partnership with AT&T. Huawei had blanketed Las Vegas with advertising for the Mate 10 phone. Literally minutes before the press conference, AT&T cancelled the deal, almost certainly due to US government pressure, leading Huawei’s CEO to take the stage and deliver a passionate, angry defense of Huawei – a “rare moment of sincere emotion,” in the words of The Verge.

The US has been pressing allies to stop using Huawei telecommunications equipment because Huawei is a security threat. Earlier this year New Zealand and Australia prevented telecom companies from using Huawei equipment, and UK telecom company BT said it would no longer buy Huawei equipment.

The US effort came to a head on May 15 when President Trump declared a national economic emergency, not calling out Huawei by name but imposing restrictions against “foreign adversaries” who pose “unacceptable risks” to national security. The same day, the US Department of Commerce completely barred U.S. companies from doing business with Huawei without government permission.

Almost immediately, US companies froze shipments to Huawei. Google suspended Huawei’s use of the Android operating system for phones. (Technical nitpicking: Google removed Huawei’s ability to certify its Android phones for licensed Google mobile services like the Play Store and Google apps, and restricted Huawei phones from obtaining updates from Google. It might be possible for Huawei to build an independent OS for its phones, or to install an open-source Android OS without Google services.)

Broadcom, Intel, Qualcomm, and Western Digital froze shipments to Huawei. German company Infineon Technologies suspended its business with Huawei. Japanese company Arm Holdings barred Huawei from manufacturing chips under the ARM architecture. The SD Association revoked Huawei’s membership, preventing the company’s use of SD cards. Toshiba suspended all shipments to Huawei. Today a new report confirmed that Microsoft has stopped cooperating with Huawei and has moved its Huawei services team out of its Shenzhen-based headquarters.

What are the consequences of declaring that Huawei is a cybersecurity threat?

The Verge says Huawei’s global phone business will be “decimated” without Google’s Android. “There’s no possible upbeat scenario.”

Huawei’s computers run Windows 10 — and the blacklisting means Huawei can’t use Windows 10. The ban has the potential to kill Huawei’s laptop business.

American companies such as NVIDIA and Qualcomm make chips that go in Huawei devices. Those companies are required to stop working with Huawei. Huawei claims to have stockpiled chips and other vital components to continue manufacturing network equipment for a few months and may be able to find some alternatives from European and Japanese suppliers. Nonetheless, US companies control so much core technology that Huawei’s business may not be able to survive an extended period without access to designs and parts from Qualcomm, Intel, and other US suppliers.

The harm goes both directions. There are at least three areas where US interests will be directly harmed.

  •  US companies will lose the revenue from sales to Huawei.

  •  Rural telecom companies say they’ll actively be harmed by a ban on this cheaper Huawei hardware, since the lower costs help them better compete with larger U.S. rivals. According to the Los Angeles Times, “Rural broadband carriers could be forced to rip out and replace entire networks because they wouldn’t be able to import spare parts or software updates to maintain infrastructure. . . . In a series of filings to the FCC, the Rural Broadband Coalition argued the ban would force many small rural broadband providers into bankruptcy.” That hurts farmers and agriculture companies.

  •  Huawei is at the forefront of designing technology and supplying parts for 5G networks. Eventually other companies can step up but there are open questions about how to roll out 5G without Chinese technology.

What is the evidence that Huawei might be a cybersecurity threat?

All the evidence that Huawei is a cybersecurity threat

The above photo shows all of the evidence.

Cute. But seriously, what makes us think Huawei equipment might have backdoors for the Chinese government?

Nothing.

Stop it.

It’s tough to prove a negative, and it’s particularly hard to get firm answers about cybersecurity. For a variety of reasons, the national cyber wars are largely being fought in the shadows. The reports that surface tend to be based on a mixture of facts, informed speculation, official announcements, and off the record conversations. Sometimes we get hints from evasions, ambiguous answers to questions, and attempts to change the subject.

Today there is a lot of information available about active cyberthreats in all corners of the world. We know that Sony was taken down by hackers, and we have quite a lot of information from largely off the record conversations suggesting that North Korea was responsible for the attack. We know that China and Russia have worked diligently to install backdoors into control centers for utilities, hospitals, airports, and other facilities in the United States, just as we have been doing the same thing against those countries and others. Journalists like David Sanger can write books bringing together information from thousands of sources with closely observed details of the cyber attacks going on behind the scenes.

There is none of that – absolutely nothing – that suggests Huawei has built backdoors into its hardware, or that it has intentionally left backdoors in the software and firmware that could be updated in the future to send information back to China.

In 2012 the US government found no evidence that Huawei had spied for China after an 18-month review and detailed questioning of a thousand telecom equipment buyers.

Thousands of security companies and network engineers are tearing down Huawei equipment looking for chips with unexplained characteristics, suspicious network traffic, unexplained parts, anything that would permit the devices to be used or misused in an unexpected way. There is no suggestion from anywhere at any level that anything like that exists.

Tens of thousands of journalists worldwide talk to people at every level of government and private industry, on the record and off the record, looking for clues – a disgruntled employee, a concerned engineer, an executive in an unguarded moment, anything that would suggest that there are real concerns behind the scenes about security. There is nothing. Literally, not one person has suggested that our concern about security is based on any thing other than complete fabrication out of thin air.

This is reminiscent of the peculiar BusinessWeek article 6 months ago alleging that a Chinese motherboard manufacturer had inserted chips that could spy on US companies and send information back to the Chinese government. No evidence has emerged to support that story. Like that story, the allegations about Huawei only support two interpretations:

(1) The US government, other world governments, and US tech companies and manufacturers are aware of facts about Huawei that are so chilling that for our own safety they must be kept completely secret. If we knew the truth, it would awaken the ancient god Cthulhu and our civilization would collapse into an endless dark horror. The secrets are being held so closely that all previous efforts to keep secrets pale by comparison.

Or, (2) it’s all made up. We are lying to support a protectionist trade war, and possibly destroying one of the largest tech companies in the world (and harming US consumers, US tech companies, US manufacturers, US telecoms, and US farmers) as collateral damage.

We don’t know why Google, Qualcomm, and the other companies immediately complied with the emergency order without any hint of misgivings. Perhaps they’ve been given the secret evidence that shows Huawei is a real threat. But perhaps we got a glimpse of the answer when President Trump contradicted himself in comments at a press conference shortly after signing the emergency order. This was all said in one breath; I’ve separated a single quote to make it obvious that the two remarks are incompatible.

“Huawei is something that’s very dangerous. You look at what they’ve done from a security standpoint, from a military standpoint, it’s very dangerous.

“So, it’s possible that Huawei even would be included in some kind of a trade deal. If we made a deal, I could imagine Huawei being possibly included in some form of, or some part of a trade deal.”

Security threats by the Chinese government against the United States do not get negotiated away for a trade deal. If Huawei was a threat before the deal, it will be just as much of a threat afterwards. If we are threatening to destroy a huge tech company, and causing collateral worldwide damage to everything from tech companies to farmers, for no reason except protectionist posturing to support an expanded trade war, it will be catastrophic for US credibility.