In China

September 8th, 2013 at 4:00 pm by David Farrar

Later today I fly to Hong Kong, and then drive into where I’ll be a guest of Huawei for five days. Their NZ arm invited me over to have a look at their operations, see some of their 4G networks in operation etc.

Huawei is now the largest manufacturer of telecommunications gear in the world. They have around 140,000 staff and annual sales of US$22 US$35 billion. Their customers include BT, Vodafone, Motorola, France Telecom and closer to home I think they are suppliers to almost every telco – Telecom, Vodafone, 2 degrees and Chorus.

Now some readers may be aware that parts of the US Government have alleged Huawei is a security risk, and their equipment allows the Chinese Government and the Chinese People’s Liberation Army access to any data on their networks.

There has never been any evidence of this, and personally my feeling is that this is more de facto trade protectionism from some US companies, trying to get rid of a competitor. Why do I think this? Well, take it in four parts – willingness, ability, secrecy and impact.

In terms of willingness, do I think the Chinese Government would have any ethical concerns about using a company to grab some unauthorised data. Absolutely not.

But the next question, is can you actually design equipment with a secret back door, that none of your customers can detect, and they don’t notice unauthorised data flowing through their networks.  I’m not an expert, but I don’t think it is that easy to do.

The big issue for me, where the theory falls down is how many people would have to be involved in the conspiracy for a major billion dollar company to be a front for the PLA. It would be at least 500 to 1,000 people. This couldn’t be done by one or two people. And my hard and fast rule is that any conspiracy that involves more than two people inevitably leaks out. Frankly it is the realms of fantasy to think an entire company could be installing secret back doors and not a single person would ever reveal the truth.

The fourth and final factor is impact. I’d say the economic success of Huawei is worth far far more to China, than any data they might pick up if there was some secret back door. If there was a secret back door, and it got discovered, it would destroy the company overnight. They’d lose every contract they have, and a $20 billion a year company would be worthless. So would you rationally make that choice?

As it happens I have a session with their head of security, and if any readers have questions they want me to ask, feel free to suggest them below.

Anyway the security issue is for me a bit of a red herring. I understand neither the NZ Government, or its security agencies, have found any justification for them at all. I only mentioned them here, as I’m sure people would raise it if I didn’t. The fact every telco in NZ uses Huawei speaks volumes. I’m a big believer in free markets and think it is great companies like Cisco and Alcatel-Lucent have vigorous competition. Consumers are the winners when you have competitive markets.

Now somewhat ironically, I’m not sure how much I’ll be able to blog while in China. Last time I was there in Beijing a few years ago, Kiwiblog seemed to be on the blocked list for the Great Firewall of China. So if you don’t see any blog posts for a while, that is why. However also in Hong Kong for a bit, so definitely will be able to do updates from there.

Tags:

28 Responses to “In China”

  1. David in Chch (503 comments) says:

    There shouldn’t be a problem. I was able to read your blog when I was in China last year. I wonder if it is because it is an individual site, and it is .co.nz. I was not able to read anything that was hosted at a blog site, so I was unable to read any of Danyl’s postings.

    Vote: Thumb up 3 Thumb down 0 You need to be logged in to vote
  2. Redbaiter (6,483 comments) says:

    “As it happens I have a session with their head of security, and if any readers have questions they want me to ask, feel free to suggest them below.”

    I have got a question.

    Is it true that Wendy Deng is a Chicom spy?

    Please report back on response.

    Vote: Thumb up 5 Thumb down 0 You need to be logged in to vote
  3. Harriet (4,013 comments) says:

    “….The big issue for me, where the theory falls down is how many people would have to be involved in the conspiracy for a major billion dollar company to be a front for the PLA. It would be at least 500 to 1,000 people….”

    A Chinese ex-agent who recieved amnesty in Australia said that China had 1200 spys working in Australia. No one in the Australian government has ever refuted that -not the spying as that is a given- but 1200 agents!

    Of course then they could do it when it involves DOZENS of countries as customers!

    Vote: Thumb up 2 Thumb down 2 You need to be logged in to vote
  4. peterwn (2,941 comments) says:

    I think NZ has a serious issue with spies. There seem to be Labour Party, Green Party, PSA and Greenpeace spies throughout the state sector (I doubt even SIS is immune). I think John Key needs to assume that nothing can remain secret and arrange his affairs accordingly.

    Vote: Thumb up 5 Thumb down 2 You need to be logged in to vote
  5. Michael (880 comments) says:

    How many times will Cactus Kate call you a Pinko while in HK?

    Vote: Thumb up 4 Thumb down 0 You need to be logged in to vote
  6. redguarded (3 comments) says:

    David,
    I’ve been living in and studying China for the past six years and spend much of my time railing against xenophobic blocking of interaction with China or other countries (Crafer farms etc) based on Cold War thinking. However in the case of Huawei I do believe some caution is necessary, for the following reasons:
    1. Lack of rule of law
    2. Corporate culture of enormous deference to hierarchical authority and fear of whistle-blowing
    3. Massively blurred lines of what constitutes wrong-doing/corruption. In a proudly transparent country like NZ, these things are very black and white, but in China many things pass that are not in any way considered “wrong”
    4. The reach and influence of the Party would shock most people in terms of its scale, sophistication and subtlety

    Points 2 and 3 together mean that you wouldn’t need the 500 or 1000 people you speak of to be involved for something to be happening, or you might have that many people privy but not necessarily conspirators. Even people that are privy might not even be aware something was wrong.

    Ultimately though, your final point about economic impact is most probably the clincher and why you are right, especially given that NZ is hardly a superpower to worry the Chinese. I can see why the US would err on the side of caution though.
    PS No problem accessing Kiwiblog in China at the moment.

    Vote: Thumb up 2 Thumb down 0 You need to be logged in to vote
  7. OECD rank 22 kiwi (2,787 comments) says:

    I doubt even SIS is immune

    Wasn’t Fran Mold’s Partner a Chelsea Mannng/Edward Snowden type?

    Vote: Thumb up 1 Thumb down 0 You need to be logged in to vote
  8. slijmbal (1,134 comments) says:

    Having seen the US attitude to any information that does not belong to a Yank I would be more concerned about the fact that 90+% of the world’s structured data is held in database products supplied by US companies. Ditto corporate email servers.

    Though a lot of the issues against network backdoors you mention are the same for databases.

    Vote: Thumb up 1 Thumb down 0 You need to be logged in to vote
  9. valeriusterminus (242 comments) says:

    On the “ability” part – David
    I think you are saying that the NSA is much more able than the PLA.
    Cos – reading all parts (today) it looks like North American based security manufacturers, vendors and international standards bodies furnish Part satisfaction to the NSA.
    Huawei must then be the platform of choice – for those on the non-wrong side of History.

    Vote: Thumb up 1 Thumb down 0 You need to be logged in to vote
  10. Jack5 (4,231 comments) says:

    Morgan in North Korea, and DPF at Huawei. Next, Redbaiter will visit Belarus, Cuba, and Venezuela.

    I’m one of scores of thousands who have been suspicious of having Huawei setting up our networks. I’ve changed my mind. I think who provided the links is irrelevant given the resources the NSA (and thus probably the GCSB) are putting into cracking public-key cryptography, by both hacking hardware and software and by using supercomputer crunching power.

    Just accept everything on the Net is acccessible to others, regardless of where your country’s trunk links and switches come from. That, or as Schneier suggests, encrypt everything on a PC that’s never, ever been linked to the Net, transfer the file, then transmit it. To do that you’d have to be bloody crazy – or bloody scared.

    Vote: Thumb up 0 Thumb down 2 You need to be logged in to vote
  11. kowtow (6,734 comments) says:

    ‘There has never been any evidence of this……”

    I know about these things as I watch 007 movies and ain’t that the point…..no evidence…….

    Vote: Thumb up 1 Thumb down 0 You need to be logged in to vote
  12. Anthony (737 comments) says:

    There is certainly some internet blocking and rerouting going on in China. Was there earlier in the year and when I tried to get Skype on my mobile I got diverted to China Telecom!

    Vote: Thumb up 0 Thumb down 2 You need to be logged in to vote
  13. David in Chch (503 comments) says:

    Odd, Anthony. My Chinese colleagues regularly use Skype, and I certainly used it last year when I was in China. Perhaps it was because it was your mobile and you had it on roaming? When I was there, my cell diverted to China Telecom because of the roaming.

    Vote: Thumb up 2 Thumb down 0 You need to be logged in to vote
  14. Anthony (737 comments) says:

    I was trying to download Skype so maybe that is more difficult.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  15. infused (616 comments) says:

    I use to know a senior guy who worked for them overseas.

    He said “Everything you heard about Huawei is true”

    Considering his position, that’s enough for me. Not to forget the Nortel hacks.

    Vote: Thumb up 0 Thumb down 2 You need to be logged in to vote
  16. PaulL (5,776 comments) says:

    If your approach to security is to assume that the network you are transmitting across (essentially the Internet) is secure, then you have problems. You should be using layers on top of the network to protect your data – such as encryption layers. This is why I couldn’t really understand Australia blocking Huawei from NBN contracts. Basically the NBN is the Internet – you shouldn’t make any assumptions about it being safe

    Vote: Thumb up 2 Thumb down 0 You need to be logged in to vote
  17. UrbanNeocolonialist (136 comments) says:

    Get a VPN and don’t log in without it.

    Vote: Thumb up 0 Thumb down 2 You need to be logged in to vote
  18. Ed Snack (1,540 comments) says:

    The obvious question David is to ask for the logins and passwords (and any special access access codes) to the backdoors in their top level switches. And also ask if the NSA has ever contacted them asking for the same !

    Vote: Thumb up 1 Thumb down 0 You need to be logged in to vote
  19. scrubone (2,972 comments) says:

    I heard a few years ago that blogspot blogs were blanket blocked from reading but you could still publish.

    But it’s inconsistent. The Chinese like lack of certainty about the rules.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  20. scrubone (2,972 comments) says:

    But the next question, is can you actually design equipment with a secret back door, that none of your customers can detect, and they don’t notice unauthorised data flowing through their networks. I’m not an expert, but I don’t think it is that easy to do.

    Hm. I recall a case a few years ago when a Dunedin computer seller was selling under-spec’d computers and using software to get the computer to report that they were fully up to the stated specification.

    But he was caught, of course. What you’d need in this case would have to stand up 100% to any and all scrutiny from the biggest experts in the biz. So… probably not.

    But then, the easiest way to detect such a program would be when it’s broadcasting. That might only happen if activated (say, in a war).

    Vote: Thumb up 0 Thumb down 2 You need to be logged in to vote
  21. hj (5,720 comments) says:

    redguarded(1) Says:
    September 8th, 2013 at 5:52 pm
    David,
    I’ve been living in and studying China for the past six years and spend much of my time railing against xenophobic blocking of interaction with China or other countries (Crafer farms etc) based on Cold War thinking.
    ………………………
    xenophobic blocking of interaction with China

    Ireland’s economic miracle was driven by Germany. Under Labour, ours is being gifted by Communist China. The Germans sent money, the Chinese are sending people.
    That impetus has come from getting immigration up to record levels, notwithstanding the squeals from Winston Peters’ constituency. Just as Ireland found a sugar daddy to give its economy a boost in the 1980′s, Miss Clark has discovered the dividend from unfettered people inflows.

    New Zealand’s population growth, having languished at rates of below 0.5% per annum over the last few years, is now running close to 1.5% pa thanks to net migration contributing around 1% per annum. And there is no sign of the migration abating, nor any sign that the government wants it to. Indeed the response of Prime Minister Clark to suggestions that her government’s population policy is “too liberal” on migration is to say that “most Western countries face problems replacing their populations due to a lowering of birth rates so that immigration is vital if economic health is to be maintained”.
    Miss Clark’s perspective confirms that her government does see a link between higher net immigration and higher per capita incomes, a link that certainly Winston Peters denies and on which many economists are ambivalent.

    http://www.gmi.co.nz/news/514/labours-third-world-solution.aspx
    http://www.stuff.co.nz/business/money/4622459/Government-policies-blamed-for-house-prices
    bbbbbbbbbbbfffffffttttttttttttt!

    Vote: Thumb up 0 Thumb down 2 You need to be logged in to vote
  22. berend (1,602 comments) says:

    Even if Huawei was spying, it doesn’t matter, because we have nothing to hide right? I mean, that’s the excuse John Key has to work with the NSA.

    The only party we know for sure that spies on you is the NSA, and every US company they have managed to build a back door in.

    Vote: Thumb up 0 Thumb down 2 You need to be logged in to vote
  23. berend (1,602 comments) says:

    DPF: As it happens I have a session with their head of security, and if any readers have questions they want me to ask, feel free to suggest them below.

    I have two questions: what’s their opinion on open source, and secondly, have they considered open sourcing their software?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  24. Jack5 (4,231 comments) says:

    Question for DPF for us: does Huawei put out an English-language version of its annual report, and if its online and downloadable, the address for this?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  25. Fentex (664 comments) says:

    If there was a secret back door, and it got discovered, it would destroy the company overnight. They’d lose every contract they have, and a $20 billion a year company would be worthless. So would you rationally make that choice?

    There seems strong evidence that it is true of Cisco, Microsoft and many other large companies central to modern communications that they have backdoors and deliberately compromised security in their products.

    Did they just disappear overnight?

    Even if there was a sudden will among people to change the infrastructure over which their communications travel as individuals we don’t get to suddenly make infrastructure change, and billion dollar companies are built on many billions of dollars of deployed infrastructure – even if the will to replace it exists (which one can’t guarantee) the funds and time involved can be immense.

    This is not a simple issue over which one can be sanguine and pretend a magic wand is held by the invisible hand of a market that can be waved to resolve a now hidden problem.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  26. Fentex (664 comments) says:

    You should be using layers on top of the network to protect your data – such as encryption layers.

    If Huawei or Cisco deploys compromised routers it is not only the data within packets that traverses them they will compromise but meta data describing the origin, destination and size of communications, where DNS queries are flowing, statistical measures of relationships between end points and many obscure but informative measures of what is happening even if they don’t supply an ability to view messages directly.

    And these companies do not merely provide the physical layers of communications but through apparently sensible economic efficiences are also involved in the applications and software infrastructure that leverages the equipment they supply to support final ‘solutions’ for customers. They do have ample opportunity to directly compromise encryption keys if they please.

    There is trust in all business and it is hard expensive work to put trust aside in favour of security so much so that vanishingly small numbers of people make the effort let alone businesses with a cynical eye on the bottom line. At the end of the day most businesses would weigh the risk of using affordable commodity products against the odds on information insecurity costing them profit and find it negligible.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  27. Anthony (737 comments) says:

    Are we ever going to get a blog piece on your visit David?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  28. UglyTruth (3,156 comments) says:

    And my hard and fast rule is that any conspiracy that involves more than two people inevitably leaks out.

    The conspiracy to kill J F Kennedy didn’t leak out from the conspirators, the realists simply saw the evidence that the standard presidential security had been removed and didn’t accept the bullshit explanation given by the Warren Commission.

    Frankly it is the realms of fantasy to think an entire company could be installing secret back doors and not a single person would ever reveal the truth.

    This strawman is commonly used by the state apologists. An effective conspiracy is conducted in secret, it doesn’t go blabbing the details to all and sundry within the organization. Direct knowledge of the back door is limited to the conspirators themselves and the people who produce the final chip code.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote

Leave a Reply

You must be logged in to post a comment.