The US is again warning its allies about the risks of using telecom equipment made by China’s Huawei Technologies Co.
American officials have briefed their counterparts in countries like Germany, Italy, and Japan about what they argue are potential cybersecurity risks, according to the Wall Street Journal (paywall). This follows previous warnings, such as a claim earlier this year that American citizens shouldn’t use Huawei’s phones.
The US may be concerned about Chinese government influence embedded in Huawei’s technology because America’s spy agencies have done the same thing in the past.
Western governments have long been wary of Huawei, which was founded by Ren Zhengfei, a former People’s Liberation Army soldier. (The recent arrest of Huawei CFO Meng Wanzhou, who is Zhengfei’s daughter, over allegations of violating of Iran trade sanctions is apparently separate to concerns about cyber espionage.)
And again the recent of arrest Wang Weijing. The Polish authorities announced Friday that the Huawei director and a Polish cybersecurity expert were accused of carrying out “espionage against Poland.”
Though the Chinese telecoms equipment maker Huawei Technologies Co. retaliated by quickly terminating the employment of Wang Weijing.
The allegations against Wang Weijing “have no relation to the company,” Huawei Technologies Ltd. said in a statement. It said Wang was fired because the incident “brought Huawei into disrepute,” a violation of his contract.
Shenzhen-based Huawei, founded in 1987, has grown into the world’s largest supplier of telecom network equipment, beating out firms like Cisco, Ericsson, and Nokia.
Critics see Huawei as a possible Trojan horse that, once embedded in international communications systems, could provide opportunities for Chinese government spying or remote control of vital telecom systems. Huawei has vigorously denied these claims.
American officials have reportedly used this strategy in the past. One example goes back to the late 1980s, when cryptography—previously a tightly controlled technology monopolized by the military—was spreading from academia to commercial businesses.
As personal computers caught on, tech companies needed a way to secure data and information from hackers and other criminals who might want to steal it.
Lotus Notes, a database company, used cryptography to secure its users’ information. But exporting software using high-grade cryptographic techniques was subject to US State Department controls at the time.
When Lotus Notes sought to sell its products abroad, the National Security Agency leaned on it to use a weaker version of cryptography in its product, according to Stephen Levy’s book Crypto.
After years of discussions, the NSA allowed Lotus Notes to ship its product for export using 32-bit encryption, compared with a 64-bit version in the domestic version. At the time, cracking 64-bit encryption through brute force (computers cycling through ever possible key combination) was seen as just about impossible.
But 32-bit encryption was far more vulnerable, especially against the NSA’s supercomputers which, even then, could easily crack such codes within days, according to Levy’s book.
The 32-bit version was so weak that even well-resourced thieves could break the encryption within 60 days using personal computers—a timeframe that everyone knew would get shorter as computing power became cheaper, faster, and more widely available.
Fast forward to 2018, and anxieties about Huawei’s telecom equipment have risen as the world prepares to switch to 5G networking technology.
Given their own past behavior, the hand-wringing by American officials makes sense. The US push to influence encryption in the private sector suggests that there are good reasons to think China could do the same with homegrown technologies.