Gordon Campbell on the Huawei security scare

On the face of it, it looks very strange that our government should have jumped to comply with American concerns about the Internet business of about Kim Dotcom – to the extent of a string of illegal search, seizure and surveillance activities – but seems utterly blasé about the Internet activities of the Chinese firm Huawei, which the American House Intelligence committee has fingered as a security risk, and would like to bar from US contracts. New Zealand, by contrast, has signed up Huawei as a key contractor in our ultra fast broadband rollout.

Sorting out the genuine national security and industrial espionage risks that may – or may not – be involved here is difficult, and the Greens and Labour appear to have rushed to judgement on Huawei in much the same way they castigated the government for doing over Dotcom. Is Huawei a genuine concern, or (primarily) a case of US economic protectionism? The House Intelligence committee report is noticeably short of specific evidence against Huawei, but then again, it does have a separate, classified version of its report that may have more flesh on its bones. As this report suggests, the public case against Huawei appears to rest on the evidence of cyber hacking by the Chinese government, the past support that the Chinese government has given the firm, and the existence of former Chinese military officers in its top executive ranks. It is more a cloud of suspicion – reason enough for caution to some – than solid evidence of bad behaviour. Is it quite reason enough though, to bar Huawei from Western contracts? There are arguments either way.

For example, there is this BBC report about the Chinese government allegedly being behind retaliatory hacking attacks on Google. Another report alleges a long running penetration of the US firm Nortel by Chinese agents.

Using seven passwords stolen from top Nortel executives, including the chief executive, the hackers—who appeared to be working in China—penetrated Nortel’s computers at least as far back as 2000 and over the years downloaded technical papers, research-and-development reports, business plans, employee emails and other documents, according to Brian Shields, a former 19-year Nortel veteran who led an internal investigation. The hackers also hid spying software…deeply within some employees’ computers.

The question for New Zealand is whether these actions by Chinese agents should make Huawei guilty by association. On the other side of the ledger, one can readily put the concerns about Huawei down to US economic protectionism.

Both companies are a solid threat to Cisco and Juniper, two U.S. companies that stand to lose if their products are undercut by low-cost Chinese switches and routers. Cisco’s CEO John Chambers is a very active Republican who is vocal on this issue. Plus, both Cisco and Juniper (as well as many U.S. companies) frequently make some of their hardware and even write some of their code in China and other places that the U.S. might consider a threat. Domestic companies point out that they don’t let engineers writing code overseas have full access to the source code, and that the foreign-produced code is reviewed, but there is an element of hypocrisy here.

It’s cheaper to build things in China, be it software or hardware. Plus, executives at U.S. companies tell me that they never buy used networking gear from any vendor because it can have unexplained Chinese software on it. The Chinese don’t necessarily need a company in its pocket to install networking spyware, when it can sell gear on eBay to unsuspecting corporate buyers.

So…is it the US raising security concerns primarily to protect its own economic interests – or, given the prevalence of cyber attacks and industrial espionage, is there a residue of sensible caution in making sure the Chinese are kept at arm’s distance? Presumably, Huawei got the ultra fast broadband contract here because it was the cheapest bidder. How, one wonders, would our Government Communications Security Bureau and SIS go about assessing the risk that this contract may pose to national security and via industrial espionage – which as the above paragraph suggests, could also conceivably be compromised by gear that our corporates buy on Trade Me. The usual GCSB/SIS modus operandi is to ask its brother intelligence agencies (in the US, Australia and elsewhere) what it should think.

With Huawei, that’s not an option. It poses a nightmare for our spooks. The UK is saying one thing (Huawei is OK) and Washington and Canberra are saying the opposite – yet their warnings run counter to our own government’s policy for the rollout of its pet IT project. At crunch, how can New Zealand partake fully in intelligence traffic if its main allies think that we may have witlessly turned ourselves into a listening post for the Chinese? It won’t matter, at that point, if there is any substance to the fears about Huawei. Perception will have become reality. Hard to see though, the Key government backing down, and backing out of its UFB contracts at this point.

The only winner in all this that I can see is Cabinet Secretary Rebecca Kitteridge. Just after she has been appointed to analyse the inner workings of the GCSB, this lands on the agency’s plate. You could hardly get a better, and more difficult test of its evaluative procedures, and analytical ability.