Should the UK ban Huawei?

Or would that delay the rollout of 5G without fixing the security risk?

January 23, 2020
Huawei's building in Reading. Photo: Steve Parsons/PA Wire/PA Images
Huawei's building in Reading. Photo: Steve Parsons/PA Wire/PA Images

As 75-year-old Ren Zhengfei, the founder of the Chinese telecoms giant Huawei, prepared for the annual Davos rituals, his daughter Meng Wanzhou, her ankle tagged, was heading for court in Toronto. The hearings are expected to be lengthy and will determine whether she will be extradited to the United States to face charges of breaking US sanctions against Iran.

Since Meng’s arrest just over a year ago, the US government has banned American firms from doing business with Huawei, and US officials have fanned out to pressure governments to ban Huawei equipment from their next-generation 5G networks. In response, the company protests its innocence of any intent to serve the interests of the Chinese Communist Party, and Chinese officials have matched the US threats with their own. Two Canadian citizens have been detained in China.

A US team visited London in the second week of January, bearing a dossier that, it said, contained damaging information on the company. The US ambassador to Germany made it clear that the EU’s most important US ally was expected to fall in line. The Chinese ambassador responded with threats against the German car industry. Squeezed between two giants, Angela Merkel seems inclined to defer the Huawei decision until after the next EU summit in March.

Safety in EU numbers is not available to the UK and Boris Johnson will encounter some harsh realities: Britain is going it alone as the world’s biggest and second biggest economies are fighting for supremacy. If he decides for Huawei, the US could downgrade security cooperation and trade talks could sour. If he decides against Huawei, China will find equally creative ways to demonstrate its displeasure. There are no easy choices here.

The UK’s intelligence services have been giving contradictory signals: some officials warn that Huawei is bound to do the bidding of the Chinese Communist Party now or in the future, and the Party’s interests are not aligned with those of the UK. Others share the misgivings about China and do not consider Huawei a trusted supplier, but disagree over how to translate those security concerns into the technological choices the UK has to make.

They further argue that the security of telecoms infrastructure requires a choice of interoperable suppliers. Given that only three manufacturers are available to European companies—Ericsson, Nokia and Huawei—to remove one of them, they argue, narrows the choice unacceptably. Besides, while Huawei has not been regarded as a trusted supplier since the first contracts were signed in 2003, the National Cyber Security Centre believes its oversight is enough to allow Huawei to supply to the periphery of a 5G system.

Others argue that the distinction between core and periphery becomes less meaningful in a 5G system and that the current dilemma illustrates the perils of dependency on a supplier who cannot be trusted. Already the government has baulked at the cost of ripping out and replacing existing Huawei equipment; in ten years’ time, when many more functions will depend on 5G, the chances of a removal of the company’s equipment, whatever security lapses were discovered, seem small.

Huawei is both a real and totemic issue in a long-term dispute between China and the US that is beset by bad faith. The company claims that it would not obey any Chinese security service demands, a claim greeted with raised eyebrows wherever it is made. After all, western telecoms companies are also pressured to serve national security interests, so why should China be different? But if the NCSC is reasonably confident that it can contain a malicious threat, the threat posed by shoddy software is another matter, as last year’s oversight report made clear. This was highly critical of Huawei’s failure to fix vulnerabilities in its software. In 2018, the NCSC had complained of “concerning issues” here and in 2019, it repeated concerns about Huawei’s approach to software development, which brought “significantly increased risk to UK operators.” The oversight board could offer only “limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK.”

One independent expert put it less diplomatically: Huawei’s version control—a basic procedure for tracking software development to avoid conflict and vulnerabilities—was, he said, “hopeless,” the software “awful” and security “poor.” The danger of this sub-standard software is that unpatched vulnerabilities embedded at a low level in the network are hard to fix.

The US, of course, wants Huawei excluded. Only Australia and New Zealand have acceded to the request so far and some British experts find the US approach irrational. To make Chinese ownership the totemic issue, they say, obscures the fact that both Nokia and Ericsson’s supply chains are also in China. For the NCSC, a bigger problem is that decades of underinvestment and neglect have left the UK without its own resources, and the security of UK’s telecoms infrastructure is historically weak. Banning Huawei would delay the 5G rollout without fixing what both sides agree is a serious potential security threat from China.

Countering that threat would require serious investment in—and protection of—native companies. This would involve a hard look at China’s enthusiasm for the acquisition of small engineering companies that have valuable intellectual property. This is coupled with an aggressive industrial strategy, in which subsidies enable Chinese companies to undercut and eliminate foreign competitors. If China is aiming to monopolise the market, is it too late counter that strategy?

For decades globalisation has eroded the idea that national industrial policy mattered, except, notably, in defence industries. Given that telecommunications are now a core defence concern, there are signs of a belated rethink. In the US, a bipartisan group of senators has brought forward a bill that proposes a $750m innovation fund to support companies developing open standard 5G technologies, along with a separate $500m fund to support international companies that offer “trusted and secure” equipment. In the UK, telecoms providers are being told to build security into the networks, not add it as an afterthought. Such investment grabs fewer headlines than moving the House of Lords to York but unlike that proposal, this one is serious.