Huawei, the Chinese technology giant, poses a conundrum for governments. It produces some of the most advanced fifth-generation (5G) telecommunications equipment and sells it at bargain prices. But there are fears that those products are or could be compromised, providing the Chinese government access to the data that they transmit or crippling the networks they empower. Huawei denies that is possible but those assurances ring hollow. Governments should take nothing on faith — neither the worries or the promises. A rigorous and applied skepticism is the correct policy.
The United States insists that Huawei poses a security threat to countries that put its equipment at the core of their telecommunications networks. First, it warned of back doors that give the company access to data that pass through its networks. When pressed, however, the U.S. could provide no proof that such vulnerabilities exist. Then, Washington warned that close ties between the company and the Chinese government could compromise security. This complaint is based on the special relationship shared by the government in Beijing and all large enterprises in China that afford the state influence in all corporate decision-making. Even without a special relationship, U.S. officials note that Chinese law requires Huawei — like any other Chinese company — to turn over to the government information that it requests.
Huawei responded with the message “Don’t believe everything you hear.” The company highlights the failure to produce evidence of back doors. Executives deny any ties with the Chinese government and insist that the firm follows the law in every jurisdiction in which it operates. The company has also offered to work with foreign governments to improve security. Finally, Beijing has weighed in: Foreign Minister Wang Yi has called the charges “groundless accusations for political purposes.”
The company likes to point to the arrangement it has in Britain, where a testing facility has been set up and is overseen by the British government’s cybersecurity agency. Unfortunately for Huawei, the last report from that body concluded that it can “only provide limited assurance” that risks to the country’s national security and critical networks could be reduced in the long term. It noted that “no material progress” had been made in fixing problems from the previous report and it found “further significant technical issues” in the company’s software and engineering processes. Worryingly, “strongly worded commitments from Huawei in the past have not brought about any discernible improvements.”
The U.S. has banned Huawei from its 5G networks and is urging other governments to do the same. Many have heeded the U.S. warning: Britain bars Huawei from government and all critical networks, while Japan, Australia and Taiwan restrict or ban Huawei technology. The EU has left the decision to members rather than imposing a blanket ban and several of them, such as Germany, France and Italy, are buying or testing the technology.
The U.S. is increasing the pressure, warning that it might be unwilling to share information and intelligence with states that have Huawei in their networks. Secretary of State Mike Pompeo told U.S. allies that using Huawei could make it difficult for Washington to “partner alongside them” if their equipment ties into “important American systems.” Ellen Lord, the U.S. undersecretary for defense, was more direct: “If our allies and partners go with a Huawei solution, we need to reconsider how we share critical information with them.”
A successful ban is unlikely. Huawei offers a big price advantage and is advanced in the development of its technology. A country that bars its products will be hampered in the utilization of technologies that are essential in a modern economy. China has also weighed in, with warnings to governments that ban Huawei products.
Instead, governments should take several steps. First, they should set up testing centers like the one in Britain and share test results. Second, governments should do more to identify and map network vulnerabilities. The EU has ordered such a review as part of its assessment of 5G policies. Third, telecommunications companies must build in security in ways that neutralize risks posed by the inclusion of Huawei in national networks. Since the 5G rollout is just beginning and it will be an iterative process, there is time to develop features to protect critical systems and data. Central to the success of all these efforts is a close, cooperative relationship between government and technology companies.
Finally, it is not too soon to start working on post-5G technologies. Researchers in Japan and Europe have already commenced, and they have made important progress. They have conducted tests that achieve about 60 percent of the target speed; their goal is to have the new technology ready for rollout by the 2030s. In the meantime, telecommunications providers and regulators must be acutely attuned to security risks and do everything possible to reduce them.