Huawei and the ambiguity of China’s intelligence and counter-espionage laws

Since late August, Chinese telecom firm Huawei, along with another Chinese telecom, ZTE, has been banned from providing 5G equipment to Australia. The Australian government didn’t directly name the companies, but said that ‘the involvement of vendors who are likely to be subject to extrajudicial directions from a foreign government that conflict with Australian law, may risk failure by the carrier to adequately protect a 5G network from unauthorised access or interference’.

Huawei later issued a statement, saying that:

Chinese law does not grant government the authority to compel telecommunications firms to install backdoors or listening devices, or engage in any behaviour that might compromise the telecommunications equipment of other nations. A mistaken and narrow understanding of Chinese law should not serve as the basis for concerns about Huawei’s business. Huawei has never been asked to engage in intelligence work on behalf of any government.

The problem is, Huawei’s claim doesn’t respond adequately to the evidence-based scepticism on which the Australian government based its decision.

For Chinese citizens and companies alike, participation in ‘intelligence work’ is a legal responsibility and obligation, regardless of geographic boundaries.

This requirement is consistent across several laws on the protection of China’s state security. For instance, Article 7 of the National Intelligence Law (国家情报法) declares:

Any organisation and citizen shall, in accordance with the law, support, provide assistance, and cooperate in national intelligence work, and guard the secrecy of any national intelligence work that they are aware of [emphasis added]. The state shall protect individuals and organisations that support, cooperate with, and collaborate in national intelligence work.

Similarly, Article 22 of the 2014 Counter-Espionage Law (反间谍法) states that during the course of a counter-espionage investigation, ‘relevant organisations and individuals’ must ‘truthfully provide’ information and ‘must not refuse’. The implementing regulations, released in November 2017, clarified the law’s provisions:

When State Security organs carry out the tasks of counter-espionage work in accordance with the law, and citizens and organisations that are obliged to provide facilities or other assistance according to the law refuse to do so, this constitutes an intention to obstruct the state security organs from carrying out the tasks of counter-espionage work according to law.

The scope and parameters of what Chinese authorities might deem to be ‘intelligence work’ and ‘counter-espionage work’ are not clearly defined in these laws—which are, at best, ambiguous and open to varying interpretations.

So, even if Huawei may be technically correct in saying that Chinese law doesn’t explicitly ‘compel’ the installation of backdoors, there are still reasons for concern. China’s intelligence and counter-espionage activities tend to be so expansive that these provisions could be used to justify activities extending well beyond China’s borders.

Moreover, these recent laws only codify and formalise existing practices, and the Chinese Communist Party has often advanced a ‘rule by law’ (法治) rather than a true ‘rule of law’ (法制) approach that places its own power and interests clearly above the law. Indeed, as the Australian government pointed out, the nature of the ambiguous but tightening relationship between the Chinese party-state and the tech companies that it claims as ‘national champions’, including through its party secretaries and committees, means there’s real potential for ‘extrajudicial directions’ beyond such formal frameworks of laws in this context.

The Chinese party-state’s view of intelligence is tied to the CCP’s expansive conception of national security or, more accurately, ‘state security’ (国家安全), which differs markedly from the US and Australian approaches to their own national security challenges.

The idea that ‘everyone is responsible’ for ensuring state security is a central feature of this concept. According to China’s 2015 State Security Law, ‘Citizens of the People’s Republic of China, every state organ and the armed forces, each political party, the militia, enterprises, public institutions and social organisations, all have the responsibility and obligation to maintain state security.’

The ‘responsibility’ requirement doesn’t stop where China’s geographic borders end. There is ample evidence that the state applies its laws and policies with extraterritoriality, in ways that can infringe upon the sovereignty of other nations and the civil liberties of individuals entitled to those nations’ freedoms.

As Huawei’s reach and access expand around the world, the opportunities for Chinese intelligence to leverage its products and infrastructure for espionage will only increase. Given the opacity of these issues and inherent uncertainties, the ‘case’ against Huawei may not meet the strictest of evidentiary standards in a legal sense, but there are enough red flags to raise serious questions about the potential for risks that cannot be mitigated satisfactorily without greater transparency.

Beyond the core features of the CCP’s approach to intelligence, Huawei itself has been linked to data theft, allegedly for intelligence purposes. As ASPI’s Danielle Cave has revealed, Huawei was the primary provider of ICT infrastructure to the African Union headquarters, which an investigation by Le Monde showed had been the victim of data theft over a five-year period.

If Huawei is given the full benefit of the doubt, its apparent involvement in this case demonstrates negligence at best. However, in light of the scope and scale of the alleged data theft, it’s difficult to imagine that the company wasn’t aware of, or perhaps even complicit in, these activities.

Is this an isolated incident, or might there be other cases in which Huawei’s networks and products have been linked to data theft and cyber espionage undertaken by Chinese intelligence agencies? That question may not have easy answers, given the opacity of these activities, but it’s worth asking —and investigating further—nonetheless.

Ultimately, what matters isn’t whether Huawei can be ‘proven’ to be ‘guilty’ or ‘innocent’, but whether it’s prudent to let a company that is constrained and influenced both by CCP priorities and by Chinese laws and extralegal mechanisms to build or operate the next generation of Australian critical infrastructure.