The Huawei indictments and the end of trust
31 Jan 2019|

Huawei’s behaviour, coupled with the Chinese government’s wide-ranging commercial espionage, is eroding trust in the global supply chain. Rebuilding that trust will take work.

Two sensational US indictments unsealed on Tuesday paint a picture of Huawei acting with utter disregard for laws and agreements in pursuit of commercial advantage. In one indictment, the US Justice Department charged Meng Wanzhou—Huawei’s CFO and daughter of the company’s founder—with deliberately lying about the company in order to subvert US trade sanctions against Iran. In the other, Huawei was charged with concertedly trying to steal technology from ‘Tappy’, a smartphone-testing robot owned by US telecommunications operator T-Mobile.

In both indictments, Huawei was accused of intentionally breaking US laws and then covering its tracks by destroying and concealing evidence, or by conducting internal ‘investigations’ that minimised the crimes, used individual employees as scapegoats and tried to absolve the company itself of wrongdoing.

Strikingly, this pattern of criminal activity and concealment is very similar to ZTE’s behaviour. ZTE, another Chinese telecommunications equipment manufacturer, was found to be violating sanctions and selling US technology to Iran in the early 2010s. Even while it was being investigated by US law enforcement, ZTE engaged in ever more elaborate schemes to hide continuing sales to Iran, including using new partners to sell to Iran, lying to US investigators, and deleting and sanitising Iran-related records from its accounting database.

This pattern of amoral deception is worrying for companies that could be placed at the heart of our telecommunications networks. But the risk involved is exponentially increased because these companies can be pressured and compelled by the Chinese Communist Party, which believes that Chinese companies and even Chinese people exist to support the party.

China has conducted espionage to gather government and military secrets—what Western governments would consider ‘legitimate’ espionage—but also espionage in search of trade secrets and commercial-in-confidence material from Western companies such as BHP, Rio Tinto, Fortescue Metals, Yahoo, Google and many more. A single hack of Rio Tinto is reported to have cost the company £800 million in lost revenue because of ‘commercial disadvantage in contractual negotiations’. From China’s point of view, commercial espionage could be viewed as important for maintaining a growing economy and keeping the population employed and happy, and therefore as crucial to national security.

Our relationship with technology relies on our faith and trust that our phones, gadgets and computers will do only what we expect them to do. We must rely on trust because information technology is so complex that it’s difficult, if not impossible, to prove that products won’t do what they shouldn’t. How can you prove that your smartphone won’t accidentally send your personal photos to your contacts? Without proof, we pretty much just have to trust that things like that won’t happen.

Unfortunately for Huawei and ZTE, their behaviour and that of the Chinese government—their wide-ranging commercial espionage, and state laws that compel companies to assist in intelligence efforts—have eroded the unquestioning trust that once existed.

Since Australia made the decision to ban Huawei from its 5G network, a number of other countries have either followed suit or expressed reservations, including New Zealand, Japan, Germany and the Czech Republic.

But 5G and telecommunications are merely the thin edge of the wedge. The global debate over Huawei and 5G networks makes it clear that we’re no longer living in a world where we can trust in the products we buy as an article of faith. How can we trust any technology product when the heart of the global electronics supply chain is in China?

Both governments and companies have a role here.

Governments need to step in and assess equipment when there are broad-based security concerns about critical and important services that underpin the Australian economy. The debate about Huawei being involved in the 5G network is a good example; for any individual Australian, the threat represented by Huawei’s involvement isn’t high, but as a community we absolutely need a robust and secure telecommunications network for our future. Governments also need to lead efforts on finding ways to build transparency and trust with foreign manufacturers and suppliers.

Companies need to understand and manage the risk exposure that comes with technology products they use—and not just those that are manufactured in China. Some collaboratively developed software, known as open-source software, can provide companies with low-cost, robust software, and is widely used across many industries. But it can be insecure, or can be quietly modified without oversight; some open-source software projects have been hijacked to steal personal data or credit card details. With a holistic consideration of the costs and benefits, many of these risks can be sensibly managed once they’re identified.

Beyond understanding their own risks, companies also need to be transparent and communicate about how they are dealing with those risks. Transparency will provide consumers and clients with some confidence that due diligence has been done, and that sensible mitigation measures are in place. In other words, transparency will build trust.