The tech company at the centre of a trade war between the US and China is willing to go to extraordinary lengths to prove it can be trusted. But will those measures be enough to save Huawei’s 5G business in New Zealand?
"US companies can sell their equipment to Huawei," US President Donald Trump casually told reporters, following a meeting with Chinese President Xi Jinping on the sidelines of last month’s G20 summit in Osaka.
"We're talking about equipment where there's no great national security problem with it.”
The reversal was greeted with caution at Huawei HQ in Shenzhen, China’s high-tech capital just across the border from Hong Kong, where NOTED visited last week to meet key executives tasked with steering the 32-year-old company through the crisis.
Huawei, which makes telecoms equipment as well as smartphones, has seen sales of its handsets drop in key international markets since late May, when the US Department of Commerce placed Huawei on its Entity List, legally preventing it from trading with the US. Huawei joins around 140 other Chinese companies deemed to be a threat to US national security and interests.
Despite Trump’s softening stance, Huawei remains on the Entity List, though the process of applying for special licences to keep the supplies flowing from US companies could become easier and the prospect of Huawei being cut off from using Google’s Android operating system to run its phones seem to have faded – for now.
Huawei does hardly any business in the US anyway, due to an effective ban already preventing American network operators such as AT&T and Verizon from using its equipment. The company, which is run as a cooperative and owned by its employees, has signed around 50 contracts to supply 5G ‘fifth generation’ networking equipment in other countries. It is expected to reveal strong revenue growth when it reports its financial statements at the end of the month.
But the trade war and allegations that its equipment could have secret back doors allowing China’s Government to spy on other nations has left Huawei’s 5G business in limbo in several countries, including the United Kingdom, Australia and New Zealand.
Citing unspecified security concerns, NZ’s Government Communications Security Bureau in December rejected an application by mobile network operator Spark to use Huawei equipment to build its 5G network.
Since then, Huawei has pledged to invest US$2 billion over five years fixing bugs in its software code and boosting security to address issues identified by a UK Government oversight board set up for the sole purpose of scrutinising Huawei’s equipment.
‘No spy’ agreement
Huawei’s most recent effort to win trust was to offer to sign a ‘no spy’ agreement with the government of any country it does business with. What would that include? Huawei’s chairman Liang Hua declined to confirm to NOTED whether such agreements could make Huawei liable for criminal prosecution or financial penalties if the company was found to have facilitated spying.
“Over our history we have been compliant with local laws and regulations in countries where we operate. With regards to intelligence, we have never received any requests of this kind asking us to collect foreign intelligence,” says Hua.
“We have come up with the proposal that we sign a no spy, no back door agreement with governments, because we don’t spy and we don’t collect foreign intelligence for the [Chinese] government. We will never allow anyone to install backdoors in our equipment.”
Huawei’s New Zealand managing director, Andrew Bowater, was more explicit: “Why not put an almighty big fine on us, so we’ve literally got the gun at our head if we did do anything wrong."
“We’d happily sign up for that tomorrow because we back ourselves to not do anything stupid in the market.”
Bowater has some time to play with because New Zealand is not an early adopter of 5G technology – Australia and the UK already have commercial 5G services available. The Government will early next year run an auction to sell radio spectrum to operators looking to run 5G wireless services.
But his window of opportunity to do business with Spark and 2Degrees, both of which Huawei currently supplies with 4G networking equipment, is starting to close.
“Spark wants to roll out 5G by July 2020. With changes in the market for Vodafone, things might move faster,” says Bowater.
“We remain open to discussions with the Government. Everything we do in the market is open to scrutiny, more so than everybody else.”
Bowater’s problem is that the Government doesn’t seem interested in talking and Huawei still doesn’t know what exactly has raised red flags with the GCSB. The agency will only communicate with Spark as the network operator which is covered by the Telecommunications (Interception Capability and Security) Act 2013.
“As the TICSA Part 3 provisions relate to network operators, our communications is direct with operators,” a GCSB spokesperson told NOTED.
“As they are made to us on an in-confidence basis, GCSB will not comment on particular notifications. New Zealand makes its own decisions on telecommunications network security under TICSA.”
The TICSA legislation covers technical aspects of interception capability and network security, so the black mark from the GCSB would suggest Huawei’s equipment is inherently insecure or unable to be accessed in the interests of national security – perhaps both.
But in the absence of any concrete answers to Huawei and Spark, it is hard to know either way. That has led Huawei’s executives and many observers outside the company to speculate that the issue is political; New Zealand’s effort to fall in line with its Five Eyes security partners and to undermine China’s efforts to lead the world in one of the most important emerging technologies – 5G.
“We’ve been in the New Zealand market for 13 years, there’s never been any evidence of wrongdoing found. If there was, we would have been kicked out long ago,” says Bowater.
“This is clearly about bigger geopolitical issues.”
Huawei’s cybersecurity boss, John Suffolk, was one of the executives who came up with the plan to spend billions on upgrading the security of Huawei’s technology. There was no business case drawn up, just an agreement to make an investment, and a big one at that.
“People said, how much is it going to cost? And they say, start with two. Two looks about right.”
“For many people, US$2 billion is quite a big investment. It’s not about the money, it’s about the commitment,” says Suffolk, who has been with Huawei since 2011 and was previously the UK Government’s chief information officer.
Some of that money will immediately go towards fixing bugs uncovered by a technical lab based in Banbury in the UK, which is tasked with going over Huawei’s equipment and software with a fine tooth comb, a process other equipment makers such as Ericsson and Nokia aren’t subject to in the same detail.
The last report from the oversight board to which the lab reports was scathing about some of the flaws in Huawei’s computer code.
“Some of that is sloppy on our behalf,” admits Suffolk.
“We are not pleased to say that but it is reality.”
The GCSB considers the work of that oversight board in the UK as “a useful input” into its own evaluation processes.
Suffolk suggests the roots of Huawei’s technical problems stem from it being slow to upgrade aspects of its security, something he puts down to the complexities of keeping a wide range of ageing networking devices operating for its customers around the world.
“We have got to make sure that when the customer upgrades, they don’t lose functionality, they don’t lose performance,” he says.
“We know that frustrates some people so we expect our bottoms to be smacked on a regular basis about speed. But our priority is to keep the networks up.”
“For us, any idiot can drive fast. Not a problem. Can you drive safe?”
The investment in security will include evaluating emerging threats to network security.
“How do you solve the problem of a fake base station? How do you think about quantum computing which is still a twinkle in someone’s eye, but [quantum computers] are getting better and the qubits are increasing. Could they crack the encryption?”
The increase in devices connected wirelessly in the 5G world, including Internet of Things remote controllers on everything from traffic lights to driverless cars and household gadgets, would increase the range of security threats in the mobile world.
But fundamentally, says Suffolk, the inherent design of 5G networks provides more options for network security than is available with current networks. The concept of network “slicing” will allow mini-networks to be formed with differing levels of security.
“I say this is a trusted slice, I can give you a lot of quality of service. I can give you a lot of bandwidth. You and I know each other. We trust each other,” says Suffolk.
“I don't know who the hell you are. And therefore the security wrapper that I put around this slice is much tighter.”
Massey University senior lecturer in communication engineering and networks, Dr Faraz Hasan, agrees that the 5G world poses unique security problems.
“Because we are interconnecting not just our laptops and mobile phones, but also vehicles, medical professionals, livestock, even our power grid with 5G, any breach in security may have far-reaching implications,” he says.
"The heterogeneity among the connected devices has never been experienced before. Unique security solutions each customised to a particular kind of device will be needed in the 5G era.”
Huawei’s Suffolk and Hua want to see the mobile industry, under the banner of groups like the GSMA, which represents mobile operators around the world, collaborate on security standards, so that trust in 5G spans the entire industry.
Eyes on the UK
For Huawei though, the company’s fortunes in the UK could spell out the future for its Australasian business too. Four major operators have already started rolling out Huawei equipment in their 5G networks to some degree, despite the UK Government’s misgivings. But they are generally limiting Huawei’s involvement, running technology from a number of vendors.
A crucial report from the UK Government, the Telecoms Supply Chain Review, will definitely spell out whether Huawei’s equipment can be used, but its release has been delayed repeatedly with Brexit and a change of prime minister is not helping the situation.
Mobile operators are concerned that blocking use of Huawei equipment would reduce competition among vendors leading to more expensive networks and higher prices for consumers.
"If you talk to the network operators out there who have been trialling stuff, our competitors are either way overpriced or incredibly slow in terms of network quality, we back ourselves to have the best network quality service,” says Bowater.
For its part, Spark appears to be waiting to see how global events influence the local situation.
“There is no update to what we’ve said previously about our position regarding the GCSB and Huawei, we are still considering next steps here,” a Spark spokesperson told NOTED.
But the mobile operator is by necessity keeping its options open, working with Huawei’s rivals as well, to test 5G equipment as it plans for its 5G network build.
Bowater for his part is resigned to navigating the complexities that come with representing Huawei in the West.
“Because we are a Chinese company, there will always be more scrutiny. We’ve got to jump higher than everybody else, do more than everyone else, continue to prove our innocence.”
Peter Griffin visited Huawei’s Shenzhen HQ as a guest of Huawei.