Huawei pens open letter to UK Parliament: Spying? Nope, we've done nothing wrong

Malicious acts would 'destroy' us, exec insists

Huawei has admitted "room for improvement" in its product design processes in an open letter to the UK Parliament – but strongly refuted allegations of spying.

The five-page letter (PDF) from Ryan Ding, Huawei's carrier business group (CBG) president, states that Huawei's commercial reputation would be destroyed if it was caught spying, or sending data back to China.

"The governments in some countries have labelled Huawei as a security threat, but they have never substantiated these allegations with solid evidence. For us, the lasting support and trust of our customers worldwide speaks volumes," said Ding.

He claimed Canada has to date "not taken any restrictive measures against Huawei products"; New Zealand "turned down" a single 5G proposal, but the "regulatory process is still ongoing"; and Australia has raised "extra requirements for the supply of 5G products".

"Even in the US, existing legislation only restricts the use of federal funds to buy our networking hardware and services; there are no legislative restrictions on Huawei's business activities," Ding added.

"Were Huawei ever to engage in malicious behaviour, it would not go unnoticed – and it would certainly destroy our business. For us it is security or nothing: there is no third option."

Huawei cited a study of Chinese law by Clifford Chance that concluded the People's Republic does not oblige vendors to plant backdoors or other eavesdropping methods in telco equipment, and no sanctions exist against a company which has refused such a request.

Huawei President BCG Ryan Ding

Ryan Ding in 2014

Ding added that the Chinese firm is the only comms equipment maker to submit its Crown Jewels for inspection.

Seven years ago Huawei established the UK facility in Banbury, Oxfordshire, nicknamed The Cell, which allows UK spy crew GCHQ access to its software code. The National Cyber Security Centre (NCSC) committee that oversees the facility, formally Huawei Cyber Security Evaluation Centre (HCSEC), reports to Parliament every year.

NCSC was not shy about telling customers to shun ZTE gear early in 2018.

Unlike state-owned ZTE, Huawei is privately owned, and as recently as a year ago, the NCSC could be found lauding the partnership.

"Huawei is a globally important company whose presence in the UK reflects our reputation as a global hub for technology, innovation and design," the agency said.

That ardour seemed to have cooled months later. By July last year the NCSC said (PDF) it could only offer "limited assurance" that the risks of using Huawei kit had been "sufficiently mitigated".

Ding emphasised that Huawei could do better.

Huawei has pledged a £2bn investment over five years in its software processes and reiterated the overhaul in the letter to Parliament.

That programme is "part of a broader effort to design our Integrated Product Development process", Ding wrote. "It is true that Huawei's software engineering has room for improvement."

"Enhancing our software engineering capabilities is like replacing components on a high speed train in motion. It is a complicated and involved process, and will take at least three to five years to see tangible results. We hope the UK Government can understand this."

The 2019 annual report by HCSEC, which is expected to criticise the firm for ongoing security issues, is due in the coming months.

So far no national security agency has offered evidence of a backdoor in Huawei kit, and Germany's Federal Office for Information Security (BSI) recently emphasised that the company should be considered innocent until proven guilty. Less than a month ago politicians in Berlin were hinting that they may ban the Chinese company.

The allegations range from security risks, to breaking sanctions against Iran – charges levelled against the firm's CFO – to IP theft. The recent Grand Jury indictment stateside focuses on the latter, reviving details of the 2017 settlement which determined Chinese staff stole the arm of a screen-tapping robot, "Tappy", from T-Mobile US.

If Huawei maintains that's a one-off, an interesting Bloomberg report this week may make uncomfortable reading and indicates that potential theft of trade secrets has been under scrutiny by US authorities for some time – pre-dating current US prez Trump's Sinophobia. ®

Sponsored: Becoming a Pragmatic Security Leader




Biting the hand that feeds IT © 1998–2019