White House-Ordered Review Finds No Evidence of Huawei Spying
Congress isn’t the only branch of the federal government that’s worried about the Chinese networking company Huawei’s presence in the U.S., though as yet there’s no evidence that the company’s gear does anything to warrant that worry.
A little more than a week after the House Intelligence Committee issued a stinging report that fanned the flames of official worry about Huawei and another company, ZTE, it emerged today that the White House ordered a separate review that found no evidence that equipment produced by either company had been used to spy for China. Reuters moved a story on the report a few hours ago.
Rather than spying, it turns out that Huawei’s gear suffers from the same kind of arguably unintended security vulnerabilities that occasionally crop up and that could in theory be exploited by hackers with the proper knowledge. The trick question — which is sort of an indicator of the multi-layered gray areas that make these questions so hard to answer — is whether or not someone put those vulnerabilities there on purpose.
What tends to happen in the cloak-and-dagger world is that multiple layers exist between the people who would want certain actions taken — poking around a sensitive network — and the people who actually do the work. Some freelance hackers in China — or practically any other country for that matter — just might, the theory goes, be working for China’s People’s Liberation Army but not even really know who’s paying them. And if you read enough spy novels you can probably imagine a bunch of other theoretical scenarios in which a vulnerability that’s there “by mistake” could be put to use by someone with a certain amount of plausible deniability.
The review was pretty detailed and was conducted by asking questions of more than 1,000 people in the telecom industry, people who would have noticed any serious and overt funny business going on with the equipment.
So now two government reviews have expressed reservations about Huawei, but neither has been able to say exactly what makes them so uneasy.
I’ve already expressed my theory: That it’s the U.S. government’s own history in this area and its direct knowledge of what can be done. Examples include malware like Stuxnet, Flame and Gauss, to name but a few.
Huawei maintains that it would never allow its equipment to be misused for the benefit of a third party. And even though it is now the world’s largest manufacturer of telecom equipment, its hopes to expand more widely into the U.S. market just got incrementally more complicated.