Is Huawei listening?

Western governments are right to be very cautious about cyber security when it comes to firms like Huawei. Until the firm commits to greater transparency, the risks are too high.

It is now widely known that the US House of Representatives Permanent Select Committee on Intelligence released a year-long investigative report last week concluding that China ‘has the means, opportunity, and motive to use telecommunications companies for malicious purposes,’ and that Chinese companies such as Huawei and ZTE may not be free from state influence and therefore can not be trusted.

The response from the listed company ZTE – but still majority owned by the state – was muted. But Huawei was far more robust in its own defence. The company’s American spokesperson dismissed the findings as ‘China-bashing’. Editorials from Chinese state-backed newspapers such as China Daily condemned the report as ‘biased’ and motivated by ‘jealousy’ and ‘protectionism’. As one China Daily report put it, the decision tarnishes America’s reputation ‘as a fair and open one.’

Any survey of opinion and blog sites around the world will confirm that the US House Intelligence report is seen by many as paranoid and based on innuendo and ignorance. There was no evidence presented, at least in the public version of the report, that Huawei and ZTE had actually engaged in any illegal activity (even if the chairman hinted that such evidence did exist and will be handed to the proper American authorities.) But this mattered little since the ‘burden of proof’ was on Huawei and ZTE, as Alexander Liddington-Cox in Business Spectator(Huawei's legitimacy struggle, October 10) put it. The essence of this burden is to show that there Chinese companies operate independently of Chinese Communist Party (CCP) officials and the state.

My view is that putting the burden of proof on the Chinese companies was prudent and appropriate, and the basis for some of my reasoning is explained in a previous Business Spectator article, (The Other Side of Huawei, March 30). (This article was extensively cited in the House Committee report.) Additionally, as an observer of Committee proceedings over the past year, it is clear to me that the executives of Chinese firms did not come anywhere close to discharging their burden of proof. They should not be, and were not, surprised at the findings of the House Committee – even if the panel went several steps too far in wanting to ban Huawei and ZTE from all involvement in the ICT sector rather than just the bidding for major infrastructure network projects.

The threat and reality of cyber warfare and industrial espionage is very real and is already occurring with worrying frequency. Although entities in all countries engage in it, China now leads the world by a considerable degree when it comes to industrial theft and wholesale ‘data mining’ efforts of government, corporate and personal platforms throughout the world. Remember also that Beijing is even more suspicious of foreign, and particularly Western information and communications technology (ICT) companies, than is Washington for the same reasons outlined in the House Committee report; and imposes far more stringent bans against foreign firms operating in domestic ICT markets than does America. (This point offers an effective response to any accusations that suspicions of Huawei are paranoid or an instance of ‘China-bashing’.)

But the House Committee report was not a simple tit-for-tat exercise, and nor should it be. Its conclusions were based on the failure of Huawei and ZTE to successfully discharge their burden of proof throughout the investigation. A number of key questions were posed to their executives, in order to determine the extent of their independence from the CCP and Chinese state.

For example, every major private and state-owned corporation in China has a Party Committee within the company, which oversees interaction between the company and relevant state agencies. In designated ‘strategic sectors’ such as ICT, the interaction between the company’s Party Committee and state agencies such as the Ministries of Industry, Information Technology and Commerce is extensive. We also know that the corporate Party Committees of all major suppliers of ICT infrastructure and technologies to the People’s Liberation Army (PLA) – which includes Huawei – have significant interaction with the Ministries of National Defence and State Security. Indeed, it is well known that the corporate Party Committees occasionally include former and serving CCP officials.

Huawei and ZTE were asked to produce documents indicating the type of interaction these companies had with various Chinese ministries. An SOE, ZTE failed to do so on account that revealing such documents needed prior approval from the government. Huawei offered oral reassurances that interaction with state ministries were for standard regulatory purposes, but refused to give more details or proffer any meaningful documentary evidence. Huawei also failed to give meaningful information on the makeup of its Party Committee and the background of its members.

The American chapter of both companies were also asked to provide documentary evidence about the nature of interaction with their Chinese-based parent corporation. Once again, oral evidence that local chapters acted more or less independently were not supported by any documentary evidence – financial, corporate, administrative, or documents detailing interactions between American-based staff with parent company personnel.

Furthermore, both companies refused to submit documents about the extent of financial support offered to them by Chinese state agencies, even though the oral evidence given by their executives insisted that their rise had more to do with good strategy and lower costs than it did government largesse. That Huawei refused to submit documents detailing the company’s financial position and sources of credit only deepened suspicion that the company’s rapid growth is as much about privileged state assistance as it is about good strategy and execution.

Some commentators have argued that this line of inquiry is hypocritical since America offers many local firms generous support (subsidies, tax breaks etc.,) in order to gain domestic and global market share. But these criticisms miss the point of why these questions were asked. The extent of Chinese state support for domestic firms is indication of the extent to which they are viewed as ‘national champions’ – local firms that are often asked to carry out political and commercial directives in return for exclusive access to market opportunity, credit, tax breaks, subsidies, diplomatic and political representation, and other benefits. In a context where China is more active than any other country in developing its cyber warfare capability and engaging in cyber-based industrial espionage, the degree of intimacy between the Chinese state and its leading ICT companies is a very pertinent question.

The perception that the American investigative process was biased is understandable but not justified. The reality is that ICT competitors such as Sweden’s Ericsson or French-based Alcatel-Lucent would be able to satisfy the burden of proof in this context were it to be placed upon them. That a Swedish and French company stands to gain from the decision also weakens accusations that the decision was about protecting American firms. In the case of Huawei and ZTE, ardently insisting that it has nothing to hide is not the same as proving it. The evasiveness of both companies is also the inevitable consequence of the secretive and opaque system in China in which the CCP is active in participation in and oversight of every major economic sector. Even if Huawei or ZTE had the documents to prove that it is independent of the CCP and Chinese state, the production of these for foreign scrutiny would have to be cleared by relevant CCP committees – and this is rarely done.

What about the argument that both companies already have a huge global presence, thereby making a mockery of American suspicions? Advanced countries and firms have far more national and industrial secrets to protect than developing countries. Many American suspicions of Chinese ICT firms are mirrored by governments in Canada, Japan, South Korea and Australia. Senior intelligence officials in the United Kingdom privately admit that they cannot be sure that the safeguards they have in place – including the joint Cyber Security Centre that was setup with Huawei to monitor all equipment – will adequately safeguard the country’s cyber integrity following Huawei’s recent deals with British companies such as BT.

It is true that absolute cyber-security in a world of global supply chains is impossible – Western firms will regularly use Huawei or ZTE components. But it is a matter of reducing the level of risk. Trusting vertically integrated Chinese ICT companies such as Huawei are just several paces too far for many governments of advanced economies. Meanwhile, the Chinese parent companies of Huawei and ZTE have so far rejected listing on Western stock exchanges even though doing so would significantly improve transparency in terms of their financial relationships, operations, managerial appointment policies and backgrounds of key executives.

There are several upshots to all this. One important one is that distrust of Chinese ICT firms will only serve to exacerbate broad fears about Chinese foreign direct investment in countries such as America and Australia. The links between even large private firms and the CCP is an unavoidable by-product of getting ahead in China, and transparency is a problem and will remain so whilst its political-economy remains as it is. The trick for the government and regulatory authorities is to work out when these realities matter, and just as important, when it doesn’t.

In rare instances such as Huawei delivering substantial parts of the National Broadband Network, the risks are real and significant. Just as irrational fear of foreign capital and ownership is detrimental to Australian economic interest, some members of the business community do themselves and the country a disservice by pretending (or believing) that all national security and interests are nonsensical concerns of the paranoid. Fortunately, for a foreign capital dependent economy like ours the risks are low or negligible in the vast majority of cases; and this includes the sale of Cubbie Station to a Chinese-led consortium.

Why? Because transferring geopbytes of stolen data to China is one thing, but removing Cubbie Station from the outskirts of Dirranbandi is another.

Dr John Lee is the Michael Hintze Fellow and Adjunct Associate Professor at the Centre for International Security Studies, Sydney University, and a non-resident senior scholar at the Hudson Institute in Washington DC.