Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
EU Security Network United Kingdom Technology

Huawei Would Accept EU Supervision To Lay 5G Network (techradar.com) 101

An anonymous reader quotes a report from TechRadar: Huawei has said it is willing for its equipment and activities to be supervised by the European Union (EU) as it continues to fend off the threat of restrictions on the use of its kit in 5G networks. Last year it emerged the US, which has long frozen out the company from its own telecommunications infrastructure, had been encouraging other western nations to take similar action. The main basis for Washington's fears is a perception that Huawei is linked to the Chinese government and that the use of the company's equipment risks the possibility of backdoors that could be used for espionage. These fears are heightened by 5G because of the sensitive information these networks will carry. The US is concerned that if its allies continue to use Huawei kit, then America's security will be threatened.

Now, Abraham Liu, Huawei's chief representative to EU institutions, has used a speech to mark the Chinese New Year to repeat the company's denials and to stress its willingness to cooperate with the EU and European governments. "Cybersecurity should remain as a technical issue instead of an ideological issue. Because technical issues can always be resolved through the right solutions while ideological issue cannot," he is quoted as saying. "We are always willing to accept the supervision and suggestions of all European governments, customers and partners." A number of European nations, including the UK and Germany, have expressed concern about the use of Huawei equipment in their telecoms infrastructure, however earlier this week, France rejected proposals that would increase checks
Last week, Huawei pledged to spend about $2 billion over five years to resolve the security issues in the United Kingdom. However, they also claimed that the firm "has never and will never use UK-based hardware, software or information gathered in the UK or anywhere else globally, to assist other countries in gathering intelligence." They added: "We would not do this in any country."
This discussion has been archived. No new comments can be posted.

Huawei Would Accept EU Supervision To Lay 5G Network

Comments Filter:
  • by bogaboga ( 793279 ) on Sunday February 10, 2019 @12:40PM (#58099384)

    ...Washington's fears is a perception that Huawei is linked to the Chinese government and that the use of the company's equipment risks the possibility of backdoors that could be used for espionage...

    (...bold mine...)

    ...I do not think it's got any moral ground or otherwise, to dictate Europe's direction or priorities.

    As we discuss this [important] issue, let's remember that the USA has been *cough* *caught* *cough* spying on allies through one of its 3 letter agencies. That's fact, which I hope will be taken as precedent.

    What we are talking about here though, are mere possibilities.

    Further, no one can guarantee a completely safe telecommunications regime anywhere; or is there?

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Sunday February 10, 2019 @12:46PM (#58099416)
    Comment removed based on user account deletion
    • by Freischutz ( 4776131 ) on Sunday February 10, 2019 @12:54PM (#58099458)

      Recall that Huawei isn't just on the US ban-list due to supposed state espionage fears. They've also been accused of stealing intellectual property from Nortel, Cisco, and possibly Motorola (source [networkworld.com]). It wouldn't be outrageous to assume they have targeted Ericsson, Nokia, or Alcatel-Lucent as well.

      Worse, given the opaque relationship between Huawei and the Chinese government, we have no idea how much of that corporate espionage was performed by government teams, an issue the US has been fighting for some time (source [wired.com]), nor how much financial support the government is providing to subsidize pricing.

      In short, banning Huawei is probably a good idea for those more mundane reasons alone.

      In view of the fact that Huawei spying for the Chinese govt. is so far mostly speculation but that the US has been caught with it's pants down planting backdoors in the equipment of US manufacturers and that we have no idea to what extent these US companies were actually cooperating with the NSA backdooring operations, I'd say that there is a stronger case for banning Nortel, Cisco, Motorola, and friends than there is for banning Huawei. That being said I'm still not willing to trust Huawei even as far as I can throw them.

    • by AmiMoJo ( 196126 )

      If Europe wants 5g but doesn't want Huawei, it will have to steal Huawei's IP. Or maybe licence it at considerable cost.

      This is just the US trying to hurt China in the on-going trade war, but as usual it's going to be worse for the US in the long run. The Chinese saw this coming a mile away, it was just a matter of time.

  • by Gravis Zero ( 934156 ) on Sunday February 10, 2019 @12:56PM (#58099464)

    Unless every component (both hardware and software) is being produced with total oversight (which it is not), then this agreement is a farce. Huawei can promise anything and everything, sign legally binding agreements, etc and you still couldn't trust them because they are based out of China. This is important because Chinese national security law gives the state (China) absolute authority in all matters when it comes to tech companies.

    Besides, once they are widely installed, what are you going to do when you find out they can no longer be trusted (after a system-wide software update), rip out the entire infrastructure?

    I said it before and I'll say it again, dictators only pretend to play fair.

    • Besides, once they are widely installed, what are you going to do when you find out they can no longer be trusted (after a system-wide software update), rip out the entire infrastructure?

      There's only one thing that would make this make the slightest sense, and that's to demand full, compilable/installable sources for all components, and also full documentation of all of the silicon — and also inspectors embedded in the company to make sure that the silicon is being produced from the provided data. Anything even slightly less invalidates the entire concept.

      • Comment removed based on user account deletion
        • It is possible to obfuscate subtle bugs within your code, so even if the EU had access to the source, it would require an incredibly thorough audit of the code. Just look at how multiple audits of open source packages such as openssl continue to turn up subtle, exploitable bugs that have been undetected for years. Finding those issues can be quite challenging.

          Yes, but this is an issue even for in-house software development, so that really doesn't change the situation from home-grown.

    • I said it before and I'll say it again, dictators only pretend to play fair.

      I'm struggling with this entire post. Replace Huawei with Cisco and China with the USA and your post still makes perfect sense.

      • I'm struggling with this entire post. Replace Huawei with Cisco and China with the USA and your post still makes perfect sense.

        That's a good argument for any nation with the means to develop their own communications infrastructure. And also for any nation with the means to develop the means to do so. And also for OSS comms infrastructure wherever it is feasible. But it's not a valid argument against being concerned about employing Huawei equipment, so it boils down to whataboutism.

      • I'm struggling with this entire post.

        Then you haven't been keeping up with the status of things in China.

        Replace Huawei with Cisco and China with the USA and your post still makes perfect sense.

        Except national security laws don't put the state in control of the corporations. The closest thing they have is NSLs which can be fought in court (thus undermining their secrecy) and have clear restrictions on them. In China, you cannot refuse because government actors are on the board of directors and refusal to comply is completely unheard of because they will go after you and your family.

        • Except national security laws don't put the state in control of the corporations.

          Wow! Like have you not paid attention to anything that has been going on in the past few years in the USA? I mean next you're going to tell me that the USA government is unable to issue an order on a private corporation without any judicial oversight under the guise of national security.

          • NSL argument aside, the USA is an ally to the EU and China is not. Also, it's not a binary option. The EU could produce it's own hardware. Why the focus on the US when the subject is China?

            • NSL argument aside

              No. This is fundamental.

              the USA is an ally to the EU and China is not.

              The USA has been caught red handed spying on it's allies in the EU. China has not (though undoubtedly it happens).

              Why the focus on the US when the subject is China?

              Nice deflection, but the subject is not China. The subject is risk of technology being rolled out in Europe. You're quick to attack China under the premise that there is an alternative. So what's that alternative? Better the devil who pretends to be your ally with whom you have a struggling trade relationship and who constantly criticises your security over the devil with

              • Nice deflection, but the subject is not China. The subject is risk of technology being rolled out in Europe.

                Actually, the subject is Huawei rolling out 5G in the EU. China is the actor in this instance and thus subject to scrutiny. This has nothing to do with the US.

                You're quick to attack China under the premise that there is an alternative. So what's that alternative?

                The EU can build their own network using their own equipment made by their own companies. You act as if they are a bunch of invalids that need someone else to do it for them.

      • On a side note, what this whole Huawei story should - but unfortunately will not - do is provide more evidence to our Congress as to why government-mandated back doors to encryption are untenable.

        You shouldn’t have to trust the physical network. Good encryption shouldn’t rely on the network being secure - good encryption would mean even a government with direct taps into the network would not be able to decipher the communication going on. They would, at best, be able to determine the end points

    • Re: (Score:2, Insightful)

      All phone calls are monitored and recored by NSA and others anyway in Europe.
      Who the fuck cares if a chinese company inserts another back door?

      • by Anonymous Coward

        Because if a chinese company is involved the NSA will lose access. Nuff said.

      • Who the fuck cares if a chinese company inserts another back door?

        Everyone that recognizes it would increase the power and influence of China's dictatorship.

        • Everyone that recognizes it would increase the power and influence of China's dictatorship.
          And who the fuck cares about the chinese internal affairs?

          It does not matter if China steals my data from the NSA or gets it via a backdoor ...

          What matters would be a denial of service attack ... so: make sure you have many vendors, and a redundant network.

          • Everyone that recognizes it would increase the power and influence of China's dictatorship.
            And who the fuck cares about the chinese internal affairs?

            Their internal affairs are not the issue here, it's their external power and influence that is at the heart of the matter.

            It does not matter if China steals my data from the NSA or gets it via a backdoor ...

            Would it matter if China steals all the IP from your corporations and then starts sinking your economy by churning out replicas of similar or higher quality at the same time your country does? That's the goal of the China 2025 initiative: to make everything in China by 2025 and become a major exporter or goods.

            What matters would be a denial of service attack

            The only people worried about a DoS attack from China are those who don't und

            • You are an idiot.

              it's their external power and influence that is at the heart of the matter.
              They have ICBMs and nuclear submarines that can bomb the US since the mid 1950s.

              Would it matter if China steals all the IP from your corporations and then starts sinking your economy by churning out replicas of similar or higher quality at the same time your country does?
              No it would not.

              That's the goal of the China 2025 initiative: to make everything in China by 2025 and become a major exporter or goods.
              Obviously. An

    • It is breathtaking to see such xenophobic racism modded up to +5 on Slashdot. What did Trump do with his trade war to people's brains? A year ago nobody would dare say something like this, it would be at -1 Troll. "Can't trust those shifty Chinese" is old-fashioned Yellow Peril rhetoric going back to Fu Manchu.
      • by Gravis Zero ( 934156 ) on Sunday February 10, 2019 @03:12PM (#58100144)

        It is breathtaking to see such xenophobic racism modded up to +5 on Slashdot.

        This has nothing to do with xenophobia, nor racism. I do not trust the Chinese government which has been employing statism. The Chinese people are just as much victims of their government as anyone.

        What did Trump do with his trade war to people's brains?

        Nothing. That guy is soon to be exposed as a criminal and will be headed to jail.

        A year ago nobody would dare say something like this, it would be at -1 Troll.

        Literally, no. There has been news about the wrongdoing and human rights violations by the Chinese government for much longer than a year. This isn't something new.

        • Nobody was bashing China until Trump's trade war started. Then there was this weird shift and now everyone has jumped on the xenophobia bandwagon. Suddenly it's all about jingoistic patriotism and we must not allow "those dirty foreigners" to contaminate our precious bodily 5G fluids. The NSA has been caught red-handed doing the exact same thing. The head of the NSA lied to Congress about it. Wikileaks confirms: [wikileaks.org]

          On March 12, 2013, Director of National Intelligence James Clapper told Congress that intel of

          • Nobody was bashing China until Trump's trade war started.

            Actually, that's not quite right. We've been frienemies with China for a while and have always been wary of them and consistently critical. After the China was changed to a full on dictatorship any allusions of legitimacy were removed. China's spying and IP theft have become increasingly exposed while awareness of just how much stuff is hackable and/or does spy on you has gone through the roof. As such, we know that China's efforts to build any kind of electronic infrastructure in a foreign nation is a

          • Nobody was bashing China until Trump's trade war started.

            *spits out coffee* ...What in tarnation?! Are you actually serious?! For *decades*, the Western world has lamented China's absolute disregard for human rights and equality in favor of keeping the Communist party in power without a single soul to question their power domestically. There's *plenty* of reports of Party officials "disappearing" or "harmonizing" dissidents within their country for daring to question the Party's authority.

            You somehow manage to drag Trump (whom is a massive ignoramus, but that is

            • China wasn't the subject of this massive hate campaign until Trump's trade war started. Now suddenly everyone's on the train. It's weird. A coincidence, I'm sure.
              • by jwymanm ( 627857 )
                You are out of your mind. We've been waiting for an administration to do something about it other than look a blind eye toward it. It's been out in the open for over a decade at least. The problem is the amount of profit to be made in China made companies getting actively stolen from even look the other way. They can't not keep putting their hand in the cookie jar no matter how many times they get a beating. It's almost funny actually. I don't blame China for doing it look where they come from in such a sho
    • Besides, once they are widely installed, what are you going to do when you find out they can no longer be trusted (after a system-wide software update), rip out the entire infrastructure?

      It's significantly worse than that, because making the hardware means they can add things like backdoor'd chips, and hidden coprocessors with full access to everything the normal processor can see. They wouldn't even need a malicious software update because every piece of hardware is compromised from the start.

      • Yes, there are many ways to go about it. The trick is to do it and get away with it. I have no doubt the UK's intel agency will be tearing one of these down to ensure the hardware is what they claim.

        • Doubtful, the UK isn't exactly known for their chip architecture expertise and even if they were there's only a handful of people in the world who could spot hardware-level backdoors of that nature with the full chip layout in a logical diagram, let alone slices of the actual hardware+photos. It would take the best chip designers well over a decade to verify such a thing - and they're likely to have lots of different chips in the hardware devices.
          • Doubtful, the UK isn't exactly known for their chip architecture expertise

            Riiiight. There is a little known company called ARM in the UK. You may have heard of them.

            Anyway, if they didn't find anything do you honestly think they would be satisfied? It seems far more likely they would start out with distributing sample to all the intel agencies in EU an Five Eyes for analysis because they are all facing the same threat.

            As for the rest:
            A) You don't have to RE entire chips to find backdoors. Hell, sometimes you don't even have to take them apart.
            B) If they aren't using something

            • As for the rest: A) You don't have to RE entire chips to find backdoors. Hell, sometimes you don't even have to take them apart. B) If they aren't using something novel then we already know what to look for.

              You absolutely do have to take apart the chips, and frequently sample a non-negligable chunk of incoming components to ensure they match the audited version.
              Documents can be forged, especially with the collusion of both the corporation and host government aiming to forge them.

              • You absolutely do have to take apart the chips

                Nope. It's possible to find hidden "features" without disassembly by bombarding a processor with data and in looking to see if you trigger unexpected behavior. I'm not saying it always works, I'm saying it works with some types of hardware backdoors.

                • Nope. It's possible to find hidden "features" without disassembly by bombarding a processor with data and in looking to see if you trigger unexpected behavior. I'm not saying it always works, I'm saying it works with some types of hardware backdoors.

                  Without 100% coverage it's not a security audit, it's a false sense of security. Anything this high level is going to be immune to that sort of attack.

                  • reading is fundamental! "I'm not saying it always works, I'm saying it works with some types of hardware backdoors."

                    • reading is fundamental! "I'm not saying it always works, I'm saying it works with some types of hardware backdoors."

                      Yes, reading is fundamental, so is context. The context here is a nation auditing another nation known to introduce security holes and backdoors into every system they create prior to purchase an implementation over a tentative ~5 year timespan on prior to the time required to perform those audits or even have an oversight team in place at the manufacturer. Anything less than 100% coverage in this context is not a security audit, it is a false sense of security at best.

  • and be done with it.

    Huawei should put on the Internet all the source code, microcode and whatever for each device they want to sell into the EU and to the 5-eyes, under the GPL.

    That ought to be enough to quell concerns? And since they are Chinese manufacturers themselves, nobody will undercut them on price, right? ;-)

    • Just publish the source code and be done with it.

      Huawei should put on the Internet all the source code, microcode and whatever for each device they want to sell into the EU and to the 5-eyes, under the GPL.

      Still wouldn't help if they are employing the use of hardware backdoors or simply push out a secret firmware update to the entire system. GPL also won't help because China owns a HUGE amount of 5G patents and could sue you for even using their code.

  • by QuietLagoon ( 813062 ) on Sunday February 10, 2019 @01:58PM (#58099812)
    Is the ongoing effort to supervise Huawei worth the trouble and expense?
  • The exploitation of the systems will happen in software, so unless they deliver ALL of their source and that sourceâ(TM)s resulting compiled binaries are verified for backdoors / exploitable vulns, this offer is disingenuous bullshit.
  • They won't accept any supervision by the EU. They will conquer the EU.

  • I laugh every time I read something like "Huawei is linked to the Chinese government". Well duh! Businesses in China exist because the government let them. When the Chinese government asks a business to jump there are two options "ask how high" or shutdown you business. As a result there are only two types of Chinese tech companies in China, those that spy for the government and those that have not be asked to yet. There is no such thing as a Chinese tech company that has been asked to spy for the gove
    • by ffkom ( 3519199 )
      And this is different how to the espionage collaboration of US companies with the US government? To the customers of Microsoft, Cisco and alike it does not make any difference if there are theoretical possibilities that a US company could try to challenge a "national security letter", in practice they are just as servile to their government as are Chinese companies to theirs.
      • by ukoda ( 537183 )
        The difference is the management of a USA company can chose to challenge the USA government and the worst that could happen is they would be forced to do it. If you live in China you do not get to challenge the government. The Chinese government does not make requests it makes demands. There is no court process to challenge it, you either do what is requested immediately and without question or go to jail. Once in jail you may never come out.

        I have lived in China and on a day to day basis the people
        • by ffkom ( 3519199 )

          The difference is the management of a USA company can chose to challenge the USA government and the worst that could happen is they would be forced to do it.

          And yet Microsoft and Cisco did not even try to challenge anything but gladly helped their fellow spies.

          Also the USA government is PR risk adverse.

          They did spy on their "friends", including prominent politicians like chancellor Merkel, and didn't give a fuck about the negative repercussions. Even went to the extent to clearly state they did not intend to sign any "no-spy" agreement, ever - and that with what are supposed to be "allies".

          The allegations against Huawei are just that: Allegations - while at the same time we know for sure that the US di

          • by ukoda ( 537183 )
            The question asked was how the US company behavior was different from the Chinese company. The fact that Microsoft and Cisco choose to behave badly was their choice and they should be embarrassed by such choices. I personal would not trust either of them with my secrets. The point was they had a choice, Huawei don't have a choice. If they are not spying today they could be tomorrow, it is not something they get to choose.
  • They should technology transfers from Huawei. I think something like that has been done before.

  • open up their source code for peer scrutiny

  • This is not about America selling goods. Apparently, not a one of our telephony companies produces 5G equipment, except the spec, and base chips. As such, you would be buying only EU and Japanese equipment. If produced in your nations, I'm sure it will be secured. This equipment is used by NATO. I suspect that NATO will refuse to use your lines, if they are rewarded as unsecured.
  • open the door to that room over there. That's um unsafe chemical storage yeah. Yeah because you can't hide the fact you'll be funneling traffic back to China or pay off inspectors.. geez
  • So we have published cases of the USA having back doors in some of their products....and apparently that's OK because it's the USA, yet we have no concrete evidence that Huawei have back doors in their products, only the USA's paranoid speculation - yet everyone who's considered an "ally" have to do as they're told and avoid Huawei too?

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...