Huawei Would Accept EU Supervision To Lay 5G Network (techradar.com) 101
An anonymous reader quotes a report from TechRadar: Huawei has said it is willing for its equipment and activities to be supervised by the European Union (EU) as it continues to fend off the threat of restrictions on the use of its kit in 5G networks. Last year it emerged the US, which has long frozen out the company from its own telecommunications infrastructure, had been encouraging other western nations to take similar action. The main basis for Washington's fears is a perception that Huawei is linked to the Chinese government and that the use of the company's equipment risks the possibility of backdoors that could be used for espionage. These fears are heightened by 5G because of the sensitive information these networks will carry. The US is concerned that if its allies continue to use Huawei kit, then America's security will be threatened.
Now, Abraham Liu, Huawei's chief representative to EU institutions, has used a speech to mark the Chinese New Year to repeat the company's denials and to stress its willingness to cooperate with the EU and European governments. "Cybersecurity should remain as a technical issue instead of an ideological issue. Because technical issues can always be resolved through the right solutions while ideological issue cannot," he is quoted as saying. "We are always willing to accept the supervision and suggestions of all European governments, customers and partners." A number of European nations, including the UK and Germany, have expressed concern about the use of Huawei equipment in their telecoms infrastructure, however earlier this week, France rejected proposals that would increase checks Last week, Huawei pledged to spend about $2 billion over five years to resolve the security issues in the United Kingdom. However, they also claimed that the firm "has never and will never use UK-based hardware, software or information gathered in the UK or anywhere else globally, to assist other countries in gathering intelligence." They added: "We would not do this in any country."
Now, Abraham Liu, Huawei's chief representative to EU institutions, has used a speech to mark the Chinese New Year to repeat the company's denials and to stress its willingness to cooperate with the EU and European governments. "Cybersecurity should remain as a technical issue instead of an ideological issue. Because technical issues can always be resolved through the right solutions while ideological issue cannot," he is quoted as saying. "We are always willing to accept the supervision and suggestions of all European governments, customers and partners." A number of European nations, including the UK and Germany, have expressed concern about the use of Huawei equipment in their telecoms infrastructure, however earlier this week, France rejected proposals that would increase checks Last week, Huawei pledged to spend about $2 billion over five years to resolve the security issues in the United Kingdom. However, they also claimed that the firm "has never and will never use UK-based hardware, software or information gathered in the UK or anywhere else globally, to assist other countries in gathering intelligence." They added: "We would not do this in any country."
Whereas the USA is entitiled to its concerns... (Score:3, Insightful)
...Washington's fears is a perception that Huawei is linked to the Chinese government and that the use of the company's equipment risks the possibility of backdoors that could be used for espionage...
(...bold mine...)
As we discuss this [important] issue, let's remember that the USA has been *cough* *caught* *cough* spying on allies through one of its 3 letter agencies. That's fact, which I hope will be taken as precedent.
What we are talking about here though, are mere possibilities.
Further, no one can guarantee a completely safe telecommunications regime anywhere; or is there?
Re: (Score:1)
Are you aware that when US came to Europe, Germany was already being defeated...
Germany was losing on the Russia-front and slowly losing step in Europe...
Without the US, it would have taken one or two more year but Germany would have been eventually defeated...
And US soldiers were no angels... they raped many women... And after that, US "helped" Europe with Marshall's plan which consisted in lending Europe money to have Europe buy them thing that it should have been able to quickly produce... making Europe indebpted by the way.
So Europe would probably have been better without US intervention...
I don't know if Europe would have "been better without US intervention" in WWII. The consequences of "What if" history is difficult to guess. However, you are correct to point out that the US soldiers weren't uniformly White Knights. And, yes, you are correct to point to the WWII timeline that shows when the US landed in Normandy, Germany was about to die anyway.
It's very sad the typical American has such a distorted view of WWII history. It doesn't need to be propagandized as much as it is. But it's not
Comment removed (Score:5, Insightful)
Re:Intelectual property theft (Score:5, Insightful)
Recall that Huawei isn't just on the US ban-list due to supposed state espionage fears. They've also been accused of stealing intellectual property from Nortel, Cisco, and possibly Motorola (source [networkworld.com]). It wouldn't be outrageous to assume they have targeted Ericsson, Nokia, or Alcatel-Lucent as well.
Worse, given the opaque relationship between Huawei and the Chinese government, we have no idea how much of that corporate espionage was performed by government teams, an issue the US has been fighting for some time (source [wired.com]), nor how much financial support the government is providing to subsidize pricing.
In short, banning Huawei is probably a good idea for those more mundane reasons alone.
In view of the fact that Huawei spying for the Chinese govt. is so far mostly speculation but that the US has been caught with it's pants down planting backdoors in the equipment of US manufacturers and that we have no idea to what extent these US companies were actually cooperating with the NSA backdooring operations, I'd say that there is a stronger case for banning Nortel, Cisco, Motorola, and friends than there is for banning Huawei. That being said I'm still not willing to trust Huawei even as far as I can throw them.
Re: (Score:2)
"In view of the fact that Huawei spying for the Chinese govt. is so far mostly speculation" - No, it isn't. They're a wholly owned subsidiary of the Chinese government and the spying IN PLAIN SIGHT is documented over 6 times. You're a moron.
It's you who is a moron. Firstly I vividly remember stating that I don't trust Huawei even as far as I can throw them Secondly, the fact that they are owned by the Chinese govt. does not prove they are spying on their customer base. But by all means, do amaze us with your secret trove of evidence of Huawei's spring activities. Perhaps in the form of a torrent file to a multi gigabyte tarball of data?
Re: (Score:2)
Absurd. Accusations against Huawei are not mostly speculation. Then you pull a whataboutism with speculation on the US government, and claim the latter is a stronger case.
Either that post is nationalism or a troll, because it isn't internally consistent, let alone truthful.
Really? https://www.reuters.com/articl... [reuters.com]
Re: (Score:2)
If Europe wants 5g but doesn't want Huawei, it will have to steal Huawei's IP. Or maybe licence it at considerable cost.
This is just the US trying to hurt China in the on-going trade war, but as usual it's going to be worse for the US in the long run. The Chinese saw this coming a mile away, it was just a matter of time.
It's a moot point. This is a beachhead. (Score:5, Insightful)
Unless every component (both hardware and software) is being produced with total oversight (which it is not), then this agreement is a farce. Huawei can promise anything and everything, sign legally binding agreements, etc and you still couldn't trust them because they are based out of China. This is important because Chinese national security law gives the state (China) absolute authority in all matters when it comes to tech companies.
Besides, once they are widely installed, what are you going to do when you find out they can no longer be trusted (after a system-wide software update), rip out the entire infrastructure?
I said it before and I'll say it again, dictators only pretend to play fair.
Re: (Score:2)
Besides, once they are widely installed, what are you going to do when you find out they can no longer be trusted (after a system-wide software update), rip out the entire infrastructure?
There's only one thing that would make this make the slightest sense, and that's to demand full, compilable/installable sources for all components, and also full documentation of all of the silicon — and also inspectors embedded in the company to make sure that the silicon is being produced from the provided data. Anything even slightly less invalidates the entire concept.
Re: (Score:2)
Re: (Score:2)
It is possible to obfuscate subtle bugs within your code, so even if the EU had access to the source, it would require an incredibly thorough audit of the code. Just look at how multiple audits of open source packages such as openssl continue to turn up subtle, exploitable bugs that have been undetected for years. Finding those issues can be quite challenging.
Yes, but this is an issue even for in-house software development, so that really doesn't change the situation from home-grown.
Re: (Score:2)
I said it before and I'll say it again, dictators only pretend to play fair.
I'm struggling with this entire post. Replace Huawei with Cisco and China with the USA and your post still makes perfect sense.
Re: (Score:2)
I'm struggling with this entire post. Replace Huawei with Cisco and China with the USA and your post still makes perfect sense.
That's a good argument for any nation with the means to develop their own communications infrastructure. And also for any nation with the means to develop the means to do so. And also for OSS comms infrastructure wherever it is feasible. But it's not a valid argument against being concerned about employing Huawei equipment, so it boils down to whataboutism.
Re: (Score:2)
I'm struggling with this entire post.
Then you haven't been keeping up with the status of things in China.
Replace Huawei with Cisco and China with the USA and your post still makes perfect sense.
Except national security laws don't put the state in control of the corporations. The closest thing they have is NSLs which can be fought in court (thus undermining their secrecy) and have clear restrictions on them. In China, you cannot refuse because government actors are on the board of directors and refusal to comply is completely unheard of because they will go after you and your family.
Re: (Score:3)
Except national security laws don't put the state in control of the corporations.
Wow! Like have you not paid attention to anything that has been going on in the past few years in the USA? I mean next you're going to tell me that the USA government is unable to issue an order on a private corporation without any judicial oversight under the guise of national security.
Re: (Score:2)
NSL argument aside, the USA is an ally to the EU and China is not. Also, it's not a binary option. The EU could produce it's own hardware. Why the focus on the US when the subject is China?
Re: (Score:2)
NSL argument aside
No. This is fundamental.
the USA is an ally to the EU and China is not.
The USA has been caught red handed spying on it's allies in the EU. China has not (though undoubtedly it happens).
Why the focus on the US when the subject is China?
Nice deflection, but the subject is not China. The subject is risk of technology being rolled out in Europe. You're quick to attack China under the premise that there is an alternative. So what's that alternative? Better the devil who pretends to be your ally with whom you have a struggling trade relationship and who constantly criticises your security over the devil with
Re: (Score:2)
Nice deflection, but the subject is not China. The subject is risk of technology being rolled out in Europe.
Actually, the subject is Huawei rolling out 5G in the EU. China is the actor in this instance and thus subject to scrutiny. This has nothing to do with the US.
You're quick to attack China under the premise that there is an alternative. So what's that alternative?
The EU can build their own network using their own equipment made by their own companies. You act as if they are a bunch of invalids that need someone else to do it for them.
Re: (Score:2)
On a side note, what this whole Huawei story should - but unfortunately will not - do is provide more evidence to our Congress as to why government-mandated back doors to encryption are untenable.
You shouldn’t have to trust the physical network. Good encryption shouldn’t rely on the network being secure - good encryption would mean even a government with direct taps into the network would not be able to decipher the communication going on. They would, at best, be able to determine the end points
Re: (Score:2, Insightful)
All phone calls are monitored and recored by NSA and others anyway in Europe.
Who the fuck cares if a chinese company inserts another back door?
Re: (Score:1)
Because if a chinese company is involved the NSA will lose access. Nuff said.
Re: (Score:2)
Who the fuck cares if a chinese company inserts another back door?
Everyone that recognizes it would increase the power and influence of China's dictatorship.
Re: (Score:2)
Everyone that recognizes it would increase the power and influence of China's dictatorship.
And who the fuck cares about the chinese internal affairs?
It does not matter if China steals my data from the NSA or gets it via a backdoor ...
What matters would be a denial of service attack ... so: make sure you have many vendors, and a redundant network.
Re: (Score:2)
Everyone that recognizes it would increase the power and influence of China's dictatorship.
And who the fuck cares about the chinese internal affairs?
Their internal affairs are not the issue here, it's their external power and influence that is at the heart of the matter.
It does not matter if China steals my data from the NSA or gets it via a backdoor ...
Would it matter if China steals all the IP from your corporations and then starts sinking your economy by churning out replicas of similar or higher quality at the same time your country does? That's the goal of the China 2025 initiative: to make everything in China by 2025 and become a major exporter or goods.
What matters would be a denial of service attack
The only people worried about a DoS attack from China are those who don't und
Re: (Score:2)
You are an idiot.
it's their external power and influence that is at the heart of the matter.
They have ICBMs and nuclear submarines that can bomb the US since the mid 1950s.
Would it matter if China steals all the IP from your corporations and then starts sinking your economy by churning out replicas of similar or higher quality at the same time your country does?
No it would not.
That's the goal of the China 2025 initiative: to make everything in China by 2025 and become a major exporter or goods.
Obviously. An
Re: (Score:3)
Re:It's a moot point. This is a beachhead. (Score:5, Insightful)
It is breathtaking to see such xenophobic racism modded up to +5 on Slashdot.
This has nothing to do with xenophobia, nor racism. I do not trust the Chinese government which has been employing statism. The Chinese people are just as much victims of their government as anyone.
What did Trump do with his trade war to people's brains?
Nothing. That guy is soon to be exposed as a criminal and will be headed to jail.
A year ago nobody would dare say something like this, it would be at -1 Troll.
Literally, no. There has been news about the wrongdoing and human rights violations by the Chinese government for much longer than a year. This isn't something new.
Re: (Score:2)
Re: (Score:2)
Nobody was bashing China until Trump's trade war started.
Actually, that's not quite right. We've been frienemies with China for a while and have always been wary of them and consistently critical. After the China was changed to a full on dictatorship any allusions of legitimacy were removed. China's spying and IP theft have become increasingly exposed while awareness of just how much stuff is hackable and/or does spy on you has gone through the roof. As such, we know that China's efforts to build any kind of electronic infrastructure in a foreign nation is a
Is this for real? (Score:1)
Nobody was bashing China until Trump's trade war started.
*spits out coffee* ...What in tarnation?! Are you actually serious?! For *decades*, the Western world has lamented China's absolute disregard for human rights and equality in favor of keeping the Communist party in power without a single soul to question their power domestically. There's *plenty* of reports of Party officials "disappearing" or "harmonizing" dissidents within their country for daring to question the Party's authority.
You somehow manage to drag Trump (whom is a massive ignoramus, but that is
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Besides, once they are widely installed, what are you going to do when you find out they can no longer be trusted (after a system-wide software update), rip out the entire infrastructure?
It's significantly worse than that, because making the hardware means they can add things like backdoor'd chips, and hidden coprocessors with full access to everything the normal processor can see. They wouldn't even need a malicious software update because every piece of hardware is compromised from the start.
Re: (Score:2)
Yes, there are many ways to go about it. The trick is to do it and get away with it. I have no doubt the UK's intel agency will be tearing one of these down to ensure the hardware is what they claim.
Re: (Score:1)
Re: (Score:2)
Doubtful, the UK isn't exactly known for their chip architecture expertise
Riiiight. There is a little known company called ARM in the UK. You may have heard of them.
Anyway, if they didn't find anything do you honestly think they would be satisfied? It seems far more likely they would start out with distributing sample to all the intel agencies in EU an Five Eyes for analysis because they are all facing the same threat.
As for the rest:
A) You don't have to RE entire chips to find backdoors. Hell, sometimes you don't even have to take them apart.
B) If they aren't using something
Re: (Score:1)
As for the rest: A) You don't have to RE entire chips to find backdoors. Hell, sometimes you don't even have to take them apart. B) If they aren't using something novel then we already know what to look for.
You absolutely do have to take apart the chips, and frequently sample a non-negligable chunk of incoming components to ensure they match the audited version.
Documents can be forged, especially with the collusion of both the corporation and host government aiming to forge them.
Re: (Score:2)
You absolutely do have to take apart the chips
Nope. It's possible to find hidden "features" without disassembly by bombarding a processor with data and in looking to see if you trigger unexpected behavior. I'm not saying it always works, I'm saying it works with some types of hardware backdoors.
Re: (Score:1)
Nope. It's possible to find hidden "features" without disassembly by bombarding a processor with data and in looking to see if you trigger unexpected behavior. I'm not saying it always works, I'm saying it works with some types of hardware backdoors.
Without 100% coverage it's not a security audit, it's a false sense of security. Anything this high level is going to be immune to that sort of attack.
Re: (Score:2)
reading is fundamental! "I'm not saying it always works, I'm saying it works with some types of hardware backdoors."
Re: (Score:1)
reading is fundamental! "I'm not saying it always works, I'm saying it works with some types of hardware backdoors."
Yes, reading is fundamental, so is context. The context here is a nation auditing another nation known to introduce security holes and backdoors into every system they create prior to purchase an implementation over a tentative ~5 year timespan on prior to the time required to perform those audits or even have an oversight team in place at the manufacturer. Anything less than 100% coverage in this context is not a security audit, it is a false sense of security at best.
Just publish the source code (Score:1)
Huawei should put on the Internet all the source code, microcode and whatever for each device they want to sell into the EU and to the 5-eyes, under the GPL.
That ought to be enough to quell concerns? And since they are Chinese manufacturers themselves, nobody will undercut them on price, right? ;-)
Re: (Score:2)
Just publish the source code and be done with it.
Huawei should put on the Internet all the source code, microcode and whatever for each device they want to sell into the EU and to the 5-eyes, under the GPL.
Still wouldn't help if they are employing the use of hardware backdoors or simply push out a secret firmware update to the entire system. GPL also won't help because China owns a HUGE amount of 5G patents and could sue you for even using their code.
Anything to get that foot in the door... (Score:3)
Supervision is worthless (Score:1)
Huwawei is owned by the Chicom government (Score:1)
They won't accept any supervision by the EU. They will conquer the EU.
Chinese company is linked to the goverment? (Score:2)
Re: (Score:2)
Re: (Score:2)
I have lived in China and on a day to day basis the people
Re: (Score:2)
The difference is the management of a USA company can chose to challenge the USA government and the worst that could happen is they would be forced to do it.
And yet Microsoft and Cisco did not even try to challenge anything but gladly helped their fellow spies.
Also the USA government is PR risk adverse.
They did spy on their "friends", including prominent politicians like chancellor Merkel, and didn't give a fuck about the negative repercussions. Even went to the extent to clearly state they did not intend to sign any "no-spy" agreement, ever - and that with what are supposed to be "allies".
The allegations against Huawei are just that: Allegations - while at the same time we know for sure that the US di
Re: (Score:2)
Tech transfer (Score:2)
They should technology transfers from Huawei. I think something like that has been done before.
open source (Score:2)
open up their source code for peer scrutiny
Don't do it EU (Score:2)
Just don't (Score:2)
No proof? (Score:2)