5 February 2019

The US is worried about China spying via Huawei because it did the same in the past

By John Detrixhe

The US is again warning its allies about the risks of using telecom equipment made by China’s Huawei. American officials have briefed their counterparts in countries like Germany, Italy, and Japan about what they argue are potential cybersecurity risks, according to the Wall Street Journal (paywall). This follows previous warnings, such as a claim earlier this year that American citizens shouldn’t use Huawei’s phones.

The US may be concerned about Chinese government influence embedded in Huawei’s technology because America’s spy agencies have done the same thing in the past.

Western governments have long been wary of Huawei, which was founded by Ren Zhengfei, a former People’s Liberation Army soldier. (The recent arrest of Huawei CFO Meng Wanzhou, who is Zhengfei’s daughter, over allegations of violating of Iran trade sanctions is apparently separate to concerns about cyber espionage.)

Shenzhen-based Huawei, founded in 1987, has grown into the world’s largest supplier of telecom network equipment, beating out firms like Cisco, Ericsson, and Nokia. Critics see Huawei as a possible Trojan horse that, once embedded in international communications systems, could provide opportunities for Chinese government spying or remote control of vital telecom systems. Huawei has vigorously denied these claims.

American officials have reportedly used this strategy in the past. One example goes back to the late 1980s, when cryptography—previously a tightly controlled technology monopolized by the military—was spreading from academia to commercial businesses. As personal computers caught on, tech companies needed a way to secure data and information from hackers and other criminals who might want to steal it. Lotus Notes, a database company, used cryptography to secure its users’ information. But exporting software using high-grade cryptographic techniques was subject to US State Department controls at the time.

When Lotus Notes sought to sell its products abroad, the National Security Agency leaned on it to use a weaker version of cryptography in its product, according to Stephen Levy’s book Crypto. After years of discussions, the NSA allowed Lotus Notes to ship its product for export using 32-bit encryption, compared with a 64-bit version in the domestic version. At the time, cracking 64-bit encryption through brute force (computers cycling through ever possible key combination) was seen as just about impossible.

But 32-bit encryption was far more vulnerable, especially against the NSA’s supercomputers which, even then, could easily crack such codes within days, according to Levy’s book. The 32-bit version was so weak that even well-resourced thieves could break the encryption within 60 days using personal computers—a timeframe that everyone knew would get shorter as computing power became cheaper, faster, and more widely available.

Fast forward to 2018, and anxieties about Huawei’s telecom equipment have risen as the world prepares to switch to 5G networking technology. Huawei has been at the forefront of developing 5G tech.

Given their own past behavior, the handwringing by American officials makes sense. The US push to influence encryption in the private sector suggests that there are good reasons to think China could do the same with homegrown technologies.

No comments: