It may have made headlines, but there was little surprise that Huawei secured a contract with Russia’s MTS network operator this week to develop a 5G network over the coming year. In April, Moscow minister and CIO Eduard Lysenko told me that Huawei would be included in the country’s plans, adding that “the Russian Federation has strict information security regulations which we always follow,” when I quizzed him on the alleged security risks with Huawei. As I commented at the time, Moscow and Washington have different views on the threat to national security from Huawei’s alleged links with Beijing.
The deal announcement, which coincided with China’s Xi Jinping and Russia’s Vladimir Putin meeting in Moscow, was heralded by Huawei’s rotating chairman Guo Ping, who said he was “very happy to secure an agreement “in an area of strategic importance like 5G.” China itself also announced 5G licenses this week for China Telecom, China Mobile, China Unicom and China Broadcasting Network. Needless to say, Huawei is firmly locked in and they (alongside ZTE) will be the major equipment supplier—those contracts are as good as awarded.
And so to the divided world.
At the end of a week in which U.S. President Donald Trump and U.K. Prime Minister Theresa May discussed Huawei, with the U.S. intent on blocking the company’s access from the 5G networks of its closest ally, the Technical Director of Britain’s National Cyber Security Centre again slammed Huawei technology as “shoddy.”
Ian Levy told a conference that “Huawei as a company builds stuff very differently to their Western counterparts. Part of that is because of how quickly they’ve grown up, part of it could be cultural – who knows.” Asked whether that meant Huawei had greater technical issues than its western competition, Levy said, “what we have learned as a result of that, the security is objectively worse, and we need to cope with that… Certainly nothing is perfect, certainly, Huawei is shoddy, the others are less shoddy.”
This is not new news. Earlier this year, the U.K.’s dedicated Huawei Cyber Security Evaluation Centre reported that it “continued to identify concerning issues in Huawei’s approach to software development bringing significantly increased risk to U.K. operators.” But what is clear is that, despite promises to invest in improvements, U.K. officials are saying publicly that little has changed. “They have a lot of work to do, and I think they know that,” Levy said, conceding that “you wouldn’t expect to have, in six months since we published that report, less than that, them coming out going ‘we’ve fixed it.’ That would be unachievable.”
That said, in the 2019 report, the U.K.’s Huawei evaluation center also criticized the company for a lack of improvements since the publication of last year’s report. “No material progress has been made on the issues raised in the previous 2018 report,” the center reported, “meaning limited assurances that all risks to U.K. national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term.” So there is a pattern emerging.
The U.S. political backlash against the U.K. decision to allow Huawei into parts of its 5G network has taken politicians by surprise. It was a decision attributed to outgoing Prime Minister May, and so stands every chance of now being reversed. That the intel community is briefing out issues will not be coincidental timing.
And so to Google.
The biggest Huawei headlines over the last month have been reserved for the company’s flagship smartphone business. Various reports from Asia have suggested sharply declining shipment forecasts for the rest of 2019, as the company seeks to recover from the U.S. blacklisting that has seen its hardware and software supply chain suspend future collaboration.
The real hits to Huawei have come from Google, with its Android software and services, and ARM, with its ubiquitous smartphone chip designs. And while there has been some analysis on how realistic it would be for Huawei’s in-house chips to replace the more standard ones, there has been far more analysis and speculation on Hongmeng or Ark, the (possibly) imminent Android alternative OS.
Now, according to the Financial Times, Google has warned Washington of the potential risks to U.S. national security that might emerge from bespoke, unpatched Android systems on Huawei phones, or from an entirely different OS. The FT reports that “Google argues a Huawei-modified version of Android would be more susceptible to being hacked, according to people briefed on its lobbying efforts.”
The real issue, though, is that a Chinese alternative to the world’s most popular smartphone OS risks disrupting the global smartphone ecosystem. And while there may be risks of Chinese hacking, as reported by the newspaper, the real issue is a commercial one. U.S. companies already stand to lose significant income from Huawei’s blacklisting, a sea change in the entire smartphone ecosystem would take time to emerge, but would be immeasurably worse if it ever did so.
The FT quotes Google saying: “Like other U.S. companies, we’re engaging with the Department of Commerce to ensure we’re in full compliance with its requirements and temporary license. Our focus is on protecting the security of Google users on the millions of existing Huawei handsets in the US and around the world.” The Commerce Department responded: “This is not new to this administration, nor do these discussions influence law enforcement actions. The highest priority of the department and BIS remains the protection of our nation’s security.”
There are genuine national security risks at play in Huawei’s battle with Washington. But there is also the backdrop of a world that is dividing technologically. The internet is already very different in China than in the West. And Russia’s recent flirting with its own bespoke “emergency use only” internet that could disconnect from the wider web raised concerns that it might head in the same direction. This would clearly impact U.S. companies most given their dominant positions across a raft of internet hardware and software technologies.
For the U.S. this all throws yet more moving parts into an already complex area, including the very real risk that a divided internet will remove the liberating impact that the internet has had in some of the darkest corners of the world for a generation. As countries learn how to develop national firewalls, with China happy to show the way, we risk turning back the clock. And so, across both politics and economics, the question of macro priorities is about to become very real. In the meantime, there will remain a daily grind of small victories and threatened responses, with no sign of that changing anytime soon.