US Congress Rules Huawei a 'Security Threat'

dgharmon writes with the lead from a story in the Brisbane Time: "Chinese telecom company Huawei poses a security threat to the United States and should be barred from US contracts and acquisitions, a yearlong congressional investigation has concluded. A draft of a report by the House Intelligence Committee said Huawei and another Chinese telecom, ZTE, 'cannot be trusted' to be free of influence from Beijing and could be used to undermine U.S. security."

Don't panic

[Chrisq]

Don't panic. If you have a Huawei phone just fill a bucket with water and drop the phone in. After 12 hours you can safely dispose of t in the bin. Then go and buy a phone made in the West like the ....uhm ..... well ... do without a phone.

Re:Don't panic

If past actions are anything to go by this stance actually says "We know that our electronics cannot be trusted to be free from US influence and therefore we cannot assume that a foreign nations electronics will be."

Re:Don't panic

[javilon]

They are opening a can of worms.

Obviously, the US has been doing exactly that. There are documented cases of back doors introduced into US software and hardware. It could bite them back with other countries using exactly the same argument against them.

I do not fault the US for defending their interests. It is clear that China will use all opportunities available to them, exactly as US did. But they are going to face the same issues that countries like Iran face now. They can use foreign technology that is better than domestic products, or they can try to stop it from entering the country. The fact is that US is quickly becoming irrelevant in hardware manufacturing, so it is a difficult call.

What seems clear is that this won't be good for the economy since it will be interpreted as tariffs by the other side.

Re:Don't panic

[Divebus]

China practically invented the category of Gov't spyware in electronics. Be careful what you say in front of your Chinese made toaster.

Re:Don't panic

China practically invented the category of Gov't spyware in electronics

Whereas the USA is content with bugging the Chinese premier's aeroplane...

Perhaps China should have placed Boeing, Dee Howard and Rockwell-Collins on their "security threat" list.

Re:Don't panic

[shentino]

I'm pretty sure that China would not mind punishing US citizens for insulting the chairman anymore than the United States would not mind busting Chinese citizens for patent and copyright infringement.

Re:Don't panic

[shentino]

Not that China would care anyhow not to do it anyway, but sinking to their level would only justify them.

Re:Don't panic

[shentino]

Interesting that sovereign nations are not really any more civilized with each other than savages in the jungle are.

Re:Don't panic

[bmo]

I am serious and not serious.

I am serious in implying that we taught the Chinese well.

--
BMO

Re:Don't panic

[Andy+Dodd]

After my experience with a Huawei S7 - Regardless of spying paranoia, this is the only valid thing to do with a Huawei product.

Re:Don't panic

[gr8_phk]

The fact is that US is quickly becoming irrelevant in hardware manufacturing, so it is a difficult call.

It's an easy call and should have been made years ago. You don't let other countries build your infrastructure be it telecoms, miltary, energy, etc...
And yes, it can be tough to bring the jobs back. But that's the battle you have after outsourcing everything including your own prosperity.

Same applies to US

[Seeteufel]

I guess the same applies to companies like IBM, AT&T and Microsoft in the European Union, companies which undermine our domestic security (see the IBM Lotus Notes backdoor scandal in Sweden) and seek to influence our law makers. In particular AT&T with their lobbying for censorship rules and Microsoft which does not disclose the source code of its applications to the IT security agencies and undermines open source and open standards policies --- as if they were part of the European constituency. Oh, and don't mention the OOXML case.

Re:Same applies to US

[scdeimos]

You forgot Cisco, who is so in-bed with the US government that they caused an ex-Cisco employee to be arrested while sitting in a Canadian court room. Glass houses, me thinks.

Re:Same applies to US

[shentino]

Just because it is foolish to throw stones while in a glass house doesn't necessarily bring honor to the one who built that house, or the one that put you in it.

Biting the hand that feeds you is foolish, but it doesn't prove the hand is honorable.

Security threat to the United States

[Kinky+Bass+Junk]

Sure, if by 'security threat' you mean 'economic threat', and by 'United States' you mean 'Motorola'.

Re:Security threat to the United States

They aren't talking about smart phones, they are talking about infrastructure telecom components.

Re:Security threat to the United States

[Kinky+Bass+Junk]

You say that as though I read the summary.

Re:Security threat to the United States

[dkleinsc]

by 'United States' you mean 'Motorola'.

No, they probably mean 'AT&T', which just happens to be the 3rd largest campaign contributor in the country:

This is great!

[Alex+Belits]

Other government will eventually do the same to Microsoft, following the logic that US always accuses its enemies of everything it does.

Re:This is great!

And banning MS anywhere in the world would be bad how? If they switch to Linux and start talking about how much better it is the world would benefit.

A step forward

[gmuslera]

Now all the other governments of the world should ban Microsoft for being a security threat and things could become far better for most of the people. Even could be considered "a national security threat", played a major role in Stuxnet/Flame/etc targetted attacks, where US agencies could had been involved.

In fact, with that argument most US based software companies could be banned outside, unless by licence (i.e. open source ones) you can get all the source, recompile and deploy it yourself. And that includes embedded software devices

Re:A step forward

[Charliemopps]

If the Chinese government is using Windows for their government computers, they're fucking insane. In fact, we're insane for using it. Closed source is not secure. Period. Closed source and compiled in a foreign country? Absolutely bat shit crazy.

Re:A step forward

[cavreader]

And pray tell what SW would all the countries use to run their businesses. Evidently you have not seen the chaos caused by companies trying to migrate just one application from a MS platform to another. There are millions of custom Windows business applications that would need to be re-engineered and the expense would be prohibitive to say the least. And No, running apps under Wine or any other virtual environment is not an acceptable solution because all it does is add another layer of code between the application and the system running it. Mass changeovers would still need to re-test all of your applications to make sure they work properly. Advocating wholesale changes in application environments just because you hate MS is extremely stupid. shortsighted, and evidence of a lack of experience when it comes to providing IT services in the business world. And you are living in a geek dreamworld if you believe you can just take source code, compile it, deploy it, and expect it to actually work. The majority of Open Source applications are just poor imitations of proprietary coded applications. And don't forget that there would need to be mass re-training of the IT staff so they are capable of supporting an entirely new environment. What MS could do and should do is close it's foreign offices that are currently providing a large number of jobs throughout the EU. Maybe that will force them to build their own shit instead of using lawsuits to create their revenue stream.

Re:A step forward

[drinkypoo]

And pray tell what SW would all the countries use to run their businesses. Evidently you have not seen the chaos caused by companies trying to migrate just one application from a MS platform to another

All I hear you saying is that we should impede progress and let criminals get away with crime because some people are too stupid to choose Open standards that will permit a migration to another platform, later. Fuck them. They didn't do their homework, and they chose Microsoft, and that's how we got here to begin with. Why should the rest of us continue to pay for their bad decisions? We don't keep automakers going just because people won't be able to buy spares.

Re:A step forward

[Alex+Belits]

I am sure, governments will have no problems with actually doing that.

Regular users rely on large numbers of people reading each of those lines, what is much better than what happens with proprietary software.

Re:A step forward

[cavreader]

No I am just living in the real world where people such as yourself do not have a clue about the massive amount of work it takes to move applications to entirely different platforms. And exactly who are you paying for other peoples bad decisions? All the major software companies use different approaches to get their applications into the market place. Apple locks down their entire ecosystem. MS built their user base because they catered to the developers who create applications. The more people developing on their platform translates into more companies using the MS platform. One of MS's greatest products was the introduction of VB. VB was not a technological wonder by any means but at the time it created an environment where anyone with half a brain could build an application. This resulted in growing the user base. Prior to this developers needed to use C/C++ to build PC based applications which is much more complicated.
I have been developing for over 26 years and my primary criteria for selecting a particular technology is determining if the technology meets my particular requirements. Selecting technology based upon which company provided the technology is idiotic.

Re:A step forward

[Charliemopps]

http://www.itworld.com/security/281553/researcher-warns-stuxnet-flame-show-microsoft-may-have-been-infiltrated-nsa-cia
That's how.

Is the free trade not so fun anymore?

[miffo.swe]

First off i have a very hard time believing backdoors are built in the large networks they sell. In complex systems like that its next to impossible to hide things in the long run. Anything suspicious would have been found in the audits.

This looks like a try at restricting import with arbitrary reasons without any substance behind them. I am sure many countries smile at this as they get to block American goods like GM corn etc citing safety reasons, and now they can use US own rhetoric.

Re:Is the free trade not so fun anymore?

[JustOK]

Who builds the audit tools?

Re:Is the free trade not so fun anymore?

[amiga3D]

Free trade? It's a slogan not a reality. Governments the world over subsidize their industries. If you think backdoors don't exist in systems like this you're very naive. If I had anything I was worried about keeping secret I'd never use anything I didn't compile inhouse after a long, serious search of the source.

Re:Is the free trade not so fun anymore?

[DarkOx]

First off i have a very hard time believing backdoors are built in the large networks they sell

Really? After stuxnet, flame, you think that?

Fact is most of that network hardware gets a great deal less scrutiny than desktop software gets. A much smaller number of people use it directly, far fewer security folks get access to it.

Even if backdoors are not deliberately inserted its beyond reason to think exploits don't exist somewhere. Now what would the Chinese government's security arm do if they discovered a useful reliable exploit? Probably exactly what our own did/does and create things like stuxnet. Oh and if you could work something like that into the network layer it would be way way harder to spot than at the application layer.

Re:Is the free trade not so fun anymore?

[querist]

"Care to explain why the Communist party of China has offices inside of Huawei's headquarters?"

Sure. They do that with most large institutions from what I've seen when in China. There's a Party office in all of the universities, too. It allows the Party to keep an eye on things as well as serve as a liaison between the institution and the government when needed. Also, since companies are responsible for handing certain things for their employees that we would not necessarily consider companies doing here in the USA, the Party office helps administer those things as well. It's no huge conspiracy or anything like that. It is just a government that has more direct interaction with people's lives than people in the US would think is normal.

I've been to China many times (mostly to universities) and these Party offices are nothing unusual there.

The idea of "keeping an eye on things" may fit into various conspiracy theories. All I know from my many trips to China about those Party offices is what I've been told by my fellow professors, by the graduate students I taught, and by my friends and colleagues over there.

Irony

[Dr_Barnowl]

I'm told this is ironic because the reason that Huawei got started was because the Chinese did all sorts of experiments with Cisco gear and determined that they couldn't trust them because of all the backdoors they had to accommodate US agencies.

The Chinese needed network gear they could trust, they'd been tearing the Cisco gear down for a while to check them for back doors, so they just went the whole hog and started their own router company.

The main reason that the US *know* that the Huwaei gear has back doors in it is probably because they are the same back doors cloned from the Cisco gear, but with different encryption keys.

Re:Irony

[QQBoss]

I was teaching Huawei how to design in the PowerPC CPUs for their first switch designs in 1998, so your timing is about right. I was doing the same for Cisco starting around mid-1994. Their ice cream ping parties were great.

Lobbying

[amiga3D]

Hauwei should have started lobbying harder sooner. They spent over 800 million this year but only 200 million last year. Well, if they keep it up things will turn around. Gotta grease those palms in DC to get what you want.

Re:Lobbying

[amiga3D]

Damn! It should have been 800 thousand not million. My bad. I read it off a blog then checked it out after my post. Bad on me for trusting a blogger. I know better and still quoted them. Ack!

The Terrorists Win If You Have 4G?

[rmdingler]

So we'll get our new 4G LTE system where? Per the 60 Minutes segment that aired last night, there is no U.S. company capable of providing the infrastructure. They named a French, Chinese and perhaps a Swedish company as the only options.

Re:The Terrorists Win If You Have 4G?

[EmagGeek]

LTE is not 4G.

The only implementation of 4G that exists is LTE-Advanced, which is not deployed anywhere in the United States.

Re:The Terrorists Win If You Have 4G?

[kh31d4r]

Currently you are buying most of it from Sweden.

About Time....

[NormAtHome]

That the US Government officially took notice of Chinese efforts to spy on and undermine the US; wasn't all that fake Cisco equipment that ended up in the department of defense enough of a wake up call.

The very fact Huawei has government connections...

[MtViewGuy]

....Is why they will have trouble selling their networking hardware in much of the world. If Huawei wasn't founded by a ex-Chinese military official, that might be a different story.

How Was This Arbitrary Again?

[eldavojohn]

First off i have a very hard time believing backdoors are built in the large networks they sell. In complex systems like that its next to impossible to hide things in the long run. Anything suspicious would have been found in the audits.

I think you underestimate the creativity of the people who make networking gear.

This looks like a try at restricting import with arbitrary reasons without any substance behind them. I am sure many countries smile at this as they get to block American goods like GM corn etc citing safety reasons, and now they can use US own rhetoric.

That's fine. The US House Committee is claiming that Huawei and ZTE receive billions from the Chinese government and are able to subsidize their products with that money so that they can be the lowest bidder to foreign countries. That's not entirely arbitrary as they're not claiming the same thing against Foxconn or Asus. If you want to say Monsanto receives government subsidiaries as tax credits or whatever, you're probably right but so does almost every other international company headquartered out of the United States. Want to place an embargo on the United States? Go right ahead, Iran and Cuba seem to be doing okay. Personally, I think the safety concerns against GM corn are enough to block it and I think they should continue along that line of reasoning -- what economic conspiracy do you have for keeping GM corn out?

This hearing was open and is completely available on YouTube if you want to rebut more specific claims by the committee. I like listening to the Huawei guy, he's pretty humorous, he says that they will not under any conditions jeopardize the integrity of their networks for any third party or government ... yeah, like you sell networking gear in China and you can say that? Please.

Is the free trade not so fun anymore?

Oh, give me a break. Free trade? Are you serious? It's not fun when the most populous country in the world is artificially manipulating its markets, controlling what its currency trades at internally and creating its own companies that are traipsing around claiming to be private companies ... christ, the tariffs and tax laws surrounding international business are so complicated, there's no point in calling any of this "free trade" in any sense of the words.

Re:How Was This Arbitrary Again?

[QQBoss]

That's fine. The US House Committee is claiming that Huawei and ZTE receive billions from the Chinese government and are able to subsidize their products with that money so that they can be the lowest bidder to foreign countries. That's not entirely arbitrary as they're not claiming the same thing against Foxconn or Asus. If you want to say Monsanto receives government subsidiaries as tax credits or whatever, you're probably right but so does almost every other international company headquartered out of the United States. Want to place an embargo on the United States? Go right ahead, Iran and Cuba seem to be doing okay. Personally, I think the safety concerns against GM corn are enough to block it and I think they should continue along that line of reasoning -- what economic conspiracy do you have for keeping GM corn out?

Would it bother you too much if I pointed out that Foxconn (Hon Hai Precision Industry Co., Ltd., actually, Foxconn is the trade name) and Asus are both Taiwanese companies, and the USA generally considers Taiwan to not be a part of China (at least for purposes of defense and business). Perhaps you meant Lenovo and ... never mind, China doesn't have an ODM anywhere close to Foxconn.

Symantec (as in Norton Antivirus) & Huawei

[Neptunes_Trident]

Thought I'd throw this out there. http://en.wikipedia.org/wiki/Huawei_Symantec and this http://www.huaweisymantec.us/ and this http://www.nytimes.com/2012/03/27/technology/symantec-dissolves-alliance-with-huawei-of-china.html?_r=0 Is the alliance is over?

Re:I wonder how many Republicans...

[kh31d4r]

None. Everyone knows that Republicans can't read.

Bullshit. They read the bible, which is how they know the Earth is only 3,000 years old and Jesus buried the phony dinosaur bones that we dig up.

They think it's ~6000 years old. Are you republican by any chance?

Re:The very fact Huawei has government connections

[QuantumRiff]

To be fair, the DOJ blocked them from buying sourcefire (the commercial part of Snort) for that very reason in 2006: http://www.linuxplanet.com/linuxplanet/reports/6399/1

And by security you mean

[gelfling]

Apple didn't want to tangle with them in a predatory lawsuit that even if they won they'd never see a dime, so they simply lobbied Congress to keep them out.

Do your worst!

[freeze128]

The worst my Chineese-made toaster could do is burn down my house.

Anybody got details?

[evilviper]

Anybody here evaluated Huawei equipment, or otherwise know more details about the reported issues of it sending "beacons" or "relaying data" back home, or the "anomolies" that appear to be backdoors? The real good stuff seems to be locked-up in that "classified" section we don't get to see...

  http://www.ctpost.com/news/article/China-high-tech-firms-deny-spying-before-Congress-3861472.php

I'm assuming there's something more than just the bugs exposed at defcon:

  http://www.computerworld.com/s/article/9229785/Hackers_reveal_critical_vulnerabilities_in_Huawei_routers_at_Defcon

This story was on "60 Minutes" last night

[acoustix]

60 Minutes covered this story on Sunday night. The House Intelligence Committee is right to have suspicions of Huawei.

I believe the video is the same that aired on TV.