Slashdot Mirror
Europe Should Be Afraid of Huawei, EU Tech Official Says (reuters.com)
The European Union should be worried about Huawei and other Chinese technology companies because of the risk they pose to the bloc's industry and security, the EU's technology commissioner said on Friday. From a report: "Do we have to be worried about Huawei or other Chinese companies? Yes, I think we have to be worried about those companies," Andrus Ansip told a news conference in Brussels, days after a top executive at Chinese tech giant Huawei was arrested in Canada as part of an investigation into alleged bank fraud.
Huawei, which generated $93 billion in revenue last year and is seen as a national champion in China, faces intense scrutiny from many Western nations over its ties to the Chinese government, driven by concerns it could be used by Beijing for spying. Ansip said he was concerned because Chinese technology companies were required to cooperate with Chinese intelligence services, such as on "mandatory back doors" to allow access to encrypted data.
He also said those companies produce chips that could be used "to get our secrets." "As normal, ordinary people we have to be afraid," he said, adding he did not have enough information about the recent arrest in Canada.
Huawei, which generated $93 billion in revenue last year and is seen as a national champion in China, faces intense scrutiny from many Western nations over its ties to the Chinese government, driven by concerns it could be used by Beijing for spying. Ansip said he was concerned because Chinese technology companies were required to cooperate with Chinese intelligence services, such as on "mandatory back doors" to allow access to encrypted data.
He also said those companies produce chips that could be used "to get our secrets." "As normal, ordinary people we have to be afraid," he said, adding he did not have enough information about the recent arrest in Canada.
The European Telecommunications Standards Institute (ETSI) just came up with eTLS, a version of TLS1.3 that can be decrypted by middleboxes because it uses static keys instead of ephemeral keys from a DH key exchange. This eTLS version is to be used so that companies can decrypt TLS connections to inspect for viruses, information leaks, etc., but also so that data inspection requirements of law enforcement can be fulfilled. American companies are subject to American spy agencies and can be forced to implement backdoors that they cannot tell any of their customers about. The existence of National Security Letters leave not a shred more trust in these companies' products than the reign of the Chinese government over Huawei leaves in their products. Nobody's warning about using Erricson, Nokia, Alcatel, Juniper or Cisco in our networks. These are companies which are beholden to "the good guys", right? They are not more secure, but we can tell them to give us backdoor access. We cannot tell Huawei to open a network for us. I think that's the actual reason behind those warnings. Nobody is trustworthy. The difference is who will cooperate with us.