U.S. telecoms that are building networks should steer clear of buying equipment from two private Chinese firms with ties to the Communist government, according to a congressional report that is based on a year-long investigation into the firms.
Huawei Technologies Co. and ZTE Corp. should be viewed with “suspicion,” according to a report released by the House intelligence committee, due to concerns that their network equipment could help the Chinese government spy on U.S. communications or engage in cyberwarfare. The two companies should be barred from access to any sensitive U.S. networks and from acquiring other U.S. firms, the 52-page report says, according to the Los Angeles Times, which obtained an advance look at the report.
The report also accuses Huawei of exhibiting a “pattern of disregard for the intellectual property rights” of other companies, though provides no evidence to back this claim in the unclassified portion of the report. According to the Times, the report contains a classified annex, but the newspaper did not describe what is contained in the annex.
“If I were an American company today … and you are looking at Huawei, I would find another vendor if you care about your intellectual property, if you care about your consumers’ privacy, and you care about the national security of the United States of America,” House intelligence committee chairman Mike Rogers (R-Michigan) told 60 Minutes on Sunday, in speaking about his committee’s investigation.
The two companies are global leaders in manufacturing routers, switches and other hardware that serves as the backbone of communications networks, and also make mobile phones. Concerns about backdoors in their equipment have dogged the two firms for a while. ZTE acknowledged earlier this year that it had placed a backdoor in its ScoreM handset, which sells as a Google Android phone. The company said it used the backdoor to remotely update its firmware. Manufacturer backdoors, however, create security risks since they allow anyone else with knowledge of the hardcoded password to access a ScoreM phone and gain root access to steal data or spy on communications.
Both companies have been questioned extensively about backdoors in their equipment, but have denied any wrongdoing or any intention to spy. Congressional investigators say, however, that the companies have failed to provide adequate assurances that they can be trusted.
“Despite hours of interviews, extensive and repeated document requests, a review of open-source information, and an open hearing with witnesses from both companies, the committee remains unsatisfied with the level of cooperation and candor provided by each company,” the report says. “Neither company was willing to provide sufficient evidence to ameliorate the committee’s concerns.”
Though Huawei claims to be a privately owned company, the Communist Party Committee maintains offices inside the company’s headquarters in China, according to 60 Minutes.
Asked by correspondent Steve Kroft if Huawei would spy on U.S. telecommunications if the Chinese government asked them to, Jim Lewis, senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies, said, “Here [in the U.S.], companies are used to, you know, throwing their weight around and telling the government what to do. In China, a company is a Chia pet. The state tells them what to do, and they do it.”
The issue of placing backdoors in network equipment is a tricky one for U.S. lawmakers to navigate since a longstanding federal law known as CALEA requires all telecommunications in the U.S., including many VOIP systems, to provide the ability for wiretapping by law enforcement. The same rules now also apply to the internet, following FBI pleas to the Federal Communications Commission to make it easier for law enforcement to tap online communications.
In practice, this means that all carrier-grade networking equipment sold worldwide comes with built-in capabilities to wiretap citizens, no matter what country they live in. Computer security experts have long pointed out that such capability can be hijacked by others to intercept communications.
As for the issue around the Chinese government pressuring private companies to help it spy, the Bush Administration has been accused of the same coercion when it pressured AT&T and Verizon to help it wiretap Americans after 9/11 without obtaining warrants. Both companies complied with the secret and illegal program, and were later given immunity by U.S. lawmakers for their actions.