Tag Archives: politics

Five points on the deeply flawed U.S. Congress Huawei report

A U.S. Congressional committee released a broadside attack on the Chinese telecommunications firms Huawei and ZTE this week, charging that their products represent a security risk to the United States and recommending that U.S. government and private sector organizations avoid their products. The report followed about a year of investigation that included hearings and a fair amount of press coverage. Here, I offer some points on the report, which I believe is deeply flawed both in its analysis and in its positioning.

Communication infrastructure is definitely an important area for national security, and it is entirely possible that these firms and the Chinese government coordinate efforts to accomplish espionage or other activities. But I argue this report doesn’t get there, and that it seems designed to distract readers from its thin evidence (at least in the non-classified version we get to see). What it is not is a balanced examination of a risk. Five points and a conclusion follow.

Huawei seems to have decided not to provide much detailed information. This furthers the trust problem, and raises questions about government control of disclosures. 

The report charges: “One of the companies [Huawei] asserted clearly both verbally and in writing that it could not provide internal documentation that was not first approved by the Chinese government. The fact that Chinese companies believe that their internal documentation or information remains a ‘state secret,’ only heightens concerns about Chinese government control over these firms and their operations” (12). This is a legitimate point, though concerns about state secret disclosure are hardly unique to telecom firms, and the suggestion that the companies consider their internal documents state secrets is laughable: they are either afraid of bringing the wrath of their government, or this is a handy way to avoid disclosure. Given Huawei’s apparently ham-fisted and ever-changing attitude with the U.S. investigators, either seems possible to me.

A drastic rebuild of most public- and private-sector information infrastructure would be necessary to achieve the standard of security allegedly threatened by Huawei and ZTE.

Warning: tech-speak in this section. The problem with buying communications infrastructure rather than building it from scratch yourself is that you cannot, ever, be sure there is not a software backdoor baked into the machine. The report cites a classic speech by Ken Thompson in 1987 that outlines the fundamental challenge of backdoors in software: They can be detected in the source code, but our computers don’t run source code; they run compiled code, which can almost never be reverse engineered to reveal the underlying code. So all one needs for a backdoor is to insert it before the code is compiled for deployment. [update] Or, in Thompson’s example, the determined engineer could pack the vulnerability into the compiler itself. [/update] This means it’s entirely possible that I am typing on a compromised machine right now, that someone at Google has inserted something into Chrome, that someone at Cisco has compromised my VPN client, or that Apple’s operating system is vulnerable in secret ways. (I’m sure the U.S. government would never try to gain this kind of access.)

The report correctly notes that you don’t even need cooperation at the highest level to insert backdoors. “Even if the company’s leadership refused [a government] request, Chinese intelligence services need only recruit working-level technicians or managers in these companies” (3). So what would be necessary to build secure infrastructure? The report has it right, saying that monitoring would be needed “from design to retirement [including] aspects such as discrete technology components, their interactions, the human environment, and threats from the full spectrum of adversaries” (6–7). Great. How can we get this done? First, one would build a redundant monitoring system under a trusted hierarchy. Then, every piece of telecommunications infrastructure, from hardware and software at the user level to infrastructure at the network level, including both private and public sector machines, would need to be redesigned from the lowest level to the highest, then everyone using machines would need to be monitored—clearly not a realistic option. But without this level of effort, anything we do now will at best prevent new vulnerabilities.

The essence is this: No system will in itself ever be completely secure.

Committee staff either do not understand the Chinese business environment or actively seek to mislead others by suggesting that good loan terms and Communist Party committees are unusual.

For some reason, the report repeatedly cites what is essentially an opinion article reprinted by an Australian business magazine to make its case about Chinese state and Communist Party penetration in business. Though they also offer a couple of footnotes to Richard MacGregor’s excellent The Party, they for some reason quote this opinion piece by an adjunct professor at the University of Sydney named John Lee.

Lee’s article is not an evidence-based analysis, but an argument against Huawei being involved in Australian broadband projects. That’s just fine, but he is not an unbiased observer, and his expertise is not in business-government relations in China. A look at his publications suggests he is an analyst of international geopolitics, and he has a U.S. affiliation at a conservative-leaning think tank—again, fine, but hardly the source that an honest inquiry would seek for fine points of Chinese politics.

As another example, the report notes that the reclusive CEO of Huawei, Ren Zhengfei, was invited to be a member of of the National Congress of of the CPC in 1982 before he founded the company (23), and goes on to build a case that Huawei gets better-than-market loan terms. The report complains: “Huawei refuses to provide answers to direct questions about how this support was secured, nor does it provide internal documentation or auditable financial records to evaluate its claims that the terms of these agreements comply with standard practice and international trade agreements” (29).

There are two things going on in this quote. First, a reader unfamiliar with the Chinese business environment might think that good loan terms are rare for big Chinese companies, rather than easily available at various times. Second, we see a shift from implying that the “support was secured” through some murky method, over to an essentially unrelated complaint that they might not comply with international trade agreements—hardly the job of the House Intelligence Committee. This leads to my next point.

The committee spends much of the report on issues unrelated to intelligence or national security.

Entire sections of the report focus on claims that Huawei may have stolen intellectual property from Cisco, or that its affiliates may be working illegally in the United States, or that it may not be operating in full compliance with international economic agreements. These may be legitimate points, and they may be cause for litigation or regulatory penalties under U.S. law, but these points are all a distraction from the duties and purview of the House Intelligence Committee.

Further, they open up the report to charges of playing politics with national security. Such charges would hardly be avoidable in a campaign season or when dealing with the high-profile U.S.–China business relationship, but confusing the matter with these unrelated charges undermines the idea that the committee’s investigation and report are motivated by good-faith execution of its duties. The committee could even have referred these findings to the executive branch as a courtesy, without including them in the report.

This is perhaps the most frustrating element of the entire endeavor. It is entirely possible that there are very real concerns about using Huawei, ZTE, or other foreign-produced telecommunications equipment in sensitive roles in U.S. networks. The committee’s recommendation that “U.S. government systems, particularly sensitive systems, should not include Huawei or ZTE equipment, including component parts” is probably good policy, precisely because of uncertainty (vi).

But putting that recommendation next to (and indeed, below) a recommendation that the Committee on Foreign Investment in the United States (CFIUS) prevent these companies from acquiring or merging with U.S. firms—a major point of concern in U.S.–China business ties—undermines the security case by clouding motivations. It leads the reader to suspect ulterior motives, and it makes the committee’s recommendations less trustworthy even within the United States.

The report is seemingly written in an imaginary world where U.S. companies would readily disclose to the Chinese government their modes of cooperation with the U.S. government on surveillance efforts. 

Imagine this: “U.S. telecommunications companies provide an opportunity for the U.S. government to tamper with the Chinese telecommunications supply chain. That said, understanding the level and means of state influence and control of economic entities in the United States remains difficult. As U.S. analysts explain, state control or influence of purportedly private-sector entities in the United States is neither clear nor disclosed.” This statement is true, but all I did to write it was reverse the country names (11).

Perhaps the most gaping hole in this report, if it is to be viewed as any kind of overview of the situation, is the offensive side of U.S. intelligence efforts. The report elsewhere notes that analysts say China is responsible for the most cyber attacks of any country; I wonder what analysts without U.S. security clearance and therefore not subject to disclosure restrictions would say.

The point is that espionage is never exclusive to the other party. As a rule, every government is trying to gain information about the every other, and private companies that work with governments are likely to hide their efforts. Frustrated by what the committee saw as insufficient response to questions about government ties, the report remarks, “Any company operating in the United States could very easily describe and produce evidence of the federal entities with which it must interact, including which government officials are their main points of contact at those regulatory agencies” (22). Would Boeing or Northrop or Lockheed describe in detail their interactions with government? Perhaps the weasel word above is “must.” Sure, a U.S. defense contractor might happily describe its required interactions, but what about optional ones that lead to more business? How does candor work out when warrantless wiretaps are executed with the assistance of phone providers?

Conclusion: This report seeks to paint Huawei, ZTE, and China as shady, and asks the reader to trust that the classified portion of the report contains evidence of wrongdoing. 

It does not score highly for its analysis of Chinese business structures, nor realistic priorities for maintaining and improving security, nor for avoiding the perception of political bias and ulterior motives. This is a frustrating report, because the underlying issue is serious. It is frustrating because it could do damage to U.S.–China business ties that benefit both countries. And it is ultimately unrevealing except as an indicator of this committee’s agenda.

For better (if still largely one-sided) analysis from the U.S. government, see Northrop Grumman’s report to the U.S.–China Economic and Security Review Commission on China and cybersecurity. While this work still lacks introspection, it uses a broad source base and outlines potential threats without the name calling.

Pics: U.S. VP Joe Biden visits in Beijing neighborhood eatery

U.S. Vice President Joe Biden’s visit to Beijing is designed to lay the groundwork for later meetings between U.S. officials and rising leader Xi Jinping, who is currently Biden’s Chinese counterpart. Opting for a local favorite rather than a sterile array of table cloths and serving dishes, Biden made some waves on Weibo and in the U.S. media for mingling with local Beijing residents.

Evan Osnos has a write-up and a pool photo.


From Weibo, a picture in the vicinity, apparently while Biden was eating near the Drum Tower.


Someone's cell phone shot of the VP's party at Yaoji Chao Gan.

And from a past meeting between President Obama, President Carter, President Hu, and Vice President Biden:

President Barack Obama, along with President Hu Jintao of China, former First Lady Rosalynn Carter, and Vice President Joseph Biden, listen to former President Jimmy Carter during a reception in the Yellow Oval Room in the Residence of the White House, Jan. 19, 2011. (Official White House Photo by Pete Souza)

Compassion and political advertising: the RNC's new China ad

Evan Osnos pointed out a new advertisement that apparently marks the first use of China as a political tool in the 2012 U.S. presidential election. The advertisement imagines a future in which Barack Obama is reelected and paints a picture of increasing unemployment and higher debt to China.

Leave aside the irony of claiming debt will continue to rise while the same party is engaging in “hostage-taking” and brinksmanship in raising the debt ceiling. And even forget the presence of Hu Jintao, who is widely expected to be succeeded by Xi Jinping long before 2017, appearing before a large assembly of some kind in the ad.

This and the “Chinese Professor” ad from the 2010 midterm elections and seems to signal that at least some politicians will continue to use scare tactics about a rise of China to score domestic points.

I think it’s worth bearing in mind the humanist implications of demonizing a country that is home to about a fifth of the world population for nothing more than economic success. There are absolutely reasons to criticize China, but when the message is so simple as “they’re beating us, and that’s bad,” the humanity of those living across the Pacific can be forgotten.

Obama’s message of hope, change, and compassion has been criticized recently in light of what many see as an ineffectual middle-road approach to several significant national issues. I doubt any candidate in the near future will get far on a message that underlines the humanity of non-Americans, but that, I suppose, is the compassionate change I would hope for.

'Please Vote for Me' documentary and political culture

I’m in the midst of watching Please Vote for Me, a documentary based on elections for head student of an elementary school class in Wuhan, China. I am not the first to say it, but this is an excellent film. It does, however, come with a perspective.

Below: full video for both YouTube and Youku.

The message of the documentary seems to be that left to their own devices, children in China will display certain hallmarks of Chinese politics: factions, back-room deals, deception. Maybe I should write my blog post after the film’s over, but I’m going to do this instead: those things can be hallmarks of democracy, too.

Different viewers will read this differently, but the interesting question to me is how much of what we see is “Chinese,” and how much is just life. The children are evidently fairly well-off; one of the candidates for banzhang is the son of the police chief (of all Wuhan?). So whom does this represent? I don’t know.

One way or another, it’s well worth watching, whether you’re interested in Chinese politics or not. Below, the trailer, followed by the first segment of what appears to be the entire film posted on YouTube and Youku*. It is also available for streaming through Netflix.

And the beginning of the film. The Chinese notes that this is “banned in the Mainland.” (China viewers see below.)

Apparently not banned in China, here is what appears to be the full film on Youku (thank Angel Hsu for getting me to look for this).