Tag Archives: Trade

Five points on the deeply flawed U.S. Congress Huawei report

A U.S. Congressional committee released a broadside attack on the Chinese telecommunications firms Huawei and ZTE this week, charging that their products represent a security risk to the United States and recommending that U.S. government and private sector organizations avoid their products. The report followed about a year of investigation that included hearings and a fair amount of press coverage. Here, I offer some points on the report, which I believe is deeply flawed both in its analysis and in its positioning.

Communication infrastructure is definitely an important area for national security, and it is entirely possible that these firms and the Chinese government coordinate efforts to accomplish espionage or other activities. But I argue this report doesn’t get there, and that it seems designed to distract readers from its thin evidence (at least in the non-classified version we get to see). What it is not is a balanced examination of a risk. Five points and a conclusion follow.

Huawei seems to have decided not to provide much detailed information. This furthers the trust problem, and raises questions about government control of disclosures. 

The report charges: “One of the companies [Huawei] asserted clearly both verbally and in writing that it could not provide internal documentation that was not first approved by the Chinese government. The fact that Chinese companies believe that their internal documentation or information remains a ‘state secret,’ only heightens concerns about Chinese government control over these firms and their operations” (12). This is a legitimate point, though concerns about state secret disclosure are hardly unique to telecom firms, and the suggestion that the companies consider their internal documents state secrets is laughable: they are either afraid of bringing the wrath of their government, or this is a handy way to avoid disclosure. Given Huawei’s apparently ham-fisted and ever-changing attitude with the U.S. investigators, either seems possible to me.

A drastic rebuild of most public- and private-sector information infrastructure would be necessary to achieve the standard of security allegedly threatened by Huawei and ZTE.

Warning: tech-speak in this section. The problem with buying communications infrastructure rather than building it from scratch yourself is that you cannot, ever, be sure there is not a software backdoor baked into the machine. The report cites a classic speech by Ken Thompson in 1987 that outlines the fundamental challenge of backdoors in software: They can be detected in the source code, but our computers don’t run source code; they run compiled code, which can almost never be reverse engineered to reveal the underlying code. So all one needs for a backdoor is to insert it before the code is compiled for deployment. [update] Or, in Thompson’s example, the determined engineer could pack the vulnerability into the compiler itself. [/update] This means it’s entirely possible that I am typing on a compromised machine right now, that someone at Google has inserted something into Chrome, that someone at Cisco has compromised my VPN client, or that Apple’s operating system is vulnerable in secret ways. (I’m sure the U.S. government would never try to gain this kind of access.)

The report correctly notes that you don’t even need cooperation at the highest level to insert backdoors. “Even if the company’s leadership refused [a government] request, Chinese intelligence services need only recruit working-level technicians or managers in these companies” (3). So what would be necessary to build secure infrastructure? The report has it right, saying that monitoring would be needed “from design to retirement [including] aspects such as discrete technology components, their interactions, the human environment, and threats from the full spectrum of adversaries” (6–7). Great. How can we get this done? First, one would build a redundant monitoring system under a trusted hierarchy. Then, every piece of telecommunications infrastructure, from hardware and software at the user level to infrastructure at the network level, including both private and public sector machines, would need to be redesigned from the lowest level to the highest, then everyone using machines would need to be monitored—clearly not a realistic option. But without this level of effort, anything we do now will at best prevent new vulnerabilities.

The essence is this: No system will in itself ever be completely secure.

Committee staff either do not understand the Chinese business environment or actively seek to mislead others by suggesting that good loan terms and Communist Party committees are unusual.

For some reason, the report repeatedly cites what is essentially an opinion article reprinted by an Australian business magazine to make its case about Chinese state and Communist Party penetration in business. Though they also offer a couple of footnotes to Richard MacGregor’s excellent The Party, they for some reason quote this opinion piece by an adjunct professor at the University of Sydney named John Lee.

Lee’s article is not an evidence-based analysis, but an argument against Huawei being involved in Australian broadband projects. That’s just fine, but he is not an unbiased observer, and his expertise is not in business-government relations in China. A look at his publications suggests he is an analyst of international geopolitics, and he has a U.S. affiliation at a conservative-leaning think tank—again, fine, but hardly the source that an honest inquiry would seek for fine points of Chinese politics.

As another example, the report notes that the reclusive CEO of Huawei, Ren Zhengfei, was invited to be a member of of the National Congress of of the CPC in 1982 before he founded the company (23), and goes on to build a case that Huawei gets better-than-market loan terms. The report complains: “Huawei refuses to provide answers to direct questions about how this support was secured, nor does it provide internal documentation or auditable financial records to evaluate its claims that the terms of these agreements comply with standard practice and international trade agreements” (29).

There are two things going on in this quote. First, a reader unfamiliar with the Chinese business environment might think that good loan terms are rare for big Chinese companies, rather than easily available at various times. Second, we see a shift from implying that the “support was secured” through some murky method, over to an essentially unrelated complaint that they might not comply with international trade agreements—hardly the job of the House Intelligence Committee. This leads to my next point.

The committee spends much of the report on issues unrelated to intelligence or national security.

Entire sections of the report focus on claims that Huawei may have stolen intellectual property from Cisco, or that its affiliates may be working illegally in the United States, or that it may not be operating in full compliance with international economic agreements. These may be legitimate points, and they may be cause for litigation or regulatory penalties under U.S. law, but these points are all a distraction from the duties and purview of the House Intelligence Committee.

Further, they open up the report to charges of playing politics with national security. Such charges would hardly be avoidable in a campaign season or when dealing with the high-profile U.S.–China business relationship, but confusing the matter with these unrelated charges undermines the idea that the committee’s investigation and report are motivated by good-faith execution of its duties. The committee could even have referred these findings to the executive branch as a courtesy, without including them in the report.

This is perhaps the most frustrating element of the entire endeavor. It is entirely possible that there are very real concerns about using Huawei, ZTE, or other foreign-produced telecommunications equipment in sensitive roles in U.S. networks. The committee’s recommendation that “U.S. government systems, particularly sensitive systems, should not include Huawei or ZTE equipment, including component parts” is probably good policy, precisely because of uncertainty (vi).

But putting that recommendation next to (and indeed, below) a recommendation that the Committee on Foreign Investment in the United States (CFIUS) prevent these companies from acquiring or merging with U.S. firms—a major point of concern in U.S.–China business ties—undermines the security case by clouding motivations. It leads the reader to suspect ulterior motives, and it makes the committee’s recommendations less trustworthy even within the United States.

The report is seemingly written in an imaginary world where U.S. companies would readily disclose to the Chinese government their modes of cooperation with the U.S. government on surveillance efforts. 

Imagine this: “U.S. telecommunications companies provide an opportunity for the U.S. government to tamper with the Chinese telecommunications supply chain. That said, understanding the level and means of state influence and control of economic entities in the United States remains difficult. As U.S. analysts explain, state control or influence of purportedly private-sector entities in the United States is neither clear nor disclosed.” This statement is true, but all I did to write it was reverse the country names (11).

Perhaps the most gaping hole in this report, if it is to be viewed as any kind of overview of the situation, is the offensive side of U.S. intelligence efforts. The report elsewhere notes that analysts say China is responsible for the most cyber attacks of any country; I wonder what analysts without U.S. security clearance and therefore not subject to disclosure restrictions would say.

The point is that espionage is never exclusive to the other party. As a rule, every government is trying to gain information about the every other, and private companies that work with governments are likely to hide their efforts. Frustrated by what the committee saw as insufficient response to questions about government ties, the report remarks, “Any company operating in the United States could very easily describe and produce evidence of the federal entities with which it must interact, including which government officials are their main points of contact at those regulatory agencies” (22). Would Boeing or Northrop or Lockheed describe in detail their interactions with government? Perhaps the weasel word above is “must.” Sure, a U.S. defense contractor might happily describe its required interactions, but what about optional ones that lead to more business? How does candor work out when warrantless wiretaps are executed with the assistance of phone providers?

Conclusion: This report seeks to paint Huawei, ZTE, and China as shady, and asks the reader to trust that the classified portion of the report contains evidence of wrongdoing. 

It does not score highly for its analysis of Chinese business structures, nor realistic priorities for maintaining and improving security, nor for avoiding the perception of political bias and ulterior motives. This is a frustrating report, because the underlying issue is serious. It is frustrating because it could do damage to U.S.–China business ties that benefit both countries. And it is ultimately unrevealing except as an indicator of this committee’s agenda.

For better (if still largely one-sided) analysis from the U.S. government, see Northrop Grumman’s report to the U.S.–China Economic and Security Review Commission on China and cybersecurity. While this work still lacks introspection, it uses a broad source base and outlines potential threats without the name calling.

China's 2008 Labor Law: Does It Work, or Is It Just a Financial Burden?

Our friend Lyle Morris has a well-reported piece at YaleGlobal on China’s new labor law, which went to effect at the beginning of this year.

Under the law, which affects both domestic and foreign companies operating in China, workers will see increased protection from labor unions and significant overhauls in policy ranging from contract formation to severance packages and job training. Arguably the most influential — and controversial — change centers on an open-term clause for long-term employees. The clause states that workers with 10 consecutive years, or having signed two consecutive fixed-term contracts with a company, are entitled to a contract without a fixed end date – essentially giving them lifetime employment. …

Many foreign enterprises voiced discontent with the law. Among them was Serge Janssens de Varebeke, then-president of the European Union Chamber of Commerce in China, who warned in a 2006 letter to the National People’s Congress that the “strict regulations” could raise production costs and “force foreign companies to reconsider new investments or continuing their activities in China.” …

Karen Lin, a senior fund manager at Paradigm Asset Management Co. in Taipei, predicts the law will add roughly 25 percent to the cost of labor in China, which typically accounts for 10 percent of total manufacturing costs. Companies that fail to adjust will start to feel major pressure on their profits within “five to six years,” Lin said.

It strikes me as a little bit duplicitous on the part of some foreigners to have their governments and citizens’ groups insisting on new regulations to improve human rights in China while business groups complain that such regulations cost too much money.

No matter which side of the debate you may stand on, it’s hard not to be a consumer of products created under these regulatory conditions. As Lyle writes, however, better laws on the books doesn’t necessarily mean better work conditions.

In the long run, whether or not the law is successful in curbing worker abuse is another matter. Critics point out that the while the law will add much needed rights for workers, its goal of reducing worker-abuse cases might be difficult.

“The impact it will have on migrant workers’ working conditions will be limited,” says Lauffs. “Simply passing a new law will not guarantee that the local labor bureaus will become more active in enforcing employees’ rights or companies will be more accommodating in coming into compliance.”

A fundamental question is whether Chinese workers will actually make use of their newfound power. “I think many workers will be hesitant to use their full rights under the law” says Zhangjian, secretary at a small electronics manufacturing company in Beijing. “Bringing too much attention to yourself could cost you your job.”

Venezuelan–Chinese Investment and an Industrial Showcase

2008 China Industry Expo-VenezuelaLest a week go by without new evidence of strengthening ties between China and Venezuela, a massive trade show featuring Chinese companies and products opens tomorrow in Caracas. The fair includes more than seventy Chinese firms from numerous industries, ranging from porcelain to automobiles.

The fair, organized by the Chinese Ministry of Commerce, is an especially visible sign of the exponential growth in trade between China and Venezuela, which has surged from about $100 million in 1998 to $6 billion last year, according to the Chinese Embassy in Caracas.

The trade show comes on the heels of the government’s announcement that it has begun to spend some of the resources committed to the “China-Venezuela Investment Fund” earlier this year. Venezuela tagged $2 billion for the fund; China promised $4 billion, “the largest credit China has offered to any one country,” according to Zhang Xiaoqiang, a vice chairman of China’s National Development and Reform Commission (NDRC).