Tag Archives: ZTE

Chinese investment benefits and policy for U.S. and Calif. –New report

The Asia Society and the Rhodium Group on Wednesday released a follow-up to their 2011 report on Chinese outward foreign direct investment (OFDI) in the United States. This report zooms in on California to analyze the particularities of that large sub-national market in the United States. One of the key insights authors Daniel Rosen and Thilo Hanemann offer is that sub-national policies have an important role to play as investment flows between the United States and China become a two-way street.

They specifically offer some good points in light of this week’s release of the U.S. House Intelligence Committee’s report on the Chinese telecommunication firms Huawei and ZTE, a report that I view as deeply flawed in its approach to an important topic. On California, where the economy could definitely use a boost, Rosen and Hanemann write:

If California can marshal its assets and sustain current investor interest, we estimate that it can land $20 billion in new Chinese inflows by 2020; if strategy and execution elevate state performance to its full potential, inflows could reach as high as $60 billion (55).

Here are a few interesting points from Rosen and Hanemann’s report. (This is not a summary, though! Best to read the paper.)

As more investment comes out of China, countries will compete to receive it, and states will compete within the United States.

California has great advantages, the report notes. It’s economy is huge, its history and established trade (including a huge amount of shipping traffic) with China is large, and it has key sectors and workforce benefits that could be attractive to investors. But, they write:

There is a glaring disconnect between California’s high ranking in technology and innovation and access to capital and its cost of doing business and perceived business friendliness. On the latter criteria, California routinely ranks near the absolute bottom in independent surveys (57).

This is a real factor among U.S. states seeking investment from abroad. How is your economy, and how’s the corporate environment? Clearly, though, California has a lot going for it despite perceived mafan.

Among California’s emerging strengths is its wine industry.

So far, at least three multimillion-dollar winery and vineyard acquisitions have been completed; “Oakland Mayor Jean Quan made California wine one focus of her 2011 trade and investment mission to China” (39); and, well, wine shops are all of a sudden all over my Dongcheng, Beijing, neighborhood.

Oh yeah, and 40 California vinters are heading out for an Asia trade mission on Monday, as exports to the region have increased.

Last year’s 2011 U.S. wine exports, 90 percent from California, to the countries scheduled for the upcoming Asia trade mission were:  Hong Kong, $163 million, up 39%; Japan, $105 million, up 39%; China, $62 million, up 42%; Vietnam, $21 million, up 266%; South Korea, $13 million, up 13%; and Taiwan, $9 million, up 21%. [source]

Huawei is no demon in the California story.

The Rhodium/Asia Society report, almost surely completed before the Congressional report out Monday, notes a different side of Huawei’s presence. It notes that Huawei, ZTE, and TP-Link “run sales and after-sales service operations in California,” and that Huawei was blocked by the interagency Committee on Foreign Investment in the United States in an attempt to buy the assets of a bankrupt start-up (35). Huawei is also expanding “through significant local hiring and acquisitions,” the report says (50). And the company produce goods in California (49).

Though the report emphasizes that carefully targeted national security screening is essential, it argues that states need to pressure the federal government to remain open and fair.

While Washington-based national security and immigration policies are systemic impediments to Chinese firms and businessmen, a positive set of incentives must come from state and local governments (58).

I’ll end with the Rosen-Hanemann summary point on national security screening in investment. They are perhaps especially prominent pro-investment voices, having received a great amount of coverage since their 2011 report shed light on Chinese investment in the United States, but their views are not uncommon in the business community—with the caveat that organizations such as the U.S.–China Business Council have their own list of issues many businesses would like to see redressed on the Chinese side. Among those issues are intellectual property protections, equal treatment in regulatory processes, and decreased restrictions on which sectors are eligible for foreign investment. It is perhaps worth pointing out in light of the current Huawei/ZTE dust-up that China blocks foreign ownership entirely in several industries, including for instance telecommunications services (though I’d have to check about equipment). OK, here’s Rosen and Hanemann.

Growth in China’s U.S. direct investment has rekindled old arguments about foreign firms and the national interest. Narrowly defined security screenings for foreign investments are imperative: Chinese investment raises plenty of normal, legitimate concerns given the general considerations around foreign ownership and the special characteristics of China. However, security concerns can be misapplied in situations that present no real threat because of simple overreaction or—more worrying—as a back-door route to stifle competition. The politicization of deals on national security grounds has already im- pacted the flow of Chinese capital into California, with the most prominent example being CNOOC’s failed attempt to acquire California-based oil producer Unocal in 2005 (61–62).

For more, see the full report, or last year’s nationwide analysis. These arguments by no means reflect a full consensus, but they are an interesting and timely addition to the U.S. discussion on Chinese investment.

[UPDATE: As a bonus, here’s my favorite chart (one of many) in the report, from page 41:


Five points on the deeply flawed U.S. Congress Huawei report

A U.S. Congressional committee released a broadside attack on the Chinese telecommunications firms Huawei and ZTE this week, charging that their products represent a security risk to the United States and recommending that U.S. government and private sector organizations avoid their products. The report followed about a year of investigation that included hearings and a fair amount of press coverage. Here, I offer some points on the report, which I believe is deeply flawed both in its analysis and in its positioning.

Communication infrastructure is definitely an important area for national security, and it is entirely possible that these firms and the Chinese government coordinate efforts to accomplish espionage or other activities. But I argue this report doesn’t get there, and that it seems designed to distract readers from its thin evidence (at least in the non-classified version we get to see). What it is not is a balanced examination of a risk. Five points and a conclusion follow.

Huawei seems to have decided not to provide much detailed information. This furthers the trust problem, and raises questions about government control of disclosures. 

The report charges: “One of the companies [Huawei] asserted clearly both verbally and in writing that it could not provide internal documentation that was not first approved by the Chinese government. The fact that Chinese companies believe that their internal documentation or information remains a ‘state secret,’ only heightens concerns about Chinese government control over these firms and their operations” (12). This is a legitimate point, though concerns about state secret disclosure are hardly unique to telecom firms, and the suggestion that the companies consider their internal documents state secrets is laughable: they are either afraid of bringing the wrath of their government, or this is a handy way to avoid disclosure. Given Huawei’s apparently ham-fisted and ever-changing attitude with the U.S. investigators, either seems possible to me.

A drastic rebuild of most public- and private-sector information infrastructure would be necessary to achieve the standard of security allegedly threatened by Huawei and ZTE.

Warning: tech-speak in this section. The problem with buying communications infrastructure rather than building it from scratch yourself is that you cannot, ever, be sure there is not a software backdoor baked into the machine. The report cites a classic speech by Ken Thompson in 1987 that outlines the fundamental challenge of backdoors in software: They can be detected in the source code, but our computers don’t run source code; they run compiled code, which can almost never be reverse engineered to reveal the underlying code. So all one needs for a backdoor is to insert it before the code is compiled for deployment. [update] Or, in Thompson’s example, the determined engineer could pack the vulnerability into the compiler itself. [/update] This means it’s entirely possible that I am typing on a compromised machine right now, that someone at Google has inserted something into Chrome, that someone at Cisco has compromised my VPN client, or that Apple’s operating system is vulnerable in secret ways. (I’m sure the U.S. government would never try to gain this kind of access.)

The report correctly notes that you don’t even need cooperation at the highest level to insert backdoors. “Even if the company’s leadership refused [a government] request, Chinese intelligence services need only recruit working-level technicians or managers in these companies” (3). So what would be necessary to build secure infrastructure? The report has it right, saying that monitoring would be needed “from design to retirement [including] aspects such as discrete technology components, their interactions, the human environment, and threats from the full spectrum of adversaries” (6–7). Great. How can we get this done? First, one would build a redundant monitoring system under a trusted hierarchy. Then, every piece of telecommunications infrastructure, from hardware and software at the user level to infrastructure at the network level, including both private and public sector machines, would need to be redesigned from the lowest level to the highest, then everyone using machines would need to be monitored—clearly not a realistic option. But without this level of effort, anything we do now will at best prevent new vulnerabilities.

The essence is this: No system will in itself ever be completely secure.

Committee staff either do not understand the Chinese business environment or actively seek to mislead others by suggesting that good loan terms and Communist Party committees are unusual.

For some reason, the report repeatedly cites what is essentially an opinion article reprinted by an Australian business magazine to make its case about Chinese state and Communist Party penetration in business. Though they also offer a couple of footnotes to Richard MacGregor’s excellent The Party, they for some reason quote this opinion piece by an adjunct professor at the University of Sydney named John Lee.

Lee’s article is not an evidence-based analysis, but an argument against Huawei being involved in Australian broadband projects. That’s just fine, but he is not an unbiased observer, and his expertise is not in business-government relations in China. A look at his publications suggests he is an analyst of international geopolitics, and he has a U.S. affiliation at a conservative-leaning think tank—again, fine, but hardly the source that an honest inquiry would seek for fine points of Chinese politics.

As another example, the report notes that the reclusive CEO of Huawei, Ren Zhengfei, was invited to be a member of of the National Congress of of the CPC in 1982 before he founded the company (23), and goes on to build a case that Huawei gets better-than-market loan terms. The report complains: “Huawei refuses to provide answers to direct questions about how this support was secured, nor does it provide internal documentation or auditable financial records to evaluate its claims that the terms of these agreements comply with standard practice and international trade agreements” (29).

There are two things going on in this quote. First, a reader unfamiliar with the Chinese business environment might think that good loan terms are rare for big Chinese companies, rather than easily available at various times. Second, we see a shift from implying that the “support was secured” through some murky method, over to an essentially unrelated complaint that they might not comply with international trade agreements—hardly the job of the House Intelligence Committee. This leads to my next point.

The committee spends much of the report on issues unrelated to intelligence or national security.

Entire sections of the report focus on claims that Huawei may have stolen intellectual property from Cisco, or that its affiliates may be working illegally in the United States, or that it may not be operating in full compliance with international economic agreements. These may be legitimate points, and they may be cause for litigation or regulatory penalties under U.S. law, but these points are all a distraction from the duties and purview of the House Intelligence Committee.

Further, they open up the report to charges of playing politics with national security. Such charges would hardly be avoidable in a campaign season or when dealing with the high-profile U.S.–China business relationship, but confusing the matter with these unrelated charges undermines the idea that the committee’s investigation and report are motivated by good-faith execution of its duties. The committee could even have referred these findings to the executive branch as a courtesy, without including them in the report.

This is perhaps the most frustrating element of the entire endeavor. It is entirely possible that there are very real concerns about using Huawei, ZTE, or other foreign-produced telecommunications equipment in sensitive roles in U.S. networks. The committee’s recommendation that “U.S. government systems, particularly sensitive systems, should not include Huawei or ZTE equipment, including component parts” is probably good policy, precisely because of uncertainty (vi).

But putting that recommendation next to (and indeed, below) a recommendation that the Committee on Foreign Investment in the United States (CFIUS) prevent these companies from acquiring or merging with U.S. firms—a major point of concern in U.S.–China business ties—undermines the security case by clouding motivations. It leads the reader to suspect ulterior motives, and it makes the committee’s recommendations less trustworthy even within the United States.

The report is seemingly written in an imaginary world where U.S. companies would readily disclose to the Chinese government their modes of cooperation with the U.S. government on surveillance efforts. 

Imagine this: “U.S. telecommunications companies provide an opportunity for the U.S. government to tamper with the Chinese telecommunications supply chain. That said, understanding the level and means of state influence and control of economic entities in the United States remains difficult. As U.S. analysts explain, state control or influence of purportedly private-sector entities in the United States is neither clear nor disclosed.” This statement is true, but all I did to write it was reverse the country names (11).

Perhaps the most gaping hole in this report, if it is to be viewed as any kind of overview of the situation, is the offensive side of U.S. intelligence efforts. The report elsewhere notes that analysts say China is responsible for the most cyber attacks of any country; I wonder what analysts without U.S. security clearance and therefore not subject to disclosure restrictions would say.

The point is that espionage is never exclusive to the other party. As a rule, every government is trying to gain information about the every other, and private companies that work with governments are likely to hide their efforts. Frustrated by what the committee saw as insufficient response to questions about government ties, the report remarks, “Any company operating in the United States could very easily describe and produce evidence of the federal entities with which it must interact, including which government officials are their main points of contact at those regulatory agencies” (22). Would Boeing or Northrop or Lockheed describe in detail their interactions with government? Perhaps the weasel word above is “must.” Sure, a U.S. defense contractor might happily describe its required interactions, but what about optional ones that lead to more business? How does candor work out when warrantless wiretaps are executed with the assistance of phone providers?

Conclusion: This report seeks to paint Huawei, ZTE, and China as shady, and asks the reader to trust that the classified portion of the report contains evidence of wrongdoing. 

It does not score highly for its analysis of Chinese business structures, nor realistic priorities for maintaining and improving security, nor for avoiding the perception of political bias and ulterior motives. This is a frustrating report, because the underlying issue is serious. It is frustrating because it could do damage to U.S.–China business ties that benefit both countries. And it is ultimately unrevealing except as an indicator of this committee’s agenda.

For better (if still largely one-sided) analysis from the U.S. government, see Northrop Grumman’s report to the U.S.–China Economic and Security Review Commission on China and cybersecurity. While this work still lacks introspection, it uses a broad source base and outlines potential threats without the name calling.