Huawei and ZTE: Spies? Us? Nah. It's just software bugs

Yesterday a US Congressional committee quizzed a couple of executives from Chinese telecoms companies Huawei and ZTE about allegations that their companies could use networking equipment installed in America both to spy on the country and to help trigger cyber attacks. Martyn Warwick reports.

Charles Ding of Huawei Technologies and Zhu Jinyun of ZTE denied allegations that equipment from their respective companies comes complete with secretly embedded coding to enable them to conduct covert surveillance on US communications traffic and to help bolster the efficiency and disruption of cyber attacks against US interests. They also sought to refute allegations that they have direct links to, or take orders from, the Chinese government or military.

However, try as they might, their answers failed to convince the committee of their bona fides. Mike Rogers, the Chairman of the House Intelligence Committee commented, "I'm disappointed. I was hoping for more transparency, more directness."

He told Mssrs. Ding and Jiyun, "There is a sphere of government influence in your companies of which you either can't identify their roles and responsibilities or won't. Either way, its unacceptable."

Thursday's hearing was the latest move in the now year-long probe being carried out by the US authorities to determine if Huawei and ZTE pose a security threat to the country.

Mr. Ding, a corporate senior VP at Huawei said, "Huawei is an independent private employee-owned company. Neither the Chinese government nor the People's Liberation Army has an ownership interest in our company, or any influence on daily operations, investment decisions, profit distributions or staffing."

Now there's an answer that reveals a darned sight more by what it omits than in what it actually says. For instance, since when did not having an ownership interest in a company prevent the Politburo from leaning on corporate executives? And maybe there is no influence of daily operations but what about weekly, monthly, yearly or even over the course of a generation?

In his turn, Zhu Jiyun, ZTE's senior VP for North America and Europe insisted, "Would ZTE grant China's government access to ZTE telecom infrastructure equipment for a cyber attack?" No! China's government has never made such a request. If such a request were made, ZTE would be bound by US law."

Both men vehemently denied they or their companies have ANY links to the Chinese government, swore that they and their companies would never stoop so low as to sabotage a client's network, embed spy codes or help promote cyber attacks.
Indeed, it seems both Hauwei and ZTE are committed to improving their customer's cyber security and follow US law to every last letter, full stop and exclamation mark!

None of this seemed to change Mike Rogers' mind and he complained that both companies had provided "little actual evidence" in answer to the committee's questions and pointed out that both Huawei and ZTE had flatly refused to supply it with various documents asked for because, they claimed, to do so would be in breach of China's state-secret legislation.

As Mike Rogers observed "It is very strange the internal corporate documents of purportedly private sector firms are considered classified secrets in China. This alone gives us a reason to question their independence."

Messrs Ding and Jinyun also denied allegations that the Chinese government directly funds some company initiatives and averred that neither company sells, nor have they ever sold any products at a loss in the US or in other parts of the world.

Another Committee member, Adam Schiff, pointed out to the two executives that Chinese state security law gives the Chinese government the power and right to "inspect  and examine" any communication equipment belonging to any company or individual.

Mr. Ding and Mr. Jinyun said they didn't know of the existence of any such legislation and that they would "never" interfere with or do any harm to equipment and networks belonging to any customer.

Huawei and ZTE are desperate to get a bigger foothold in the enormous, and enormously lucrative, US market but their efforts have been dogged by controversy and claims that they are far too close to the Chinese government for their products to be entrusted with the carrying of US data. In 2011, Huawei was banned from participating in the build-out of a US national wireless network directly because of security concerns voiced by the US Department of Commerce and other government agencies.

Huawei has spent big money on lobbying its cause in various US fora and Dan Steinbock, an acknowledged expert on US-China trade relations, was commissioned to write a report on the company. Serendipitously, it was published on Thursday, the day before yesterday's hearing. In it Mr. Steinbock argues that the US authorities have failed to bring forward any convincing evidence to show that Huawei is any sort of credible threat to US interests. He writes,"Today, Huawei is one of the most misunderstood companies in America. Huawei's activities in America are not a threat, but an opportunity to the United States."

Meanwhile, back at the Committee hearing, Mr. Schiff said, “Huawei and ZTE provide a wealth of opportunities for Chinese intelligence agencies to insert malicious hardware or software implants into critical telecommunications components and systems. We have heard reports about "back doors" or unexplained beaconing from the equipment sold by both companies. Our sources overseas tell us that there is a reason to question whether the companies are tied to the Chinese government and whether their equipment is as it appears.”

The response from Zhu Jinyun of ZTE almost beggars belief. He said, "What they have been calling back doors are actually software bugs. They are commonplace."