Mar 4, 2019 7:00 AM

US Lawyers Don’t Buy Huawei’s Argument on Chinese Hacking

Huawei says Chinese law prohibits the government from ordering it to install backdoors for spying. US lawyers say a law's text isn't always the final word in China.

A man is seen working in Huawei's office building

Over the past year, telecoms manufacturer Huawei has become a pariah outside its native China.

The company grew rapidly in recent years as its low-cost telecom equipment and smartphones won favor with telcos and consumers. It is the world’s largest maker of telecom gear, and a leading vendor of the technology needed to build next-generation 5G mobile networks.

But the Federal Communications Commission warned last year that use of Huawei’s equipment in US telecom networks might weaken US national security due to the company’s close ties to China’s government, which has been implicated in hacking campaigns against US companies and government agencies. President Trump later signed a bill banning US government purchases of Huawei equipment. And the company faces similar accusations or bans in Australia, Germany, Poland, and the UK, as well as US indictments alleging the company breached sanctions on Iran and stole secrets from T-Mobile. (On Friday, Canada said it would allow an extradition hearing against Huawei CFO Meng Wanzhou, who is accused in relation to the Iran case, to proceed.)

In its defense, Huawei argues that, under Chinese law, it can’t be ordered to help with government hacking campaigns. But US experts on Chinese law and tech policy say the country’s government doesn’t limit itself to what the law explicitly allows.

Huawei’s CEO and founder Ren Zhengfei told journalists in January that “no law in China requires any company to install mandatory backdoors,” secret flaws that would allow spying or cyberattacks. In an opinion article published Monday in WIRED, Zhou Hanhua, a top legal scholar at the Chinese Academy of Social Science’s law institute, agreed with Ren’s assertion. “No Chinese laws compel the installation of backdoors or other spyware,” Zhou wrote.

The Chinese Academy of Social Science functions as a kind of state-supported think tank, and Zhou is a respected legal thinker inside and outside of China. He has helped the country’s government develop its first freedom of information laws, and also drafted privacy legislation.

All the same, scholars of Chinese law and tech policy outside the country are dismissive of Zhou’s arguments in Huawei’s defense.

Donald Clarke, a professor and specialist in Chinese law at George Washington University, says it’s possible that the letter of the Chinese law does protect the company, although it would take a careful analysis to check. But he says that it’s practically irrelevant given how China’s one-party government operates.

“There’s a whole variety of pressures that the government can bring to bear on a company or individual, and they are not at all limited to criminal prosecution,” Clarke says. “China is a Leninist state that does not recognize any limits to government power.”

Graham Webster, who works on Chinese digital policy at think tank New America, agrees. “The law has real effect in China, but in circumstances like national security it isn’t decisive,” he says.

Zhou’s op-ed cites legal analyses by two major law firms, Beijing’s Zhong Lun and London’s Clifford Chance. He says the Chinese firm determined that China’s Intelligence Law doesn’t permit the government to compel telecom equipment firms to help with cyberattacks. Clifford Chance reviewed that report and concluded it was sound, Zhou says. A Clifford Chance spokesperson confirmed that the firm reviewed and supports Zhong Lun’s conclusions. Zhong Lun did not respond to a request for comment.

Both law-firm reports were commissioned by Huawei; only the Zhong Lun document is public, in a filing to the Federal Communications Commission last year. The company has cited them in a letter to the UK’s parliament and, as highlighted by Czech research project Sinopsis, to defend itself in Australia and Poland.

Andy Purdy, chief security officer for Huawei in the US, says the company will look into making the law firms’ analyses public. He also argues that Huawei is being unfairly singled out over risks that exist for all telecom equipment providers.

China—or another country with good hacking skills—could target the supply chain of any of Huawei’s rivals, Purdy says. The company’s two closest competitors, Nokia and Ericsson, both work with Chinese manufacturing companies.

Simha Sethumadavan, a professor at Columbia University who researches hardware and supply chain security, agrees that backdoors are a concern for computing technology no matter its origin. Documents in the trove leaked by Edward Snowden underline the point. They indicated that the National Security Agency created backdoors into networking equipment from many major networking companies—including Huawei and US company Cisco.

“It is possible for parts manufactured entirely in the United States or in trusted foundries to end up having untrustworthy modifications,” Sethumadavan says. He adds, however, that it can be harder to detect or defend against backdoors inserted by a company cooperating with an operation, as critics say Huawei might be forced to do.

The head of UK foreign intelligence service MI6 recently suggested that, rather than ban Huawei from telecom networks, it may be better to manage the risks of using its equipment, in the interest of maintaining a diversity of suppliers. “It’s more complicated than in or out,” Alex Younger told reporters at the Munich Security Conference.

Huawei’s Purdy says he hopes to persuade the US to take a similar view and devise processes to vet the company and its equipment, similar to how acquisitions and mergers involving overseas companies get national security scrutiny.

Updated, 3-6-19, 12:30pm ET: This story has been updated to reflect that the Zhong Lun analysis had been made public in a filing to the FCC last year.