In a television interview on February 20, the embattled CEO of Huawei, Ren Zhegnfei, promised that his company would not use the communications equipment they have installed throughout the world to spy for the Chinese government – thus violating a 2017 Chinese law that compels Chinese citizens and companies to provide unmitigated intelligence both within China and outside of the company.
No one should think his pledge is serious; Chinese law cannot be ignored. Since he was deputy director of the Chinese army’s information technology unit before he started Huawei, Zhegnfei knows this better than most.
Zhegnfei’s comments are driven by recent reports that President Trump is presently considering a ban on Huawei telecom equipment being sold in the U.S. Trump’s announcement would send a strong message to the participants in next week’s Mobile World Congress, the world’s largest exhibition for the mobile industry. I hope he will do so – not just with Huawei but with other suspect Chinese manufacturers as well.
The President’s announcement would follow his actions the past two years during which he has turned American victimhood vis-à-vis the Chinese on its head. While these threats were recognized years ago, not until this administration has the Executive Branch has brought credible and forceful leadership on the growing problem.
A November 2018 report from the Office of the US Trade Representative detailed in depth the extent of China’s state-supported investment and acquisition of cutting edge American technology. It has been a difficult and painful process, but U.S. and European policymakers and the media are now rightly putting attention on China’s theft of intellectual property and national security secrets.
However, while the U.S. may succeed in prohibiting Chinese equipment in our networks, we are still vulnerable in end user devices such as handsets, PCs, tablets, and IoT (Internet of Things) devices. In recent years, the media has focused on security issues involving discrete products made by the Chinese companies Huawei and ZTE in telecom networks. However, other Chinese-based and owned companies have come under scrutiny with regard to their consumer products.
This threat is made clear in an April 2018 report commissioned by US- China Economic and Security Review Commission which calls out the supply chain risks from not just Huawei and ZTE, but Inspur, Legend Capital/Holdings, Lenovo, Lexmark, Lishen Power Battery Systems, Tianma Microelectronics, TPV Technology Ltd, Tsingua Holdings, and Shenzen Laibo HiTech Co. Ltd.
These firms are reportedly involved with China’s military, nuclear, and/or cyberespionage programs. Products or services from these firms could present itself as a supply chain attack—or fail through a compromised product, such as batteries, acoustic components, magnets, shielding materials, or cables and power connectors. Such information might even be shared outright in a corporate intelligence sharing agreement, whether voluntary or compelled as a requirement of doing business with the Chinese firm – as per the 2017 Chinese espionage act that Zhegnfei purports to ignore.
For example, the largest maker of computers, Lenovo, has been called out for its support from Chinese government, access to state owned intellectual property, and reported links to Chinese state-led cyberespionage efforts. Notably, its products are banned by use of intelligence agencies in Australia, Canada, New Zealand, the United Kingdom, and the United States (Five Eyes Countries) since the mid-2000s, when British military intelligence discovered “backdoors” and suspicious components in Lenovo products. Concerns about the company have been raised by the Department of State, US Navy, Department of Defense, and Department of Homeland Security. In 2018 The Federal Trade Commission settled a charge that the company was complicit in a man-in-the-middle attack delivered from its laptops which harvested consumer their information from banking transactions, passwords, emails, and instant messages.
Lenovo offers a textbook example of the Chinese strategy—buying an American IT firm which it then reinvented. Lenovo acquired key assets from IBM in 2004 and Google’s Motorola Mobility phone business in 2014. After layoffs, some 2,500 of Lenovo’s employees are based in the U.S.; the other 50,000 work in China. These acquisitions were blessed by US regulators which purport to act in America’s public interest, though in hindsight, additional scrutiny was warranted. After all, Lenovo is partially owned by the Chinese Academy of Sciences. This seeming “academic” entity is actually a finance and investment arm of the Chinese government and holding company with ownership stakes in 48 enterprises and connections to Chinese military, nuclear and cyberespionage programs.
What have learned from all of these investigations is that security has a price that is worth paying for. Chinese products may be cheap, but they cost Americans in our personal safety, national security, and industrial competitiveness. President Trump is right to ban such Chinese-owned companies when fidelity to their country’s forced spying will imperil our national security, corporate intellectual property, and personal privacy.