“I think we should be concerned about Huawei and other Chinese companies,“ said EU Commissioner Andrus Ansip in an interview with Euractiv.com. “This is about mandatory backdoors” he murmured and expressed his concern about having chips implanted in devices to steal “secrets”.
The paradox is that for years Europe’s telecoms industry has been buying technology from the Chinese world market leader on a grand scale and no-one saw a problem with it. Why does it suddenly occur to those responsible that this one could pose a security risk?
The answer is as simple as it is astonishing. The source of the fear lies in Washington. Huawei is now suddenly considered dangerous because the government of US President Donald Trump says so. According to the New York Times, for more than a year now, security strategy chiefs in the US have been campaigning to ban the Chinese corporate group from the markets of industrialised countries.
Australia, Canada and New Zealand, members of the “Five Eyes” intelligence cooperation programme with the US and the UK, have already bowed to the pressure and blocked the Chinese supplier. Trump’s ambassador in Berlin, Richard Grenell, explained that “the security of telecommunications networks is endangered when suppliers are under the control or influence of foreign governments”. It carries “the risk of unauthorised access and malicious cyber activity”. And right on cue, the German Foreign Ministry also acknowledged there were “some passages [of Chinese laws] that fill us with concern”, according to which Chinese companies, including even Huawei, are obliged to cooperate with the Chinese intelligence services.
There’s no shortage of irony here. After all, this is precisely the problem European countries have always had with the USA and its IT industry. The Foreign Intelligence Surveillance Act (FISA), which was reinforced with the Patriot Act in 2001, obliges all US companies to hand over records and data to the security agencies at the request of the government if they are deemed relevant to intelligence gathering… and on a worldwide basis. This enforced cooperation is monitored only by a secret court set-up specifically for the task. The companies concerned are also bound to secrecy at risk of penalty.
Unlike the Huawei case, similar accusations against Microsoft, Google, Apple and the like aren’t just theory. Since the revelations of the ex-NSA agent Edward Snowden, it has been unquestionably proved that the US authorities, in particular the global interception service, the National Security Agency (NSA), make wide use of their access rights. The Microsoft group, the company with whose software all state administrations in the EU operate, is particularly eager to comply, as Investigate Europe has reported.
A memo dated 8 March 2013, for example, describes in detail how Microsoft went so far as to provide the US authorities with unlimited access to the group’s cloud service, the data storage service to which more and more companies are outsourcing their IT functions so as to save themselves setting up an IT department of their own.
With its Office 365 programme, which is also increasingly used by government agencies, Microsoft now even ensures that all the documents the programme generates automatically end up on the company’s cloud servers.
At the same time, the Snowden documents proved that the NSA and its British partners used a cyber weapon called “Regin” to directly probe the EU Commission and European Parliament, through a security flaw in the Windows programme.
In 2017, it became clear that the NSA had been using a spy tool based on flaws in Microsoft software for over 10 years, and that the company only fixed these when the intelligence service’s software fell into the hands of criminals.
The latest versions of Microsoft programmes (Windows 10 and Office 365) have exacerbated the problem yet more, because these programmes collect and store the personal data of Office users on a massive scale, without informing them about it.
This was the finding of an investigation commissioned by the Dutch Ministry of Justice. The Dutch IT researchers stated that in doing so Microsoft was violating Europe’s Basic Data Protection Regulation on a gigantic scale.
De facto, the use of Microsoft products by state authorities is “no longer compatible with the rule of law,” says the former Green MEP and current German State Minister Jan Philipp Albrecht, who is regarded as the father of EU data protection law.
But none of the proven infringements by US intelligence agencies and IT firms has led to any practical consequence so far. The Europeans leave themselves defenceless: an American software colony. Against this background, the action against Huawei seems outright ridiculous.
For sure, China is a surveillance state that brutally oppresses its critics and pursues its interests worldwide. There is good reason for suspicion. But as long as EU governments allow their apparatus of state, all the private data of their citizens and the trade secrets of their companies to be spied on by the US intelligence services, all at the same time, the ban on the global market leader from China demanded by the EU Commission and some national governments will do more harm than good. The European Union would only make itself an ally in Trump’s trade war against China, which threatens to cause great economic damage in Europe.
At the same time, almost nothing would be gained for the security of European IT systems, while their dependence on the USA would only increase.
It would make much more sense to finally develop a long-term strategy through which Europe can free itself from the clutches of all foreign powers, at least in respect of the information technology that Europe needs for its “critical infrastructure”. This has already been achieved in aircraft construction and satellite navigation with Airbus and Galileo.
Europe does not lack skilled engineers to protect its IT systems from the “malicious cyberattacks” of which US Ambassador Grenell hypocritically warns. It just lacks the political will to act.