Tech

The Spy Masters' Case Against Huawei Is Flimsy

The Chinese phone maker's biggest offense may be it's too successful.

Does this look like a Trojan horse?

Photographer: David Paul Morris

The U.S. government's persistent dislike of Chinese smartphone makers Huawei and ZTE surfaced again this week at a Senate Intelligence Committee hearing, with six intelligence community chiefs testifying that they would advise Amercians not to buy these companies' products for security reasons. There's even a Republican-sponsored bill in Congress to prohibit the government from using any Huawei or ZTE equipment. Huawei's latest attempt to break through to the carrier-dominated U.S. market failed earlier this year as AT&T abruptly canceled a planned deal -- possibly after coming under political pressure. 

U.S. consumers should treat these warnings more as politicking and thinly veiled protectionism rather than concern for the security of their communications. There are three reasons to be skeptical of the warnings.

The first one is technical. Spyware included in apps or operating systems is relatively easy to detect, and if the Chinese government decided to spy on Americans through, say, Huawei phones, there's a good chance cybersecurity experts, or even the U.S. spy agencies themselves, would have discovered the exploits and told the general public. Of greater concern are so-called "out-of-band" exploits sewn into the firmware of various phone components or even hardwired into them. These can remain undetected for years, like the recently discovered Spectre and Meltdown flaws -- unintentional, it seems -- in pretty much all modern processors, which spies, Chinese and otherwise, could have exploited, for all we know.

There's not a mobile phone today that doesn't use at least some Chinese-made components. If a Chinese government mass surveillance plan existed, it wouldn't rely just on Chinese-owned handset makers -- it would also exploit Apple, Samsung and other phones. For all we know, China -- and the U.S., and the U.K., where some widespread chipsets are designed -- already do that. If you're paranoid about it, throw away your mobile phone whatever the brand. 

The second reason has to do with the selectiveness of the warnings. The U.S. government has been after Huawei and ZTE since 2011, when the House Intelligence Committee began an investigation of these two firms as telecommunications equipment suppliers. It ultimately found their cooperation with the Chinese authorities suspicious, though no specific backdoors in the equipment were discovered. Since the damaging report came out, however, Lenovo, a Chinese firm, acquired Chicago-based Motorola Mobility from Google -- and, despite periodic noises from the Pentagon as well as U.S. and allied intelligence agencies that Lenovo devices pose a security risk, there is no visible pressure on carriers to stop selling Lenovo and Motorola phones. In the last three months of 2017, Lenovo held a 4.1 percent share of smartphone unit shipments in the U.S., compared with 0.3 percent for Huawei, which has only been selling unlocked phones.

Motorola is a venerable U.S. name, and, despite massive staff cuts in the U.S. since the Lenovo deal, it's still technically a U.S. company. Protectionist instincts are the only logical reason it's not lumped with Huawei and ZTE.

The third reason to be skeptical is that Huawei and ZTE are under no pressure in Europe. In the last quarter of 2017, the company was the third biggest smartphone seller by volume in Western Europe after Samsung and Apple, achieving a 13.5 percent market share. Without the need to protect domestic smartphone makers -- there aren't any to speak of -- privacy-obsessed European countries are fine with both U.S. and Chinese suppliers, though if they found out with any certainty that either spied on them, consumers would be upset. This is similar to the situation in antivirus software, where the U.S. government bans Russian-developed Kaspersky products on its networks but most EU governments (the U.K. is a notable exception) remain agnostic about their danger, using Russian and American security solutions alike.

Stephanie Pell of West Point and Christopher Soghoian of the American Civil Liberties Union succinctly explained the political side of the Huawei/ZTE case in a 2014 paper dealing with phone surveillance:

The companies that made the mistrusted products are Chinese and thus subject to ready and politically safe (indeed, politically rewarding) demonization by the intelligence community and their allies in Congress. Moreover, the national security threat posed by Chinese government exploitation of backdoors in Chinese telephony equipment, unlike many other threats, offered the inherent political benefit of being legally amenable to public discussion without putting any U.S. government intelligence sources and methods at risk.

Now, however, Lenovo's different treatment adds to this the element of market protection. There is no reason why the American smartphone market should look different from the global one, in which Huawei is, like in Europe, the number three brand with a 7.9 percent share of unit shipments. The reason the Chinese company has achieved this enviable position is that it sells reliable, well-designed phones with top specifications -- some of them unique, such as embedded Leica cameras -- significantly cheaper than the competition. The flagship Mate 10 Pro sells for $799 unlocked on Amazon, compared with at least $1,100 for an iPhone X. 

Consumers will be free to judge for themselves, but this looks a lot more like market competition than a Chinese effort to infiltrate the U.S. and steal Americans' private messages and jogging data. Not even China does that with U.S. phone brands such as Apple, although it could easily cite similar concerns.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

    To contact the author of this story:
    Leonid Bershidsky at lbershidsky@bloomberg.net

    To contact the editor responsible for this story:
    Therese Raphael at traphael4@bloomberg.net

    Before it's here, it's on the Bloomberg Terminal.
    LEARN MORE
    Comments