
An overview of why the US has problems with Huawei - rotten
https://www.latimes.com/projects/la-fg-huawei-timeline/
======
rgbrenner
The article mentions the 2012 US House Intel Committee report on Huawei and
ZTE but says (incorrectly) it was never released. Here's the report:
[https://republicans-
intelligence.house.gov/sites/intelligenc...](https://republicans-
intelligence.house.gov/sites/intelligence.house.gov/files/documents/huawei-
zte%20investigative%20report%20\(final\).pdf)

This report is why the US government is taking action against Huawei. In it,
Huawei refuses to answer some key questions about the structure of their
company that strongly indicates they are controlled by the CCP. So what did
Huawei think was going to happen after that?

~~~
yummypaint
I think china views the concept of separation of companies, the government,
and the military as a western notion. The ecosystem is fundamentally different
from in the US, and western observers dont seem to be aware of this.

~~~
rumanator
> The ecosystem is fundamentally different from in the US, and western
> observers dont seem to be aware of this.

This comment misses the whole point entirely. Obviously this is not a simple
issue about cultural differences. The key point is that a telecom company that
is a major player in the telecom infrastructure busines and is desperately
trying to control the world's telecom infrastructure is actually
surreptitiously controlled by the Chinese government. This fact is not minor
cultural nitpicking.

~~~
DiogenesKynikos
> is actually surreptitiously controlled by the Chinese government

There's not evidence for that. It's a private company. It's not a state-owned
enterprise, and doesn't function like one.

> This fact is not minor cultural nitpicking.

No, but it is part of a campaign to demonize China and Chinese companies. Many
people in the US foreign policy establishment are worried about the existence
of a peer-level competitor, and cannot accept that the US is no longer the
sole superpower in the world. That's the fundamental issue here. It's why
there's such a huge disconnect between all the fear about Huawei and the utter
lack of evidence of backdoors in their equipment. This isn't about Huawei.
It's about people in the US government trying to head off China as a
competitor.

~~~
gruez
> > is actually surreptitiously controlled by the Chinese government

>There's not evidence for that. It's a private company. It's not a state-owned
enterprise, and doesn't function like one.

What about the LA Times article?

>A study by professors Christopher Balding and Donald Clarke published April
17, 2019, argues Huawei is effectively state-owned because it is 99% owned by
a "trade union committee." Trade unions in China are controlled by the
government.

~~~
DiogenesKynikos
It's owned by the employees, through a mechanism that involves their trade
union, with Ren Zhengfei (the founder and CEO) having veto power over
decisions. The argument that this indirectly means the government controls the
company is pretty tendentious.

------
rshnotsecure
Huawei has extensive ties with not only the Ministry of State Security, which
is kind of like a combination of the CIA/FBI, but also the Shanghai State
Security Bureau and Organization 610.

Regarding 610, it might exist it might not. Supposedly operating as a “CIA
within a CIA”, they are kind of like a Praetorian Guard that reports to the
highest levels of the CCP.

Anyway Ren Zhengfei, the founder, is a former Army Colonel in the PLA. He was
a specialist in comm systems, and was “laid off” in 1983. This was the same
year the MSS was founded, which wound up kind of “stealing” all the
intelligence work and signals stuff that had previously been the domain of the
Army.

Later the MSS would find it much more advantageous to establish front
companies, and it was this wave of front companies with unlimited black budget
funding that began in mid 1990s that Ren rode all the way to the top.

FUN FACT: The Green Army, one of the original Chinese hacking groups from
1996-1997, eventually all of its first members came together and established
Nsfocus.com which still exists today and is quite big.

~~~
mycall
Are they the dark army?)

------
upofadown
If you pick a Chinese supplier then you might end up with Chinese entities
backdooring and/or copying your product. If you pick a supplier from another
country, then you are up to twice as bad off as that supplier will get their
stuff manufactured in China.

~~~
3pt14159
Naw. A Chinese company embedding a backdoor in a chip is way more damaging to
the reliance as China as a global supplier of electronics manufacturing than a
Chinese company that controls the software. With software it is much easier to
embed a backdoor because a backdoor can look like an innocent bug.

Not that any of this really matters. So many parts of software are broken from
a cybersecurity standpoint that it's more a matter of degree than secure
versus not secure. I'm sure the Chinese are able to have open source
contributors have their patches applied to Linux or Python with innocent bugs
in them. Still though, network attacks break a lot of what keeps the internet
secure, and I doubt the Americans are making it up when they say that Chinese
manufactured network gear is a national security threat.

~~~
utopian3
Shouldn’t you be able to make a hardware backdoor look like a bug. I mean,
imagine if Intel’s predictive branching (meltdown) bugs were intentional... it
could stay hidden for years and look like a mistake

------
mark_l_watson
I don’t understand why this story is such a big deal, but it keeps getting
covered.

There are no US companies that compete with Huawei’s 5G technology, so my
government is going after them anyway they can. Seems simple enough to me.
That said, there is another factor: Huawei smartphones sort of compete with
Apple gear, but at lower prices. This also helps a US company (Apple).

It think it is fairly common that governments do back-flips to help domestic
industries. The Chinese government certainly helps their industries.

~~~
roenxi
To supplement your comment; all the things in being alleged may well be true,
but none of it seems unusual or particularly unexpected. It does seem quite
likely that it has only become an issue because Huawei is out-competing US
companies.

Although I suspect the US will discover their treatment of Meng Wanzhou is
crossing a line. The idea that the US can regulate commerce between a Chinese
company and an Iranian country is breathtakingly audacious and the idea that
the US can go after individuals on this pretext is outrageous. If someone
pulled this stunt on them and black-bagged Tim Cook for violating labour laws
they might start to realise they've opened a can of worms.

~~~
JCharante
Isn't it relating to fraud because they lied about the transactions, as in the
US is perfectly fine if third parties conduct trade with blacklisted entities,
but the third parties have to suffer the consequences of those trades (such as
they themselves getting blacklisted).

~~~
roenxi
That might be true but rates as a bit of a "so what?" in practice. I'm sure
all i-s are dotted and t-s crossed under US law. However, compare and contrast
this to the US law lovingly nicknamed 'Hague Invasion Act' [0] - sovereign
states are not expected to quietly sit down and take it quietly when
foreigners start harassing their authority figures.

It certainly has terrible optics - the US decides to bully a strategically
threatening Chinese company with superior capability? That is likely to
disrupt their extensive data gathering and surveillance operations? In the
middle of trade talks? Whatever legal quibbling they want to argue over, it is
a tough sell as a rules-based decision. It looks highly political.

[0] [https://en.wikipedia.org/wiki/American_Service-
Members'_Prot...](https://en.wikipedia.org/wiki/American_Service-
Members'_Protection_Act)

------
Synaesthesia
It’s hardly surprising that the US is going after Huawei. The US enjoys a
commanding lead in technology globally. That overwhelming lead is threatened
by a company which is now a leader in 5G technology and becoming a global
player. Naturally the US will try to protect its own companies, it’s very
telling that they haven’t given evidence of any wrongdoing.

~~~
Retric
Last thing I read was: _‘Hidden backdoors’ were found in Huawei equipment,
reports Bloomberg._

[https://www.theverge.com/2019/4/30/18523701/huawei-
vodafone-...](https://www.theverge.com/2019/4/30/18523701/huawei-vodafone-
italy-security-backdoors-vulnerabilities-routers-core-network-wide-area-local)

Was that disproven?

~~~
DiogenesKynikos
Bloomberg was wrong here.

Huawei routers had Telnet installed on them, which is completely standard.
Vodafone, the company that was supposedly targeted, disputed Bloomberg's
characterization of standard diagnostic software as a "backdoor":

> The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that
> is commonly used by many vendors in the industry for performing diagnostic
> functions. It would not have been accessible from the internet.[1]

This is not the first time Bloomberg has made sensationalist claims about
Chinese backdoors. This one fell apart with even the lightest of scrutiny. One
wonders if the Bloomberg reporter even understood what Telnet is.

1\.
[https://www.bbc.com/news/business-48103430](https://www.bbc.com/news/business-48103430)

~~~
DataWorker
It sounds like a backdoors to me. Oops we forgot to not install telnet on all
routers we sell is as close to an admission of guilt as one might hope for.

------
jorblumesea
Is it really that surprising that the US would object to a company with
extremely close ties to an authoritarian surveillance state providing the
nations' infrastructure? Huawei was founded by a PLA colonel and has deep ties
to the Chinese state and power structure.

Imagine if a US company was founded by ex-Military officers, stole tech from
Chinese companies, and tried to build China's telecom backbone while accepting
huge subsidies from the US government. No one would bat an eye if they passed
on that deal.

~~~
bronlund
Yeah, because US haven’t been ripping off anybody. And no US company has ever
had close ties to the government %]

~~~
jorblumesea
[https://en.wikipedia.org/wiki/Whataboutism](https://en.wikipedia.org/wiki/Whataboutism)

~~~
dang
Please keep canned arguments like "whataboutism" off HN. They're repetitive
and never lead anywhere new or interesting.

[https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...](https://hn.algolia.com/?dateRange=all&page=0&prefix=false&query=by%3Adang%20whataboutism&sort=byDate&type=comment)

~~~
jorblumesea
I think it's a pretty fair rebuttal. tu quoque is a logical fallacy and is
often seen whenever these debates happen.

~~~
dang
If someone introduces a counterexample that they believe is comparable,
calling "whataboutism" doesn't refute anything. It's a move to exclude the
information, and ultimately to stop discussion. What, after all, can one say
in response? It isn't an argument—it's a label that is intended to stigmatize.
This verbal trick is so empty that it's surprising it has currency among smart
people. I think it's because the word itself is so catchy.

When someone brings up information isn't in fact comparable or relevant, the
reasonable thing to do is to explain why it isn't, and give the other person a
chance to respond. It's natural for people to disagree about what's relevant
in an argument—that's part of having a disagreement in the first place. Trying
to close off discussion so only your side's examples count as admissible isn't
good discourse. Being first to raise a topic doesn't confer power to control
the conversation.

Perhaps the more helpful broader point, though, is that all these canned
arguments are repetitive and therefore low-quality. They're like slapping a
sticker on something rather than engaging with it. Because of that, they make
threads worse and more predictable. People tend to respond badly and strike
back, rather than continuing in good faith—and it's easy to see why, because
labels like "whataboutism" express dismissiveness.

------
rotten
A review of Huawei devices by the company I work for, Finite State, found
numerous (and some trivial) backdoors in 55% of Huawei projects. It is briefly
mentioned in the article above. Here is more information on that report:
[https://finitestate.io/2019/06/26/report-finds-
cybersecurity...](https://finitestate.io/2019/06/26/report-finds-
cybersecurity-vulnerabilities-embedded-within-huawei-devices/)

And here is a video of our CEO talking more about it:
[https://finitestate.io/2019/10/03/security-weekly-
podcast](https://finitestate.io/2019/10/03/security-weekly-podcast)

~~~
Someone1234
Wow that's a grossly misleading executive summary. Your company should be
ashamed of itself.

I read the report itself:

\- Devices came with a default username/password. Called a "backdoor."

\- Devices used password auth instead of public key cryptography for SSH out
of the box. Called a "backdoor."

\- Default public key cryptography keys for SSH auth instead of password.
Called a "backdoor."

\- Devices contained public certificate authorities. Called a "man in them
middle."

\- Devices contained well known vulnerabilities in common open source
software.

If I had paid Finite State for this report, I'd fire them on the spot and
blacklist them. I particularly love the Schrödinger's cat of public key SSH
auth. If the vendor doesn't enable it by default it is a "backdoor" and if
they do it is "hard-coded certificates" and thus a "backdoor."

According to Finite State's logic I've never used a vendor that didn't contain
multiple "backdoors." Particularly as doing so is impossible (since you need
to enable public certificate SSH auth AND not provide users any way of
actually using it).

The thing that surprises me is that they found "backdoors" in _only_ 55% of
devices? Shouldn't it be 100%, or did you feel like misleading that much was
too unbelievable (and people might e.g. read the report and call you out)?

PS - No conflicts or stakes here (don't even run Huawei's stuff that I know
of). Just decided to read the report because of the extraordinary claims made,
found out there was nothing there.

~~~
whatshisface
> _If I had paid Finite State for this report, I 'd fire them on the spot and
> blacklist them._

Whoever paid Finite State for that report presumably was happy with the
outcome that was arranged for them. Alternatively, they could have written the
report on their own in order to drum up business and "reputation" in the
cybersecurity industry.

------
vaporland
NSA hates competition

------
aritmo
Most of the points listed in the article are excuses to attack a successful
Chinese company. It looks like the US prefers China to just manufacture for
others and not sell directly high tech products.

~~~
mcguire
" _Seattle prosecutors alleged in January 2019 that Huawei employees stole
T-Mobile trade secrets in 2012. They said that Huawei pressured its U.S. staff
to get details about a smart-phone-testing robot named Tappy and that a Huawei
employee removed the robot arm and took it home and photographed it. Huawei
denies any role. It says employees acted on their own, in “a moment of
indiscretion.”_ "

That's perfectly believable. I, myself, am compelled to fiddle about with
other people's technology.

~~~
pkaye
> The Supercomm telecom trade show was winding down and most people had gone
> home when Zhu Yibin, a China-based employee of Huawei, was caught by
> security June 23 photographing the circuit boards of an optical networking
> device owned by Fujitsu Network Communications after removing the casing,
> according to a report by Light Reading. Zhu also had two pages of
> proprietary AT&T diagrams and a list of six vendors to visit, with two high-
> tech products highlighted.

~~~
nraynaud
The CIA did the same with an entire soviet spacecraft.

~~~
pkaye
So you are saying we should assume the same for China and Huawei?

~~~
nraynaud
they behavior is not deviating form the standards set by the US.

~~~
bigj0n
If Huawei does not deviate from the standards set by the CIA, than it is very
clearly a terrible idea to do business with them

------
w1nst0nsm1th
I would answer if I had a meaningful thing to say, but I'm afraid my social
credit score could suffer and I could be banned by chinese government from
buying cheap backdoored electronic cigarette gears.

