
U.S. Officials Say Huawei Can Covertly Access Telecom Networks - tysone
https://www.wsj.com/articles/u-s-officials-say-huawei-can-covertly-access-telecom-networks-11581452256
======
camillomiller
Chinese officials say that the NSA tapped the phone of an allied nation's
Prime Minister without their knowledge.

If you remove yourself from the current spat between USA and China, how can we
take for good what "US officials" say, when we all have PROOF, post-Snowden,
of what US officials were actually doing?

The previous sentence is a direct quote of a top-3 executive of Huawei I've
witnessed personally at a press conference. He was absolutely right.

My point is: if you isolate statements like these, the discourse is going
nowhere. Also, for the tapping of Merkel's phone we have proof, for most of
the things "US officials" say, we have not, we're just asked constantly to
trust what they say and take it at face value, but American institutions have
squandered that luxury in the past 20 years.

This is also why telco companies in allied countries that have invested
billions in 5G infrastructure from China are not really willing to cancel
their plans only based on take-it-or-leave-it and trust-based intelligence.

~~~
w7
How does proof that the USA did something affect or change the risk that
Huawei devices can pose? That's literal whataboutism.

The alternative providers aren't even USA owned, they're European.

Discourse is going no-where because some people have a fundamental
misunderstanding that this is some sort of trial that requires proof, when in
actually it's simple risk analysis.

Discourse is going no-where because some people somehow think it's unfair for
Huawei to be banned from networks, when China routinely bans Western companies
based on domestic security/market risk alone.

Discourse is going no-where because some people expect backdoors to have giant
identifiable red flags, when instead they look like the openssl CVE's from
2006 that disappear and reappear in Huawei's firmware.

Discourse is going no-where because some people seem to think this is some
attempt by the US to maintain some surveillance hold on telecom networks, when
they can just compromise Huawei gear anyways.

Anyone sticking to Huawei hardware is doing it because it's extremely cheap,
and they're either blind to (willingly or not) the risk or have factored it in
(see UK's 35% deal).

~~~
camillomiller
Discourse is going nowhere because people think that it's fair for the
American Government to enact restrictions on global companies based in
America, in a way that makes it impossible for a company from another country
to operate fairly on a market (Europe) where American Institutions have
absolutely no jurisdiction.

How is that even legal in a country where the free market is basically God?
Free market as long as it's in the American interest?

~~~
krtong
People often use "capitalism" or "free market" interchangeably with "laissez
faire economics." What you're referring to is laissez faire, not "the free
market." Laissez faire occurs in a capitalistic society but it's a subset of
capitalism. Really it's an ideology more than anything, usually called names
like "libertarianism." It also sort of defeats the point of the economic
growth.

Economic growth is for national security, specifically to fund and produce
supplies for our armies. This is why we talk about economies in the context of
nations. This is why nations frequently subsidize businesses or full-
industries. This is why Alexander Hamilton sent spies to Britain to steal
factory blueprints, or why Xi Jinping subsidizes Huawei, or why the PRC exists
at all.

America wrote the playbook that china's following. That's why you can trust
what America says about China. That's why it's good if america does something
but bad if another country does it. Nations are all just horses in the same
race. You're supposed to pick one.

~~~
oroul
What are we racing towards though? What is the goal? Nation vs. nation
competition seems great up until the point human wellbeing becomes secondary
to the ambiguous goal of 'national advancement' .

~~~
krtong
In this imperialistic "horse race" nations improve the wellbeing of humanity
because nations are incentivised to take care of its citizenry since the
citizenry is their military. Back in the day either you were either a soldier,
or you paid your way out of service by funding the army and paying the
salaries of the rest of the soldiers.

Things in the last 200 years have changed greatly and I don't know if the
ideology holds up anymore. The American Civil War, WWI and WWII showed that
nation populations are greater than any transportation system can physically
move to the battlefield, so improving the wellbeing of humans has taken a
backseat to improving technology since the bottleneck of war isn't how many
soldiers you have, it's how fast you can move and how fast you can kill off
the other side.

The other bottleneck during the last couple major wars (aside from
transportation) was the supply of raw materials. If America wasn't mineral
rich and shipping ammunition to both sides during WWI the war would've ended a
lot sooner. Today I wonder what war would be like because there's a near
infinite supply of people, and raw materials.

Also there's a seemingly infinite supply of money currently in circulation.
Everything seems to be getting bought and sold as global investors frantically
try to find enough things to invest in. It's an absurd world we live in and I
agree that the meaning of it all has completely broken down.

------
orand
My favorite part is Huawei is supposedly using our own law enforcement back
doors. I hope that this is forever used as an example to fight the ongoing
push for "good guy only" back doors.

~~~
radicsge
The "good guys" (telco/law enforcement) have strict criterias to access it,
like court order. Thus it is regulated by the local government.

Meanwhile Huawei is supposedly actively created a workaround:

> U.S. officials say Huawei has built equipment that secretly preserves the
> manufacturer’s ability to access networks through these interfaces without
> the carriers’ knowledge.

~~~
8note
where 'strict' is a secret court that accepts everything put in front of it?

~~~
jorblumesea
FISA courts have a high acceptance rate because prosecutors don't put anything
in the ring unless they're very sure they'll get approved. This has been
affirmed by many ex-FISA court appointees, lawyers and those in the
intelligence community.

Please let the "FISA court is a rubber stamp" myth die already.

~~~
Consultant32452
I don't know if the FISA system is abused or not, but I certainly would not
take the word of anyone who made a living off it to tell me it's all good. I
submit I may have a very different definition of reasonable use. I know the
opinions of regular police and courts and I disagree with them too.

~~~
jorblumesea
I think if your proof is "I don't trust anyone in government" that's a pretty
weak argument, no? Also, isn't it true that every warrant is just opinions
about whether someone has done something warranting investigation? I don't see
what any of these objections have to do with FISA.

~~~
gpm
> "I don't trust anyone in government" that's a pretty weak argument, no?

Not trusting the government is the entire point of large portions of the US
constitution...

~~~
jorblumesea
The constitution is all about checks and balances. There was implicit trust in
the government from the very outset of the founding of this country. It was a
documented designed to guarantee trust. If you don't trust the checks and
balances that the government provides, then the constitution is a worthless
piece of paper. Warrants are by definition, a check and balance of sorts,
although I understand it doesn't feel that way. Police (executive branch)
comes to a judge (judicial branch), who approves or rejects the warrant. The
judiciary has the final say over whether the police can search a home, for
example.

I think it's interesting how many people point to how we need to get back to
the roots of constitutionalism, but also say "I never trust anything
governments do or say".

If that's the case, why do you think the constitution will help you there? The
document itself requires huge levels of trust.

~~~
gpm
Well sure, if I took the extreme position of arguing to never trust the
government you'd be right.

That's not what I, or the person you are originally replying to is doing.
Rather we would say something like "you are asking us to trust the government
when it is bypassing or ignoring the checks and balances put into the
constitution precisely because of issues like this". For a few examples:

Checks and balances are why the 6th amendment requires to a "speedy and
_public_ trial". Which the FISA courts are not providing. They are why the 6th
amendment requires the accused to be informed of the "nature _and cause of the
accusation_ ", which is regularly being violated by these secret proceedings
by way of parallel construction.

You bring up the topic of warrants, but warrants (by the 4th amendment) must
"upon probable cause [... describe] the place to be searched, and the person
or things to be seized". From what little we have seen of the FISA
proceedings, neither of those conditions are being respected.

You bring up the judicial branch, but the judicial branch is required (by
article 3 section 2 of the constitution) to hear only cases and controversies,
one sided proceedings that aren't even released publicly after the fact to be
challenged are neither. This clause exists (I believe) precisely because one
sided arguments lack the necessary checks and balances to reach a fair verdict

------
offmycloud
Why do they need a back door when they can walk right in through the front
door? I used to work for a large company that purchased Huawei 4G gear and had
a paid support agreement. A condition of the agreement was giving VPN and SSH
access to Huawei support engineers, so that they could "debug" their products
in our network.

~~~
drummer
It would not surprise me if they also had some hardcoded accounts and
certificates for convenient "support" access.

~~~
tastroder
Are we talking about Huawei or Cisco here? The well documented general
stupidity of infrastructure hardware suppliers hardly supports the air quotes,
or any of the nation state narratives here.

~~~
drummer
Sometimes it is convenient to disguise back doors as general stupidity or
honest mistakes.

------
Taniwha
As someone who doesn't live in the US I'm not sure that that's not any
different than the recent Crypto AG news, or the similar back doors that have
been discovered in Cisco hardware over the years, including the ones provided
for US 'law enforcement'.

The only real answer though is not to worry about this stuff, use the cheapest
switching hardware you can find (sure use Huawei if they're the cheapest) and
own your own privacy, don't trust anyone and do your own end-to-end
encryption.

~~~
caconym_
On the face of it I don't think it's terribly different, no.

Anyone who wants to make a moral judgment about which is "worse" should start
with moral judgments of the American and Chinese governments.

~~~
kelnos
Both the American and Chinese governments have bad track records when it comes
to abusing civil liberties, privacy intrusion. I would say that the Chinese
government is worse, but that doesn't really matter from my perspective for
this particular thing.

As an American, I expect that the US government, if it wants it enough, can
obtain access to my communications (at least while using US infrastructure),
assuming they're not e2e encrypted. Hopefully such access would be gated by a
warrant, and I expect in most cases that's how it works, though I do expect
there are abuses here and there.

The Chinese government, however, should not have any kind of access to any of
my communications (unless I am visiting China, using their infrastructure; or
perhaps am communicating with someone in China from abroad). In addition, if
the relationship between the US and China ever sours to the point of war,
presumably the Chinese would have no problem using any possible backdoors to
disrupt US telecom networks.

Given this, I would much rather the US use US-built telecom infrastructure
than Chinese-built infra. I think an argument over which government is more
moral or trustworthy is just not useful here.

~~~
p1necone
If I was living in America, I'd _much_ rather have the Chinese government
spying on me than the American government, and vice versa if I were in China.
Obviously that's me as a selfish individual - it does indeed make more sense
for America as a whole to not want other nation states snooping on them.

~~~
smnrchrds
Real choices (if you live in America) are (1) American government only or (2)
American and Chinese governments both. As a resident of Canada, my choices are
(1) Canadian and American, or (2) Canadian and Chinese.

------
geophertz
What annoys me the most about the whole "Huawei fiasco" is the fact people
were going to install proprietary product to run 5G, which meant that it ended
in a strange speculation game. If only open and free hardware had to be used
for such things, there wouldn't be any problems of putting blind trust into a
foreign company.

~~~
azinman2
How do you verify what you have is what you are told it is?

Free software / hardware doesn’t solve espionage.

~~~
mycall
Compiling everything, code audits, pen testing.

~~~
azinman2
None of which can tell you that the hardware isn’t doing something different,
for sure. Code audits don’t mean much if the code you’re given isn’t what
you’re running.

~~~
fsflover
Schematics?

~~~
azinman2
Still don’t tell you what is inside of a chip. This is a known big area of
concern, and is one of the reasons why the US military requires chips be made
domestically for sensitive equipment.

~~~
fsflover
X-ray images?

------
mhandley
As a UK citizen, my general assumption is that the systems security of all
telco equipment and the operational security of all telcos is so poor that
both the US and China can covertly access our networks, no matter who made the
equipment. Pretty much no complex software stands up to scrutiny if you're
willing to put $100M into cracking it. Until some equipment vendor starts
shipping a software stack that is both open-source and formally verified, it
seems that situation will persist. Can't see that happening anytime soon.

~~~
daemin
Why crack the hardware when the soft squishy things are so much easier to
compromise.

------
T_ADD
There's always been such allegations about Huawei. Backdoors are no surprise.
LI is standardized by 3GPP.

But if Huawei can do it, so would be the case for NSN, ZTE, Ericsson and even
samsung.

Besides backdoor access built in, these telecom equipment come with advanced
diagnostic capabilities that are not accessible by anyone other then their own
RND department.

~~~
mycall
> these telecom equipment come with advanced diagnostic capabilities that are
> not accessible by anyone other then their own RND department.

In these days of Meltdown and Spectre and TSX Speculative Attacks, I'm not too
sure anymore.

------
thewileyone
Everyone here is missing the real issue, which is money; it's not about US or
China spying. It's about the trillions at stake for who owns the 5G patents.
Currently 4G patents are mostly owned by Qualcomm, but if Huawei takes
precedence, Huawei stands to earn trillions from equipment makers.

~~~
jamez1
This is just nonsense, patents don't accrue much of the revenue and the
revenue for the entire telecommunications industry globally is probably only a
trillion.

~~~
ozymandias12
Not to say Huawei only has 1/3 of all 5G patents.

------
morpheuskafka
> U.S. officials say Huawei Technologies Co. can covertly access mobile-phone
> networks around the world through “back doors” designed for use by law
> enforcement

I cannot believe they don't see the contradiction. Chinese law enforcement
isn't supposed to have backdoors in equipment sold around the world but the US
is? Seriously? I can't believe any countries would buy sensitive
communications infrastructure from any country that openly includes backdoors.

------
neonate
[https://archive.md/jowdd](https://archive.md/jowdd)

------
drummer
CNBC coverage also mentioning the CIA Rubicon program
[https://m.youtube.com/watch?v=4UYIt8Y0XHU](https://m.youtube.com/watch?v=4UYIt8Y0XHU)

------
alfiedotwtf
US: It's not right the Chinese spy on telcos

FVEY: It's right for us to spy on Belgacom

~~~
kube-system
Every world power for the past couple of millenia: Let's spy on other world
powers and try to prevent them from spying on us.

------
no_opinions
The suspicious thing isn't the tool/technology, it's the actor and what the
world would be like if they ran the show.

This is a good reason why Chinese needs to democratize totally and switch
things up.

The issue is, when you live in China and luck strikes out, there's no choice
but to conform, or face suffering, which if Xinjiang is any measure, includes
deprivation of liberty. Take pity on the one who has disagreement with the
system in PRC.

I don't understand a government lasting long without elections by the people.
I don't get their end game on the world stage. They remind me of Kefka from
Final Fantasy VI, or team rocket in Pokemon, because news often planning some
conspiracy or trap that'd backfire on them in the end.

------
m0zg
This reminds me of that case when Russia deployed its radioelectronic warfare
gear in Syria, and the US complained that it interfered with the US's own
radioelectronic warfare gear.

I mean, don't get me wrong, I'd be the last person to carry water for Huawei,
but realistically each country that hopes to maintain its sovereignty should
build their data infrastructure on their own. Especially first world countries
who have the means and the technology to do so. Otherwise you end up with
Barack Obama listening in on Angela Merkel's phone calls and stuff like that.

------
RantyDave
I don't think that's the real issue. The real issue is that Huawei can (maybe)
covertly deny service. Or launch attacks on other pieces of infrastructure.

~~~
kube-system
China could simply embargo Huawei support contracts and leave a bunch of
network equipment with unpatched CVEs

------
amrx431
As if Cisco doesn't at the behest of NSA.

------
born_a_skeptic
How did Huawei become the leader in 5G? Did they develop tech themselves?

------
swiley
Why is everyone ok with this closed telecom stuff? The user experience _SUCKS_
and it’s always used to manipulate and spy on you.

Put everything on ipv6 and use open standards.

------
tibbydudeza
Really who cares except some jingoist defence industry neocon who still thinks
the cold war is a thing , also the Chinese don't do drone strikes or invade
other countries.

~~~
anon46121
China doesn't invade countries; except Tibet, Vietnam, India and Korea. They
also funded and trained the Khmer Rouge and clashed with the soviet union.
They have also built and fortified islands in other nations territorial
waters. That is from the top of my head.

~~~
torbjorn
The Uyghurs getting put in political reeducation camps.

------
stopads
The news here is that all telecom equipment is required to have back doors
built into them, the "crime" is the manufacturer sometimes using this too.

I don't know if this is hugely revelatory or surprising, it has been common
knowledge that all the telecoms are effectively government entities for a long
time now. It's still just a bit surreal to see it all spelled out in black and
white in the WSJ.

~~~
tjohns
That's not really news. It's mandated by the Communications Assistance for Law
Enforcement Act (CALEA), which is a law dating back to 1994:
[https://en.wikipedia.org/wiki/Communications_Assistance_for_...](https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act)

Some enterprise network gear even has CALEA modules built in to facilitate
traffic intercepts. For example, here's some docs from both Mikrotik and
Cisco:

[https://wiki.mikrotik.com/wiki/CALEA](https://wiki.mikrotik.com/wiki/CALEA)

[https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6...](https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/lawful/intercept/book/65LIch1.html)

------
resters
Considering the anti-competitive, protectionist nature of the US backlash
against Huawei, I think it's wise to be quite skeptical of these kinds of
claims until they have been proven to be true by independent security experts.

------
sandoooo
It is more accurate to say that the US government has mandated law-enforcement
backdoors that means any telecom equipment provider has covert access, Chinese
or otherwise. And now that this is the case they would really rather that you
stop using the Chinese ones (and use instead US companies, who also have
access to the backdoors and are willing to share it with the US government).

As a practical matter, it all depends on your threat model: are you more
likely to get into trouble if the US government knows your secrets, or the
Chinese one? How much of a premium are you willing to pay to minimize this
risk either way?

