The Biden administration must re-evaluate Chinese 5G data security

The Biden administration faces no shortage of existential challenges when it takes power next week — COVID-19, the fragile domestic economy, damaged federal agencies, civil rights, and a nationwide insurrection are certainly the top five. But regardless of where it ranks in the top ten, America’s economic war against Chinese tech companies merits immediate attention, as it has created chaos for the global rollouts of 5G communications networks, and will further damage either United States foreign policy credibility or international data security over the next decade.

If you haven’t been following the story, here’s the quick primer: Shortly after Chinese networking companies Huawei and ZTE announced plans to sell 5G products in the U.S., the Trump administration deemed them threats to national security, crippling Huawei and nearly killing ZTE. U.S. officials claimed that the companies were about to sell 5G network hardware that could be compromised by Chinese government spies, and possibly even controlled by the Chinese military in the event of a war, each a potentially massive risk to voice and data security in an increasingly cellular era.

In light of the Trump administration’s frequent disregard for truth — say nothing of Trump’s personal animus against China and poor grasp of technology — the question of whether Chinese companies are actually a threat is of critical importance to both technical decision makers and all the people they serve. It’s worth underscoring that concerns over Huawei and ZTE preceded the Trump administration, and were raised by Congressional intelligence committee members with access to non-public information, but remained on the back burner until the companies began offering 5G network hardware to the U.S. and its allies.

Until they were blocked by the U.S. (and some allies), Huawei and ZTE were offering to build the world’s 5G networks at prices rivals Ericsson, Nokia, and Samsung could not match, so Chinese-made hardware would have underpinned everything from rural U.S. 5G to the networks relied upon for private and military communications. For both economic and social justice reasons, it was important to know whether these companies were fairly accused of working as agents of China’s spy apparatus, or unfairly caught up in another of Trump’s many xenophobic attacks.

On one hand, Huawei has continually denied any role in spying for China, and though multiple countries have reviewed and taken issue with the company’s network security protocols, none has definitively demonstrated that Huawei gear was actually enabling surveillance by the Chinese government. The U.S. allegations hang largely on a Chinese law that requires domestic companies to cooperate with the government’s surveillance requests upon request — an arguably abstract fear that could be applied to a wide swath of Chinese businesses.

Concrete evidence of that point came yesterday, when the Trump administration unexpectedly branded another Chinese vendor — handset maker Xiaomi — as a “Chinese Communist military company,” adding it to an economic blacklist that will take effect in November 2021 unless Biden’s team intervenes. “The expanding blacklist,” Reuters notes, “is part of a bid by President Donald Trump to cement his tough-on-China legacy in the waning days of his presidency,” and appears to be part of a larger effort to frustrate the Biden team with multiple diplomatic challenges. Like Huawei, Xiaomi has denied the allegations, saying in a statement that it is not “owned, controlled or affiliated with the Chinese military.”

On the other hand, there are plenty of reasons to be concerned about a looming data surveillance threat from China, as well as Huawei’s potential role in facilitating it. China has not only stage managed its own 5G network rollout, coordinating everything from radio frequency allocation and city coverage to the prices charged by individual operators, but provides funding that enables domestic hardware makers to compete aggressively for foreign business. Despite its denials on the spying front, Huawei has received government funding, its founder is a former member of the Chinese military, and its business practices led its CFO — the founder’s daughter — to be arrested for violating trade sanctions. Though publicly available evidence suggests that the company’s data security failings resulted from negligence rather than active intent to expose data for surveillance, it’s possible that U.S. intelligence officials are certain that the company created network back doors and left them open; that’s one way spies operate.

Xiaomi is a different story. It makes phones, TVs, watches, electric scooters, and computer peripherals, the most dangerous of which from a data security standpoint are Wi-Fi routers. Moreover, the chips powering Xiaomi’s key products come from companies outside of China, including Qualcomm, and Xiaomi has seemingly given up on producing more of its own components. In other words, despite Xiaomi’s success in some markets, it’s largely repackaging other companies’ technologies, and its only data security risks come from people who buy its handsets or routers — endpoints, rather than elements at the cores of public or private networks.

On initial inspection, placing Xiaomi on a list of Chinese Communist military companies looks like another example of the Trump administration painting with a very broad brush, if not outright tarring and feathering a company just for being Chinese. Prior to now, the most serious allegations against Xiaomi have involved intellectual property infringement — by another Chinese company, Ericsson, and arguably Apple — but nothing involving spying or data security.

Intellectual property issues have long plagued the U.S.-China relationship, and it’s clear that President-elect Biden will need a smarter approach to protecting American companies against idea theft than prior administrations. But in light of the past four years, and despite the other pressing issues that it now faces, the Biden administration cannot afford to continue, modify, or abandon the country’s recent Chinese data security policies without carefully reconsidering all of the evidence, as well as the implications of its choices. Nothing less than the security of global and domestic communications hangs in the balance, with data consequences that could free or bedevil billions of people around the world, quite possibly for many years to come.

VentureBeat

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform
  • networking features, and more

Source: Read Full Article