--- --- --- --- Entire Story Below - Must Be Edited --- --- --- --- --- --- ---
Arthur T Knackerbracket has found the following story [arstechnica.com]:
Chinese vendor Huawei has provided a longer response to US allegations of spying, claiming that it doesn't have the spying capability alleged by the US and pointing out that the US itself has a long history of spying on phone networks.
"As evidenced by the Snowden leaks, the United States has been covertly accessing telecom networks worldwide, spying on other countries for quite some time," Huawei said in a six-paragraph statement [huawei.com] sent to news organizations. "The report by the Washington Post this week about how the CIA used an encryption company to spy on other countries for decades is yet additional proof." (That Post report [washingtonpost.com] detailed how the CIA bought a company called Crypto AG and used it to spy on communications for decades.)
Huawei's latest statement came in response to a Wall Street Journal report [wsj.com] yesterday quoting US officials as saying, "We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world." The US has been sharing its intelligence with allies [arstechnica.com] as it tries to convince them to stop using Huawei products but still hasn't made the evidence public.
US allegations of Huawei using lawful interception are nothing but a smokescreen—they don't adhere to any form of accepted logic in the cyber security domain. Huawei has never and will never covertly access telecom networks, nor do we have the capability to do so. The Wall Street Journal is clearly aware that the US government can't provide any evidence to support their allegations, and yet it still chose to repeat the lies being spread by these US officials. This reflects The Wall Street Journal's bias against Huawei and undermines its credibility.
According to the Journal article, telecom-equipment makers who sell products to carriers "are required by law to build into their hardware ways for authorities to access the networks for lawful purposes," but "are also required to build equipment in such a way that the manufacturer can't get access without the consent of the network operator."
The US alleges that Huawei violated these laws by "buil[ding] equipment that secretly preserves the manufacturer's ability to access networks through these interfaces without the carriers' knowledge," the Journal article said.
Huawei's statement claimed that what the US alleges is impossible:
Huawei is only an equipment supplier. In this role, accessing customer networks without their authorization and visibility would be impossible. We do not have the ability to bypass carriers, access control, and take data from their networks without being detected by all normal firewalls or security systems. In fact, even The Wall Street Journal admits that US officials are unable to provide any concrete details concerning these so-called "backdoors."
Huawei said that just like other telecom vendors, it is "obligated to follow industry-wide lawful interception standards like 3GPP's TS 33.107 standard for 3G networks, and TS 33.128 for 5G." The "interception interfaces are always located in protected premises on the operator's side," and are administered and used "solely by carriers and regulators," Huawei said.
"Huawei doesn't develop or produce any interception equipment beyond this," the company said.
Huawei further said it is "indignant that the US government has spared no efforts to stigmatize Huawei by using cyber security issues. If the US does discover Huawei's violations, we again solemnly request the US to disclose specific evidence instead of using the media to spread rumors."
Despite Huawei's denials, the US is pushing ahead with measures designed to reduce the use of its equipment in telecom networks. The Federal Communications Commission voted unanimously [arstechnica.com] in November to ban Huawei and ZTE gear in projects paid for by the FCC's Universal Service Fund, with Chairman Ajit Pai arguing that Huawei and ZTE "have close ties to China's Communist government and military apparatus" and "are subject to Chinese laws broadly obligating them to cooperate with any request from the country's intelligence services and to keep those requests secret."
The US/Huawei dispute helps illustrate the importance of encryption. With governments and malicious actors having covert access to phone networks, individuals can rely on encryption to lessen the risk of their data being stolen.
But the US government has tried to undermine people's access to strong encryption by pushing Apple [arstechnica.com] and other tech vendors to install backdoors [arstechnica.com] in their products. Apple has refused government requests to weaken its products' security [arstechnica.com], saying that backdoors are bound to be discovered and used by malicious people.
US allegations that Huawei secretly uses backdoors that were designed for law enforcement, if true, would bolster arguments from security experts [justsecurity.org] that it's not possible to build backdoors that can only be accessed by their intended users in law enforcement.