Skip to main content

Is Huawei a security threat? Seven experts weigh in

The Verge convened authorities to hear their opinions

Share this story

Illustration by Alex Castro

Update, May 22nd, 2019: Since this article was published, the United States has issued measures effectively blacklisting Huawei. Under a new executive order, US businesses looking to sell to Huawei will need to obtain government approval for the transactions, dealing a severe blow to the Chinese company. In light of the order, we are re-publishing the below article from March, which details the broader concerns that led up to that decision.

The United States government is cracking down hard on Huawei. Lawmakers and intelligence officials have claimed the telecommunications giant could be exploited by the Chinese government for espionage, presenting a potentially grave national security risk, especially as the US builds out its next-generation 5G network. To meet that threat, officials say, they’ve blocked government use of the company’s equipment, while the Justice Department has also accused Huawei’s chief financial officer of violating sanctions against Iran, and the company itself of stealing trade secrets.

Huawei’s response has been simple: it’s not a security threat. Most importantly, the company’s leaders have said the US has not produced evidence that it works inappropriately with the Chinese government or that it would in the future. Moreover, they say, there are ways to mitigate risk — ones that have worked successfully in other countries. Huawei’s chairman has even gone so far as to call the US government hypocritical, criticizing China while the National Security Agency spies around the globe. The company has also denied any criminal wrongdoing.

Huawei’s response has been simple: it’s not a security threat

Earlier this month, Huawei upped the stakes again. In a lawsuit, the company asked a court to find that the US government’s ban on its products is unconstitutional. Huawei’s rotating chairman said that, after failing to convince US lawmakers that its products were secure, they had “no choice” but to make a legal challenge.

Regardless of how the suit shakes out, it will hardly be the last volley in the ongoing battle. Is the US right to target Chinese equipment makers like Huawei, or has the company, as it maintains, been unfairly maligned? The Verge convened experts, from prominent China-watchers to Sen. Marco Rubio, to give their views.

Responses have been lightly edited for length and consistency.

Robert Williams, executive director, Paul Tsai China Center, Yale Law School

If one views 5G telecommunications networks as critical infrastructure, then the lack of smoking-gun evidence that a company has previously rigged its hardware at the behest of a foreign government is not dispositive of whether to allow that company’s equipment in 5G networks. The question is whether the risks of espionage or sabotage are unacceptably high, which depends in part on whether the company can credibly claim to be independent of the foreign government in question. This may help to explain why Western governments broadly agree that Huawei poses security risks, even as they may differ over how to manage or mitigate those risks.

Sen. Marco Rubio (R-FL)

Huawei is a Chinese state-directed telecom company with a singular goal: undermine foreign competition by stealing trade secrets and intellectual property, and through artificially low prices backed by the Chinese government. The Communist Chinese government poses the greatest, long-term threat to America’s national and economic security, and the US must be vigilant in preventing Chinese state-directed telecoms companies, like Huawei and ZTE, from undermining and endangering America’s 5G networks. Future, cutting-edge industries like driverless vehicles and the Internet of Things will depend on this critical technology, and any action that threatens our 21st-century industries from developing and deploying 5G undoubtedly undermines both our national and economic security.

I am not sure we can trust an audit on Huawei any more than we can trust the Chinese government to hand over intelligence showing they do not steal intellectual property from American companies. No audit can reveal a future order from the Chinese government to turn over data to them. The US must develop a long-term, whole-of-government strategy to protect against state-sponsored technology theft and risks to critical supply chains. We must also recognize that the continued threat posed by the Chinese government’s assault on US intellectual property, US businesses, and our government networks and information has the full backing of the Chinese Communist Party.

Qing Wang, professor of marketing & innovation, University of Warwick

Is Huawei a security threat? There is no hard evidence to support this notion, and some of the reasons put forward for this notion are weak. For example, the background of the chairmen of Huawei. Huawei founder Mr. Ren Zhengfei once served in the People’s Liberation Army. As we know, serving in the army was one way of getting out of poverty for people in the countryside, which is where Mr. Ren is from. His time in the army was a short one and he was not in any important position.

“Is Huawei a security threat? There is no hard evidence to support this notion”

In terms of the background of the company, unlike state-owned enterprises such as China Mobile and China Railway Corporation, Huawei is a private enterprise, like Alibaba, Tencent, and Haier, that emerged from the economic reform of China in the 1980s. These enterprises would have never existed, let alone grew, if there was no economic reform and move from planned economy to market economy. State-owned enterprises operate differently from private enterprises. The CEOs of state-owned enterprises are government officials and are directly appointed by the government; they are the products of the old communist legacy. On the other hand, the CEOs of the private enterprises are either the founders themselves, or their offspring who succeed their family businesses. These enterprises have developed their technological capabilities and business acumen through market mechanisms both inside and outside China, and adopted the same business practice and competed with their Western counterparts without preferential treatment from the government. At most, government resources and supports are directed to the state-owned enterprises because they are no longer fit for the new market economy.

For someone like me who has studied emerging market enterprises for decades, Huawei is the textbook case of a great company in the making; unfortunately, it has fallen victim to the anti-globalization policy and sentiment of the US and the ongoing trade war with China. Huawei has been accused of close or even dubious relationships with the Chinese government — hence, a security threat to the Western world. It is true that now that these companies have become competitive in the global market, creating jobs and tax revenue for the government, the government is keen to see that their success can continue. If anything, it is in the interest of Huawei and the government to see the reputation and technological leadership continue rather than being ruined by scandals such as espionage.

Sen. Mark Warner (D-VA)

There is ample evidence to suggest that no major Chinese company is independent of the Chinese government and Communist Party — and Huawei, which China’s government and military tout as a “national champion,” is no exception. Allowing Huawei’s inclusion in our 5G infrastructure could seriously jeopardize our national security and put critical supply chains at risk. It could also undermine U.S. competitiveness at a time when China is already attempting to surpass the U.S. technologically and economically through the use of state-directed and state-supported technology transfers.

This is not about finding “backdoors” in current Huawei products — that’s a fool’s errand. Software reviews of existing Huawei products are not sufficient to preclude the possibility of a vendor pushing a malicious update that enables surveillance in the future. Any supposedly safe Chinese product is one firmware update away from being an insecure Chinese product.

Nicholas Weaver, staff researcher at the International Computer Science Institute, University of California, Berkeley

Sabotage can be really, really subtle. There are entire contests around how you make sabotage almost undetectable, such as the “underhanded C contest.” It is even more so in hardware. For example, you could sabotage the cryptographic random number generator so that if you knew the secret you could predict it, but if not, you can’t.

“Sabotage can be really, really subtle”

This is worse in telecommunications systems, as those systems are specifically designed to be wiretapped, so a little bit of sabotage in the specific wiretap-enabling routines and it would be very, very hard to detect. Plus, you also have the manufacturing: just because the design is what you “certified” doesn’t mean that the thing you buy is what you certified. A single microscopic difference: the addition of a small sabotage chip, and now you lose all your assurances.

Francis Dinha, CEO of OpenVPN

The US is right to treat Huawei as a security threat, but I don’t believe any ban on any equipment is the right solution. No matter what equipment we use for 5G, there will be security risks. With such an exponentially higher amount of data, there will inherently be an exponentially higher risk. But taking a competitor out of the market could lead other companies to get complacent, which would mean US innovation and development could be slowed — which presents an even more severe security risk overall.

Rather than relying on our network to be secure, we ought to seriously consider building an overlay secure virtual network across the 5G infrastructure that could provide end-to-end security, controlled and managed by the 5G network operators. We need guidelines to improve network security, and we need to push to make software for this equipment open-source. Open-source means transparency and security, which is exactly what we need as we move to 5G.

Huawei is a risk, certainly — but there are other ways besides a ban to mitigate that risk. No matter who is making our 5G equipment, we need to be proactive about cybersecurity.

William Snyder, professor of law, Syracuse University

Huawei is a threat to US national security, but that misses the bigger point. Vulnerabilities in the supply chain of network hardware and software is, has been, and will continue to be a threat to the national security of the United States and many other countries, including China. It remains very difficult to audit that a chip with millions of embedded transistors or software with millions of lines of code does only what consumers know and consent to it doing. Even if Huawei is not committing the sort of crimes for which a US grand jury indicted it, any company that supplies such a large percentage of the market for components of telecommunications networks and has such ties to the People’s Liberation Army is a threat. Huawei’s need to operate under Chinese laws about cooperation with Chinese military and intelligence agencies is of concern.

“Huawei’s status as a threat is hardly unique”

Huawei’s status as a threat is hardly unique. Not only are other Chinese companies such as ZTE and China Mobile embedded in the supply chain, but so are those of other countries. Huawei itself buys components from major US firms, including Qualcomm. Those companies are subject to US laws concerning cooperation with US intelligence agencies. Given the essentially free market economy of the United States, rarely, if ever, will a US company be as closely tied to the government as Chinese companies are. Still, if you are a security policymaker of a nation like India — with several times the population of the US — wouldn’t you worry about how many major militaries have back doors into your networks?

As long as conflict occurs at the nation-state level while critical cyber networks are designed and manufactured internationally, we all must be very careful. This is a systemic problem. Currently, Huawei’s size and ties to the PLA make it the focus of concern. In the future, another supply chain threat will take center stage.

Today’s Storystream

Feed refreshed 4 minutes ago Midjourneys

E
External Link
Emma Roth4 minutes ago
Celsius’ CEO is out.

Alex Mashinsky, the head of the bankrupt crypto lending firm Celsius, announced his resignation today, but not after patting himself on the back for working “tirelessly to help the company.”

In Mashinsky’s eyes, I guess that means designing “Unbankrupt yourself” t-shirts on Cafepress and then selling them to a user base that just had their funds vaporized.

At least customers of the embattled Voyager Digital crypto firm are in slightly better shape, as the Sam Bankman-Fried-owned FTX just bought out the company’s assets.


M
Twitter
Mary Beth Griggs34 minutes ago
NASA’s SLS rocket is secure as Hurricane Ian barrels towards Florida.

The rocket — and the Orion spacecraft on top — are now back inside the massive Vehicle Assembly Building. Facing menacing forecasts, NASA decided to roll it away from the launchpad yesterday.


A
External Link
Andrew J. HawkinsTwo hours ago
Harley-Davidson’s electric motorcycle brand is about to go public via SPAC

LiveWire has completed its merger with a blank-check company and will make its debut on the New York Stock Exchange today. Harley-Davison CEO Jochen Zeitz called it “a proud and exciting milestone for LiveWire towards its ambition to become the most desirable electric motorcycle brand in the world.” Hopefully it also manages to avoid the cash crunch of other EV SPACs, like Canoo, Arrival, Faraday Future, and Lordstown.


Asian America learns how to hit back

The desperate, confused, righteous campaign to stop Asian hate

Esther WangSep 26
A
The Verge
Andrew WebsterTwo hours ago
“There’s an endless array of drama going on surrounding Twitch right now.”

That’s Ryan Morrison, CEO of Evolved Talent Agency, which represents some of the biggest streamers around. And he’s right — as you can read in this investigation from my colleague Ash Parrish, who looked into just what’s going on with Amazon’s livestreaming service.


R
The Verge
Richard LawlerTwo hours ago
Green light.

NASA’s spacecraft crashed, and everyone is very happy about it.

Otherwise, Mitchell Clark is kicking off the day with a deeper look at Dish Network’s definitely-real 5G wireless service , and Walmart’s metaverse vision in Roblox is not looking good at all.


J
External Link
Jess Weatherbed11:49 AM UTC
Won’t anyone think of the billionaires?

Forbes reports that rising inflation and falling stock prices have collectively cost members of the Forbes 400 US rich list $500 billion in 2022 with tech tycoons suffering the biggest losses.

Jeff Bezos (worth $151 billion) lost $50 billion, Google’s Larry Page and Sergey Brin (worth a collective $182b) lost almost $60b, Mark Zuckerberg (worth $57.7b) lost $76.8b, and Twitter co-founder Jack Dorsey (worth $4.5b) lost $10.4b. Former Microsoft CEO Steve Ballmer (worth $83b) lost $13.5b while his ex-boss Bill Gates (worth $106b) lost $28b, albeit $20b of that via charity donations.


T
Thomas Ricker6:45 AM UTC
Check out this delightful DART Easter egg.

Just Google for “NASA DART.” You’re welcome.


R
Twitter
Richard Lawler12:00 AM UTC
A direct strike at 14,000 mph.

The Double Asteroid Redirection Test (DART) scored a hit on the asteroid Dimorphos, but as Mary Beth Griggs explains, the real science work is just beginning.

Now planetary scientists will wait to see how the impact changed the asteroid’s orbit, and to download pictures from DART’s LICIACube satellite which had a front-row seat to the crash.


M
The Verge
We’re about an hour away from a space crash.

At 7:14PM ET, a NASA spacecraft is going to smash into an asteroid! Coverage of the collision — called the Double Asteroid Redirection Test — is now live.


E
Twitter
Emma RothSep 26
There’s a surprise in the sky tonight.

Jupiter will be about 367 million miles away from Earth this evening. While that may seem like a long way, it’s the closest it’s been to our home planet since 1963.

During this time, Jupiter will be visible to the naked eye (but binoculars can help). You can check where and when you can get a glimpse of the gas giant from this website.


E
Twitter
Emma RothSep 26
Missing classic Mario?

One fan, who goes by the name Metroid Mike 64 on Twitter, just built a full-on 2D Mario game inside Super Mario Maker 2 complete with 40 levels and eight worlds.

Looking at the gameplay shared on Twitter is enough to make me want to break out my SNES, or at least buy Super Mario Maker 2 so I can play this epic retro revamp.


R
External Link
Russell BrandomSep 26
The US might still force TikTok into a data security deal with Oracle.

The New York Times says the White House is still working on TikTok’s Trump-era data security deal, which has been in a weird limbo for nearly two years now. The terms are basically the same: Oracle plays babysitter but the app doesn’t get banned. Maybe it will happen now, though?


R
Youtube
Richard LawlerSep 26
Don’t miss this dive into Guillermo del Toro’s stop-motion Pinocchio flick.

Andrew Webster and Charles Pulliam-Moore covered Netflix’s Tudum reveals (yes, it’s going to keep using that brand name) over the weekend as the streamer showed off things that haven’t been canceled yet.

Beyond The Way of the Househusband season two news and timing information about two The Witcher projects, you should make time for this incredible behind-the-scenes video showing the process of making Pinocchio.