UK, Germany demand more evidence in Huawei case as US files suit

More countries, including Germany, are backing away from imposing outright bans on Huawei and ZTE in 5G, or other national infrastructure contracts. Despite pressure from the US, many governments are also feeling the pressure from their own operators, which are furious at the prospect of being denied access to the Chinese companies’ innovations and price competitiveness.

Huawei spent much of the run-up to Mobile World Congress, and the show itself, on a charm offensive, to persuade governments they were not risking their security by supporting the company. However, now it has gone on the offensive too, launching legal actions in North America.

In the US, Huawei has filed suit in Texas (the site of its US headquarters) to challenge a new law, the National Defense Authorization Act, which bans federal agencies from buying its products. It argues the ban is unconstitutional because it singles out a specific group for punishment without a trial.

“This ban not only is unlawful, but also restricts Huawei from engaging in fair competition, ultimately harming US consumers,” the Chinese firm’s deputy chairman Guo Ping said at a press briefing in China.

President Trump signed the act into law in August, at the height of the current wave of hysteria about possible threats to US national security from Chinese firms, which have become intertwined with ongoing trade wars. The US has been lobbying its allies to follow suit and bar Huawei and ZTE from 5G contracts, but only Australia and Japan have complied, though many countries are engaged in investigations.

Huawei has also filed a lawsuit in Canada, in the name of its CFO Meng Wanzhou, who was arrested on December 1 in that country at the request of the US, which wants her extradited to face charges of breaching trade sanctions while at Skycom Tech (which the US claims is controlled by Huawei). The legal case is against the Canadian government, border agency and police, claiming Meng’s interrogation and detention violate constitutional rights. Meng – the daughter of Huawei’s founder – is out on bail.

Meanwhile, two of the major economies engaged in security reviews of the Chinese vendors, the UK and Germany, look unlikely to impose blanket bans, though they may insist on stricter guarantees.

In the UK, the MNOs have been arguing forcefully to be allowed to continue to choose Huawei kit. BT has said the firm is currently the “only 5G supplier” for the RAN, though it is removing Huawei equipment from the core network of its mobile subsidiary, EE. The fourth operator, 3UK, has selected Huawei for its next generation network, replacing Nokia and Samsung. And Vodafone has upped the ante by increasing the number of cities where it plans to launch 5G by year end, from 12 to 19, while pointing out that this roadmap will be derailed if Huawei is banned.

Such a ban would set UK 5G back by at least a year and cost operators hundreds of millions of pounds by reducing competition and forcing network replacements, argued Vodafone, echoing similar arguments made by O2 and 3UK.

Speaking at a press briefing in London last week, Vodafone’s CTO, Scott Petty, said that a ban would cost the UK its bid to be a 5G leader in Europe, saying: “The impact would be really significant. The first iterations of 5G will be Non-Standalone, meaning that they rely on elements of existing 4G networks. If Huawei was to be banned and we were forced to remove them from our network, we would need to go to 32% of our 18,000 base stations that are currently using Huawei for radio access and replace all of those with somebody else’s technology, and then deploy 5G on top of that.”

That would come at a cost of hundreds of millions of pounds, and would “dramatically affect our 5G business case. We would have to slow down the deployment of 5G very significantly, in order to go back and reset our 4G network first. We think that would be the wrong thing to do. We are talking about an area of the network, the RAN, that is very low risk and low impact,” added Petty.

The core is more sensitive – Vodafone has suspended installation of Huawei equipment in its core networks in Europe and does not use the vendor in its UK core (nor do O2 or 3UK).

The press conference came amid reports that the UK is considering a cap on the amount of Huawei equipment an operator would be allowed to deploy, limiting the vendor to 50% or less of the network. It is not clear how that would be calculated, but most MNOs use more than one supplier anyway so such a cap could be just a sop to the US, with limited real impact except to irritate the MNOs. Despite speculation that a report from the UK’s National Cyber Security Centre would be hard on Huawei, in fact it is now reported to be recommending that a ban is unwarranted.

Vodafone UK’s general counsel, Helen Lamprell, called on the UK government to provide proof of the allegations against Huawei, or let the MNOs make a free choice. “If there is any evidence, then we’d love to see it, but so far we haven’t seen any evidence at all,” she said.  Petty supported that – when asked whether any CTO in the industry had ever told him that Huawei left back doors in its networks for the Chinese government to access, he said, “There is no evidence of that whatsoever.”

Germany is taking a similar ‘show us the evidence’ line. “We regularly adapt the applicable security requirements to the current security situation and the state of the art,” said Jochen Homann, president of the regulator, Bundesnetzagentur. “The security requirements apply to all network operators and service providers and they are technology-neutral, covering all networks, not just individual standards such as 5G.”

Bundesnetzagentur plans to release a draft of new rules for feedback over the next couple of weeks. They include requirements that critical components can only be used in communications infrastructure with a certification recognized by the Federal Office for Information Security (BSI); and that employees who install or manage this equipment will also have to be certified by German authorities.

And, in an echo of the UK caps suggestion, redundancy must be built into the networks by using multiple vendors.

Meanwhile, Huawei itself has opened a Cyber Security Transparency Centre in Brussels. Deputy chairman Ken Hu said: “Trust needs to be based on facts, facts must be verifiable, and verification must be based on common standards. We believe that this is an effective model to build trust for the digital era. Safeguarding cybersecurity is considered to be a responsibility held by all industry players and society as a whole. Growing security risks are significant threats to future digital society.”

The company says the Centre has three main functions:

  • to showcase Huawei’s end-to-end cybersecurity practices and solutions.
  • to facilitate communication between Huawei and key stakeholders on cybersecurity strategies and privacy protection. Huawei will work with partners to explore and promote the development of security standards and verification mechanisms.
  • to provide a product security testing and verification platform and related services to Huawei’s customers.