On December 1, 2018, the Canadian police arrested Huawei VP & CFO, Sabrina Meng Wanzhou, who was transiting at Vancouver Airport, at the request of the U.S. government for mutual legal assistance. Meng Wanzhou was charged with suspicion of violating U.S. export controls and selling sensitive technology to Iran with false accounting information by the U.S. Federal District Court for the East Side of New York. Prior to this, the United States had already banned its government departments from using Huawei’s communications equipment, and asked that its allies, such as Japan, Italy, Germany and other countries, also not use it. This was not a unique position adopted by the United States; New Zealand also announced the ban on Huawei equipment in November 2018. Additionally, Vodafone, which is based in the UK announced a similar ban in early 2019.
Intriguingly, Huawei products, the hardware related to information and communications, have been used for all projects under China’s now-infamous ‘Belt and Road Initiative’. This begs the question: what kind of information security vulnerabilities will Huawei create for countries that adopt its technology?
Taiwan has long expressed its information security concerns towards Huawei, though there are still different views among information scholars. In February 2019, British intelligence agencies unexpectedly stated that Huawei’s factors were ‘controllable’, but opinions were subsequently divided.
The above debate actually derives from different philosophical views. People, who centre on empiricism, believe that information security risks of Huawei’s equipment can only be inferred when actual examples of Huawei’s infringement of information security are identified. However, others, who stand on rationalism ground, consider it sufficient when evidence is enough to infer that ‘information security can be disturbed through such a channel.’; actual examples are not the prerequisite.
As far as the issue of information security is concerned, I prefer to take the rationalist approach in that we should not have to experience a robbery in person to be able to judge whether the dark alley is safe or not. Normally, when we pass through a dark alley and see the coveted eyes of gangsters on both sides of us, we are provided with enough rational evidence to judge that ‘this dark alley is not safe, so I will avoid passing through.’
We must also be aware that there are various types of information security. Routine stealing or monitoring of data is just one example, while waiting for a critical moment to administer a fatal blow is an alternative tactic. In fact, the empiricism is insufficient to respond to the latter attack since the daily breach of information security is not considered a ‘critical moment’. It is not surprising that we can’t find actual proof of such foul play when Huawei’s backdoor program has not yet been activated, because the ‘critical moment’ has not arrived. However, in 2017, there was indeed a case that could be regarded as ‘empirical evidence’.
The Grounding of Drones
From June 29 to July 1, 2017, Chinese State Chairman Xi Jinping attended a ceremony in Hong Kong for the ‘20th Anniversary of Hong Kong’s Return’. As protests against the limitations on freedom and democracy in Hong Kong grew more intense, the Hong Kong government sought to counter what it viewed as defensive measures by the protestors. Many media outlets reported that during Xi Jinping’s visit, all drones in Hong Kong were mysteriously unable to take off. We do understand that drones have the capability to carry explosives, and pose a certain degree of threat to security forces. However, it still cannot explain why hundreds, or even thousands, of drones, were ‘simultaneously’ unable to take flight.
According to a report by the Scientific American, drones are similar to minicomputers with wings and propeller engines. This ‘minicomputer’ must be operated by a mobile phone. The GPS in the computer is designed to track the drone’s current location while also alerting the operator of the relative distance between it and other drones, so as not to interfere with one another. The user’s mobile phone, communicating with the drone through WIFI, knows the location marked by the drone’s GPS, and can control the drone to shoot, spray specific substances, as well as an array of other actions. The captured information can also be relayed by the base station via the mobile phone and sent to a specific company’s (DJI, Huawei etc.) cloud.
It requires several links to complete the above operation: WIFI needs to go through the router; the satellite uploaded by the GPS needs to respond; the minicomputer in the drone needs to receive messages and issue instructions; each base station needs to continuously link and transmit messages one by one; operators need to receive instructions from the mobile phone, etc. Besides the drones that are produced by companies such as DJI and Beidou, the satellites that have been developed by several major scientific research institutes in China and military industry groups, the rest of the equipment such as routers, base station equipment, and mobile phones, are mostly produced by Huawei in Hong Kong.
If China regularly steals information captured and collected by drones, it will obviously leave its footprints. For example, we may find that information of all aerial photography flows to a certain computer or platform. But if Huawei’s purpose is only to bury a ‘back door’ in the software and disable the drone when necessary, then the process is very simple: disable one critical function during Xi Jinping’s visit to Hong Kong. For example, the Beidou satellite can transmit incorrect GPS information at any given moment, undermining the drone’s capability to take off. Or the base station can immediately paralyze the apps’ function to command the drones whenever it receives the signal of the apps’ operation. In other words, if the task is limited to ‘inaction at a critical moment’, Huawei will be able to achieve the above interference without being discovered beforehand.
‘Inaction at a critical moment’ is more terrifying than being unable to take off
Is our scope of the ‘critical moment inaction’ too narrow? Let us imagine the moment occurs in a situation of war. China’s most common projects under the ‘Belt and Road Initiative’ are railways, Internet service, highways, ports, power plants etc., which can be easily installed with hidden backdoor programs. If China wants to stop a certain section of a particular railway at a critical moment, or cause the train collision, the power interruption, even a misleading light signal, it would be extremely easy. We must then ask ourselves this question: whether such a ‘backdoor program’ already exists or not?
(For further information on plotting war in the electronic age, and how outsourcing chips can paralyze enemy fighters and warships, please refer to John Scalzi’s science fiction novel ‘The Ghost Brigades’ (2006).)
In order to prevent the attack coming from the breach of information security at a critical moment, the United States has prohibited the participation of China in almost every information link. All countries along the ‘Belt and Road Initiative’, however, have almost given their entire infrastructure construction to China. In the event of a conflict in the future, these countries are unfortunately destined to be on the ‘Chinese chopping block’.
Many vendors that provide router or base station equipment are American companies, such as Microsoft or Qualcomm. Although it would be foolish to deny that the ‘American Empire’ also harbours geopolitical ambitions of its own, the American government is checked and balanced by the complex and various forces of a democratic society. There exists no relationship akin to command or affiliation between the American government and American companies.
The situation with Huawei, however, is quite the opposite. The boss of Huawei was originally a colonel in the People’s Liberation Army, who miraculously emerged with the support of the Chinese government. Huawei, as a private company, also contains a ‘governmental party secretary’ of the Communist Party of China (CCP). Therefore, this company is indeed comparable to ‘a dark alley with the coveted eyes of gangsters on both sides.’ Although we may lack empirical evidence of the CCP and Huawei’s duplicity, we must endeavour to employ the use of rational thinking when it comes to the capability to disrupt geopolitical mechanisms at will.