The concerns about Huawei are that it could construct “back doors” or other vulnerabilities into the 5G equipment that will be the backbone of communications networks of the future. No one has provided proof that such vulnerabilities exist, and Huawei insists it follows the law where it operates. But the skepticism is partly based on concern about the Chinese system, dominated by a party-state that can make demands on corporations. An added note of caution has been injected by a U.S. Justice Department indictment that alleges Huawei workers stole important intellectual property from T-Mobile, and that the company had a bonus program for employees who swiped confidential information from competitors.
Now, Britain, an important market for Huawei, has made public a disturbing report about Huawei software. In 2010, Huawei set up an engineering center in Banbury, Oxfordshire, to help the British government mitigate risks to national telecommunications infrastructure, with an oversight board chaired by a top British cybersecurity specialist who reports directly to the director of the Government Communications Headquarters, or GCHQ, the British agency equivalent to the U.S. National Security Agency. The latest report from this board is sharply criticial of Huawei, saying it can “only provide limited assurance” to British government officials that risks to Britain’s national security and critical networks could be reduced in the long term.
This finding is not about the potential “back doors,” nor about China’s overweening party-state, but is just as worrisome. After discovering problems last year, the board said “no material progress has been made by Huawei” on those problems and it found “further significant technical issues” in Huawei’s software and engineering processes. Huawei has promised a $2 billion, five-year effort to fix the issues, but the oversight board said it has “not yet seen anything to give it confidence in Huawei’s capacity to successfully complete” the promised changes. The board added that “strongly worded commitments from Huawei in the past have not brought about any discernible improvements.” Among other things, the board said it found sloppiness in software coding; sometimes “developers may be actively working to hide bad coding practice rather than fix it.”
Britain will be making decisions soon about its strategy for 5G communications. Huawei is already largely excluded from U.S. networks, and in recent years, U.S. allies have been urged to avoid putting the company’s products at the core of future networks. Those warnings should be heeded. Sometimes it is important to believe what you hear — and the latest from London is not reassuring.