China-based Huawei and ZTE pose a national-security threat to the U.S. because of spying and stealing of data that could be done on behalf of the Chinese government through any network based on vendors' network service provider gear, according to an investigative report issued Monday by the U.S. House Intelligence Committee.
RELATED: Cisco said to cut ties to ZTE
The U.S. House Intelligence Committee, under the leadership of its chairman, Mike Rogers (R-Mich.), came to this stark conclusion in its "Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE." Here's a look into what the 50-plus page report, said to have taken a year to complete, indicates is the basis for defining these Chinese-based firms as a national-security threat to the U.S.:
- There are significant gaps in available information about the Chinese telecommunications sector, history and operation in the U.S. and Huawei's and ZTE's "potential ties to the Chinese state" or whether the companies "provide Chinese intelligence services access to telecommunications networks."
- Neither Huawei nor ZTE "was willing to provide sufficient evidence to ameliorate the Committee's concerns" or provided specific information about its relationship with the Chinese Communist Party Committee.
- Huawei in particular is said to have provided inadequate information about its corporate structure, history, ownership, operations or financial arrangements.
- The House Committee has uncovered what may be evidence that Huawei may be violating U.S. laws "from industry experts and current and former Huawei employees" and these "allegations" will be passed along to U.S. executive branch agencies for further review, including investigation.
The U.S. House Committee report recommends:
- The U.S. "should view with suspicion the continued penetration of the U.S. telecommunications market by Chinese telecommunications companies."
- The Committee on Foreign Investment in the U.S. "must block acquisitions, takeovers or mergers involving Huawei and ZTE given the threat to U.S. national security interests."
- U.S. government's "particularly sensitive systems" shouldn't include Huawei or ZTE equipment.
- The U.S. commercial sector outside of government should consider ZTE and Huawei as a long-term security risk and should seek other vendors for their projects.
- Congress and government agencies should investigate unfair trade practices; Chinese companies should become open and transparent based on Western standards and Congress should consider legislation to "address the risk" from telecom companies with nation-state ties. Such legislation may include an expanded government role by the Committee on Foreign Investment in the United States to include looking at purchasing agreements.
The main argument in the House Committee report is that the Chinese government and its intelligence agencies, already believed to be conducting massive cyber-espionage against the U.S., can call upon Huawei or ZTE to work for China "for malicious purposes under the guise of state security."
The Committee report said Huawei and ZTE object to having the focus on them alone, and the report says this was done because these two companies "are the two largest Chinese-founded, Chinese-owned telecommunications companies seeking to market critical network equipment to the United States."
The report says House Committee staff last February went to Huawei corporate headquarters in Shenzhen, China, to meet with officials there, including: Ken Hu, Huawei's deputy chairman of the board and acting CEO; Evan Bai, vice president of the treasury management office; Charlie Chen, senior vice president in charge of Huawei (U.S.); Jiang Xisheng, secretary of the board; John Suffolk, global security officer; and Rose Hao, export regulator.
In April, Committee staff met in Shenzhen with ZTE executives, too: Zhu Jinyun, senior vice president of U.S. and North American market; Fan Qingfeng, executive vice president of global marketing and sales; Guo Jianjun, legal director; Timothy Steinert, independent director of the board and Alibaba counsel; Ma Xuexing, legal director; Cao Wei and Qian Yu, both with the security and investor relations within the Information Disclosure Office; and John Merrigan, attorney with DLA Piper.
The report says other meetings occurred, but the House Committee did not feel their questions and need for documentation were answered and said answers were sometimes evasive.
The Committee wanted to understand any formal role of the Chinese government or Chinese Communist Party with the companies. The report says it believes Huawei and ZTE "failed to assuage the Committee's significant security concerns presented by their continued expansion in the United States."
The Committee report also makes vague accusations related to what Committee investigators supposedly heard from "industry experts and former and present employees" about the two companies. For instance, the report says it heard from several former employers that Huawei uses "patented material from other firms," though it isn't specific, and that Huawei may be evading licensing requirements related to software applications for its employees.
There are also allegations that Huawei employees visiting from China on tourist or conference visas are working full time in the U.S. for Huawei in violation of U.S. immigration laws, and the House Committee intends to share its information with the Department of Homeland Security. Other allegations concerned supposed fraud and bribery when seeking contracts in the U.S. There are also allegations from employees about supposed discrimination and how it's "difficult if not impossible for any non-Chinese national to be promoted in Huawei offices in the U.S."
The Committee report asserts that undisclosed companies in the U.S. using Huawei or ZTE equipment have "experienced odd or alerting incidents" using the Chinese manufacturers' equipment "which they declined to make public." The report says it heard current and former employees tell of "flaws" in Huawei and ZTE equipment and "potentially unethical or illegal behavior by Huawei officials."
The Committee says it didn't attempt a review of Huawei or ZTE equipment. But it said it heard allegations of backdoors or "unexpected elements" in both companies' products.
The Committee report concludes it did not receive fully documented answers to its main questions about how Huawei and ZTE are connected to the Chinese government and military, and that the two companies treat their internal documentation as a "state secret." But the report also said that Huawei "admits that the Chinese Communist Party maintains a Party Committee within the company," though it failed to explain what it does exactly or who's on that committee. Huawei apparently responded this is a typical practice for companies in China. When it came to the question of whether Huawei gets special financing from the Chinese government, the report says Huawei denies that it does but refused to answer how its credit lines developed.
"Huawei's connection to the Chinese Communist Party is a key concern because it represents the opportunity for the State to exert its influence over the decisions and operations of a company seeking to expand into the critical infrastructure in the United States," the House Committee report states. The report also says it received from former Huawei employees some internal documentation that indicates that Huawei provides special network services to what the employee believes to be "an elite cyber-warfare unit" with the Chinese People's Liberation Army. The report says Huawei did acknowledge it provides network products of a wide variety for the Chinese military, but declined to discuss research and development.
The report says the Committee learned that privately held Huawei is structured to have 60,000 shareholders but that a shareholder agreement gives Huawei Founder and President Ren Zhengfei veto power. Huawei officials also explained to the Committee that Chinese law forbids foreigners from holding shares in Chinese companies without a special waiver.
The report also said it doesn't believe Huawei's claims that Huawei USA is operated largely independently of the parent company in China after the Committee interviewed current and former employees of Huawei USA who described the company otherwise.
Huawei is known to provide equipment to Iran, but has said it plans to scale back operations there. The House Committee said Huawei refused to provide documents relating to that decision.
Huawei did apparently provide the House Committee with a list of its major customers in the U.S., said to be: Cricket Communications; Clearwire; Cox TMI Wireless; Hibernia Atlantic; Level 3/BTW Equipment; Suddenlink; Comcast; and Bend Broadband.
ZTE also took a beating in the report, with ZTE pressured by the House Committee to acknowledge that 19 individuals who serve in the Communist Party Committee are either major shareholders or on the ZTE board of directors. The House Committee said it agreed to ZTE's request to not make the names of these individuals public. But the House Committee reiterated that part of the general concern is that the exact role of the Chinese Party Committee at ZTE remains unknown. The report also says that in a meeting with House Committee staff in Shenzhen, officials admitted they were willing to lose money on projects in the U.S. to get a foothold in the U.S.
Here's a link to the full report.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: [email protected]
Read more about wide area network in Network World's Wide Area Network section.