Whether you think Gavin Williamson leaked or not; whether you think such a leak (by Williamson or anyone else) was justified or no; whether you think May was right to sack Williamson for allegedly leaking or not, the Huawei question remains unsettled.
If, as is reported, the Prime Minister hoped to “draw a line” under both the leak and the wider policy dispute by acting so firmly, that has evidently failed. Not only because the former Defence Secretary is vocally protesting his innocence while the Government is unwilling to release its evidence, but because the underlying issue which the leaker was concerned about retains its importance.
It is three and a half years since Nick Timothy warned on this site that the UK was placing itself at risk of espionage and hostile action by allowing China to gain access to its essential infrastructure, from energy generation to telecommunications. His concern went unheeded then, as the Prime Minister has ignored it from many other voices now.
So is there an issue with Huawei? Should the UK be concerned about the company?
First, let’s not make the mistake of treating this as just another private sector provider. After all, China is not just another country. Despite a degree of marketisation and the toleration of the profit motive, it remains a fundamentally authoritarian state, a rising superpower which holds that its own citizens are first and foremost bound to be obedient to the collective interest. It holds no free elections, it tolerates no internal opposition, and it operates vast abuses of human rights – most recently in the huge repression targeted at Uighurs, which includes mass detention in concentration camps for the purposes of ‘re-education’. Domestically and internationally, China is notable in viewing modern communications technology as a threat to be controlled by the state and an opportunity to pry into and restrict its citizens and rivals.
It would be naive not to recognise that any organisation flourishing in these conditions does so only because it is allowed to exist and grow by the consent of the Chinese state. The exact nature of the relationship is a chicken and egg question; what matters is the fact that major Chinese telecoms companies are based in a totalitarian state which requires obedience and is known to run extensive cyber-spying operations around the world. It is an unavoidable fact that the state in question could snuff out such companies if it wished.
So in a simple assessment of risk on a common sense basis, allowing any such provider into sensitive UK infrastructure would appear unwise. What’s more, there are reports of specific concerns about Huawei-provided devices. Bloomberg reports that Vodafone found 26 security issues with equipment from Huawei, including six “critical” and nine “major” security holes, and that these problems were found in several Western countries.
Huawei deny those claims on the basis that these are not backdoors – intentional ways in – but innocent mistakes, a mixture of oversights and legitimate diagnostic tools accidentally not removed after installation. This should be treated with some scepticism. For obvious reasons, deliberate backdoors are designed to appear inadvertent, innocent and therefore deniable – that’s far from unusual in espionage. Furthermore, the report Bloomberg has had access to includes a claim by Vodafone’s then-Chief Information Security Officer at the time that Huawei failed to honestly resolve the issues when they were discovered:
“What is of most concern here is that actions of Huawei in agreeing to remove the code, then trying to hide it, and now refusing to remove it as they need it to remain for ‘quality’ purposes…”
A third and final consideration for the UK should be the position of our closest allies on Huawei. The company is banned from government work in the US and Australia, Canada is considering such a ban, and New Zealand’s security services have forbidden Huawei components from being imported for use in 5G networks. Those four countries, along with the UK, make up the essential Five Eyes intelligence-sharing alliance. If our trusted allies are acting on these concerns, we should take note. What’s more, the US is so concerned about China penetrating UK communications networks via Huawei that they are threatening to withdraw intelligence-sharing if London allows the Chinese firm to take part in 5G.
This is blunt stuff, but hard to ignore. There are sensible reasons to be wary of Huawei, and China’s cyber operations, in principle and, it appears, in practice. By definition there is no way to be certain except to take a severe risk and suffer as a result – it is in the nature of managing risks that we should err on the side of caution.
Even if you are not bothered by the evidence, or by the nature and circumstance of the company in question, and think it a risk worth taking in itself, then the views of our allies should still settle the question. This is a risk too far.