Some time ago, the U.S. government banned both Huawei and ZTE from participating in the development or testing of 5G networks in the country over concerns that equipment sold by the two firms in the U.S. could be used by the Chinese government to carry out extensive surveillance on American citizens and the government itself.
Earlier today, Australia followed suit by banning both Huawei and ZTE from participating in the rollout of 5G network infrastructure, stating that the telecommunications giant was "likely subject to extrajudicial directions from a foreign government that conflict with Australian law".
Danielle Cave, senior analyst at the Australian Strategic Policy Institute's International Cyber Policy Centre, told ABC News that by banning Huawei and ZTE, the Australian government wanted to ensure that China could not use its National Intelligence Law to force Huawei and ZTE to spy on Australians.
The National Intelligence Law requires Chinese organisations to "support, assist, and cooperate with state intelligence work" and to provide necessary support, assistance, and cooperation to national intelligence work institutions. The law also states that national intelligence work institutions "are to use the necessary means, tactics, and channels to carry out intelligence efforts, domestically and abroad".
"Huawei could be used to enable espionage, with or without Huawei corporate’s complicity. Espionage doesn’t necessarily require sophisticated ‘backdoors’— even compelling Chinese engineers to assist could enable Chinese intelligence services to get useful access to Australia’s 5G network," noted Tom Uren, a visiting fellow at ASPI’s International Cyber Policy Centre, in an article for The Strategist.
What's stopping the UK from banning Huawei & ZTE?
With the U.S. and Australia banning both Huawei and ZTE from participating in their respective 5G network rollouts, its fair to question what's stopping the UK from taking a similar action considering that domestic network operators have already begun the process of choosing vendors for their respective 5G networks.
Earlier this year, the National Cyber Security Centre fired the first warning flare, warning telecommunication companies in the UK that the deployment and utilisation of equipment and services from ZTE would pose risks to the UK's national security.
"It is entirely appropriate and part of NCSC’s duty to highlight potential risks to the UK’s national security and provide advice based on our technical expertise. NCSC assess that the national security risks arising from the use of ZTE equipment or services within the context of the existing UK telecommunications infrastructure cannot be mitigated," said Dr. Ian Levy, the technical director of the NCSC in a letter to all telecom firms.
However, as far as Huawei was concerned, the NCSC applauded its robust partnership with the firm to develop future technologies and gave no indication about there being any concerns about China carrying out surveillance in the UK using Huawei's devices.
"Huawei is a globally important company whose presence in the UK reflects our reputation as a global hub for technology, innovation and design. This government and British telecoms operators work with Huawei at home and abroad to ensure the UK can continue to benefit from new technology while managing cyber security risks," an NCSC spokesman told The Telegraph.
In fact, according to reports, the UK government even lobbied the Australian government to ensure Huawei wasn't banned from participating in the 5G network rollout.
However, things are beginning to change. Seven years ago, the UK government set up the Huawei Cyber Security Evaluation Centre (HCSEC) to monitor and evaluate the security of Huawei products used in the telecom market. To assess HCSEC's performance, the government also set up an oversight board and entrusted the latter to churn out annual reports that provided the latest updates on the security of Huawei's equipment and products.
The last few annual reports released by the oversight board have revealed the inability of HCSEC to provide complete assurance that Huawei's telecommunications equipment would not pose risk to national security. Firstly, the reports state that a critical third party software being used by Huawei in its telecommunications equipment is ‘not subject to sufficient control’ and secondly, the equipment provided to HCSEC for testing for security vulnerabilities isn't the same as the equipment being used by Huawei in the UK which indicates that the entire process may have been vitiated.
Now that the cat is out of the bag, it remains to be seen if the process of evalating Huawei's products in the UK will be completely redefined or whether the UK will take China's National Intelligence Law into account while considering if Chinese firms should be allowed to participate in upcoming 5G rollout plans.
Earlier this month, Three UK, which used Nokia as its 3G vendor and Samsung as its 4G vendor, selected Huawei as the equipment supplier for its 5G rollout programme after deciding that products offered by Huawei were far superior than those offered by competitors. BT, EE, and Vodafone are also using Huawei-supplied equipment but it's not clear if, in light of the new reports, they will choose Huawei as their vendor for their respective 5G rollout plans.