EU does not downplay the risk associated with the use of 5G hardware, but has so far ruled out an outright ban on Huawei, the main supplier of this technology. Experts: China’s legal framework is the real problem, not technological issues. Chinese tech companies are legally compelled to cooperate with their country’s intelligence services.
Bruxelles (AsiaNews) - The European Union did not directly point the finger at Huawei in a risk assessment on fifth-generation (5G) wireless technology published on October 9, but it is crystal clear that the target of its probe is the Chinese telecom giant. The report came on the back of concerns about the potential dangers posed by the use of Huawei’s 5G hardware in Europe’s sensitive infrastructure and industries.
The European Commission said in its findings that the security challenges in developing and using 5G systems were mainly linked to “the role of suppliers in building and operating” such networks. It also pointed out that non-EU states or state-backed actors – an euphemism for China and Huawei – were the most serious and likely threat to European 5G platforms.
By the end of 2019, the bloc should agree on a string of mitigating measures to address the identified risks.
Huawei is a world leader in 5G, and already provides mobile equipment for many 4G networks in the EU. 5G infrastructure will improve connectivity in the digital economy, notably in sectors such as artificial intelligence, augmented reality and self-driving vehicles.
Under pressure from the United States, EU member countries are considering whether to exclude Chinese tech businesses from building Europe’s 5G broadband network.
The US has repeatedly threatened to reconsider alliances and partnerships with countries that buy cutting-edge Chinese technology.
US leaders say Huawei could act on behalf of China’s government and the People’s Liberation Army through back doors (or vulnerabilities) in the 5G system of other states, spying and sabotaging their critical infrastructure and wireless platforms.
Further, the US government emphasises that the adoption of Chinese technology by NATO countries could endanger the Atlantic alliance’s future military capabilities.
The US blacklisted Huawei in May, meaning it cannot do business with American companies. Japan and Australia have also banned Huawei and ZTE (another top Chinese telecoms company) from their 5G systems.
The EU aims to introduce common measures that can be used at national level to protect sensitive data rather than an outright ban. But the reality is that Huawei has most of its 5G contracts in Europe.
Germany and Britain have turned on Huawei’s technologies for their new 5G infrastructure, while France has so far avoided to use them. Huawei also equips telecom giant Vodafone in Italy, and other companies across Europe.
The Chinese contend that security problems related to 5G technology could be solved through technical solutions.
To dispel US and EU suspicions, Huawei CEO and founder Ren Zhengfei said on September 26 that his company could share 5G technology with western carriers. Besides creating a level playing field for competitors, the licensing of Huawei’s 5G intellectual property would allow the purchaser to change the source code of its future 5G hardware. According to Ren, this would eliminate the risk associated with the use of Huawei’s technology.
But according to the Cooperative Cyber Defence Centre of Excellence (CCDCOE), a NATO-accredited cyber defence hub in Estonia, Western countries cannot totally eliminate the risk of China’s intelligence agencies controlling 5G networks through Huawei, unless they avoid acquiring Chinese technology altogether.
As CCDCOE Law Branch researcher Kadri Kaska put it to AsiaNews, “the security risk [for Huawei users], as perceived by the West, arises from a combination of factors, of which technology is important, but not decisive.”
China’s legal framework is the real problem here, according to Kaska and Henrik Beckvard (another CCDCOE expert). They referred to Chinese tech companies being legally compelled to cooperate with their country’s intelligence services.
Kaska noted that it was fundamentally impossible to secure technology against vulnerabilities that “may enable illegitimate access to critical services, and giving customer control over source code would not fully mitigate this [problem].”
Kaska insisted that most nations and telecommunications operators would realistically not have the resources to make use of Ren’s offer. “Modifying the source code is not a one-time implementation; it requires constant research and engagement by a dedicated team that has a good appreciation of 5G network technology,” he said. “Serious security vulnerabilities have gone undetected even in widely used open source software, despite these being under persistent scrutiny of the global expert community for years.”