SECURITY alerts about Huawei notwithstanding, the Communications Minister Kapil Sibal has chosen it to partner the Indian Institute of Science (IISc) for setting up a security certification lab for telecom gear in India! The National Security Council(NSC) of India in its report on threat perceptions from Foreign Direct Investment has noted, “Huawei’s expanded footprint is not in our national security interest. The company had also tried to procure software clandestinely.”
Predominantly, NSC had raised serious concerns about the company’s relationship with the Chinese Communist Party and the People’s Liberation Army(PLA). But these strict riders have been discarded by Union Telecom Minister Kapil Sibal who has been staunchly defending Huawei in the media over the past few days.
The fundamental threats from Huawei emanate from two issues, first its ownership and second its acts of security breaches.
Who owns Huawei?
Huawei’s real owners are unknown to the world. No one, except a few people in the Chinese government, would know who owns the company. If Huawei is to be believed, Ren Zhengfei, founded the company in 1988 with $ 5,680 capital. Huawei touched a turnover of $ 26 billion in 2010. Ren, the ‘founder’ has only 1.42 per cent equity share of the company.
No one knows who owns the rest 98.58 per cent. The only disclosure made available by Huawei to the world is that its 61,457 Chinese employees own the entire balance through a wholly owned subsidiary called The Union of Shenzhen Huawei Investment & Holding Co Ltd (Huawei Holding). One wonders, from where the money came to build such a massive infrastructure for the company. It could not have come from the salaried employees.
Also, both the two top functionaries of Huawei – Ms Sun Yafang (Chairperson – No.1) and Ren Zhengfei (CEO – No. 2) – had earlier occupied sensitive positions in the Chinese government. Ren was in the People Liberation Army (PLA), while Ms Sun, a very powerful and influential functionary in the Chinese government, worked in the National Security Department (NSD) of the country. When Ms Sun joined Huawei in 1989, a year later when Ren formed the company, she brought with her other about 20 senior officers, who also were working with her in the NSD.
The Annual Report 2010 shows a PBT margin of 7-16 per cent over the last five years. Nevertheless, we are not familiar with the Chinese accounting standards. The auditor KPMG makes two revealing points: “Huawei Technologies Co Ltd is not a public company and is not required to publish its audited consolidated financial statements under the Company Law of the People’s Republic of China” and further down: “We have not performed an audit on the consolidated financial statements summary, accordingly, we do not express an audit opinion”. Conclusion: Like its ownership pattern, Huawei’s accounts are equally opaque leading one to doubt if its operations are in real profits, or whether the company is supported by the Chinese government for strategic reasons.
Cheaper loans to Huawei’s customers by Chinese banks
The Chinese banks provide highly subsidised loans to Huawei’s customers (users of Huawei’s equipment namely telecom operators). Huawei often uses this facility to bag contracts from operators. In 2004, the China Development Bank agreed to offer a $10 billion buyer’s credit line to Huawei’s customers and the amount was subsequently increased to $ 30 billion in 2009. As of February 2011, over $ 10 billion has been loaned to Huawei’s customers by the China Development Bank.
Despite security audit, Huawei is not welcomed in the US
US believes that Huawei poses a threat to the national security and can use technology to steal confidential information in the US or launch network attacks on entities in the US at a specific time. This is despite the fact that Huawei hires independent third-party security companies in the US, such as EWA, to audit its products in order to certify the safety and reliability of the products at the source code level.
Huawei has repeatedly been rebuffed in its efforts to make inroads into the US market. The latest setback came when in February this year the US government’s foreign investment committee recommended Huawei sell assets it had acquired from 3Leaf, a technology company based in Santa Clara, California. Huawei, through its US subsidiary, Futurewei, had acquired the company in July 2010.
Allegations of industrial espionage
In July 2010, Motorola Inc filed suit against Huawei in the US District Court for the Northern District of Illinois, alleging a multi-year plot by Huawei’s senior management to steal proprietary trade secrets from Motorola. The lawsuit alleges that multiple Motorola employees—two of whom identified by name—Shaowei Pan and Hanjuan Jin—colluded with representatives of Huawei, including Huawei’s founder Ren Zhengfei, to steal proprietary technology and pass it to Huawei. The alleged vehicle for some of these transfers was Lemko, a company founded by Shaowei Pan and other Motorola employees in 2002 while they were still employed by Motorola.
MoU with Indian Institute of Science
To counter any national security threat emanating from a telecom network, the government is trying to set up a Certifying Centre at Indian Institute of Science (IISc), Bangalore. This centre will test all the telecom equipment (Software & Hardware) before its installation in the country. This Centre is supposed to detect ‘malwares’, ‘kill switch’ or ‘backdoor’ traps, from national security point of view.
A ‘kill switch’ is any manipulation of the chip’s software or hardware that would cause the chip to die outright. A ‘backdoor’, by contrast, lets outsiders gain access to the system through code or hardware to disable or enable a specific function. Because this method works without shutting down the whole chip, users remain unaware of the intrusion. An enemy could use it to bypass battlefield radio encryption, for instance.
Exposing IISc, a prestigious scientific institution by DoT to Huawei is highly risky. However, Sibal, instead of reviewing his decision, stoutly defended Huawei. Sibal justified his decision stating, “it may be understood that Huawei is not helping IISc Bangalore to setup any Lab, as IISc has already set up the same as part of old pilot project, wherein all the equipments and software are theirs. MoU signed between the IISc and Huawei is more like a non-disclosure agreement so that the information that IISc gets from Huawei is not disclosed to others.”
Apparently, Sibal has not read the contents of the MoU carefully. Nowhere in the MoU it has been stated that Huawei will offer its telecom equipment to IISc for certification. In fact, the MoU clearly indicates Huawei’s assistance for the setting up of a lab. In any case, if IISc has really set-up the lab and geared-up for testing the telecom equipment, then it must notify the same on its web-site giving detailed procedure for application including testing fee. A standard Non-Disclosure-Agreement (NDA) should also be hosted on IISc web site. We have seen the IISc web site, but nothing has been mentioned at all about this kind of certifying lab.
Sibal should remember that even a banker in India insists for duly filled-in form—Know Your Customer (KYC)—for the opening of a bank account. Signing of such an MoU with unknown shareholder (Huawei) having tainted background, is fraught with dangerous ramifications.