April 30, 2021, 3:07 PM
Over the last few years, the Chinese firm Huawei has become an unexpected symbol of technological threat, with the United States rallying allies to limit the company’s global scope. Although it is a private firm, Chinese law and Huawei’s extensive ties to the state have both raised sharp concerns. But while foreign-policy professionals have warned about the threats Huawei represents to national security and economic integrity, the exact nature and scope of such threats remain largely speculative.
But available evidence suggests Huawei represents a serious risk not only to national security but also to commercial activities, as a recent report from the Netherlands confirms. This is important not just for evaluating this one company but as a rubric to approach the threat stemming from the Chinese Communist Party’s techno-nationalist development strategies and its use of nominally private firms—to both national security and commercial enterprises. As the Biden administration prepares for “extreme competition” with China, the conflict over Huawei matters for national security, economic integrity, and supply chain security. Trans-Atlantic conversations are already focusing on how U.S. President Joe Biden should form a global alliance to mitigate risks stemming from Huawei.
Although Huawei founder Ren Zhengfei acknowledges having served in China’s military as a deputy director (a technical rank inside the engineering corps) of the People’s Liberation Army (PLA), he adamantly denies that the Chinese government and the army were involved in the founding of his company. In an interview done as part of sponsored content for the BBC’s Storyworks channel, Ren claims, “Huawei’s registered [start-up] capital was roughly 21,000 yuan [about $3,300]. …We didn’t receive a single penny from the government, and our funds were pooled from individuals.”
However, officials who participated in Huawei’s early expansion tell a different story. For instance, a former mayor of Shenzhen and municipal Chinese Communist Party secretary recalls, after Huawei was founded, “I organized an inquiry, I suggested Hui Xiaobing, president of the Shenzhen Construction Bank, look into Huawei and President Hui decided to lend Huawei 30 million yuan [around $4.5 million]. … And the science and technology bureau provided comprehensive services around Huawei.”
Ren’s rank may have been even higher: A 2012 report from the U.S. House of Representatives Intelligence Committee suggests he was a former director of the PLA General Staff Department’s Information Engineering Academy. That background would have meant he not only had the right experience and qualifications but also the right connections to become an integral part of a paradigm shift in China’s defense industry policy that began in the 1990s to simultaneously advance military and civilian digital, fiber-optics, satellite, microwave, and encrypted high-frequency radio technologies in what the Rand Corp. calls China’s “Digital Triangle” of defense procurement.
The Digital Triangle’s three vertices—China’s booming commercial information-technology companies, state research and development institute and funding infrastructure, and the PLA—were developed by techno-nationalist strategies with high-level bureaucratic coordination and significant state fiscal support. In other words, there is a strong possibility that Ren, either prior to the founding of Huawei or during the company’s early beginnings, was directed by Beijing to lead the civilian side of a “dual use” development strategy that would also supply the Chinese military with the latest telecommunications technologies. This wasn’t just a case of the revolving door between government or the military and the private sector that’s familiar elsewhere, in which Ren used his past position to form valuable contacts. Rather, it seems possible that Ren was recruited to develop R&D for the central government’s decadeslong effort to modernize China’s telecommunications for the defense industry.
The strong relationship between the government and the company is also suggested by the Chinese state’s actions on behalf of Huawei. Spokespeople for Ren and Huawei say the company’s relationship with the government is “no different” from that of any other private company in China. But evidence showing a number of extraordinary measures taken by Chinese officials to protect Huawei, both at home and abroad, suggests otherwise. Ways the state has helped Huawei in times of trouble range from official threats against countries that consider banning Huawei’s participation in their 5G networks to what appears to be the use of hostage diplomacy of foreign citizens, as well as detainment of former company employees who might have legitimate labor claims against Huawei or knowledge of its allegedly illegal acts.
China’s protection of Huawei is also exceptional because it is granted irrespective of allegations of illegality, wrongdoing, and dubious ethics, giving the impression that China sees Huawei’s liability for its own acts as on par with state immunity. No other firm has been granted the same comprehensive assistance by the Chinese government, including ByteDance, whose U.S.-based TikTok operations then-President Donald Trump demanded be sold, and the strategically vital Semiconductor Manufacturing International Corp., which joined Huawei on the U.S. blacklist that denied more than 60 Chinese companies access to crucial technology. In the case of ByteDance, while the Chinese foreign ministry vowed Beijing would retaliate against Trump’s “bullying,” a state media editorial urged the company to defend itself using “legal weapons.”
China’s apparent eagerness to come to Huawei’s aid when needed presents considerable legal and political risks to businesses and governments that strike contracts with Huawei. In June 2020, as the British government deliberated on whether to reverse the decision to allow Huawei’s technology into its 5G network, Beijing warned the United Kingdom that there would be ramifications it said would “ripple far beyond technological concerns.” The Chinese government quickly followed with threats to pull Chinese support for major infrastructure builds in the U.K., including new nuclear plants and the High Speed 2 rail link.
This was not an isolated incident. Beijing’s relationship with Australia began to sour when the latter banned Huawei and ZTE from providing 5G technology for its wireless networks in 2018. In 2020, Beijing imposed high tariffs, anti-subsidy investigations, and customs delays on Australian wine, barley, and beef imports, and the Australian government had to evacuate two citizens working for news organizations in the country after they were aggressively questioned by Chinese police about Cheng Lei, an Australian journalist who is still under detention in China.
Other experts on the Chinese party-state share the belief that Huawei’s often repeated declarations of commercial independence are a sham. Tim Rühlig of the Swedish Institute of International Affairs presents compelling evidence that while Huawei may be formed as a privately owned company, its owners do not have complete control over it. He cites information provided by the company itself as confirmation that Huawei is controlled by the Chinese government and, thus, potentially serves as one of its political instruments.
But what does this all mean on the ground? Reports alleging that China and Huawei engage in espionage activities stoke national security concerns, because they suggest that Huawei, whether willingly or unwillingly, operates as an agent of Chinese espionage. Ren categorically denies such reports. He asserted in 2019, “As a company, we already made it clear to the world that we can sign no-spy agreements, and that we have not and will never implant backdoors.” Similarly, Alykhan Velshi, vice president of Huawei Canada, also claimed, “We sell technology all around the world, but we don’t operate it. We don’t know how our customers choose to operate it.”
But evidence contradicting Huawei’s cyber-espionage denials has been mounting for a while. In 2018, France’s Le Monde reported that IT department staff at the African Union’s headquarters in Addis Ababa, Ethiopia, found data transfers on its servers had been peaking after hours from January 2012 to January 2017. On further investigation, they discovered that the AU’s internal data was being stored on unknown servers hosted in Shanghai. Huawei had installed the system and remained the AU’s key information and communications technology provider. It asserted it was unaware of the data transmission, but experts questioned how a breach so large could go unnoticed for 1,825 days in a row. Two years later, senior security officials in Uganda and Zambia told the Wall Street Journal that Huawei technicians played a direct role in helping their governments spy on political opponents, and that Huawei staff had encouraged security officials to travel to Algeria to study Huawei’s “intelligent video surveillance system,” which Uganda subsequently purchased for $126 million.
A greater worry, as Zach Dorfman, senior staff writer on national security and cybersecurity for Aspen Digital and a senior fellow at Carnegie Council for Ethics in International Affairs, wrote in Foreign Policy’s recent series “Into the Breach: How Data Is Driving the New U.S.-China Cold War,” is the tightening of the embrace between China’s intelligence services and Chinese businesses “under Xi’s intensifying authoritarianism [since] Beijing promulgated a new national intelligence law that compels Chinese businesses to work with Chinese intelligence and security agencies whenever they are requested to do so.”
So far, there has been little legal evidence put forward by Huawei or anyone else that provides substantial reassurance that it or any of China’s other big tech champions could decline to cooperate with Chinese intelligence if they wanted to do so. One former Huawei employee put it bluntly: “The state wants to use Huawei, and it can use it if it wants. Everyone has to listen to the state. Every person. Every company and every individual, and you can’t talk about it. You can’t say you don’t like it. That’s just China.”
Inside Huawei, it is no secret that employees often work with intelligence officials embedded in the company. Moreover, under China’s far-sweeping new cybersecurity law, companies in China are now required to use state-certified network equipment and software that will make their data, as well as their internal and external electronic communications, fully visible to China’s Cybersecurity Bureau. More alarmingly, exceptions are no longer available to foreign enterprises, and virtual private networks are in effect completely banned. This means that any company from any location that does business with Huawei or any other China-based company in any location will expose itself to potential data breaches and violations of data privacy and trade secret laws.
Finally, Huawei’s history is cluttered with allegations of intellectual property theft and unethical conduct, according to the Wall Street Journal. In 2020, the U.S. Department of Justice returned a 16-count superseding indictment to federal court in the Eastern District of New York that added “a charge of conspiracy to steal trade secrets” to an earlier charge of racketeering against Huawei. The department’s press release stated the indictment was based on the “company’s alleged long-running practice of using fraud and deception to misappropriate sophisticated technology from U.S. counterparts.”
The company’s record in China itself appears little better. Despite past reports linking Huawei’s technology to China’s oppressive surveillance of ethnic minorities in Xinjiang, the company has always denied it was directly involved in the exploitation of Uyghurs. However, in 2019, the Australian Strategic Policy Institute published a report based on a trove of leaked documents that mapped the main technology providers supporting the region and clearly showed Huawei’s active participation in Xinjiang’s surveillance ecosystem and detention camps.
The researchers used archived company and government webpage announcements of Huawei’s joint cooperation with Xinjiang authorities to show the company has been working directly with a local police department on cloud computing since 2011, and with Urumqi city government on a public security project since 2018. This evidence plainly contradicts statements that Huawei made in response to questions from the U.K. House of Commons Science and Technology Committee that it only works with third parties in Xinjiang.
In 2020, Lawyers for Uyghur Rights argued, “Huawei plays an integral part in the systematic oppression of the Uyghur and other Turkic people in the Xinjiang Uyghur Autonomous Region … which amounts to crimes against humanity and a breach of jus cogens norms of international law.” Since then, reports have emerged that Huawei experimented with facial recognition artificial intelligence for ethnic profiling against the Uyghurs. Reports of forced labor exploited by Huawei are numerous and well documented. All this raises the risk of companies that do business with Huawei being caught up in the growing web of sanctions against Xinjiang officials and institutions.
The risks of dealing with Huawei are not limited to national security or IT governance, risk management, and compliance. Rather, there are additional and broader risks to the global business community. Put differently, Huawei’s threats to open society are more comprehensive than previously thought. Both the national security and the business communities need to reexamine the risk factors we identify in this article before partnering with Huawei. Most importantly, we caution that Huawei represents what the 2019 Brookings report “Exporting digital authoritarianism: The Russian and Chinese models” describes as “the use of digital information technology by authoritarian regimes to surveil, repress, and manipulate domestic and foreign populations,” and, as a key player in an intense geopolitical and strategic rivalry, the company poses grave threats to open society as well as free markets.