This is the first time the US has given any details about how it thinks Huawei spies on people though mobile telecoms.
- The US government accused Huawei of spying on people by exploiting telecoms "back doors" intended for use by law enforcement, The Wall Street Journal reported on Wednesday.
- The US has repeatedly accused Huawei of spying for the Chinese government, but this is the first detail it's given about how it thinks Huawei does it. Huawei has denied the allegations.
- The US has for years been pressuring tech companies like Apple and Facebook to build vulnerabilities for law enforcement to access encrypted devices and messages.
- Tech companies have argued against building back doors, saying malicious actors would be able to exploit them.
- Visit Business Insider's homepage for more stories.
The US accused Huawei of spying on people through technological "back doors" intended for use by law enforcement, The Wall Street Journal reported on Wednesday.
According to The Journal, US officials say Huawei has had this technology for over a decade. The US kept this information highly classified until it started sharing it last year with allies like Germany and the UK in a bid to get them to freeze out Huawei equipment from their 5G networks, the report said.
The US has long accused Huawei of acting as a conduit for Chinese government spying, but this is the first time it's provided details about how it thinks Huawei does this. Huawei has repeatedly denied that it spies for China.
Specifically, officials told The Journal that Huawei built equipment allowing it to tap into telecoms using interfaces designed only for law enforcement without alerting the carriers. "Huawei does not disclose this covert access to its local customers, or the host nation national-security agencies," a senior US official told the newspaper.
Officials who spoke with The Journal didn't say whether they'd observed Huawei exploiting this access or give technical details other than that they first spotted it in 2009 on 4G equipment.
Huawei pushes back
In a statement to Business Insider, a Huawei spokeswoman pushed back on the allegations in The Journal's report.
"US allegations of Huawei using lawful interception are nothing but a smokescreen — they don't adhere to any form of accepted logic in the cyber security domain. Huawei has never and will never covertly access telecom networks, nor do we have the capability to do so," she said.
"Huawei is only an equipment supplier. In this role, accessing customer networks without their authorization and visibility would be impossible. We do not have the ability to bypass carriers, access control, and take data from their networks without being detected by all normal firewalls or security systems. In fact, even The Wall Street Journal admits that US oﬃcials are unable to provide any concrete details concerning these so-called 'backdoors.'" the spokeswoman added.
Huawei also accused the US of hypocrisy. "As evidenced by the Snowden leaks, the United States has been covertly accessing telecom networks worldwide, spying on other countries for quite some time. The report by the Washington Post this week about how the CIA used an encryption company to spy on other countries for decades is yet additional proof," the spokeswoman said, adding that The Journal's coverage displayed a "bias" against Huawei.
The perils of building back doors
The US government's latest allegation against Huawei highlights a security argument that the US has long been wrangling with tech companies about: whether it's safe to build privacy vulnerabilities for law enforcement to use.
The US has for years pressured big tech companies to build methods for allowing law enforcement to circumvent security measures like encryption.
In 2016, the FBI started a long-running feud with Apple when it asked for the company's help breaking into the iPhone of a suspect in a mass shooting. Apple refused, saying that its encryption meant it didn't have access to customers' passwords and that building any security flaw that would allow the FBI to break in by other means would mean weakening its security overall.
The case led to a huge standoff between Apple and the government, which Apple eventually won when the FBI announced it had found a third party to unlock the iPhone and dropped the case.
After the FBI recently requested Apple's help opening another iPhone, President Donald Trump lashed out at the tech giant, tweeting that "they refuse to unlock phones used by killers, drug dealers and other violent criminal elements."
Meanwhile, Attorney General William Barr has pressured Facebook to build methods for law enforcement to access encrypted messages on WhatsApp and asked it to hold off on encrypting its other messaging services.
Michael Veale, an expert in digital rights and regulation, told Business Insider that the pressure to build back doors in encrypted services was dangerous.
"Cryptography is so heavily relied on by financial services, businesses, electronic commerce, whistleblowers, journalists, and governments," he said. "Introducing back doors weakens the internet for everyone, and leaves it so much more vulnerable to everyone from cybercrime rings to authoritarian regimes."
"The US government's concern about possible backdoors in Huawei-built networks only underscores why it is untenable for the government to demand that US-based tech companies create backdoors for domestic law enforcement agencies. Once built, these mechanisms can be co-opted by governments around the world," Andrew Crocker, Senior Staff Attorney at the Electronic Frontier Foundation, told Business Insider
Veale added that governments should invest in investigative powers that use the vast amount of internet data that isn't encrypted.
"The world isn't 'going dark' to law enforcement because of encryption; law enforcement are going blind to the huge amount of unencrypted data that is available to help investigations," he said. "It does not follow that because criminals, like all of us, now communicate online, catching them should become as simple as a web search.
"If anything, this new encryption debate highlights the greediness, laziness, and cost-cutting desires of national governments and their willingness to throw fundamental rights and economic trust under a bus in search of a shortcut to avoid investing in proper investigative capacity."