The Manchurian Network
Don’t believe the U.S. government’s alarming claims that Chinese telecom firm Huawei is a danger to national security.
There’s profound hypocrisy buried in the House report on Huawei. It notes, accurately, that China is a leading sponsor of cyberattacks, and of course it’s also true that the Chinese regime routinely monitors and blocks its own citizens’ use of the Internet. But the report elides that fact that the American government and American tech companies don’t have clean hands when it comes to cyberattacks or spying. In the aftermath of 9/11, the Bush administration launched a program to wiretap Americans’ phone calls without court approval; telecom companies carried out the plan at the request of the government, and they were later granted immunity from civil suits for violating Americans’ privacy. The most effective cyberattack in history was carried out by the United States and Israel: It was the Stuxnet worm, which was aimed at Iranian nuclear facilities but escaped to computers around the world. The program was approved by President Obama himself.
You may argue that none of this is relevant to the Huawei case. If the point is to keep Americans safe from China, the fact the American government has carried out cyberattacks and marshaled telecom companies into spying on people isn’t relevant. But these incidents illustrate that we can’t look to the national origin of our technology to keep us safe. They also paint the House investigation as a crass exercise in protectionism—and one that could easily backfire: Chinese authorities can now ban American telecom equipment on the basis of the U.S. government’s involvement in cyberwarfare and espionage.
In response to the alleged threat posed by Huawei, the British government adopted a much more sensible plan than simply advising companies to stop doing business with the firm. It created an independent testing center that inspects all of Huawei’s equipment for potential threats; Huawei is only allowed to sell products that have passed this inspection. The company called for a similar scheme in the United States, but the House committee rejected the plan.
The reasoning behind this decision was bizarre. Independent evaluations, the report said, would never work because inspectors could never replicate all of the various ways Huawei’s products could be used in the real world. Well, maybe—but couldn’t we at least try implementing testing that mimics real-world conditions? No, said the report. Even trying to evaluate network equipment would be dangerous, because it would create a false sense of security that the equipment was safe.
So if testing wouldn’t work—if testing would actually make networks unsafe—then how should we determine if a particular networking company’s equipment is secure? Only if that firm produces a “convincing set of diverse evidence that a system is worthy of our trust.” That’s a pretty slippery standard. If we’re just going on what we “trust,” without any actual evidence of wrongdoing, then every government will have reason to distrust network technologies made by anyone else. And if that happened, the whole networking thing wouldn’t quite work.
Farhad Manjoo is Slate's technology columnist and the author of True Enough: Learning To Live in a Post-Fact Society. You can email him at email@example.com and follow him on Twitter.