Uncle Sam: Secretly spying on networks around the world without telling anyone, Huawei? But that's OUR job

Chinese mega-maker denies latest allegations of backdoor shenanigans


Updated An almighty row broke out on Tuesday over the cops-only backdoor Huawei builds into its cellular network products and who exactly can access it.

The US government, via an anonymously sourced story in the Wall Street Journal, said this so-called "lawful interception interface" is baked into Huawei's cellular network gear, and that it can be secretly accessed remotely by Huawei staff, and that this capability has existed for more than a decade.

This would be bad because, according to the government, Huawei staff can be ordered by Beijing to exploit this remote access to covertly monitor people's communications and internet traffic without carriers' permission or knowledge. In effect, it is claimed, the backdoor can be used by the Chinese government to spy on any network in the world that uses Huawei's gear.

The newspaper noted that US intelligence officials conveniently declined to say whether or not they had seen Huawei inappropriately breaking into networks to snoop on folks.

Huawei has denied the accusation. Well... it denied it has or will silently access the lawful interception interface behind carriers' backs. The interface is an industry standard and definitely present – so that network operators can provide communications to criminal and government investigators – Huawei's just pinky-swearing it would never abuse this feature nor access it without permission. Its staff can drill into a network, presumably to do some remote management or assistance, but only with carriers' approval.

The Chinese mega-maker said in a statement:

Huawei has never and will never do anything that would compromise or endanger the security of networks and data of its clients. We emphatically reject these latest allegations. Again, groundless accusations are being repeated without providing any kind of concrete evidence.

The use of the lawful interception interface is strictly regulated and can only be accessed by certified personnel of the network operators. No Huawei employee is allowed to access the network without an explicit approval from the network operator.

These claims of covert surveillance are made time and time again by US government officials, that Huawei bugs its gear to allow Beijing officials to break in at will and spy on any mobile carrier – and their subscribers – that uses Huawei hardware. With that argument, America has pressed its allies, particularly Germany and the UK, to stop deploying Huawei equipment. We note that, funnily enough, the WSJ article was penned by its Germany bureau staff.

barr

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

READ MORE

At the heart of this latest report, which is light on technical detail, is the claim that the remote access would be carried out by Huawei, under orders from China, without any notification to the mobile carrier – which Huawei denies.

This therefore puts Uncle Sam in an amusing spot. It can't be against the concept of lawful interception interfaces in Huawei's gear because it, too, wants the ability to snoop on people on demand. Don't forget, as well as wanting to cripple strong encryption with Feds-only backdoors, the US government maintains laws that require networks and equipment makers grant agents access to certain information on demand – though those laws require cooperation from the carriers and manufacturers, and not unilateral, silent access.

Thus, the US government is left railing against Huawei for, allegedly, maintaining the ability to silently and secretly snoop on networks.

Because God forbid anyone secretly spies on people without warning, such as by intercepting data-center links, or bugging routers in transit, or championing flawed cryptographic algorithms, or straight-up breaking into foreign telcos... and, yeah, you get the picture.

If anyone's going to silently snoop on anyone, it's Uncle Sam – not China, thank you very much. ®

Updated to add

Huawei has sent us a few more details about its lawful interception interfaces, while still denying Uncle Sam's claims:

US allegations of Huawei using lawful interception are nothing but a smokescreen – they don't adhere to any form of accepted logic in the cyber security domain. Huawei has never and will never covertly access telecom networks, nor do we have the capability to do so.

Huawei's role as a telecoms vendor is to provide equipment that follows 3GPP/ETSI standards, just like every other vendor. We are obligated to follow industry-wide lawful interception standards like 3GPP's TS 33.107 standard for 3G networks, and TS 33.128 for 5G. This is where Huawei's obligations with regards to lawful interception end.

The actual administration and use of lawful interception interfaces is conducted solely by carriers and regulators. Interception interfaces are always located in protected premises on the operator's side, and they are operated by employees who are vetted by the government in the countries where they operate. Operators have very strict rules to operate and maintain these interfaces. Huawei doesn't develop or produce any interception equipment beyond this.

Huawei is only an equipment supplier. In this role, accessing customer networks without their authorization and visibility would be impossible. We do not have the ability to bypass carriers, access control, and take data from their networks without being detected by all normal firewalls or security systems.


Other stories you might like

  • America edges closer to a federal data privacy law, not that anyone can agree on it
    What do we want? Safeguards on information! How do we want it? Er, someone help!

    American lawmakers held a hearing on Tuesday to discuss a proposed federal information privacy bill that many want yet few believe will be approved in its current form.

    The hearing, dubbed "Protecting America's Consumers: Bipartisan Legislation to Strengthen Data Privacy and Security," was overseen by the House Subcommittee on Consumer Protection and Commerce of the Committee on Energy and Commerce.

    Therein, legislators and various concerned parties opined on the American Data Privacy and Protection Act (ADPPA) [PDF], proposed by Senator Roger Wicker (R-MS) and Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-WA).

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading
  • Xi Jinping himself weighs in on how Big Tech should deploy FinTech
    Beijing also outlines its GovTech vision and gets very excited about data

    China's government has outlined its vision for digital services, expected behavior standards at China's big tech companies, and how China will put data to work everywhere – with president Xi Jinping putting his imprimatur to some of the policies.

    Xi's remarks were made in his role as director of China’s Central Comprehensively Deepening Reforms Commission, which met earlier this week. The subsequent communiqué states that at the meeting Xi called for "financial technology platform enterprises to return to their core business" and "support platform enterprises in playing a bigger role in serving the real economy and smoothing positive interplay between domestic and international economic flows."

    The remarks outline an attempt to balance Big Tech's desire to create disruptive financial products that challenge monopolies, against efforts to ensure that only licensed and regulated entities offer financial services.

    Continue reading
  • Brave roasts DuckDuckGo over Bing privacy exception
    Search biz hits back at 'misleading' claims, saga lifts lid on Microsoft's web tracking advice

    Brave CEO Brendan Eich took aim at rival DuckDuckGo on Wednesday by challenging the web search engine's efforts to brush off revelations that its Android, iOS, and macOS browsers gave, to a degree, Microsoft Bing and LinkedIn trackers a pass versus other trackers.

    Eich drew attention to one of DuckDuckGo's defenses for exempting Microsoft's Bing and LinkedIn domains, a condition of its search contract with Microsoft: that its browsers blocked third-party cookies anyway.

    "For non-search tracker blocking (e.g. in our browser), we block most third-party trackers," explained DuckDuckGo CEO Gabriel Weinberg last month. "Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon."

    Continue reading
  • Oracle sued by one of its own gold-level Partners of the Year over government IT contract
    We want $56 million, systems integrator tells court

    Oracle has been sued by Plexada System Integrators in Nigeria for alleged breach of contract and failure to pay millions of dollars said to be owed for assisting with a Lagos State Government IT contract.

    Plexada is seeking almost $56 million in denied revenue, damages, and legal costs for work that occurred from 2015 through 2020.

    A partner at Plexada, filed a statement with the Lagos State High Court describing the dispute. The document, provided to The Register, accuses Oracle of retaliating against Plexada and trying to ruin the firm's business for seeking to be paid.

    Continue reading
  • China is trolling rare-earth miners online and the Pentagon isn't happy
    Beijing-linked Dragonbridge flames biz building Texas plant for Uncle Sam

    The US Department of Defense said it's investigating Chinese disinformation campaigns against rare earth mining and processing companies — including one targeting Lynas Rare Earths, which has a $30 million contract with the Pentagon to build a plant in Texas.

    Earlier today, Mandiant published research that analyzed a Beijing-linked influence operation, dubbed Dragonbridge, that used thousands of fake accounts across dozens of social media platforms, including Facebook, TikTok and Twitter, to spread misinformation about rare earth companies seeking to expand production in the US to the detriment of China, which wants to maintain its global dominance in that industry. 

    "The Department of Defense is aware of the recent disinformation campaign, first reported by Mandiant, against Lynas Rare Earth Ltd., a rare earth element firm seeking to establish production capacity in the United States and partner nations, as well as other rare earth mining companies," according to a statement by Uncle Sam. "The department has engaged the relevant interagency stakeholders and partner nations to assist in reviewing the matter.

    Continue reading
  • FTC urged to probe Apple, Google for enabling ‘intense system of surveillance’
    Ad tracking poses a privacy and security risk in post-Roe America, lawmakers warn

    Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.

    US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions. 

    In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    Continue reading

Biting the hand that feeds IT © 1998–2022