The Huawei dilemma: Should the UK be worried?

Huawei's equipment permeates British broadband infrastructure, both fixed and mobile.

The Chinese giant's gateways are used throughout BT's broadband network and its routers are in hundreds of thousands of BT customers' homes. TalkTalk uses Huawei routers too, and employs the company's technology in its HomeSafe security software. EE's network uses Huawei kit, and all the mobile operators carry or have carried Huawei handsets.

So, given that a US congressional committee on Monday issued a very stark warning indeed about Huawei and its Chinese rival ZTE, how worried should the UK be?

Liberal Democrat peer Tim Clement-Jones, until recently one of Huawei's UK advisors, believes the company is less of a risk than portrayed in the report.

"In my view, I'm very sceptical about the way the US plays this, and most of all Republican congressmen," Clement-Jones told ZDNet on Tuesday morning. "I've sat through many meetings [covering Huawei's organisation and activities] and I think that a lot of this is pure anti-competitive behaviour in the US... They skewed the whole inquiry. They got their facts wrong."

READ THIS: Life at Huawei's Shenzhen HQ: In pictures

The main suspicion raised by the committee is that Huawei and ZTE might, in concert with the Chinese state, have backdoors of some kind in their equipment that would allow Western networks to be spied on and potentially disabled in the case of cyber-warfare.

Here's a quick reminder of the US report's key recommendations (PDF) in this context (other points are on business practices, which we will come back to shortly):

• Private-sector companies in the US are "strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services", and network providers should avoid them as vendors as, "based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence".
• US government systems should most definitely not use Huawei or ZTE equipment, even components. The same should apply to the systems used by government contractors.
• Neither company should be allowed to merge with or acquire any US firms.

The central issue here is whether Huawei and ZTE are trustworthy. The congressmen who wrote the report suggested this is not the case; this is mainly because the Chinese companies' structures are somewhat opaque and because neither was able or willing to reassure the committee that they are entirely free of Chinese state control.

According to the BBC, the UK parliament's intelligence and security committee has also been looking into the Huawei situation and will report back to prime minister David Cameron by the end of the year.

What did the US report say?

Firstly, the report has a classified annex containing evidence that, if exposed, would apparently compromise US national security. As we cannot read this part, we have to ignore it for now and focus on what we do know.

Huawei's structure is far cloudier than ZTE's because it remains a private business. ZTE has floated on the Shenzhen and Hong Kong stock exchanges, theoretically making it far more accountable and transparent about its dealings.

The congressmen highlighted the background of Huawei's chief Ren Zhengfei, who once worked for the Chinese military. This is far from uncommon in the country, but Ren was invited to the 12th National Congress of the Communist Party of China — something of a future leaders' club — in 1982 and soon afterwards founded Huawei, with great success.

"I think that a lot of this is pure anti-competitive behaviour in the US... They skewed the whole inquiry. They got their facts wrong" — Tim Clement-Jones

Huawei maintains that Ren did not set up the company with the assistance of the party machine, but it remains tight-lipped as to whether Ren is still linked to those lofty echelons. Ren holds less than two percent of Huawei's shares, but he retains a veto.

Both Huawei and ZTE have Communist Party committees within their organisations. Again, there is nothing unusual about this — the party aims to have representatives in every private company with 50 or more employees. However, these cells' ubiquity does not make them any less worthy of suspicion, particularly as neither Huawei nor ZTE was willing to tell their US inquisitors what the cells do for the wider party.

Neither company could demonstrate their independence from the Chinese state, and neither provided clear answers over the connection between their R&D activities and the Chinese military.

Those are the most serious allegations. Others, if true, suggest odious business practices, but they do not reflect on the security implications of using Huawei and ZTE's kit.

These allegations include a disregard by both companies for US intellectual property and export laws and restrictions by Huawei on promotion for those who are not Chinese nationals. In addition, ZTE apparently bid below cost for rural broadband contracts in the US — it seems ZTE's representatives initially admitted this dumping, but then changed their tune when the questioners expressed surprise at ZTE's candour.

The UK situation

Although it does have an R&D relationship with BT, ZTE is not nearly as active in the UK as Huawei is.

Huawei's UK R&D facility originally came from the British government and BT. The company's equipment is, as noted above, widely used within the country.

The Chinese company...