Hello Indian telcos: Heard the US warning on Huawei, ZTE?

Indian telecom users across the spectrum have reason to be wary after the findings of a US Congressional committee investigation established that Chinese telecom equipment manufacturers Huawei and ZTE, from whom Indian telecom companies source their equipment, are a security risk at many levels.

The investigation (whose full report can be accessed here) was ironically undertaken in response to the Chinese companies' lament that they were unfairly being excluded from the US market owing to "misperceptions and rumours" that they represented a security threat.

In February 2011, Huawei's (then) vice-chairman Ken Hu wrote an open letter to the US government seeking a US investigation to clear the air - and all doubts - about fears of security threats arising from use of their equipment.

But the Congressional Committee investigation, which was undertaken in response, has boomeranged on Huawei and ZTE; their findings hold implications for Indian telecom companies, which are less inhibited about sourcing from the Chinese, and Indian telecom users.

In particular, the investigation highlighted the security risks arising from Huawei's and ZTE's ties to the Chinese government, about which suspicions have long lingered. "Neither ZTE nor Huawei have cooperated fully with the investigation, and both companies have failed to provide evidence that would substantiate their claims" that they posed no security risks," the report noted. The companies' failure to provide "responsive answers" about their relationships with and support by the Chinese government provides further doubts as their ability to abide by international rules, it added.

Executives of two major Chinese technology companies, Charles Ding, Huawei Technologies Ltd senior vice president for the US, left, and Zhu Jinyun, ZTE Corporation senior vice president for North America and Europe, are sworn in on Capitol Hill.AP

The report therefore recommended that US government systems, particularly sensitive systems, should not include Huawei or ZTE equipment, including in component parts. "Similarly, government contractors - particularly those working on contracts for sensitive US programs - should exclude ZTE or Huawei equipment in their systems," it noted.

It wasn't just about government systems; even private telecom operators in the US were urged to consider the "long-term security risks" associated with doing business with ZTE or Huawei "for equipment or services." US network providers and systems developers were "strongly encouraged" to seek other vendors for their projects.

More damningly, the report added: "Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat..."

The knee-jerk response from within China was to criticise the US move on the grounds that it amounted to "China-bashing" in an election year, or that it was a protectionist move. But as Stan Abrams, a Beijing-based Intellectual Property/IT lawyer and law professor, observes, neither insinuation is true of this report.

"This report is not the usual... protectionism or China bashing. There is a valid argument to be made as to why the investigation made sense and, more importantly, why the Committee felt it never received enough information to give these companies the green light."

It appeared to him, noted Abrams,that "some critics are using 'protectionism' and "China bashing" as shortcuts instead of taking the time to develop a well-reasoned argument against the content of the report itself."

While the US committee investigation related principally to the Chinese companies' business practices in the US and the risks they posed to US national security interests, the report's findings hold key lessons for Indian telecom companies, which source heavily from these same Chinese telecom equipment suppliers, and Indian security agencies, which too have been grappling with the security implications arising from such use.

Indian security agencies have in the past given voice to feeble protestations about Indian telecom companies' excessive dependence on Chinese telecom equipment, particularly given the opacity that governs the Chinese companies' organic links to the Chinese Communist Party.

The US report observed, for instance, that "opportunities to tamper with telecommunications components and systems are present throughout product development, and vertically integrated industry giants like Huawei and ZTE provide a wealth of opportunities for Chinese intelligence agencies to insert malicious hardware or software implants into critical telecommunications components and systems."

The Chinese government and intelligence services, it noted, "may seek cooperation from the leadership of a company like Huawei or ZTE for these reasons." And even if the company's leadership refused such a request, Chinese intelligence services "need only recruit working-level technicians or managers in these companies."

In any case, under Chinese law, ZTE and Huawei would be "obligated to cooperate with any request by the Chinese government to use their systems or access them for malicious purposes under the guise of state security."

Those same risks that the report cites could apply in an Indian context as well, except that there isn't a serious articulation of the threat perception to Indian security interests and telecom users from the use of Chinese telecom equipment.

Recently, the Department of Telecommunications floated an internal strategy proposal that recommended restrictions on the import of certain kinds of telecom companies on grounds of security threat perceptions. The proposal would have had the effect of limiting Chinese imports of telecom devices and in telecom manufacturing; additionally, it would have barred Chinese equipment in broadband networks.

But media accounts have it that Indian officials had suggested to Chinese companies that the Department of Telecom proposal was unlikely to be approved. Chinese companies, one report noted, had been assured that they would not be specifically targeted, and that security standards that were set would be "transparent and applicable to all countries."


Updated Date: Dec 20, 2014 12:40 PM

Also See