I attended a briefing on March 26th and sat three rows behind Congressman Frank Wolf (R-VA), as I had previously blogged about.
He gave an impassioned speech to the US-China Economic and Security Review Commission, in which he reiterated all his previous points. Rep. Frank Wolf carefully crafted a position in which anyone defending Huawei was painted to be ‘out of your mind’.
I checked with one of the panelists, another former military intelligence officer with whom I worked with in the 1990s, and he agreed that the Congressman made some very strong allegations but failed to make his case.
Rep. Frank Wolf’s argument basically states that because Huawei is surrounded by bad guys and TWO of their people (the founder and the chairwoman of the board), in a previous lifetime, worked for or with the government, surely Huawei could not be trusted.
Representative Wolf cited an article printed in the Washington Post, where Australia had banned Huawei from installing equipment in their telecommunications networks. Therefore the Congressman plans to introduce legislation asking for the same in the United States.
The Commissioners, bless their souls, were nodding in agreement. There was no opportunity for Huawei to respond, no opportunity for questions, no chance at having an objective hearing. I checked with Huawei and two of their representatives attended, although I did not see them.
I write this blog as objectively as possible. The Congressman was obviously attempting to either persuade the US China Economic and Security Commission or reassure them, his objective was not clear.
In his short amount of time, he passionately made a one-sided statement but failed to provide any evidence aside from one news report in that day’s Washington Post.
I still have a few easy softball questions for Congressman Frank Wolf:
- Do we have hard intelligence linking Huawei with the PLA or the PRC, requesting or even taking them to gather intelligence?
- Do we have any hard evidence that software or hardware in Huawei’s equipment is designed to allow surreptitious access by Chinese intelligence gathering?
Now the hard questions for Representative Wolf, to which the answers are ALL NO.
- Rep. Frank Wolf, was every chip in your computer checked for embedded and hardwired code for backdoors or other malicious software? How about your iPad or smartphone? How about your staff?
- Was your computer inspected for malicious software hardwired onto the system or embedded in any hardware?
- Are any computers coming into the United States from China checked for embedded software with a backdoor?
- Are any smartphones coming into the United States from China checked for embedded software with a backdoor?
- Are any iPads coming into the United States from China checked for embedded software with a backdoor?
- Does the United States have a program to determine if any chips, boards, computer systems or network devices have any embedded backdoors?
- Does the United States have similar programs to examine remote software upgrades or updates for security purposes?
- Does the United States of America have any program examining hardware and/or software for ‘National Security‘ vulnerabilities?
My purpose for these questions is to ask the Congressman to help establish a program looking for malicious software embedded in incoming hardware, be it computers, chips, network devices, whatever. The cost will be high, but will we, once again, wait until it is too late to protect ourselves? Not only is the Congressman asking the wrong questions but he’s asking them of the wrong people.
During the hearing, immediately preceding the Congressman’s testimony, the panelists were questioned and it was established that software updates or upgrades make all telecommunications equipment de facto indefensible. Anytime a corporation remotely installs an update or an upgrade, as most companies do, a backdoor can be installed. Again, there is no monitoring system for these upgrades.
To make things worse, the US has mandated all US telecommunications equipment be Communications Assistance for Law Enforcement Act of 1994 (CALEA), Pub. L. No. 103-414, 108 Stat. 4279 compliant. Therefore the US does not comply with the standards to which we expect the Chinese to adhere – all US telecommunications equipment must have a built in backdoor to enable surveillance.
The internet was established based on a few basic principles: trust and openness. Since the explosion of the internet both principles have been superseded by paranoia, mistrust and closed networks. Our demand for security has been met with deaf ears except for the defense of government and military systems.
Only a fraction of the corporations have a dedicated security program, the vast majority of businesses and almost all individuals in the United States are completely unprotected.
Mr. Congressman, Representative Frank Wolf, if you say you are concerned for our “National Security”, don’t you think you have a responsibility to protect the vast majority of America? What have you done for “We the People” lately to address the concerns I just outlined?
Cross-posted from To Inform is to Influence