An op-ed claims with no evidence Huawei is helping China spy on subsea cables. True or not, it’s a relatively easy problem to fix – except the US opposes the solution.
ITEM: The US war on Huawei is apparently spilling over into a completely different business segment: subsea cables.
Or at least it should, according to an opinion piece published earlier this month by Bloomberg. The author, James Stavridis – a retired U.S. Navy admiral and former supreme allied commander of NATO who is currently an operating executive consultant at the Carlyle Group – claimed that Huawei Marine Networks poses an even greater security threat than the company’s 5G business because most of the world’s internet traffic runs through subsea cables – almost a hundred of which are currently either being built or upgraded by Huawei Marine:
Just as the experts are justifiably concerned about the inclusion of espionage “back doors” in Huawei’s 5G technology, Western intelligence professionals oppose the company’s engagement in the undersea version, which provides a much bigger bang for the buck because so much data rides on so few cables.
The article doesn’t specifically accuse Huawei Marine of doing anything shady, or explain how it might go about manipulating or compromising the cables it’s working on, or indeed where Stavridis is getting his information from. Rather, it makes a broad claim that China’s overall maritime strategy to assert more control over things like shipping, oil and natural gas resources in the South China Sea also includes plans to influence subsea construction and maintenance so they can monitor the data communications flowing through them. And Stavridis strongly implies that Huawei is probably an instrument in that agenda, as it and other Chinese tech firms are “entwined with a virtual police state”.
This has come up before – the US and Australia have recently been trying to shut Huawei out of subsea cable infrastructure projects in the Pacific over similar fears, although not always successfully.
But, as is typical of articles like this, Stavridis offers no evidence for any of his claims as far as Huawei Marine is concerned, instead basing his argument on the general truism that China spies on other countries – which is certainly true, but also a ridiculously hypocritical thing to point out, given not only what we know about the NSA’s surveillance activities, but also the fact that the US – as part of the ‘Five Eyes’ intelligence consortium (which also includes Canada, the UK, Australia, and New Zealand) – has been eavesdropping on international subsea cables for decades. Is it any surprise other countries want to do likewise?
To be fair, Stavridis also says – correctly – that the US could take technological measures to mitigate subsea espionage, such as “working to improve end-to-end encryption in all internet-based communications, which would make the task of compromising the security of the information on the cables much more difficult.”
This is a great idea. There’s just one problem: the Five Eyes alliance is against it – at least if it means hampering their ability to conduct their own surveillance.
Security vs surveillance
In September 2018, Five Eyes issued a “Statement of Principles on Access to Evidence and Encryption” [PDF], which essentially asserts that the right of government agencies to access encrypted data outweighs the privacy rights of the people encryption is meant to protect.
This is an old debate – the argument is that if ISPs and digital services encrypt their communications to protect customers, then terrorists, sex traffickers and other criminals can also use it to hide their activities. Thus, law enforcement agencies need encryption keys and ‘backdoors’ to be able to monitor their communications.
(If the term ‘backdoor’ sounds familiar, look here.)
Five Eyes believes that this can be done without weakening encryption for everyone else or endangering the privacy and security of law-abiding citizens. Security expert Bruce Schneier strongly disagrees – he’s been arguing for years that government backdoors are security weaknesses that anyone can exploit, not just law enforcement agencies, and there are tons of real-world examples proving this.
Moreover, he said in response to the Five Eyes statement, you can have security or surveillance, but you can’t have both – and as the internet becomes more central to critical infrastructure as well as everyday life, security should be the higher priority:
Demanding that technology companies add backdoors to computers and communications systems puts us all at risk. We need to understand that these systems are too critical to our society and – now that they can affect the world in a direct physical manner – affect our lives and property as well.
This is sensible, and it’s something we hear at telecoms/IT trade shows all the time: ‘security by design’. If you want a world where literally everything is connected, all services are online, smart cities, cashless economies, etc, you need solid security designed into it from the start.
Get that right, and it won’t matter who is attempting to listen in, whose equipment is installed in the network, or who is upgrading the subsea cables.