EU Rejects U.S. Call for Huawei Ban

Posted on March 26, 2019 by Paul Thurrott in Cloud with 57 Comments

The European Commission said today that EU nations will work together to assess and prevent security risks associated with 5G networks. In doing so, the EU has effectively rejected demands from the United States that it ban Huawei and other Chinese companies from participating in these networks.

“The European Commission recommended today a set of concrete actions to assess cybersecurity risks of 5G networks and to strengthen preventive measures,” an EC announcement reads. “The recommendations are a combination of legislative and policy instruments meant to protect our economies, societies and democratic systems … 5G is a key asset for Europe to compete in the global market and its cybersecurity is crucial for ensuring the strategic autonomy of the Union.”

The EC’s recommendations include requiring each member state to complete a national risk assessment of 5G network infrastructures by the end of June and then update their security requirements for network providers. The EC says that EU member states—rather than the EU as a whole—will have the right to exclude companies that don’t meet their unique security requirements.

“Today’s Recommendation will make use of the wide-range of instruments already in place or agreed to reinforce cooperation against cyber-attacks and enable the EU to act collectively in protecting its economy and society, including the first EU-wide legislation on cybersecurity, the Cybersecurity Act recently approved by the European Parliament, and the new telecoms rules,” the announcement continues. “The Recommendation will help Member States to implement these new instruments in a coherent manner when it comes to 5G security.”

Huawei says it welcomes the EU decision.

“Huawei understands the cybersecurity concerns that European regulators have,” Huawei’s Abraham Liu said. “Huawei looks forward to contributing to the European framework on cybersecurity. We are firmly committed to continue working with all regulators and partners to make the 5G rollout in Europe a success.”

Tagged with ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (57)

57 responses to “EU Rejects U.S. Call for Huawei Ban”

  1. Avatar

    red.radar

    This boils down to a very simple matter. EU wants 5g but doesn't want to pay a fortune for it. They know Huawei will undersell others (because China subsidizes Huawei and they cheated by stealing other's IP to start their product lines). I think the EU is fooling themselves that they can test their way into a secure infrastructure. They are underestimating how cunning China is. Once China understands the tests and evaluation process they can game the system. Just like Volkswagen and air quality standards. China also knows that the political pressure to update the EUs tel-comm infrastructure creates incentives on regulators to approve the products. This represents a conflict that can be exploited.


    The EU is fooling themselves.


    Update: this could be elaborate theater on the EUs part. They are probably going to go with home grown Ericsson / Nokia but they are using Huawei as cost leverage in negotiations. Make the field look more competitive than it really is.

    • Avatar

      Vladimir Carli

      In reply to red.radar:


      just to understand... according to your perspective who isn't? How can we be sure that a spying device is not installed on every single apple product that is made in China?

      V.

      • Avatar

        lvthunder

        In reply to Vladimir:

        Since Apple takes a great many of those shipments directly it wouldn't surprise me if they test them for modifications. At least that's what I would do if I had a third party producing products for me. China or not.

      • Avatar

        red.radar

        In reply to Vladimir:

        Where it’s made and who designed it are two different things. Apple controls the hardware and can audit designs against a deterministic reference. It should be X why does it look like Y? The EU doesn’t know what it’s looking for. They have to question every line of code and every circuit and ask can it be misused?


        two different issues

        • Avatar

          wright_is

          In reply to red.radar:

          Except that Huawei has opened up a couple of centers in Europe where companies and governments can go in and study the hardware and code, compile the code and check it against the code installed on devices.

          • Avatar

            red.radar

            In reply to wright_is:

            It doesn’t matter. You can still hide in plain sight. You can never test your way into a secure product. Huawei actions are PR designed to put pressure on politicians through their constituents.

            • Avatar

              skane2600

              In reply to red.radar:

              Here is my take on this.


              You can't test your way into developing a perfectly secure product, but you can test to determine if an already developed product contains malware with some level of confidence in the context of spying. State sponsored spying has a much narrower focus than what generic malware is designed to accomplish. Depending on the user to navigate to a fake website in order to exploit an deliberately embedded vulnerability isn't really going to cut it. To be effective, the full malware has to be present in the device either initially or through an update.

          • Avatar

            MachineGunJohn

            In reply to wright_is:

            unfortunately no one can count on their government or carrier to inspect every unit they install to ensure there's no additional microcode or firmware in any of the chips compared to the reference version. Or even any additional hardware. That's just impractical so you just have to not deal with those you know you can't trust.

            • Avatar

              skane2600

              In reply to MachineGunJohn:

              It would be an expensive and ineffective method for spying if only certain units were installed with malware. You couldn't control who bought the compromised product or possibly even know who ended up buying it. Yet a single unit being "caught" would bring the entire company and possibly other Chinese companies down. It would be a high risk/ low value strategy.

              • Avatar

                YouWereWarned

                In reply to skane2600:

                No need for ALL of the 5G infrastructure components to be compromised, just some of them. One bad router spoils the bunch. As the manufacturer, the ways to hide or introduce compromises are endless (and easily made undetectible).

                If we were proposing to buy our WWII ammo from Germany the outcry would be deafening, and this situation is identical.

                In case we've forgotten, this issue is still being researched and debated:

                https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies



                • Avatar

                  skane2600

                  In reply to YouWereWarned:

                  The idea that buying ammo is the same as buying networking equipment or smartphones is absurd. 




                  As far as the bloomberg story is concerned, Amazon and Apple have denied it and there doesn't seem to be any confirmation that it is true (at least as recently as last October).




                  www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/


                  As I've mentioned before the technology to strip down any chip to determine its function has existed for decades. It was one way the Atari 2600 was reverse-engineered at a time when its specs were a trade secret.

                • Avatar

                  YouWereWarned

                  In reply to skane2600:

                  Of course these companies deny the story because everyone would stop buying their stuff. Same as a Trump/Facebook/Amazon denial. Having a relative working inside Apple has allowed me to confirm that the Businessweek article was not clickbait. And unless we consider the Chinese to be a friend and ally, we whistle through the graveyard at our peril. The NSA isn't the only organization in a position to provide mid-shipment upgrades at no additional charge.






                • Avatar

                  skane2600

                  In reply to YouWereWarned:

                  I can't argue with hearsay "testimony" although I note that simply working at a company doesn't mean you know the truth of everything that happens there.

          • Avatar

            lvthunder

            In reply to wright_is:

            Don't you think it would be better for Europe if the EU countries supported the companies inside the EU instead of relying on the Chinese? Regardless of if Huawei is bad or not.

            • Avatar

              wright_is

              In reply to lvthunder:

              Yes, although currently my understanding is that the Huawei hardware is ready and the Ericsson and Nokia stuff is still not ready for commercial deployment. It certainly looks like they have a lead in 5G at the moment.

              But I agree, it would be better to support the home-grown kit, if it can match features and performance, even if it is a bit more expensive. On the other hand, I don't think anybody should be excluded based on their location.

              Some of the US firms have already excluded themselves based on past behaviour, as have some Chinese firms. That doesn't mean all US or Chinese firms are bad, but they certainly need a closer eye on them.

              Heck, VAG hardly smells of roses at the moment either.

      • Avatar

        wright_is

        In reply to Vladimir:

        Just like the products made/sold by US companies... Your point is?

        As a non-American, I have the choice of hardware and software that phones home to US companies and US intelligence services in contravention of EU laws (Windows, Android, Facebook, Google, Youtube, Cisco routers, HP networking kit etc.) or I can buy Chinese kit that the US alleges phones home, but is reluctant to show any proof of this accusation. Or I can buy EU kit that complies with the law, but is probably way more expensive.

        • Avatar

          Vladimir Carli

          In reply to wright_is:

          My point is similar to yours as I agree with what you wrote. I believe that this entire matter is a pretext. I don’t think that China has any interest in spying what John smith does. Of course it would be understandable if governmental agencies would not adopt Huawei phones, but refusing to import them altogether is only a way of conducting a trade war.

          V.

    • Avatar

      skane2600

      In reply to red.radar:

      You mean the way Volkswagen cheated and never got caught? Oh wait.

  2. Avatar

    Bats

    Seriously, is there a point to all this? So what with regards to the way the EU is handling Huawei? So what? From what I have been reading the EU is so F'd up, that I'll happily pick the intel off my guys over there in DC and Langley rather than those boneheads in the .....lol.....EU. I work for an international law firm, based in the UK...ya know that whole Brexit thing. Not just that, but I interact with all most of our offices located in countries throughout the EU. I know the EU. I know the laws. I know the whole GDPR thing going on....very well. I know economics. I know finance. I know law. The EU is a joke. I could care less with what the EU governments think and do.


    Our (American) guys are much smarter than those Europeans. They really are. This is why WE..not them....are a Superpower. We have the intelligence, the technology, and the money. What do they have? Problems and delusions. LOL...it's hilarious. 


    I happen to like Huawei. I owned a fabulous Nexus 6p phone that I still use today (in a limited capacity). However, I love my country more. Until our guys say it's ok....I have no problem refraining from Huawei products. Plus, the Chinese are economic cheaters. One of the advantages of being employed by an international law firm, is that I get to talk to people from all around the world. I know what's going on. I know what China is doing. I don't need to read bias reporting that may or may not be painting China in a good or bad light. Huawei is specifically banned from the USA because smarter people have advised our government to do so. I'll go with them instead of some "reporter."

    • Avatar

      codymesh

      In reply to Bats:

      superpower or not, the one constant from America we can always count on is this kind of arrogance.

    • Avatar

      skane2600

      In reply to Bats:

      Please present your evidence that "our guys" (presumably women don't count) are smarter than Europeans. It's more likely that our "Superpower" status is the result of advantageous Geography than anything else.

      • Avatar

        Rob_Wade

        In reply to skane2600:


        I don't know that one group is necessarily "smarter" than the other. I would argue, though, that the US is a superpower as much for all the other strengths (economy, political structure, culture, military might and philosophy) as for any geographical advantage. Personally, I consider having Mexico and, by extension, Central and South American nations in our land-chain to be geographical disadvantages (I live on the TX/Mex border, so I have a dog in the fight), but that's a discussion for another time and platform.


        As for the Huawei issue specifically, I have one of their devices. I use it to continually prove to myself how badly the Android platform sucks. The device itself, though, for being as boring a design as EVERY OTHER PHONE ON THE MARKET, actually is a decent piece of hardware. And given that they have made a name for themselves by producing pretty high-end devices that don't COST like a high-end device makes them attractive. What I haven't seen is a serious presentation of evidence that Huawei is the threat some claim they are. Anecdotal stuff, sure. You could produce anecdotal evidence against most companies. My own personal opinion is that this is mostly a "we hate China and their companies" agenda.


        I'm a conservative and a capitalist. I have my preferences in what's value-added. I don't really care what country something comes from if it meets my needs.

        • Avatar

          skane2600

          In reply to Rob_Wade:

          I was considering "superpower" in the more narrow sense of military might. While the other measures are valid, it seems that in practice we don't refer to any country without dominant military power as a superpower. Arguably the economy and political structure of the Soviet Union wasn't a strength, but they were considered a superpower anyway because of their military power.

      • Avatar

        MachineGunJohn

        In reply to skane2600:

        it's not a matter of smarter, just better policy in some instances. Similarly other policies lead to economic and enterprenurial advantagess or do you also attribute fang, ms, etc. to be the result of advantageous geography?

        we also have plenty of stupid policies like paying for the defense of countries that are perfectly capable of paying for their own. Expect to see a tsunami of stupid socialist policies be proposed in the us over the next couple years. The cycle always repeats after periods of complacency like we've had since WWII and more specifically the fall of the soviet union. The majority of the people weren't around to experience what evil socialism/communism due to human nature have always led to. Heck look at Germany willing giving putins communists billions like there was never a wall through Berlin while at the same time expecting the us to foot the bill for defending them so they don't become the next crimea.

        • Avatar

          skane2600

          In reply to MachineGunJohn:

          "it's not a matter of smarter"


          I was just reacting to the "smarter claim". I wasn't intending to get into a discussion about political philosophy. Having said that, as an old guy who had trouble finding work, my social security check gives me a different perspective on "socialism" than perhaps some younger people who are still making the big bucks.

    • Avatar

      Vladimir Carli

      In reply to Bats:

      I don't know if americans are smarter… for sure this comment doesn't sound particularly smart...

      V.

    • Avatar

      Daekar

      In reply to Bats:

      You know that moment when you're ashamed of the myopic behaviour of your fellow countrymen? Yeah, I'm having one of those.

    • Avatar

      kralizek

      In reply to Bats:

      I'm terribly biased here because I'm European but please allow me.


      I will not be stating the obvious about the advantages of living in a continent where people can afford to get sick, are able to take vacation and generally individuals are able to get a private life regardless of their salary.


      I would just consider the fact that European long-term allies are moving away from the American embrace. Projects like the Belt and Road Initiative that connects China to all major European cities or the Russian gas pipeline to Germany are the evidence that this is happening already.


      I would guess you understand that the latest foreign initiatives of the US government have just reached the result of alienating long-term allies and pushing them right in the bed with your worst enemy. Sure, soon GM will sell more cars thanks to the trade tariffs, but are you sure this is best for US?


      And if you look carefully, American IT companies are getting beaten by Chinese equivalents on their playground. Try just comparing Facebook to WeChat from a pure innovation point of view. Out of curiosity, when was the last time Facebook had introduced something innovative?


      Fun fact, when I am in US I always feel like I landed in a country 10 years behind us. And I usually stay in LA, San Francisco and Las Vegas, not exactly rural US. Things that I take for granted on European soil like internet connectivity, being able to go around cashless, are just a dream on the other side of the Atlantic.


      (No seriously... I was at the Venetian in Vegas and Internet was terrible)


      As for Brexit, the EU had just gently told UK that they don't believe the UK Prime Minister can achieve anything, and what happened? UK Parliament just took over the whole Brexit situation. I guess how many countries can practically impose their will on one of the biggest countries by GDP in the world...


      Finally, proving that Huawei hardware is rigged with backdoors shouldn't be impossible once it has been discovered. Yet no evidence has ever been displayed.


      Maybe the mighty "Superpower" is just afraid that EU countries are not so happy about having a "ally" spying in their houses like proven by Snowden's leaks.

  3. Avatar

    spacein_vader

    I think people are misreading this. The EU haven't said Huawai are great, they've said that they see no evidence to ban it at the EU level and will let the individual countries within the EU make their own decisions on if they want to ban it.

    • Avatar

      wright_is

      In reply to spacein_vader:

      Exactly. They have the inspection centers in the UK and Brussels and they can examine the source code and the hardware and compare it to what is running on actual production kit.

      That is how the UK spymasters found "normal" security vulnerabilities in the kit.

  4. Avatar

    tibbydudeza

    Huawei kit is simply superior and cheaper compared to Nokia and Siemens-Erricson.

    EU will get a great 5G infrastructure and the US will have marketing nonsense like "5G-E" which is slower than LTE.

  5. Avatar

    Daekar

    So... this is kind of a non-event then? The EU is saying, "Whatever you wanna do is fine with us, guys, as long as you stick with the plan we've outlined. Pick your own vendors."


    Painting this as a victory for Huawei is a bit disingenuous, particularly because we've never seen any indication that the EU would take action against them in the first place. An honest version of this article would read: "Yay! The status quo has been upheld! The people who don't have a problem with Huawei still don't, and those that do still do!"

  6. Avatar

    mikes_infl

    I keep hearing people talk about being able to examine the source code, compile and compare with the installed stuff.


    I've never heard anyone mention how to avoid having an automatic firmware upgrade that is done in the middle of the night, tested. Or, maybe a very upsetting trade war is expected to get pretty hot really soon, and then there's an urgent firmware upgrade accomplished - without anyone noticing for a day or two, or longer.


    I'm pretty sure the warnings aren't because of existing troubles, but rather those troubles that can be installed without knowledge or consent of the users.

    • Avatar

      skane2600

      In reply to mikes_infl:

      I doubt that security experts would just examine a device once and never examine it again. All firmware updates would be detectable since they have to occur through communication that can be monitored.

      • Avatar

        sharpsone

        In reply to skane2600:

        I'm concerned with corner cutting...from security experts and those responsible for maintaining infrastructure. It's one thing to document policy and procedures... Its another to actually execute. Huawei will demo all kinds of clean hw but what about that update or backdoor left for the communist party? It's absolutely ridiculous that a country with their track record is embraced in the name of 5g...seems like an oversight by the EU. Wonder if we'll have to bail them out again...

  7. Avatar

    jules_wombat

    Its about time the US started to listen and take instruction from the EU. The EU is right on this, and many other things. The US needs to get in line with the modern world.

    • Avatar

      lvthunder

      In reply to Jules_Wombat:

      No. We can take the word of our inelegance agencies. We don't need people in other countries telling us what to do. We broke away from those people. The EU can do whatever they want.

      • Avatar

        skane2600

        In reply to lvthunder:

        The US can do what it wants, but if the US doesn't want other countries telling us what to do, then we should stop telling them what to do. Historically we have been much more arrogant than any other country in this regard.

        • Avatar

          lvthunder

          In reply to skane2600:

          I'm good with that. We should stop giving them money as well.

        • Avatar

          MachineGunJohn

          In reply to skane2600:

          the us doesn't tell other countries what to do, it just tells them what it's going to do and let's them decide for themselves. Here the us didn't tell anyone they can't use Huawei they simply said they wouldn't share sensitive information with anyone who used Huawei equivalent in their infrastructure because of they don't want that sensitive information being forwarded on to the communist party rulers of China.

          this is no different than Volkswagen or audi or sap not wanting the communist stealing their ip and giving to companies they control to develop competing products

          • Avatar

            skane2600

            In reply to MachineGunJohn:

            That's a bit like a mugger saying "I'm not going to tell you what to do, I'm just informing you that if you don't give me your money I'll shoot". The US tried to use leverage to get the EU to do what it wanted them to do, that goes beyond merely informing them of the US's own policy. Note that the US could still quietly stop sharing information, the only reason to announce it was to persuade the EU and other countries to adopt US policy.

        • Avatar

          prjman

          In reply to skane2600:

          I'm sure that our 'arrogance' has a little to do with saving the world over and over again.

Leave a Reply