Should the UK be worried about Huawei?
- 6 June 2013
- From the section UK
From the outside, a rather ordinary, modern office building on the outskirts of Banbury in Oxfordshire does not look like it should be the centre of a debate about cyber security and China.
But what happens on one floor of the building - a floor built to high-level UK government security standards - is central to the issue of how far western countries are willing to engage with the Chinese company Huawei.
Huawei is well on the way to becoming the world's biggest telecoms company, supplying the infrastructure through which phone calls and data flows for many countries.
The US Congress has done its best to keep Huawei out of the US infrastructure - describing it as a threat to "core national security interests".
But in the UK, Huawei has already been part of that infrastructure for close to a decade.
For a BBC Radio series on cyber security due to be broadcast next month, I visited Huawei facilities and spoke to executives in both the UK and China to look at the debate surrounding the company.
When BT was upgrading its infrastructure a decade ago it became clear that using Huawei equipment would be significantly cheaper.
BT approached government and asked what it thought.
One person described the discussions as like a poker game.
There were differing views of the risks in government and today's Intelligence and Security Committee report claims that ministers were not informed or consulted.
Telling BT to not use Huawei kit would have cost the British company millions of pounds, according to those involved in the discussions, and government did not want to pay the difference.
The deal went ahead with a set of checks put in place by BT and government to make sure there was no risk that the Chinese company would act on behalf of the Chinese state by installing back-doors.
In 2008 the committee says MI5 still warned that that it would be "very difficult to detect or prevent" the Chinese state using Huawei equipment to covertly intercept communications or disrupt its traffic.
The committee says when it asked government how it would respond to such an attack if it was to occur, its proposed response was "feeble at best".
Ten years ago, when the deal was done, the concern over Chinese espionage was limited to a tiny number of people.
But more recently, concern has grown amid accusations that the Chinese state is stealing intellectual property to support Chinese companies and carrying out other forms of espionage and reconnaissance of western computer networks.
Huawei has become a lightning rod for a wider suspicion about China, something the company is acutely aware of.
It stressed that it is privately owned and that it would not be in its interest to engage in any activity on behalf of the Chinese state since if discovered it would seriously damage the company's reputation and its ability to win contracts around the world.
Banbury became a crucial part of the strategy to minimise the risk as Huawei's presence in the UK grew and as it begun working with other telecoms companies.
The centre was only announced in 2010, but is still not quite fully staffed, which the committee said it was concerned about.
Inside Banbury, Huawei kit is carefully scrutinised.
Circuit boards are taken apart physically and photographed so that any changes can be monitored. Computer code is also checked. Vulnerabilities can be simply the result of sloppy writing of code - but they can still be exploited by malicious actors.
A final report on products is then given to telecoms customers, Huawei HQ and the UK government.
The question mark the committee raises is whether this process is sufficiently independent.
The staff doing the checking may be security cleared and they may report only to a British man who used to work at GCHQ, but they are all still technically employed and paid for by Huawei itself.
Supporters of this model claim that it gives the Banbury cell far greater leverage within the company to deal with any issues.
It also means that the cell can have access to the company's jealously guarded source code (Banbury is the only place apart from China where it is held) which it would be reluctant to give up to any external party.
The ISC though felt that this system did not appear independent enough.
Open for investment
British government sources stress that their effort is in managing risk rather than eliminating it entirely, which they acknowledge is impossible.
But they believe that allowing Huawei to operate in the UK and putting in place structures to verify what it does remains the most realistic solution in a globalised world in which Chinese companies will play an increasingly important role.
Since the original BT-Huawei deal, tensions have continued between those who view Chinese investment in critical infrastructure as vital for the economy and those security professionals who worry about the dangers - although there are also divisions within the security world about the extent of the risk.
The ISC says it has concerns that national security could be overlooked because of potential financial consequences.
But in response to the report, the Chancellor George Osborne made his views clear in a statement issued through the British Embassy in Beijing.
"I cannot emphasise enough that the UK is open to Chinese investment."