On Thursday morning, the world awoke to the news that Meng Wanzou, the CFO of Chinese telecommunications giant Huawei, had been arrested in Canada and was awaiting extradition to the United States. Wanzou isn’t just any top Chinese executive—she’s also the daughter of Huawei’s founder and a member of Huawei’s board. While charges haven’t been filed yet, it is likely that the United States is seeking her extradition on allegations that Huawei violated U.S. sanctions against Iran.
This case has generated international attention, not just because of the seniority of the executive involved, but because Huawei is one of the biggest telecom companies in the world, selling more phones globally than even Apple. It’s also a company that’s been widely criticized for allowing the Chinese government to use the technology that it places into networks and phones around the world to allegedly access people’s personal information.
This case also puts back into the spotlight a live issue that concerns many Americans: the proposed merger between two American cell phone giants, Sprint and T-Mobile. On the surface, the merger looks like business as usual, with the companies asserting that their deal will empower them to build a nationwide 5G network. But there’s an undisclosed risk, and it should worry anyone concerned about Chinese snooping into Americans’ private communications.
One of the likely candidates to help build that new 5G network is none other than Huawei. They’ve had a long-time working relationship with Sprint, and they, along with another Chinese company, ZTE, could end up providing the backbone and infrastructure powering a new Sprint-T-Mobile network.
Huawei’s problems don’t begin with this week’s headline. They begin at the top: their CEO, Ren Zhengfei, was a leader in the Chinese military and later ran the Chinese Army’s information technology unit. There is also evidence that Huawei may be helping to run the Chinese cyber warfare operation.
Concerns about Huawei and its ties to Chinese intelligence are significant enough that, earlier this year, the heads of the CIA, FBI, NSA, and three other American intelligence agencies declared flat-out that Americans shouldn’t be using Huawei technology. It was an astonishing display of certainty from intelligence agencies, which tend to operate in probabilities.
Huawei hasn’t helped its case. There’s been worldwide concern about the security of its products. At the Defcon hacking convention, two researchers made headlines when they revealed that routers made by Huawei contained countless vulnerabilities.
As one researcher pointedly put it: “It’s 1990s code and operating system design…The OS has absolutely no mitigations in place; to the contrary, it even has functionality to help you exploit it.” These problems have become so public that Sprint was actually forced to pledge to the U.S. government that they would keep Huawei technology out of their network—a pledge they failed to keep.
The other company that may help to build the Sprint/T-Mobile 5G network, ZTE, arouses similar suspicions. ZTE is a Chinese telecom giant whose ties to the Chinese government run deep, and raise real questions about how it would do business in the United States. These issues led the U.S. military to ban the sale of ZTE devices on U.S. military bases. In a rare moment of bipartisanship, lawmakers from both parties have stated that ZTE technology poses a national security risk to the United States.
To some, these concerns might seem overblown, the stuff of a spy novel. But in fact, Chinese information-gathering is already a real and present danger. Take, for example, AdUps, a China-based software company that works with Android phone makers. They were found to have inserted software into cell phones that sent a user’s text messages back to a Chinese server every three days.
AdUps’ explanation was that these were built for Chinese phone makers, not for American phones, but that didn’t put anyone at ease. In fact, it confirmed that the software was being used to mine Chinese personal information and send it to a third party.
The bottom line is this: by building a 5G network backed by Chinese technology, Sprint and T-Mobile could end up inviting into the United States a mechanism for the Chinese government to spy on American communications. Under the cover of a lightning-fast cell phone network, we may be inadvertently handing the Chinese government lightning-fast access to our most private communications.
Fortunately, Congress has been diligent on this issue. They’ve asked for extra scrutiny on Chinese technology companies like ZTE and Huawei. Senators Marco Rubio, Mark Warner, and John Cornyn, among many others, have spoken up about the risks that Huawei poses around the world.
In a letter to the secretary of the Treasury, lawmakers in the House also voiced their concerns about the national security risks posed by the Sprint/T-Mobile merger. But Congress needs to keep the pressure on, if only because it’s easy for us to bury security concerns in the face of a profitable, high-profile merger that promises us faster cell phone service.
Lastly, and perhaps most importantly, every American should register their concern. It isn’t just T-Mobile and Sprint customers who are affected by this. Anyone who calls a T-Mobile number or sends a text message to a Sprint phone may have his communications listened to in Beijing. It should concern all of us that two American companies would have these kinds of connections to deeply controversial foreign firms.
It is easy to take for granted the security of our telecommunications systems, to assume that someone somewhere is watching out for our most personal and sensitive information. But we can’t blithely assume that is the case, especially when the proposed merger between Sprint and T-Mobile could put at risk our most personal connections.