While the recent debate about the security aspects of 5G network infrastructure development has focused on vulnerabilities and failures, the discussion on control exercised over equipment vendors by state entities has received little attention in the public sphere beyond an abstract suspicion of subordination of Chinese companies to Chinese authorities.
However, that threat of subordination is far more substantial and material than even critics entertain, in contrast to the safeguards that the Western legal system, underpinned by the supremacy of the rule of law.
What should be at the focus of concern is the shareholding structure of such vendors and the legal framework in which they operate. According to research by the London-based Henry Jackson Society, which recently published an extensive report entitled “Defending our data: Huawei, 5G, and the Five Eyes,” Huawei Technologies, Inc. -the company right in the eye of this controversy- is owned by a holding company, Huawei Investment & Holding, in which founder Ren Zhengfei holds stock of almost 1.01% and the Huawei Investment & Holding Company Trade Union Committee owns the remaining 98.99%, citing a study by Christopher Balding and Donald Clarke.
Further on, that committee is governed by the labour laws of the country, which dictate that “trade union officers are appointed by superior trade union organisations, which in turn report up to the All-China Federation of Trade Unions an organization closely linked to the Chinese Communist Party (CCP).
Under the prerogatives of the Trade Union Law of 1992, “the CCP shall have supremacy over the unions and the latter shall accept the leadership of the Party,” “the organizational levels of trade unions shall be related to one another in terms of Lenin’s concept of democratic centralism, which makes lower-ranking unions subordinated to higher-ranking ones” and “the trade unions shall shadow the Party and the state administration at all levels.” Contrast this shareholding structure to the transparency and checks that publicly-listed companies abide by in United States, Europe and elsewhere.
There is also the legal framework and culture Chinese companies operate in. To address this, one of the conclusions of the Prague Proposals – the document that came out of the recent Prague 5G Security Conference that aimed to set common standards for network infrastructure development among 32 countries and 4 global mobile operators from North America, Europe, Israel, the Five Eyes, Japan, and South Korea – was that “the overall risk of influence on a supplier by a third country should be taken into account, notably in relation to its model of governance, the absence of cooperation agreements on security, or similar arrangements, such as adequacy decisions, as regards data protection, or whether this country is a party to multilateral, international or bilateral agreements on cybersecurity, the fight against cybercrime, or data protection.”
By comparison, China’s 2017 National Intelligence Law, and Article 7, in particular, states: “Any organisation and citizen shall, in accordance with the law, support, provide assistance, and cooperate in national intelligence work, and guard the secrecy of any national intelligence work that they are aware of. The state shall protect individuals and organizations that support, cooperate with, and collaborate in national intelligence work.” It means that Chinese authorities could compel any company to comply with data collection for national security purposes, potentially even abroad.
In stark contrast comes the legal status and recent cases in the United States. Famously, in 2015 and 2016, Apple received 11 different orders by district courts to provide iPhone users’ data under the the All Writs Act of 1789, which it either objected to or challenged. The All Writs Act authorises courts “to issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law,” but, to date, it has proven ineffective in bearing results.
In another case in 2016, the FBI requested Apple to create an alternative, less secure operating system, which would have allowed authorities to bypass the system’s inbuilt security features to collect data in pursuance of an investigation into the 2015 San Bernardino terrorist attack, invoking the same act.
Apple objected before the request was dropped. The Act was only used successfully once in recent history in 1977, but it seems unlikely that it has established a legal precedent that will stand and has not been used as an argument in court since. On top of that, a 2016 attempt by US Senators Richard Burr and Dianne Feinstein to introduce a bill that would have obliged private companies to assist law enforcement agencies to access encrypted data failed after significant opposition.
What has to be understood is that the choice of 5G network infrastructure providers goes far beyond a commercial decision. It is a national security one, and more, a question situated well within the realm of rule of law and human rights considerations. Such decision will have to be made with full, comprehensive knowledge of the consequences, which is something some national authorities ignore or falsely believe they can mitigate.