On 13 June, New Europe took part in a media roundtable on 5G and telecommunications security with Jonathan Fritz, Director for Bilateral and Regional Affairs at the US Department of State’s Office of International Communications and Information Policy, who was in Brussels as part of an ongoing international outreach campaign by US officials that aims to convey American concerns about the security threat Chinese vendors pose to 5G networks.
“We are particularly concerned about equipment vendors that could be mandated to undermine network security for espionage or service disruption purposes. The United States is absolutely committed to not exposing sensitive information to unacceptable levels of risk. That being the case, we will need to reassess how we share information with any of our security partners, if there are untrusted vendors in their networks,” Fritz states in his introductory statement, setting the tone.
More, and in reference to claims by different state authorities in Europe of their ability to mitigate such risk, Fritz unequivocally affirms that “the United States does not believe mitigation efforts can sufficiently address the vulnerabilities and risk associated with high risk vendors in the infrastructure ecosystem. We are not willing to risk our national and economic security by working with untrusted vendors, in either the core, or the edge, or the 5G networks.” 5G “is a dramatically different thing. It’s not 4G plus one; I would say that 5G is actually a transformative step,” the American continues, echoing an earlier statement on the exponential increase of the threat-surface that the technology represents. “What used to be functions of a telecommunications network core [are now moved] out to the edge of the network. Given that, we think it is unfeasible to try to mitigate the risk of having an untrusted vendor, even on the periphery or the edge of a 5G network.”
The discussion expectedly moves to Huawei, the Chinese network equipment supplier at the centre of the controversy. “The problem with Huawei in the 5G context is not that their technology is bad, it is pretty darn good actually. It is that they are headquartered in a country that takes a very different approach to rule of law, to government access, to use of data. And it has been made very clear in a whole string of laws that have been enacted by the National People’s Congress [of the People’s Republic of China] in the last 5 or 6 years that any individual and any organization, including companies, have a positive obligation to cooperate with Chinese security and intelligence agencies. There is no checks and balances. It is not something that you have a right to contest in a Chinese court, that is just not the way their system works. So again, it is not so much Huawei, it is the fact that Huawei is ensconced in a system where, at the end of the day, I don’t think Huawei, even if it wanted to, would have any recourse to object to instructions it might receive from a Chinese security or intelligence agency to do something that might compromise the integrity or security of data or perhaps even disrupt services. [I am] not saying that would necessarily happen, all the time or even any of them, but if and when the government decided that it needed to give such instructions you are dealing with an actor that would not have any recourse, and that is the heart of the issue.”
The United States has already made the first step: on 15 May, President Trump issued an executive order banning US companies from using telecommunications equipment from vendors that are deemed to represent a national security risk, which gives the Secretary of Commerce “the power to prohibit any transactions that could undermine the security of the [US] telecommunications network, ICT technology and services,” Fritz clarifies, adding that “the Commerce Department has 150 days from the day of that signature to come up with the implementation of the executive order.” Separately, Huawei Technologies Co., Ltd. and 68 of its subsidiaries were placed on the Department of Commerce’s Entity List, effective 16 May, which means that a license is needed for any kind of transfer of US goods or services to any of the listed entities. Fritz points out that such placement “was not spurred by 5G issues.” Rather, it is the result of standing indictments against Huawei “for having violated US export-controlling sanction regimes, particularly with regards to Iran.” Any request for a licence is treated on a “presumption of denial basis,” he underlines.
The American diplomat dispels any suggestions that a potential all-encompassing trade deal with China could mean that any restrictions related to network security will be relaxed. “I can assure you, in terms of our telecommunications network in the United States, we are not going to have any untrusted vendors playing a part that could undermine our national security,” a stance, which according to Fritz, has unanimous, bipartisan support. “That is a national security issue that is not related to the ongoing trade back-and-forth between the United States and China.”
Will that affect Huawei’s supply chain? “My suspicion is that they are at least partially dependent on some chips and other tech and services that they get from the United States that will not be easily substituted, but time will tell,” Fritz suggests, adding that “it is a fair question to ask if one decides to go with Huawei, and Huawei continues to be placed on our entity list, will it be able to actually deliver what it promises any particular client?”
What is expected of European partners? American officials have visited most European capitals, if not all, as well as other partners beyond Europe, in Asia and the Pacific region, Fritz notes. “Our desired end-state, particularly in regard to our closest friends, partners and allies, with whom we have shared security interests, is to make sure they are taking the issue of communications network security as seriously as we are.” The interconnections are undoubtful: any such threat is of a critical nature for the security of US allies as well as the US itself, given that the security of the communication network of every ally “impinges on [US] security,” a point Fritz highlights.
How will allies with whom the US shares common security interests or even those partners with whom the US exchanges elementary information related to visas, for example, be affected if they opt for untrusted vendors? “Clearly, it would not necessarily be the case that someone could have a Huawei or ZTE 5G network and expect to have complete continuity of how they share sensitive information going forward. We would have to make a decision on it, based on the assessments our technical [experts] will make.”
Similarly, the US administration is eagerly awaiting the national security assessment by European Union member states, requested by the European Commission and due by the end of June. “We will obviously have to wait until we see those assessments before we judge if those assessments are rigorous enough.” Despite the fact that they are still “big decisions to be made” by member states, Fritz is hopeful: he assesses that the focus of the debate has shifted to the security risks involved, which is a positive development, as is the fact that “Brussels in really highlighting the big stakes involved in 5G security and engaging with members states on a process to take this seriously.” “We are trying to keep up the momentum.”
More, European allies should look at alternatives, particularly European firms, which, according to Fritz are “leading competitors.” What should be important to decision-makers in the Continent is also that, given “massive amount of support” from the Chinese government to home-grown industry, “European firms, but there is a Korean firm that comes to mind, are really playing at a competitive disadvantage and that violates the basic principles of fair trade.” What is more, “because so many companies have a big interest in the Chinese market, it makes it hard for them to complain about unfair competition elsewhere.” States should take the lead.
What is the way forward? Fritz claims that the Prague Proposals, a set of recommendations that came out of the first attempt at setting security standards at an international level at a conference hosted Czech government in Prague in early May, are a good basis for discussion. The US will keep engaging with partner governments globally, working “the NATO angle,” common economic interest and beyond (as well as the private sector), in the hope that “we will eventually be able to find common ground across the board on 5G.” The ball is now in the European court.