Sorry, I Just Don’t Believe Huawei is Spying with Backdoors

(This is solely my personal opinion and not of my employers.)

[Note: I updated the article's title to better reflect my central argument clearer - that I've seen no evidence that Huawei is spying using hardware or software backdoors as is alleged in the link below.-Roger A. Grimes]

I’m probably gonna start a ruckus here, but I just gotta get this out of me. 

Here’s the umpteenth story that Chinese telecommunication’s giant Huawei is a government spy and is spying on its customers. I’ve been hearing this story from American sources for over a decade. And you know what, I’ve yet to hear or see any real evidence. It’s always “We’ve got proof!” but they don’t show you the “proof”. Here’s the latest story (https://www.foxbusiness.com/technology/huawei-china-backdoor-us-intelligence). In this version, Huawei supposedly has “hidden backdoor” interfaces that they can use to spy on any customer at any time, but yet our government doesn’t seem to want to provide details. That’s so strange.

 I think it’s because if they provided the details that anyone knowledgeable around telecommunication’s equipment would go “Yeah, that’s pretty common on all similar equipment. Our country’s equipment has that. If Huawei’s thing is a spy thing so is ours.” Because that’s pretty much what has happened against all the previous “China is spying on us!” claims. They are a lot of hot air with no facts.

Don’t get me wrong. China is spying on us. China has spied on us and other countries for decades and likely has every secret they want to have. Reading that four Chinese military hackers were behind the Equifax break-in (https://bgr.com/2020/02/10/equifax-data-breach-china-spies-charged-justice-department/) is no big surprise. About a fourth of my career has been spent responding to cybersecurity incidents involving Chinese advanced persistent threats (APT). I have no false illusions about China, their history, ability, and ongoing operations.

My issue is the claim that Huawei is involved directly in spying and intentionally placing backdoors in their equipment to do that spying.

And I don’t know for sure whether Huawei is or isn’t spying. I’m just saying I haven’t seen any proof, when I think proof and transparency is exactly what is needed if you’re accusing someone of spying. If Huawei is spying, shut up and give us detailed proof. What possible reason can there be to not show us the proof? If there are spying interfaces and backdoor programs on equipment on sold to American companies and our allies, why in the world would the detailed information not be shared with those companies and plastered all over the web?

I can tell you why. Because it probably isn’t definitive proof. It’s probably general speculation just like all the previous “China is spying on us through spy chips” crap I’ve been hearing for decades. I’m tired of hearing that China or Huawei is spying on us and absolutely no real proof.

The last time the US government told us they had proof of “backdoors” they pointed to software “bugs” which they say Huawei planted in their systems that the Chinese could take advantage of. Well, maybe. But last year, the world’s software and hardware manufacturers had over 12,000 found vulnerabilities. And they had over 16,000 the year before that and over 14,000 the year before that (https://www.cvedetails.com/browse-by-date.php). Google, Apple, and Microsoft had many hundreds of them apiece each year, far more than are shown to belong to Huawei. Is Google, Apple, and Microsoft intentionally installing backdoor bug programs, too?

Again, I don’t want to say Huawei isn’t spying. Although to be transparent, I’ve been to Huawei many times in my life as a consultant for Microsoft. What did they hire me to do? To close security holes in their environment just like every other company I’ve consulted for over the last 32 years. What I am saying is that the “backdoor bug holes” that people claimed were backdoors looked like run-of-the-mill software bugs I’ve been looking at for over 30-years. And no one can definitively show me a “bug” that has more hallmarks of a true backdoor (which I’ve seen plenty of as well) than anything else that naturally and regularly occurs in all company software.

For nearly 30 years I’ve heard that China plants “spy chips” in our equipment, computers, and laptops…and so we shouldn’t buy Chinese computers, laptops and printers. Now we are supposed to add phone equipment to the list. Are you kidding me? Besides no one ever showing evidence of a single confirmed spy chip, nearly every electronic thing in the world either has Chinese-chips in it or was assembled in China. You cannot buy an American computer or electronic device that isn’t full of Chinese chips. If any of us really believed China was planting spy chips we’d have to shutdown the world because of the fear. But we don’t, because it probably isn’t really happening. Either way, NO ONE has ever shown proof of Chinese spying chips. Ever!

Remember when it was reported that Chinese spy chips were found on US company servers back in 2018 (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies) and they had proof? It was huge news. Yeah, turns out, no proof. One of the central experts profiled in the article said there was no proof and that his actual comments were the opposite of what the article inferred. The American companies involved said there was no proof. And two years later…still no proof! People supposedly had pictures of the Chinese spy chips, right, and they were sending them away to special laboratories to make definitive identification? Turns out, not spy chips. Just run-of-the-mill chips used to run the servers. But in a video in the first link in this article the reporter is yelling at Huawei’s CISO about the “backdoors”!!! And he’s sitting there calmly trying to explain the truth and she’s cutting him off. He’s just smiling and letting the reporter do what reporters do when they want to show the audience “they ask the tough questions” and really don’t want the truth.

In order for me to believe that China has inserted real backdoors into their equipment I have to believe that not a single American company is telling the truth…that they are for some reason lying to everyone…to the American public…to their customers…to their stockholders, and for what reason? The intelligence agencies said they were cleared to talk about the subject. And so far, after decades, there isn’t one iota of real proof. Someone simply saying it is so in an article is not proof. If any of the backdoor claims are real it’s fairly easy to show the proof and have everyone evaluate it. Instead, all we get are these “trust me” attestations that so far have never been proven. I’m tired of it. Put up or shut up.

I’m sure I’ll even get guys reading this article who claim to have access to TOP SECRET intelligence that they have seen that proves that China uses spy chips and that Huawei is spying. To that I say, I do not believe you. Convince me otherwise.

And finally the biggest reason I think this is all just a show, is that it seems that China and Huawei are only equipment backdoor spies when tariffs are being negotiated and when we’re trying to push our 5G equipment to our allies over theirs. Trust me, when the tariff wars are over and both sides are making plenty of money selling their 5G equipment, all this Huawei is a spy stuff will simply disappear until it’s convenient for the next politician.

Listen, I do not have some great love for China or Huawei just because I’ve been there plenty. I don’t and never will speak Mandarin or Cantonese. But I don’t hate and fear China or the Chinese people either. I’m willing to listen and evaluate serious claims with proof to either direction. I’m just a little tired of these overwrought very serious claims without zero real proof shown. I’m not going to listen to someone tell me that they’ve seen the proof but that they can’t show me it. It’s a little too close to Iraqi yellow cake uranium for my tastes. Put up or shut up!