China complains of “coercive diplomacy and technological intimidation” from the US, and claims that Huawei has never been proven to be a security risk.
On the same day that news broke that Europe might force companies like Huawei to withdraw from the development of fifth-generation mobile networks, Chinese Foreign Ministry spokesman Wang Wenbin told a press conference that excluding Huawei from 5G would be an “unequivocal violation of the principles of market economy, free trade and fair competition”.
According to the June 7 edition of the Financial Times, EU Internal Market Commissioner Thierry Breton told a meeting of EU communications ministers last week that, having “reduced or eliminated” its exposure to geopolitical risks in sectors such as energy, Europe must be able to do the same for 5G, as it cannot afford to “maintain critical dependencies that could become weapons against its own interests”. And that this could determine the exclusion of Chinese manufacturers.
According to a transcript of an extract from Wang Wenbin’s regular press conference on June 7 – a transcript forwarded to PÚBLICO on Thursday by the Political Section of the Embassy of the People’s Republic of China in Lisbon – the Chinese spokesman was asked by Bloomberg about a possible European ban, and replied that he hoped Europe would “avoid politicizing economic and commercial issues” and “overextending the concept of security”.
The European bloc should “make decisions that are economically sound and in line with its own interests”, said the Chinese diplomat, considering that in recent years Huawei “has given a strong boost to the telecommunications sector in Europe and generated considerable socio-economic benefits”.
In Portugal, the Ministry of Foreign Affairs has yet to receive any comment on China’s unease with the decision of the Security Evaluation Committee set up under the Cyberspace Security Council (CSSC), but the Secretary of State for Digitization and Administrative Modernization (SEDMA) stresses that the “security assessment” that was approved on May 23 (and which considers the participation of Chinese companies in 5G in Portugal to be “high risk”) “is based exclusively on security concerns and is not linked to any other type of review”.
The office of the Secretary of State, Mário Campolargo, stressed that “the decision relates only to equipment in the infrastructure of public electronic communications networks and not necessarily to all groups of [network] assets and in the same way”.
Furthermore, “no terminal equipment allocated to users is covered”, so Huawei can continue to sell its cell phones in Portugal without any constraints.
SEDMA adds that, taking into account “the different groups of assets that make up 5G networks and the average lifespan of each component”, the commission has determined “reasonable deadlines for implementing the conclusions of this resolution, based on the information provided by telecoms operators and the various equipment suppliers on the market”.
The risk report is confidential, but the Eco website has already reported that telecoms operators will have between three and five years to replace Chinese equipment for 5G networks. So far, only Altice – which in 2018 signed a protocol with Huawei for 5G, although it announced this year that it had chosen Nokia as its supplier for the core equipment of the fifth-generation network – has admitted that it is analyzing the CSSC’s deliberation and all its implications.
Avoiding vulnerabilities “It’s not directly about the technology and what it does. From this point of view, it doesn’t matter whether the technology is 4G, 5G or 6G,” João Castro, professor of digital business, innovation and technology at the Nova School of Business and Economics, tells PÚBLICO. The question is whether, somewhere in the connectivity chain, a malicious actor can gain access to the information of individuals, companies and states, and what use they can make of it.
According to the Financial Times, the European Commissioner for the Internal Market told communications ministers that “urgent action is needed to avoid creating major vulnerabilities that are difficult to resolve”.
To date, Denmark, Sweden, Estonia, Lithuania and Latvia are the EU countries that have already banned Chinese 5G manufacturers (as has the UK) under Brussels’ network security guidelines (published in 2020). “This is too little and exposes the Union’s collective security,” Breton is quoted as saying.
At the conference in Beijing (according to a transcript published by the Chinese Embassy), Chinese spokesman Wang Wenbin stressed that the US and some European countries had so far “failed to prove” that Huawei posed any security risk. “The US crackdown on Huawei is nothing more than a “classic example of coercive diplomacy and technological intimidation”, he said.
But João Castro acknowledges that European concern is legitimate and that “the risk is real”. “We must not be naïve [, because] there are a number of indications that make us uncomfortable with the situation of Chinese technology companies, according to the values with which Europe thinks society should operate”, he declares.
Today, it is “not possible” to separate the question of cybersecurity from geopolitical issues, stresses the Nova School of Business and Economics professor. “The stance taken by China on the issue of Russia and Ukraine doesn’t make anyone comfortable saying: ‘Yes sir, the hardware works, it’s cheaper, let’s use it'”.
Life made difficult for Huawei João Castro defends that “it’s only through great naivety or lightness that one can say one feels perfectly at ease with this type of partner”. However, he acknowledges that companies, and in this case telecoms operators, “don’t always make decisions with the future security of the company in mind, when they are offered the opportunity to have competent equipment at a much lower price”.
He admits, however, that “if there are vulnerabilities, the risk exists, whether it’s Nokia, Ericsson or anyone else. You never know who might want to attack”. But João Castro believes that Huawei will have a harder time of it in Portugal, as this deliberation by the Superior Council for Cyberspace Security (CSSC) “makes visible and public” the fact that an assessment has recognized a risk associated with the use of its products and services.
“When we assess a risk, we don’t just take into account the likelihood of it occurring, but also its severity. “If someone found out my Gmail password, that’s a big upset for me, but if it’s something that affects billions of people, we’re talking about something much more worrying, and on top of that there’s the question of whether it’s detected or not” and whether someone can take information without their knowledge and for how long, he explains.
On the other hand, recalling the recent fines imposed on Facebook for violating the European data protection regime (notably by sending European users’ data to the USA), the expert stresses that it’s important for people to understand “that different companies have access to different types of information and use it” to serve their interests.
5G: China wants Portugal to adopt “rational” and “autonomous” policies after its decision