Germany Ignores EU Warning On Huawei 5G Security Risk

Authored by Mike Shedlock via MishTalk,

German Chancellor Angela Merkel ignored an EU risk assessment and allows Huawei's 5G technology.

The Wall Street Journal reports EU Warns of 5G Risks Amid Scrutiny of Huawei.

The European Union has identified a series of specific security threats posed by foreign vendors of telecommunications equipment, significantly heightening the bloc’s scrutiny of suppliers like Huawei Technologies Co., according to officials familiar with the matter and a privately circulated risk assessment prepared by European governments.

Earlier in the week, the EU released a public report warning that hostile states or state-backed actors posed a security threat to new 5G mobile networks being rolled out around the world. 5G promises faster connection speeds and the ability to link lots of devices—from cars to pacemakers—to the internet.

“These vulnerabilities are not ones which can be remedied by making small technical changes, but are strategic and lasting in nature,” said a person familiar with the debate inside the European Council, the bloc’s top political policy-making body.

The analysis also said member states had reported the risk of “uncontrolled software updates, manipulation of functionalities, inclusion of functions to bypass audit mechanisms, backdoors, undocumented testing features left in the production version, among others.”

The report says vendors or operators that were linked to a nation-state “with a high geopolitical risk profile would increase the risk of espionage, especially where there were no democratic and legal restrictions in place.”

Huawei and China

The report did not specifically name Huawei or China but it's clear what the report was all about.

It seems everyone is afraid of incurring the wrath of China, especially Angela Merkel.

Germany Won’t Ban Huawei or any 5G Supplier Up Front

Please consider Germany Won’t Ban Huawei or any 5G Supplier Up Front

Germany is resisting US pressure to shut out Chinese tech giant Huawei from its 5G networks — saying it will not ban any supplier for the next-gen mobile networks on an up front basis, per Reuters.

“Essentially our approach is as follows: We are not taking a pre-emptive decision to ban any actor, or any company,” government spokesman, Steffen Seibert, told a news conference in Berlin yesterday.

German business newspaper Handelsblatt, which says it has reviewed a draft of the incoming 5G security requirements, reports that chancellor Angela Merkel stepped in to intervene to exclude a clause which would have blocked Huawei’s market access — fearing a rift with China if the tech giant is shut out.

Does Merkel's Position Make Sense?

Actually, I believe it does, for several reasons.

  1. Trump

  2. Germany's Infrastructure

  3. US Spying

Trump: Trump calls Huawei a security threat but is willing to allow it's technology as part of a trade agreement. Either Huawei is a security threat or it isn't. If it is, then it should not be used as a bargaining chip in negotiations. Trump says one thing and does another.

Infrastructure: Germany's infrastructure is already highly dependent on Huawei's 4G technology. It has a smooth transition to Huawei's 5G. Switching vendors would make a mess of things for years.

US Spying: Who can trust the US anyway?

New Security Threat

Edward Snowen, the hero who disclosed US spying on allied including Angela Merkel, reports Without Encryption, We Will Lose All Privacy. This is Our New Battleground.

In the midst of the greatest computer security crisis in history, the US government, along with the governments of the UK and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world’s information: encryption. Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe.

I know a little about this, because for a time I operated part of the US National Security Agency’s global system of mass surveillance. In June 2013 I worked with journalists to reveal that system to a scandalised world. Without encryption I could not have written the story of how it all happened – my book Permanent Record – and got the manuscript safely across borders that I myself can’t cross.

When I came forward in 2013, the US government wasn’t just passively surveilling internet traffic as it crossed the network, but had also found ways to co-opt and, at times, infiltrate the internal networks of major American tech companies.

Donald Trump’s attorney general, William Barr, who authorised one of the earliest mass surveillance programmes without reviewing whether it was legal, is now signalling an intention to halt – or even roll back – the progress of the last six years. WhatsApp, the messaging service owned by Facebook, already uses end-to-end encryption (E2EE): in March the company announced its intention to incorporate E2EE into its other messaging apps – Facebook Messenger and Instagram – as well. Now Barr is launching a public campaign to prevent Facebook from climbing this next rung on the ladder of digital security. This began with an open letter co-signed by Barr, UK home secretary Priti Patel, Australia’s minister for home affairs and the US secretary of homeland security, demanding Facebook abandon its encryption proposals.

The true explanation for why the US, UK and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power: E2EE gives control to individuals and the devices they use to send, receive and encrypt communications, not to the companies and carriers that route them. This, then, would require government surveillance to become more targeted and methodical, rather than indiscriminate and universal.

US Seeks a Backdoor

Snowden disclosed US spying on allies, including Angela Merkel.

Now, the US wants Google, Facebook, WhatsApp and everyone else to put in a backdoor that it can exploit. And it will. And backdoors are not secure, on purpose, by definition.

If the US can exploit a backdoor, so can others, as soon as they figure it out, and someone will.

Can anyone trust the US to not put in 5G backdoors?

Of course not.

But we can trust the US, UK, and EU to keep a very close eye on what Huawei is doing.

That does not solve all the issues, but as long as the US cannot be trusted, Merkel may as well trust but monitor Huawei instead of totally not trusting the US at all.

Sadly, the US is nothing but the very surveillance state we accuse others of being.