Christopher Balding, an associate professor of social sciences at Fulbright University Vietnam, posted an article online claiming to have uncovered “strong evidence that Huawei personnel act at the direction of Chinese state intelligence.”
News media have reported this as yet another black mark against Huawei, the world’s largest maker of telecoms equipment and the target of ongoing attacks by Washington, which is pushing its allies not to use Huawei gear in their 5G networks. Some weeks ago, Balding gave an interview with Czech Radio in which he repeated the claims made in his article.
Balding is not a fan of Huawei. He recently published another negative piece about the company, as did his co-researcher, the Henry Jackson Society in the UK. Fulbright University, the school where Balding teaches, is a non-profit institution funded by the US State Department. That doesn’t necessarily mean Balding is biased against Huawei, but given the current state of US-China relations, it is worth noting.
Upon reading it, I found that Balding’s paper is not a work of scholarship, even though he chose to post it on a site previously known as the Social Science Research Network now known as SSRN, a repository of academic papers available to the public. As Balding admits on his blog, the article was merely designed to “provide information into the public domain.”
He begins his article by saying that, in order to protect those who might face negative consequences if identified, he has deliberately presented his findings in such a way that no one can replicate them. This shields the article from any sort of peer review, or even basic fact-checking. Still, he says, his analysis provides “strong evidence” of a connection between Huawei and Chinese intelligence – a conclusion he reaches by examining the resumes of three Huawei employees that were leaked from several insecure Chinese job recruitment websites.
Earlier this year, those sites inadvertently released an amazing 590 million resumes into the public domain. Balding obtained 25,000 of them belonging to Huawei employees. He performed some keyword searches and found 100 resumes that suggested a possible connection to the military. But of those 100 CVs, his article looks at three.
The first CV belongs to someone pseudonymously referred to as Yang, an engineer whose job is to test software used in mobile base stations. Yang’s CV indicates that, while working at Huawei, he concurrently holds a teaching and research position at the National University of Defense Technology, one of China’s top military academies, located in Changsha, Hunan Province. Universities sometimes hire people from industry to teach part-time, but Huawei has a strict policy forbidding employees from holding any other jobs. Balding says in his paper that he “cannot rule out [the possibility that] there is a mistake in the data we have.”
Although the CV does not say it, Balding concludes, without explaining why, that in his capacity at the university, Yang works under a branch of the People’s Liberation Army (PLA) called the Strategic Support Force (SSF), which oversees “space, cyber, and electronic warfare
capabilities.” Balding says this “raises extremely troubling questions,” but then concludes that it is impossible to say for sure whether Yang has engaged in any spying or hacking. Nevertheless, he says, “the circumstantial evidence appears quite strong” that Yang’s work for Huawei on cellular base stations, and his (possible) status as a part-time employee of the PLA’s cyber-warfare unit, would allow him to help the PLA surreptitiously monitor data traffic on foreign networks.
As a social scientist, Balding may not appreciate the rigor with which Huawei’s code is tested by foreign governments. For example, in the UK, technology is evaluated by a special Cyber Security Evaluation Center set up in 2010 by the British government, and operated jointly by the country’s National Cyber Security Centre, Huawei, and carriers such as British Telecom. Similar Huawei evaluation centers exist in continental Europe and elsewhere around the world.
As a result, Huawei’s code may be the world’s most closely inspected, a fact that generally inspires confidence in our customers that the code has not been compromised. In fact, despite intense pressure from Washington not to do so, all of the UK’s main telecom operators have announced plans to use Huawei’s equipment in the radio access portions of their 5G networks – something they would not do if they believed the company posed a security threat.
The second CV belongs to a Huawei employee referred to as Li, who works as an R&D engineer in software development. Balding says Li’s CV indicates that, while at Huawei, he served as a “representative” of the Ministry of State Security, but was not actually a Ministry employee. Balding concludes that this alleged representative status would indicate a “systematized relationship” between the Ministry and Huawei. Li’s CV says he worked on building “lawful interception capability into Huawei equipment.” Balding says therefore “it is reasonable to believe” that Li did this on the Ministry’s behalf.
“Reasonable to believe” falls far short of “strong evidence,” much less proof, that Li cooperated with the Chinese Ministry of State Security. And even if he did, cooperating on matters of lawful interception would be, by definition, lawful. Most countries require telecom operators to provide gateways for police and law enforcement personnel to intercept communications in criminal cases. The practice is so common that a uniform interface for these gateways has been developed by technical standards bodies.
Balding also attempts to connect Li’s work at Huawei with a Bloomberg news story that incorrectly said Vodafone had found “backdoors” in Huawei’s network gear in Italy. (A backdoor, as the term is commonly used, means a vulnerability that is planted deliberately to make a piece of communications equipment insecure.) Vodafone quickly corrected the report, explaining that what Bloomberg had mistakenly called a backdoor was, in fact, part of a routine diagnostic function commonly used in the telecommunications industry – in other words, a potential point of network entry deliberately engineered into the equipment to let Huawei perform maintenance and upgrades, with Vodafone’s permission.
Ignoring this fact, Balding says “there is a clear match” between the type of work done by Li and the (routine) vulnerabilities found in Vodafone’s Italian network. He then immediately backtracks and says he can’t tie any of Li’s work to any particular project in Italy, since Li’s CV lacks the necessary information to make such a connection.
The third CV belongs to a Huawei employee referred to as Qiang, who previously had worked at China Aerospace Science and Technology Corporation (CASC). A state-run company involved in China’s space program, CASC also builds some missile technology. This connection, the author infers (his word), makes Qiang not a “normal coder or network engineer,” but a “state security asset.” Balding claims “there is also some evidence Qiang was involved in replication or hacking of foreign hardware,” but does not present the evidence in his paper.
Balding’s paper is provocative, and I can see why it caught the media’s attention. Some of it could be correct, but we’ll never know because no one can replicate his results.
Huawei is a global technology company with 194,000 employees. Inevitably, some of them will have worked for the government, or the military, or for organizations with military ties. Such ties, even if they exist, provide no proof of illicit activity. Huawei is one of many successful companies founded by veterans. Former military personnel usually regard their service as a badge of honor; US companies in particular boast about hiring veterans. One wonders what Balding might find if he analysed the CVs of employees at Ericsson, Nokia, Samsung, or Cisco.
Although Balding’s article is interesting, no serious analyst would say it presents “strong evidence” against Huawei. It consists largely of speculation and inference, and while there’s nothing wrong with those things, they should not be presented as research. Unfortunately, the allegations are now online. Journalists will refer to them when writing about Huawei in the future, making it harder for them – indeed, for everyone – to think objectively about the company, or about the important subject of cyber security.