The action being taken by various governments to limit the involvement of China’s Huawei in the provision of equipment for 5G has brought into sharp-focus an issue that has been around for some time, but is now becoming more acute for national security of individual countries. That is, how to ensure that purchased Information and Communication Technology (ICT) hardware and software does not contain aspects, either at time of purchase or later, that offer the possibility of being maliciously used on a large scale – either for espionage or sabotage of crucial national infrastructure.
Australia has totally banned the use of Huawei equipment in its future 5G telecommunications network, while the US has banned its use by official organizations. The US, UK and a number of other developed countries may eventually follow the Australian lead.
Recent focus has been very much on 5G because of the role that it will play in supporting the use of Artificial Intelligence (AI), Internet of Things (IoT), Cloud etc; and, the outsized role that Chinese companies in supplying much of the needed infrastructure (eg Huawei and ZTE) around the world.
The international developments seem almost certain to put Russia in a difficult position. Is it anti-Huawei, pro-Huawei, or somewhere in the middle. If it is in the middle, how does Russia ensure its national security interests?
A Russian National Technology Initiative (NTI) document in 2016 saw the world as being increasingly divided up into closed “economic-trade” blocks formed on the basis of a combination of economic and political issues. It was argued that these blocks, or “alliances, aim to develop and retain production value added chains” that are protected from outside competition by ensuring that their rules and standards become the norm. The NTI document went on to say that countries and companies which are outside these blocks/alliances and their value added chains cannot break into them because the technological standards have already been set to disadvantage them.
Thus, according to the document, the NTI was given the goal of making Russia “one of the ‘big three’ major technological states by 2035, and have its own high-tech specialization in the global chain of creating additional value”. In order to achieve this, Russia will need is own block/alliance or participate in others in such a way that it becomes a leader in “developing and confirming international technical standards”.
President Putin, in his address to the St. Petersburg economic forum on 17 June 2016, said: “Today we see attempts to secure or even monopolize the benefits of new generation technologies. This, I think, is the motive behind the creation of restricted areas with regulatory barriers to reduce the cross-flow of breakthrough technologies to other regions of the world with fairly tight control over cooperation chains for maximum gain from technological advances.”
Then US Secretary of State played-up the security aspects of such economic-trade blocs: “I have worked from day one to emphasize that foreign policy is economic policy and economic policy is foreign policy. Without a doubt, these trade agreements are at the center of defending our strategic interests, deepening our diplomatic relationships, strengthening our national security, and reinforcing our leadership across the globe.” “Even as we seek to complete TTIP and strengthen our bonds across one ocean, we know that our future prosperity and security will also rest on America’s role as a Pacific power. Central to that effort is the adoption of (Transpacific Partnership) TPP.”
However, given the prospective Brexit and the rise of Trump as an economic nationalist, such blocs seemed very unlikely when I first wrote about the NTI in 2016. Since then, Trump’s strident America first approach to the economy, abandonment of TPP, and lack of interest in an US role in international security issues would seem to have confirmed my earlier view.
Nevertheless, “Western” concern about advances in Chinese technology, the way it is being acquired (allegations of IP theft and heavy-handed treatment of companies seeking to invest in China), and the way it is being used (Xinjiang) seems to be leading to at least partial technology blocs — with the possibility of broadening to aspects of international trade and investment.
Whereas the NTI idea of economic / trade blocs was largely based on the political and economic consequences of growing global value-added chains in high-tech and Russia’s need to be part of this trend, we may now be in a situation where such economic / trade blocs will be formed by a perceived urgent need to tear existing high-tech value-added chains apart in the name of national security and create new ones. National Security is now very much in the driver’s seat!
Putin’s point about “attempts to secure or even monopolize the benefits of new generation technologies” remains valid, as does the issue — in a different form — of what bloc if any can or should Russia join.
Concerns about the security aspects of Huawei telecommunication equipment in the UK led to the establishment of the Huawei Cyber Security Evaluation Centre” (HCSEC). While Huawei pays the costs of this centre, it has no control over its operation. A HCSEC Oversight Board was established in 2014. Its fourth report in 2018 concluded that:
“5.2 The key conclusions from the Board’s fourth year of work are:
It is evident that HCSEC continues to provide unique, world-class cyber security expertise and technical assurance of sufficient scope and quality as to be appropriate for the current stage in the assurance framework around Huawei in the UK ii. However, Huawei’s processes continue to fall short of industry good practice and make it difficult to provide long term assurance. The lack of progress in remediating these is disappointing. NCSC and Huawei are working with the network operators to develop a long-term solution, regarding the lack of lifecycle management around third party components, a new strategic risk to the UK telecommunications networks. Significant work will be required to remediate this issue and provide interim risk management.
iii. The HCSEC Oversight Board is assured that the Ernst & Young Audit Report provides important, external reassurance that the arrangements for HCSEC’s operational independence from Huawei Headquarters is operating robustly and effectively, and in a manner consistent with the 2010 arrangements between the Government and the company. The issue identified was rated as low risk and two further advisory issues were identified.
5.3 Overall therefore, the Oversight Board has concluded that in the year 2017-2018, HCSEC fulfilled its obligations in respect of the provision of security and engineering assurance artefacts to the NCSC and the UK operators as part of the strategy to manage risks to UK national security from Huawei’s involvement in the UK’s critical networks. However, the execution of the strategy exposed a number of risks which will need significant additional work and management. The Oversight Board will need to pay attention to these issues.”
The qualified nature of the HCSEC reports has led to come commentators to offer strong support to the Australian bans on Huawei participation in Australian 5G. This is particularly the case with the ASPI International Cyber Policy Centre. The Centre’s Tom Uren says that the contents of the four HCSEC oversight board annual reports (2015, 2016, 2017 and 2018) “show that it is very difficult indeed” to “assess products to make sure they won’t be used to spy on us”.
However, the underlying issue is broader than Huawei and 5G. A 2018 book by Olav Lysne concludes that:
“Industrialized nation states are currently facing an almost impossible dilemma. On one hand, the critical functions of their societies, such as the water supply, the power supply, transportation, healthcare, and phone and messaging services, are built on top of a huge distributed digital infrastructure. On the other hand, equipment for the same infrastructure is made of components constructed in countries or by companies that are inherently not trusted. In this book, we have demonstrated that verifying the functionality of these components is not feasible given the current state of the art. The security implications of this are enormous. The critical functions of society mentioned above are so instrumental to our well-being that threats to their integrity also threaten the integrity of entire nations. The procurement of electronic equipment for national infrastructures therefore represents serious exposure to risk and decisions on whom to buy equipment from should be treated accordingly. The problem also has an industrial dimension, in that companies fearing industrial espionage or sabotage should be cautious in choosing from whom to buy electronic components and equipment. Honest providers of equipment and components see this problem from another angle. Large international companies have been shut out of entire markets because of allegations that their equipment cannot be trusted. For them, the problem is stated differently: How can they prove that the equipment they sell does not have hidden malicious functionality? We have seen throughout the chapters of this book that we are currently far from being able to solve the problem from that angle as well. This observation implies that our problem is not only a question of security but also a question of impediments to free trade. Although difﬁcult, the question of how to build veriﬁable trust in electronic equipment remains important and its importance shows every sign of growing.”
The basic technical reason for Australia banning Huawei has been put forward by the head of its Signals Directorate: “5G is not just fast data, it is also high-density connection of devices – human to human, human to machine and machine to machine – and finally it is much lower signal latency or speed of response. Historically, we have protected the sensitive information and functions at the core of our telecommunications networks by confining our high-risk vendors to the edge of our networks. But the distinction between core and edge collapses in 5G networks. That means that a potential threat anywhere in the network will be a threat to the whole network. In consultation with operators and vendors, we worked hard this year to see if there were ways to protect our 5G networks if high-risk vendor equipment was present anywhere in these networks. At the end of this process, my advice was to exclude high-risk vendors from the entirety of evolving 5G networks.”
The technical issues of 5G are very complex and there is no universal agreement in any country about the introduction and operation of networks. International technical standards are still being developed. Initially, many basic 5G features will be delivered in most cases by upgraded 4G infrastructure, but getting the most out of 5G – in terms of speed and capacity – will require significant new investment in telecommunications infrastructure.
A controversial US proposal to build secure 5G as a “single, inherently protected, information transportation super highway” was produced by members of the US security establishment in early 2018 – and found its way into the public arena. The document says that presently “data traverses cyberspace through a patchwork transport layer constructed through an evolutionary process as technology matured”. “Measures to secure and protect data and information result in an ‘overhead’ that affects network performance – they reduce throughput, increase latency, and result in an inherently and inefficient and unreliable construct. Additionally, the framework under which access and services are allocated is suboptimal, yielding incomplete and redundant networks. Without a concerted effort to reframe and reimagine the information space, America will continue on the same trajectory – chasing cyber adversaries in an information environment where security is scarce.”
It goes on to say that “the advent of ‘secure’ network technology and the move to 5G presents an opportunity to create a completely new framework.” “Whoever leads in technology and market share for 5G development will have a tremendous advantage towards ushering in the massive Internet of Things, machine learning, AI, and thus the commanding heights of the information domain.” “The transformative nature of 5G is its ability to enable the massive Internet of Things.” “Using efforts like China Manufacturing 2025 (CM2025) and the 13th Five Year Plan, China has assembled the basic components required for winning the AI arms race.”
While the proposal for a such extensive government involvement in US 5G infrastructure seems to have been rejected, it does indicate the level of attention being focused on the issue.
The Russian Ministry of Communications is advocating that private Russian telecommunications companies share much of the 5G infrastructure, which may to some degree allow a more secure network to be built. However, this does not solve the problem of where to source the equipment.
What should Russia do if the concerns about Huawei and Chinese technology more generally start to lead to the formation of an anti-Chinese technology based economic bloc?
There is little reason to believe Russia will be any better than Western countries in evaluating the security related aspects of Chinese technology, and there would be a strong case for Russia to follow the lead of Australia, the UK, USA etc. However, there would be several arguments against such a course of action.
Firstly, Russia will not want to jeopardize its present good political relationship with China. Apart from energy sales the economic relationship between Russia and China is not strong, however geography means that Russia has a huge stake in the political relationship.
Secondly, if it is possible for Huawei and other Chinese companies to do the harmful things that are claimed then presumably non-Chinese suppliers could also do the same to Russia at the request (or demand) of their country’s security agencies. While Western commentators make much of China’s June 2017 National Intelligence Law that obliges “all organizations and citizens” to “support, cooperate and collaborate in national intelligence work”, Western high-tech companies would almost certainly do the same when it comes to Russia given its very poor image in those countries and the perceived Russian threat to those countries.
Thirdly, at a purely technical level there is nothing to suggest that Russia could build 5G infrastructure without importing most of the equipment. While Russia has a solid reputation in the software field, Russian manufacturing capacity and quality is not high. Russia’s efforts to promote the high-tech sector from the top have not been particularly successful. Even China is very dependent on crucial imported 5G components.
Fourthly, my September 2016 report on the NTI suggested that Russia needed to put more emphasis on using available digital technology rather than trying to develop new leading-edge products. In early 2017, the Russian government announced its “Strategy for the Development of the Information Society in the Russian Federation for 2017-2030” While much can be done using existing 4G infrastructure, a good 5G network will be necessary well before 2030 to maximize the benefits of the strategy as well as take best advantage of any NTI successes.
As things now stand, Russia is likely to use Chinese Huawei (and other Chinese) hardware while attempting to ensure that Russian software is used wherever possible. However, as already noted, this will be no easy task.
It is difficult to avoid the conclusion that when it comes to 5G and national security, Russia is between a rock and a hard-place. It has neither the 5G infrastructure manufacturing capacity of the US and China, nor any real friends that are capable of helping it.
US Blacklist of Chinese Surveillance Companies Creates Supply Chain Confusion
The United States Department of Commerce’s decision to blacklist 28 Chinese public safety organizations and commercial entities hit at some of China’s most dominant vendors within the security industry. Of the eight commercial entities added to the blacklist, six of them are some of China’s most successful digital forensics, facial recognition, and AI companies. However, the two surveillance manufacturers who made this blacklist could have a significant impact on the global market at large—Dahua and Hikvision.
Putting geopolitics aside, Dahua’s and Hikvision’s positions within the overall global digital surveillance market makes their blacklisting somewhat of a shock, with the immediate effects touching off significant questions among U.S. partners, end users, and supply chain partners.
Frost & Sullivan’s research finds that, currently, Hikvision and Dahua rank second and third in total global sales among the $20.48 billion global surveillance market but are fast-tracking to become the top two vendors among IP surveillance camera manufacturers. Their insurgent rise among IP surveillance camera providers came about due to both companies’ aggressive growth pipelines, significant product libraries of high-quality surveillance cameras and new imaging technologies, and low-cost pricing models that provide customers with higher levels of affordability.
This is also not the first time that these two vendors have found themselves in the crosshairs of the U.S. government. In 2018, the U.S. initiated a ban on the sale and use of Hikvision and Dahua camera equipment within government-owned facilities, including the Department of Defense, military bases, and government-owned buildings. However, the vague language of the ban made it difficult for end users to determine whether they were just banned from new purchases of Dahua or Hikvision cameras or if they needed to completely rip-and-replace existing equipment with another brand. Systems integrators, distributors, and even technology partners themselves remained unsure of how they should handle the ban’s implications, only serving to sow confusion among U.S. customers.
In addition to confusion over how end users in the government space were to proceed regarding their Hikvision and Dahua equipment came the realization that both companies held significant customer share among commercial companies throughout the U.S. market—so where was the ban’s line being drawn for these entities? Were they to comply or not? If so, how? Again, these questions have remained unanswered since 2018.
Hikvision and Dahua each have built a strong presence within the U.S. market, despite the 2018 ban. Both companies are seen as regular participants in industry tradeshows and events, and remain active among industry partners throughout the surveillance ecosystem. Both companies have also attempted to work with the U.S. government to alleviate security concerns and draw clearer guidelines for their sales and distribution partners throughout the country. They even established regional operations centers and headquarters in the country.
While blacklisting does send a clearer message to end users, integrators, and distributors—for sales and usage of these companies’ technologies—remedies for future actions still remain unclear. When it comes to legacy Hikvision and Dahua cameras, the onus appears to be on end users and integrators to decide whether rip-and-replace strategies are the best way to comply with government rulings or to just leave the solutions in place and hope for the best.
As far as broader global impacts of this action, these will remain to be seen. While the 2018 ban did bring about talks of similar bans in other regions, none of these bans ever materialized. Dahua and Hikvision maintained their strong market positioning, even achieving higher-than-average growth rates in the past year. Blacklisting does send a stronger message to global regulators though, so market participants outside the U.S. will just have to adopt a wait-and-see posture to see how, if at all, they may need to prepare their own surveillance equipment supply chains for changes to come.
After Google’s new set of community standards: What next?
After weeks of Google’s community standard guidelines made headlines, the Digital Industry Group Inc. (Australia based NGO) rejected proposals from the regulating body based in the southern hemisphere. The group claimed that regulating “fake news” would make the Australian Competition and Consumer Commission a moral police institution. In late August, Google itself forbade its employees from indulging in the dissemination of inadequate information or one that involved internal debates. From the outset, the picture is a bit confusing. After the events in Australia, Google’s latest act of disciplinary intrusion seems all but galvanizing from certain interests or interest groups.
A year earlier, Google was shaken by claims of protecting top-level executives from sexual crimes; the issue took a serious turn and almost deteriorated company operations. If anything but Google’s development from the horror of 2018 clearly suggests a desperate need from the hierarchy to curb actions that could potentially damage the interests of several stakeholders. There is no comprehensive evidence to suggest that Google had a view on how the regulations were proposed in Australia. After all, until proven otherwise, all whistleblowing social media posts and comments are at one point of time, “fake”. Although the global giant has decided to discontinue all forms of unjustifiable freedom inside its premises; however, it does profit by providing the platform for activism and all forms of censure. The Digital Industry Group wants the freedom to encourage digital creative contents, but Google’s need to publish a community guideline looks more of a defensive shield against uncertainties.
On its statement, the disciplinary clause, significantly mentions about the actions that will be taken against staffs providing information that goes around Google’s internal message boards. In 2017, female employees inside the Google office were subjected to discrimination based on the “gender-ness” of working positions. Kevin Kernekee, an ex-employee, who was fired in 2018, confirmed that staff bullying was at the core of such messaging platforms. Growing incidents inside Google and its recent community stance are but only fuelling assumptions about the ghost that is surrounding the internet giant’s reputation. Consequently, from the consumer’s point of view, an instable organization of such global stature is an alarm.
The dissidents at Google are not to be blamed entirely. As many would argue, the very foundation of the company was based on the values of expression at work. The nature of access stipulated into Google’s interface is another example of what it stands for, at least in the eyes of consumers. Stakeholders would not wish for an internal turmoil; it would be against the enormous amount of trust invested into the workings of the company. If google can backtrack from its core values upon higher forces, consumers cannot expect anything different. Google is not merely a search engine; for almost half of the internet users, it is almost everything.
“Be responsible, Be helpful, Be thoughtful”. These phrases are the opening remarks from the newly engineered community guideline. As it claims in the document, three principles govern the core values at Google. Upon closer inspection, it also sounds as if the values are only based on what it expects from the people working for the company. A global company that can resort to disciplining its staff via written texts can also trim the rights of its far-reaching consumer groups. It might only be the beginning but the tail is on fire.
How to Design Responsible Technology
Biased algorithms and noninclusive data sets are contributing to a growing ‘techlash’ around the world. Today, the World Economic Forum, the international organisation for public-private cooperation has released a new approach to help governments and businesses counter these growing societal risks.
The Responsible Use of Technology report provides a step-by-step framework for companies and governments to pin point where and how they can integrate ethics and human rights-based approaches into innovation. Key questions and actions guide organizations through each phase of a technology’s development process and highlight what can be done and when to help organizations mitigate unethical practices. Notably, the framework can be applied on technology in the ‘final’ use and application phase, empowering users to play an active role in advocating for policies, laws and regulations that address societal risks.
The guide was co-designed by industry leaders from civil society, international organizations and businesses including BSR, the Markkula Centre for Applied Ethics, the United Nation’s Office of the High Commissioner for Human Rights, Microsoft, Uber, Salesforce, IDEO, Deloitte, Omidyar Network and Workday. The team examined national technology strategies, international business programmes and ethical task forces from around the world, combining lessons learned with local expertise to develop a guide that would be inclusive across different cultures.
“Numerous government and large technology companies around the world have announced strategies for managing emerging technologies,” said Pablo Quintanilla, Fellow at the World Economic Forum, and Director in the Office of Innovation, Salesforce. “This project presents an opportunity for companies, national governments, civil society organizations, and consumers to teach and to learn from each other how to better build and deploy ethically-sound technology. Having an inclusive vision requires collaboration across all global stakeholders.”
“We need to apply ethics and human rights-based approaches to every phase in the lifecycle of technology – from design and development by technology companies through to the end use and application by companies across a range of industries,” said Hannah Darnton, Programme Manager, BSR. “Through this paper, we hope to advance the conversation of distributed responsibility and appropriate action across the whole value chain of actors.”
“Here, we can draw from lessons learned from companies’ efforts to implement ‘privacy and security by design,” said Sabrina Ross, Global Head of Marketplace Policy, Uber. “Operationalizing responsible design requires leveraging a shared framework and building it into the right parts of each company’s process, culture and commitments. At Uber, we’ve baked five principles into our product development process so that our marketplace design remains consistent with and accountable to these principles.”
This report is part of the World Economic Forum’s Responsible Development, Deployment and Use of Technology project. It is the first in a series tackling the topic of technology governance. It will help inform the key themes at the Forum’s Global Technology Governance Summit in San Francisco in April 2020. The project team will work across industries to produce a more detailed suite of implementation tools for organizations to help companies promote and train their own ‘ethical champions’. The steering committee now in place will codesign the next steps with the project team, building on the input already received from global stakeholders in Africa, Asia, Europe, North America and South America.
The Centre for the Fourth Industrial Revolution Network brings together more than 100 governments, businesses, start-ups, international organizations, members of civil society and world-renown experts to co-design and pilot innovative approaches to the policy and governance of technology. Teams in Colombia, China, India, Israel, Japan, UAE and US are creating human-centred and agile policies to be piloted by policy-makers and legislators, shaping the future of emerging technology in ways that maximize their benefits and minimize their risks. More than 40 projects are in progress across six areas: artificial intelligence, autonomous mobility, blockchain, data policy, drones and the internet of things.
The Network helped Rwanda write the world’s first agile aviation regulation for drones and is scaling this up throughout Africa and Asia. It also developed actionable governance toolkits for corporate executives on blockchain and artificial intelligence, co-designed the first-ever Industrial IoT (IIoT) Safety and Security Protocol and created a personal data policy framework with the UAE.
Donald Trump, Foreign Policy Incoherence and Inadvertent Nuclear War
“In a surrealist year….some cool clown pressed an inedible mushroom button, and an inaudible Sunday bomb fell down, catching the...
Radisson Blu unveils the rebirth of a Kyiv legend
Radisson Blu, the upper upscale hotel brand that delivers a positive and personalized service in stylish spaces, is delighted to...
“Strategically brilliant” sellout: Trump’s betrayal of the Kurds
“At last the world knows America as the savior of the world!” —U.S. president Woodrow Wilson Turkey invaded the Syrian Arab...
UNIDO supports Budapest Appeal to prevent and manage looming water crises
LI Yong, the Director General of the United Nations Industrial Development Organization (UNIDO) acted as a panelist during the opening...
Global solar PV market set for spectacular growth over next 5 years
The installation of solar PV systems on homes, commercial buildings and industrial facilities is set to take off over the...
The Sochi Summit and the Pride of Africa
After nearly three decades of extremely low political, economic and cultural engagement, Russia is indeed returning to Africa. For obvious...
Mandarin Oriental Announces Luxury Hotel in Nanjing
Mandarin Oriental Hotel Group has announced that it will manage a luxury hotel in Nanjing, the capital of Jiangsu Province...
Science & Technology3 days ago
US Blacklist of Chinese Surveillance Companies Creates Supply Chain Confusion
Economy2 days ago
Modi’s India a flawed partner for post-Brexit Britain
Europe3 days ago
The return of a “political wunderkind”: Results of parliamentary elections in Austria
Defense3 days ago
Revitalising the Quad
Newsdesk3 days ago
Landmark labour reforms signal end of kafala system in Qatar
Middle East3 days ago
The Turkish Gambit
Americas2 days ago
AMLO’s Failed State
Terrorism2 days ago
Indian Mujahideen, IS and Hizbul Tahrir: Breeding ground for terrorism in South Asia