The British Huawei oversight body published today a scathing report documenting vulnerabilities in Huawei’s equipment. Here, the Consumer Choice Center’s Senior Privacy Fellow Mikołaj Barczentewicz has commented on policy conclusions to draw from the report.
“The defects in Huawei software publicised today are significant and stem from Huawei giving insufficient weight to the security of their products by delivering good and safe code. Consumers cannot know if European and American manufacturers are doing better than Huawei in that respect, because manufacturers other than Huawei are not subjected to the same kind of public scrutiny.
“The Huawei case is an opportunity to introduce effective security certification of all critical equipment used in telecommunications infrastructure. The standards should be equally rigorous irrespective of who is the manufacturer. Bad code may be vulnerable no matter who wrote it.
“A ban on the use of any product or service, including Huawei’s, has to be on the table because without such threat manufacturers will lack sufficient incentive both to treat security seriously and to show that they are doing so.
“Huawei promised to improve security in three to five years. This is not good enough. All manufacturers should be made to feel real pressure to deliver secure products now, not in some distant future.
“Of course, there is a risk that the Chinese government could influence Huawei to act in ways that would undermine the security of European users of Huawei products and services. This is a reason to be cautious about Huawei, but is not sufficient to justify banning it altogether.
“We need to be careful to do only what is needed to safeguard security, without unnecessary protectionism. Trade wars hurt consumers.”