Huawei embraces Europe and shows its source code amid the political struggle between China and Trump

Huawei embraces Europe and shows its source code amid the political struggle between China and Trump.

The choice of Brussels by Huawei to install its “transparency and cybersecurity” laboratory it has little of chance. The center of European politics is easy to identify as the strategic location for the Chinese company that, in the midst of a technological and economic battle with the Trump administration, wants to defend its integrity by pointing to Europe as its great ally.

More than the opening of a technology center, we are witnessing political representation in the face of the media and public opinion. Proof of this is that its rotating president, Ken Hu, came to inaugurate a humble building in the center of Brussels; even more so is the cast of European politicians who went through the conferences, the presence of the GSMA CTO, Alex Sinclair, and that the entire event was a continuous praise of the European GPDR (“the most comprehensive data privacy law of the world, constitutes a very positive example for all the countries “in the words of Ken Hu).

Huawei’s literal message was enunciated by Hu – “Digital trust is based on standards and verifiable facts” – the underlying message was none other than to emphasize that the correct path is that of Europe and not that of the United States.

A center for teaching and auditing source code

After several tables, the messages issued by Huawei, researchers and politicians who made up the inaugural conference did not move away from several common places: “cyberattacks are growing in quantity and sophistication, so it is necessary to raise computer security to priority” is to have common standards and certifications like the GPDR but with care not to kill innovation “and the classic among classics “we have analog laws for a digital world”

It is not an invitation to be able to take it, nor a leap to open source by Huawei, but an attempt for said clients to be able to contrast their thesis: Trump’s attack on his integrity has no basis and it is possible to contrast it

Was there something concrete in the center that allowed us to talk about the underlined transparency and the much-talked about collaboration with the ecosystem that Huawei spokesmen insisted so much on? The proposal is that the Brussels laboratory allows clients of the Chinese company (governments, telecos, large companies) to access the source code and be able to audit it within the center. It is not an invitation to be able to take it, nor a leap to open source by Huawei, but an attempt that said clients can contrast their thesis: Trump’s attack on his integrity has no basis and it is possible to verify it.

In this way, Huawei points out, before hiring customers can inspect the code that accompanies phones, routers, network equipment or cloud solutions … precisely at the critical moment in the industry when choosing a supplier for 5G. The Chinese company is playing a lot, not in vain most analysts agree that its solutions are the most advanced for the new generation of networks thanks to an investment without comparison in the industry.

Two doubts in Huawei’s proposal and a strong response

Understanding that the operation of the center is based on the access and audit of a code that is housed in its headquarters in Shenzhen, the doubt that some journalists raised was obvious: cHow auditors can be sure that what they were seeing and analyzing was the same that would later be compiled and run on the computers or found in production on Huawei servers.

The immediate response was of the type “it is something very very complicated”, the long answer I transcribe directly:

There is no industry tool or easy mechanism to compare two different binaries, as the slightest difference in the source will cause big differences, and no vendor automatically provides this comparison capability. The problem of binary comparison must be addressed by the entire industry and must be solved through R&D engineering processes. At Huawei we understand how to do it, we have tried it many times and now we are evaluating the best way to industrialize this process to that creates value for customers. The verification service that ECSC provides is primarily to verify whether the product meets the customer’s safety standard.

In the background behind this proposal is the other great thesis on cybersecurity by Huawei: all discipline should be based on standards and tools recognized by the market, something preferable to working on a case-by-case basis or following an own practice that generates less trust. Back in Europe this derives a praise from the GPDR and a call to avoid fragmentation in the different certifications of each member state.

Nevertheless With the pro-based approach of working together and achieving global standards for privacy and security, another question arises and Huawei has it at home.. It is impossible to reconcile the vision of the citizen and the society that exists in Europe or the United States with the one that prevails in China and its government. At Engadget, we have analyzed the system with which China scores its citizens and assigns them punishments and rewards, and has repeatedly reviewed its application.

Asked that the underlying issue was whether the Chinese army and government are behind Huawei, the “Senior Vice President and the Global Cyber ​​Security & Privacy Officer” John Suffolk responded with the clarity that was required of him: “In 30 we have not received an order from the Chinese government to send data there. This is a fact. The Chinese government has already said that it does not ask for backdoors. ” “Even if we receive these requests, which will not happen, the co-founder and CIO have said that Huawei closes before meeting them”