Today, the United Kingdom House of Commons Science and Technology Committee heard testimony on what the Committee termed “the possible security risks involved with 5G communications networks and to what extent those risks can be managed.” One of the key witnesses was John Suffolk, a Senior Vice President and the Global Cyber Security & Privacy Officer for Chinese telecommunications company Huawei Technologies. Huawei has been the target of U.S. efforts to discourage other countries from adopting Huawei 5G technology, because of persistent U.S. Government concerns that the Chinese government could exploit Huawei “to spy on other countries and companies.”
In his testimony, Suffolk reportedly stated that Huawei had “sought guidance from its attorneys to see if a Chinese law on domestic companies’ cooperation with the government on security matters could force it to conduct foreign intelligence work.” According to Suffolk, Huawei’s outside counsel had twice validated that “[t]here are no laws in China that obligate us to work with the Chinese government with anything whatsoever.”
At the same time, The Times reported, Suffolk – who had been Her Majesty’s Government Chief Information Officer and Chief Information Security Officer before joining Huawei in 2011 — admitted that Huawei “could be broken into by the Chinese security services.” When asked whether “Chinese agencies could get into Huawei’s systems if they wanted,” Suffolk responded, “Edward Snowden amply demonstrated that governments of capability can break into most things, including breaking into Huawei servers, so you could never say that a government, whoever they are, if they have the capability, can’t break into systems.”
Note: Suffolk’s assurance that Chinese law does not compel Huawei to cooperate with Chinese authorities will give scant comfort to governments with existing concerns about cyber-espionage. Moreover, his frank acknowledgement that Chinese authorities could hack into Huawei technology, regardless of the state of Chinese law, will undoubtedly be cited by U.S. authorities in its continuing offensive against Huawei. Suffolk’s words will not be the last word on the potential cybersecurity risks that Huawei poses, but could well influence the pace and direction of that debate.