Europe’ data security dilemma: the Huawei debate

Europe’ data security dilemma: the Huawei debate

Last month, Huawei offered an anti-spy agreement to Germany, in order to ease the data security concerns and be able to participate in the country’s 5G mobile networks. However, without the same level of guarantee from the Chinese government, it is unlikely that the concerns could be eliminated. What would be the next step for European countries on this matter?

In an attempt to address concerns about data and cybersecurity which obstruct its access to the European 5G market, Huawei last month offered a no-spy-agreement to Germany. The company’s chairman, Zhengfei Ren, also stated that he would urge the Chinese government to sign a deal with Berlin that would stipulate Beijing’s adherence to the European General Data Protection Regulation (GDPR). While this move demonstrates the lengths to which Huawei is willing to go in the competition for Europe’s emerging 5G rollout, it is unlikely to eliminate the wariness of European policymakers. Instead, it is time that the EU adopts a more streamlined and timely approach to the development of its domestic infrastructure.

Pressure and warnings from the US

Huawei’s most recent attempt at trust-building with Germany comes in the midst of the country’s auction process for construction of its 5G network. It also comes a few weeks after the United States doubled down on its efforts to dissuade Five Eyes and European countries from using Chinese telecommunications equipments and systems.

In February, Secretary of State Mike Pompeo said that it would be “difficult” for the US to cooperate with countries relying on Huawei technology. A few weeks later, the US again warned Germany (which leaves it up to its network providers whether they would cooperate with Huawei) that using “untrusted vendors” in its telecom infrastructure would put future information sharing at risk.

Varying approaches within the EU

5G networks are, indeed, of particular security concern. They rely on an ever-increasing number of connected machines and constant software updates in order to provide high data speed. This makes the detection of breaches in data security difficult, therefore making 5G networks attractive targets for hackers.

Last July, Britain’s cybersecurity agency reviewed Huawei’s engineering practices and found “shortcomings” that could expose the country’s telecommunication networks to new risks. BT, the country’s largest telecom provider, has announced that it will remove Huawei from its existing networks. In mainland Europe, France’s Orange has already terminated its cooperation with Huawei. And earlier this year, internal documents revealed that the European Commission views Huawei’s current dominance in the telecom vendor space as a threat to Europe’s long-term security and autonomy.

Yet, it is unlikely that Germany, and most other EU member states, will set up a blanket ban to Huawei or other Chinese telecommunication companies. An exception might be that certain EU governments would apply formal bans on using Chinese telecoms equipments in highly sensitive areas such as defense departments – but these will never get publicized. Outside of these areas, the EU views blanket bans as non-competitive and hurtful for its own economic development.

Especially when it comes to 5G networks, European infrastructure construction so far has dragged behind that of both China and the US. Many local providers in Europe are working with Chinese manufacturers in the telecom vendor space. Huawei, due to its deep market penetration in Europe and the fact that it also offers highly competitive prices, is a crucial partner for many European telecommunications firms. So far, it has signed MoUs with wireless providers in at least eight European countries. Under these circumstances, simply banning Huawei from contributing to 5G infrastructure could largely increase prices offered by its competitors. This could also delay the rollout of 5G mobile networks in Germany until potentially 2 years after the earliest adopters of 5G.

Silence from Beijing

However, Ren’s statement was not accompanied by a similar assurance from Beijing itself. It is therefore unlikely that Ren’s promise would succeed in eliminating the existing security concerns related to the use of Chinese telecommunications equipment. The Chinese security legislation on companies’ obligations to cooperate with the state does not grant exceptions for companies or their subsidiaries operating abroad. Judging from the Chinese government’s past decisions, it is unlikely that it would agree to signing an agreement of the likes described by Ren.

Furthermore, the EGDPR is a vast regulation effort and Beijing is likely to deem the opportunity cost that comes with always respecting it as being too high.

In recent years, the Chinese government has made an effort to at least somewhat be perceived as not engaging in Chinese companies abroad, especially the non-state owned ones like Huawei. They have also firmly and repeatedly denied any allegations of data security breach or espionage through Chinese telecom companies abroad. Therefore, it is inconceivable that Beijing would now agree to sign an intergovernmental deal to not do something they have never admitted doing.

Looking ahead

Falling even further behind in the 5G rollout process would have long term strategic and economic implications for Germany and its fellow EU-member states. However, so would becoming overly dependent on Chinese technology throughout this process, and losing avenues of intelligence-sharing with its most important partner across the Atlantic. Both would have negative impacts on European companies operating in the telecommunications sector.

European leaders will thus have to walk a fine line of managing to prevent all of the above. Such an endeavor will certainly prove difficult – and even more so if EU member states continue to apply different standards and rules when it comes to telecommunication security standards.

A streamlined approach to developing and enforcing cybersecurity standards therefore should be the first step. Both the EU Council of Ministers as well as the Commission have recently indicated that they are envisioning such measures – but so far, dates of delivery have been kept vague. At some point, Brussels will have to set itself a clear deadline on the matter. However, with the pending EU parliament elections, Brexit, and a new president of the EU Commission to be nominated in the upcoming month, it is uncertain when this will occur.

On the other hand, it is likely that EU governments soon will commit higher, and more targeted, investments to further the development of its domestic 5G technology. So far, the only European companies offering competitive equipment are Nokia and Ericsson. Many EU economies still rely too heavily on their traditional competitive industries and do not seem sufficiently interested in expanding into the digital realm. It is crucial that the EU soon begins to form its own expansive digital development hub to avoid becoming dependent on any foreign supplier.

Lastly, if the US and EU were to scale back intelligence sharing over this dispute, outcomes for both would be counterproductive, as it could prevent the two partners from developing protective measures against espionage. Policymakers in both the EU and, even if currently not at the forefront, the US, are aware of this. It remains to be seen whether the latter will succeed in maintaining or, preferably, intensifying intelligence cooperation over time. If they fail, China will emerge far ahead after all.

Categories: Europe, Security

About Author

Hannah Elten

Hannah Elten is a Schwarzman Scholars Alumna and a diplomat in the German Foreign Service. She holds Degrees in Public Policy, International Relations and Asian Studies from Tsinghua University, Beijing, Sciences Po Paris and the University of Sydney