Huawei 5G kit must be removed from UK by 2027

The justification is that the equipment presents a national security risk.

If that's true, how is it reasonable to allow this equipment to operate in the UK for 7 more years? Doesn't that mean the UK is willingly under national security risk for 7 years?

Unless, of course, there was never a security risk...

Not dissimilar to how face masks are being made compulsory in shops by the British government.

In 11 days' time.

Presumably it's about judging what is an acceptable degree of risk vs stripping out all Huawei equipment immediately and effecively crippling the nation's comms infrastrtucture.

And 2 days ago Gove said they wouldn't be compulsory.

They are just panicking because of the economy (latest figures show a 20% crash).

Our governments balance these concerns all the time: economic cost vs security risk. It's very normal.

I see you've never been in charge of risk mitigation measures. I do them as part of my job and am tasked with scoring risks and possible mitigation responses. Sometimes the mitigation is so effective that it can eliminate the risk but other times it is practically useless.

Decision makers then need to asses those risks and possible mitigations and weigh them against a million other factors.

Future-dating it is a sensible move to allow people to get used to the idea, to disseminate the news, and to allow time to obtain the necessary equipment. It will increase compliance compared to an immediate rule change. Bear in mind that only about 5%-10% of people in UK currently are wearing masks in shops (based on my own local observations).

Is 5G really already “critical”? I thought it was only just starting to be phased in when the virus became more important to worry about.

You're assuming everyone who must to go to a shop in the next 11 days already have in their possession an appropriate face covering; the definition of which is as yet unknown.

While that is true, these rules should’ve been brought in months ago.

(Also: do people really need more than one week?)

Many things represent a national security risk. Switching off the equipment overnight, I would argue, also represents a risk to national security.

Right. I think it's mostly just to keep the US happy.

yet, dissimilar in so many ways (number of manufacturers, ease of access, cost, offenses against fellow humans notwithstanding)

they could introduce the measure immediately for all but essential shops, with essential shops a week later to allow people to acquire appropriate face covering

Months ago there were massive shortages of PPE and UK was largely in lockdown with most people only going out to exercise and to shop, not going anywhere else, and not seeing famliy, friends etc.

Now the risk profile of things has changed because people are out and about more.

But 11 days does seem a bit long, sure.

If the face masks are that essential (which they probably are): wrap a t shirt around your face.

It isn't just 5G, Huawei equipment is used throughout the telecom industry.

Which does raise the question, why are we concerned about 5G when Huawei is presumably also behind much of the 4G and other existing infrastructure? What's the difference in terms of security risk?

This is a good example of the kinds of tradeoffs which must be made at the highest levels of public service.

> Doesn't that mean the UK is willingly under national security risk for 7 years?

No, and I'll come on to why in a second.

Huawei, just like any Chinese corporation operating overseas, is an attack vector for intelligence gathering. Anyone presenting a counter-argument to this is either a shill for the Chinese government, or totally uninformed.

China has a culturally distinct attitude towards intelligence and intelligence gathering to nearly every western country. The national emphasis on the collective good blurs the line between private citizens, acting in a personal or professional capacity, and the stereotypical impression of a "spy" perpetuated in the west: on the payroll, going to their cubicle at the CIA each day. China's voracious appetite for intelligence (and, particularly in recent years, industrial espionage), means that it is impossible to distinguish between the commercial interests of a Chinese company and the Chinese state furthering its apparatus.

Remember Crypto AG? The Swiss crypto company jointly-operated by the CIA and German intelligence?[1] That's newsworthy because it's unusual: western states are typically limited to publicly lobbying their corporations for backdoor access, or working around things like end-to-end encryption (e.g. I believe PRISM used a combination of vulnerabilities to exfiltrate data from Hotmail and MSN prior to encryption taking place).

In China, we must assume that the reverse is the norm: the Chinese government does not need to lobby its companies to provide it with data, or to build-in backdoors or exploits. A Chinese corporation can be compelled to turn over everything it has, silently, and to compromise users and products to benefit the Chinese government, silently.

Crucially this is not a criticism of China. China can best be understood by Westerners as a series of tradeoffs to benefit the collective good, at the expense of personal liberty and privacy. Literally the argument you might encounter would be: "If you have nothing to hide then why do you care?"

The information gathered is not always as exciting as you might imagine. It's not just deployed into military intelligence or kompromat. It might "just" be used as a means of preserving China's status quo as a leading manufacturing hub (and, therefore, China's position as a growing economic power).

So China a) has a vast appetite for intelligence of all kinds, and b) does not draw a distinction between private citizens/corporations and state actors/corporations.

To answer your question:

Huawei has been a cornerstone of the UK's telecoms infrastructure for nearly twenty years, and in order to gain its foothold committed to allowing GCHQ full access to its codebase (HCSEC)[2]. The stipulation from Britain's intelligence community was that Huawei must not be allowed to have a monopoly position, or even a significant market share beyond a certain level.

I am not familiar with the specific technical reason that Huawei at 70% vs. Huawei at 40% of the UK's telecoms infrastructure would represent a disproportionate increase in risk, but I believe it is likely to be related to resource constraints -- fuck me guys, GCHQ is having to actively monitor and review the code deployed across a double-digit % of our telecoms infrastructure from the starting position of "this is provided by a bad actor"! -- and the doomsday scenario that Huawei's position of market dominance would drive competition down, resulting in a choice to either have e.g. 7G with Huawei, or not at all (7G is a fictitious example, but you see my point).

The UK is balancing the very real ongoing nightmare of monitoring Huawei's involvement in UK telecoms with the fact that it's a cheap, high quality supplier, and the fact that our closest allies -- the United States -- have been on a warpath over Chinese intelligence gathering since long before Obama put the kibosh on China acquiring Aixtron in Germany for national security reasons. Oh, and we want to get a trade deal out of the US in the near future.

The risk:reward for Huawei is at a point where it's no longer sustainable. Phasing its removal from our infrastructure will smooth our relationship with our closest ally, reduce our reliance on a Chinese state manufacturer, and reduce the workload on our signals analysts in GCHQ.

[1] https://www.theguardian.com/us-news/2020/feb/11/crypto-ag-ci...

[2] https://assets.publishing.service.gov.uk/government/uploads/...

Because it will be obsolete and 6G will be the new hotness in seven years.

I think we just passed peak production in europe last year, i highly doubt we will be able to afford more energetically expensive devices anytime soon without overexploiting shell oil.

One reason explained here https://news.ycombinator.com/item?id=23831435

That is exactly what BT have been saying. Moreover they rightly point out that losing access to software updates due to US sanctions is a security risk in its own right too.

>That's newsworthy because it's unusual: western states are typically limited to publicly lobbying their corporations for backdoor access, or working around things like end-to-end encryption

Isn't this contradicted by secret courts approving NAS warrants, loopholes like meta-data can is legal to collect, digital data is considered different that data you have on paper in your home etc. If CIA, NSA has some judge approval to ask Apple access to someone data and keep it secret do you think Apple(or Google) can challenge the secret orders?

What if a judge produces soem secret order so Apple and Google provide full access to everything do you think some manager or developer will make this public and suffer a fait similar or worse as Snowden? IMO we people in the west we sometimes forget how corrupt people in power are and how exceptions to laws and constitution can be found when national security is mentioned.

Sorry, I'm not sure I understand what point you're making with this link.

The link states that Sir Andrew Parker (head of MI5) doesn't believe that the inclusion of Huawei in UK telecoms infrastructure will have a negative impact on the UK's relationship with the US.

The US has been emphatic that it could: https://www.bbc.co.uk/news/technology-51581095

This is why the free press and personal liberty are vital components of most western civilisations: they act as a release valve for the sort of behaviours you talk about.

What you are broadly driving at is the necessity for many areas of intelligence gathering and espionage to be invisible to the public eye. There is necessarily a strong tradition of civilian oversight of intelligence agencies in nearly every democracy. For example, in the UK, domestic intelligence is overseen by the Home Secretary, the Intelligence and Security Parliamentary Committee, and the Investigatory Powers Tribunal.

Needless to say, a free press, whistleblowers, and civilian oversight do not exist in China.

The masks normal people need to wear aren’t the same masks that medical staff need to wear — the former mainly stop you infecting others, the later keep you safe from others.

I agree, and I am not trying to say West and China are the same - the point I am struggling to make is that we might not have it as good as we think and there are many things hidden from us. How many time we see old documents released where US or other government was doing crazy shit - I mean is insanity to think that for some reason they stopped doing same level of insane stuff.

I seen a video a few months back about US military considering internet as a new area of war and considering how to engage in such war , it is clear that not only China is trying to push their propaganda but the others are doing a similar thing (again I am not trying to say is the exact same thing just trying to prevent everyone focusing too muc in one direction and not noticing what is happening behind their backs at home)

Heh, they should reverse engineer the devices and do their own software firmware.

I think I understand what you mean now - thanks for taking the time to explain it.

I understand your position to be that in the US (I'll use the US as an example but it's broadly interchangeable with any western democracy), privacy violations and acts of espionage which are directionally similar to those occurring in China do take place, and whilst you acknowledge that they are not as bad, you draw equivalence between the surreptitiousness of both.

I think the point is a meaningful one. Much of the content of the PRISM presentations was worrying because it made very clear the extent to which the US government has expanded its intelligence-gathering in the last few decades.

Introducing a point like this into a discussion focusing on China might seem like 'whatabouttery' to many people ("X is bad, but what about Y?"). On paper, NSA and CIA overreaching could have similar consequences (or even look identical) to Chinese state sponsored espionage, but provided there are avenues for whistleblowers and a free press, the two are not equatable.

> the point I am struggling to make

Your English is very good, and I enjoyed talking to you.