A report published by the Washington Post on Monday charged China’s telecom giant Huawei with secretly helping North Korea create and maintain its wireless network, possibly in violation of U.S. bans on the delivery of sensitive electronic equipment to the isolated Communist regime in Pyongyang.
Another report from Czech Republic media accused the company of secretly harvesting personal information about its Czech customers.
The Washington Post report was based on documents leaked by an alleged former Huawei employee and the testimony of several people familiar with the eight-year secret partnership between Huawei and China’s state-run Panda International Information Technology company.
According to the documents, Huawei set up a special code name to reference shipments to North Korea instead of explicitly naming it. Similar code names were established to conceal Huawei’s involvement with other rogue regimes like Syria and Iran.
The result of this clandestine work was the creation of a functional 3G wireless network in North Korea. According to a Monday article by watchdog group 38 North, this “Koryolink” system was every bit the totalitarian surveillance nightmare one might imagine:
North Korea’s two-tier telephone network is well documented and classifies two types of subscribers: Domestic users can call other domestic subscribers but not place international calls or access the internet, while international users can make calls to anywhere in the world except domestic numbers and access just about any website except those on the state intranet. This firewall between domestic and international users is one of several methods used to control the flow of information. What is less known is that on Koryolink there is a third level of subscriber: the “special user.”
The very small group of “special users” were top North Korean Communist officials whose phones were protected against eavesdropping with a powerful encryption system. Everyone else was subjected to a monitoring system that grew as the network expanded.
38 North said this is where Huawei’s expertise proved invaluable to Pyongyang because the Chinese telecom corporation was able to test the encryption system and ensure it did not disrupt overall Koryolink network performance.
One of the leaked documents was a presentation in which Huawei laid out the design for a “legal interception gateway” that would enable the North Korean police state to monitor hundreds of phone calls and data sessions simultaneously, with plans to expand that capability as more phones were added to the network. Another set of meeting notes suggested Pyongyang wanted equipment that could be used to prevent North Koreans living near the Chinese border from using Chinese cell phones and networks.
“In the years following the launch, even greater security measures were developed to expand control systems beyond the network level to the handset level as well. For instance, smartphones were built to block the installation of unapproved apps, and software was installed to take random screenshots to record what people are doing on their phones,” 38 North noted.
Since Huawei uses numerous American-made components in its phones, shipping equipment to North Korea would likely have violated U.S. export controls.
Huawei’s response to the Washington Post report was a statement emailed to various media outlets in which the company insisted it has “no business presence” in North Korea and complies with “all applicable laws and regulations in the countries and regions where we operate, including all export control and sanction laws and regulations of the U.N., U.S., and EU.” Skeptics noted the statement said nothing about previous business ties with North Korea.
The South China Morning Post reported Tuesday on another “bombshell allegation” against Huawei by Czech Republic public radio, which accused the company of secretly harvesting personal information about “customers, officials, and business partners”:
Citing two former Huawei managers who spoke on condition of anonymity, the radio network said Huawei required them to enter the data into computer systems that “is only managed by Huawei headquarters in China”, according to AFP.
The personal information gathered included a number of children, hobbies and the financial situation of designated subjects, it added.
In a statement, Huawei said the accusations made against the company in the AFP report are completely unsubstantiated.
“Huawei has never worked with any intelligence-gathering operations whether from the Chinese embassy or any other organization,” it said. “The way Huawei processes user data in the Czech Republic is in full compliance with all applicable Czech and EU laws.”
The SCMP noted that the Czech Republic and Poland are the “most vocal critics” of Huawei within the European Union and the Czech National Cyber and Information Security Agency found Huawei telecom equipment to be a threat to state security, essentially concurring with U.S. intelligence appraisals.
Senators Tom Cotton (R-AR) and Chris Van Hollen (D-MD), among the leading U.S. critics of Huawei, swiftly responded to the Washington Post piece on Huawei and North Korea with a joint statement:
At every turn, we learn more and more about what a malign actor Huawei is. This new revelation underscores its ties to North Korea and its serial violations of U.S. law. That’s why we must pass our legislation to tackle the growing national security threat posed by Huawei’s efforts to dominate the 5G market.
We must also move forward with the National Defense Authorization Act, which contains provisions to better enforce sanctions on Pyongyang by making it clear that any company that does business with North Korea – like Huawei reportedly did – will face American sanctions.
The 2020 National Defense Authorization Act (NDAA) has become controversial among Republicans because the House version of the bill was bulked up with liberal sweeteners to win Democrat votes. It passed the House two weeks ago 220-197, with no Republicans voting in favor.