China Will Use Huawei to Spy Because So Would You

Calder Walton

19-24 minutes

Boris Johnson’s government announced Tuesday that it would block the Chinese telecommunications giant Huawei from Britain’s next-generation cellular 5G network. A review by Britain’s National Cyber Security Centre (NCSC) had concluded that recent U.S. sanctions imposed on Huawei would make it impossible for Britain to use its 5G technology.

But apart from such technical questions, the underlying question about Huawei equipment—whether it poses a threat to British national security—deserves far more attention. Previously, the NCSC assessed that Huawei’s risk could be mitigated by limiting its access to the “periphery” of Britain’s 5G network while shielding its sensitive “core.” It is reassuring that Britain’s signals intelligence service, GCHQ, which the NCSC is part of, has investigated Huawei since it first entered Britain’s broadband network years ago and has not to date detected any evidence of malicious Chinese state cyberactivity through Huawei.

Absence of evidence, however, should not be interpreted as evidence of absence—or intent. In fact, there is a long history of all kinds of governments exploiting commercial communication companies to collect foreign intelligence in bulk to further their interests and protect their national security. The British and U.S. governments have themselves been previous perpetrators of such exploitation—and victims.

Uncovering this history is inherently difficult, as it involves some of the most closely guarded secrets in modern history, but newly opened intelligence archives now make it possible. They show that London and Washington previously brokered covert agreements with communication companies to rig their hardware to give code breakers easier access to material whenever they believed doing so advanced their national interests.

Together, this history offers a clear message: It would be naive to expect the Chinese government not to exploit Huawei hardware on Britain’s 5G network for intelligence collection.

British cadets practice Morse code on one of the model ships built for training at the Nautical Training School at Heswall, Cheshire, on Dec. 3, 1936.1500×750 608 KB

British cadets practice Morse code on one of the model ships built for training at the Nautical Training School at Heswall, Cheshire, on Dec. 3, 1936. Arthur Tanner/Fox Photos/Getty Images

Bulk eavesdropping

Throughout history, leaders found ways to intercept and read private communications of adversaries—from steaming open postal letters to intercepting telegrams, telephonic communications, and now those passed over the internet. As communication technologies developed, so did corresponding interception methods. In 1902, Guglielmo Marconi made history by sending the first wireless radio message across the Atlantic. That same year, the great British imperial writer Rudyard Kipling wrote a prophetic essay, “Wireless,” in which he described “eavesdropping” on communications sent by Morse equipment. Although Kipling’s story was what today would be called science fiction, it soon became reality.

Twelve years later, on the outbreak of World War I, Britain imposed emergency legislation, the Defence of the Realm Act, which allowed for mass interception of postal and telegraph communications. This turned Kipling’s idea of eavesdropping into a real-world industrial enterprise. One of the first acts undertaken by the British government at the start of hostilities in August 1914 was secretly to cut German cables. At the time, Britain had the most advanced undersea telegraph cable system in the world, spread out across its vast empire. In an act of what today would be called strategic information warfare, as soon as war was declared, Britain launched a coordinated attack to cut German undersea cables across the world, from Hong Kong to Gibraltar to those running under the English Channel. According to a secret history of wartime censorship—a polite term for eavesdropping—Britain’s strategy was to deprive Germany of its outside communications and force communications from German cables onto British-controlled wires, where they could be collected and decrypted. During the war, 180 British censors at U.K. offices read 50,000 messages each day, with another 400 censors working in 120 stations overseas. Britain also cut trans-Atlantic cables that came ashore in Cornwall—the same place where, a century later, Edward Snowden revealed that British and U.S. intelligence were tapping fiber-optic internet cables crossing the Atlantic.

As well as bulk collection of cable communications of their wartime enemies, Germany and the Central Powers, British code breakers also collected cable communications of neutral countries, which before 1917 included the United States. That year, the Royal Navy’s code-breaking section, Room 40, broke the Zimmermann Telegram, a message sent from German Foreign Minister Arthur Zimmermann suggesting an alliance between Germany and Mexico against the United States. Room 40 obtained the telegram by reading not German but U.S. cables, which carried the enciphered German communication. British intelligence then passed the telegram to U.S. officials but deceived them about how they obtained it, devising a cover story that it came from a human agent, or “spy.”

The Zimmermann Telegram was made public in March 1917 and was central in bringing the United States into World War I on the side of Britain and France. There are few more significant examples of the direct impact that bulk collection of foreign communications and code-breaking had on international relations. By helping to bring the United States into the war, British code breakers indelibly advanced U.K. national interests.

A cryptogram published by the code breaker Herbert Yardley in the Saturday Evening Post in 1931.1500×921 374 KB

A cryptogram published by the code breaker Herbert Yardley in the Saturday Evening Post in 1931. U.S. National Security Agency

America’s Black Chamber

After World War I, the U.S. government created its own code-breaking department, the Black Chamber. Its head, Herbert Yardley, brokered a secret—and illegal—agreement with U.S. telegraphic companies, such as Western Union, to obtain copies of telegrams entering into and going out of the United States. The agreement, which Yardley personally orchestrated with Western Union’s president, Newcomb Carlton, involved a messenger calling at its Washington office each morning, who then took copies of cables to the Black Chamber and returned them to Western Union before the day’s close. In his later sensational account of its work, Yardley claimed that that Black Chamber “sees all, hears all. … Its sensitive ears catch the faintest whisperings in the foreign capitals of the world.”

The reality was different. As the 1920s moved on, White House administrations paid less and less interest to its activities, believing that eavesdropping was morally grubby and unworthy of resources. When Herbert Hoover became president in 1929, he appointed Henry Stimson as secretary of state, whose well-advertised insistence on high moral standards in public affairs set him on a collision course with the Black Chamber. When he discovered what it did, Stimson closed it down, famously claiming that gentlemen should not read each other’s mail. As a result of Stimson’s decision, the U.S. government faced tactical and strategic threats in the 1930s without the benefit of a dedicated, independent signals intelligence agency, while America’s foreign adversaries showed no such gentlemanly restraint when it came to reading U.S. mail.

If Stimson had allowed the Black Chamber to continue its un-gentlemanly work, hoovering up cable traffic through shadowy agreements with cable companies, it is likely the United States would have been better informed about the strategic threats it faced in the 1930s. Stimson himself eventually became President Franklin D. Roosevelt’s war secretary—and, ironically, became one of the chief consumers of Japanese wartime decrypts obtained by U.S. code breakers.

Left: The machine room in Hut 6 of Bletchley Park, the British forces’ intelligence center during World War II, in 1943. Right: Photos from a GCHQ file of the Enigma code-breaking machine.1500×750 621 KB

Left: The machine room in Hut 6 of Bletchley Park, the British forces’ intelligence center during World War II, in 1943. Right: Photos from a GCHQ file of the Enigma code-breaking machine. SSPL/Fiona Hanson/PA Images via Getty Images

Enigma: industrial espionage

The story of Britain’s bulk collection of German communications during World War II, and its impact on the Allied war effort, is now well known. The German military used Enigma machines to encipher its communications, which comprised a keyboard and scrambler rotors encoding a message in billions of ways, making it effectively unbreakable. However, by exploiting weaknesses and a captured German code book, code breakers at Bletchley Park built a machine that successfully cracked the Enigma cipher. Thereafter Bletchley was able to decrypt German communications on an industrial scale. By 1943, it was decrypting 3,000-4,000 messages per month.

While Bletchley Park’s wartime achievements are now well known, its postwar history is far less understood. A major reason why British intelligence was determined to keep the achievements of Bletchley Park, known by the code name “Ultra,” secret after 1945 was because British colonies were using Enigma machines to encrypt their communications. In fact, at the end of the war, British authorities gathered thousands of German Enigma machines and gave them to British colonies, insisting they were necessary for securing communications. Having seized the wartime Enigma cipher, communications of those colonies using Enigma machines were easy prey for Bletchley’s postwar successor, GCHQ.

The British government also convinced colonial governments that GCHQ should manufacture ciphers for them after independence. This happened in the Gold Coast, a British colony in West Africa, which in 1957 became the first colony in sub-Saharan Africa to gain independence. GCHQ officials visited the colony, undercover, and reached a secret agreement with its government-in-waiting that they would manufacture cipher pads for Ghana (as the Gold Coast was renamed after independence) because of the vast expense involved. Unfortunately, declassified records do not expressly set out what happened thereafter, but it is reasonable to conclude that, having manufactured the country’s cipher hardware, Ghana’s communications were effectively open books for GCHQ.

Bulk collection through rigged hardware allowed the British government to advance its interests in the Cold War. A major strategic question that both London and Washington needed answering was whether colonial states seeking independence from Britain in Africa, and elsewhere, would align with the Soviet Union in the Cold War. High-level British intelligence assessments about the Soviet or communist threat in those colonies were persistently nonalarmist, calming policymakers’ fears in London and Washington. Code words stamped across the top of those British intelligence reports, such as “UMBRA,” indicate they were derived in part from signals intelligence—doubtless obtained from compromised Enigma machines or rigged cipher pads that Britain manufactured.

An NSA office on Nov. 6, 1968.963×482 302 KB

An NSA office on Nov. 6, 1968. U.S. National Security Agency

Bulk collection: Shamrock

In the postwar years, as the Cold War set in, Britain’s and America’s signals intelligence agencies, GCHQ and the National Security Agency (NSA), continued with wartime bulk interception projects. They did so through secret—and illegal—agreements with major U.S. cable companies. In an operation code-named “Shamrock,” U.S. military signals intelligence (the NSA’s predecessor), assisted by GCHQ, brokered an under-the-table agreement with three major U.S. cable companies—Western Union, RCA Global, and ITT World International—to provide daily copies of all cable traffic crossing their wires entering and exiting the United States. The companies did so for “patriotic reasons,” understanding they were helping U.S. national security. Like the Black Chamber’s earlier arrangement with Western Union, Shamrock involved NSA couriers calling at the cable companies’ offices in New York, Washington, and San Francisco each day to get microfilm copies of cable traffic. When those companies switched to using magnetic tapes in the 1960s, the NSA set up an office in New York to duplicate tapes and keep copies for itself. At its height, Shamrock seems to have involved 150,000 messages printed and analyzed by the NSA each month. In another iteration, code-named “New Shamrock,” the NSA tapped teleprinter and other communication links of between 60 and 70 foreign embassies in the United States.

Little is known in the public domain about Shamrock’s actual impact on U.S. national security or statecraft. According to the NSA’s long-serving deputy director, Louis Tordella, Shamrock “just ran on” since its beginnings in World War II, “without a great deal of attention from anyone,” and actually “wasn’t producing very much of value”—which raises the question why it was operating. The Church Committee, investigating abuses by U.S. intelligence in 1975, exposed Shamrock, concluding that it was “probably the largest government interception program affecting Americans ever undertaken.” Its exposure led to the passing the Foreign Intelligence Surveillance Act (FISA) of 1978, designed to restrict interception of communications of U.S. citizens, whose successor legislation continues to be scrutinized by Congress. However, the principle established by Shamrock persisted after it was closed down: Communication companies remained willing to collude with U.S. intelligence in schemes they suspected were illegal.

A sticker featuring the fugitive NSA whistleblower Edward Snowden—partially reading “asylum”—is seen on a Berlin street on May 26, 2014.2259×1506 2.8 MB

A sticker featuring the fugitive NSA whistleblower Edward Snowden—partially reading “asylum”—is seen on a Berlin street on May 26, 2014. ODD ANDERSEN/AFP via Getty Images

Internet bulk collection

The digital revolution unfolding today is fundamentally changing the nature, scope, and scale of government bulk collection of communications. In doing so, it is also changing the nature of intelligence itself. However, the underlying principles of exploiting communication companies in order to collect intelligence remain the same today as in the past. In order to find a needle in a communication haystack, it is necessary for states to own that haystack.

Unlike their past projects, the NSA and GCHQ have not achieved their bulk collection programs in the internet age through shadowy agreements brokered with communication companies but instead through legislation allowing it. The NSA’s bulk collection program of telephone call metadata (information about calls, not their underlying content) has been achieved through Section 215 of the USA Patriot Act. In 2017, the NSA used it to collect a staggering 534 million telephone calls and text message records. A corresponding bulk collection program, under Section 702 of FISA, targets internet communications of foreigners outside the United States. In Britain, GCHQ used antiquated and obscure legislation to carry out its bulk collection programs before they were exposed by Snowden, a former NSA contractor.

Contrary to claims made at that time and since, their bulk metadata collection programs were not “mass surveillance,” which suggests persistent observation. In reality, as a U.S. intelligence transparency report after Snowden’s disclosures reveals, although the NSA collected a vast number of telephone calls and text message records, these have resulted in remarkably few specific queries about “known or presumed U.S. persons.” As in the past, their bulk collection programs appear to have protected British and U.S. national security. An independent inquiry into Britain’s bulk collection program revealed that it contributed to British counterespionage, counterterrorism, counternarcotics and counter-human trafficking. In fact, it appears that it was through bulk collection that GCHQ first identified (and thwarted) a Russian hacking group, Fancy Bear, attempting to meddle in Britain’s 2015 general election; Fancy Bear then went on to conduct hacking operations during the 2016 U.S. presidential election.

More recently, however, the NSA’s bulk collection program has attracted criticism, including the agency’s deletion of three years of collected data in June 2018. Reporting suggests that the NSA’s vast collection program under Section 215 may no longer be worth the effort.

Pedestrians use their cell phones near a Huawei advertisement at a bus stop in central London on April 29, 2019.1500×1000 942 KB

Pedestrians use their cell phones near a Huawei advertisement at a bus stop in central London on April 29, 2019. TOLGA AKMEN/AFP via Getty Images

Brave new world

Suspicions about governments using new communication platforms to spy are wider than China and Huawei: Kaspersky Lab’s anti-virus software is thought to have links to Russian intelligence; an Emirati messaging app, ToTok, is apparently used by Emirati intelligence; and the Chinese government is thought to be exploiting the wildly popular social media platform TikTok. It is impossible to believe that China’s one-party state, in which no entity is truly independent, would not be able to exploit Huawei hardware if it desired, just as British and U.S. intelligence did with earlier communication hardware. In fact, under China’s National Intelligence Law of 2017, companies are required to cooperate with intelligence activities if requested. If the Chinese government ordered it, Huawei would be obliged to act in a harmful way to Britain.

Britain’s cyber-experts previously suggested that it was possible to draw a distinction between “edge” and “core” in a 5G network, keeping the latter beyond the reach of Chinese eavesdroppers. Others have argued that in a 5G “virtualized” network, distinctions between the core and edges are blurred, thereby enhancing threats even at the periphery.

But even if China’s exploitation of Britain’s 5G network is relegated to its periphery, the intelligence rewards for Beijing—and the weakening of British national security—may still be substantial. Hitherto, states have conducted espionage and sabotage in the physical world, but today they are doing so in cyberspace.

Huawei’s presence on Britain’s 5G network could allow Beijing to conduct economic espionage, stealing British intelligence property passing over its network. It could also collect ostensibly nonsensitive bulk data on British citizens, which may inadvertently reveal precisely the kinds of activities that the British government wants kept secret—the work of its defense, security, and intelligence services. For example, Chinese data scientists could use a rapidly developing methodology called “social network analysis,” which reveals nonobvious relationships between places and people, for intelligence targeting against Britain. With its foot in Britain’s 5G door, such analysis may expose Britain’s security and intelligence activities to Beijing.

Then there is the potential for Chinese cybersabotage. Beijing could use Huawei equipment to disrupt or take down Britain’s telecommunications network during an international crisis or as part of a cyberattack—flipping the kill switch for British communications, much as Britain did German communications in 1914. The true scale of the threat posed by 5G Huawei hardware becomes clear when we consider how it could be combined with billions of internet-enabled devices, sensors, and gadgets in households, offices, and infrastructure, most of which are unsecured and whose owners may not even know are networked. They would effectively constitute billions of hidden backdoors into British society.

The British and U.S. governments should know from their own history the value of secret deals with communication companies, and rigging their hardware, to collect intelligence. There is no reason why Beijing would not find similar value from Huawei. During the coronavirus pandemic, we are all now living virtualized Zoom lives, which makes a lightning-quick 5G network even more appealing. At the same time, as we all move to inhabit a cyberworld, it is also more important than ever not to forget about threats from before the pandemic.

If Huawei were a Russian, not a Chinese, company, would Britain ever have considered allowing it into its 5G network? The answer is surely “no.”