A study of the employment information of thousands of Huawei staff has revealed deeper links with the Chinese military and intelligence apparatus than those previously acknowledged by China’s biggest telecom equipment maker.
The findings are likely to add fuel to the debate among governments around the world over whether to block Huawei’s gear from the rollout of 5G telecoms networks for security reasons.
The research was conducted by Christopher Balding, a professor at Fulbright University Vietnam, and researchers at the Henry Jackson Society, a UK think-tank. Trawling through a database of leaked Chinese CVs, they found Huawei employees who appeared to be simultaneously employed by institutions affiliated with the Chinese military, others who previously worked in areas related to hacking or telecom monitoring, and still more who described their work at Huawei as linked to the Ministry of State Security (MSS), an entity involved in cyber warfare and network penetration.
Prof Balding identified one Huawei employee who describes himself as a “representative” of the MSS at Huawei and claims to have worked on “building lawful interception capability into Huawei equipment”.
The researchers suggest that this employee could have been involved in the alleged installation of backdoors — clandestine access points that could allow eavesdropping on sensitive communications — in a Vodafone network in Italy a decade ago that was first reported earlier this year.
Vodafone has denied that there was a backdoor that could have given Huawei unauthorised access to its network, arguing the vendor had just forgotten to remove a function used during developing the gear. Both Vodafone and Huawei said the issue was fixed at the time.
The study’s findings could not be independently confirmed because Mr Balding is not sharing the database and describes in concrete terms only three profiles which he has edited to protect the individuals’ identities and prevent the research from being replicated by others.
Huawei said that in a preliminary investigation it had “not been able to verify any of these so-called ‘Huawei Employee CVs’”. The company added it welcomed professional and fact-based reporting on investigations into its transparency. “We hope that any further research papers will contain less conjecture when drawing their conclusions,” it said.
Elsa Kania, an expert on Chinese military innovation in emerging technologies and military-civil fusion in China — the practice in the country of close cooperation between the military and civilian entities on technology, called Mr Balding’s paper a very valuable contribution, but added it was inconclusive in some respects.
The paper, an initial evaluation of a trove of 200m CVs including those of more than 25,000 Huawei employees, does not prove that the company is helping the Chinese state spy on western governments or companies — a risk US and Australian intelligence officials say arises from China’s record of cyber espionage and the technical possibilities of 5G.
But the research is likely to further stir the debate over Huawei as US government officials wrangle with industry after Washington blacklisted Huawei earlier this year. Decisions are also looming in several EU member countries, including the UK, on how to mitigate the security risks in 5G networks.
“Huawei has gone to great lengths saying they have no links with the Chinese military and security institutions,” said Prof Balding. “The narrative they spin is false — military connections quite clearly run deep.”
In a statement emailed on Sunday, Huawei said job candidates with military or government backgrounds were required during the hiring process to provide documentation proving that they had ended their relationships with the military or the government.
“Huawei conducts background checks and provides pre-job training [on cyber security and privacy protection] for employees who will access customer networks and data,” the company said. “Huawei requires all such employee operations be authorized and monitored by the customers.”
Separately, Bloomberg last week revealed several joint research projects conducted by Huawei employees with institutions affiliated with the People’s Liberation Army, prompting Huawei to respond that it did “not have any R&D collaboration or partnerships with PLA-affiliated institutions”.
Samuel Armstrong, the lead HJS researcher working on Prof Balding’s database, said several of the personnel files examined directly contradicted that claim. One of the profiles reviewed contains the claim that the Huawei employee worked on a server operating system project led by a unit of the PLA’s National University of Defence Technology, and that the employee would report on the project to his department manager at Huawei.
Prof Balding said while it was not uncommon for large companies in the telecom industry to hire former police or military officials, the Huawei files suggested links going far beyond that. “It was quite easy to find people that hold dual appointments,” he said.
However, analysts said the systemically close ties documented in the study reflected a pattern far beyond Huawei.
Ms Kania said such sharing or co-ordination of personnel across defence and commercial research activities was consistent with China’s national strategy for military-civil fusion.
“These patterns are not entirely unique to Huawei, and it is not unusual for other high-tech enterprises to hire personnel who are the graduates of military universities or have experience in military research,” she said. “However, this latest research contributes to the broader pattern of facts that indicates reasons for concern about Huawei’s opaque connections to the Chinese military and intelligence.”