On March 28th, the Government Communications Headquarters (GCHQ), a British intelligence agency, released a report assessing that Chinese telecom company Huawei poses significant security risks to British telecom networks. It came to a similar conclusion last year. In this year’s report, specific focus was given to the fact that security risk management of products new to the UK or of new software releases for products already in the UK will be increasingly difficult.
These concerns are supported, most notably, by US lawmakers, who have argued that Chinese government involvement with Huawei will pose significant physical and intelligence threats to Western governments. A recent update to Chinese law, Article 28 of the 2016 Cybersecurity Law, which “states that network operators, which include telecommunications companies such as Huawei, have to provide “technical support and assistance” to government offices involved in protecting national security,” foretells that these fears may not be totally unfounded. American lawmakers are particularly concerned that Huawei and other companies would be compelled into turning over 5G data, thus compromising the data security of anyone utilizing 5G networks in Western countries, and even into embedding malicious code into new Huawei equipment and software updates.
Several close American allies, such as Japan, New Zealand, and Australia, have totally banned Huawei from partaking in 5G trials within their countries, while the United Kingdom, Canada, Italy, India, and Germany have considered similar bans, but have not yet acted. Troublingly, countries like Germany, India, the United Kingdom, and the United Arab Emirates seem unlikely to fully support US efforts to ban Huawei from 5G network development. The United Kingdom, despite identifying significant risks in Huawei networks both this year and last year, has continued to argue that hackers pose a more significant threat to networks than foreign governments and that the stated threats can be managed.
Huawei has not been silent in the face of these accusations. They commissioned a 37-page legal opinion by Zhong Lun, a Chinese law firm, which concluded that Chinese law cannot compel corporations to gather intelligence against the interests of their customers. Despite the reported soundness of this opinion, legal experts and advisers warn that a lack of legal testing makes it difficult to know exactly how insulated from Chinese government control and influence Chinese companies actually are. Some legal experts concluded that Huawei would have a very difficult time rejecting a request for data sharing from the Chinese government due to the nature of Chinese laws.
These concerns are further justified because there is no international legal framework for protecting corporations from the abuse of states. Although there are a multitude of corporate-focused treaties and agreements at the international level, including the ILO Convention No. 29 on Forced Labor, the International Covenant on Economic, Social, and Cultural Rights (ICESCR), and the ILO Declaration on Fundamental Principles and Rights at Work, these agreements impose obligations on states, not on companies. Further, corporations generally enjoy rights under international law only when rights are authorized through formal lawmaking processes such as international treaties or national statutes. As such, Huawei relies almost exclusively on the good will of the Chinese government to not coerce or misuse its systems. Conversely, other nations must rely almost exclusively on the assurances of Huawei and the Chinese government that they are not misusing the information networks that Huawei has developed.
Due to the absence of international legal standards, much of the fight over Huawei’s access to markets has taken place in national courts. This reliance on national-level courts has produced heavily disparate results between US and Chinese companies.
After the US blocked the purchase of Huawei equipment due to national security concerns, Huawei filed a lawsuit in the U.S. District Court in Texas which argued that the prohibition unfairly punishes the Chinese company without due process and without proof of an espionage threat to the United States. The Chinese government came out in support of this lawsuit almost immediately, saying it did not want to see the company “victimized like silent lambs”. Huawei also filed a notice of civil claim in the British Columbia Supreme Court in Canada in early March over the detainment of Meng Wanzhou, the daughter of the company’s founder. She had been detained at the request of US officials on allegations of subverting Western sanctions against Iran and participating in bank fraud and corporate espionage.
Somewhat hypocritically, the Chinese government has frequently banned US companies, quoting national security concerns, and these companies have never been able to bring lawsuits against the Chinese government. Apple, McAfee, Citrix, and Cisco were all dropped from official state purchasing lists in 2015, effectively banning the sale of their products within China. According to Zhang Lin, an independent Chinese economist and columnist, “It’s hard for a (Chinese) company to bring such an administrative lawsuit, even harder for a foreign company. It could be blocked in the first place when it tries to open a case”. Tellingly, not one of the previously mentioned Western companies has been able to sue the Chinese government.
This legal framework is clearly neither sustainable nor preferable. In a world in which corporations increasingly wield significant power in dictating security and connectivity across multiple regions and countries, there must be international assurances that those companies will not be weaponized by national governments.
Evan Schleicher is an Editorial Intern with the International Enforcement Law Reporter. He is also an MA candidate in Security Policy Studies at George Washington University’s Elliott School of International Affairs.