Trump’s Huawei ‘Reversal’ Means Nothing – Yet

WASHINGTON: This weekend, President Donald Trump gave the world whiplash once again, pledging to lift the ban he himself imposed just last month on US sales to Chinese tech giant Huawei, which relies on imported American components for many of its products. But four independent experts all tell me that the president’s off-the-cuff declaration has zero impact on what US companies actually can and cannot sell to Huawei until the Commerce Department comes up with formal rules.

(A ban on US firms buying from Huawei remains in effect, with some short-term exceptions for American companies that can’t function without the Chinese tech).

What’s more, Trump’s declaration has a huge loophole that officials can use to ban, in effect, any sale they object to grounds of national security. Since Trump’s top advisors are hardliners on China and see Huawei as an instrument of Chinese cyber espionage — the reason for the ban in the first place — that’s a loophole they’re likely to use.

Trump made his statement in a conciliatory mood after meeting with Chinese leader Xi Jinping on the sidelines of the G-20 summit in Osaka. It’s worth noting that the Chinese have made no official response, suggesting they’re as skeptical as my sources that things will change.

China hawks like Sen. Marco Rubio immediately denounced the gesture and promised to pass legislation reversing Trump’s reversal, as they did earlier when he imposed, then lifted restrictions on Chinese firm ZTE. But sources agreed that Trump’s statement, in itself, doesn’t create any real changes that Congress needs to worry about — at least, not yet.

Trump vs. the Trump Administration

“My understanding is that we are today where we were Friday,” said one expert who asked to remain nameless. “Commerce has been given no guidance to proceed. My guess is nothing will change until the general license to sell” — a key legal document — “expires next month. That will be an action-forcing incident.”

But what kind of action will it force? Trump’s gesture to Xi puts him at odds with tough talk from his own National Security Advisor, John Bolton; his Secretary of State, Mike Pompeo; and many other officials, who would have to actually implement any changes to the ban.

So here’s the huge loophole: Trump himself has said he still won’t let US companies sell anything to Huawei that might end up threatening US national security. But how do you define that?

“In imposing restrictions on Huawei, [Trump] wants to be able to separate out what impacts national security … from what does not,” said Bryan Smith, an intelligence expert and Huawei critic now at George Mason University in Virginia. “Trying to even parse that out and make that distinction shows how he thinks about Huawei differently from his national security advisors, who see the company in totality as a threat…It’s essentially inseparable in their minds.”

That’s just not an attitude problem, it’s a practical problem for actually implementing any change in policy, Smith said. “It’s going to be a challenge for Commerce and the national security community,” he said, to make any kind of systematic distinction between Huawei products and services that do threaten US national security and ones that do not. Define “security” and “threat” expansively enough, and any Huawei technology on any network could potentially serve as a foothold for Chinese hackers targeting a critical US interest.

The problem isn’t just China’s theft of US trade secrets, said John Demers, who heads the Justice Department effort to counter Chinese cyber-espionage, hacking, and related crimes. It’s the permeation of Chinese products into widely-used networks on which the US economy and, ultimately, national security, rely. The same backdoors that make it possible to steal data from a network also make it possible to disrupt its functioning or shut it down.

“When we look at Huawei and 5G… we’re really talking about access to the data and the integrity of communications systems especially in times of crisis,” Demers said at a Defense One tech conference here in Washington on Thursday, just two days before Trump’s meeting with Xi. “What would be the ability of the Chinese government to affect our telecommunications infrastructure if we did get into a conflict with China?”

The US can’t secure its data and network connections now, added Bill Evanina, Director of the National Counterintelligence and Security Center. Moving to faster 5G networks — where Huawei is currently the world leader — will only make problems harder to catch.

“We don’t understand, as a society… the ability to disrupt the data, stop the data flow, manipulate the data flow,” Evanina said at the Defense One conference. “All of those capabilities are real and exacerbated by a thousand times in a 5G network.”

“Huawei is a big issue,” he added, “but to me that’s just a symptom of a bigger problem — it’s the Communist Party of China, [which] controls all businesses and people in the country of China.”

Trump’s sanguine attitude towards Huawei clashes with that of not only his own officials, but of independent experts. Consider a report released last week by private cybersecurity company Finite State, which found that Huawei devices sold worldwide averaged 102 security vulnerabilities each, a third of them severe.

Yes, many companies do a poor job securing their so-called embedded devices, Finite State CEO Matt Wyckhouse told me in an interview, but Huawei is extreme. “It’s not uncommon to see … 20 to 30 known vulnerabilities in something, but they’re all of a low score,” he said, meaning a hacker can’t easily exploit them to take over the device. “Having a 100 and having 25-30% being [severe] vulnerabilities is real high.”

“Gauging intent is virtually impossible,” Wyckhouse said: You can’t tell by looking at weak points in the code whether they were created out of malice or incompetence. But in terms of security, he told me, “these are some of the worst devices we’ve ever tested.”

Decisions & Revisions

With so many alarms sounding about Huawei, Trump’s unexpected concession to China — while in keeping with his unpredictable negotiating style — baffled and even alarmed many observers.

“Companies are really scratching their heads,” said Smith. “They were already scrambling with the total ban and now they don’t know what the guidelines are for the new [partial] ban.”

“I am just back from Beijing and honestly confused myself,” said Elsa Kania, a leading expert on Chinese cyber warfare and AI at the Center for a New American Security.

Given the Chinese company’s inability to manufacture many of the components it now buys from the US, Kania said, “there have doubts and intense concerns about whether Huawei could survive a full ban, despite its bravado, and this latest announcement does seem to provide a critical reprieve for the company.” But, she added, “the real question is how this so-called reprieve will impact the actual implementation of the addition of Huawei to the Entity List” — the legal document defining bad actors cut off from US tech.

“It certainly feels like it is shifting sands,” acknowledged intelligence agency veteran Nick Eftimiades, “but that also appears to be by design.” Trump’s unpredictable changes are a negotiating tactic, he argued, one that seems to be working.

If you look closely at what actually happened in Osaka, “the president has brought China to the negotiating table while making no commitments on the future of Huawei,” Eftimiades told me “He can define ‘national security’ — now and in the future — any way he wants. He can accept or reject Huawei depending on China’s behavior.”

Not only does Trump’s promise have no actual effect until Commerce implements it,” Eftimiades continued, but it also has that glaring loophole: No sale is permitted if “it presents a significant threat to national security,” he noted. “Six months from now, that could mean anything.”

Kania and Smith, however, were less sanguine about Trump’s latest swerve. “The inconsistency of US policies and statements on Huawei has undercut American strategic interests in 5G, which will require getting U.S. allies and partners aboard,” Kania said.

“Pompeo and Bolton have done a near masterful job in dealing with the president’s improvisation on foreign policy and national security, keeping the apparent air-gaps minimized between what the official policy is and what the president’s actions are,” Smith told me. “This one is going to challenge them.”