The headlines keep screaming about Huawei and the threats it poses to the Western world.
This includes allegations of a company culture that promoted stealing trade secrets.
This was detailed in a 2019 U.S. Department of Justice indictment against Huawei, and now a 2020 Huawei and affiliates indictment.
But in most of the coverage, helpful information was missing.
We're talking about the unique details of the Huawei indictments that every organization can learn from. They paint a picture of how far China will go to steal intellectual property.
What does the U.S. indictment accuse Huawei of doing?
As a level set, the case relates to Huawei's multi-year efforts to steal trade secrets of T-Mobile's "Tappy" robot. The robot was a proprietary device that simulated humans rapidly using mobile phones to test for problems and glitches before they hit the market.
T-Mobile allowed Huawei limited access to use "Tappy" to improve its devices starting in
But that wasn't enough for the Chinese telecom giant. The indictment lays out a multi-year effort to steal and recreate Tappy because of the market advantage it was giving T-Mobile at the time.
By the way, access to T-Mobile's Tappy lab was very tight: you needed special badges and no pictures of any kind were allowed. Two Huawei USA engineers had that access.
8 ways Huawei spied and lied at T-Mobile
- Huawei China puts constant pressure on U.S. engineers to send back proprietary information.
"Huawei China engineers continued to task Huawei USA employees with determining the technical specifications of the Tappy robot, despite having been made aware that T-Mobile was unwilling to disclose confidential technical information about Tappy. For example, in an email sent on September 10,
2012from Huawei China's Director of Device Testing Department: 'The main point is to figure out the [Tappy] Robot's specifications and functions. These are the benchmarks of products developed by ourselves.'"
- Huawei USA employees send details of the Tappy robot back to China and secretly take photos of the device—along with a warning in 2013. "On January 7, 2013, R.Y. sent an email to J.Y. and other Huawei China engineers emphasizing: 'Once again, we CAN'T ask TMO [T-Mobile] any questions about the robot. TMO is VERY angry the questions we asked.
Sorrywe can't deliver any more information to you.'"
- Huawei USA engineers were under such pressure to spy for corporate that they repeatedly suggested sending someone from Huawei China to complete the IP theft mission. An email to Huawei China in April 2013:
"First of all, I am glad that HQ R&D has been continuing to improve HUAWEI robot system. Based on the test on [T-Mobile phone] we do see a big difference of test results between TMO robot and Huawei robot. I think we have a lot of work to improve our robot performance. The difference between the two is not only the hardware but also (most importantly) the software. TMO has
spendmuch more money on software than hardware. Once again, we can't get any further information about the TMO robot system from TMO. They have complained to us a lot about this because we asked them too many questions of the robot based on HQ's request. TMO said to me that if we ask them again such questions, they don't allow us to use their robot Lab. TMO has set up a security system by putting camerainto the robotLab. I think everyone knows what this means.... We can't provide any further information to HQ because we can't get anything from TMO. Once again, I suggested HQ to send an engineer to TMO for a hands-on experience playing the robot system. I believe this would give HQ robot team a huge benefit in understanding robot system from hardware and software, as well as operation."
- Huawei China sends
engineerto T-Mobile lab in Seattle to continue reconnaissance. An email to his Huawei USA contact spelled out the goal for the mission: "For the mechanical arm issues, go to the [T-Mobile] laboratory and reconnaissance and obtain measurement data." The engineer took photos and sent back information, but two days in a row was removed from the lab and then banned by T-Mobile for improper access.
- Huawei gets desperate as T-Mobile starts catching on: With the engineer from Huawei China removed from the Tappy lab two days in a row because of improper access, T-Mobile suspends Huawei employee access to the Tappy lab in May 2013. It agrees to make an exception, however, for one Huawei USA engineer to complete Tappy testing on a final remaining Huawei phone that is in the release pipeline. This turns out to be a costly mistake.
- Huawei engineer steals proprietary property: On May 29, Huawei USA engineer A.X. accessed the laboratory, placed a Tappy robot arm into his laptop bag, and left. A.X. initially falsely denied taking the robot arm, but then later claimed he had found it in his bag. A.X. described the incident a "mistake" and offered to return the part. Before he returned it the next day, the indictment says another Huawei USA engineer "took measurements of various aspects of the robot arm, including of the end tip of the conductor stick and took photographs of the robot arm." These
weresticking points in the development of the Huawei robot. He sent these photos and information back to Huawei China.
- Huawei USA then tried to cover up the intellectual property theft, as it issued a 23-page "Investigation Report" authored by its Chief Legal Counsel for Labor and Employment and its Executive Director of Human Resources. The report purported to summarize the findings of an "internal investigation." That investigation concluded the Huawei USA employees were "two individuals who acted on their own" and who "violated our Company's policies and thus they were both terminated for cause."
- Huawei offers employees bonuses for stealing intellectual property: As denials about the IP theft continued... "On July 10, 2013, Huawei China launched a formal policy instituting a bonus program to reward employees who stole confidential information from competitors.... A 'competition management group' was tasked with reviewing the submissions and awarding monthly bonuses to the employees who provided the most valuable stolen information. Biannual awards were also made available to the top three regions that provided the most valuable information. The policy emphasized that no employees would be punished for taking actions in accordance with the policy."
The indictment makes clear that companies who work with Chinese partners should be very cautious about unusual behaviors or questions of a proprietary nature.
What about Huawei and cybersecurity and 5G?
When it comes to the cybersecurity of Huawei's products and whether it should be allowed to build the world's 5G networks, China's ambassador to Britain wrote an op-ed last year in The Telegraph saying we should not worry about it:
"Recently, it seems it is all the rage for Western governments and media to call Chinese companies a 'security threat.' This has caused needless anxiety and even led to a ban in some countries on companies such as the Chinese telecommunications business Huawei. However, such accusations are groundless and misleading."
Interestingly, leaders recently announced Huawei Can Help Build the UK's 5G Network...Sort Of.
Podcast episode: Can you trust Huawei?
And at SecureWorld Seattle, we interviewed Andy Purdy, Huawei USA's Chief Security Officer.
During our podcast interview, he discussed the negative publicity around Huawei, the lack of trust many cite when talking about the company, and what he thinks is needed when it comes to supply chain security.
"I think the approach has to be you don't ask people for trust. We need to have mechanisms in place, and they exist, where you don't need to trust anybody. Because the mechanisms are in place to make sure we have an objective and transparent basis to know that we're going to be okay."
Listen to the podcast and then decide for yourself: Can we trust Huawei?