WASHINGTON — How big a risk does the Chinese company Huawei pose to the security of global communications networks?
For the U.S. government, the answer is an unacceptable one. The Trump administration argues Huawei should be banned from playing a part in building next generation superfast 5g wireless networks.
But some of America's closest allies — and even some American intelligence officials — don't see it that way. That long simmering disagreement burst into the open Tuesday with the announcement by Britain that Huawei would be allowed to play a limited role in that country's 5g network, dealing a blow to the Trump administration effort to isolate the company.
The decision by the British government to defy U.S. warnings underscores the deep divisions among intelligence officials and security experts here and abroad about how best to secure a technology that promises to transform the internet.
U.S. intelligence officials have been raising concerns for years about the potential for Huawei to use its network access to spy, or worse, to shut down communications in the event of a cyber war. But their British counterparts have long believed the dangers posed by Huawei are overblown — and can be overcome.
"We know this company better than you do, and we believe the risks are manageable," said a British official who requested anonymity because he wasn't authorized to speak on the matter.
Some American officials agree, though their views put them at odds with the official position of the Trump administration.
"I think that the most alarmist view is a like a black and white cartoon, and it really doesn't have to be that way," said a former senior official at the National Security Agency who consults with the U.S. intelligence community
"It would be really hard for Huawei to do some of these nefarious things, and we can take simple and prudent steps to prevent it," said the official, who requested anonymity because he isn't authorized to speak on the matter.
British and some American officials have said that Western countries need to prepare to secure so-called "dirty networks" — and they point out that China is already hacking and infiltrating communications networks built by non-Chinese firms.
The difference, many American intelligence officials argue, is that Huawei would be required to comply with a Chinese government request to spy on customers or manipulate networks. But their critics point out that American firms such as Google, Apple and Verizon, also must comply with American national security orders to spy on foreign customers.
Huawei has become the dominant provider of 5g equipment worldwide, and no U.S. company is a close competitor. A 5g network would improve mobile phone internet browsing, but its real value is in communications among devices, experts say. It could enable, for example, networks of self-driving cars.
In announcing the decision, the U.K. government didn't mention Huawei by name, but said that so-called "high risk vendors" will have access to no more than 35 percent of the network, excluding "core" elements of the country's telecoms infrastructure.
"The government has reviewed the supply chain for telecoms networks and concluded today it is necessary to have tight restrictions on the presence of high risk vendors," Digital Secretary Baroness Morgan is quoted as saying in the statement. "This is a U.K.-specific solution for U.K.-specific reasons and the decision deals with the challenges we face right now."
Victor Zhang, Huawei's vice president, said in a tweet that the company was "reassured by the U.K. government's confirmation that we can continue working with our customers to keep the 5G roll-out on track."
A senior Trump administration official responded, "The United States is disappointed by the UK's decision. There is no safe option for untrusted vendors to control any part of a 5G network. We look forward to working with the UK on a way forward that results in the exclusion of untrusted vendor components from 5G networks."
Some U.S. security experts say Britain is making a huge mistake.
"What's next — will the UK decide to buy voting machines from Russia?" said Dmitri Alperovitch, a cybersecurity executive who consults frequently with U.S. intelligence agencies. "For very good and obvious reasons Western countries have long ago decided not to procure tanks and fighter aircraft from potential adversary countries such as China and Russia. Buying key infrastructure in the digital domain — critical telecommunications infrastructure to which all of our physical infrastructure will connect in the near future — from these countries is similarly myopic."
Matthew Green, a cryptographer, security technologist and associate professor of computer science at the Johns Hopkins Information Security Institute, said on Twitter of the British decision, "They're insane."
In an interview, he pointed out that someone managed to install a backdoor into software running on the firewalls of Juniper Networks, a company whose equipment is a feature of the American internet.
"For years, nobody caught it," he said. "I don't think China is putting any back doors in software today. But what about when Huawei is ubiquitous and there is a real cyber conflict? If I told you that 35 percent of the steel in your building might melt, can you be sure your building will remain standing?"
But British officials argue that Huawei will have business motivations not to harm its customers. They also say they will closely watch Huawei — including through eavesdropping and spying, if need be — to insure that the company is not behaving maliciously.
Other European countries, including Germany, may follow the UK's path, dealing a further setback to the American goal of freezing Huawei out of Western 5g networks, wrote James Andrew Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington.
"The United Kingdom is gambling that the 'special relationship' is special enough to withstand the fallout from the decision and, frankly, that the Trump administration is too distracted by impeachment to act against it," Lewis wrote in a blog post.