Huawei link to China carries risk in Safe City Malta project, says US official

One of the United States’ highest officials on cyber affairs has suggested that the use of Huawei’s technology for Malta’s ‘Safe City’ video surveillance project, could see the data used being transmitted back to Beijing.

Robert Strayer, the US deputy assistant secretary for cyber and international affairs, told MaltaToday that data used in the kind of technology adopted for Safe City “would be a cause for concern because that data could end up back in places such as Beijing where it would not be used for the purposes that we want… [and be] exploited for authoritarian purposes.”

Strayer used as an example the surveillance technology employed by China within its own borders to assign social credit scores, surveil the movement of people, and identify who they are interacting with.

Malta signed a memorandum of understanding with Chinese company Huawei for its testing of 5G networks in Malta, as well as to set up a ‘Safe City’ surveillance system modelled on similar solutions deployed in Europe and Africa.

But privacy concerns so far have ruled out the use of facial recognition CCTV, and according to Safe City Malta director Joe Cuschieri, Safe City will be employing an advanced video surveillance technology that detects changes in the visual atmosphere to signal the possibility of an act of crime or unrest.

Cuschieri, who is also the executive chairman of the Maltese financial regulator, however, dismissed Strayer’s concerns as just one of many opinions on Huawei, a company suspected of being connected to the Chinese government.

Robert Strayer, US deputy assistant secretary for cyber and international affairs

“Whilst everyone has a right to his or her opinion, I prefer not to comment. This project is going through design and risk considerations before it is implemented. Based on our risk assessment so far, and the design and security architecture, we have no reason to believe that data can be exploited for authoritarian purposes,” Cuschieri said.

Malta’s Safe City CCTV system is expected to be deployed in ‘crime prone’ villages, such as Paceville.

Cuschieri said that the Maltese government and Huawei have already cooperated together under an MOU on innovative technologies and knowledge transfer in “Safe City applications in experimental lab conditions, and not in public spaces.”

“The implementation of public space advanced surveillance in Paceville and other places in due course is a different matter. It will involve various hardware and software technologies, some of which may be Huawei technology re-used from the previous phase. Such providers of technology, including Huawei, would be suppliers to Safe City Malta Ltd,” he said.

Cuschieri said any public space surveillance will go through all necessary legal and regulatory processes. Key steps will include a Data Protection Impact Assessment and necessary approvals from the data protection commissioner. “We will not put the cart before the horse. The DPIA will be presented to the IDPC by the Data Controller in due course when the project reaches that stage,” he said.

The United States is raising international concerns over Huawei, a 5G vendor which it suspects has “unchecked or extrajudicial control” by China, and which could be used to conduct espionage, or disrupt critical services provided by the 5G network.

The use of 5G – the fifth generation of wireless technology – will be transformative for society, providing up to 100 times faster connections than 4G networks. Most importantly, 5G will enable new critical infrastructure services that will power autonomous vehicles and transportation, and automated manufacturing.

A significant cause for concern are a number of Chinese laws that compel their companies to cooperate with intelligence and security services without independent judicial controls

“A significant cause for concern are a number of Chinese laws that compel their companies to cooperate with intelligence and security services without independent judicial controls,” Strayer said in an interview this week with the press.

The US has prohibited the federal government from using services provided by Huawei or ZTE or other high-risk companies.

“We think that a true assessment of technologies that are being provided such as by Huawei that contain, as the United Kingdom just found, hundreds of vulnerabilities in their software, would, over the long term, be potentially more costly than other alternative vendors that come from Finland or Sweden or South Korea,” Strayer said.

The United Kingdom, through their Huawei oversight board report, has also noted hundreds of vulnerabilities and systemic engineering problems with Huawei technologies. 

The US is alerting all EU countries that putting Huawei or other untrustworthy vendors in any part of the 5G telecommunications network is a risk, even at the edge of a network. “Having potentially compromised equipment and software provided by vendors in any part of that network is an unacceptable risk,” Strayer said.

He said that should countries like the UK allow Huawei into their 5G network, the US would “re-assess how we are sharing information with those countries to ensure that we are protecting the information that we are sharing with them.”

However, no single European country has gone ahead and banned Huawei.

Strayer said that what European countries should put forth are security practices into their consideration of 5G networks.

“Over time if principles related to the influence of third-party countries are embodied in the European Commission recommendation… that should lead inevitably to the ban of companies that are subject to the type of control that they are in China.”

As recently as March, the European Commission issued a recommendation that countries rolling out their 5G as a security consideration should think about other non-technical factors like the model of governance and the track record of the country where the vendor is located.

Huawei and the Chinese Government have repeatedly denied US allegations that Huawei equipment poses a security risk, claiming that the US has not offered any concrete evidence. 

China has been accused of using data to assign social credit scores, to then conduct surveillance against citizens, and use that information for the incarceration of over a million Uighur Muslims into re-education camps.