Europe follows UK’s lead on Huawei

The EU is recommending risk mitigation rather than outright banning in its latest 5G security advice to members.

For some reason the army of eurocrats that will have been involved in the drafting of these guidelines decided they need to be referred to as a toolbox. The purpose of this seems to be to emphasise the flexible nature of the new 5G security rules and to try to exaggerate the amount of autonomy member states have from their Brussels masters.

Absent from this toolbox, however, are a pair of scissors that could be used to cut ties with all ‘high risk’ (i.e. Chinese) telecoms vendors entirely. Nowhere that we can see do the words ‘Huawei’ or ‘China’ appear in this otherwise well-stocked toolbox, which seems to be a diplomatic concession. The closest we get is vague talk of ‘country-specific’ considerations.

“We can do great things with 5G,” said Margrethe Vestager, EVP for a Europe Fit for the Digital Age. “The technology supports personalised medicines, precision agriculture and energy grids that can integrate all kinds of renewable energy. This will make a positive difference. But only if we can make our networks secure. Only then will the digital changes benefit all citizens.”

“A genuine Security Union is one which protects Europe’s citizens, companies and critical infrastructure,” said Margaritis Schinas, VP for Promoting our European Way of Life. “5G will be a ground-breaking technology but it cannot come at the expense of the security of our internal market. The toolbox is an important step in what must be a continuous effort in the EU’s collective work to better protect our critical infrastructures.”

“Europe has everything it takes to lead the technology race,” said Thierry Breton, Commissioner for the Internal Market. “Be it developing or deploying 5G technology – our industry is already well off the starting blocks. Today we are equipping EU Member States, telecoms operators and users with the tools to build and protect a European infrastructure with the highest security standards so we all fully benefit from the potential that 5G has to offer.”

Some of those ridiculous job titles are just downright embarrassing and clear evidence of the complacent, navel-gazing leviathan the EU has become. Nonetheless they’re not too proud to wait for their most loathed soon-to-be ex-member to make its move before they do. There seems to be little in this toolbox that doesn’t echo the recently announced UK approach, including keeping high risk vendors out of the core.

So once more the US has failed to get its own way on Huawei. It’s starting to look like Trump has seriously overplayed his hand by insisting on an outright ban and, unless he wants to cease meaningful cooperation with the whole of Europe, will need to find some kind of face-saving climb down. Having said that, who is going to notice if the US fails to deliver on its threats?

Europe urges UK to call Trump’s bluff on Huawei

EU Trade Commissioner Phil Hogan doesn’t reckon US President Trump will follow through on threats to suspend intelligence cooperation with the UK.

During an interview with UK former EU Trade Commissioner Peter Mendelson, long-time senior Eurocrat Hogan was repeatedly asked about the impact of Trump’s trade and security policies. Most of the interview (below) is taken up with Mendelson’s interminable questions and Hogan’s tutting about protectionism and Trump in general, but there were occasional highlights.

Principal among them from a telecoms perspective was Hogan’s assertion that he reckons the Trump administration is bluffing when it threatens the UK with estrangement from the Five Eyes anglophone intelligence alliance if it allows Huawei gear into its 5G network.

“I think that’s a bit of sabre-rattling,” said Hogan (15:30). “I don’t think that will actually happen at the end of the day. I think everybody has an interest in making sure that we’re safe and secure and I think that the United States, at the end of the day, you can call their bluff on that one.”

Hogan may be right but it’s questionable how wise it is to openly goad Trump in this way, who may now feel tempted to follow through on the threat just to teach him and the EU a lesson. Furthermore, if you take the US position at face value, sharing intelligence with an ally that has allowed Huawei into its 5G network will make it less safe and secure. So while Hogan’s assessment may have been accurate at the time he made it, he may yet come to regret taking such a supercilious public attitude towards the US

 

Germany wants to dictate EU policy on 5G and China

German Chancellor Merkel has surprised nobody by calling for all member states to do what the EU tells them when it comes to 5G policy.

“One of the biggest dangers… is that individual countries in Europe will have their own policies towards China and then mixed signals will be sent out,” said Merkel in the German parliament, according to a Reuters report. “That would be disastrous not for China but for us in Europe.”

OK Angela, we hear you. It’s not called the European Union for nothing, right? What kind of a union would it be if everyone went around thinking for themselves eh? So the next step should be to get all the member states together to thrash out a common position, perhaps in European parliament, which seems tailor-made for the job.

Sadly not. It looks like Merkel would rather it was left to Germany and France to decide on the policy, which could then be rubber-stamped by the European parliament and become a directive for everyone else. It’s actually quite refreshing to see such an open admission that the EU is essentially a Franco-German project that the other member states should feel grateful to be allowed to participate in.

Since Germany and France have already decided not to ban Chinese vendors from their 5G networks, Merkel is essentially saying she doesn’t want any other countries upsetting the Chinese by excluding them. She doesn’t seem to say why it would be disastrous for Europe not to do what Germany tells it, but since that’s implicit in the whole concept of the EU she presumably thought it redundant.

Europe wants Facebook to implement its censorship requests globally

A new ruling by the EU Court of Justice seems to compel social media companies to enact EU censorship demands even outside of its jurisdiction.

The judgment was made on the case of Eva Glawischnig-Piesczek v Facebook Ireland, in which the Austrian Green Party politician seeks to force Facebook to remove content that she feels is harmful to her reputation and anything that sounds a bit like it. The court was asked to interpret the Directive on electronic commerce and concluded it doesn’t prevent member states from imposing the following on ‘host providers’, which seems to mean all social media platforms and maybe beyond.

  • To remove information which it stores, the content of which is identical to the content of information which was previously declared to be unlawful, or to block access to that information, irrespective of who requested the storage of that information;
  • To remove information which it stores, the content of which is equivalent to the content of information which was previously declared to be unlawful, or to block access to that information, provided that the monitoring of and search for the information concerned by such an injunction are limited to information conveying a message the content of which remains essentially unchanged compared with the content which gave rise to the finding of illegality and containing the elements specified in the injunction, and provided that the differences in the wording of that equivalent content, compared with the wording characterising the information which was previously declared to be illegal, are not such as to require the host provider to carry out an independent assessment of that content (thus, the host provider may have recourse to automated search tools and technologies);
  • To remove information covered by the injunction or to block access to that information worldwide within the framework of the relevant international law, and it is up to Member States to take that law into account.

In other words, if an EU member state decides a bit of online content should be censored, there’s nothing stopping it legally compelling internet platforms to remove it and anything its algorithms consider to be similar to it on a global basis. This seems to put enormous power of censorship in the hands of EU claimants who can afford to litigate.

“This judgment has major implications for online freedom of expression around the world,” said Thomas Hughes, Executive Director of free speech campaign group Article 19. “Compelling social media platforms like Facebook to automatically remove posts regardless of their context will infringe our right to free speech and restrict the information we see online. The judgment does not take into account the limitations of technology when it comes to automated filters.

“The ruling also mean that a court in one EU member state will be able to order the removal of social media posts in other countries, even if they are not considered unlawful there. This would set a dangerous precedent where the courts of one country can control what Internet users in another country can see. This could be open to abuse, particularly by regimes with weak human rights records.”

As calls for censorship mount, the global policing of speech on the internet is becoming impossibly convoluted. Will the EU now seek to punish Facebook, or whoever, if a bit of content it doesn’t like is accessible somewhere outside of its jurisdiction, and if so how? What if courts in the other country take a different view? As ever the only solution is to not censor in the first place.

Poland signs agreement with US to shore up 5G security

The US and Poland signed an agreement on 5G security, effectively barring Chinese companies from participating in building 5G networks in one of the largest markets in central Europe.

The agreement was signed by Mateusz Morawiecki, the Polish Prime Minister, and Vice President Mike Pence during his visit to Warsaw in place of President Trump, who stayed behind to deal with the expected landing of Hurricane Dorian. The presidential visit was made to commemorate of the 80th anniversary of Hitler’s invasion of Poland.

The two parties of the agreement pledged to protect “these next generation communications networks from disruption or manipulation and ensuring the privacy and individual liberties of the citizens of the United States, Poland, and other countries is of vital importance.”

When it comes to supplier selection, the agreement says, “we believe that all countries must ensure that only trusted and reliable suppliers participate in our networks to protect them from unauthorised access or interference.” Though it does not name China or Huawei, the criteria listed for “rigorous evaluation” read almost tailor-made for this purpose.

Specifically, suppliers should be evaluated on: whether they are controlled by a foreign government and subject to independent judicial review; whether they have a transparent ownership structure; whether they have a track-record of ethical corporate behaviour; and whether they are “subject to a legal regime that enforces transparent corporate practices”.

Other US officials were more straight-forward. “We recognize 5G networks will only be as strong as their weakest link,” said Marc Short, Pence’s chief staff, in a statement quoted by Associated Press. “We must stand together to prevent the Chinese Communist Party from using subsidiaries like Huawei to gather intelligence while supporting China’s military and state security services – with our technology.”

Poland has been one of the more vocal European countries calling for a ban on Huawei, especially after a Huawei employee was arrested charged for spying. The country’s officials had called for a coordinated NATO-EU action. But with any EU-wide 5G security measures not expected to be in place by October and member states given another year to test the measures, Poland looked to the US for a faster solution. The two countries have strong cultural ties. “Nearly 10 million Americans trace their heritage to Poland”, according to Pence.

The Polish officials had conceded that they lack legal tools to ban Huawei from the country’s private sector. This agreement would deter such an interest from the privately-owned telecom companies.

The agreement would also be a significant step for the US to get Europe, including the UK, on board its battle with China and with Huawei. Pence called it “vital example for the rest of Europe on the broader question of 5G.”

Huawei suspected of decade long relations with North Korea – report

The Washington Post has obtained internal documents showing the Chinese vendor and its partners have been working with North Korea’s national mobile operator for over a decade.

A former Huawei employee turned whistle-blower has passed on the documents to the newspaper, which has had them translated into English and shared on GitHub. The two spreadsheets are project logs of Huawei’s business in the China region, which covers North Korea (codenamed A9 inside Huawei). Details include project name, project status, account, country, internal business units, etc.

Huawei and its partners (for example Panda (Beijing) International Tech Limited, Xiamen Baoxin Supply China Co) are shown to have undertaken multiple projects for Koryolink, North Korea’s only mobile operator. The files recorded the latest initiated project with Koryolink took place in 2016, and the latest uninitiated project with the North Korean operator was logged in 2017.

The Washington Post reported that North Korea started building the mobile operator after the late Kim Jong Il (father of current leader Kim Jong Un and son of the country’s founder Kim Il Sung) visited Huawei in 2006. The operator was then set-up as a joint-venture between the Egyptian company Orascom Telecom Holding and North Korea’s Post and Telecommunications Corp. The newspaper claims it has also obtained additional files, not shared externally, that corroborate the case, with Huawei’s internal social network discussion records. Huawei is also allegedly to have developed a special encryption system for “special users” in North Korea.

At the time of writing Huawei has not responded to Telecoms.com’s request for comment, but its spokesperson denied to The Washington Post the company has any business presence in North Korea, though he does not deny the authenticity of the files. The spokesperson also claimed that “Huawei is fully committed to comply with all applicable laws and regulations in the countries and regions where we operate, including all export control and sanction laws and regulations”.

The timing of the report can be tricky for multiple parties. For Huawei, while the litigation in the US related to its business in Iran is still ongoing, the exposure of its long-term business relations with North Korea could become another roadblock to its efforts to be de-listed from the US Entity List. However, if Huawei had used other Chinese companies to ship equipment to North Korea, as was reported, it might have a case to argue that it has not dealt with a country under US sanction directly, which is different from the Iran case, where it is accused to have used its own subsidiary. But there are also cases, in particular system integration and software development projects, where Huawei has direct links. It would potentially need detailed investigation to determine whether American technology has been involved.

For the US it is also a precarious period. President Trump met CEOs from seven US technology companies on Monday, when he promised that the Department of Commerce would respond promptly to the license requests for Huawei sales. Afterwards, when asked about the North Korea report, the President said he will need to explore the issue. A further twist is the President has repeatedly claimed that he and the North Korean leader Kim are good friends.

For the UK and the European Union, the rather concrete case of Huawei’s link to North Korea would undoubtedly lend more weight to the argument that the company should be excluded from the construction of 5G networks, citing security concerns.

Most EU countries complete 5G national risk assessments

24 out of the 28 EU member states have completed 5G risk assessments at national level, laying the groundwork for an EU-wide assessment by October.

The project was launched in March, when the Commission (the administrative branch) responded to the Council’s (the heads of state or government) expectations to see a “recommendation on a concerted approach to the security of 5G networks”. According to the Commission’s statement, the assessment should be conducted on three main areas:

  • the main threats and actors affecting 5G networks;
  • the degree of sensitivity of 5G network components and functions as well as other assets; and
  • various types of vulnerabilities, including both technical ones and other types of vulnerabilities, such as those potentially arising from the 5G supply chain.

All member states were requested to complete the national assessment by the end of June. The Commission does not publish the names of the countries that have missed the deadline.

“The completion of the risk assessments underlines the commitment of Member States not only to set high standards for security but also to make full use of this groundbreaking technology,” Julian King, Commissioner for the Security Union, and Mariya Gabriel, Commissioner for the Digital Economy and Society, said in a joint statement.

“We hope that the outcomes will be taken into account in the process of 5G spectrum auctions and network deployment, which is taking place across the EU now and in the coming months. Several Member States have already taken steps to reinforce applicable security requirements while others are considering introducing new measures in the near future.”

The national assessments will feed into the pan-EU 5G risk assessment, led by the EU Agency for Cybersecurity (ENISA), tasked to be completed by 1 October 2019. By the end of the year, a toolbox to mitigate the risks identified at national and EU levels will be developed by the NIS Cooperation Group, the EU’s cross-agency identity responsible for cybersecurity. By 1 October 2020, member states are requested to undertake an evaluation of the effectiveness of the measures taken and determine whether further actions should be taken.

Meanwhile, ENISA will also take the lead to develop an EU-wide certification framework to cover 5G networks and equipment, which member states are encouraged to adopt.

Europe missing its ultrafast targets

With only 20% of European customers adopting broadband services over 100 Mbps, the European Commission is falling behind its own targets with six months to go.

While the targets are certainly ambitious, the European Commission has decided it would like to have 50% of all broadband customers across the bloc subscribing to 100 Mbps by 2020. With only 20% subscribing to an ultrafast service, it looks like it is becoming a big ask as we head towards the mid-point of the year.

There will of course be numerous reasons for a lack of adoption. Some will suggest the telcos are not deploying suitable infrastructure to enough people, while others will say they are charging too much. That said, a more sensible explanation is that irrelevant as to how cheap a 100 Mbps service is, it is still too much; why would a normal person need such speeds today? Without the applications, customers would be paying for redundant speed.

What is worth noting is that connectivity is improving on the whole. The availability of ultrafast broadband has increased to 60% across Europe, up from 57% in 2017, while there have been gains on the mobile side as well. The DESI Report claims that 4G coverage is now almost universal in European homes, while rural coverage is also increasing.

Vodafone Germany tries to placate regulators via wholesale cable deal with Telefónica

Telefónica Deutschland will be able to sell services that run on the combined Vodafone and Unitymedia cable network in Germany, as a remedy measure taken by Vodafone to satisfy EU’s competition concern over its proposed acquisition of Liberty Global.

The two companies announced that they have entered into a definite “cable wholesale agreement” in Germany, whereby Telefónica Deutschland will offer its customers broadband services that use both the Vodafone fixed network and that of Unitymedia. The combined networks cover 23.7 million households and represent a significant upgrade to whatever Telefónica Deutschland customers are currently getting.

“The cable agreement will enable us to connect millions of additional households in Germany with high-speed internet in the future,” said Markus Haas, CEO of Telefónica Deutschland. “By adding fast cable connections, we now have access to an extensive infrastructure portfolio and can offer to even more O2 customers attractive broadband products – including internet-based TV with O2 TV – for better value for money.”

Vodafone’s plan to acquire Liberty Global in Germany (where it trades under the brand Unitymedia), the Czech Republic, Hungary, and Romania, has run into difficulty at the European Union, which raised competition concerns at the end of last year. The Commission was particularly worried that the combined business would deprive the consumers in Germany of access to high speed internet access, and the OTT services carried over it. Vodafone expressed its confidence that it would be able to satisfy the Commission’s demand. Opening its fixed internet access to its competitor is clearly one of the remedies. Also included in the remedy package Vodafone submitted to the Commission was its commitment to ensure sufficient capacity is available for OTT TV distribution.

“Our deal with Liberty Global is transformational in many ways. It is a significant step towards a Gigabit society, which will enable consumers & businesses to access the world of content & digital services at high speeds. It also creates a converged national challenger in four important European countries, bringing innovation & greater choice,” said Nick Read, CEO of Vodafone Group. “We are very pleased to announce today our cable wholesale access agreement with Telefonica DE, enabling them to bring faster broadband speeds to their customers and further enhancing infrastructure competition across Germany.”

Vodafone believed the remedial measures it put in place should sufficiently reassure the Commission that competitions will not suffer after its acquisition of Liberty Global. The company now expects the Commission to undertake market testing of the remedy package it submitted, and to give the greenlight to the acquisition deal covering the four countries by July 2019. It plans to complete the transaction by the end of July. The merger between Vodafone’s and Liberty Global’s operation in The Netherlands was approved by the EU in 2016.

Europe approves new internet rules designed to rein in Amazon and co

As part of the overall Digital Single Market programme, the European Parliament has voted to approve new regulations claiming to protect European businesses and consumers when using online platforms to trade.

The “Regulation on platform-to-business trading practices” has been almost two years in the making since the publication of a document titled “Online Platforms and the Digital Single Market: Opportunities and Challenges for Europe” by the European Commission in May 2016.

The EU executives were understandably happy with the passing of the new rules. “We are delighted by the overwhelming support to the new rules on online platforms’ trading practices among the members of the European Parliament. As the first-ever regulation in the world that addresses the challenges of business relations within the online platform economy, it is an important milestone of the Digital Single Market and lays the ground for future developments. Not only will it improve trust, predictability and legal certainty, it will also offer new and accessible options for redress and resolution of disputes between businesses and platforms,” said the official statement, jointly signed off by Andrus Ansip, the Commission’s Vice-President for the Digital Single Market, Elżbieta Bieńkowska, Commissioner for Internal Market, Industry, Entrepreneurship and SMEs, and Mariya Gabriel, Commissioner for Digital Economy and Society.

What drove the Commission to undertake such an initiative two years ago was the understanding that there is a lack of a redress mechanism when the European SMEs encounter problems when trading on the global platforms (companies singled out include Booking.com, Facebook, eBay, and Amazon), for example, “delisting without statement of reasons or sudden changes of Terms and Conditions”. The Commission has also assessed the effectiveness of legislative vs. non-legislative measures, but believed an EU-wide legislation is necessary.

The Regulation is aimed to achieve three main objectives as are outlined in the Impact Assessment Summary published a year ago:

  1. To ensure a fair, transparent and predictable treatment of business users by online platforms
  2. To provide business users with more effective options for redress when they face problems
  3. To create a predictable and innovation-friendly regulatory environment for online platforms within the EU

Although it has been approved by the European Parliament, the regulation still needs to be formally passed by the Council of the European Union, which represents the governments of the member states and can be roughly seen as another “chamber” of the union’s legislature. There is no definite timeline on when the Council will make the decision. However, by the reading of the press statement where the Commissioners thanked the member states “for their great efforts to reach a good compromise in a very short period of time. This is yet another positive development ahead of the upcoming European elections,” the Council may not be able to vote on it before the European Parliamentary election in May. After the final approval, the regulation will enter into force 12 months after it is published in the Official Journal.

This is the latest internet-related legislation the EU has made recently. On 15 April the Council passed the updated Copyright Directive “fit for the digital age”, which has proved controversial.  There are also legislation and regulation updates in member states. France has started levying 3% income tax on digital companies with sales in excess of €25 million in France and €750 million globally, without waiting for an EU-wide tax regime as part of the Digital Single Market. The UK, still an EU member state at the time of writing, has not only considered setting up a new regulator to oversee the digital world and started the consultation process of a “code of practice for online services” to protect children, but will also formally introduce the “porn block” on 15 July, which has been called “One of the Worst Ideas Ever” by some critics.