Poland signs agreement with US to shore up 5G security

The US and Poland signed an agreement on 5G security, effectively barring Chinese companies from participating in building 5G networks in one of the largest markets in central Europe.

The agreement was signed by Mateusz Morawiecki, the Polish Prime Minister, and Vice President Mike Pence during his visit to Warsaw in place of President Trump, who stayed behind to deal with the expected landing of Hurricane Dorian. The presidential visit was made to commemorate of the 80th anniversary of Hitler’s invasion of Poland.

The two parties of the agreement pledged to protect “these next generation communications networks from disruption or manipulation and ensuring the privacy and individual liberties of the citizens of the United States, Poland, and other countries is of vital importance.”

When it comes to supplier selection, the agreement says, “we believe that all countries must ensure that only trusted and reliable suppliers participate in our networks to protect them from unauthorised access or interference.” Though it does not name China or Huawei, the criteria listed for “rigorous evaluation” read almost tailor-made for this purpose.

Specifically, suppliers should be evaluated on: whether they are controlled by a foreign government and subject to independent judicial review; whether they have a transparent ownership structure; whether they have a track-record of ethical corporate behaviour; and whether they are “subject to a legal regime that enforces transparent corporate practices”.

Other US officials were more straight-forward. “We recognize 5G networks will only be as strong as their weakest link,” said Marc Short, Pence’s chief staff, in a statement quoted by Associated Press. “We must stand together to prevent the Chinese Communist Party from using subsidiaries like Huawei to gather intelligence while supporting China’s military and state security services – with our technology.”

Poland has been one of the more vocal European countries calling for a ban on Huawei, especially after a Huawei employee was arrested charged for spying. The country’s officials had called for a coordinated NATO-EU action. But with any EU-wide 5G security measures not expected to be in place by October and member states given another year to test the measures, Poland looked to the US for a faster solution. The two countries have strong cultural ties. “Nearly 10 million Americans trace their heritage to Poland”, according to Pence.

The Polish officials had conceded that they lack legal tools to ban Huawei from the country’s private sector. This agreement would deter such an interest from the privately-owned telecom companies.

The agreement would also be a significant step for the US to get Europe, including the UK, on board its battle with China and with Huawei. Pence called it “vital example for the rest of Europe on the broader question of 5G.”

Juniper pays $11.7m to make SEC bribery investigation go away

Networking vendor Juniper has never admitted or denied it participated in any activities related to bribery, though apparently its bank accounts were simply too full to continue.

The details of this investigation are complicated and nuanced, though the over-arching accusation is simple. The Securities and Exchange Commission accused Juniper of improperly reporting accounts and allowing a subsidiary to continue a practice which smells incredibly similar to bribery.

To conclude the investigation, Juniper has paid the SEC $11.7 million. This is not an admission of guilt from the firm apparently, it has apparently decided to reallocate $11.7 million because it is innocent and would not consider any form of bribery.

The fact that the government agency will stop a bribery investigation after receiving the funds is perhaps a pleasant after-effect.

While this would appear to be the end of the saga, there are some relatively suspect elements to consider. This extract from the ‘Cease and Desist’ document is an interesting one to ponder.

“From 2009 to 2013, local employees of Juniper China paid for the domestic travel and entertainment of customers, including foreign officials, that was excessive and inconsistent with Juniper policy. Certain local Juniper China marketing employees falsified agendas for trips provided to end-user customer employees. These falsified trip agendas understated the true amount of entertainment involved on the trips.”

Another interesting claim is the approval process. Juniper requires approval from its legal department to justify and validate such entertainment expenses, though marketing and sales employees sought approval after the events took place, painting the legal team into a corner.

The period in question took place between 2009 and 2013. It had been going on for an undisclosed period of time prior to 2009, though this was the time in which senior managers at Juniper were alerted to the practice.

At JNN Development Corp., a Russian subsidiary of the Juniper Group, secret discounts were discussed with third-party channel partners. These discounts were not passed onto customers, instead, funnelled into nefarious accounts. These funds were used to fuel corporate entertainment, much of which undermined the Juniper anti-bribery policies.

Managers were alerted to the presence of these funds, as well as the opaque practices and bread crumb trails which were left behind, in 2009. Some effort was made to discourage the practice, though the SEC deemed this was not sufficient, and the nefarious activities continued for another four years through to 2013.

“Juniper failed to accurately record the incremental discounts and travel and marketing expenses in its books and records and failed to devise and maintain a system of internal accounting controls sufficient to prevent and detect off-book accounts, unauthorized customer trips, falsified travel agendas and after-the-fact travel approvals,” the SEC has stated.

As with every slippery corporate firm around the world, Juniper will not admit fault, though apparently it had exactly $11.745018 million to ‘donate’ to the SEC to make the investigation go away.

China reportedly warns India not to ban Huawei from 5G

China has told India not to exclude Huawei from its upcoming 5G trials, or Indian businesses will face retaliations, Reuters reports.

Quoting its “sources privy to internal discussions in New Delhi”, the news agency Reuters reported that the warning shots of “reverse sanctions”, should India ban Huawei from its 5G business under pressure from the US, were fired when the Indian Ambassador was summoned to the Foreign Ministry.

India will start trialling 5G in the coming months but has not selected the vendors yet. Ravi Shankar Prasad, the telecom minister, told the parliament earlier that Huawei was one of the vendors that have submitted proposals, though he did not name the others.

“On the issue of Chinese enterprises participating in the construction of India’s 5G, we hope the Indian side makes an independent and objective decision, and provides a fair, just and non-discriminatory commercial environment for Chinese enterprises’ investment and operations, to realize mutual benefit,” said the spokesperson of China’s foreign ministry in a statement sent to Reuters. “Huawei has carried out operations in India for a long time and has made contributions to the development of Indian society and the economy that is clear to all.”

Like all obscure diplomatic parlance, the statement said less than what is left unsaid. However, the stress on “independent” is a clear message that India should calculate its own gains and losses when making the decision, independent of US pressure.

When it comes to security, the parliamentary committee tasked to evaluate the vendors has not found evidence to suggest that Huawei has comprised the security in its current business in India, according to Reuters’ sources.

Similar to the difficult choice the post-Brexit UK has to make, siding with the US or siding with China, when it comes to how to deal with Huawei, India is also caught in the cross fire of the trade war, and its situation is arguably trickier. The US is India’s most important trade partner and the country the Modi government (which has just won the general election with an enlarged majority) desperately would love to be on good terms with.

China, on the other hand, closer to home but is a much smaller trading partner, though a few of India’s leading companies (Tata, Infosys, etc.) do have a limited presence. Meanwhile, the world’s two most populous countries share a long border and do not always see eye to eye. In 2017 there was a two-month long army standoff in a disputed area between the two countries.

While our expert suggested that a way out for the UK could be a government mandated multi-vendor policy, a similar idea was devised by the Indian National Security Advisory Board (NSAB). But instead of asking the telcos to deploy equipment from more than one vendor, the NSAB experts suggested that, if the telcos choose to use Huawei hardware, then the software “to drive equipment” should be Indian-made. This may look reasonable on paper, but since 5G is so heavily software reliant, it is hard to predict how the demarcation will be drawn.

Apple and Google suspend some of their eavesdropping

Two of the world’s leading voice assistant makers pulled the plug on their respective analytics programmes of Siri and Google Assistant after private information including confidential conversations were leaked.

Apple decided to suspend its outsourced programme to “grade” Siri, by which it assesses the voice assistant’s response accuracy, following reports that private conversations are being listened to by its contractors without the users’ explicit consent. The company committed to add an opt-out option for users in a future update of Siri. It also promised that the programme would not be restarted until it had completed a thorough review.

“We are committed to delivering a great Siri experience while protecting user privacy. While we conduct a thorough review, we are suspending Siri grading globally,” the Cupertino-based iPhone maker told The Guardian. “Additionally, as part of a future software update, users will have the ability to choose to participate in grading.”

This is in response to the leak that was first reported by the British broadsheet, which received tipoff from whistle-blowers. The paper learned that contractors regularly hear private conversations ranging from dialogues between patients and doctors, to communications between drug dealers and buyers, with everything is between. These could include cases when Siri has triggered unintentionally without the users’ awareness.

The biggest problem with Apple’s analytics programme is that it does not explicitly disclose to consumers that some of Siri recordings are shared with contractors in different parts of the world who will listen to the anonymous content, as a means to improve Siri’s accuracy. By not being upfront, Apple does not provide users with the option to opt out either.

Shortly before Apple’s decision to call a halt to Siri grading, Google also pulled the plug on its own human analysis of Google Assistant in the European Union, reported Associated Press. The company promised to the office of Johannes Caspar, Hamburg’s commissioner for data protection and Germany’s lead regulator of Google on privacy issues, that the suspension will last at least three months.

The decision was made after Google admitted that one of the language reviewers it partners with, who are supposed to assess Google Assistant’s response accuracy, “has violated our data security policies by leaking confidential Dutch audio data.” Over 1,000 private conversations in Flemish, some of which included private data, were sent to the Belgian news outlet VRT. Though the messages are supposed to be anonymised, staff at VRT were able to identify the users through private information like home addresses.

At that time Google promised “we will take action. We are conducting a full review of our safeguards in this space to prevent misconduct like this from happening again.”

These are not the first cases where private conversations are leaked over voice assistants. Last year an Alexa-equipped Amazon Echo recorded a conversation between a couple in Portland, Oregan, and sent it to a friend, which was another recent case that rang the alarm bell of private data security.

It should not surprise those in the tech world that AI powered natural language processing software still has a long way to go before it can get all the intricacies right. Before that it needs human input to continuously improve the accuracy. The problems that bedevilled Google and Apple today, and Amazon in the past, and Microsoft (Cortana) which fortunately has not suffered high profile embarrassment recently, are down to the lack of stringent oversight of the role humans play, the lack of clear communication to consumers that their interactions with voice assistants may be used for data analysis purposes, and the failure to give consumers the choice to opt out.

There is also the controversy of data sovereignty, as well as the question of whether private data should be allowed to be stored in the cloud or should be kept on device. Apple’s leak case is not geographically specified, but Google’s case is a clear violation of GDPR.  According to the AP report, Germany has already started proceedings against Google.

Huawei suspected of decade long relations with North Korea – report

The Washington Post has obtained internal documents showing the Chinese vendor and its partners have been working with North Korea’s national mobile operator for over a decade.

A former Huawei employee turned whistle-blower has passed on the documents to the newspaper, which has had them translated into English and shared on GitHub. The two spreadsheets are project logs of Huawei’s business in the China region, which covers North Korea (codenamed A9 inside Huawei). Details include project name, project status, account, country, internal business units, etc.

Huawei and its partners (for example Panda (Beijing) International Tech Limited, Xiamen Baoxin Supply China Co) are shown to have undertaken multiple projects for Koryolink, North Korea’s only mobile operator. The files recorded the latest initiated project with Koryolink took place in 2016, and the latest uninitiated project with the North Korean operator was logged in 2017.

The Washington Post reported that North Korea started building the mobile operator after the late Kim Jong Il (father of current leader Kim Jong Un and son of the country’s founder Kim Il Sung) visited Huawei in 2006. The operator was then set-up as a joint-venture between the Egyptian company Orascom Telecom Holding and North Korea’s Post and Telecommunications Corp. The newspaper claims it has also obtained additional files, not shared externally, that corroborate the case, with Huawei’s internal social network discussion records. Huawei is also allegedly to have developed a special encryption system for “special users” in North Korea.

At the time of writing Huawei has not responded to Telecoms.com’s request for comment, but its spokesperson denied to The Washington Post the company has any business presence in North Korea, though he does not deny the authenticity of the files. The spokesperson also claimed that “Huawei is fully committed to comply with all applicable laws and regulations in the countries and regions where we operate, including all export control and sanction laws and regulations”.

The timing of the report can be tricky for multiple parties. For Huawei, while the litigation in the US related to its business in Iran is still ongoing, the exposure of its long-term business relations with North Korea could become another roadblock to its efforts to be de-listed from the US Entity List. However, if Huawei had used other Chinese companies to ship equipment to North Korea, as was reported, it might have a case to argue that it has not dealt with a country under US sanction directly, which is different from the Iran case, where it is accused to have used its own subsidiary. But there are also cases, in particular system integration and software development projects, where Huawei has direct links. It would potentially need detailed investigation to determine whether American technology has been involved.

For the US it is also a precarious period. President Trump met CEOs from seven US technology companies on Monday, when he promised that the Department of Commerce would respond promptly to the license requests for Huawei sales. Afterwards, when asked about the North Korea report, the President said he will need to explore the issue. A further twist is the President has repeatedly claimed that he and the North Korean leader Kim are good friends.

For the UK and the European Union, the rather concrete case of Huawei’s link to North Korea would undoubtedly lend more weight to the argument that the company should be excluded from the construction of 5G networks, citing security concerns.

Most EU countries complete 5G national risk assessments

24 out of the 28 EU member states have completed 5G risk assessments at national level, laying the groundwork for an EU-wide assessment by October.

The project was launched in March, when the Commission (the administrative branch) responded to the Council’s (the heads of state or government) expectations to see a “recommendation on a concerted approach to the security of 5G networks”. According to the Commission’s statement, the assessment should be conducted on three main areas:

  • the main threats and actors affecting 5G networks;
  • the degree of sensitivity of 5G network components and functions as well as other assets; and
  • various types of vulnerabilities, including both technical ones and other types of vulnerabilities, such as those potentially arising from the 5G supply chain.

All member states were requested to complete the national assessment by the end of June. The Commission does not publish the names of the countries that have missed the deadline.

“The completion of the risk assessments underlines the commitment of Member States not only to set high standards for security but also to make full use of this groundbreaking technology,” Julian King, Commissioner for the Security Union, and Mariya Gabriel, Commissioner for the Digital Economy and Society, said in a joint statement.

“We hope that the outcomes will be taken into account in the process of 5G spectrum auctions and network deployment, which is taking place across the EU now and in the coming months. Several Member States have already taken steps to reinforce applicable security requirements while others are considering introducing new measures in the near future.”

The national assessments will feed into the pan-EU 5G risk assessment, led by the EU Agency for Cybersecurity (ENISA), tasked to be completed by 1 October 2019. By the end of the year, a toolbox to mitigate the risks identified at national and EU levels will be developed by the NIS Cooperation Group, the EU’s cross-agency identity responsible for cybersecurity. By 1 October 2020, member states are requested to undertake an evaluation of the effectiveness of the measures taken and determine whether further actions should be taken.

Meanwhile, ENISA will also take the lead to develop an EU-wide certification framework to cover 5G networks and equipment, which member states are encouraged to adopt.

Samsung profit is halved, company guidance warns

Samsung, the world’s largest smartphone and memory chip maker, warned the market its quarterly profit would drop by 56%, prior to the official result announcement later this month.

Samsung Electronics told the market that the operating profit generated in the quarter ending 30 June amounted to KRW 6.5 trillion ($5.55 billion), which would be a 4% sequential improvement on Q1 this year, but would represent a 56% drop from the same quarter a year ago. The total revenue is expected to be around KRW 56 trillion ($47.8 billion), a 7% sequential growth, but 4% year-on-year decline. The continued depressed profitability (operating margin almost unchanged from last quarter at 12%, compared with 25% a year ago) indicates Samsung’s main business has not turned the corner.

The semiconductor sector, where Samsung has generated the highest profit among all of its business units, remains weak. Last month investment analysts from the private fund Evercore reported that the inventory of memory chips by downstream device makers continued to be at excessively high level, therefore the investors did not see the sector recover before 2020.

The IT & Mobile communication unit, which has generated the highest revenue for Samsung, is still in trouble. Samsung has braced intensive competition particularly from the Chinese competitors, and its Galaxy S10 series have not been able to turn its fortune. The troubled launch of the Fold version of S10, which had been slated for Q2, has still yet to happen. A new Unpacked event has just been announced for August, but is likely to unveil its new tablet, the Galaxy Note 10, to consider the stylus featured on the event invitation.

When faced with pressure on profit, companies often turn to control cost. That looks to be what Samsung has been doing. A few days ago The Economic Times of India reported that Samsung will cut 1,000 jobs from the company’s smartphone functions. This is after 150 jobs are already gone in Samsung’s telecom infrastructure team.

5G RAN market analysis has Huawei in the lead

Analyst outfit GlobalData has claimed the first competitive landscape assessment  of the 5G RAN vendor market, naming Huawei as the clear leader.

The methodology isn’t detailed, but it seems to consist of giving each of Ericsson, Huawei, Nokia, Samsung and ZTE marks out of five on the following criteria:

  • Baseband capacity
  • Radio unit portfolio
  • Installation ease
  • Technology evolution

Nobody scores less than three in any category but, as you can see from the table below, Huawei gets top marks across the board. GlobalData then aggregates those to make an aggregate score, with everyone getting four except Huawei on five. This seems a bit generous to Samsung and ZTE, both of whom averaged 3.5/5.

globaldata 5g

“The 5G RAN market is extremely competitive in these early stages,” said Ed Gubbins, Principal Analyst at GlobalData. “Operators’ decisions today will direct the next decade of global telecom investment and ultimately usher in fundamental changes to the way we live and work in the 5G era.”

“The first wave of 5G RAN equipment, called ‘non-standalone 5G’ relies on existing 4G LTE infrastructure for some functions. So in the race to win 5G deals with operators, each vendor has a strong advantage with operators that already use their 4G gear.

“Standalone 5G, which requires a 5G core, will give vendors a better chance to penetrate new operator accounts and grow their global market share. We expect the standalone 5G RAN market to start ramping up in 2020.”

Conspicuously absent from all this analysis are geopolitical considerations. It’s all very well Huawei having the best offering, but if much of the western world won’t allow it to be involved in its 5G markets that doesn’t count for much. It’s also interesting to note that the report suggests Nokia’s radio unit portfolio is much better than Ericsson’s, which in turn is easier to install.

Xiaomi is meeting Huawei domestic aggression head on

Smartphone manufacturer Xiaomi plans to increase the investment in channel and retail development in the Chinese market by $725 million, to improve its position and to counter the expected aggression from market leader Huawei.

Bloomberg cited its source at Xiaomi that the Chinese smartphone company has decided to invest CNY 5 billion ($725 million) over the next three years to shore up its channel and retail position in China’s contracting smartphone market. This will come on top of its current budget and will be spent on channel expansion, partner incentive, and sales force financing, according to the report.

The decision is also made in anticipation of Huawei’s aggressive channel and retail movements in China in the near future, the source told Bloomberg. Huawei, the smartphone market leader in China admitted recently that its business will suffer from the US sanctions and the severance of business relations by companies like Google. In the consumer segment, which now accounts for more than half of Huawei’s total revenue, the impact will mainly in the overseas market with the disappearance of Google services from its smartphones posing the biggest impediments to consumers’ purchasing decision. This will drive Huawei to further strengthen its grip on the Chinese market, where it is already supplying one out of ten of the smartphones being sold.

Xiaomi has reaped the benefits after investing heavily in the overseas markets in recent years, having broken into the top five in a number of European markets while also well received in growth markets like India. It has the ambition to become the market leader in its home market too, but so far, the company has been vying for the fourth position with Apple, trailing Huawei, OPPO, and Vivo.

Huawei and Xiaomi also adopt different retail strategies. In addition to smartphones, Huawei also sells its full line of consumer products in the retail outlets including PCs, tablets, and other consumer devices.  Xiaomi, on the other hand, has carried the “ecosystem” concept from online, which used to its exclusively channel, to offline retail. In addition to its own branded products, centred around the smartphones, partner products on its IoT ecosystem are also offered in the retail outlets, in line with its strategies.

HMD moves Nokia phone user data storage to Finland

HMD Global, the maker of Nokia-branded smartphones, announced that it is moving the storage of user data to Google Cloud servers located in Finland, to ease concerns about data security.

The phone maker announced the move in the context of its new partnership with CGI, a consulting firm that specialises in data collection and analytics, and Google Cloud, which will provide HMD Global with its machine learning technologies. The new models, Nokia 4.2, Nokia 3.2 and the Nokia 2.2, will be the first ones to have the user data stored in the Google Cloud servers in Hamina, southern Finland. Older models that will be eligible for upgrading to Android Q will move the storage to Finland at the upgrade, expected to take place from late 2019 to early 2020. HMD Global commits to two years’ OS upgrades and three years’ security upgrades to its products.

HMD Global claims the move will support its target to be the first Android OEMs to bring OS updates to its users, and to improve its compliance with European security measures and legislation, including GDPR. “We want to remain open and transparent about how we collect and store device activation data and want to ensure people understand why and how it improves their phone experience,” said Juho Sarvikas, HMD Global’s Chief Product Officer. “This change aims to further reinforce our promise to our fans for a pure, secure and up to date Android, with an emphasis on security and privacy through our data servers in Finland.”

Sarvikas denied to the Finnish news outlet Ilta-Sanomat that the move was a direct response to privacy concerns triggered by the controversy earlier this year when Nokia-branded phones sold in Norway were sending activation data to servers in China. At that time HMD Global told Telecoms.com that user data of phones purchased outside of China is stored in AWS servers in Singapore, which, the company said, “follows very strict privacy laws.” However, according to GDPR, to take user data outside of the EU, the company would have had to obtain explicit consent from its EU-based users.

Sarvikas claimed that the latest decision to move storage to Finland has been a year in the making and is part of the company’s overall cloud service vendor swap from Amazon to Google. “Staying true to our Finnish heritage, we’ve decided to partner with CGI and Google Cloud platform for our growing data storage needs and increasing investment in our European home,” Sarvikas added in the press release.

Francisco Jeronimo, Associate VP at IDC, saw this move a positive action by HMD Global, calling it a good move “to address concerns about data privacy” on Twitter.