Facing costs of more than $300 million to rip out equipment now banned by the U.S. government over national security concerns, Fort Morgan-based Viaero Wireless made its plea to the Federal Communications Commission last year to keep the Huawei Technologies parts it installed years ago.
“The FCC’s proposed rule threatens Viaero’s ability to survive. Viaero believes it will have to replace all of its existing Huawei equipment, which makes up four-fifths (of) its network,” Frank DiRico, founder of the northeastern Colorado wireless broadband service, wrote in an FCC filing in June 2018.
The feds may finally be listening.
Last month, the U.S. House Energy and Commerce committee introduced a bill to provide $1 billion for small telecom providers like Viaero to help replace banned equipment. A Senate bill providing $700 million has also been introduced. And at this month’s FCC meeting, chairman Ajit Pai plans to find out out how much banned equipment exists in telecom networks across the U.S. and determine the cost to replace it.
The FCC will also consider forcing companies that receive Universal Service Funds — which provides money to many rural telecoms — into removing banned equipment.
“Most operators are in a bit of a holding pattern right now trying to figure out what they’re going to have to do with their networks,” said Jeff Johnston, lead economist for the communications sector at CoBank in Greenwood Village. CoBank works with rural telecoms nationwide, and Johnston projected the $1 billion replacement cost estimate in a report that the U.S. House had requested.
DiRico and Viaero officials did not respond to multiple requests for comment. But for Viaero and other rural telecoms, this is a touchy topic. Replacing the equipment won’t be cheap and would mean serious downtime for customers. But sticking with gear made by Huawei, ZTE or other banned Chinese companies means violating a national security order. In May, President Donald Trump issued an executive order banning “foreign adversaries” from U.S. telecom networks. In an era where politics and trade wars with China are having a devastating effect on business decisions, rural telecoms face uncertainty.
But one company impacted by the ban is ready to talk: Huawei.
Tim Danks, Huawei Technologies USA’s vice president of risk management and partner relations, was in Denver last week to address some of the security issues during an event at The Cable Center. He also spoke to The Colorado Sun.
Danks rejects any accusation by the U.S. government that Huawei spies on American citizens and builds backdoors into its software and equipment to report back to the Chinese government.
“To answer that question directly, no. There are allegations. There hasn’t been any judicial process or any judgment at this point,” said Danks, who added that Huawei has about 60 customers in the U.S. in mostly rural areas. “There’s definitely a difference of opinion here and certainly some concerns raised. Ultimately, we’ll let the court cases settle themselves out. But in the meantime, there’s a more broad security issue, and it’s not just a Huawei issue. This is a global supply chain issue.”
Backdoors and more
In his statement to the FCC, DiRico said Viaero uses a different company for firewalls, routers and switches so “no traffic gets in or out of (the) network without going through our U.S.-based vendors’ routers and firewalls. This gives Viaero protection from any malicious act by Huawei or anybody else.”
The company also reached out to other cybersecurity firms to evaluate vulnerabilities.
In cybersecurity, building an impenetrable system is not simple. That’s called Schneier’s Law, named for American cryptographer Bruce Schneier who wrote: “Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break.”
In other words, you may not be able to crack your own work, but independent parties will try and may succeed. And that happens all the time. Earlier this year, security flaws were discovered in 4G and 5G networks that can be used to intercept phone calls and track the locations of users, according to TechCrunch.
Professors at the University of Colorado recently reported that the emergency alert systems, like Amber Alerts or Presidential alerts, could be spoofed with radios that cost less than $1,000.
“There are many more security issues than just Chinese manufacturers inserting vulnerabilities into equipment, and the FCC has not really even begun to think about addressing this broader set of issues,” said Blake Reid, a CU professor specializing in telecom law. “That’s what worries me.”
He said the FCC should require more third-party security testing of mobile networks while they still are in development. It’s usually not done until it’s too late, and consumers are already using the technology.
“It’s not that the carriers are designing the networks without security in mind,” Reid said. “It’s that the lengthy and inaccessible nature of the standards-setting process means that independent security experts are not able to come in to probe for possible problems in specifications early enough to prevent them from being implemented and deployed.”
The timing of the Chinese bans also coincides with Trump’s trade war with China. And that makes some wonder whether this is political or based on real intrusions. More transparency would help, said Cooper Quintin, senior staff technologist at privacy-rights organization Electronic Frontier Foundation in San Francisco.
“If there are legitimate concerns, those need to be shared,” Quintin said. “If the concerns are around tradewars, then that’s not a security concern, and I don’t really care whether people use Ericsson equipment or Huawei equipment or any other equipment.”
Working at a privacy-rights organization that offers tools like Privacy Badger to block online trackers, Quintin is more concerned about any type of spying. He knows the Chinese government could ask Huawei to build backdoor access into their equipment for the purpose of later spying for the Chinese government. But he said so could the U.S. government — which was exposed by Edward Snowden.
“Spies are going to spy,” Quintin said. “Are we more concerned about the Chinese government listening to our communications or the U.S. government? Personally I’m concerned about both.”
In January, the U.S. Department of Justice charged Huawei with theft of trade secrets and obstruction of justice. Huawei is also accused of “offering bonuses to employees who succeeded in stealing confidential information from other companies.”
The federal indictment stemmed from a 2014 T-Mobile lawsuit that accused Huawei engineers of stealing trade secrets related to T-Mobile’s phone-testing robot “Tappy.” In 2017, T-Mobile won the lawsuit and $4.8 million. But the amount was much less than the $500 million T-Mobile sought, and the jury didn’t find Huawei’s misappropriation had been “willful and malicious,” according to a FierceWireless report.
T-Mobile declined to comment.
Huawei, one of the world’s largest providers of telecom equipment and the No. 2 maker of smartphones, has a lot to protect. The company, which reported $104 billion in revenues last year, said anticipated growth was decimated by the U.S. ban and revenues are expected to be flat this year.
After getting blacklisted from buying or selling to U.S. companies in May, Huawei’s U.S. division said it would cut 600 U.S. workers. According to state job-layoff notices in July, Huawei laid off 38 at its U.S. headquarters in Plano, Texas, 281 in California and 41 in Washington state. Danks said the U.S. division currently employs between 500 to 700 people.
Danks said the company has increased transparency to the U.S. government with cybersecurity evaluation centers where officials “can look at our code, they can look at our hardware and test it for vulnerabilities, test it and scrutinize it for inconsistencies or poor quality and whatever. We’ve done that with the UK, Canada and a few other countries across the world and given them the transparency that allows them to look deeper inside Huawei.”
So far, Huawei equipment has been banned in Australia, Japan and other countries. But other U.S. allies haven’t all followed suit. A United Kingdom Parliament committee rejected a ban, which followed a similar decision by the European Union, according to Wired magazine. Germany also hasn’t banned Huawei. And the U.S. is contemplating allowing U.S. companies to start selling certain components to Huawei again.
Make more journalism like this possible with a Colorado Sun membership, starting at just $5 a month.
But the reality is that Huawei is a Chinese company and is subject to the Chinese government’s whims, said Christopher Mitchell, director of community broadband networks initiative at the Institute for Local Self-Reliance.
“The federal government is smart to be concerned about Huawei and to want our telecommunications networks not to have gear manufactured by China in it,” Mitchell said. “It’s tricky because a lot of the gear owned by other companies is manufactured in China. But specifically a company that is controlled by the Chinese government, we should be concerned about such a rival given the tensions right now and having that level of access to United States telecommunications.”
Mitchell’s concern is for the survival of rural telecom companies that have struggled to offer broadband service in places that major providers, like Comcast, ignore.
“If we respond to this by putting the cost of replacing that gear on the rural wireless companies, it just means we’ll see less deployment in rural areas because those companies will not have the money to replace that gear in the same way,” Mitchell said. “The replacement gear will be more expensive because China was subsidizing it to try to get into this market. … If that has to go away, which I think it should, then we have to figure out how to make the wireless companies whole.”
Huawei and the U.S. digital divide
And that brings us back to companies like Viaero.
In its FCC filing, Viaero put the total cost to “rip and replace” at $410 million, which includes $300 million in replacement equipment costs, $60 million for installation and $50 million in lost roaming fees from national carriers while the service is down. The company said it has 1.5 million unique roaming customers per month.
DiRico also brought up concerns about the difficulty of bringing in non-Huawei equipment to work with existing infrastructure, the higher prices of competitors’ gear and service disruptions to its nearly 110,000 customers. That would translate into cancellations, lost revenue and restricted planning.
Likewise, Union Wireless, which offers wireless broadband service in parts of Colorado and has 40,000 customers, said in a June 2018 FCC filing that 75% of its equipment came from Huawei. Complying with an order to replace the equipment would cost the Wyoming company $300 million. If it chooses not to, it would lose the $20 million a year it gets from the Universal Service Fund.
“In the end, the ones that suffer the most are those in current underserved and unserved areas that once again have to wait to get the services that the vast majority of others receive today: the customers in Rural America,” wrote Eric J. Woody, Union’s chief technical and operations Officer.
Johnston, with CoBank, said he’s heard from other rural telecom clients as well, so he knows what they’re going through.
“There’s downtime and service interruptions. A systemwide rip and replace is not something you typically see operators do,” Johnston said. “We’re talking about operators with limited resources, physically and financially. They’ve got to pull their engineers off of developing new products and maintaining the network and put them on the rip-and-replace project.”
Colorado has made great progress expanding rural access to broadband in the past couple years. Broadband is now available to 86% of the state’s rural households, compared to 77% two years ago. But it’s only been possible through state and federal grants, said Tony Neal-Graves, executive director of the Colorado Broadband Office.
“Whenever a service provider thinks about wanting to build infrastructure into a community to provide broadband, the simple math that all of us do is how many households am I gonna pass per mile. If the numbers are too low to justify the capital expense to build the infrastructure, they don’t do it,” Neal-Graves said. “And that’s why we don’t have good broadband coverage in rural communities.”