There have been a few press reports recently suggesting that one newcomer on the enterprise storage scene, Huawei Symantec, is more than meets the eye. According to a Washington Times story, a sale of the company’s storage products to a supercomputing lab was blocked after allegations that the Chinese government or military would use the platform as a Trojan horse for spying. Normally I wouldn’t comment on political matters on this blog, but I happen to know a thing or two about Huawei Symantec, and I hate to see jingoistic nonsense interfere with the progress of technology.
You should probably read my earlier write-up, Huawei Symantec Enters The United States Storage and Security Market
I’ve covered Huawei Symantec before, but let’s get a little housekeeping done right at the start: A 51/49 joint venture between Chinese telecom giant Huawei and American storage and security software leader, Symantec, Huawei Symantec is actually an independent company with its own leadership and software/hardware engineering teams. The company entered the United States market in 2010 with a line of storage and security devices and has steadily expanded, bringing in new products from their international portfolio. Despite the implications of their famous parentage, most of Huawei Symantec’s products are engineered in-house and apparently little use Huawei or Symantec components.
In an August 16 article, Eli Lake of the Washington Times reports that four Republican senators and a member of the House Permanent Select Committee on Intelligence raised concerns about the purchase of Huawei Symantec storage systems by the National Center for Computational Engineering at the University of Tennessee. In an August 9 letter to Defense Secretary Leon Panetta and others, the lawmakers refer to “Huawei’s close ties to the [Chinese] government and its military and intelligence sectors, its history of alleged corrupt practices and infringement on intellectual property rights, and concerns it may act as an agent for a foreign government…”
The suggestion is that Huawei Symantec will somehow use these storage arrays to pass information on sensitive scientific and engineering tests to the Chinese government or military. But no specific evidence is cited apart from the allegations of connections between parent-company Huawei, the government of China, and very real concerns over corruption and a disregard for intellectual property in China as a whole.
In short, these allegations have nothing to do with Huawei Symantec specifically and everything to do with American fears over competition and unfair business practices. It is telling that the four senators involved in these allegations (Kyl, DeMint, Coburn, and Inhofe) are among the five most conservative members of that body.
All This Happened Before
Allegations that foreign companies are spying in America for their respective governments are nothing new. Similar suggestions remain widespread concerning Israeli companies in the security and telecom fields: Check Point is continually disparaged as an avenue for Israeli spying, even though I can find no concrete evidence of this. And Huawei itself was blocked from selling telecom equipment to Sprint based on similar allegations from Senator Kyl. Both of these companies were founded by ex-members of their national military, giving a bit of heft to the accusations.
Could Huawei Symantec leverage their storage systems to spy on American labs? Absolutely! But there is no evidence that they are doing this, only allegations based on generalizations about the Chinese people and their business practices. And most reporters (and indeed the Senators themselves) failed to notice that Huawei Symantec is not Huawei itself! This is a separate company yet it is being criticized for hazy allegations about its parent.
Then there is the technical challenge of actually leveraging an enterprise storage array for spying. Although movie spies often grab a hard disk on their way out of the building, it’s actually very difficult to sift through petabytes of data stored across multiple devices. Huawei Symantec would have to include computational power and intelligence in the array controller to analyze data locally before sending it out through some kind of hidden encrypted WAN link. Disguising that link means controlling security and network infrastructure as well, and they would need to keep throughput at a reasonable level so no one would notice the data transfer. In short, it would be very difficult technically for the Chinese military to use a storage array for spying even if this was their plan.
One must also consider the efficacy of spying through IT devices. Since these are purchased by each organization separately, a “spy vendor” we have a great deal of difficulty targeting sensitive environments and ensuring access to sensitive data. Huawei Symantec could try to target government labs, but there’s no telling whether they would actually succeed in the open market. It would be much more effective if a spy agency simply embedded spy technology in a wider range of products from less recognizable names.
HP, for example, sells a range of high-end network switches developed in cooperation with Huawei itself. Wouldn’t these switches be easier to leverage then a few storage arrays in Tennessee? But then reactionary senators with no concept of the business of IT would never recognize these efforts. Apparently, they need a big colorful Chinese name in order to get up in arms.
Huawei Symantec is being unfairly targeted based on its parentage, its name, and its national origin. There is absolutely no evidence presented, only vague suggestions and generalizations about China, and their accusers are a handful of ultraconservative congressmen. There is no reason to put any faith whatsoever in these allegations. To those concerned about these companies, I say this: Give me evidence or keep your anti-China feelings to yourself.
Disclaimers: I’ve never done business with Huawei Symantec or Huawei itself, though I have been briefed by them repeatedly. I work closely with Symantec Corporation on Tech Field Day and other projects, but they do not pay me a retainer and were not involved with this article.