A Huawei executive and a US Department of Defense official got onstage together Wednesday at the RSA Conference in San Francisco, and the conversation got heated. Katie Arrington, an official in charge of acquisition at the Defense Department, insisted that lawmakers and President Donald Trump had good reason tofrom government use. Huawei USA Chief Security Officer Andy Purdy said the decision was the wrong approach.
Purdy said the government was following a policy of "rip and replace," tearing useful technology from the hands of government workers serving US citizens. He said the US government can find ways to build trust by observing the manufacturing process more closely.
Arrington countered that removing Huawei technology from government use was the only option, "because the risk is so high." The US can't consider conveying control of sensitive information to another country, Arrington said, "end of story, period."
The topic at hand was supply chain security, or the process of making sure security flaws don't get introduced into tech during the manufacturing process. Since phones, computers and other devices are made in overseas factories, overseen by a complex web of contractors, there are countless ways bugs can wind up inside your tech. The question of whether the bugs were put there on purpose, and by whom, can lead to an.
Craig Spiezle, a consultant at Agelight Advisory Group who focuses on increasing trust in tech and addressing ethics, moderated the panel. Also on stage Wednesday were tech policy experts Bruce Schneier of the Harvard Kennedy School and Kathryn Waldron of the R Street Institute think tank.
Until recently, Schneier said, the US government didn't mind that devices were insecure, because its spy agencies were the best at using those vulnerabilities to gain intelligence. As other countries came to match the United States' ability to spy, the government has become more concerned with patching up flaws. That's going to decrease everyone's ability to spy, Schneier said.
"Security will come at the expense of surveillance," Schneier said.
Waldron said the US government's decision to ban Huawei tech has cemented the idea that Chinese tech companies are closely tied to the Chinese government and that that association can't be undone at this point.
The US has its own history of putting vulnerable communications devices out into the world. A recent report from the Washington Post detailed how the CIA secretly ran a cryptography company, selling machines with backdoors to governments around the world under the auspices of Crypto AG.
"All countries are engaged in spying," Waldron said. "I don't think that's a surprise to anyone."