Cutting corners on telecom infrastructure with Huawei

In January 2013, I wrote a Quora blog post about Huawei’s twisty, winding path to prominence. There were plenty of oddities, e.g. Huawei was supplier to the Taliban, and later, was nearly acquired by GOP presidential Mitt Romney… but not at the same time!

Huawei is back in the limelight. Curiously, the problem is not one of Chinese state interference but of sloppy software development. I’ll get to that, but first, let’s take an illustrated tour of the Huawei story.

A casual Huawei timeline

2001 – Huawei India faces allegations that it had developed telecommunications equipment used by the Taliban in Afghanistan.

Huawei greeters at ITU World Telecom 2007 but probably not for the Taliban

2010 – Reuters reports that a partner of Huawei tried to sell embargoed Hewlett-Packard computer equipment to Iran‘s largest mobile-phone operator.

Huawei at mobile device trade show convention in Iran

2011 – The Australian government excludes Huawei from tendering contracts with a government-owned corporation constructing a broadband network.

2012 – The Canadian government excludes Huawei from plans to build a secure government communications network.

Huawei phone Pegasus, Barcelona 2012

2013 – The U.S.- China Economic & Security Review Commission advised Congress about Chinese government influence on Huawei.

2013 – Reuters investigative report following receipt of a letter from a concerned Los Alamos National Labs (LANL) employee:

[LANL] had installed devices made by H3C Technologies Co [which] raises questions about procurement practices by U.S. departments responsible for national security.

The devices were Chinese-made switches used for managing data traffic on LANL computer networks. Huawei’s relationship with Chinese military was mentioned.

(more…)

Don’t Bring Your Guns to Town

From The New York Times, October 5, 2010:

Handgun permit holders who have recently seen their rights greatly expanded by a new law — one of the nation’s first — that allows them to carry loaded firearms into bars and restaurants that serve alcohol… Tennessee is one of four states, along with Arizona, Georgia and Virginia, that recently enacted laws explicitly allowing loaded guns in bars. Previously, states like Tennessee did not allow its residents to carry concealed weapons unless they had a special permit from the local authorities.

©2010 The New York Times All rights reserved. Used by permission and protected by the Copyright Laws of the United States. The printing, copying, redistribution, or retransmission of the Material without express written permission is prohibited.

I was troubled when Arizona recently passed legislation to remove the requirement to obtain a concealed weapons permit to, well, carry a concealed weapon on one’s person.  Carrying a loaded weapon in a bar is much worse. It is a profoundly bad idea. That is a blatant statement of opinion. However, I am a rifle marksmanship enthusiast and dearly miss my wood-stock, .22 Remington bolt-action long rifle that I sold when I went off to attend the Wharton School. I am not biased against the Second Amendment. Yet I do think this law shows a serious breach of common sense.

Tech Update One: The Real Smart Card Finally Steps Up, Finally Steps Up

Today I step out from under my dark cloud of foreboding to bring glad tidings! It seems that the consumer is finally able to avail herself of effective and affordable protection from identity theft and collateral loss. Mine arrived in a small securely wrapped parcel from www.PayPal.com a few weeks ago: an ICT Display Card. After a ten-year wait, this form of the long-anticipated “Smart Card” finally debuts.

What does it do, and is it really anything special? Yes, because the ICT Display card appears to offer the first instance of double password protection (dual factor authentication) for the average consumer’s online transactions. Let me describe the process, although I cannot fathom how it works. The account holder logs in to PayPal servers via secure https connection using her established account name and password. After gently depressing the small rubbery nub, the ICT Display Card generates a six to eight digit security key.

How does that new password protocol work?

   It appears on a (possibly LED) display, flush with the surface of the card, on the upper corner. The user then keys in the numeric code, no other process nor hardware needed. After a 6 to 10 second pause (the instructions are contrite, asking for the user’s patience during that nearly imperceptible interval), the key is authenticated and account access is granted. A different randomly generated security key is created for every session, according to the instructions. One could also use a security token delivered via a text message, instead of the card-based security key.  

This nifty little card is the size of an ATM or credit card. It is thinner and lighterthan most office building entrance card readers. The only cost associated is a one-time charge of $5.oo, including shipping and handling.  Remarkable technical innovation was required, as the card is powered by a super lightweight, paper-thin, very long-life battery, which emits a low-power radio frequency transmitting the security code. But where is the receiver? The card is not location-dependent, and may be used with any login, with any IP address. I am very curious how it works!

The developers are a privately-held company, with numerous overseas retail banking customers, and a very low profile website, probably due to this extremely valuable proprietary technology.  PayPal offered this option  for a more secure connection to customers as a bullet point update on the login screen, as opposed to a more visible email distribution to customers.  In fact, I recall seeing it announced only once, with minimal promotion. Instructions are given for users in the USA, Australia, Canada, Great Britain, Germany and Austria. though I believe that PayPal offers the double password option solely to US-domestic customers at present. Actually, I am intrigued by the lack of fanfare as much as the capability of the card itself!