tv Heritage Discussion on China 5G Technology and Global Security CSPAN March 23, 2019 12:47am-2:23am EDT
for veterans. frarick discusses his recent markle on the american conservative about the u.s. agriculture industry. then, union of concerned scientists talks about the flooding in the midwest and our river and floodplain management determines the amount of damage that occurs. be sure to watch c-span's washington journal live at 7:00 eastern saturday morning. join the discussion. former house intelligence committee chair mike rogers talked about china's telecommunications technology and concerns about chinese tech companies posing security risks in the u.s. a panel also talks about the future of 5g mobile service. this is an hour and a half. >> all right. we are going to go ahead and get started here today. thank you all for coming out to heritage on this rainy thursday morning.
we have some very big topics to cover in today's program, some weighty topics, from 5g in china, to the future of digital infrastructure and the five eyes alliance, which joint australia canada new zealand and the u.s. we have an expert panel ahead to discuss these issues but first we have a special keynote speaker. congressman mike rogers, former congressman from michigan who chaired the house permanent select committee on intelligence from 2011-2015 where he oversaw a budget of $70 billion which funded the nation's 17 intelligence agencies. notably, he led a bipartisan investigation into chinese telecoms firm huawei, and a congressional report issued in 2012, the declassified version of which you can see. before that, he served as an
army officer and as an fbi field special agent in chicago. today, mr. rogers serves as a vice-chairman of the board and as a director at leading companies including site response and for iq. he's a senior fellow at harvard university and at the david abshire chair at the center for the study of the presidency and congress. i am a longtime admirer of representative rogers. he consistently in his time in office put country ahead of personal and partisan interests, and i think led a bipartisan environment in which real progress was made and real work was done on the intelligence committee. so, i'm very pleased to have him come and speak about a topic he's been studying intimately now for over a decade. with that, please extend a warm welcome to congressman mike rogers.
[applause] mr. rogers: good morning. thanks for being here on one of the probably most important national security issues facing the united states that nobody is really paying attention to, as i'm glad there's at least some dialogue on this very, very important topic. if you think about 5g and what is going to do across the country, it's going to be transformational. think about going from a garden hose with a weak pump to a firehose, and that's really the dynamic change that we're going to see with 5g. so less latency, more efficiency and much more capacity and capability. and it's coming slowly i think to the united states. it will be a bit of a slow rollout. it will probably be in denser urban areas. it will have a high degree of commercial impact first, companies that will need that extra capacity to do the kind of productivity building that they
need in the production of their materials. services will get it first and then the rest of us will slowly plug in to it. you think about going from one gigabit a second to about 10 gigabits a second, meaning what would take you an hour to download can happen in just a matter of minutes. such huge, huge, huge implications for the positive and the good not only here but around the world. but with that comes some serious security challenges. if you look at the companies that are competing in the 5g space, enterprises that are trying to get ahead of the curve in the buildup worries me a lot, and i'll tell you why. so the fbi just indicted huawei not that long ago in new york. they talked about the bad behavior of a company that has a candidly bad reputation ethically around the world today everything from using cash
payments to gain contracts, to intellectual property theft, in that particular case they highlighted money-laundering schemes. in addition the uncovered some pretty interesting things, including bonuses paid to employees who provided intellectual property from other companies. so think of the ethics of this. let's just back off for a minute and the notion it is even connected to the chinese government and intelligence and defense services. would you really want to engage where americans go through ethics training, every company that you just talked about, i go through ethics training as a board member. our employees go through ethics training to make sure that we don't commit violations of u.s. law, including international trade norms, et cetera. no bribing for contracts, it's illegal. and we would not deal for the
sheer repetition of our companies with companies who had that high degree of ethical challenges. i don't know how europe is going to try to kind of right size that in their new push for ethical behavior in places like africa and the middle east. and that's just one episode of what they're trying to do. both huawei and zte are trying to set standards. they are on i think five different standards bodies for what 5g looks like. and so what does that mean? they are trying to influence what the standards are to comport with what they believe is their strength in the market. they are not even bashful about it. they will tell you they will do it and then they will do it. we stand by i think in many cases scratching our heads thinking wow, how did this happen? so if you look at some of them even the bigger violations of the last few months on the security protocol, look at china telecom about late last year, diverted for about 90 days internet data from canada, north
america, and korea, left that area, rent it through -- ran it through beijing, wasn't supposed to do that, right? i'm sure that was an accident, right? happens to be around times when there there's a high interest in trade negotiations and other things. and so part of the problem with huawei and zte is that they are, i believe, based on a report in 2012 and certainly the intelligence services reports today, it is a part or a functioning subservient enterprise of chinese intelligence and defense services, their national security apparatus. and china has a law on its books that says any chinese company that has data, no matter where it was acquired, must turn it over to the state when requested. no due process, no third-party adjudication. it is one state who requires that information, you will give
it up. so why does china want made in china 2025? and data dominance in 2025? when you start thinking up with the 5g buildout means and how much access to data that needs, -- means, if i control the gear that builds the 5g buildout, i will control probably whatever i so desire into that gear, meaning i can get access to data anywhere in the world as much as i want. and you already saying through a.i. algorithms and other things that the chinese are using the vast population to start collecting and understanding big data analytics. pretty clever and again they are not hiding. they are telling you we are doing it. in the meantime, we're having these debates about should we or should we not participate with huawei in a 5g buildout in the tourney.
they does seem to quite get what we are very candid i think is going through this process and coming to the right conclusion. australia says we are banning 5g from our -- excuse me, huawei from our core networks in a 5g buildout. today you can protect data released type to protect data because it's a core functioning event. all the internet is a core place that goes out, so security decisions, the management decisions, administered decisions happen in one place. with 5g, all of that is what's called pushed out to the edge so every tower becomes a vulnerability. we will connect 25 billion, roughly, best estimates by 2025. a new internet of things. 25 billion. if you want wireless, excuse me, driverless cars, you need 5g. you need that increased --
decreased latency, increased efficiency, a 99.9% accuracy in the operation of a motor vehicle. that is just huge. that also present all of those ip addresses flying off of that car now become a security risk. all of that data is going to get through into it into a system of which the chinese said we would like to own and build and own the equipment. we can take a few questions, i knew you got a bit a late start, is things that were found, the germans and i have had long discussions on should huawei participate in the german buildup of 5g. and they said even if -- these are the security officials. even if we can get to the point where we don't believe that there are subservient to the chinese state, i believe they are, most of intelligence services believe they are, even in countries that are saying
maybe we should find a way to let them build, he said our biggest complaint is when we identify a vulnerability in their system. so let's just say, let's be altruistic and the government is not involved and intelligence services are not involved in trying to get that data and even attractive services. but once they find out, they are not going to use going to use those to their own purposes for the next 24 months? right? that the study standard that any american company could tolerate in the business. we would not tolerate it. you know of a patch, i vulnerability, you are required to patch. 24 months is a lifetime in cyber security. so think of all the undisclosed administrative functions a huawei gear, meaning they say it's just administered a function that we have to patched so we had to do it externally. we need to send data and retrieve data internationally in
order to continue the function of the giver that in and of itself is not untrue. however, they have undisclosed processes, administered functions, meaning you buy my box, i forgot to tell you about they tell you that the euphoric administrative functions which means they could implant malware, implant surveillance code, etc. into those boxes. all of that i tell you in the flurry to let you know that we
it's really not about that. what level of tolerance will be -- will we allow our data to be in the hands of a government that has proven over and over and over again to use that data against its own citizens for international intellectual property theft, for construction activities. by the way, we think china intelligence services use disruption in cyber recently more than we ever have before, meaning they're going into companies trying to break things, not just steal things. that's a change in policy you imagine if they have the pipes all of them. for good luck, right? we think we can defend it. what other product in the world would you by knowing i'm going to have a security risk? because it's four dollars cheaper. i just don't know any product you would use that for. or you would even tolerate it. but here we are.
we find ourselves in this debate and so hopefully we can come to a better conclusion. i'm really looking forward to the panel today and their discussion. i think it will be very, very helpful to try to flesh out a lot of these issues and differences of opinion maybe even on some of this. with that i'm going to close and try to keep you all on time and see if you have any questions, comments. >> we have time. >> thank you. my question is, is that really possible if we could separate our system between the civilian system and the military or security system? because some country is kind of thinking that if they exclude huawei from their core or security system, that may be enough. so i'm just wondering how do you
think about the risk? >> i don't believe that, because the whole goal to be a part of it -- let me back up. anything for intelligence, if you're going in the intelligence business the most important thing is access, access, access. i need access to people i want to try to recruit, or i need access to information that is of value. the closer you can get to that the better off you are. if i operate a network that isn't even part of the military network, but people around inside a military network are connecting to any other network, and today there's no such, there's no line. you can't say -- unless you're completely cut off. there is no way that the systems you can't touch of the systems. i argue better get this right up front because all of the systems becomes an ecosystem of how the internet operates and functions.
and again, some notion you can say this open internet should be okay versus it closed or semi-closed internet will be different, really is not realistic. people will be bouncing between those networks. anybody that has a a device that they take into their office is bounced between networks. and so that's the part i think people fail to realize. and again, i tried to tell companies, actually i asked my european friends, tell me with the chinese law as it is based today comports with gdpr. it does not. and yet they're willing to walk them into the markets. for what reason we can all suspect. but it doesn't comport. and so if you think the same thing for private companies in the united states, well, i'm trying to get huawei. and the reason they are pushing back by the way, including great american communications company is the fact it's cheap, much cheaper.
if i can steal your intellectual property and i don't have to do all research and development to get to that product, that i can offer it a lot cheaper. i don't have to compete normally in the open market. that's what -- why is cheaper. my argument is are you willing to expose the people use your network to the fact that the information may end up into the intelligence services database of beijing? i argue you shouldn't do that. it could be a liability on the road and it could be brand management down the road. if it comes out and you did it because you want to make an extra four dollars this quarter, have you done anything good for the people were buying that? i would argue not. >> dean cheng, heritage foundation. there's been some pushback in various corners that while the u.s. has charged that among for
example, it's iran's sanctions, that huawei and t-mobile was old-fashioned industrialized espionage, but that no one has yet filed a suit filed charges that specifically argues that huawei engages in cyber espionage and wondering what would be your response to that? because honestly there's a difference between information that is collected by law enforcement information is collected from the intelligence community, and what can be used in a court of law and what cannot? this is one of the biggest arguments, pushback you will hear. so two things. one, i would also add into that the fbi indictment picky to read that i'd encourage everybody to read that indictment, new york huawei indictment, pretty damning. if you talk huawei engaged in
spying for the chinese intelligence service, probably not happening that we would know of. but what is happening is the fact that they are enabling the chinese intelligence service by access control to the networks and those routers to get access to places they probably should not. and if you think about, this is really interesting, if you see this change in human espionage, human intelligence targeting, the last few big cases that have come out, it's pretty interesting what they were tasked to steal. they were not tasked to steal plans for the next, fill in the blank missile system or take her -- tanker or airplane system. that still happens, but they were targeting access, computer access. so they were trying to get credentials inside mail lists, phonebooks if you will, e-mail lists, names, anything that you could get about individuals.
why? because once you have that information, it's much easier to target cyber penetrations into those organizations. and so who enables that? if you are using my gear and i have built-in vulnerabilities, that's how they're doing it. i don't believe that huawei -- i shouldn't say that. i do think huawei has been some interesting things. there's a case in australia where they turned over access information to was administered on a system that was run by huawei individual who was cast -- tasked to pick up something. i argue you are part of an espionage chain if you're doing that, and give it to the chinese government. what was it? information that would make it easier for them to penetrate certain places. huawei didn't steal it but they enabled the chinese government to steal it. this is the other one that really gets me, particularly on
this point. there's something called process hollowing. so the security folks come out and say we think, we will create a center to make sure that we are secure against huawei and zte gear that is going to network and we think we will outsmart the offensive cyber people in china. basically that's what they are saying. they don't use those words but that is exactly what they're saying. by the way, of what other product you want to build your defenses so you can write it and use it because you know it's a vulnerability. this is the dumbest thing i've ever heard in my life, but okay, that's where they're going. germany just announced they're going to do it. britain said that they would do it. that this whole government center sole purpose is to try to prevent huawei from enabling espionage from their system. ok, i know of a better way. don't have them in the first place. but this process is really interesting. this is what we found. even in the british report in july by their cyber center saying we think we have it.
we think within five years we really have it. five years, can you lose a lot to five years? i thought you couldn't. so five years. here's the problem. what they also stated in there, didn't get a lot of attention, was that the equipment and the code that was sent to china for them to test was not binary equivalent to the equipment and code that was put into the networks. which means they cheated, right? this is another example of an ethical problem. they cheated and then the equipment that they put in the network was not the same. so they're using code that they didn't already preapproved for test. the examples of this are crazy. here's the other part of that. if i use process hollowing, so an administrative side of, things we don't see that happen all day long, even the updates happening to your phone call all of those administrative functions, opening files, closing files, moving data, all of that, updating patches and all that stuff that's happening
all day long, right. that happens a ton of times. so multiply that over every device and a recess of you have that is connected externally. it's a legitimate function, using administrative functioning. you take one of those administrative functions, you hollow it out, you go into place malware in their and then you wait. if i ran a test i'm going to go and find out what those guys are doing, i run a test, i could every administered function and an administrative function comes back as that's exactly what it is supposed to be doing. when you're not paying attention, they have way to go into that process, bring that malware out, do what it is supposed to come either be destructive and burn, or in most cases, allowed, to its function come back and hide in this process, this administrative function. tell me how you're going to catch that. i'm inside the cyber visited it -- business. it would be damn near impossible to catch it, unless you see what is actually happening. really hard to do.
and if you think about people are saying that the chip issue or sun microchip, i don't believe that. what i do believe is they didn't find anything. why? that's the steroids process hollowing. i don't know if your member what i'm talking about, where the sun micro company that makes motherboards in china. the intelligence services told way, isany, by the exactly how it happened, they walk in, you're subject to chinese law, the commence a you -- they say you put this ship in those motherboards and we're really interested in these companies in the united states. it's, to me it is, you know, the ultimate process hollowing. that chip is doing absolutely nothing. it is dormant, sleeping. what it's doing is waiting for the right command to touch it, brush past it so it can interject into whatever it is doing. i would argue it's probably in this case stealing for intelligence purposes, right?
then moving that data at a place where it can go somewhere else to do it. it's only doing that intermittently. it's not doing all day long. it's not doing it every minute of every day. it is only doing it when they want it to happen if you're thinking it's going to be back and you'll catch it reporting because this is what it's doing everyday, if you run a test over the board you will not find that chip because it's not doing anything. your system, i don't know how you would find it or i believe you saw, it fits on the top of your finger, almost the size of a pencil lead, on the end of a pencil. i don't know how you would find it. so this is why this big debate about supply chain management, can you manage the supply build of all of this gear in any way that would give you some comfort that is that happening? i would argue the way it is currently happening, no. it's probably going to get worse. that's the answer to the problem. that's why in the united states knows things that didn't want to turn off.
we collect information. that's why i had an open part of my report and declassify part of my report because classified parts, we don't want to disclose to our adversaries about what we know they're up to because our intelligence community needs these access points. forget what are you up to today. that's why you have this conundrum. again, my biggest argument is they have violated every ethical norm of business we can find. three publicly. i don't know why they get a pass. imagine -- would you go to enron today to open it up and say that it's pretty cheap. i like them to do my energy futures. right? not going to happen. we would not allow that to happen. this is exactly what we are doing with huawei. we are saying yes come here all of these criminal problems, you violated sanctions in violations of u.n. sanctions by the way, we see that you've done all of these bad things.
money launder, your stolen intellectual property, but come on in. we are going to build a government center so that we can make sure that you are not doing more of what you've already shown us that you willing to do, including today. like i said the binary equivalency issue. 30 specific. -- pretty significant. or not patching for 24 months. i don't believe that's an accident. i believe -- this is what i believe based on all my knowledge of how to operate, that they knew about those vulnerability's. you got them in their vulnerabilities, thank you very much tech guys in germany, and to realize that in order to make sure that the next series of all of those they have to use the ones they got. let's put that at a giant inbox hopefully maybe in a couple of months because somebody is utilizing those vulnerabilities and you can't track and one of them. it would be nearly impossible to do. that's the argument for that. i do think the fbi now has a program with our american businesses and if you're willing to sign all their forms will
give you a little more up, more beat up explanation why you should be concerned about huawei and cte here in your networks. not the best way to do it but i argue i don't know if we have any other good way to get to that same conclusion that's all kind of happening today. once you lose by the way, but let's just say we all give up and let them have it, good luck trying to figure out a way out of this. how do you do that? would cost trillions of dollars if all that gear is dispersed around the world. item about how people would go in and rip this gear. some companies have. think of all the things that we know at how a reasonable rational person come to the conclusion that haven't everybody else, it's not going to happen to me. remember nine nigerian prince -- the nigerian prince emails we used to get? i only fell for that three times. after a while, everybody gets
it. you don't respond to the nigerian prince. my argument is this is the mother of all nigerian prince emails right in front of us. and yet we continue to say come on in. we will beat you at your again. come on. thanks for having me. thanks for being here. thanks for having this discussion. i think it is critical important that you are on it at a think every critical time, thanks to the heritage foundation. appreciate it very much. [applause] >> bring our panel on.
that was a great presentation from somebody who knows the subject matter very well, and extremity of the highest levels of the u.s. government, with a a lot of clarity. put a lot of value in what congressman rogers said today, and we are not able to follow that up with an expert panel, not only good friends of mine for some of the brightest minds on these issues. and i've asked them to address a range of questions on some fundamental issues like what is 5g, why is this emerging as a new battleground. why are there national security implications to the state of the five eyes debate and how it could affect alliance coordination if huawei is let a -- allowed into one member of this intelligence sharing network. we have already seems so reports that suggest the u.s. would be forced to restrict intelligence sharing with any partner nation that allowed huawei into the 5g networks. so there is some ground-level stuff and there is some quite sophisticated questions that hope we can cover today. and to accomplish that i have to my immediate left our senior fellow, senior research fellow
on china's chinese political and security affairs come he specializes in china's military and for policy, previously worked for 13 years a senior analyst for the office of technology assessment is as an analyst and international security and program. to his left is klon kitchen who leads tech policy here at heritage where he is a senior fellow for technology, national security and science policy. prior to joining heritage, klon was a national security adviser to a u.s. senator and a 15 year veteran of u.s. intelligence community. and to his left we have john hemmings, dr. john hemmings, visiting scholar from the united kingdom. an adjunct fellow at csis, currently in the states for a few weeks doing a project with the japan chair at csis, but he lives the remainder of the year
in london where he is the asia studies director and deputy research director at the henry jackson society and adjunct . john was here at heritage a few weeks back to talk about the role of the uk and the indo-pacific and to cover cybersecurity questions, which he has been focusing on now for some time and i think brings an important perspective from the u.s. ally that is have a very -- having a very contentious debate about this very subject. so i think dean is going to kick us off and then we will move to john and finish up with klon. and i will offer some closing remarks and hope it will lead time for q&a. so with that, dean, kick us off. >> good morning and thank you all for coming on this lovely, bright washington morning. i'm going to try and provide some context here for the rest of this discussion because there
is -- all you have to do is read the papers, watch the news, read the internet to know that there's a lot of discussion about chinese cyber activity, but too often it's almost like whack-a-mole. look, here's some place that got hacked by the chinese. look, here's a threat that's emerging. and let me suggest here that it's important to understand how the chinese think about information in order to place these events into context. i'm going to lay out a couple of key concepts here. the first is comprehensive national power. this is how the chinese think about themselves and all the various other countries, it is partly issue of how to compare countries as diverse as brazil, the united states, kenya, china? and feeding into comprehensive national power are such important elements as military power, national security, national self-defense, economic power, or economic capacity.
the potential that supports the actual political unity. diplomatic recognition, science and technology capacity. you don't want to make other people's washing machines and t-shirts. you would like them to run your operating systems. you want to have the ability to deploy your own spaces. even cultural security. do other people want to be like you? elemental to every element of comprehensive national power is information, as the chinese now envision it. we now live in the chinese view. in the information age. we have transitioned out of the industrial age. why this matters is because the currency of national power has now evolved.
when we lived in the industrial age, the most important things were often physical. how many tons did you have to smelt to produce aluminum? how many ships did you move this year? how many airplanes. it is not that those things don't matter. but rather, the most important thing in the information age is the ability to generate, to transmit, to analyze, and to exploit information. more rapidly and more accurately than other countries, namely your adversaries. second of all is china's self conception. for those of you who are familiar with physics -- i'm not a physicist -- there is a concept called schrodinger's cat, which is basically put a cat in a box and there is a little container of poison gas -- no animals have been harmed
in the course of writing this speech -- each has a 50% chance of going off in killing the cap in the box -- cat in the box. the question is, is the cat alive or dead? in a sense, it is half alive and half dead. china is simultaneously a developing country and a developed country. monday, wednesday, friday, china is a developing country. it should not be expected to abide by absolute ip rules or greenhouse gas emission constraints upon developed countries. if you look at the gdp per capita, it is quite low. on tuesday, thursday, saturday, and alternating sundays, it is a fully developed country. therefore it sits on the u.n. permanent five. it has veto power. it sits at the head of major international organizations. it expects to have a say in the establishment of global norms and standards.
for xi jinping and also his , the prc right now is more developing then developed. xi has laid out the objective. that it will be a mid-level country by the 20 30's. arguably measured in terms of gdp per capita. by 2049, the 100th anniversary of the people's republic of china, it will be a developed country. it will be a comparable state to the united states or great britain or germany or japan. again, the key to achieving this is through information. access, exploitation, analysis, generation. within this context of global, broad strategic ends, we see that china has a distinct interest in the internet.
both the physical aspects, but also the governments. we have the entity that basically helps manage the internet. who gets a suffix. .cn, .ca, .tw. versus the united nations telecommunications unit. the reason why it matters is because ican subscribes to a multi-stakeholder approach. who has a say or gets the prefix, everybody. corporations, religious organizations, ngo's, governments. from the chinese perspective, this is not a positive approach. china supports the idea of the i.t.u.
managing the internet. because only nations sit on the i.t.u. what is the golden role? them's who have the gold makes the rules. if they canse case, establish out the internet is governed, a a lot of things have gotten easier. this office about the internet, it is politics. why in the world should taiwan have its own suffix? operating within a.cn because it is part of china. this is the chinese position and does not necessarily reflect the position of the speaker. it is headed by a chinese official, who in interviews before he assumed that position, he talked about the fact that he was very much in disagreement with the current internet governing standards. beneath that our national
internet registries. that is the asia-pacific network information center and beneath registries.ional the chinese very strongly tried to direct not only themselves or other players to go through the chinese national internet registry, rather than the asian-pacific one. that allows the chinese have more of a say as well as better visibility into who is getting internet access. that is governance. protocols, you heard representative rogers talk about redirection. what has been found by two professors is that china has been openly redirecting entire swaths of internet traffic into china.
maybe i will simply redirect, like a train switch or lock on a canal, traffic into china. how does it do this? china telecom, one of the key major core entities that helps manage global internet, has multiple points of presence in north america. it can basically issue out, hey we have relatively, less traffic over here. when you send an email at the heritage foundation to los angeles, it might go by way of chicago and across the u.s. or if it is less traffic, if it is faster, it might go across the atlantic to london to saudi arabia to india to japan to the united states. it may sound illogical, but depending on time of day and other things, basically, there are beacons saying, this is a
little faster. what china telecom was doing is saying, we are way faster, so send all your data through here. then it got shunted across the pacific into china where it goes into a black box and comes out the other side. nobody said it disappeared, but it went into china. for what purpose? it could be that they were examining it. that is a very major problem. that is not what you are supposed to do with data. you are supposed to move it as rapidly as possible. this has been independently confirmed by oracle. which then brings us to huawei and 5g. what we see our internet governance issues. we see broad backbone issues.
then we see individual companies engaging in the production of the next generation. i'm not going to go into the technical details. frankly, a measure unqualified at all to even be on this panel. i will note the following comparison. i am poly sci. imagine you are going into a blood transfusion and you were accidentally given blood that had hepatitis b and the doctors find out. what they cannot do after diagnosing this is to pull all of the hepatitis b contaminated blood out of your system. it is not like they can look at every individual corpuscle. the problem with the internet as it functions is that as we saw with bgp, information transits across the global, physical infrastructure. you don't actually get to pick and choose which pieces you transmit over.
if your country is a fundamental part of that backbone, that infrastructure, and that backbone is contaminated, it is not at all clear how you would avoid that. if you had chips, if you had servers and routers that were recording or redirecting or introducing malware or otherwise contaminating the flow, it is not clear once you hit a tipping point that you can even avoid being contaminated. what i would suggest is that to a large extent, there is the interesting challenge of an informational pandemic. we talk about malware and viruses. the potential ability to introduce or severely adversely
affect global information, transmission, and exploitation. thank you very much. >> john? >> yes, thank you very much. i would like to say thank you to my friend here and all my friends here at heritage for having me here to speak. similarly, i come at this not as and allowances guide -- alliances guy, not as a technical expert or someone who has an engineering or coding background. my short route into this was from 2016 when china became one of the largest foreign direct investors internationally and spiked a large amount of investment into the advanced economies, particularly in europe and you saw a lot of that investment going to very strategic sectors, critical national infrastructure, digital infrastructure, and the technology of tomorrow. there was a bit of a wake-up
call. i was chatting with someone earlier who mentioned the german reaction. i was brought into the debate and was astonished to see a british prime minister essentially fold under the pressure of china using very coercive means by using british newspapers. to push her to not do a security review over a sensitive part of our infrastructure and she almost lost. that was kind of a wake-up call. whatever happened to know domestic interference? a new age has donned upon us in which technology, interference, and political leveraging apart of western allies has become a dominant theme in chinese foreign-policy. it is one we have to wake up to. i come to this from that area to some extent i think there is a important role for think tanks to play in this because it is a complex issue. it is one around which there is
very urgent sense of timing, particularly coming from the carriers. a lot of the companies wanting to push a 5g as quickly as. fire the torpedoes and dam the results. we are not even sure of all the social effects of 5g. as was mentioned earlier by representative rogers 5g itself is going to complicate life. to then add in a malign actor. that is bringing us to think tanks in the west who are going to defend the values and principles of the republic or parliamentary democracy. they need to have these debates very urgently. very few people in the u.k. are talking about it. to my astonishment.
very few people despite the government for the occasional haphazard press article, but unfortunately they are restricted to very heavy deadlines with a constant rate of writing. there are very few experts, so i think i'm particularly pleased to be on this debate. i'm not particularly pleased to be on the debate given the situation the u.k. is in. i'm not here on the wings of victory. fact is, in three weeks, the united kingdom is going to make a decision or at least anyway the telecoms supply chain review will finish. that is currently being carried out by two parts of the british government. essentially it follows from the report that came out from the oversight board, which is inside the center they are constantly checking, constantly looking through huawei equipment.
they are cleared by british intelligence, so there is a level of oversight that i think is responsible. at the end of the day, political pressure and investment is badly needed. although i'm sure the men and women inside the national cyber security center are all doing their jobs, at the into the day, someone has to make a decision on this has got to be someone who has not been influenced by china through their internet. it has to be someone who has all the facts in front of them and someone who is not being pushed by only commercial means because it is a question that involves every single one of us in this room and not merely businesses. so, the short of it and i will try to run through this quickly -- what i will talk about quickly is a brief overview of the british situation and why it
is important to the alliance. i may be singing to the choir. i don't know how much people are attuned to this. in terms of the british story, it begins in the 2000 cost, with british telecom ripping out all of its copper wires and going digital. and being approached by huawei as one of the vendors during the auctions. at that time, it went to the cabinet office in the situation was set up in which the banbury center was established. there was the time no oversight board, so the whole process that occurred out of sight of ministers. so malcolm rivkin, a great friend to the henry jackson society and a very strong friend of the transatlantic alliance, was compelled to write a superb parliamentary report on that. i urge you to look at that if you want to dip your toe in
supply chain security and telecoms sector. it happened without real ministerial oversight. you had the sense that the price single had impelled the decision. furthermore, there was no framework within government in which to say for example, british telecom, you have signed a contract and we are going to have to ask you to un-sign it. with the british government the responsible for lost revenue? there was a tricky legal issue in which the united kingdom was not ready for this situation in a tricky policy way. that is true of the entire 5g conversation. that is why i urge more think tanks and research to really start talking about this, so policy can lead to better legislation. following the 2013 report by malcolm rifkin and the intelligence and security committee, we then have the oversight board.
as has already been mentioned by myself and representative rogers, this summer's report came out and reported to real issues. just to make it clear, china was not accused of nefarious activity. what was accused of was consistently bad code, consistently, and not consistently giving data on what was in their hardware products, their structural products. what is inside the packaging? so often when you get these components, from many carriers you will have an idea of what exactly goes into it. huawei is not providing the data. the british decided they would push very hard on it and there were very stern discussions with representatives of banbury center, which pushed back very strongly. and the u.k. government said, thank you very much for coming. having said that, we are in a brexit period.
a period when british politicians and public are concerned. we know the lack of the market access is coming. we are drifting toward the indo-pacific to find if that presents us with alternatives. in terms of market access. huawei is very cleverly plugged into the spy promising -- plugged into this by promising more investment, up to $2 billion if we just go with things as they are. they insisted that all the changes that the u.k. government wants would require five years and maybe $5 billion in costs for themselves. where is that money going to come from? anyway, i'm working on something that will feed into the parliamentary debate in the next few weeks, which is why i look like i have not slept much. the questions that i would pose, -- i suppose i would like to it is not just to the panel here people in the
audience who might know better than i, but it is certainly questions that are driving the shape of my research at the moment. is 4g even potentially mitigateable? were the british kidding themselves? we had the acting assistant secretary of defense on march 12 say she can see no way that it was mitigateable. so, 5g. to what extent is it going to be mitigateable? can we mitigate it? to have the actual architect to be maligned. case of asking the fox to defend the hands. he is a great fox, reliable he digs under fences really great, we will put him in. the question of nefariousness, which there is a big debate about huawei. we did not mention the africa union track. -- hack.
i'm tracking the hacking stories and there are stories out there. the african union one people have done great work on this and the fact that there has been published a very good review of that. they cleaned up the bugs. they stopped what was apparently huaweise team -- zte and server from essentially sending out huge amounts of data every night at 2:00 a.m., they stopped all that, and then they just went silent about it. why? they are reliant heavily on africa for infrastructure investment. this is one of the things that it seems -- and i can't say without any proof --it seems that huawei is very good at being a tool of the chinese state, in the sense that it is part of the packaging. that if they wish, they can bring out the heavy pr machine, they can also put on the table a huge amount of investment, and even worse, they can take that off the table, as they did during the debates with the united kingdom, when they
threatened to take $5 billion off the table of theresa may asked them for a security review. how dare she. having said that, the africa union, the australian report that they have done on a hack, which i think is worth looking at, and there is a third-party country that australian intelligence has written about, they will not publish that, i think out of respect for the third country, which has a very heavy dependence on the chinese economy. however, i urge you to look that up. is it not a red herring to chase the smoking gun? is it not a red herring to say they have done it here, they have done it there? is it more sensible, this is a question i am grappling with and others,ught about and it does not matter whether they have been caught or not. are they going to do it anyway because of the context in which they sit?
they are a national company, not just of china. it was democratic china, whatever. but a china that under xi jinping that is pushing for political power as a party, that is consolidating state owned enterprises and their role in the state economy, that is pushing more interference and influence campaigns abroad. it is not just that it is huawei, chinese, foreign, therefore we can't like it. i think it is the nature of china, the host of the company. of course we can say google and facebook and amazon do these things, but at the end of the day, you can catch them. you can call them out legally. you can have them come up the hill and testify. one of the things we have heard a lot during this huawei debate is what about snowden? that is a great example. he is someone who has brought up a debate out in public, whether for good or evil. there is no chinese snowden because if anyone said anything,
they would be immediately liquidated. to some extent, liberal democracy should remember that the fact that we look so leaky, although it is terrible, is also a sign that we do have that internal debate, that there is transparency and accountability. i end and improbably dragging it to minutes over with just a kind of re-assertion of the five i's. to the u.s. having lived in the u.k. and been in whitehall many years, the amount of interoperability is amazing. you have to see it to believe it. the fact that there are american serviceman walking around the ministry of defense. i can go to the pentagon and chat with an australian. the fact that we work so well together is why liberal democracies, yes, we have anglo-saxon roots, but we are all multicultural now, we are all fairly pluralistic and open. i think it is one of those great intelligence alliances that does
form the backbone of nato. it would definitely be in china's interest to subvert and fragment them. certainly not in our interest. i do hope whatever the british decision is that we work with the british rather than throwing people out. that we work with them to persuade them. with that, i give up. >> i'm going to try to address three specific points. first point is i want to engage directly with the public skepticism of this important issue. it is popular right now in this time of innovation to constantly be hearing about world changing technological advances. you are told that the iphone 8 is going to be categorically different than the iphone 7s and it is going to change your life
in ways you never imagine. we get the iphone 8 and we play with it and it has a bigger screen and it feels good and it is not categorically different. we as a culture have been conditioned to this type of dulling of our sensitivity to innovation. innovation feel so normal now. i want to recognize that and understand why that is a defining context in terms of the general population's understanding of these issues and even to the men and women working on capitol hill, how they understand this issue. i also want to poke a hole in that balloon. i don't think that is the best understanding of this situation. i don't we should be lulled into complacency. simply because the vocabulary of innovation is so hyperbolic. instead, i should say that when we talk about 10 gigabyte access on our mobile phones, what that means is that is that is 600
times faster than what you get on 4g. that is 10 times faster than the broadband wi-fi you experience in your homes. we are talking about exponential change. not just in terms of how quickly you can download a movie, but into the actual types of data at the can be collected and co-mingled and assessed in real time. sensors that have not been put on these types of devices because they have placed too much of a burden on the underlying network will be on here. the type of cloud compute capability that will be enabled by this type of network will allow this to do a type of computational activity in terms of like ai apps that are legitimate and real that are currently unthinkable right now. so, what i would like to do is help you understand that 5g is not just a faster phone.
it is the difference between the steam engine and the internal combustion engine. it is a categorical change and evolution in terms of ultimate capacity. it's that is in part why you are hearing the urgency within the technical community, within the governance community, because this technical capacity is going to be an underlying capability that will enable a whole host of new innovations, many of which we have not begun to think about yet. so, i think being lulled into a type of dismissiveness is the wrong, understandable, but ultimately wrong response to this. by second and third points will be looking at the national security concerns that the united states has. two different aspects, both of them important, other than relevant, complement. come and intermingling. the first is concerning the united states general innovative posture and capability. our ability to compete in these
emerging technology environments. concerns about china developing and deploying 5g wireless networks faster than us is because if beijing meaningfully 5g deploys quicker than us, they will be realizing the technological benefits before us as well. in other words, to the degree that china is able to field this technology and begin innovating off this technology, they will realize the benefits of that faster than we can and that will not only affect the domestic economy and all the cool stuff that many chinese, and an increasingly large number of chinese get to experience. the won't be just made better, they want to take more pictures, but society as a whole will begin doing interesting things. not just economically, but also militarily.
so, when we think about key technological advances like artificial intelligence, the lifeblood of ai's data. -- of ai is data. china has a significant advantage just in the number of pure potential sources of data, the sheer numbers of people. on top of that, they have virtually an uncontested freedom of the -- up movement to collect that data. will allow them to get that data and process the data, and then to exploit the data in ways currently unheard of and never before experienced. this will almost inevitably lead to interesting innovations, some of applications we will hate. in terms of the imprisonment of their people and others. but some will want to minnick and have ourselves, and not just have ourselves, to be the chief exporter and provider globally of those things.
seek toed states is not cede its leadership in technology and innovation to china. not just because we don't like being displaced, but because we think that could be a net negative for the world, particularly as we understand how china tends to use the technology. we have a genuine concern about our overall competitive posture if we are unable to deploy 5g technology in a way that is definitive, if not superior, to china. but the second aspect of national security is the specific issue that has been brought up by all the speakers until this point. i will refer to that clumsily as the counterintelligence threat. the threat of chinese espionage over 5g networks. qualityre talking about -- huawei is because they are only covering on the face of the
planet that can develop and run an entire 5g network. they are the only ones. they literally have a five g network in a box and they will seek to deploy that to the states that are increasingly client states in africa and elsewhere. this,ave been able to do it is a strategic realization of an objective of the country of china. their research and development and operating costs are subsidized, allowing them to offer a very good product at below market values. our own free markets have allowed them to assume a driver's seat, because they did offer a very good product more cheaply than we could get alternatively. we talk about baby bells, local telecommunications companies here in that state significant portions of them have quality -- have huawei
infrastructure. so when they come to me disparities and saves the problem, they rightly look back and say i can't afford to rip everything out and replace it. by the way, you let them in their. problem, aa genuine genuine challenge your chinese hua ines in general and particularwei -- huawei in in lot required to assist in national security efforts there is no out, no alternative. if the chinese government comes to you and requests for information, your data, access to your public and you networks, the only choice you have is to comply. the chinese government also can legally hack into any chinese
companies that they want. reason, for whatever someone did put up a fight and declined an invitation to comply to help the chinese government, the chinese government is legally empowered to gain access to technical been state any network inside of china. and they will, and they can. whether you are convinced of their complicity or willingness to work with the government, the simple fact is that they are a chinese company operating in china, whose data networks flow back into china, and therefore, it is only safe to presume that the chinese government will have access to that data. finally, because of the way 5g networks work, previous divisions in previous generations of wireless networks between the core, the cloud the edge, those are being erased. that is part of the promise of
complexg able to do computing on the edge is mobile enable all kinds of wonderful thing. but the flipside is that any significant endpoint on any in the past we have maintained basic firewalls between edge, cloud components and core components and build sandboxes but that is all gone. those are intermingling. those are almost irrelevant. and any hostile foreign agent, and doesn't need a back door. when the government does a review of the hardware and software. the hardware and software is all good in taking a look. there is no back door. they don't need one.
all they need is legitimate presence on the network so they can build laterally from there. these are -- not only is the technology categorically different but the security concerns are categorically different because the technology is so radically changing. what this conversation is about and the broader conversation in general is you are seeing a nation like ours struggle with this reality. but having to do so, something you've not been able to do and that is why you are seeing a sense of urgency particularly with national security spheres, this is rolling out in august 2020, likely a decade before we realize all of this but 2020 is not a long time to figure out our national telecommunications wireless infrastructure so that is not just going to happen so i
would urge us not to be lulled into passive that he just because we are inundated with innovation all the time but to understand this action is a pressing problem that demand serious work. >> to all our panelists, before taking a question or two, a question or two, a remark on the debate about huawei in the u.s. and the state of debate and far too often i have seen discussion or concerns about huawei diluted with the charge that there is no smoking gun. something representative rogers addressed and talked about briefly but it is actually drilling down for just a minute into this question and these doubts that there is no action for intelligence.
they would have shared the intelligence with us and the world, maybe this is just a witchhunt to keep china down, to stifle competition. first, you don't need a smoking gun, there are credible concerns about what huawei might do in a 5g network and that is because of the nature of china, they have a national intelligence logger that compels them to share intelligence with chinese state. huawei could be exploited for intelligence purposes by the chinese government with or without the government -- the company's complicity. these risks are not just about huawei but are inherent to the system and constraints within which the company operates under the authority of the conference party. the second reason you would be suspicious even if huawei were squeaky clean is china presents unprecedented espionage, clear for over a decade.
the director of the fbi, the chinese counterintelligence threat is more deep, diverse, more challenging, more comprehensive and more concerning than any intelligence threat to think of. the number of economic investigations the fbi is pursuing his double in recent years and all of them lead back to china. there is a persistent threat from any chinese firm, reasonable to be extra cautious, extra wary if they were squeaky clean. is huawei squeaky clean? no. the record suggests it isn't and in part we don't have a clear picture of its record. there is sensitive intelligence they cannot share with us. there are examples of chinese
espionage that remain classified. i have seen them. i know them to be true. there shouldn't be any question there are clear links to the chinese intelligence services. the person who led the commerce department review of national security and espionage concerns related to high-technology trade with china, doctor james lewis, even with our lack of access to that sensitive classified intelligence, what do we know in the public realm? the us has been grappling with this. it was in 2008 the obama administration and u.s. congress blocked the sale of us software company to huawei. in 2010 they prevented sprint nextel on national security concerns. the commerce department over national security concerns, this goes back over ten years we have had these concerns and it is not just the us, australia, japan and several european governments have independently looked at this question and independently
concluded the company poses a national security threat and should be restricted from certain networks. the pentagon has concluded that huawei maintains close ties with the peoples liberation army. the defense department will not allow for huawei phones to be sold on military bases in the u.s. the part of justice referenced earlier uncovered an internal huawei memo that the company was offering bonuses to employees who succeeded in stealing confidential information to other companies. just this year, i will end on this note, in january the fbi-related the san diego office in us firms, charged with buying.
a grand jury in seattle alleged ten federal crimes were affiliated, which fbi director christopher ray said huawei systematically sought to steal valuable it and gain unfair market advantage and outlined to a t-mobile lab, to take photos, measurement and other protected information and steal a robotic arm. again, it is not squeaky clean. intelligence reports given to intelligence, chinese espionage services used huawei staff to infiltrate a foreign network. company officials pressed upon password and network details to enable china's intelligence services to gain access and last but not least the founder of huawei started his career in the chinese military reportedly serving as director of the
peoples liberation army information engineering university which trained technical specialists in cyber attack and defense. i would like to open the floor to questions. i was told we had the room until 12:00. we now have until 11:30 to make room for another group. we have 10 minutes for q&a. i want to thank the panel for the information you have given us. in the us and elsewhere the debate is framed whether to allow huawei to provide components from building of a 5g network. given huawei's ubiquity in the current network, the existing network, the interconnectivity globally of the network, it would seem to me whether or not
huawei provides components is beside the point in terms of security. to build a close network or the current chinese components, i don't understand how to get to that security. >> part of that was addressed briefly, some of these countries are 50% and they face a significant challenge in trying to rip things out but in the us we are not quite in that scenario, the represent 2% of the system. >> the point is correct, the framing of an information pandemic.
we are not guaranteed not to get infected no matter what we do. it could be a problem. there is something to be said about trying to keep the infected body as far away from you as possible rather than hugging all the time. i think that is the balance the u.s. is trying to find. in my conversation i mentioned a significant presence on the network could have influence over the broader network. that is true. the us 5g network, it is not the intranet itself. we are talking infrastructure. it is not actually right to assume our 5g internet necessarily touches every other international global 5g internet and that is a manageable exchange that we can handle.
the broader concern about the potential of an informational pandemic is precisely why you are watching as aggressively as they are. they realize this interconnectivity and sharing we have grown accustomed to it is necessary for modern national security poses a significant risk when any participant is potentially compromised. the short answer then is you are never going to escape at all but that doesn't mean you should stop caring and throw your heads down. thank you for taking my question. i am from japan and i want to put a question in perspective,
two questions. i agree huawei threat is real and donald trump has occasionally implied the criminal justice enforcement issue surrounding huawei with the us china trade folks. i was wondering if this approach could undermine the rule of law at do process which is the cornerstone of democracy which is the greatest comparative advantage to china and the other is donald trump praised dictators and castigated the us democratic allies. so that level of concern about us commitment to its allies in europe and japan, what is the
key to keep china from exercising its long-standing country against another. >> why don't you explain the strategy? >> ouch. how about allies? on the allies, try not to use a hammer with this, have to pay to have u.s. troops on your soil. all that goes down really well. i actually agree completely with the 2% d bates. from a political science perspective, nonfunctional for one partner to pay 70% of defense and the others combined only 30 but there's a way to
have the conversation in terms of how they go forward and institutionalize sharing of intelligence on telecom and national security more than we do. that means a power push and partners like germany and japan and do think what malcolm turnbull said in london last week at my society is absolutely true, they have a 5g provider, we need to turn that around and i don't know if 35 is a bad example of what countries can do but i'm sure between the 5 of us, countries like japan, we could within a short space of time turn that around. >> final question. >> my name is hunt morris from
national public radio. i find it astonishing there is no american company that can provide a 5g network. does that mean the american industry companies were caught asleep at the wheel? the second point, what is the solution? there are two european companies that can provide the network. why isn't there a joint approach to say let's put these companies to competition and make some offers. the third question, economic espionage. americans have been spying in germany, russians have been spying in germany everywhere else, chinese have been spying. that was mentioned. isn't the real problem more or less the new dimension we are approaching? you mentioned that 5g means a
combination with quantum computers, artificial intelligence and a few other things, cloud computing, we are getting a new ecosystem and is that the right approach, to jump into it at high speed which 5g obviously means? the internet of things is supposed to be connected in the next 15 or 20 years and therefore having the plate twofold? there is a threefold question. i will do my best to engage as much as possible. one point you make. the united states government does not conduct's -- economic espionage. we are legally prohibited observed that rule.
unlike our european allies. two. in terms of the us or our european allies not having domestic equivalence of huawei, a couple things. not the we lack the technical capacity. we absolutely can and i like the idea that if we get the fire lit underneath us we could pool something to gather. as to why we find ourselves here to begin with, that is a number of reasons that has occurred. outsourcing portions of network development particularly in china is the cost-effective way to do this. as i mentioned, chinese companies huawei in particular have been subsidized and conducted systemic ip theft
capability that allowed them to leap over the prohibitive costs, they build domestic equivalent and sell it on the cheap as subsidized by the government. our market is migrated to the cheap good enough option and i falls in part our governments in not engaging more deliberately and effectively and seeing around the corner more than necessary, the inescapable conclusion you would have to draw in terms of how it leaves you vulnerable. in an information age, the networks and pipes that carry information is critical. we have seen this in the industrial control systems. 5 weeks ago the director of national intelligence testified before congress the china and russia have a current capacity to disrupt critical infrastructure for weeks and just in time economy that equals
a lot more than flickering lights and much of the security around industrial control systems have been offloaded to the companies themselves. part of this in terms of your question why don't we stop and think about this? there are two aspects. even if the united states did that there is no way china would. talk about a country that does human biological tech experiments, they are experimenting as to organic night vision and human genome testing. they will not be constrained. and also, one of the reasons the us and the west in general had the dynamism we had is we have a permissionless innovation environment. no one has to and no one should
have to ask permission to pursue new opportunities and develop cool stuff. that innovation, that dynamism, we have innovated that. a gentle push back because germany is a significant -- why is there no german version? why did germany only setup cybercommand? i think it is important to deck out the american weaknesses but germany is an advanced economy. there is a bit of self-analysis that we be good in the piece that you write. >> [inaudible] >> the auto industry wants to
have 5g and we can talk "after words". >> this has been great. i am consistently in our of these guys who do such good work, i'm thrilled with how the remarks by representative rogers, a deeply consequential issue, not going anywhere anytime soon and they will not stay on top of this in years ahead so tune in because we will be back, thank you all. [applause] [inaudible conversations]
>> c-span's washington journal. live every day with news and policy issues that impact you. saturday morning, nicholas armstrong with syracuse university's institute for veterans and military families. talking about job opportunities for veterans. the open market institute discusses an article in the american conservative about the u.s. agriculture injury -- industry and its impact on rural america. i talk about the flooding in the midwest and how floodplain management determines the amount of damage letters -- that occurs. life at 7:00 eastern saturday morning. during the discussion. night on q&a, a two-time pulitzer prize-winning author on his book and his
search to find out how political power works. into aent up the stairs modest cottage. he had torn out the walls at the end. it was all one big picture. he sat in the center of this big leather chair. you look to the left of him out the window, the robert moses bridge. if you look at the right hand of roberttower moses's estate. intimidating. he got up, i will never forget. he had this wonderful smile. tough old guy. , still at the height of his power. he was 78 then. youngd, so you are the fellow who thinks he's going to write a book about me. night at caro, sunday
8:00 eastern on c-span schema day. -- c-span's q&a. robert mueller has completed his investigation of russian interference into the 2016 investigation after 22 months. his report has been delivered to the attorney general and the justice department announced that the attorney general sent a letter to congress to inform lawmakers. the white house press secretary reacted to the release tweeting, the next steps are up to the attorney general. we look forward to the process taking its course. the white house has not received or been briefed on the special counsel's report. the attorney general says he may provide congress with a special conclusion as soon as this weekend. an official has described the report is comprehensive. charges were filed against 37 defendants. seven has pleaded guilty. one was convicted. several congressional leaders
have also reacted to the news. i welcomennell said, the announcement that the special counsel has finally completed its investigation into russia's efforts to interfere in the 2016 elections. many republicans have believed that russia poses a significant threat to american interests. i hope the report will help inform and improve our efforts to protect our democracy. democratic leaders in the house and senate released a joint statement that reads, now that the special counsel has submitted his report to the attorney general, it is imperative to make the full report public. and provide its underlying documentation and findings to congress. the statement says that the attorney general should not give president trump or his lawyers or staff any sneak preview of the report findings or evidence. a senior justice department official, cnn reports, no further indictments from the special counsel are expected. you can follow c-span and
c-span.org for updates on the release of the investigation. new zealand prime minister held a news conference following the deadly shootings at two mosques in christchurch on march 15. she announced a ban on all military style semi automatic weapons. the minister of police was also at the briefing. >> welcome, everyone. net --ion wishes witnessed a terrorist attack that demonstrated the weakness of new zealand's gun laws. datesgulation of arms back to 1983. sadly since that time, the most substantive changes came following a shooting.