Wired

The National Security Agency’s global spy operation may seem unstoppable, but there’s at least one target that has proven to be a formidable obstacle: the Chinese communications technology firm Huawei, whose growth could threaten the agency’s much-publicized digital spying powers.

An unfamiliar name to American consumers, Huawei produces products that are swiftly being installed in the Internet backbone in many regions of the world, displacing some of the western-built equipment that the NSA knows -- and presumably knows how to exploit -- so well. That obstacle is growing bigger each year as routers and other networking equipment made by Huawei Technologies and its offshoot, Huawei Marine Networks, become more ubiquitous. The NSA and other US agencies have long been concerned that the Chinese government or military -- Huawei’s founder is a former officer in the People’s Liberation Army -- may have installed backdoors in Huawei equipment, enabling it for surveillance. But an even bigger concern is that with the growing ubiquity of Huawei products, the NSA’s own surveillance network could grow dark in areas where the equipment is used. For that reason, as the latest Snowden revelations showed, the spy agency reportedly hacked Huawei as part of an operation launched in 2007. The plan involved stealing source code for some of Huawei’s products in the hope of finding vulnerabilities. Such security holes could allow the NSA to exploit the products and spy on traffic in countries where Huawei equipment is used -- such as Iran, Afghanistan, Pakistan, Kenya, and Cuba. “Many of our targets communicate over Huawei-produced products,” an internal NSA document obtained by Snowden noted in 2010, according to the New York Times. “We want to make sure that we know how to exploit these products … to gain access to networks of interest” around the world.

[Commentary] The US government announced, in a smart front-footed move, that it intends to release oversight of its long-treasured Internet Assigned Numbers Authority (IANA) contract under which the US Commerce Department contracts Internet Corporation for Assigned Names and Numbers (ICANN), a private US company, to perform key Internet administration tasks.

This prescriptive, carefully-limited announcement is the long-awaited fulfilment of a promise made 16 years ago when ICANN first came into being, and it would be the first time since the net's inception that the US government would abandon formal oversight. Of course, US vested interests in ICANN as a US-based company, subject to US law, and partial to US industry, remain, as does the almighty US technical and economic leverage over the digital ecosystem.

Contrary to reactions by US conservatives, this recent move barely diminishes that control, at least not immediately. Instead, it marks an early strategic play by the US to control future discussions of net governance. What it changes, to uncertain ends, is the balance of power between US public and private interests. We are moving inexorably towards a situation where enormous amounts of control are centered in private hands, often beyond the scope of effective regulation. This should be a matter of great concern.

[Powles researches and writes on law, science and technology at the University of Cambridge]