Huawei threatens to sue Czech Republic over espionage allegations

PRAGUE — With tensions rising amid a Europe-wide crackdown on Chinese mobile operator Huawei over alleged security risks, the conglomerate on Friday threatened to sue the Czech Republic if its cybersecurity agency does not withdraw a warning against Huawei products that has stunted its business in the small NATO county.

Excerpts of a leaked Huawei letter, addressed to Prime Minister Andrej Babis and the director of the National Cyber and Information Security Agency (NCISA), appeared in the local media outlet Dennik N, rebuffing a warning issued in December that Huawei could be used as a tool by China to commit widespread espionage.

The threat of legal action from Huawei comes as the latest in a series of escalations over who is to control the development of lucrative fifth-generation (5G) networks in the European Union. It also comes following a year-long campaign by the United States to restrict the use of Chinese technology at home and abroad.

Central Europe is considered an increasingly important part of that effort, with US Secretary of State Mike Pompeo in Hungary to kick-off a tour of Visegrad countries, which will in part address Huawei’s vast reach in the region. Last month, Poland arrested a Chinese employee of Huawei and a Polish national involved in cyber-business on allegations of spying.

In the Czech Republic, pro-Chinese President Milos Zeman last year signed off on a deal between Huawei and London-based Vodafone that would see the development of a 5G network expected to cost US$8 billion. But on December 17, the NCISA warned that both Huawei and Chinese telecommunications equipment provider ZTE Corporation posed a threat to the nation’s cyber security. It cited a law in China in which private companies would be obliged to cooperate with the communist government in intelligence gathering activities. 

“Huawei cannot represent a cybersecurity threat as stated in the warning,” Huawei stated in the leaked letter, which was verified by TRT World. “Huawei, according to the Chinese law, does not have any obligation to install backdoor or spyware into their products, and the company would never agree to such a request.”

Following the NCISA warning, all state institutions in the Czech Republic were ordered to conduct internal assessments to ensure that the two companies had not compromised any critical infrastructure.

“As consequence of the warning, Huawei has already suffered losses and faces many difficulties,” the letter continued, adding that the Czech Republic had until February 14 to rescind the warning before taking the matter to international arbitration.

NCISA spokesman Radek Holy said that the agency is currently reviewing the letter and will continue to work with its partners in the EU and NATO to ensure the integrity of cybersecurity infrastructure.

“We [will] continue our regular activities and we will provide assistance to the subjects regarding risk analysis,” he said in an email.

Babis has meanwhile been careful not to openly criticise Huawei, instead calling on the European Union to find a common solution to the issue.

"The prime minister wants the European Council -- all the member states, prime ministers -- to deal with it together at the EC meetings. He thinks it's all European topic and the member states should act together," his office said in a text message. 

With all governmental institutions undergoing internal cyber security assessments, the Financial Directorate of the Czech Republic on January 30 became the first in what local experts believe to be the first in a wave of Central European agencies to block Huawei from public tenders, in this case a $26.2 million tender to build an online tax portal.

The Ministry of Defence meanwhile said over the weekend that it has ordered its employees to wipe sensitive applications from their mobile phones after finding unspecified threats in their own investigation.

“I think [more situations like this] will happen for sure because agencies consider the warning from the security agency legally binding,” said Martin Laštovička, a cybersecurity expert at Masaryk University in Brno.