'NZ govt naïve about Huawei' – security insider Selwyn Pellett details Beijing experience with Endace
Huawei operates “hand-in-glove” with the Chinese government and its military-heavy surveillance apparatus, according to a leading NZ tech entrepreneur who had rare opportunity to observe the company at close quarters.
Selwyn Pellett told NBR of a government and corporate culture in China where electronic eavesdropping is so taken for granted that no sensitive information is sent by email; of his surprise at heavy anti-Western sentiment; and his certainty that government and commercial secrets worldwide are at constant risk of exposure.
Anyone who follows Mr Pellett on Twitter will know he’s skeptical of Huawei’s involvement in the $1.35 billion public-private Ultrafast Broadband (UFB) project.
“As someone who sold internet ‘monitoring’ for a living (2001-2007) I'd be worried about having Huawei in my govt funded internet backbone,” Mr Pellett tweeted on March 28.
Then, in reaction to an NBR story on the Judith Collins ACC email controversy, he commented:
“The good news is soon we can ask Huawei to do some [internet data packet] inspection on the fly to tell us who did the leak. Lucky we went that way!”
Yeah, yeah, whatever, you could say. Following the events of the past fortnight, every man and his dog has an opinion, or at least conspiracy theory, about Huawei, the Chinese telecommunications equipment maker that was recently barred from bidding on Australia’s National Broadband Network following cyber-spying accusations. Huawei also faces an Australian government investigation into its proposed Perth-Singapore undersea cable. And in the US, lawmakers have blocked Huawei from bidding on a big telecommunications contracts, blocked its bid to takeover networking company 3Com, and pressured Huawei and US security company Symantec into dissolving a half billion dollar joint venture.
But Mr Pellet has had much closer access to Huawei than most, and has extensive experience in the global information technology security industry.
“My background is that I’ve sold network surveillance into probably 30 countries around the world,” said the tech entrepreneur, speaking to NBR at the Newmarket, Auckland, offices of one of his current ventures, Imarda (which sells fleet-tracking technology).
He was the co-founder and, from 2001 to 2007, chief executive of computer network security company Endace (he resigned from the board in 2010 and has sold most of his shareholding. Endace is still headquartered in Auckland, but is listed on the London Stock Exchange’s AIM Index - LSE:EDA - with a market cap of £77.38 million).
Endace emerged from the commercialisation arm of the University of Waikato.
Academics had developed clever ways to capture analyse data, which is sent over the internet in “packets” ( and indeed the university is still doing intriguing research into the way we use internet data, notably before and after the recently passed internet file sharing law).
“It was all about packet capture,” Mr Pellett told NBR. The headers were analysed, but the payload (such as the content of a message) was ignored. Companies used the technology to make sure data traffic was flowing smoothly through their networks.
“Then 9/11 came along and suddenly people wanted more than packet capture – they wanted content analysis,” Mr Pellett said.
“And that’s when Endace’s business went from network monitoring to network surveillance and we started dealing with national security agencies all around the world.”
Between 2001 and 2007, Mr Pellett met and did business with more than 30 security agencies, or their governments, around the world. All were Western or Western-friendly, he told NBR.
Endace also sold its technology to Chinese universities and research institutions. Mr Pellett says he assumes promptly reversed engineered his company's network cards and the software that runs them (and some will note Endace's technology has been helped along by our government, both in its University of Waikato genesis, and more recently through a $6.7 million grant; Endace has reciprocated by keeping its corporate and R&D staff in Auckland and Hamilton, and moving manufacturing home from Asia back to Christchurch).
But in , in retrospect, does it seem like a mistake?
No, Mr Pellett said. Universities all around the world attempted to reverse-engineer the technology and learn who it worked. Endace provided the technology to efficiently capture data – the needle in a haystack of packets – but it was up to the customer what they did with it, and whether they paired it with surveillance tools or other software (and as 9/11 paranoia eases and the company expands, Mr Pellett emphasises Endace now sells most of its product to the likes of banks and financial services companies).
The thinking at the time was that it was best to make a few sales for a small amount of money rather than be ripped off
In 2007, he Endace and Huawei were the two principal sponsors of a security conference held in Beijing.
Mr Pellet showed NBR a series of photos and documentation from the event.
The attendee list was heavy on Huawei staff, government officials and military representatives.
“Bear in mind that this was 2007, so it’s a long time ago. But the relationship between Huawei and the government was hand-in-glove and nothing happens in China without the government’s approval.”
There was obviously and relationship between the Huawei and the Chinese government.
Beyond that, Mr Pellett was surprised by the whole tone of the event.
“I sat in that room as one of two Western faces amongst hundreds of people and I listened for hour on end,” Mr Pellot said.
“[It] was an eye opener to me to see how anti-Western the Chinese are.”
He did not speak Chinese, but was sitting by an Endace salesman who – reluctantly, at times – interpreted for him.
“To be in a room full of hundreds of people and have them screaming on stage … They were ranting and raving saying they would not and the government should not buy Western technology. They could do it all.”
But surely – if a little over-enthusiastic – this was essentially the same “buy local” sentiment expressed by patriotic or protectionist factions in every country?
Are we talking economic nationalism, or a desire to push security interests?
Mainly the former, but a bit of both, Mr Pellet said.
Many for economic, but it’s both
He noted that at the time the Chinese government was building what is known as new Great Wall of China, a huge firewall – involving 50,000 servers, according to documentation from the 2007 Beijing conference – designed to monitor internet traffic moving in and out of country.
The government was seeking better network technology, and better surveillance technology.
Mr Pellett noted the accusation by Cisco (the largest US maker of network gear) claimed Huawei had pirated the software code that runs Cisco hardware, using it as the foundation of its own routers.
The Chinese government could have done something about the Cisco case but chose not to, Mr Pellet said.
(Huawei said the copying was inadvertent, less than Cisco claimed, and the code since removed from its products.)
One of Mr Pellet’s key points is that many governments are now working closely with large technology companies to monitor internet traffic.
“We have a very naïve view,” he told NBR.
“What was going on in the decade between 2001 and 2011, and certainly after 9/11, was governments didn’t give a damn about their internal laws. Stuff was going on all over the world that nobody knew about.”
In the US, the Patriot Act extended state surveillance power, but elsewhere, things were less official.
“There are countries around the world that have got laws against monitoring their own citizens and those laws were broken,” Mr Pellet said.
“I’ve been in countries around the world were people have told me it doesn’t happened.
“And I’ve thought that’s interesting, because I know your government’s bought all this kit and how it’s probably being used.”
And the persuasive surveillance culture goes beyond borders, Mr Pellett said.
What would Mr Pellett have done about Huawei’s proposed transtasman undersea cable, or its involvement, already underway, in supplying fibre and network management services for around 30% of the Ultrafast Broadband (UFB) project (though being one of several companies enjoying preferred supplier status with state-owned Crown Fibre Holdings, and its subsequent contracts with Christchurch UFB winner Enable and Ultrafast Fibre, which hold the UFB contracts for Hamilton, Tauranga, Whanganui and other North Island towns).
I’d just say to the government, “Do you want to feel comfortable with your national security, yes or no?,” Mr Pellet said.
“You’re choosing partners to align with. If [US company] Cisco is 5% more expensive does it matter?”
“And if you’re leaking information, would you rather be leaking it to the US or leaking it to China.
There are choices that governments can make.
“I suspect the citizens of the New Zealand would be more comfortable with the information leaking back to a US source than leaking back to a Chinese source.”
Certainly, were US and Australian authorities have actively blocked Huawei from bidding on public or private projects, our government has actively played match maker. For example, in 2010, then ICT Steven Joyce included 2degrees staff on trade mission to China, which included a meeting with Huawei. 2degrees – which already used Huawei as its main network partner – later expanded its relationship to include a $100 million credit line from the Chinese company.
And Prime Minister John Key played cheerleader for Huawei, talking up the company’s ability, and pricing, on TVNZ’s Q&A as it angled for UFB-related supplier contracts.
Could it be that the government is aware of our allies’ security fears over Huawei, but, as with the Crafar Farms deal, sees potential advantage for New Zealand’s struggling economy if it’s seen as the most China-friendly Western country?
Are we simply seeing hard-nosed pragmatism?
“They’re playing a dangerous game,” Mr Pellet replied.
“I remember Labour celebrating the free trade deal with China and I was thinking Do you realise what you’ve done?”
The free trade deal was a disaster for intellectual property, from agriculture to technology, Mr Pellett said.
“ We’re sitting here playing by purist rules, but the same rules do not apply [elsewhere].”
“They’re being incredibly naïve – this government and the last.
“I don’t care who reads my emails, but if I were the government I’d care who reads theirs.”