The Hong Kong government procured 190 Huawei products worth HK$1.76million between February 2016 and November 2018, the Secretary for Innovation and Technology Nicholas Yang said on Wednesday.
The news comes as the Chinese telecommunications giant faces accusations that their products could be used by Beijing for spying. In recent years, countries including Australia, Japan, and the United States have banned their government’s use of Huawei products, citing security concerns over intelligence leaks and cyber attacks.
Yang told lawmakers that the government maintains strict security protocols when acquiring tech products: “To ensure the security of government’s information systems and data as well as to protect [the] privacy of the general public, government departments must perform independent information security risk assessments and audits for their information systems and network facilities before commissioning and during operation on a regular basis,” he said, adding that confidential data requires encryption, so that only authorised parties can view it in storage or transmission.
According to Yang, the Huawei products used include network switches, routers for connecting different networks, and accessories such as fibre transceivers, cables for connecting fibre optics, and fan modules for cooling equipment.
The statement was made in response to a series of questions from Civic Party lawmaker Alvin Yeung, over whether Huawei products used by the government were inspected for hidden “backdoors” or functions that could enable unauthorised persons to steal information.
Huawei has denied all allegations of using inappropriate functions to bypass security mechanisms.
“Cybersecurity has always been our top priority and we have a proven track record of providing secure products and solutions for our customers,” a spokesperson told HKFP. “In our 30-year history, there has been absolutely no evidence that Huawei has committed any cybersecurity offence.”
Taking precautions
Yang added that further checks for “backdoors” were not carried out on the procured products. “At present, the network equipment brands and models procured by the Government are widely used by other international cities and should not have a backdoor programme or other inappropriate functions. Therefore, the prevailing procurement procedures do not include additional checking in this respect,” he said.
But Yeung said that it is the government’s responsibility to take precautions over its IT products. “It seems to me that the government is taking its safety standards for granted, let alone paying extra attention to any risk of ‘backdoor’ functions,” he told HKFP. “Again, even assuming that the allegations made against Huawei are groundless, the Hong Kong government still has a duty to reassure the public that all of its tech products are safe.”
Leonhard Weese, an independent tech privacy researcher, told HKFP that it would be difficult for Huawei to secretly “backdoor” its products on a large scale and that it would be difficult for the government to safeguard against such hidden functions anyway. “I don’t think it’s feasible to check every individual device for backdoors… its costs too much,” he told HKFP, adding that a solution could be to buy Huawei products from a reputable seller or anonymously, but both options carry additional security risks.
Weese said that the government has already taken steps to improve its tech security by switching its website connections from HTTP to HTTPS, which enables data to be privately encrypted between a user and the site.
Larry Salibra, founder of software startup New Internet Labs, told HKFP that Hong Kong’s expenditure on Huawei products is relatively small given the size of the government. However, he added that encrypted communication should be a priority for the government.
“Networks shouldn’t be part of a trusted infrastructure – the government, like everyone else, should treat data that leaves their computer or phone as subject to intercept,” he said.
Huawei founder Ren Zhengfei said in a Financial Times interview published on Tuesday that his company has never spied for the Chinese government nor received requests from any government to provide “improper information.”
The company has been at the centre of a diplomatic row between Canada and China following the arrest of its Chief Financial Officer Meng Wanzhou in Vancouver last year on fraud charges relating to United States sanctions on Iran.
Additional reporting: Kris Cheng.
