Berlin The Federal Ministry of the Interior has submitted a draft for a new security law to settle the almost one-and-a-half-year governmental dispute over the participation of the Chinese technology group Huawei in the German 5G network. The regulations contain an important concession to the Huawei critics: the Ministry of the Interior admits that a purely technical review of critical components is not sufficient to assess the trustworthiness of a manufacturer and to guarantee the security of the networks. Nevertheless, the discussions are likely to continue.
In the explanatory text of the draft law, which is available to the Handelsblatt and about which the dpa news agency first reported, it says: “Neither component certification nor a review of security concepts” would offer “100% certainty that manufacturers will not have any improper access to hardware and implement software that enables sabotage or espionage ”.
The suppliers of network components must therefore submit a trustworthiness declaration, which “must be subjected to an appropriate examination and assessment in a suitable procedure”. The Ministry of the Interior emphasizes once again that this “could not be carried out as part of a technical certification only”.
The house of Interior Minister Horst Seehofer (CSU) is thus accommodating the Federal Foreign Office, which has reservations about Chinese 5G providers. “Especially when it comes to critical infrastructure and future technologies, we must not depend on others,” Foreign Minister Heiko Maas (SPD) had recently told the Handelsblatt. This limits “our ability to act” and undermines “the sovereignty of Europe”.
Neither Huawei nor any other manufacturer is explicitly mentioned in the bill – which, however, was never an issue. The SPD faction agreed last year on security criteria, which Huawei does not mention either, but de facto exclude Chinese providers. After a long dispute, the Union faction had submitted a compromise, according to which an interference by a “foreign state” on the 5G infrastructure should be excluded.
Huawei’s opponents also argue regardless of the manufacturer, which is often ignored in the debate. They do not criticize Huawei as a company, but rather the security laws of the People’s Republic of China, which force all Chinese companies to follow the instructions of security bodies. The Federal Intelligence Service (BND) and other western intelligence agencies are therefore warning that 5G components made in China could become the gateway for cyber attackers.
Extended competencies for the BSI
The new regulations are to be anchored in the so-called BSI law, the law that regulates the powers of the Federal Office for Information Security. The BSI is significantly strengthened by the “IT Security Act 2.0”, so the Bonn authority should be strengthened considerably in terms of personnel. Nevertheless, the reform is uncomfortable for BSI chief Arne Schönbohm. Because the latter had publicly denied the need to check trustworthiness.
“If political trust alone is to be the basis for investment decisions, we will destroy the division of labor that we have in the world,” said Schönbohm last year. For the analysis of the manipulability of an IT component, it is “completely irrelevant whether the component comes from China, Korea or Sweden”. He declared the problem of industrial espionage to be “controllable”.
In Schönbohm’s favor it can be said that he is not alone in his assessment. The Federal Ministry of Economics also thinks little of a trustworthiness check. Economics Minister Altmaier feared negative consequences for the German-Chinese relationship if a company like Huawei, a crown jewel of the Chinese economy, was classified by the federal government as “not trustworthy”. Chancellor Angela Merkel, for whom relations with China have top priority, sees things similarly.
It can take months before the law comes into force. The draft first goes to the departmental vote, then has to be approved by the cabinet and finally approved in the Bundestag. This can lead to significant changes.
The major German telecommunications providers have long lost patience. Despite all political warnings, Deutsche Telekom and Vodafone are relying on close cooperation with Huawei when expanding their networks. They accept the risk that they will have to replace certain components later.
It remains unclear whether the proposed new regulations will result in Huawei being excluded from critical network areas. According to the previous draft, the Ministry of Interior and the Economy have decided on the trustworthiness of 5G providers, which should not be acceptable for the Federal Foreign Office or the SPD parliamentary group. A compromise could be to instruct the secret meeting of the Federal Security Council to make the decision.
More: The 5G fraud by Telekom and Vodafone