<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:Helvetica;

        panose-1:2 11 6 4 2 2 2 2 2 4;}

@font-face

        {font-family:SimSun;

        panose-1:2 1 6 0 3 1 1 1 1 1;}

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:"\@SimSun";

        panose-1:2 1 6 0 3 1 1 1 1 1;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p

        {mso-style-priority:99;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

span.EmailStyle18

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

/* List Definitions */

@list l0

        {mso-list-id:1429425821;

        mso-list-template-ids:1329483766;}

@list l0:level1

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:.5in;

        mso-level-number-position:left;

        text-indent:-.25in;

        mso-ansi-font-size:10.0pt;

        font-family:Symbol;}

@list l0:level2

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:1.0in;

        mso-level-number-position:left;

        text-indent:-.25in;

        mso-ansi-font-size:10.0pt;

        font-family:Symbol;}

@list l0:level3

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:1.5in;

        mso-level-number-position:left;

        text-indent:-.25in;

        mso-ansi-font-size:10.0pt;

        font-family:Symbol;}

@list l0:level4

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:2.0in;

        mso-level-number-position:left;

        text-indent:-.25in;

        mso-ansi-font-size:10.0pt;

        font-family:Symbol;}

@list l0:level5

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:2.5in;

        mso-level-number-position:left;

        text-indent:-.25in;

        mso-ansi-font-size:10.0pt;

        font-family:Symbol;}

@list l0:level6

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:3.0in;

        mso-level-number-position:left;

        text-indent:-.25in;

        mso-ansi-font-size:10.0pt;

        font-family:Symbol;}

@list l0:level7

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:3.5in;

        mso-level-number-position:left;

        text-indent:-.25in;

        mso-ansi-font-size:10.0pt;

        font-family:Symbol;}

@list l0:level8

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:4.0in;

        mso-level-number-position:left;

        text-indent:-.25in;

        mso-ansi-font-size:10.0pt;

        font-family:Symbol;}

@list l0:level9

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:4.5in;

        mso-level-number-position:left;

        text-indent:-.25in;

        mso-ansi-font-size:10.0pt;

        font-family:Symbol;}

ol

        {margin-bottom:0in;}

ul

        {margin-bottom:0in;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi Ken<o:p></o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The report you reference is nothing about stealing technology and strategic information. Where do you get that from?

<o:p></o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">You may want to do some research into how much Chinese companies invest in R&D, and how much Chinese Government provides support for

 research with academics etc. Maybe in the past “China” had a reputation for copying, but now it has a reputation for cutting-edge research in many areas driven by a highly competitive domestic economy.<o:p></o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I can only speak on behalf of Huawei, but we invest around $15bn in R&D per year and were the world’s number one filer of international

 patents (not just China patents) to WIPO.<o:p></o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">On the report you reference, yes, it is definitely worth reading that report published by the UK government. As the report says,<i> "The oversight provided for

 in our mitigation strategy for Huawei's presence in the UK is arguably the toughest and most rigorous in the world. This report does not, therefore, suggest that the UK networks are more vulnerable than last year."</i><o:p></o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The 2019 HCSEC Oversight Board Report details some concerns about Huawei's software engineering capabilities. We understand these concerns

 and take them very seriously. The issues identified in the 2019 HCSEC Oversight Board Report provide vital input for the ongoing transformation of our software engineering capabilities.

<o:p></o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In November last year Huawei's Board of Directors issued a resolution to carry out a company-wide transformation programme aimed at enhancing

 our software engineering capabilities, with an initial budget of US$2bn.<o:p></o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">A high-level plan for the programme has been developed and we will continue to work with UK operators and the NCSC during its implementation

 to meet the requirements created as cloud, digitization, and software-defined everything become more prevalent. To ensure the ongoing security of global telecom networks, the industry, regulators, and governments need to work together on higher common standards

 for cybersecurity assurance and evaluation.<o:p></o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Further information:<o:p></o:p></span></p>

<ul style="margin-top:0in" type="disc">

<li class="MsoNormal" style="color:#1F497D;mso-list:l0 level1 lfo1;background:white">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The mechanism of collaboration between Huawei and the UK government continues to work properly – the identification of the issues in the 2019 HCSEC Oversight Board Report is an indication of the

 HCSEC model working properly.<o:p></o:p></span></li><li class="MsoNormal" style="color:#1F497D;mso-list:l0 level1 lfo1;background:white">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The report states that "HCSEC continues to provide unique, world class cybersecurity expertise to assist the Government's ongoing risk management programme around the use of Huawei equipment with

 the UK operators."<o:p></o:p></span></li><li class="MsoNormal" style="color:#1F497D;mso-list:l0 level1 lfo1;background:white">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Over the past 30 years, Huawei products have served 3 billion people in more than 170 countries, these products have performed above the industry average in terms of system stability and reliability.<o:p></o:p></span></li><li class="MsoNormal" style="color:#1F497D;mso-list:l0 level1 lfo1;background:white">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">On 27 December 2018, Huawei founder, Mr. Ren Zhengfei, issued an open letter to all employees, entitled <i>Comprehensively Enhancing Software Engineering Capabilities and Practices to Build Trustworthy,

 Quality Products</i>, to outline the transformation programme and the reasoning behind it.<o:p></o:p></span></li><li class="MsoNormal" style="color:#1F497D;mso-list:l0 level1 lfo1;background:white">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The level of assurance provided in this year’s report is essentially the same as it was in 2018. <o:p></o:p></span></li><li class="MsoNormal" style="color:#1F497D;mso-list:l0 level1 lfo1;background:white">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The report states that "NCSC does not believe that the defects identified are a result of Chinese state interference."<o:p></o:p></span></li><li class="MsoNormal" style="color:#1F497D;mso-list:l0 level1 lfo1;background:white">

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The telecom industry requires unified standards for cybersecurity, which are necessary for its healthy development.<o:p></o:p></span></li></ul>

<p class="MsoNormal" style="background:white"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><a href="https://www.gov.uk/government/publications/huawei-cyber-security-evaluation-centre-oversight-board-annual-report-2019" target="_blank">HCSEC

 OVERSIGHT BOARD REPORT 2019</a></span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal" style="background:white"><o:p> </o:p></p>

<p class="MsoNormal" style="background:white"><a href="https://www.huawei.com/en/facts/voices-of-huawei/statement-in-reaction-to-hesec-oversight-board-report-2019">https://www.huawei.com/en/facts/voices-of-huawei/statement-in-reaction-to-hesec-oversight-board-report-2019</a><o:p></o:p></p>

<p class="MsoNormal" style="background:white"><o:p> </o:p></p>

<p class="MsoNormal" style="background:white"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#92D050"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> ken Otieno Ogera [mailto:ogeraken@gmail.com]

<br>

<b>Sent:</b> Thursday, May 02, 2019 10:38 AM<br>

<b>To:</b> KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke><br>

<b>Cc:</b> Adam Lane <adam.lane@huawei.com><br>

<b>Subject:</b> Re: [kictanet] Vodafone denies Huawei Italy security risk<o:p></o:p></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div>

<p class="MsoNormal">Keenly following. I have a report which I have attached on this matter. For China to grow , actually leapfrog, it has to steal technology and strategic information. China is looking for geopolitical dominance and needs data all over.<o:p></o:p></p>

</div>

</div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

<div>

<p class="MsoNormal">Regards,<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal">Ken.<o:p></o:p></p>

<div>

<div>

<div style="margin-top:4.5pt;margin-bottom:4.5pt;display:inline-block;max-width:100%" id="1gi-IPMNvSrLm4H6yrQmvfSLIxBBHagEK">

<p class="MsoNormal"><a href="https://drive.google.com/file/d/1gi-IPMNvSrLm4H6yrQmvfSLIxBBHagEK/view?usp=drivesdk"><span style="color:#424242;text-decoration:none"><o:p></o:p></span></a></p>

<div style="border:solid #E1E1E1 1.0pt;padding:5.0pt 0in 5.0pt 0in;border-radius:2px;display:inline-block;max-width:100%;min-width:240px">

<div>

<div>

<p class="MsoNormal" style="background:#EEEEEE"><span style="font-family:"Helvetica",sans-serif;color:#424242"><a href="https://drive.google.com/file/d/1gi-IPMNvSrLm4H6yrQmvfSLIxBBHagEK/view?usp=drivesdk"><span style="color:#424242;text-decoration:none"><img border="0" id="_x0000_i1025" src="https://ssl.gstatic.com/docs/doclist/images/mediatype/icon_3_pdf_x32.png" alt="PDF file"></span><span style="color:windowtext;text-decoration:none"><o:p></o:p></span></a></span></p>

</div>

<p class="MsoNormal" style="background:#EEEEEE"><span style="font-family:"Helvetica",sans-serif;color:#424242"><a href="https://drive.google.com/file/d/1gi-IPMNvSrLm4H6yrQmvfSLIxBBHagEK/view?usp=drivesdk"><span style="color:#424242;text-decoration:none">Huawei

 Cyber Security Evaluation…<o:p></o:p></span></a></span></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

</div>

</div>

</div>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div>

<p class="MsoNormal">On Tue, 30 Apr 2019 at 21:26, Adam Lane via kictanet <<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>> wrote:<o:p></o:p></p>

</div>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Dear Patrick</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Please note that Vodafone have responded to the inaccurate report from Bloomberg.  The report is

</span><a href="https://www.bbc.com/news/business-48103430" target="_blank">https://www.bbc.com/news/business-48103430</a>

<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">and copied below. You may also be interested in reading this report:

<a href="https://www.zdnet.com/article/cisco-removed-its-seventh-backdoor-account-this-year-and-thats-a-good-thing/" target="_blank">

https://www.zdnet.com/article/cisco-removed-its-seventh-backdoor-account-this-year-and-thats-a-good-thing/</a> explaining that Cisco has already found seven “backdoors” into its equipment just this year alone.

</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">This is not a Huawei issue, or an espionage issue. It is a global ICT security issue that all companies

 are constantly struggling with. As you can read (or ask a technical expert), there are many bugs in many products (your apps on your phone are probably being updated on a weekly basis…) due to the nature of software development which are constantly being found

 and addressed; companies like Cisco and Huawei (along with customers like Vodafone) to the tests and find these (usually) before going to market (though sometimes afterwards) and address them urgently.</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I am not sure how this issue of bugs in software relates to multinationals illegally collecting and

 selling business insights. I am sure the local companies have just as many bugs in their software too, and all of us need to collaborate to address them, improve software development standards, and raise the bar. This is not a policy issue, it is a technical

 issue. </span><o:p></o:p></p>

<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">You are certainly right that trust is good for business; unfortunately poor journalism such as that by Bloomberg which published before getting the “other side of the story” from

 Vodafone itself is not helping. I appreciate that you understand this, as you also referenced the ZDnet article which is much better reporting than Bloomberg, including

</span><o:p></o:p></p>

<p><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Instead, Huawei says it was "technical flaws in equipment" which were fixed.  "These were technical mistakes in our equipment, which were identified and corrected," the spokesperson

 said. 'The accepted definition of' backdoors' is deliberately built-in vulnerabilities that can be exploited -- these were not such. They were mistakes which were put right."

</span></i><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Regards</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Adam</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://www.bbc.com/news/business-48103430" target="_blank">https://www.bbc.com/news/business-48103430</a>

<o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<b><span style="font-size:24.0pt;font-family:"Helvetica",sans-serif;color:#1E1E1E">Vodafone denies Huawei Italy security risk</span></b><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:21.0pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<b><span style="font-family:"Helvetica",sans-serif;color:#404040">Vodafone has denied a report saying issues found in equipment supplied to it by Huawei in Italy in 2011 and 2012 could have allowed unauthorised access to its fixed-line network there.</span></b><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040"><a href="https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment" target="_blank"><b><span style="font-family:"Times New Roman",serif;color:#222222;border:none windowtext 1.0pt;padding:0in;text-decoration:none">A

 Bloomberg report said that Vodafone spotted security flaws in software</span></b></a> that could have given Huawei unauthorised access to Italian homes and businesses.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">The US refuses to use Huawei equipment for security reasons.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">However, reports suggest the UK may let the firm help build its 5G network.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">This is despite the US wanting the UK and its other allies in the "Five Eyes" intelligence grouping - Canada, Australia and New Zealand - to exclude the company.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">Australia and New Zealand have already blocked telecoms companies from using Huawei equipment in 5G networks, while Canada is reviewing its relationship with the Chinese telecoms firm.</span><span style="font-size:10.5pt;color:#404040">

</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">In a statement, Vodafone said: "The issues in Italy identified in the Bloomberg story were all resolved and date back to 2011 and 2012.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<b><u><span style="font-family:"Helvetica",sans-serif;color:#404040">"The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible

 from the internet.</span></u></b><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<b><u><span style="font-family:"Helvetica",sans-serif;color:#404040">"Bloomberg is incorrect in saying that this 'could have given Huawei unauthorised access to the carrier's fixed-line network in Italy'.</span></u></b><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<b><u><span style="font-family:"Helvetica",sans-serif;color:#404040">"In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development.</span></u></b><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">"The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei."</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">A Huawei spokesperson said: 'We were made aware of historical vulnerabilities in 2011 and 2012 and they were addressed at the time.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">"Software vulnerabilities are an industry-wide challenge. Like every ICT [information and communications technology] vendor, we have a well-established public notification and patching process,

 and when a vulnerability is identified, we work closely with our partners to take the appropriate corrective action."</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">Several European telecoms operators are considering removing Huawei's equipment from their networks.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">But the firm's cyber-security chief, John Suffolk, has described the firm as "the most open [and] transparent company in the world".</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">In January, Vodafone "paused" the deployment of Huawei equipment in its core networks in Europe until Western governments resolved their security concerns about the company.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">Huawei has been accused of being a potential security risk and of being controlled by the Chinese government - allegations it has always firmly denied.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">With the introduction of the 5G network in the UK approaching, telecoms operators say the way it would work, in a highly integrated system alongside 4G, means that excluding Huawei is not realistic

 without significant cost and delay,</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">That would include potentially removing existing hardware, leading to the UK falling behind other countries.</span><o:p></o:p></p>

<p class="MsoNormal" style="margin-top:13.5pt;mso-margin-bottom-alt:auto;background:white;vertical-align:baseline">

<span style="font-family:"Helvetica",sans-serif;color:#404040">The company is the world's third-largest supplier of mobile phones, behind Samsung and Apple.</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:white">

<b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#404040">Senior Director, Public Affairs</span></b><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:white">

<b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#404040">Huawei Southern Africa</span></b><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:white">

<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#595959">Mobile: +254-7909-85886 

</span><o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:white">

<b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#92D050">Read Huawei Kenya’s First Ever Sustainability Report

</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#92D050"><a href="https://www.huawei.com/minisite/explore-kenya/pdf/huawei_kenya_csd_report.pdf" target="_blank"><span style="color:#92D050">here</span></a>

</span><o:p></o:p></p>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> kictanet [mailto:<a href="mailto:kictanet-bounces%2Badam.lane" target="_blank">kictanet-bounces+adam.lane</a>=<a href="mailto:huawei.com@lists.kictanet.or.ke" target="_blank">huawei.com@lists.kictanet.or.ke</a>]

<b>On Behalf Of </b>Patrick A. M. Maina via kictanet<br>

<b>Sent:</b> Tuesday, April 30, 2019 8:59 PM<br>

<b>To:</b> Adam Lane <<a href="mailto:adam.lane@huawei.com" target="_blank">adam.lane@huawei.com</a>><br>

<b>Cc:</b> Patrick A. M. Maina <<a href="mailto:pmaina2000@yahoo.com" target="_blank">pmaina2000@yahoo.com</a>><br>

<b>Subject:</b> [kictanet] [Economic Espionage Risks] Vodafone has 'acknowledged' that it Found Hidden Backdoors in Huawei Equipment (but says the issues were resolved).</span><o:p></o:p></p>

</div>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Dear Listers,<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">These kinds of global reports should concern Kenyan business CEOs and Boards in all sectors (as well as economic / technology policymakers) - unless Kenya has little or no interest

 in competing regionally or internationally to generate new streams of foreign exchange; and even then, are we able to protect our local "home turf" competitive advantage, should multinational actors decide to illegally collect and sell (or leverage) unfairly

 acquired local business insights, in order to give affiliated new entrants unfair advantage over local enterprises?<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">These are legitimate and global policy concerns. If such things are happening in advanced, tech-savvy economies, what about here in Africa? Is the world having a party at our expense?

<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Trust is good for business - but its is not wise to trust blindly. If we refuse to learn from others, or from history, it will be difficult for us to hand over to our children/youth

 a future that proves that we played our part responsibly as present-day custodians.

<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">We need to start thinking of our existence in less selfish terms: as a relay race, where it is our duty to ensure that we pass on a better future to our children/youth. Let's wake

 each other up. We must start BELIEVING in ourselves and LOVING ourselves so that our children can believe in, and love themselves as well.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Excerpts below:<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">-------------------------------<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Reported by Bloomberg today (30th April 2019):

<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">"[Vodafone] identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet

 service to millions of homes and businesses, according to Vodafone’s security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but

<u>further testing revealed that the security vulnerabilities remained,</u> the documents show.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Vodafone said Huawei then

<u>refused to fully remove the backdoor, citing a manufacturing requirement.</u><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The April 2011 document was authored by its Chief Information Security Officer at the time, Bryan Littlefair. 'What is of most concern here is that actions of Huawei in agreeing

 to remove the code, then trying to hide it, and now refusing to remove it as they need it to remain for ‘quality’ purposes,' Littlefair wrote.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">'There’s no specific way to tell that something is a backdoor and most backdoors would be designed to look like a mistake,' said Stefano Zanero, an Associate Professor of Computer

 Security at Politecnico di Milano University. 'That said, the vulnerabilities described in the Vodafone reports from 2009 and 2011 have all the characteristics of backdoors: deniability, access and a tendency to be placed again in subsequent versions of the

 code,' he said.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers,

 and other parts called broadband network gateways, which handle subscriber authentication and access to the internet...<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">In Vodafone’s case, the risks included possible third-party access to a customer's personal computer and home network, according to the internal documents.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">However, Vodafone’s account of the issue was contested by people involved in the security discussions between the companies. [who allege that]

<u>Vulnerabilities in both the routers and the fixed access network remained beyond 2012 and were also present in Vodafone’s businesses in the U.K., Germany, Spain and Portugal</u>. Vodafone stuck with Huawei because the services were competitively priced,

 they said."<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Links:<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">1. Vodafone found Hidden Backdoors in Huawei Equipment<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment" target="_blank">https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment</a><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">2. Huawei denies existence of ‘backdoors’ in Vodafone networking equipment<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://www.zdnet.com/article/huawei-denies-existence-of-backdoors-in-vodafone-networking-equipment-brands-them-technical-flaws/" target="_blank">https://www.zdnet.com/article/huawei-denies-existence-of-backdoors-in-vodafone-networking-equipment-brands-them-technical-flaws/</a><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Best regards,<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Patrick.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Patrick A. M. Maina<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">[Cross-domain Innovator | Public Policy Analyst - Indigenous Innovations]<o:p></o:p></p>

</div>

</div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

</div>

</div>

</div>

</div>

<p class="MsoNormal">_______________________________________________<br>

kictanet mailing list<br>

<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a><br>

<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>

Twitter: <a href="http://twitter.com/kictanet" target="_blank">http://twitter.com/kictanet</a><br>

Facebook: <a href="https://www.facebook.com/KICTANet/" target="_blank">https://www.facebook.com/KICTANet/</a><br>

<br>

Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/ogeraken%40gmail.com" target="_blank">

https://lists.kictanet.or.ke/mailman/options/kictanet/ogeraken%40gmail.com</a><br>

<br>

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT

 enabled growth and development.<br>

<br>

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or

 qualifications.<o:p></o:p></p>

</blockquote>

</div>

</div>

</div>

</body>

</html>