It's also possible he didn't do it. He hasn't exactly impressed anyone - except himself - during his brief but very exciting tenure, and it's possible May was looking for an excuse to get rid of him while also pointing the finger at a convenient scapegoat.
We'll see if this proceeds to a criminal investigation. My guess is it won't.
We'll see if this proceeds to a criminal investigation. My guess is it won't.
It's amazing it got this far. Leak inquiries almost never discover a culprit (by design) and it's unheard of for a minister to actually get sacked for leaking.
It's more amazing that Williamson was ever Defence Minister in the first place.
Latest: "Theresa May considers the matter closed."
So there we are. No police investigation into a rather serious matter of national security. Meanwhile Williamson himself is absolutely insistent he's innocent and that the internal investigation was ineffective - which means that if he is innocent, someone else was responsible.
And if he's telling the truth, that person remains unnamed, and in a ministerial position.
All of Thatcher-In-The-Rye's tenure has been an extended 'Yes Minister' episode. Though I think the writers would never have gone quite as far as Boris 'Fuck Business' Johnson. Who may very well become our next PM.
I had to google Thatcher in the Rye :) Thanks for the laugh.
That said I have hope. The more clowns in power, the more pressure on real leaders to step up. This is a phase where the media and social media have allowed things to happen that no one expected. But we learn from that and things change. For the better. They always do. Or we'd still have a King running things.
I think you would be surprised how many people in the UK would support that. I have run into a fair amount of very old-school monarchists who fully believe that Liz should seize power in a coup. They also tend to think that we should retake the British Empire and I find myself having to politely explain that these days the rest of the world is slightly better armed than when we first had a go.
As Williamson will no doubt appreciate, a similar story was an important plot point in the original UK House of Cards (the PM's brother was accused of taking advantage of inside knowledge of government decisions, the PM was implicated in leaking them to him, but the investigation was dropped as soon as he resigned).
true, but normally its a leak of policy, or something politically embarrassing. (brexit will be a great success/terrible failure because of x, delete to taste)
But this is different, this is a leak of an actual state secrets. This is much more secret because its expressly illegal. (the official secrets act makes many things vaguely illegal, but leaking things marked "secret" or similar is an actual offence.)
Not only is it illegal, its also leaking other country's intelligence, which is a massive nono
Letwin had a habit of reading correspondence whilst in a public park in the mornings and then dumping it in public bins once dealt with. Mirror reporters just followed him around and fished sensitive material out of the bins.
This is part of the reason why governments make info-sharing pacts between their spy agencies, right? You might have a policy of constitution preventing you from spying on your own citizens, but your allies certainly don't play by those same rules.
I doubt it was that. From what I have heard he was the only one trying to blame it on civil servants.
Plus as its a criminal matter they would have been able to get warrants to get call records. As the journalist that broke the story is known, its not hard to figure out from there.
I think this article is disingenuous. It's telnet on a nonstandard port with hardcoded credentials, that was added back in after being removed when it was spotted in previous security testing.
A telnet service responds to a plain port scan. So it was categorically not hidden. Vodaphone explain this themselves in the linked register article:
>It added the Telnet service was found during an audit, which means it can't have been that secret or hidden: "The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei.
If its not hidden, its not a threat to national security kind of "backdoor". A hidden backdoor will only respond to a secret token, you cant just knock on it and get asked "whats the hardcoded password?"
A vulnerability is not as damning if it wasn't intentionally inserted to be a backdoor. It being easily discoverable suggests that there was no intention to hide it, and thus it was not intended to be a backdoor.
If conversely the vulnerability was difficult to find externally, was publically unknown, and was seen being used for attacks, that would be suggestive of a deliberate backdoor, and far more damning.
Is 'The Register'. Being disingenuous is their bread and butter when you tune out the comedic writing style. I used to follow their climate change reporting as an interesting counterpoint as they were biased towards trying to disprove it. These days they more or less ignore climate change as a topic compared to five or ten years ago, if you look at frequency of articles.
I won't deny it's bad, but it's more of a smoking crater than a smoking gun. A genuine vulnerability existed, and it wasn't swiftly remove (apparently due to it being crucial to their manufacturing operations). Notwithstanding the potential for this to be an underhandedly engineered backdoor, there doesn't seem to be any evidence of it being more than an oversight similar to others common in the industry.
Huawei's reputation has never been completely stellar, but I'm getting more and more skeptical of these "reports" and the motivation behind them. Rehashed old news fromm 2012 about a telnet port? Really? As always, rehashed old news is great for clicks when it's the correct boogeyman.
In general, this is one of the news threads that I persistently don't understand. There is too much information missing. Why are European countries so keen on allowing Huawei to build some critical infrastructure? Do they face threats from China? If so, how are these made? And then there is the other side of the coin, that the US allegations look credible overall, but it is also known that the NSA and GCHQ built spying tools into existing European infrastructure. Is the US trying to do this again but this wouldn't work if Huawei was involved?
Which companies can actually build these kind of networks? Couldn't e.g. France and Germany build them on their own? Or would that be too expensive?
The desire to use Huawei is that they're a major player in the telecommunications infrastructure market.
The governmental advice / requirements not to use Huawei equipment is because China is not trusted, and diplomatic relations with China are bad. There appears to be no hard evidence that Huawei have abused their trust, yet at the same time, that doesn't mean they couldn't. It's not possible to differentiate innocent security vulnerabilities with underhandedly engineered ones. Ultimately it doesn't matter whether Huawei are abusing their position of trust or not, but whether they could be used as a weapon by their host country, to which the answer is that they could be, as for any such company anywhere. So ultimately it's a diplomatic issue.
It's cheap, and there is not enough conclusive evidence about the allegations. The US-led artificial trade war with China also gives pause when they are the accusers. If a credible EU country brought something up I'd expect it'd be taken much more seriously.
It's geopolitics. In short, when there is only a choice between US and Chinese manufacturers, whichever doesn't matter because they're both considered equally hostile. Chinese is cheaper though.
It is really quite simple: The US has yet to provide their evidence to European countries, or has and their evidence is so unconvincing nobody actioned it.
That's what this entire situation boils down to. The US has been making claims, now it is time to back those claims, until they do nobody should do anything. A lot of people suspect this is more about geopolitics than security for legitimate reasons.
If all computers, networking and cell phones come from China, I dont see why local 5G transmitters should be any different. If Europeans save a lot of money choosing Huawei over Qualcomm its a good choice. Its not like Qualcomm is nice to Europeans.
Also Europe is less insular and doesn't have the cold war mentality that our current government seems driven by.
1) there are always holes in network gear. They are either deliberately put in, or in there because network firmware is difficult time short and buggy as hell. or SS7.
3) france and germany can build them on their own, see above.
I suspect there are some specific flaws that are exploitable, perhaps. But, it depends on where the kit is. If its part of the core routing fabric, then yes, thats possibly a problem. However most networks have total oversight, because thats how GCHQ et al operate. At the very least keep a connetion record of every event that happens on the network
isn't the fact that she was trying to have Huawei participate to the infrastructure without people knowing it the actual scandal worth being sacked for? that's crazy
I'm not sure it qualifies under the Treason Act 1351:
> When a Man doth compass or imagine the Death of our Lord the King, or of our Lady his Queen or of their eldest Son and Heir; or if a Man do violate the King’s Companion, or the King’s eldest Daughter unmarried, or the Wife of the King’s eldest Son and Heir; or if a Man do levy War against our Lord the King in his Realm, or be adherent to the King’s Enemies in his Realm, giving to them Aid and Comfort in the Realm, or elsewhere, and thereof be probably attainted of open Deed by the People of their Condition, and if a Man slea the Chancellor,Treasurer, or the King’s Justices of the one Bench or the other, Justices in Eyre, or Justices of Assise, and all other Justices assigned to hear and determine, being in their Places, doing their Offices: And it is to be understood, that in the Cases above rehearsed, that ought to be judged Treason which extends to our Lord the King,and his Royal Majesty.
or the Treason Felony Act 1848:
> If any person whatsoever shall, within the United Kingdom or without, compass, imagine, invent, devise, or intend to deprive or depose our Most Gracious Lady the Queen, from the style, honour, or royal name of the imperial crown of the United Kingdom, or of any other of her Majesty’s dominions and countries, or to levy war against her Majesty, within any part of the United Kingdom, in order by force or constraint to compel her to change her measures or counsels, or in order to put any force or constraint upon or in order to intimidate or overawe both Houses or either House of Parliament, or to move or stir any foreigner or stranger with force to invade the United Kingdom or any other of her Majesty’s dominions or countries under the obeisance of her Majesty, and such compassings, imaginations, inventions, devices, or intentions, or any of them, shall express, utter, or declare, by publishing any printing or writing or by any overt act or deed, every person so offending shall be guilty of felony, and being convicted thereof shall be liable to be transported beyond the seas for the term or his or her natural life
The concern I dont understand. If all traffic is encrypted, what is the risk of Huawei equipment handling traffic? Are people worried about spying or being able to switch interrupt service?
There's still metadata. Also I'd think that lawful-intercept features mean that telecom traffic is not end-to-end encrypted, so unencrypted streams might be accessible to telecom equipment like this unless the customer is using a nonstandard encrypted phone.
One worry is that in a war situation (cyber or shooting) the Chinese govt might be able to disable UK networks, for example by sending an obscure sequence of plaintext bytes which is understood by the routers.
I love that people are rationalizing for a dictatorship-lead China with concentration camps in the west (xinjiang), religious oppression in the south (tibet), democratic oppression in the east (hong kong), and aggression in the east (artificial islands in south china sea, nearly crashing into US battleships, massive buildup in warships), that is seeking to invade Europe with spy technologies from its state firm is:
huawei doesn't have backdoors => the backdoors are (easily?) found by security audits. nothing to see here.
maybe conspiracy but I have a feeling this is part of US strategy to kick Huawei out of Europe, from the last few countries that didn't already ban them, UK and Italy. I can't imagine any way for UK to allow Huawei to build 5G once US said it is forbidden
The same Gavin Williamson who threatened China with military action while the Chancellor of the Exchequer was there trying to hold trade talks? I’m shocked.
59 comments
[ 3.0 ms ] story [ 122 ms ] threadWe'll see if this proceeds to a criminal investigation. My guess is it won't.
It's amazing it got this far. Leak inquiries almost never discover a culprit (by design) and it's unheard of for a minister to actually get sacked for leaking.
Latest: "Theresa May considers the matter closed."
So there we are. No police investigation into a rather serious matter of national security. Meanwhile Williamson himself is absolutely insistent he's innocent and that the internal investigation was ineffective - which means that if he is innocent, someone else was responsible.
And if he's telling the truth, that person remains unnamed, and in a ministerial position.
I think you would be surprised how many people in the UK would support that. I have run into a fair amount of very old-school monarchists who fully believe that Liz should seize power in a coup. They also tend to think that we should retake the British Empire and I find myself having to politely explain that these days the rest of the world is slightly better armed than when we first had a go.
But this is different, this is a leak of an actual state secrets. This is much more secret because its expressly illegal. (the official secrets act makes many things vaguely illegal, but leaking things marked "secret" or similar is an actual offence.)
Not only is it illegal, its also leaking other country's intelligence, which is a massive nono
Or perhaps he had a Huawei phone.
https://www.bbc.co.uk/news/uk-politics-15396956
Letwin had a habit of reading correspondence whilst in a public park in the mornings and then dumping it in public bins once dealt with. Mirror reporters just followed him around and fished sensitive material out of the bins.
Plus as its a criminal matter they would have been able to get warrants to get call records. As the journalist that broke the story is known, its not hard to figure out from there.
Here's the letter May sent, which makes it sound like regular interviewing and discussions: https://twitter.com/BBCBreaking/status/1123635838523465729
(But, obviously, the security services aren't going to say "we know it was him").
This, from Buzzfeed, about him is telling: https://www.buzzfeed.com/emilyashton/britains-new-defence-se...
Vodafone Found Hidden Backdoors in Huawei Equipment
https://news.ycombinator.com/item?id=19786102
https://www.theregister.co.uk/2019/04/30/huawei_enterprise_r...
Edit: this according to one of the sources in the Bloomberg article, who claims to have read internal Vodaphone documents https://twitter.com/raistolo/status/1123283199348621312
>It added the Telnet service was found during an audit, which means it can't have been that secret or hidden: "The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei.
If conversely the vulnerability was difficult to find externally, was publically unknown, and was seen being used for attacks, that would be suggestive of a deliberate backdoor, and far more damning.
Is 'The Register'. Being disingenuous is their bread and butter when you tune out the comedic writing style. I used to follow their climate change reporting as an interesting counterpoint as they were biased towards trying to disprove it. These days they more or less ignore climate change as a topic compared to five or ten years ago, if you look at frequency of articles.
The takeaway is; don't interfere with the PLA/Huawei.
Which companies can actually build these kind of networks? Couldn't e.g. France and Germany build them on their own? Or would that be too expensive?
Questions over questions...
https://www.nytimes.com/2019/01/22/technology/huawei-europe-...
The governmental advice / requirements not to use Huawei equipment is because China is not trusted, and diplomatic relations with China are bad. There appears to be no hard evidence that Huawei have abused their trust, yet at the same time, that doesn't mean they couldn't. It's not possible to differentiate innocent security vulnerabilities with underhandedly engineered ones. Ultimately it doesn't matter whether Huawei are abusing their position of trust or not, but whether they could be used as a weapon by their host country, to which the answer is that they could be, as for any such company anywhere. So ultimately it's a diplomatic issue.
https://newsroom.intel.com/news-releases/intel-modem-stateme...
That's what this entire situation boils down to. The US has been making claims, now it is time to back those claims, until they do nobody should do anything. A lot of people suspect this is more about geopolitics than security for legitimate reasons.
Also Europe is less insular and doesn't have the cold war mentality that our current government seems driven by.
2) allowing Huawei to bid brings the price down. There aren't many major players, so a lack of competition means comedy quotes. (https://www.greyb.com/companies-working-on-5g-technology/)
3) france and germany can build them on their own, see above.
I suspect there are some specific flaws that are exploitable, perhaps. But, it depends on where the kit is. If its part of the core routing fabric, then yes, thats possibly a problem. However most networks have total oversight, because thats how GCHQ et al operate. At the very least keep a connetion record of every event that happens on the network
> When a Man doth compass or imagine the Death of our Lord the King, or of our Lady his Queen or of their eldest Son and Heir; or if a Man do violate the King’s Companion, or the King’s eldest Daughter unmarried, or the Wife of the King’s eldest Son and Heir; or if a Man do levy War against our Lord the King in his Realm, or be adherent to the King’s Enemies in his Realm, giving to them Aid and Comfort in the Realm, or elsewhere, and thereof be probably attainted of open Deed by the People of their Condition, and if a Man slea the Chancellor,Treasurer, or the King’s Justices of the one Bench or the other, Justices in Eyre, or Justices of Assise, and all other Justices assigned to hear and determine, being in their Places, doing their Offices: And it is to be understood, that in the Cases above rehearsed, that ought to be judged Treason which extends to our Lord the King,and his Royal Majesty.
or the Treason Felony Act 1848:
> If any person whatsoever shall, within the United Kingdom or without, compass, imagine, invent, devise, or intend to deprive or depose our Most Gracious Lady the Queen, from the style, honour, or royal name of the imperial crown of the United Kingdom, or of any other of her Majesty’s dominions and countries, or to levy war against her Majesty, within any part of the United Kingdom, in order by force or constraint to compel her to change her measures or counsels, or in order to put any force or constraint upon or in order to intimidate or overawe both Houses or either House of Parliament, or to move or stir any foreigner or stranger with force to invade the United Kingdom or any other of her Majesty’s dominions or countries under the obeisance of her Majesty, and such compassings, imaginations, inventions, devices, or intentions, or any of them, shall express, utter, or declare, by publishing any printing or writing or by any overt act or deed, every person so offending shall be guilty of felony, and being convicted thereof shall be liable to be transported beyond the seas for the term or his or her natural life
huawei doesn't have backdoors => the backdoors are (easily?) found by security audits. nothing to see here.
We detached this comment from https://news.ycombinator.com/item?id=19800040 and marked it off-topic.
https://www.theguardian.com/politics/2019/feb/16/gavin-willi...