The media likes to sensationalize the Huawei story, but there's more to it than that. It's also important to lay the facts out, particularly because policymakers have to make difficult decisions about how to manage security risks in communications networks. Many credible security analysts worldwide have described and detected espionage, malware, and theft by manufacturers with ties to the Chinese government and military.

The Huawei equipment identified for restriction is just one part of a large value chain with many points that can be compromised. It raises the question: if the network infrastructure equipment manufactured by Huawei and ZTE is a threat, what about the other (and quite substantial) internet components created by other firms affiliated with the Chinese government? What about the Chinese owners of Lenovo, the world's largest manufacturer of personal computers (PCs) and servers? What about the many Chinese-made Internet of Things devices that we connect in our homes, offices, and businesses? They often connect to the internet through Chinese-made apps on Chinese-made mobile phones. They collect data that is processed and stored in Chinese data centers. How much information do we have about these products and services, and have we considered the risks?

China drives much of the technological innovation that underpins the digital society.
The US was the leader in internet innovation, and the EU, historically, the leader in mobile communications innovation. Leaders in these regions believed they would lead the pack when it came to the next generation of connectivity. That is not necessarily the case for the US, and certainly not for the EU. While the US is making progress with 5G, China is ahead. The EU is at least two years behind the US.
Look at most of the engineering papers on 5G technologies; they are published by Chinese scholars at Chinese universities, not Americans or Europeans. Look at the EU. After two decades of telecom regulation offered by EU policymakers to spur internet innovation (including the dubious "open internet" rules), the EU has virtually no leading internet companies today. Many patents are registered in communications technologies in the EU, but they are not necessarily registered by Europeans. Huawei has filed the most patents in this category.

In 2008, 2,693 patents were filed in Europe in the telecommunications and connectivity categories. Of these, only 116 were filed by Chinese companies. By 2017, China held 1,478 of the 3,717 patents granted, a twelvefold increase.
Apart from a few demonstration sites outside China, Chinese companies conduct most of their research and development in China, not in the United States or Europe. China's share of communications patents filed in the EU has increased from 4.3 percent to 39 percent in just 10 years. At this rate, in a few years, Western companies will be unable to produce telecommunications technology without using Chinese patents.
With the EU elections just a few months away, Europeans should ask their leaders why Europe has gone from being a net exporter of communications technology to a net importer. Indeed, Europeans should ask why the EU continues to promote policies that run counter to its stated objective. The promised jobs and growth have not materialized. In fact, the European telecommunications industry used to fuel a booming R&D sector, but it has largely dried up due to predatory regulation.

Find my smartphone, find my car, show me the way: smart services that can be abused.
The combination of smartphones and GPS apps is among the most popular services. But they can also be abused. These services collect, process, and store data in ways we don't know, let alone control. Consider the dozens of apps on your smartphone. What data do they access? Who made them? Who accesses them?
The European Commission has just announced the withdrawal of a children's smartwatch made in China. The Safe-KID-One smartwatch is claimed to be “Made in China in accordance with high German quality standards according to ENOX Hamburg/Germany.” This “high-tech SIM/GPS surveillance and security smartwatch” is equipped with a range of features, including a GPS tracker, speaker, microphone, and call/SMS functions. It offers parents the option to download the Safe-KID-One app to call, track, and locate the child using the smartwatch.

In the withdrawal announcement, the European Commission stated regarding the smartwatch: “The mobile application, including the watch, has unencrypted communications with its backend server, and the server allows unauthenticated access to the data. As a result, data such as location history, phone numbers, and serial numbers can be easily retrieved and changed. A malicious user can send commands to any watch to call another number of their choosing, communicate with the child on the device, or locate the child via GPS.”

The Safe-KID-One product isn't the only one on the market generating concerns and recalls. In fact, the Federal Trade Commission recently reached an agreement with Lenovo for installing middleman malware on hundreds of thousands of laptops, which compromised users' digital lives.
The data generated on these devices is stored in many places—on phones and computers, but also on internet servers around the world. Apparently, when you use services from Google, Facebook, Microsoft, and Amazon, your data is stored on a corporate server, but what about the $9.99 knock-off Fitbit purchased on Amazon? The watch is made in China; its app and software are also made in China; and the data it collects is likely sent to a server in China.

The bad news is that the worst is yet to come.
If this story depresses or worries you, unfortunately, there is little consolation. The so-called light at the end of the tunnel is an approaching train manufactured by China's CRRC, the world's largest supplier of rail transit equipment.
European telecoms policy has succeeded in turning the EU from the region's leader in investment and innovation into a trailing player behind China, Japan, South Korea, and the United States. The EU once accounted for a third of global investment in telecoms infrastructure, had six mobile phone manufacturers, and boasted significant research and development budgets and thousands of patents to prove it. But no longer. If you compare the EU to the United States, the Americans have invested twice as much in infrastructure over a 12-year period. Asia, Africa, and Latin America should learn from Europe's mistakes. Ideologically driven telecoms regulation has transformed the EU from a global leader in telecommunications into a global loser.
China may be a security threat, but its leaders understand the economy that Europe rejects. The Chinese understood that combining large volume (large, efficient telecom companies) with significant investment in innovation provides global leadership. The EU, instead of allowing telecom companies to scale up to build pan-European networks, has micromanaged networks. There is no pan-European operator at present, and unsurprisingly, no path to 5G. In Denmark (a country with a telecom market cap the size of Hamburg), the second and third largest operators were unable to obtain permission to merge. Prices in Denmark rose after the merger failed, the opposite of what experts predicted.

EU leaders love to talk about the Digital Single Market, and while they have imposed many regulations to ensure a single standard, they have prevented European companies from achieving scale. Europe lacks investment in innovation. The nations leading in 5G have consolidated the mobile markets of China and the US. The FT-ETNO Summit provided answers to the questions of the telecoms industry and investors: Vestager determines the speed and direction of EU telecoms, while Ansip and Oettinger are merely sideshows to promote the illusion of the digital single market.
European regulation has so depressed investment in the EU that mobile operators have been driven into the arms of the Chinese. Huawei can underprice network equipment products compared to Nokia and Ericsson, and European leaders endorsed the purchase of Huawei network equipment—a decision they now regret. European leaders will also regret their great success with the new General Data Protection Regulation (GDPR). The promise of GDPR means little when European communications networks have to be ripped out and replaced with secure equipment. In fact, GDPR actually allows users to transfer their data to Chinese platforms.

Unfortunately, Europe still hasn't learned its lesson. Brussels plays small ball and misses the whole field. Earlier this month, EU competition chief Margethe Vestager rejected the Siemens-Alstom merger. The companies hoped to leverage the merger to make necessary investments in European rail technology, and even when combined, the two companies would still be smaller than China's CRRC.
If a mobile network carrying data is critical infrastructure, then the hardware used to process and store data must also be considered critical infrastructure. Cyberattacks can be carried out both on the network and at the edge with end users. However, it's not just catastrophic attacks that are worrying, but cyber warfare—small-scale attacks, espionage, and surveillance that occur just below the critical threat threshold. This type of warfare, largely focused on soft targets, is designed to fatigue the enemy, deplete their resources, and gather their secrets.

While there is a risk that China could cripple Western society by blocking access to critical telecommunications infrastructure produced in China—be it servers, routers, laptops, or phones—it is even more likely that the West has become so dependent on Chinese technology that it no longer produces its own innovation.
When China joined the World Trade Organization in 2001, Western leaders assured that China would only handle low-end manufacturing, while high-end innovation would remain in the US and the EU. That is no longer the case. China not only has high-quality manufacturing but also conducts R&D. As we move toward 2025, China's objectives are clear: to dominate strategic industrial sectors and become independent of Western technology while simultaneously making the West addicted to its products and services.
The bottom line for the West is that it is a bad situation that is only getting worse.