Chinese technology provider Huawei was recently accused of being able to monitor all calls made using Dutch mobile operator KPN. The revelations are from a secret 2010 report made by consultancy firm Capgemini, which KPN commissioned to evaluate the risks of working with Huawei infrastructure.
While the full report on the issue has not been made public, journalists reporting on the story have outlined specific concerns that Huawei personnel in the Netherlands and China had access to security-essential parts of KPN’s network – including the call data of millions of Dutch citizens – and that a lack of records meant KPN couldn’t establish how often this happened.
Both KPN and Huawei have denied any impropriety, though in the years since the 2010 report, Huawei has increasingly found itself labeled a high-risk vendor for telecoms companies to work with, including by the UK’s National Cyber Security Centre.
To better understand this story, and to consider whether other telecoms networks may have had similar security vulnerabilities to KPN’s, we need to look at how complex mobile networks are run. KPN essentially granted Huawei “administrator rights” to its mobile network by outsourcing work to the Chinese firm. Legislation is only now catching up to prevent similar vulnerabilities in telecoms security.
Huawei is one of the three dominant radio equipment providers in the world, alongside Ericsson and Nokia. These giant technology companies provide the base stations and equipment that deliver mobile phone signals. Operators like KPN increasingly pay these companies not only to buy the equipment, but also for them to support and maintain it.
The telecoms market in which KPN operates is one of the most price-competitive in the world. European mobile operators saw average revenues per user in 2019 of €14.90 (£12.85) a month, compared with €36.90 a month in the USA. European spend on telecoms services are also reducingyear-on-year as operators compete to offer the best deals to consumers.
Lower revenues force operators to carefully manage costs. This means that operators have been keen to outsource parts of their businesses to third parties, especially…