China watchHuawei’s Ability to Eavesdrop on Dutch Mobile Users Is a Wake-up Call for the Telecoms Industry

By Greig Paul

Published 10 May 2021

Chinese technology provider Huawei was recently accused of being able to monitor all calls made using Dutch mobile operator KPN. While the full report on the issue has not been made public, journalists reporting on the story have outlined specific concerns that Huawei personnel in the Netherlands and China had access to security-essential parts of KPN’s network – including the call data of millions of Dutch citizens – and that a lack of records meant KPN couldn’t establish how often this happened.

Chinese technology provider Huawei was recently accused of being able to monitor all calls made using Dutch mobile operator KPN. The revelations are from a secret 2010 report made by consultancy firm Capgemini, which KPN commissioned to evaluate the risks of working with Huawei infrastructure.

While the full report on the issue has not been made public, journalists reporting on the story have outlined specific concerns that Huawei personnel in the Netherlands and China had access to security-essential parts of KPN’s network – including the call data of millions of Dutch citizens – and that a lack of records meant KPN couldn’t establish how often this happened.

Both KPN and Huawei have denied any impropriety, though in the years since the 2010 report, Huawei has increasingly found itself labelled a high-risk vendor for telecoms companies to work with, including by the UK’s National Cyber Security Centre.

To better understand this story, and to consider whether other telecoms networks may have had similar security vulnerabilities to KPN’s, we need to look at how complex mobile networks are run. KPN essentially granted Huawei “administrator rights” to its mobile network by outsourcing work to the Chinese firm. Legislation is only now catching up to prevent similar vulnerabilities in telecoms security.

Commercial Pressures
Huawei is one of the three dominant radio equipment providers in the world, alongside Ericsson and Nokia. These giant technology companies provide the base stations and equipment that deliver mobile phone signals. Operators like KPN increasingly pay these companies not only to buy the equipment, but also for them to support and maintain it.

The telecoms market in which KPN operates is one of the most price-competitive in the world. European mobile operators saw average revenues per user in 2019 of €14.90 (£12.85) a month, compared with €36.90 a month in the USA. European spend on telecoms services are also reducing year-on-year as operators compete to offer the best deals to consumers.

Lower revenues force operators to carefully manage costs. This means that operators have been keen to outsource parts of their businesses to third parties, especially since the late 2000s.

Large numbers of highly skilled engineers are an expensive liability to have on the balance sheet, and can often appear underused when things are running smoothly. Such jobs are often outsourced, with personnel transferring to the outsourced provider, to help operators to cut their payroll costs.