The letter was written in response to one from Lamb that asked several questions of the company. One was about the shortcomings identified in the latest report from the Huawei Cyber Security Evaluation Centre's Oversight Board.
The HCSEC, a testing centre set up by the company and jointly run with the UK's National Cyber Security Centre, tests the company's technology to ensure that any security issues are mitigated and issues a report every year.
Ding said the latest report had identified "some areas for improvement in our engineering processes and we are working to address them".
Ding ruled out any possibility that the company would be asked to assist China in intelligence gathering, saying this had never happened and would never happen.
"Were Huawei to engage in malicious behaviour, it would not go unnoticed - and it would certainly destroy our business," he said. "For us, it is a matter of security or nothing; there is no third option."
With regard to China's National Intelligence Law, Ding said the Chinese Foreign Affairs Ministry had clarified that no Chinese law obliged any company to install backdoors.
"To confirm this interpretation, we have also sought the opinion of a leading Chinese law firm, Zhong Lun, which has been reviewed by Clifford Chance LLC, a well-respected international law firm based in London," he said.
"The legal opinion confirms that relevant provisions of the Counter-Espionage Law, the Anti-Terrorism Law, the Cyber Security Law, the National Intelligence Law, and the State Security Law do not appear to empower PRC government authorities to plant backdoors, eavesdropping devices or spyware in telecommunications equipment.
"In addition, the relevant provisions of China's National Intelligence Law do not appear to have extra-territorial effect over Chinese companies' overseas subsidiaries and employees, such as Huawei UK."
Lamb also asked what reassurances Huawei could provide to show that its products and services were not a threat to British national security.
Ding said in response that the company's "solid track record" was the strongest evidence it could provide. "Over the past 30 years, Huawei has provided network products and solutions to nearly 1500 telecom operators in more than 170 countries and regions," he said, adding that the company was delivering stable telecommunications service to more than three billion people.
He said some governments had labelled Huawei a security threat, but had never substantiated these allegations with solid evidence.
Ding's letter was sent on 29 January, about a week before a report in a London newspaper hinted that the forthcoming report from HCSEC would claim that Huawei had not addressed security concerns raised last year – even though the NCSC said at the time that fixing the issues identified would take until mid-2020.
London's Telegraph newspaper claimed that the latest draft report had found that "issues raised from its previous findings into the Chinese telecoms giant have not been fully addressed and will criticise Huawei over the security of its technology".
The issues in question were raised in July last year when the last report from the HCSEC was issued. At the time, as iTWire reported, the report claimed that equipment made by Huawei had technical and supply-chain issues that exposed the UK's telco networks to new security issues.
Ding made no reference to this, but mentioned the HCSEC while asserting that the company took cyber security very seriously. He pointed out that since 2011, John Suffolk, a former British government CIO, had been functioning as Huawei's Global Cyber Security and Privacy Officer.
A Cyber Security Verification Lab set up by Huawei reported directly to Suffolk, providing reports that detailed the quality and security capabilities of the company's products, Ding said.
He also said the HCSEC Oversight Board included members of the company, the UK Government and British telcos and the most recent report from this board said this assurance model was the best way to manage any risk stemming from Huawei's involvement in the British telecommunications sector.
Asked about action against Huawei taken by other countries, including the so-called Five Eyes nations, Ding said while some countries had acted to restrict the company's business activities, in many cases the media had exaggerated the extent of the restrictions.
He claimed that to date:
- Canada had not imposed any restrictions on Huawei;
- New Zealand had turned down a single 5G proposal but the regulatory process was still ongoing;
- Australia had raised extra requirement for the supply of 5G products but Huawei was still a major provider of network equipment; and
- Even in the US, existing laws only restricted use of federal funds to purchase Huawei networking hardware and services and there were no restrictions on the company's business activities.
Thanks to The Register for the link to the letter.