Expense Manager Services

Getting a handle on Unmanaged Spend through Expense Manager Services

european union

telecommunications

EU privacy body urges anonymization of location data for COVID-19 tracking

The European Data Protection Board (EDPB) has published guidance for the use of location data and contacts tracing tools intended to mitigate the impact of the COVID-19 pandemic.

Europe’s data protection framework wraps around all such digital interventions, meaning there are legal requirements for EU countries and authorities developing tracing tools or soliciting data for a coronavirus related purpose.

“These guidelines clarify the conditions and principles for the proportionate use of location data and contact tracing tools, for two specific purposes: using location data to support the response to the pandemic by modelling the spread of the virus so as to assess the overall effectiveness of confinement measures; [and] contact tracing, which aims to notify individuals of the fact that they have been in close proximity of someone who is eventually confirmed to be a carrier of the virus, in order to break the contamination chains as early as possible,” the EDPB writes in the document.

The European Commission and the EU parliament have already weighed in with their own recommendations in this area, including a toolbox to help guide contacts tracing app developers. The Commission has also urged Member States to take a common approach to building such apps, and has been leaning on local telcos to provide “anonymized and aggregated” metadata for modelling the spread of the virus across the EU.

The guideline document from the EDPB — a body made up of representatives from the EU’s national data protection agencies which helps coordinate the application of pan-EU data protection law — brings additional expert steerage for those developing digital interventions as part of a public health response to the coronavirus pandemic.

“The EDPB generally considers that data and technology used to help fight COVID-19 should be used to empower, rather than to control, stigmatise, or repress individuals,” it writes. “Furthermore, while data and technology can be important tools, they have intrinsic limitations and can merely leverage the effectiveness of other public health measures. The general principles of effectiveness, necessity, and proportionality must guide any measure adopted by Member States or EU institutions that involve processing of personal data to fight COVID-19.”

Among the body’s specific recommendations are that where location data is being considered for modelling the spread of the coronavirus or assessing the effectiveness of national lockdown measures then anonymizing the data is preferable — with the EDPB emphasizing that proper anonymization is not easy.

Given the inherent complexity it also recommends transparency around the anonymization methodology used. (tl;dr: there’s no security in obscurity, nor indeed accountability.)

“Many options for effective anonymisation exist, but with a caveat. Data cannot be anonymised on their own, meaning that only datasets as a whole may or may not be made anonymous,” it notes.

“A single data pattern tracing the location of an individual over a significant period of time cannot be fully anonymised. This assessment may still hold true if the precision of the recorded geographical coordinates is not sufficiently lowered, or if details of the track are removed and even if only the location of places where the data subject stays for substantial amounts of time are retained. This also holds for location data that is poorly aggregated.

“To achieve anonymisation, location data must be carefully processed in order to meet the reasonability test. In this sense, such a processing includes considering location datasets as a whole, as well as processing data from a reasonably large set of individuals using available robust anonymisation techniques, provided that they are adequately and effectively implemented.”

On contact tracing apps — aka digital tools that are designed to map proximity between individuals, as a proxy for infection risk — the EDPB urges that use of such apps be voluntary.

“The systematic and large scale monitoring of location and/or contacts between natural persons is a grave intrusion into their privacy,” it warns. “It can only be legitimised by relying on a voluntary adoption by the users for each of the respective purposes. This would imply, in particular, that individuals who decide not to or cannot use such applications should not suffer from any disadvantage at all.”

The importance of accountability is also front and center, with the EDPB saying the controller of such apps must be clearly defined.

“The EDPB considers that the national health authorities could be the controllers for such application; other controllers may also be envisaged. In any cases, if the deployment of contact tracing apps involves different actors their roles and responsibilities must be clearly established from the outset and be explained to the users.”

Purpose limitation is another highlighted component. Apps need to have purposes that are “specific enough to exclude further processing for purposes unrelated to the management of the COVID- 19 health crisis (e.g., commercial or law enforcement purposes)”, it says.

So, in other words, no function creep — and no EU citizen mass surveillance via a pandemic backdoor.

The EDPB also writes that “careful consideration should be given to the principle of data minimisation and data protection by design and by default” — noting specifically that contact tracing apps “do not require tracking the location of individual users”.

Instead “proximity data should be used” for the contacts tracing purpose.

“Contact tracing applications can function without direct identification of individuals,” it further emphasizes, adding that “appropriate measures should be put in place to prevent re-identification”.

The guidance aligns with the coronavirus contacts tracing model devised jointly by Apple and Google — which have said they will be offering a cross-platform API for COVID-19 contacts tracing based on ephemeral proximity IDs shared via Bluetooth.

At one point the EDPB guidance appears to be leaning towards favoring such decentralized approaches to contacts tracing apps, with the body writing that “the collected information should reside on the terminal equipment of the user and only the relevant information should be collected when absolutely necessary”.

Although later on the in guidance it discussed centralized models that involve proximity data being uploaded to a server in the cloud, writing that: “Implementations for contact tracing can follow a centralized or a decentralized approach. Both should be considered viable options, provided that adequate security measures are in place, each being accompanied by a set of advantages and disadvantages.”

In Europe there is currently a big fight between different camps over whether contacts tracing apps should use a centralized or decentralized model for storing and processing proximity data — with a contacts tracing app standardization effort known as PEPP-PT that’s backed by Germany’s Fraunhofer Institute for Telecommunications and some EU governments wanting to support centralized protocols for COVID-19 contacts tracking, while a separate coalition of European academics wants only decentralized approaches on privacy grounds, and has developed a protocol called DP-3T.

Europe’s PEPP-PT COVID-19 contacts tracing standard push could be squaring up for a fight with Apple and Google

“The current health crisis should not be used as an opportunity to establish disproportionate data retention mandates,” the EDPB warns. “Storage limitation should consider the true needs and the medical relevance (this may include epidemiology-motivated considerations like the incubation period, etc.) and personal data should be kept only for the duration of the COVID-19 crisis. Afterwards, as a general rule, all personal data should be erased or anonymised.”

The body also recommends algorithms used in contacts tracing apps be audited and regularly reviewed by outside experts.

Again, a key criticism of the PEPP-PT initiative has been around lack of transparency — including its failure to publish code for external review. (Though it has said it will be publishing code.)

“In order to ensure their fairness, accountability and, more broadly, their compliance with the law, algorithms must be auditable and should be regularly reviewed by independent experts. The application’s source code should be made publicly available for the widest possible scrutiny,” the EDPB writes.

Another notable piece of the guidance is for a data protection impact assessment not only to be carried out but that it be published — which marks a further push for accountability via transparency in such an unprecedented moment.

“The EDPB considers that a data protection impact assessment (DPIA) must be carried out before implementing such tool as the processing is considered likely high risk (health data anticipated large-scale adoption, systematic monitoring, use of new technological solution). The EDPB strongly recommends the publication of DPIAs,” it writes.

Typically DPAs leave it up to data controllers to decide whether to publish a DPIA or not — in this case the strong push from the central authority is that these documents are made public where COVID-19 contacts tracing apps are concerned.

Having highlighted the pros and cons of centralized vs decentralized approaches to contacts tracing, the EDPB goes on to recommend that the conceptual phase of app development “should always include thorough consideration of both concepts carefully weighing up the respective effects on data protection/privacy and the possible impacts on individuals rights”.

“Any server involved in the contact tracing system must only collect the contact history or the pseudonymous identifiers of a user diagnosed as infected as the result of a proper assessment made by health authorities and of a voluntary action of the user. Alternately, the server must keep a list of pseudonymous identifiers of infected users or their contact history only for the time to inform potentially infected users of their exposure, and should not try to identify potentially infected users.”

“Putting in place a global contact tracing methodology including both applications and manual tracing may require additional information to be processed in some cases. In this context, this additional information should remain on the user terminal and only be processed when strictly necessary and with his prior and specific consent,” it adds.

You can read the full document here.

Read more: https://techcrunch.com/2020/04/22/eu-privacy-body-urges-anonymization-of-location-data-for-covid-19-tracking/

telecommunications

France is officially working on Stop Covid contact-tracing app

France’s health minister Olivier Véran and digital minister Cédric O have officially announced that the French government is working on a smartphone app to slow the spread of COVID-19. The government is putting a stamp of approval on the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project but remains cautious about what to expect from an app.

Using mobile apps to track the coronavirus is a sensitive issue in Europe. Dozens of nonprofit organizations have written a common statement urging governments to respect human rights.

They fear that governments could use this opportunity to enforce far-reaching surveillance measures that don’t comply with the regulatory framework and that remain in place after the coronavirus crisis. The European Commission reminded governments that they should implement “appropriate safeguards” as EU citizens are not going to trust contact-tracing apps if they don’t treat personal information appropriately.

That’s probably why the government is preventively trying to reassure people before releasing the Stop Covid app. According to a statement, the Ministry for the Digital Sector says that it is working with the Health Ministry, the Justice Ministry and the Ministry of Higher Education, Research and Innovation to coordinate tech-based initiatives.

Led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI), the PEPP-PT project that was unveiled last week is a coalition of dozens of research institutions across multiple countries. France’s INRIA is a member of the PEPP-PT and the French government is willing to collaborate with the INRIA as part of the PEPP-PT effort.

They’re working on an open standard to develop contact-tracing apps. Those apps would rely on Bluetooth Low Energy to identify other phones running the same app. If, at some point, you are near an infected person, you would be notified.

And the French government says that there will be an app specifically designed to track people living in France. That app will leverage the PEPP-PT protocol.

People in favor of contact-tracing apps say that it would help break infection chains if you combine those apps with proactive tests and self-isolations.

In an interview with Le Monde, Cédric O and Olivier Véran detailed the effort. France isn’t going to force you to install the app and “Stop Covid” is only going to use Bluetooth. A prototype is in the works, but it’s going to take three to six weeks to develop.

Even then, the French government might not even release the app. “We’re not sure that we can overcome all the technical difficulties because Bluetooth hasn’t been designed to measure the distance between individuals. We will decide later if it would be useful to roll out such an application or not,” Cédric O told Le Monde .

When it comes to privacy, Cédric O says the app will be open-source and France’s privacy watchdog the CNIL will have a say. We’ve reached out to the CNIL for comment but the agency said it was too early to comment.

More importantly, details are still thin on the implementation of the PEPP-PT protocol in France. Privacy experts are debating the design of the system. Some argue that it should be as decentralized as possible. Smartphones should keep a log of your social interactions (via ephemeral Bluetooth identifiers). Your phone would regularly fetch a list of infected ephemeral Bluetooth identifiers and do the heavy lifting.

The PEPP-PT project currently supports centralized and decentralized approaches, which means that governments have to decide on an implementation. In a centralized system, a server would assign each user an anonymized identifier and collect data about your social interactions. Each user would be able to fetch the status of its identifier to check whether they’ve been potentially infected or not. It creates a single point of failure and presents risks if someone is able to match anonymized identifiers with real names.

EU privacy experts push a decentralized approach to COVID-19 contacts tracing

The Ministry for the Digital Sector also detailed how France is leveraging tech in general to understand the coronavirus outbreak, improve COVID-19 treatments and plan the end of the lockdown in France.

In addition to the app that is currently in the works, the French government has rolled out an official website to inform people, is encouraging telemedicine services to treat patients (such as Covidom from public hospitals in Paris), is mining aggregated data from telecom companies to understand how people move around the country and is leveraging machine learning on big data to forecast the coronavirus outbreak.

Read more: https://techcrunch.com/2020/04/08/france-is-officially-working-on-stop-covid-contact-tracing-app/

telecommunications

Freshly elected as UKs next PM, Boris Johnson pledges full fiber broadband bonanza

Get ready for a British Trump: The UK will shortly have a new prime minister after the Conservative Party membership overwhelmingly voted to elect Boris Johnson as their new party leader, passing over his sole rival for the post, Jeremy Hunt.

Johnson received 92,135 votes, a full 45,497 more than Hunt.

He replaces Theresa May who announced she would step down in May after failing to achieve backing from parliament for her EU withdrawal deal — the second PM to be toppled by Brexit in just under three years.

Whether Johnson can outlast even May’s brief tenure very much remains to be seen.

The former journalist and ex mayor of London has made a political success story of clowning around in public and cracking often self-deprecating jokes that encourage a perception of joviality and good humor, while simultaneously pressing his personal ambition behind the scenes and ruthlessly gunning for the highest office in the land — which was his motivation for switching to back Brexit in the first place.

The clown mask enables the political manoeuvering, as it were.

How the usual Johnson ‘circus’ will translate into firm policy positions is something of an open question at this stage, though early indications suggest he’s intending an infrastructure spending spree — to feed the popularity contest that has, after all, swept him to power.

Albeit how any such public spending bonanza will be funded is anyone’s guess at this stage. One of his few leadership pledges was an income tax cut for high earners — which would rather shrink the Treasury’s coffers by billions than expand it…

He has also implied he might withhold the UK’s exit payment to the EU — a multi-billion sum that’s intended to cover the country’s existing commitments as it leaves the bloc.

But if you’re simultaneously hoping to ink a trade deal with the very same neighbors you’re denying payment to that would seem a rather self-defeating and short-term strategy, both at home and abroad.

Giving his Conservative leadership acceptance speech this afternoon there was little of policy substance on show from Johnson. In his usual showman style, he preferred to stroke sitting Tory egos with a confection of positive projections and feel-good sentiments — principally about ‘getting brexit done’ (though nothing on how he will actually get it done).

He also dropped a few enthusiastic words vis-a-vis infrastructure, education and broadband — going longest on the latter by claiming that “fantastic full fiber broadband” would be “sprouting in every household”, before falling back on the safe and fuzzy ground of non-specific cheerleading of party and country.

On the surface, the fiber broadband pledge looks like a rinse and repeat of an existing government policy — announced in last year’s digital strategy — to put all UK households in reach of fibre to the premise (FTTP) by 2033.

Though the government had not committed to paying the estimated £30BN to fund a full FTTP rollout, focusing on regulatory tweaks to encourage the market to cover the majority of the country, and then planning to target public cash at the tricky last fifth.

But penning his regular column in the Telegraph newspaper last month, Johnson dubbed the 2033 target “laughably unambitious“, writing that: “If we want to unite our country and our society, we should commit now to delivering full fibre to every home in the land not in the mid 2030s — but in five years at the outside.”

So a Boris Johnson-led Tory government’s full fibre target is, seemingly, being brought forward to 2025.

If he really intends for the public purse to bankroll universal FTTP within a five year time-scale it would certainly be transformative — with many rural regions still lagging urban Britain’s high speed access to Internet services, as a result of the business case for a rapid upgrade of these digital slow-lanes not stacking up.

Johnson is also right to identify the digital divide as increasingly problematic given the onward march of commercial technology. (And, indeed, increasingly problematic as more government services get pushed online — which risks widening the inequality gap, though he didn’t really dwell on that.)

However there’s no doubt that pressing fast forward on universal FTTP will entail a much larger bill than the government had budgeted for.

Last year’s Future Telecoms Infrastructure Review suggested an additional £3BN to £5BN in public funding would be needed to support commercial investment in the final ~10% of areas that would otherwise be overlooked, per the 2033 timeline. It’s anyone’s guess how much more public money will be needed to accelerate the whole broadband project to meet a universal access goal almost a decade quicker, per Johnson’s plan.

Though, as noted above, a full rollout has been costed at £30BN.

Assuming that ceiling wouldn’t need to be raised as a result of increased deployment velocity, the cost of Johnson’s faster fiber ambition could therefore scale spending on this particular infrastructure project 6x more than current government plans. Hence the pressing question of where the public funds will come from?

How much the Johnson push for ‘rural first’ fibre might cost UK consumers is another matter.

He talks in his newspaper column about “stimulating the private sector to get it done”. And if that stimulation includes government agreeing to industry demands to lengthen or even hyper-extend market review periods in order to encourage the private sector to get digging and fast, then it could result in UK consumers being on the hook twice: First by shelling out to lay the fiber in the first place, and then getting price-gouged to use the fibre-powered Internet services they’ve helped pay for.

Of course ‘fiber for all’ makes a great soundbite for PM Johnson to make a play for hearts and minds.

But, as with everything soon set to cross his desk, the devil is in the detail. And, well, clowns aren’t renowned for their grasp of those kinds of things.

Read more: https://techcrunch.com/2019/07/23/freshly-elected-as-uks-next-pm-boris-johnson-pledges-full-fiber-broadband-bonanza/

telecommunications

Huawei 5G indecision is hitting UKs relations abroad, warns committee

The U.K.’s next prime minister must prioritize a decision on whether or not to allow Chinese tech giant Huawei to be a 5G supplier, a parliamentary committee has urged — warning that the country’s international relations are being “seriously damaged” by ongoing delay.

In a statement on 5G suppliers, the Intelligence and Security committee (ISC) writes that the government must take a decision “as a matter of urgency.”

Earlier this week another parliamentary committee, which focuses on science and technology, concluded there is no technical reason to exclude Huawei as a 5G supplier, despite security concerns attached to the company’s ties to the Chinese state, though it did recommend it be excluded from core 5G supply.

The delay in the U.K. settling on a 5G-supplier policy can be linked not only to the complexities of trying to weigh and balance security considers with geopolitical pressures but also ongoing turmoil in domestic politics, following the 2016 EU referendum Brexit vote — which continues to suck most of the political oxygen out of Westminster. (And will very soon have despatched two U.K. prime ministers in three years.)

Outgoing PM Theresa May, whose successor is due to be selected by a vote by Conservative Party members next week, appeared to be leaning toward giving Huawei an amber light earlier this year.

A leak to the press from a National Security Council meeting back in April suggested Huawei would be allowed to provide kit, but only for non-core parts of 5G networks — raising questions about how core and non-core are delineated in the next-gen networks.

The leak led to the sacking by May of the then defense minister, Gavin Williamson, after an investigation into confidential information being passed to the media in which she said she had lost confidence in him.

The publication of a government Telecoms Supply Chain Review, whose terms of reference were published last fall, has also been delayed — leading carriers to press the government for greater clarity last month.

But with May herself now on the way out, having agreed in May to step down as PM, the decision on 5G supply is on hold.

It will be down to either Boris Johnson or Jeremy Hunt, the two remaining contenders to take over as PM, to choose whether or not to let the Chinese tech giant supply U.K. 5G networks.

Whichever of the men wins the vote, they will arrive in the top job needing to give their full attention to finding a way out of the Brexit morass — with a mere three months til an October 31 Brexit extension deadline looming. So there’s a risk 5G may not seem as urgent an issue and a decision again be kicked back.

In its statement on 5G supply, the ISC backs the view expressed by the public-facing branch of the U.K.’s intelligence service that network security is not dependent on any one supplier being excluded from building it — writing that: “The National Cyber Security Centre… has been clear that the security of the UK’s telecommunications network is not about one company or one country: the ‘flag of origin’ for telecommunications equipment is not the critical element in determining cyber security.”

The committee argues that “some parts of the network will require greater protection” — writing that “critical functions cannot be put at risk” but also that there are “less sensitive functions where more risk can be carried”, albeit without specifying what those latter functions might be.

“It is this distinction — between the sensitivity of the functions — that must determine security, rather than where in the network those functions are located: notions of ‘core’ and ‘edge’ ate therefore misleading in this context,” it adds. “We should therefore be thinking of different levels of security, rather than a one size fits all approach, within a network that has been built to be resilient to attack, such that no single action could disable the system.”

The committee’s statement also backs the view that the best way to achieve network resilience is to support diversity in the supply chain — i.e. by supporting more competition.

But at the same time it emphasizes that the 5G supply decision “cannot be viewed solely through a technical lens — because it is not simply a decision about telecommunications equipment.”

“This is a geostrategic decision, the ramifications of which may be felt for decades to come,” it warns, raising concerns about the perceptions of U.K. intelligence sharing partners by emphasizing the need for those allies to trust the decisions the government makes.

It also couches a U.K. decision to give Huawei access a risk by suggesting it could be viewed externally as an endorsement of the company, thereby encouraging other countries to follow suit — without paying the full (and it asserts vitally) necessary attention to the security piece.

“The UK is a world leader in cyber security: therefore if we allow Huawei into our 5G network we must be careful that that is not seen as an endorsement for others to follow. Such a decision can only happen where the network itself will be constructed securely and with stringent regulation,” it writes.

The committee’s statement goes on to raise as a matter of concern the U.K.’s general reliance on China as a technology supplier.

“One of the lessons the UK Government must learn from the current debate over 5G is that with the technology sector now monopolised by such a few key players, we are over-reliant on Chinese technology — and we are not alone in this, this is a global issue. We need to consider how we can create greater diversity in the market. This will require us to take a long term view — but we need to start now,” it warns.

It ends by reiterating that the debate about 5G supply has been “unnecessarily protracted” — pressing the next U.K. prime minister to get on and take a decision “so that all concerned can move forward.”

Read more: https://techcrunch.com/2019/07/19/huawei-5g-indecision-is-hitting-uks-relations-abroad-warns-committee/

telecommunications

Why carriers keep your data longer

Your wireless carrier knows where you are as you read this on your phone — otherwise, it couldn’t connect your phone in the first place.

But your wireless carrier also has a memory. It knows where you took your phone in the last hour, the last week, the last month, the last year — and maybe even the last five years.

That gives it an enormous warehouse of data on your whereabouts that can help your wireless carrier fix coverage gaps while revealing much more. Depending on the density of cell sites around you at any one point, the location data triangulated from them can not only highlight your home and office, but also point to the bars you frequented, the houses at which you spent the night and the offices of therapists you visited.

Read more: https://techcrunch.com/2019/05/03/why-carriers-keep-your-data-longer/

telecommunications

UK gives Huawei an amber light to supply 5G

The U.K. government will allow Huawei to be a supplier for some non-core parts of the country’s 5G networks, despite concerns that the involvement of the Chinese telecoms vendor could pose a risk to national security. But it will be excluded from core parts of the networks, according to reports in national press.

The news of prime minister Theresa May’s decision made during a meeting of the National Security Council yesterday was reported earlier by The Telegraph. The newspaper said multiple ministers raised concerns about her approach — including the Home Secretary, Foreign Secretary, Defence Secretary, International Trade Secretary and International Development Secretary.

The FT reports that heavy constraints on Huawei’s involvement in U.K. 5G networks reflect the level of concern raised by ministers.

May’s decision to give an amber light to Huawei’s involvement in building next-gen 5G networks comes a month after a damning report by a U.K. oversight body set up to evaluate the Chinese company’s approach to security.

The fifth annual report by the Huawei Cyber Security Evaluation Centre Oversight Board blasted “serious and systematic defects” in its software engineering and cyber security competence.

Though the oversight board stopped short of calling for an outright ban — despite saying it could provide “only limited assurance that all risks to U.K. national security from Huawei’s involvement in the U.K.’s critical networks can be sufficiently mitigated long-term.”

But speaking at a cybersecurity conference in Brussels in February, Ciaran Martin, the CEO of the U.K.’s National Cyber Security Centre (NCSC), expressed confidence U.K. authorities can mitigate any risk posed by Huawei.

The NCSC is part of the domestic GCHQ signals intelligence agency.

Dr. Lukasz Olejnik, an independent cybersecurity advisor and research associate at the Center for Technology and Global Affairs at Oxford University, told TechCrunch he’s not surprised by the government’s decision to work with Huawei.

“It’s a message that was long-expected,” he said. “U.K. officials have been carefully sending signals in the previous months. In a sense, this makes us closer to the end of the 5G drama.”

“With proper management most risk can be mitigated. It all depends on the strategic planning,” he added.

“I believe the level of [security] responsibility at telecoms will remain similar to today’s. The main message expected by telecoms is clarity to enable them to move on with infrastructure.”

The heaviest international pressure to exclude the Chinese vendor from next-gen 5G networks has been coming from the U.S., where President Trump has been leaning on key intelligence-sharing allies to act on espionage fears and shut out Huawei — with some success.

Last year Australia and New Zealand both announced bans on Chinese kit vendors citing national security fears.

But in Europe governments appear to be leaning in another direction: toward managing and mitigating potential risks rather than shutting the door completely.

The European Commission has also eschewed pushing for a pan-EU ban — instead issuing recommendations encouraging member states to step up individual and collective attention on network security to mitigate potential risks.

It has warned too — and conversely — of the risk of fragmentation to its flagship “digital single market” project if member state governments decide to slam doors on their own. So, at the pan-EU level, security considerations are very clearly being weighed against strategic commercial imperatives and technology priorities.

Equally, individual European governments appear to have little appetite to throw a spanner in the 5G works, given the risk of being left lagging as cellular connectivity evolves and transforms — an upgrade that’s expected to fuel and underpin developments in artificial intelligence and big data analysis, among other myriad and much-hyped benefits.

In the U.K.’s case, national security concerns have been repeatedly brandished as justification for driving through domestic surveillance legislation so draconian that parts of it have later been unpicked by both U.K. and EU courts. Even if the same security concerns are here, where 5G networks are concerned, being deemed “manageable” — rather than grounds for a similarly draconian approach to technology procurement.

It’s not clear at this stage how extensively Huawei will be involved in supplying and building U.K. 5G networks.

The NCSC sent us the following statement in response to questions:

National Security Council discussions are confidential. Decisions from those meetings are made and announced at the appropriate time through the established processes.

The security and resilience of the UK’s telecoms networks is of paramount importance.

As part of our plans to provide world class digital connectivity, including 5G, we have conducted an evidence based review of the supply chain to ensure a diverse and secure supply base, now and into the future. This is a thorough review into a complex area and will report with its conclusions in due course.

“How ‘non-core’ will be defined is anyone’s guess but it would have to be clearly defined and publicly communicated,” Olejnik also told us. “I would assume this refers to government and military networks, but what about safety communication or industrial systems, such as that of power plants or railroad? That’s why we should expect more clarity.”

Read more: https://techcrunch.com/2019/04/24/uk-gives-huawei-an-amber-light-to-supply-5g/