Welcome back to Axios' cybersecurity newsletter, brought to you once again by your guest host, Scott Rosenberg.
Today's edition is 1,497 words, a 5,5-minute read.
Illustration: Aïda Amer/Axios
U.S. critics of Huawei are ramping up a campaign to make the Chinese telecom giant a global pariah even as key American allies remain unsold on the case against the company.
Where it stands: U.S. officials and experts advocating blocking trade with Huawei lack hard evidence of Beijing-backed misdeeds, so they're asking the rest of the world to make choices based on "what if" scenarios.
Driving the news: Prime Minister Boris Johnson announced Tuesday that the U.K. would use Huawei as one supplier for "non-core" parts of its 5G network.
Britain says it will keep Huawei far away from key routers and other network nerve centers. But intelligence experts for both the U.S. and many of its "Five Eyes" allies believe that the advent of software-configurable equipment and 5G's more decentralized network architecture have eroded the distinction between "core" and edge, leaving networks at risk from almost any point.
The big picture: U.S. efforts to quarantine Huawei come as the Trump administration pursues a trade war with China and Americans grow more concerned over Beijing's willingness to bend technology to its own ends — as it has in surveilling Uighur Muslims.
The case against Huawei relies on two key scenarios.
1. Espionage: Huawei critics and human rights experts, citing the company's close relationship with China's government and military, along with the provisions of China's 2017 National Intelligence Law, say that any country that uses the company's equipment to build a next-generation 5G wireless network will open its communications networks to Chinese spying and surveillance.
2. Sabotage: In a future crisis, Huawei critics say, use of the company's equipment in key networks could render them vulnerable to surprise attacks or give China access to U.S. energy facilities, factories and other critical infrastructure.
Throughout this conflict, which began early in 2018 and ramped up dramatically last year when the U.S. declared a national emergency and barred U.S. firms from trade with Huawei, the Chinese company has vehemently denied any wrongdoing.
The catch: The spying and cyber warfare scenarios that drive U.S. efforts to block Huawei from the global 5G market remain theoretical at this point.
Between the lines: A British oversight board tasked with auditing Huawei equipment last year found no evidence of Chinese government meddling but did find troubling shortfalls in “basic engineering competence and cyber security hygiene.”
Meanwhile, a new report in Germany suggests U.S. intelligence has provided authorities there with new "smoking gun" evidence that Huawei products are compromised, per Reuters.
The bottom line: The intelligence community broadly believes Huawei can't be trusted. But in the absence of evidence, many in the industry remain skeptical, and allied governments aren't falling in line with the U.S.
Go deeper: Inside the Feds' battle against Huawei (Garrett Graff, Wired)
The cybersecurity sector is attracting "unprecedented levels of VC dealmaking," according to the year-end Venture Monitor report by the National Venture Capital Association and PitchBook, Axios' Kim Hart reports.
Why it matters: Technology is now not just a sector of the economy, it is the primary driver of the economy. And the more wireless networks, software applications, cloud data centers and internet-connected devices we use, the more security vulnerabilities we'll have to protect against.
The big picture: That's a big opportunity for smart investors. Virtually every company is willing to pay big bucks for security solutions and protection. And the threats are morphing all the time.
Details: Cybersecurity capital investment hit a new record in 2019.
Avast is shutting down a controversial subsidiary that shared anonymized user data with marketing clients.
Driving the news: For years, Avast, which offers users free antivirus services, sold user data to marketers through a subsidiary, according to a report from Motherboard and PC Magazine.
What they're saying: Avast initially responded by saying that users have always been able to opt out of having their data tracked by Jumpshot.
The bottom line: Antivirus vendors are in the business of protecting users from risk. Marketers sharing user data is a source of risk (as well as a privacy concern, even with "anonymization").
Our thought bubble: If you need an antivirus tool, it's probably the kind of software that's worth paying for upfront so the provider doesn't have to scrounge for shadier sources of revenue.
Last week's report that Jeff Bezos' iPhone was allegedly hacked via a WhatsApp message from Saudi Crown Prince Mohammed bin Salman discomfited a lot of Apple customers who long believed that one of the features of their high-priced phones was invulnerability.
The big picture: The flaw in this case was in WhatsApp, not the iPhone itself. But the larger lesson is that in a networked world full of incentives for digital mischief, there's no such thing as perfect security — only varying degrees of relative risk.
The iPhone has long been the safest bet for smartphone users, thanks to Apple's close control over the App Store and its tight reins on iOS.
The Washington Post lays out how iOS's and Android's differing software philosophies shape their security landscapes:
The catch: Apple's approach, experts the Post talked to argue, also means that when there is an exploitable hole in iOS, it's easier to keep it secret and exploit it. That leaves "high-value targets" — like, say, billionaire Bezos — more likely to fall victim to high-value hacks.
The bottom line: As security researcher Patrick Wardle told the Post: “A lot of Apple security is amazing and really benefits the average user, but once you’re a target of an advanced adversary or three letter agency, the advanced security of these devices can be used against you."
When Secretary of State Mike Pompeo threw a fit at NPR journalist Mary Louise Kelly last week, he dared her to identify Ukraine on a label-free map of the globe.
That task is a cinch for anyone who grew up playing the board game Risk (or, for that matter, and more relevant to the State Department, Diplomacy).
An enterprising data editor has risen to this occasion by creating a do-it-yourself Ukraine-finding test. Take the Pompeo challenge yourself!