Welcome to Codebook, the newsletter that hides "Avengers: Endgame" spoilers throughout the news stories.
Illustration: Sarah Grillo/Axios
The U.S. is having a "Huawei moment," as security concerns prompt the Trump administration to try to block allies from using 5G equipment produced by the Chinese company. But policymakers and experts also fear the U.S. is ill-prepared to challenge Chinese dominance in the next waves of technology — opening the U.S. to another round of national security worries.
Why it matters: Today, neither the United States nor its closest allies manufacture 5G telecom equipment to compete with Huawei for global business. The same dynamic will play out with 6G and other markets unless the U.S. takes long-term measures today to challenge China's manufacturing power and prepare for the next Huawei moment.
Background: Huawei is accused of:
There's also some fear in the U.S. that China's domination of any tech market hurts U.S. interests.
Driving the news: On Monday, the U.S. repeated its threat to limit intelligence sharing with the U.K., its closest ally, if Britain moves ahead with plans for limited use of Huawei equipment in its 5G buildout.
Between the lines:
Jaffer believes that enforcing fair practices starts with penalizing China in trade negotiations for its theft of intellectual property.
The big picture: 6G isn't the only emerging technology with national security implications. Others include AI and quantum computing, and China is funding research in both those areas with the goal of dominating the market.
A pragmatic industrial policy would mean defending all those technologies, said Michael Daniel, CEO of the Cyber Threat Alliance and former cybersecurity coordinator for the Obama White House.
The bottom line: It may be impossible to right the ship as quickly as we'd want.
The Trump administration is dropping its trade negotiations demand that China cease hacking U.S. companies to steal intellectual property, according to the Financial Times.
Why it matters: Per the report, President Trump's team is softening its positions in order finish a deal by the summer. But Chinese intellectual property theft is a multibillion-dollar drain on U.S. industry.
Details: It's cheaper to steal someone else's trade secrets than do the research and development yourself. China has used the technique to prop up entire industries, which can undersell the firms they steal from by passing savings on to consumers.
Bloomberg reported Tuesday that Vodafone's Italian division had discovered "backdoors" in its Huawei-brand telecommunications equipment in 2011 and 2012.
But, but, but: The story did not play well in the security community, where the evidence is seen as insufficient of the central claims. It didn't make a strong case that the "backdoor" was anything more than a minor, unintentional problem. Vodafone's official stance was it wasn't.
Here's what actually happened: The story was based on internal memos leaked to Bloomberg.
To be clear: This chain of events is common for manufacturers. It's hard to make the leap to claiming this was a backdoor based on the story.
However: Bloomberg may not have given the full account of the technical reasoning that the Telnet issue was intentional.
According to Zanero, the following was left out of the story:
The bottom line: It still isn't a smoking gun. Even with Zanero's elaborations, to most of the security community, this has read like Vodafone employees attributing malice to incompetence.
60% of code audited by the open source security firm Synopsys in 2018 contained at least one out-of-date open source library with a vulnerability that has already been patched, according to a new report.
Why it matters: That's better than 2017, when 78% of programs had at least one vulnerability. That may be because in 2017, the massive Equifax breach happened on account of an already patched open source vulnerability.
Details: Almost all code — 96%, per the report — uses open source libraries.
The Department of Health and Human Services reduced its fines for violations of HIPAA — the law requiring health care industries to protect customer data, according to a notice this week in the Federal Register.
Driving the news: The new rules reduce a maximum fine of $1.5 million to a maximum fine of $250,000.
Details: The changes in fees may fundamentally alter how companies approach compliance fines, said Moore.
British Defense Secretary Gavin Williamson. Photo: Alberto Pezzali/NurPhoto via Getty Images
UK defense secretary fired over Huawei leaks: At the end of last week, someone leaked results of secret U.K. National Security Council decision to allow telecoms to purchase less critical equipment from Huawei. (CNN)
Fiserv cyber suit: The financial technology firm Fiserv, a major maker of banking software, is being sued by a Pennsylvania credit union over alleged "baffling security lapses," significant bugs and rampant billing errors. (Axios)
Citycomp files posted online: The German IT provider Citycomp, whose clients include Volkswagon and Hugo Boss, did not pay ransom on stolen client files, and the files have been posted online. (Sophos)
Financial services fraud up: Financial services firms saw 60% more email fraud last year, according to a report from Proofpoint.
Codebook will return Thursday.
Correction: In last week's Codebook, Paul Rosenzweig's name was misspelled.