Security Level:

Cyber Security and

User Privacy Protection
Learning Material for
Subcontractors
Dec. 2018 www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD.

Contents

01 Overview of Cyber Security & User Privacy Protection

02 Huawei's Cyber Security & User Privacy Protection Requirements for Subcontractor Employees

03 Feedback and Help

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 2

What Is Cyber Security?

Cyber security is the protection of products, solutions, and services in terms of their availability, integrity,
confidentiality, traceability, robustness, and resistance in compliance with relevant laws, regulations, and
specifications. It protects the communication content, personal data, and privacy of customers and users using
such products, solutions, and services, as well as protecting the flow of unbiased information.

 Availability: Authorized users can use network services and

information at any time. For example, such users can manage
Cyber Security account permissions on customer networks.
 Integrity: Information is accurate, reliable, complete, and not
changed without authorization. For example, logs must not be
modified or deleted without customer authorization.
Data/privacy on
customer networks  Confidentiality: Personnel are granted access to information on a
Robustness need-to-know basis, and the transfer of information is protected and
Availability & resilience managed.
Service continuity &  Traceability: Supplied products and services are traceable. For
robust network example, operation logs record detailed information about performed
operations.
Integrity Traceability  Robustness & resilience: Products and data configurations are
Confidentiality robust. For example, firewall configurations must be able to defend
against attacks.

Note: "Customer/s" in this document refers to Huawei's customer/customers.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 3

What Is Personal Data?
Privacy (The Right to Be Left Alone)

Physical Space Personal Data

Physical inspection, monitoring, biometric information collection... Name, telephone number, IP address, location...

At Huawei, privacy protection mainly focuses on personal data. When handling the personal data of consumers, customers, suppliers,
partners, employees, and other entities, employees should fulfill relevant privacy protection objectives.

Personal Data

• Personal data: Any information relating to an identified or identifiable natural person (referred to as a "data subject") who can be
identified, directly or indirectly, through reference to an identifier (for example, a social security number) or to one or more factors
specific to the natural person's physical, physiological, genetic, mental, economic, cultural, or social identity. Personal data includes a
natural person's name, date of birth, email address, telephone number, biometric data (such as a fingerprint), location data, IP address,
health care information, religious belief, marital status, and so on.
• Depersonalized anonymous data, for example, a collection of statistics and survey results, contains no personally identifiable
information. Such data, therefore, is not subject to the same basic principles involved in the processing of personal data.

Source: 1. EU General Data Protection Regulation; 2. Conducting privacy impact assessments code of practice, ICO, UK

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 4

Legal Roles Related to Personal Data

• Data subject: a natural person who, either directly or indirectly, can be identified through personal data. Examples
include users of Huawei products/services, consultants, job candidates, and employees.
• Data controller: a natural or legal person, public authority, agency, or any other body that, either alone or in
collaboration with others, determines the purposes and means of the processing of personal data. If two or more
agencies jointly determine the purposes and means of data processing, they are deemed as joint controllers.
Example: For the information registered by users on Vmall, Huawei is the data controller.
• Data processor: a natural or legal person, public authority, agency, or any other body that processes personal data on
behalf of the data controller. Example: Huawei is the data processor if the operator requires Huawei to provide
warranty and maintenance services to end users.

Source:
1. EU General Data Protection Regulation
2. Conducting privacy impact assessments code of practice, ICO, UK

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 5

Huawei General Privacy Protection Policy
Principles Principle Description

Lawfulness,
fairness, and • Personal Data shall be Processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
transparency

• Personal Data shall be collected for specified, explicit and legitimate purposes and not further Processed in a manner that is
Purpose limitation
incompatible with those purposes.

• Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are
Data minimization Processed. Huawei shall apply Anonymisation or Pseudonymization to Personal Data if possible to reduce the risks to the Data
Subjects concerned.

• Personal Data shall be accurate and, where necessary, kept up to date; reasonable steps must be taken to ensure that Personal
Accuracy
Data that are inaccurate, having regard to the purposes for which they are Processed, are erased or rectified timely.

Storage limitation • Personal Data shall be kept for no longer than is necessary for the purposes for which the Personal Data are Processed.

• Taking into account the state of technology and other available security measures, the implementation cost, and likelihood and
Integrity and
severity of privacy risks, use appropriate technical or organizational measures to ensure appropriate security of Personal Data,
confidentiality
including protection against accidental or unlawful destruction, loss, alternation, unauthorized access to, or disclosure.

Accountability • Data Controllers shall be responsible for and be able to demonstrate compliance with the principles outlined above.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 6

Huawei's Cyber Security & User Privacy Protection—Policies & Requirements for
Subcontractors
Awareness, management, and execution of cyber security

Policies for Subcontractors: No Security = No Business

 All suppliers involved in cyber security and user privacy protection must sign cyber security and user
Responsibility Action privacy protection agreements.
 All new suppliers involved in cyber security and user privacy protection must pass cyber security and
user privacy protection system qualifications.
 Cyber security and user privacy protection are important evaluation factors in subcontractor selection,
site management, and performance evaluation.

Requirements for Subcontractors

 Comply with cyber security and user privacy protection regulations of the local country.
 Comply with Huawei's delivery process and cyber security and user privacy protection redline
requirements.
 Sign a cyber security and user privacy protection agreement.
 Perform self-inspection for cyber security and user privacy protection.
 Ensure that employees sign a cyber security and user privacy protection commitment letter.
 Strengthen training on cyber security and user privacy protection awareness and security
guidelines.
 Strengthen onsite behavior self-inspection for cyber security and user privacy protection.
 Develop emergency response mechanisms.
 Ensure traceability of operations involving network security.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 7

 Contents

01 Overview of Cyber Security & User Privacy Protection

02 Huawei's Cyber Security & User Privacy Protection Requirements for Subcontractor Employees

03 Feedback and Help

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 8

Huawei's Basic Cyber Security Requirements for Subcontractor Employees (1/3)
Business
Cyber Security Requirements
Activity
1. Obtain approval from relevant government or military departments before taking photos in sensitive areas during site acquisition, RF survey, or
microwave survey.
Onsite survey 2. Protect passwords to the access control systems of sites against unauthorized disclosure, and do not duplicate keys to equipment rooms without
authorization. If a key is lost, it must be reported to the customer immediately and recorded.
3. Do not spread or disclose property information obtained during the site survey.
1. Obtain the "three approvals" before operations.
2. Adhere to the "three approvals" during operations. High-risk operations require a two-person confirmation mechanism, where one person confirms
while the other operates.
Network 3. Do not perform operations beyond the approved business scope unless otherwise agreed upon by the customer.
operations 4. Do not connect to the Internet through a server or maintenance terminal during operations on customer equipment. If Internet connection is
necessary, take security measures such as installing a firewall, installing antivirus software, using VLAN isolation, updating system patches, and
hardening the system. If the device is infected with a virus during operations, isolate it immediately and remove the virus before reconnecting the
device to the network.

1. Apply for an independent network management or device account from the customer and do not share the account with others.
2. Do not add test accounts or account functionality during the commissioning without customer authorization. Do not retain any test account or
balance information created during the commissioning unless requested and approved through signed confirmation by the customer.
3. Set the administrator password on the installed server and terminal device during device commissioning and ensure the password meets complexity
Customer requirements.
equipment 4. Change the commissioning password before project handover to the customer. Include the password in the handover list and request the customer
account to change the password and sign the confirmation. Huawei and its subcontractors must not retain any account or password of the customer's
management network.
5. Strengthen account and permission management and set different permission levels for login accounts.
6. Set different accounts for different roles.
7. Change the password of the root account used for the operating system to improve system security.
8. Change default passwords upon the first login and ensure they meet strength requirements.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 9

Huawei's Basic Cyber Security Requirements for Subcontractor Employees (2/3)
Business
Cyber Security Requirements
Activity

1. Obtain written authorization from the customer before transferring customer data out of the customer's network. The transfer of such data must be in strict compliance with the customer's
authorization.
2. Store customer network data in encrypted format or as authorized by the customer. Strictly control access rights and perform routine maintenance to prevent information leakage.
3. Ensure the safe storage of paper documents, storage media, and devices that contain customer network data to prevent data disclosure or loss.
4. Delete customer data from the computer or storage medium after ETM and confirm the deletion with the customer. Hand over paper documents to the customer and obtain the
customer's signature.
5. Do not spread or disclose documents delivered in the service process. Such documents include the BTS engineering parameter table and network parameter design, network planning,
network optimization, monitoring, network evaluation, acceptance, and network performance improvement reports.
Customer 6. Do not spread or disclose the site location, site device configurations, networking scheme, IP addresses, device passwords, technical specifications, KPIs, frequency resources,
data interconnection parameters, service features, charging information, pipeline information, or terminal user information obtained during service delivery.
management 7. Destroy all related customer data after the project delivery is completed. Data to be destroyed includes the BTS engineering parameter table and network parameter design, network
planning, network optimization, monitoring, network evaluation, acceptance, and network performance improvement reports. Destruction of the data must be confirmed with Huawei
delivery project manager.
8. Clean up all temporary work content (such as intermediate data and login accounts) used during an onsite service. If temporary must be preserved for follow-up work, obtain written
approval from the customer.
9. Obtain customer authorization before transferring sensitive spare parts out of the corresponding area. If the customer requests to retain associated data, specify this on the fault card or
obtain a written disclaimer.
10. Ensure compliance with applicable laws and regulations on cross-border data transfer (if cross-border transfer of customer data is involved), and obtain authorization for cross-border
transfer from the customer data provider.

1. Perform antivirus scanning before connecting any computer not provided by the customer to the customer network.
2. Ensure operating system patches and virus definitions of the work computer up-to-date.
3. Configure full virus scan on the work computer to run periodically (at least once a month). If a virus is detected or suspected on the work computer or storage medium, do not connect the
computer to the customer's network.
4. Set a system password and screen lock password on the work computer. The passwords should contain at least 8 characters, including digits, upper- and lower-case letters, and special
Terminal
characters. The screen must be configured to automatically lock within 10 minutes of inactivity.
security
5. Do not use the work computer for non-work-related purposes, such as social networking and games, and do not use a personal computer for work purposes.
In the managed service scenario:
1. Do not use non-GNOC production terminals to access the GNOC production network.
2. Do not connect personal portable devices or storage media (such as mobile phones, rewritable CDs, USB flash drives, and removable hard disks) to GNOC production terminals.
3. Do not connect GNOC terminals to the GNOC production network and Huawei office network at the same time.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 10

Huawei's Basic Cyber Security Requirements for Subcontractor Employees (3/3)
Business
Cyber Security Requirements
Activity

1. Do not connect personal portable devices or storage media (for example, mobile phones, rewritable CDs, USB drives, or portable hard drives) to a
customer network without customer approval. If such a connection is necessary, the devices and media must be scanned using the latest virus
definitions to ensure that they do not carry any virus or Trojan.
2. Perform remote access only if approved by the customer or Huawei.
3. Obtain written authorization from the customer and specify the authorization scope and time limit before performing remote access.
4. State the scope, purpose, and security measures to and obtain written authorization from the customer if customer network information needs to be
collected during troubleshooting.
5. Request the customer to close the remote service environment on the device side after the remote service is completed. This includes terminating the
Accessing
remote service connection and the remote service software, and changing the password used during the remote service.
customer
6. Delete the data and information obtained from the customer network after the remote service is completed. If the data needs to be stored, obtain
networks
customer authorization in writing.
7. Access the customer network through the remote access platform managed by the customer, and strictly comply with the management requirements of
the customer.
In the managed service scenario:
1. Access the customer's network only through the Citrix system.
2. Use only dedicated work computers to access the GNOC private network.
3. If the FO/BO of GNOC/RNOC/LNOC leaves the country where GNOC/RNOC/LNOC is located, they are not allowed to remotely connect to the
customer network through the GNOC/RNOC/LNOC network.

Product 1. If the product software needs to be upgraded, select the correct software version based on the software version planning. The software version must be
software and downloaded from http://support.huawei.com or the software specified in the subcontract. If the software cannot be downloaded from the support
tool software website, contact Huawei engineers.
management 2. Obtain tools and software used in routine services only through official channels. If the tools cannot be obtained, contact Huawei engineers.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 11

Huawei's Basic Personal Privacy Protection Requirements for Subcontractor
Employees
1. Purpose limitation: Strictly follow the personal data collection purpose in the customer authorization letter and do not use the data for
other purposes.

2. Usage scope: Use the collected personal data only within the authorized scope and do not spread or use it for other purposes. If the data
needs to be transferred to a third party, obtain written authorization from the customer.

3. Content of authorization: If personal data needs to be transferred out of the customer's network, the customer's authorization must
include, at the minimum, the purposes of processing personal data and the types of personal data.

4. Data backup: Confirm with the customer about the backup mode of personal data before transferring such data.

5. Cross-border transfer: Follow relevant processes based on local, national, and regional data transfer requirements before transferring
personal user data across borders to ensure that the cross-border transfer complies with local laws. For example, obtain customer
authorization or a signed data transfer agreement. Transmissions of sensitive personal data must be encrypted or anonymized.

6. Encryption and anonymization: Anonymize personal data contained in traffic statistics collected from customer networks and encrypt or
anonymize sensitive personal data.

7. Deletion: Delete personal data from personal computers/storage media after personal data processing and business purposes are fulfilled,
and confirm the deletion result with the customer and Huawei.

8. VIP data processing: Do not spread or disclose personal data involved in VIP experience tracking, VIP problem handling, and VIP area
network optimization in network optimization delivery, and ensure such data is used only within the specified scope.

9. Processing of service-layer data of data centers: Do not copy, retain, or spread without permission any information (such as emails,
official documents, salaries, and personnel information) involved in data transfer and maintenance during the processing of the service-
layer data of a data center.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 12

 Key Points of Cyber Security Service Delivery
Cyber security redline requirements are mandatory and prevail if they conflict with
services.
Scenario No. Cyber Security Requirements
1 Customer authorization must be obtained. Do not access the customer network without the written permission of Huawei's project owner and the customer.

2 Monitor the account usage. Do not use other accounts or unauthorized accounts to log in to customer devices.
Accessing customer
networks 3 Exercise caution in remote access. Do not access the customer network remotely without the written authorization of Huawei's project owner and the customer.
Virus scanning and removal must be performed. Use the specified antivirus software to scan for and remove viruses before connecting a computer, communication terminal, or storage
4
medium to a customer network.
Customer authorization is mandatory. Do not install or use any software on the customer's network without written authorization from Huawei's project owner and the customer. Do not
5 collect customer network data without written authorization from Huawei's project owner and the customer. Do not perform any operations beyond the scope approved by Huawei's project
owner and the customer.
The software and tools must be from authorized channels. Obtain software versions, patches, licenses, and tools only from authorized channels, such as the support website, the
6 package delivered with the equipment, and those specified in the subcontracts or by the customer. Do not use software versions, patches, licenses, or tools from unauthorized channels. For
solution scenarios, refer to the solution mapping table for details.
Exercise caution when performing operations on third-party devices. Do not operate devices from other vendors in the customer's equipment room. Handle the third-party equipment
7 according to the responsibility matrix. Do not operate or change the third-party equipment without permission. During migration, third-party devices that contain storage media must be
handled as required by the customer.
Performing operations The installation and commissioning must be performed as required. Do not download or install patches or plug-ins from open-source communities or change product configuration
8
on customer networks parameters without permission. In data migration scenarios, do not install operating system software, patches, or other software that is not authorized by the customer.
Do not transfer data to China without permission. Do not send data (including personal data) in the customer's network to China without written authorization from the customer. In
sensitive countries, personal data cannot be transferred to China even if authorization is obtained from the customer. Ensure the security of data transfer (do not spread the data to
9
unnecessary personnel, ensure the security of transmission channels, and keep the physical media safe). After the tasks are complete, destroy the data and notify Huawei and the customer
of the data destruction in writing. Do not back up such data for archiving.
The original data must be backed up before change operations. Do not perform any change operation on the service systems on live network before the customer confirms in writing
10
that related service systems have been backed up.
The account and password must be kept confidential. Do not spread or use a shared account and password without the written authorization of Huawei's project owner and the
11
customer.
12 Do not compromise the customer's network. Do not attack or damage the customer's network or attempt to crack the password of the customer's account.
Do not take customer data. Do not remove from site any equipment or storage medium that contains customer network data (including personal data) without obtaining written
13
authorization from Huawei's project owner and the customer.
Do not leak customer's data. Do not leak or disseminate data or information (such as networking and technical solutions, configuration parameters, and customer data) on the customer's
14
Leaving customer network.
networks Project documents must be handed over. Archive and submit all documents, customer authorization letters, and high-risk operation records in a project to the Huawei owner for retention,
15
backup, and straightforward investigation and backtracking.
Accounts must be handed over. Hand over and then delete the administrator account and other unauthorized accounts after devices are put into commercial use or enter the
16
maintenance phase.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 13

Cyber Security Case 1: Unauthorized Operation

 Company A sent engineer Z to solve a problem.

Case  Engineer Z was unable to reproduce the fault and therefore could not identify the root cause or fix the fault. Two
Description
weeks later, the fault occurred again. Believing that the fault symptom might disappear at any time, engineer Z
logged in to the customer network, collected related data, and fixed the fault without customer authorization.

Customer  The customer believed that the unauthorized operations were a violation of its assets and might cause result in
Response
personal data leakage and privacy violation, and was unhappy with the behavior of engineer Z.

 The customer's equipment and network are assets belonging to the customer. Before any operations can be
Lessons & performed on these assets, authorization must be obtained from the customer.
Requirements
 Customer authorization must be in writing, for example, an email and service application approved by the
customer.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 14

Cyber Security Case 2: Noncompliant Usage of Accounts and Passwords

 During a project, the personnel of company B changed frequently. It took a long time for the customer to grant
Case
Description approvals. Therefore, new employees in company B used accounts of other employees to perform network operations.

Customer  The customer considered that company B was unprofessional in terms of cyber security awareness and lost trust in
Response
company B.

Do not disclose accounts and passwords on customer networks.

Lessons &
Requirements Do not share accounts, use other people's accounts, or use unauthorized accounts.
After devices are put into commercial use or enter the maintenance phase, hand over and then delete the administrator
account and other unauthorized accounts.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 15

Cyber Security Case 3: Use of Unauthorized Tools

Case  An employee of company C used an untested software tool downloaded from the Internet. The tool caused incorrect
Description configurations at the closing states of commissioning, leading to a network outage.

Customer
Response  Multiple base stations were interrupted for hours, leaving the customer very displeased.

 Software and tools obtained from unofficial channels have not been tested or verified and may

Lessons &
contain malicious backdoors, causing cyber security risks.
Requirements
 Use only the software and tools provided by Huawei or customers or released by channels specified
in subcontracts.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 16

Cyber Security Case 4: Connecting a Virus Infected Computer to a Customer
Network

Case
 An employee of company D did not remove viruses on a laptop before connecting it to a customer network. The
Description customer's security center discovered a large number of unexpected outgoing packets because the laptop had been
infected with a worm.

Customer  The incident attracted the attention of the customer's executives. The security center required company D to
Response
improve cyber security.

Lessons &
Requirements  Manually scan for and remove viruses before connecting a laptop or storage medium to a customer network.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 17

Privacy Protection Case 1: Criminal Liability for Illegal Acquisition of Personal
Data

A lawyer of xxx Law Firm in country U, when leaving the company, sent some documents (including the

Case
work list, case notes, and legal document templates) to his/her mailbox without the company's consent.
Description
The documents contain information about the lawsuits of more than 100 people (sensitive personal
data).

Consequence The defendant violated Article 55 of the Personal Data Protection Act of country U, resulting in a criminal
offense and fine.

In countries such as country U where great importance is attached to personal data protection, illegal
Lessons
acquisition of or access to personal data may constitute a criminal offense. The acquisition and use of
personal data must be lawful, and the personal data obtained from work should not be used for purposes
not stated by the company.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 18

Privacy Protection Case 2: Investigation by Multiple Countries for
Collecting Personal Information Without Permission
• In XX 20XX, it was disclosed that company G's camera-equipped street view cars used in a street view service project
collected non-encrypted wireless network data when shooting street views. The data including private email, Internet
access records, text information, and passwords.
Case
Description • According to reports from 20XX to 20XX, company G had collected about 600 GB of data transmitted through public
wireless networks from more than 30 countries, such as Country A.
• Engineer M of the company wrote a Wi-Fi sniffing program and embedded it into special equipment. During project
development, a large amount of non-encrypted personal data was collected using special devices.

• Starting at the end of 20XX, the Federal Communications Commission of Country A conducted a 17-month investigation
on Company G.
Consequence • Multiple countries have launched an investigation on the "street view" service project of company G, requiring company
G to destroy the sensitive information collected by the street view cars.
• Investigations worldwide have severely damaged company G's reputation.

Lessons • Company G collected personal privacy data, regardless of whether the data had been spread or used for commercial
purposes. This poses a threat to the privacy security of multiple countries.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 19

Privacy Protection Case 3: Failing to Take Security Measures
or Send Notififications After Privacy Breach

• On XX XX, 20XX, hackers gained access to the data servers of company S in country A and stole personal information,
Case including the name, address, birthday, login name, and password information of 77 million cloud service network users
Description in 57 countries and regions. The credit card accounts of 10 million users were also stolen.
• Company S closed the website after the incident, but did not disclose the information to the public until a week later.

• On XX XX, 20XX, ICO, the data protection organization of country U, imposed a penalty of US $500,000 (the
Consequence
maximum penalty that the ICO could impose) on subsidiary S in country U.

• No appropriate technical measures, such as encrypted storage of user passwords, were taken to protect
user data.
Lessons • The company's system remains vulnerable to attacks.
• After a data breach occurred, the company did not notify users of the breach so that they could take
measures to prevent further losses.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 20

Contents

01 Overview of Cyber Security & User Privacy Protection

02 Huawei's Cyber Security & User Privacy Protection Requirements for Subcontractor Employees

03 Feedback and Help

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 21

Feedback and Help for Cyber Security & Privacy Protection Issues

 During project construction, subcontractors should strictly comply with related product security
specifications and cooperate during Huawei inspections. Any identified issues should be solved
immediately.

 During project construction, if a subcontractor's employee is not aware of the cyber security or
user privacy protection requirements, especially if live network operations or data collection and
storage are involved, the construction must be suspended and the supervisor of the Huawei
project team informed. The construction can recommence only after the employee is fully
aware of related requirements. Contact the Huawei project manager if the supervisor is
unknown.

 If a cyber security or user privacy incident, such as network service interruption, hacker attack,
or virus infection, occurs during construction, immediately inform the Huawei project team
supervisor of the event or contact the Huawei project manager directly.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 22

 Thank you
www.huawei.com

Copyright©2011 Huawei Technologies Co., Ltd. All Rights Reserved.

The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and
operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and
developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for
reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.