Email
Western Media Took Gold in Evidence-Free Allegations of Chinese Olympic Spying
| From | FAIR <[email protected]> |
| Subject | Western Media Took Gold in Evidence-Free Allegations of Chinese Olympic Spying |
| Date | March 9, 2022 4:01 PM |
Links have been removed from this email. Learn more in the FAQ.
Links have been removed from this email. Learn more in the FAQ.
[link removed]
FAIR
View article on FAIR's website ([link removed])
Western Media Took Gold in Evidence-Free Allegations of Chinese Olympic Spying Joshua Cho ([link removed])
WaPo: ‘China will be China’: Why journalists are taking burner phones to the Beijing Olympics
The Washington Post's headline (1/20/22 ([link removed]) ) seems to sum up why Western journalists saw no need to factcheck claims of Chinese cyberespionage at the Beijing Olympics.
A persistent trope in Western media coverage of China is the claim that Chinese technology is inherently compromised and used as a nefarious tool by Beijing to spy on unwitting foreigners. However, when one actually looks for evidence behind these claims or innuendos, one often finds unsubstantiated speculation.
Before the 2022 Beijing Winter Olympics began, there was a spate of reports alleging that China could be spying on visiting athletes and journalists. The reports had a sinister tone, implying to Western audiences that China was trying to collect private information for malicious purposes:
* Quartz (1/20/22 ([link removed]) ): “Beijing Winter Olympics Athletes Have Every Reason to Worry About Their Cybersecurity”
* BBC (1/18/22 ([link removed]) ): “Winter Olympics: Athletes Advised to Use Burner Phones in Beijing”
* New York Times (1/18/22 ([link removed]) ): “Security Flaws Seen in China’s Mandatory Olympics App for Athletes”
* CNN (2/1/22 ([link removed]) ): “FBI Urges Olympic Athletes to Leave Personal Phones at Home Ahead of Beijing Games”
* Daily Mail (1/31/22 ([link removed]) ): “Over 1,000 Athletes and Coaches Are Using 'Burner' Phones at the Winter Olympics Because the Chinese State Has 'Crazy, Scary' Spying Tech that Monitors Calls, Reads Texts, Tracks Movements and Can Spot 'Illegal' Words in Private Conversations"
* Washington Post (1/20/22 ([link removed]) ): “‘China Will Be China’: Why Journalists Are Taking Burner Phones to the Beijing Olympics”
** Creating an anaconda
------------------------------------------------------------
Yahoo!: China is watching: Olympians go to great lengths to avoid stolen data at 2022 Games
Yahoo! Sports (2/5/22 ([link removed]) ) closed its article on cyberespionage at the Olympics with an analyst who compared China to an anaconda: "It doesn't need to bite you. It doesn't need to spit venom at you. But your behavior will change simply because you know that it exists.”
Yahoo! Sports (2/5/22 ([link removed]) ) reported on a tech advisory the US Olympic Committee distributed to sports federations that discouraged athletes from bringing their personal smartphones to Beijing. “There should be no expectation of data security or privacy while operating in China,” the advisory warned, a message echoed by other Western national Olympics committees. Yahoo! cited numerous Western officials and cybersecurity experts who claimed that broader fears of Chinese cyberespionage are “absolutely rational,” setting the stage for what Yahoo! called the “Paranoia Olympics.”
Yahoo! cited a number of Western cybersecurity experts raising concerns for Olympic athletes:
Their worries stem from a variety of sources, from analleged technical flaw in an app that all Olympics participants must download ([link removed]) to broader anti-China hysteria; fromTwitter threads claiming to prove ([link removed]) that “all Olympian audio is being collected, analyzed and saved on Chinese servers,” to genuine fears about the Chinese government’s ability and willingness to steal sensitive information and use it.
Yahoo!’s report cited supposed China experts’ explanation for how the Chinese government doesn’t even need to conduct cyberespionage to deter athletes from causing disturbances:
It’s a version of what Sinologist Perry Link once termed “The Anaconda in the Chandelier ([link removed]) .” It’s a metaphor “used to describe how the Chinese government controls dissent and speech,” explainedNeil Thomas ([link removed]) , a China analyst at the Eurasia Group. “It basically sits there as a huge anaconda in the chandelier of a room.... It doesn't need to do anything, this anaconda. It just needs to be there. It doesn't need to bite you. It doesn't need to spit venom at you. But your behavior will change simply because you know that it exists.”
This raises the question: If China merely convincing athletes that it might conduct cyberespionage on them is sufficient to control their behavior, and prevent them from bringing up topics that “might trigger the Chinese government,” then wouldn’t unsubstantiated Western media allegations of a Chinese surveillance program on foreign delegations serve the same function as the supposed Chinese anaconda--regardless of whether such a program exists?
** Citizen Lab’s findings
------------------------------------------------------------
DW: DW exclusive: Cybersecurity flaws leave Olympians at risk with Beijing 2022 app
Deutsche Welle (1/18/22 ([link removed]) ) set the tone for coverage of Citizen Lab's report on the Beijing Olympics app.
Is there evidence of a Chinese surveillance program on foreign delegations? Many Western media reports (e.g., BBC, 1/18/22 ([link removed]) ; CBC, 1/18/22 ([link removed]) ; New York Times, 1/18/22 ([link removed]) ) on China’s supposed cyberespionage efforts against foreign delegations to the Olympics can be sourced back to a report by the University of Toronto’s Citizen Lab ([link removed]) , a cybersecurity research center best known for identifying government-authorized spyware on phones belonging to human rights activists and journalists, which was first reported by German state media outlet Deutsche Welle (1/18/22 ([link removed]) ).
DW reported on some of Citizen Lab’s findings, noting that athletes, coaches, reporters and sports officials, as well as local staff, were required to put “personal information” like passport data and flight information, as well as sensitive medical information related to possible Covid-19 symptoms, onto either the My 2022 app used for the Beijing Olympics or the Olympics' website:
The app's SSL certificates—which are supposed to ensure that data traffic is only exchanged between trustworthy devices and servers—are not validated, meaning that the app has a serious encryption vulnerability. As a result, the app could be deceived into connecting with a malicious host, allowing information to be intercepted, or even malicious data to be sent back to the app.
Citizen Lab researcher Jeffrey Knockel says he found the vulnerability not only regarding health data, but also with other important services in the app. This includes the app service that processes all file attachments as well as transmitted voice audio.... The expert says he also discovered that for some services, data traffic in the app is not encrypted at all. This means that the metadata of the app's own chat service can easily be read by hackers.
It also found that the app had an inactivated “censorship keyword list,” a “reporting function that allows users to report other users if they consider a chat message to be dangerous or dubious.” One option that could have been chosen (had the function been turned on) was “‘politically sensitive content,’ a phrase that is typically used in China to describe censored topics.”
DW reported that Citizen Lab confidentially reported these findings to the Beijing Organizing Committee on December 3, 2021. Citizen Lab’s cybersecurity experts, the news article said, conducted an audit on January 17 that found that “no changes were made to address the concerns raised over security vulnerabilities and the list of ‘illegal words.’”
** 'A simpler explanation'
------------------------------------------------------------
Citizen Lab screenshots of the My2022 app
Citizen Lab (1/18/22 ([link removed]) ) found that the My 2022 app's "widespread lack of security is less likely to be the result of a vast government conspiracy but rather the result of a simpler explanation such as differing priorities for software developers in China."
However, when one actually reads the full Citizen Lab report ([link removed]) (1/18/22 ([link removed]) ) that DW and other Western media outlets selectively cited, one quickly discovers that this reporting contained significant omissions that made My 2022’s alleged vulnerabilities seem more malicious and deliberate than they were described in the original report.
For example, Citizen Lab’s report claims that while it’s “reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence,” it also argues that “the case for the Chinese government sabotaging My 2022’s encryption is problematic” for several reasons:
For instance, the most sensitive information being handled by this app is submitted in health customs forms, but this information is already being directly submitted to the government, and thus there would be little instrumental rationality in the government intercepting their own data, as weaknesses in the encryption of the transmission of this information would only aid other parties. While it is possible that weakness in the encryption of health customs information was collateral damage from the intentional weakening of the encryption of other types of data that the Chinese government would have an interest in intercepting, our prior work suggests that insufficient protection of user data is endemic to the Chinese app ecosystem. While some work has ascribed intentionality to poor software security discovered in Chinese apps, we believe that such a widespread lack of security is less likely to be the result of a vast government conspiracy but rather the result of a simpler explanation,
such as differing priorities for software developers in China.
In other words, Citizen Lab offered plausible reasons for why My 2022’s developers left alleged security vulnerabilities to enhance functionality that have nothing to do with a malicious Chinese government conspiracy to spy on foreign delegations. Citizen Lab also pointed out that the most sensitive information about athletes would already be directly submitted to the Chinese government for Covid containment purposes, so there would be little point in using My 2022 for espionage purposes.
Ultimately, Citizen Lab concluded:
While we found glaring and easily discoverable security issues with the way that My 2022 performs encryption, we have also observed similar issues in Chinese-developed Zoom, as well as the most popular Chinese Web browsers. My 2022’s functionality to report other users for “politically sensitive” expression is common in other Chinese apps, and, while we found bundled a list of censorship keyword terms capable of stifling political expression, such lists are near ubiquitous in Chinese chat apps, live streaming apps, mobile games and even open source software. In light of previous work analyzing popular Chinese apps, our findings concerning MY2022 are, while concerning, not surprising.
Citizen Lab’s arguments and conclusions undermine the conspiratorial tone in Western media coverage, which might be why they were omitted, with the opposite impression conveyed through cherry-picked quotes. Outlets like the CBC (1/18/22 ([link removed]) ), Quartz (1/20/22 ([link removed]) ) and the Washington Post (1/20/22 ([link removed]) ) focused on Citizen Lab’s “worst case scenarios” of all internet traffic potentially being intercepted, warning people to “pack burner digital devices” to evade the “‘devastating flaw’ that could expose users’ medical and passport information.”
Aside from a few exceptions like the Associated Press (1/18/22 ([link removed]) ), which correctly noted there “was no evidence that the easily discoverable security flaws in the MY2022 app were placed intentionally by the Chinese government,” the Chinese state media outlet CGTN (1/28/22 ([link removed]) ) offered more nuanced reporting, citing the major thrust of Citizen Lab’s conclusions that were omitted from most Western media accounts, where they would have contradicted the lurid narrative.
** 'Two software patches ago'
------------------------------------------------------------
There is one apparent error in Citizen Lab’s report. The group calls My 2022 “an app required to be installed ([link removed]) by all attendees to the 2022 Olympic Games,” a claim repeated in Western media reports on My 2022’s alleged vulnerabilities. The link provided leads to a report by Fortune (12/7/22 ([link removed]) ) that states attendees are “mandated to download a health app called ‘My 2022’ to input personal information and health records,” with no source provided to substantiate this claim.
But the International Olympics Committee (IOC) has directly refuted ([link removed]) this claim, noting that it is not mandatory for attendees to download the app, and that the app’s settings can be configured to disable access to “‘files and media, calendar, camera, contacts,’ as well as a user's location, their phone and their phone's microphone.” The IOC has also noted ([link removed]) that the app has been validated by Apple’s App Store and the Google Play Store, in addition to passing two independent assessments by cybersecurity testing organizations that found “no critical vulnerabilities.”
NBC: Experts warn Olympics participants: China doesn't need an app to spy
NBC (2/8/22 ([link removed]) ) debunked the My 2022 scare stories--but still warned Olympians to be afraid.
Later, in early February, Citizen Lab (NBC, 2/8/22 ([link removed]) ) noted its concerns about My 2022 were addressed “several weeks and two software patches ago,” after the developers reached out after the initial paper was published and sought advice on how to fix the identified problems. All of this indicates that there is no basis for the claim My 2022 was used by the Chinese government to spy on foreign delegations.
However, NBC argued that “focusing on that single smartphone app is a red herring” in “the context of China’s larger appetite for the personal data of people around the world.” It provided no evidence of China’s alleged appetite for the personal data of people outside its borders, instead relying on resurgent Yellow Peril hysteria in Western countries to suggest that it must be true.
Another claim about My 2022 that has gone viral on social media, spread by popular podcast host Joe Rogan ([link removed]) and Washington Post columnist Josh Rogin ([link removed]) , is the allegation that the app constantly records audio ([link removed]) on users’ phones ([link removed]) . This was debunked by numerous experts ([link removed]) , like Will Strafach ([link removed]) , the creator of an iPhone app that blocks location trackers, who looked at My 2022’s code and found that there was nothing beyond an overt translation function that could activate the phone’s
microphone.
** More evidence-free espionage claims
------------------------------------------------------------
Business Insider: Everything you need to know about Huawei, the Chinese tech giant accused of spying that the US just banned from doing business in America
Business Insider (3/16/19 ([link removed]) ): "The US has upped its fight in the last year against Huawei, which it suspects of spying for the Chinese government and posing a great risk to US national security."
The evidence-free allegations promoted by Western media about supposed Chinese cyberespionage at the Olympics fit into a larger pattern of claims that Chinese technology is inherently compromised and engineered to serve as spyware by the Chinese government.
Numerous headlines alleged that Huawei, a Chinese multinational tech corporation that created the world’s first 5G smartphone, was conducting espionage on behalf of the Chinese government:
* Forbes (2/26/19 ([link removed]) ): “Huawei Security Scandal: Everything You Need to Know”
* Fox (2/13/20 ([link removed]) ): “US Accuses Huawei of Spying on Mobile Phone Users”
* NBC (2/14/20 ([link removed]) ): “US Officials: Using Huawei Tech Opens Door to Chinese Spying, Censorship”
* Business Insider (3/16/19 ([link removed]) ): “Everything You Need to Know About Huawei, the Chinese Tech Giant Accused of Spying That the US Just Banned From Doing Business in America”
Huawei had been cleared of accusations of espionage as early as October 2012, after the White House ordered an 18-month review of security risks by suppliers to US telecommunications companies. The inquiry found no evidence that the company was an espionage asset, although predictable concerns about nebulous “security vulnerabilities” were raised (Reuters, 10/17/12 ([link removed]) ).
In more recent years, Australian officials ([link removed]) led the way in getting Western governments like the US to ban Huawei’s technology ([link removed]) on national security grounds, after conducting simulations on the offensive espionage potential of 5G technology (Sydney Morning Herald, 5/22/19 ([link removed]) ). However, when one reads past sensationalist headlines and looks for evidence that Huawei is conducting espionage on behalf of the Chinese government, one comes up dry.
For instance, the Wall Street Journal’s report headlined “US Officials Say Huawei Can Covertly Access Telecom Networks” (2/12/20 ([link removed]) ) cited anonymous US officials claiming that Huawei "can covertly access mobile-phone networks around the world through ‘backdoors’ designed for use by law enforcement.” When one reads further down, however, the Journal admitted that the officials “didn’t provide details of where they believe Huawei is able to do so,” and that they “declined to say” whether the US has observed Huawei taking advantage of these supposed backdoors.
This is consistent with the US government’s assumption that it doesn’t need to show proof of malicious activity by Huawei; it’s a Chinese company, and therefore could be ordered to install backdoors or share data with the Chinese government, despite denials by both Huawei and the Chinese government of those allegations (Wall Street Journal, 1/23/19 ([link removed]) ). In the absence of evidence, the US government has relied on asking foreign governments to shun Huawei’s technology based on speculative “what if” scenarios (Axios, 1/30/20 ([link removed]) ).
Critics of baseless US government accusations have argued that it wouldn’t make sense for China to jeopardize their own business interests by spying through Huawei’s technology, because the US and other Western countries are China’s best customers, aside from its domestic market, and it would be catastrophic if espionage were ever discovered (ZDNet, 5/20/19 ([link removed]) ). This might be why Huawei has stated they are willing to sign “no spy” agreements to reassure suspicious governments that there are no backdoors in their technology (BBC, 5/19/19 ([link removed]) ).
But one doesn’t need to take Huawei or the Chinese government’s word for it, as other Western governments have confirmed there is no evidence for the US government’s allegations. The British National Cyber Security Centre (NCSC) reported that they haven’t seen any evidence of malicious activity by Huawei, contradicting evidence-free US government allegations ([link removed]) (Reuters, 2/20/19 ([link removed]) ).
Although German spy chief Bruno Kahl claimed that Huawei “can’t be fully trusted ([link removed]) ,” he didn’t cite any evidence of malicious activity by Huawei, and the head of Germany’s IT watchdog (Federal Office for Information Security), Arne Schönbohm, stated they had “no evidence” of Huawei conducting espionage (The Local, 12/16/18 ([link removed]) ). France’s cybersecurity chief, Guillaume Poupard, the head of the national cybersecurity agency ANSSI, stated that “there is no Huawei smoking gun as of today in Europe” (South China Morning Post, 1/31/20 ([link removed]) ).
** 'Is TikTok Spying on You?'
------------------------------------------------------------
CBS: How TikTok could be used for disinformation and espionage
Because of TikTok, a Heritage Foundation analyst told CBS (11/15/20 ([link removed]) ), if China "were to try and source a human-intelligence asset, well, they know the exact type of legend or profile that they need to have."
Other speculative headlines about Chinese cyberespionage revolved around the popular social media app TikTok:
* Washington Post (7/13/20 ([link removed]) ): “Is it Time to Delete TikTok? A Guide to the Rumors and the Real Privacy Risks.”
* Forbes (7/25/20 ([link removed]) ): “Is TikTok Spying on You For China?”
* Bloomberg (5/13/21 ([link removed]) ): “A Push-Up Contest on TikTok Exposed a Great Cyberespionage Threat”
* CBS (11/15/20 ([link removed]) ): “How TikTok Could Be Used for Disinformation and Espionage”
Although these headlines suggest that the Chinese government is using the video sharing platform to spy on users, when one actually reads these reports, it becomes apparent that there is no evidence that TikTok takes more data from users than other social media apps like Facebook, or that it shares that data with the Chinese government.
CBS (11/15/20 ([link removed]) ) cited numerous claims from experts they contacted about how China could potentially share data with the Chinese government or “push disinformation” through the “For You” page on the app that recommends videos--though it doesn’t mention a single instance where TikTok actually did such those things. Forbes (7/25/20 ([link removed]) ) admitted that despite “all the talk, there is no solid proof that TikTok sends any data to China, there is no solid proof that any information is pulled from users’ devices over and above the prying data grabs typical of all social media platforms.” Although Bloomberg (5/13/21 ([link removed]) ) stated that claims of cyberespionage are difficult to
verify, it acknowledged there’s “no publicly available evidence that TikTok has passed American data to Chinese officials.” The Washington Post (7/13/20 ([link removed]) ) concluded that “TikTok doesn’t appear to grab any more personal information than Facebook,” and there is “scant evidence that TikTok is sharing our data with China.”
Critics of the insinuations ([link removed]) used by US government officials to try to ban TikTok on national security grounds have argued that “TikTok isnot fundamentally different from other social media platforms ([link removed]) ,” as DW editor Fabian Schmidt (8/8/20 ([link removed]) ) put it. It is of “no importance in the end who runs the platforms where people choose to put themselves on stage,” Schmidt argued, since the users themselves are “primarily responsible for protecting their own data on social media.”
However, people need not take TikTok’s word that it is not spying on behalf of the Chinese government, as groups from Citizen Lab to the CIA have concluded that there’s no evidence that Beijing has intercepted data or used the app to access users’ devices (South China Morning Post, 3/23/21 ([link removed]) ; New York Times, 8/7/20 ([link removed]) ).
These accusations of Chinese hardware and software conducting espionage on foreigners on behalf of the Chinese government are ironic, since there is more evidence of the US government spying on Huawei ([link removed]) , and using Huawei’s technology ([link removed]) to spy on others, than there is of Huawei spying for the Chinese government. And Washington has been caught inserting secret backdoors on US hardware and embedding software on mobile apps to spy on and keep track of people’s movements, while the NSA spies on Americans and people abroad operating on a “collect it all ([link removed]) ” ethos (Der Spiegel, 12/29/13 ([link removed]) ; Wall Street Journal, 8/7/20
([link removed]) ).
** Motives to sully Chinese tech
------------------------------------------------------------
Breakthrough News: Why They’re Telling You to Fear China All of a Sudden
Breakthrough News (10/28/20 ([link removed]) ): "China hysteria has become a weapon of mass distraction for the US political establishment."
Journalist Vijay Prashad (Breakthrough News, 10/28/20 ([link removed]) ) has pointed out that the US information war on China ([link removed]) has intensified in recent years, as China’s technology industry has either become a peer competitor to or surpassed the US in certain sectors. Huawei once surpassed Apple ([link removed]) as the second-largest smartphone maker in 2018, and TikTok is one of the most popular social media apps ([link removed]) in the US.
Similar Yellow Peril propaganda campaigns ([link removed]) were waged by the US against Japan in the 1980s, with familiar tropes ([link removed]) of alleged unfair trading practices ([link removed]) when Americans were anxious regarding Japan’s rising economy as a peer competitor, noting their dominance in exporting technology like cars, computers and semiconductors. Japan's economy is widely believed ([link removed]) to have been sabotaged ([link removed]) by the 1985 Plaza Accord ([link removed]) Tokyo was pressured to sign by the US.
Despite racist insinuations that China isn't capable of innovating ([link removed]) and claims that its success stems primarily from stealing intellectual property ([link removed]) from the US, China is now in the lead regarding 5G (and potentially 6G mobile technology ([link removed]) ) and artificial intelligence ([link removed]) , and has had a lead over the US in global patent filings ([link removed]) since 2019. China's status as a competitor to the US and emerging leader in the tech industry has even led US Secretary of
Commerce Gina Raimondo to say that the US and Europe should work together to "slow down China's rate of innovation" (CNBC, 9/28/21 ([link removed]) ).
But whereas other East Asian countries like South Korea ([link removed]) and Japan ([link removed]) are politically subordinate to the US, in addition to having much smaller economies, China is politically independent of the US, and has already surpassed the US’s GDP ([link removed]) when measured in purchasing power parity terms. Western corporate media thus have less incentives to vilify those countries compared to China, since they will not be independent countries capable of rivaling the US anytime soon.
It is admittedly possible that the Chinese government is lying about not trying to conduct cyberespionage on foreign delegations at the Olympics, or spying on people through Huawei’s technology and social media platforms like TikTok. But Western media insistence on potential cyberespionage hazards are accusations without evidence. The US’s hybrid war on China includes diplomatically isolating ([link removed]) it in world events like the Olympics, and unsubstantiated allegations of nebulous security vulnerabilities can be used to smear and sabotage China’s increasingly competitive tech industry as well.
Read more ([link removed])
Share this post: <a rel="nofollow" target="_blank" href="[link removed]" title="Twitter"><img border="0" height="15" width="15" src="[link removed]" title="Twitter" alt="Twitter" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="Facebook"><img border="0" height="15" width="15" src="[link removed]" title="Facebook" alt="Facebook" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="Pinterest"><img border="0" height="15" width="15" src="[link removed]" title="Pinterest" alt="Pinterest" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="LinkedIn"><img border="0" height="15" width="15" src="[link removed]" title="LinkedIn" alt="LinkedIn" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="Google Plus"><img border="0" height="15" width="15" src="[link removed]" title="Google Plus" alt="Google Plus" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="Instapaper"><img border="0" height="15" width="15" src="[link removed]" title="Instapaper" alt="Instapaper" class="mc-share"></a>
© 2021 Fairness & Accuracy in Reporting. All rights reserved.
You are receiving this email because you signed up for email alerts from
Fairness & Accuracy in Reporting
Our mailing address is:
FAIRNESS & ACCURACY IN REPORTING
124 W. 30th Street, Suite 201
New York, NY 10001
FAIR's Website ([link removed])
FAIR counts on your support to do this work — please donate today ([link removed]) .
Follow us on Twitter ([link removed]) | Friend us on Facebook ([link removed])
change your preferences ([link removed])
Email Marketing Powered by Mailchimp
[link removed]
unsubscribe ([link removed]) .
FAIR
View article on FAIR's website ([link removed])
Western Media Took Gold in Evidence-Free Allegations of Chinese Olympic Spying Joshua Cho ([link removed])
WaPo: ‘China will be China’: Why journalists are taking burner phones to the Beijing Olympics
The Washington Post's headline (1/20/22 ([link removed]) ) seems to sum up why Western journalists saw no need to factcheck claims of Chinese cyberespionage at the Beijing Olympics.
A persistent trope in Western media coverage of China is the claim that Chinese technology is inherently compromised and used as a nefarious tool by Beijing to spy on unwitting foreigners. However, when one actually looks for evidence behind these claims or innuendos, one often finds unsubstantiated speculation.
Before the 2022 Beijing Winter Olympics began, there was a spate of reports alleging that China could be spying on visiting athletes and journalists. The reports had a sinister tone, implying to Western audiences that China was trying to collect private information for malicious purposes:
* Quartz (1/20/22 ([link removed]) ): “Beijing Winter Olympics Athletes Have Every Reason to Worry About Their Cybersecurity”
* BBC (1/18/22 ([link removed]) ): “Winter Olympics: Athletes Advised to Use Burner Phones in Beijing”
* New York Times (1/18/22 ([link removed]) ): “Security Flaws Seen in China’s Mandatory Olympics App for Athletes”
* CNN (2/1/22 ([link removed]) ): “FBI Urges Olympic Athletes to Leave Personal Phones at Home Ahead of Beijing Games”
* Daily Mail (1/31/22 ([link removed]) ): “Over 1,000 Athletes and Coaches Are Using 'Burner' Phones at the Winter Olympics Because the Chinese State Has 'Crazy, Scary' Spying Tech that Monitors Calls, Reads Texts, Tracks Movements and Can Spot 'Illegal' Words in Private Conversations"
* Washington Post (1/20/22 ([link removed]) ): “‘China Will Be China’: Why Journalists Are Taking Burner Phones to the Beijing Olympics”
** Creating an anaconda
------------------------------------------------------------
Yahoo!: China is watching: Olympians go to great lengths to avoid stolen data at 2022 Games
Yahoo! Sports (2/5/22 ([link removed]) ) closed its article on cyberespionage at the Olympics with an analyst who compared China to an anaconda: "It doesn't need to bite you. It doesn't need to spit venom at you. But your behavior will change simply because you know that it exists.”
Yahoo! Sports (2/5/22 ([link removed]) ) reported on a tech advisory the US Olympic Committee distributed to sports federations that discouraged athletes from bringing their personal smartphones to Beijing. “There should be no expectation of data security or privacy while operating in China,” the advisory warned, a message echoed by other Western national Olympics committees. Yahoo! cited numerous Western officials and cybersecurity experts who claimed that broader fears of Chinese cyberespionage are “absolutely rational,” setting the stage for what Yahoo! called the “Paranoia Olympics.”
Yahoo! cited a number of Western cybersecurity experts raising concerns for Olympic athletes:
Their worries stem from a variety of sources, from analleged technical flaw in an app that all Olympics participants must download ([link removed]) to broader anti-China hysteria; fromTwitter threads claiming to prove ([link removed]) that “all Olympian audio is being collected, analyzed and saved on Chinese servers,” to genuine fears about the Chinese government’s ability and willingness to steal sensitive information and use it.
Yahoo!’s report cited supposed China experts’ explanation for how the Chinese government doesn’t even need to conduct cyberespionage to deter athletes from causing disturbances:
It’s a version of what Sinologist Perry Link once termed “The Anaconda in the Chandelier ([link removed]) .” It’s a metaphor “used to describe how the Chinese government controls dissent and speech,” explainedNeil Thomas ([link removed]) , a China analyst at the Eurasia Group. “It basically sits there as a huge anaconda in the chandelier of a room.... It doesn't need to do anything, this anaconda. It just needs to be there. It doesn't need to bite you. It doesn't need to spit venom at you. But your behavior will change simply because you know that it exists.”
This raises the question: If China merely convincing athletes that it might conduct cyberespionage on them is sufficient to control their behavior, and prevent them from bringing up topics that “might trigger the Chinese government,” then wouldn’t unsubstantiated Western media allegations of a Chinese surveillance program on foreign delegations serve the same function as the supposed Chinese anaconda--regardless of whether such a program exists?
** Citizen Lab’s findings
------------------------------------------------------------
DW: DW exclusive: Cybersecurity flaws leave Olympians at risk with Beijing 2022 app
Deutsche Welle (1/18/22 ([link removed]) ) set the tone for coverage of Citizen Lab's report on the Beijing Olympics app.
Is there evidence of a Chinese surveillance program on foreign delegations? Many Western media reports (e.g., BBC, 1/18/22 ([link removed]) ; CBC, 1/18/22 ([link removed]) ; New York Times, 1/18/22 ([link removed]) ) on China’s supposed cyberespionage efforts against foreign delegations to the Olympics can be sourced back to a report by the University of Toronto’s Citizen Lab ([link removed]) , a cybersecurity research center best known for identifying government-authorized spyware on phones belonging to human rights activists and journalists, which was first reported by German state media outlet Deutsche Welle (1/18/22 ([link removed]) ).
DW reported on some of Citizen Lab’s findings, noting that athletes, coaches, reporters and sports officials, as well as local staff, were required to put “personal information” like passport data and flight information, as well as sensitive medical information related to possible Covid-19 symptoms, onto either the My 2022 app used for the Beijing Olympics or the Olympics' website:
The app's SSL certificates—which are supposed to ensure that data traffic is only exchanged between trustworthy devices and servers—are not validated, meaning that the app has a serious encryption vulnerability. As a result, the app could be deceived into connecting with a malicious host, allowing information to be intercepted, or even malicious data to be sent back to the app.
Citizen Lab researcher Jeffrey Knockel says he found the vulnerability not only regarding health data, but also with other important services in the app. This includes the app service that processes all file attachments as well as transmitted voice audio.... The expert says he also discovered that for some services, data traffic in the app is not encrypted at all. This means that the metadata of the app's own chat service can easily be read by hackers.
It also found that the app had an inactivated “censorship keyword list,” a “reporting function that allows users to report other users if they consider a chat message to be dangerous or dubious.” One option that could have been chosen (had the function been turned on) was “‘politically sensitive content,’ a phrase that is typically used in China to describe censored topics.”
DW reported that Citizen Lab confidentially reported these findings to the Beijing Organizing Committee on December 3, 2021. Citizen Lab’s cybersecurity experts, the news article said, conducted an audit on January 17 that found that “no changes were made to address the concerns raised over security vulnerabilities and the list of ‘illegal words.’”
** 'A simpler explanation'
------------------------------------------------------------
Citizen Lab screenshots of the My2022 app
Citizen Lab (1/18/22 ([link removed]) ) found that the My 2022 app's "widespread lack of security is less likely to be the result of a vast government conspiracy but rather the result of a simpler explanation such as differing priorities for software developers in China."
However, when one actually reads the full Citizen Lab report ([link removed]) (1/18/22 ([link removed]) ) that DW and other Western media outlets selectively cited, one quickly discovers that this reporting contained significant omissions that made My 2022’s alleged vulnerabilities seem more malicious and deliberate than they were described in the original report.
For example, Citizen Lab’s report claims that while it’s “reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence,” it also argues that “the case for the Chinese government sabotaging My 2022’s encryption is problematic” for several reasons:
For instance, the most sensitive information being handled by this app is submitted in health customs forms, but this information is already being directly submitted to the government, and thus there would be little instrumental rationality in the government intercepting their own data, as weaknesses in the encryption of the transmission of this information would only aid other parties. While it is possible that weakness in the encryption of health customs information was collateral damage from the intentional weakening of the encryption of other types of data that the Chinese government would have an interest in intercepting, our prior work suggests that insufficient protection of user data is endemic to the Chinese app ecosystem. While some work has ascribed intentionality to poor software security discovered in Chinese apps, we believe that such a widespread lack of security is less likely to be the result of a vast government conspiracy but rather the result of a simpler explanation,
such as differing priorities for software developers in China.
In other words, Citizen Lab offered plausible reasons for why My 2022’s developers left alleged security vulnerabilities to enhance functionality that have nothing to do with a malicious Chinese government conspiracy to spy on foreign delegations. Citizen Lab also pointed out that the most sensitive information about athletes would already be directly submitted to the Chinese government for Covid containment purposes, so there would be little point in using My 2022 for espionage purposes.
Ultimately, Citizen Lab concluded:
While we found glaring and easily discoverable security issues with the way that My 2022 performs encryption, we have also observed similar issues in Chinese-developed Zoom, as well as the most popular Chinese Web browsers. My 2022’s functionality to report other users for “politically sensitive” expression is common in other Chinese apps, and, while we found bundled a list of censorship keyword terms capable of stifling political expression, such lists are near ubiquitous in Chinese chat apps, live streaming apps, mobile games and even open source software. In light of previous work analyzing popular Chinese apps, our findings concerning MY2022 are, while concerning, not surprising.
Citizen Lab’s arguments and conclusions undermine the conspiratorial tone in Western media coverage, which might be why they were omitted, with the opposite impression conveyed through cherry-picked quotes. Outlets like the CBC (1/18/22 ([link removed]) ), Quartz (1/20/22 ([link removed]) ) and the Washington Post (1/20/22 ([link removed]) ) focused on Citizen Lab’s “worst case scenarios” of all internet traffic potentially being intercepted, warning people to “pack burner digital devices” to evade the “‘devastating flaw’ that could expose users’ medical and passport information.”
Aside from a few exceptions like the Associated Press (1/18/22 ([link removed]) ), which correctly noted there “was no evidence that the easily discoverable security flaws in the MY2022 app were placed intentionally by the Chinese government,” the Chinese state media outlet CGTN (1/28/22 ([link removed]) ) offered more nuanced reporting, citing the major thrust of Citizen Lab’s conclusions that were omitted from most Western media accounts, where they would have contradicted the lurid narrative.
** 'Two software patches ago'
------------------------------------------------------------
There is one apparent error in Citizen Lab’s report. The group calls My 2022 “an app required to be installed ([link removed]) by all attendees to the 2022 Olympic Games,” a claim repeated in Western media reports on My 2022’s alleged vulnerabilities. The link provided leads to a report by Fortune (12/7/22 ([link removed]) ) that states attendees are “mandated to download a health app called ‘My 2022’ to input personal information and health records,” with no source provided to substantiate this claim.
But the International Olympics Committee (IOC) has directly refuted ([link removed]) this claim, noting that it is not mandatory for attendees to download the app, and that the app’s settings can be configured to disable access to “‘files and media, calendar, camera, contacts,’ as well as a user's location, their phone and their phone's microphone.” The IOC has also noted ([link removed]) that the app has been validated by Apple’s App Store and the Google Play Store, in addition to passing two independent assessments by cybersecurity testing organizations that found “no critical vulnerabilities.”
NBC: Experts warn Olympics participants: China doesn't need an app to spy
NBC (2/8/22 ([link removed]) ) debunked the My 2022 scare stories--but still warned Olympians to be afraid.
Later, in early February, Citizen Lab (NBC, 2/8/22 ([link removed]) ) noted its concerns about My 2022 were addressed “several weeks and two software patches ago,” after the developers reached out after the initial paper was published and sought advice on how to fix the identified problems. All of this indicates that there is no basis for the claim My 2022 was used by the Chinese government to spy on foreign delegations.
However, NBC argued that “focusing on that single smartphone app is a red herring” in “the context of China’s larger appetite for the personal data of people around the world.” It provided no evidence of China’s alleged appetite for the personal data of people outside its borders, instead relying on resurgent Yellow Peril hysteria in Western countries to suggest that it must be true.
Another claim about My 2022 that has gone viral on social media, spread by popular podcast host Joe Rogan ([link removed]) and Washington Post columnist Josh Rogin ([link removed]) , is the allegation that the app constantly records audio ([link removed]) on users’ phones ([link removed]) . This was debunked by numerous experts ([link removed]) , like Will Strafach ([link removed]) , the creator of an iPhone app that blocks location trackers, who looked at My 2022’s code and found that there was nothing beyond an overt translation function that could activate the phone’s
microphone.
** More evidence-free espionage claims
------------------------------------------------------------
Business Insider: Everything you need to know about Huawei, the Chinese tech giant accused of spying that the US just banned from doing business in America
Business Insider (3/16/19 ([link removed]) ): "The US has upped its fight in the last year against Huawei, which it suspects of spying for the Chinese government and posing a great risk to US national security."
The evidence-free allegations promoted by Western media about supposed Chinese cyberespionage at the Olympics fit into a larger pattern of claims that Chinese technology is inherently compromised and engineered to serve as spyware by the Chinese government.
Numerous headlines alleged that Huawei, a Chinese multinational tech corporation that created the world’s first 5G smartphone, was conducting espionage on behalf of the Chinese government:
* Forbes (2/26/19 ([link removed]) ): “Huawei Security Scandal: Everything You Need to Know”
* Fox (2/13/20 ([link removed]) ): “US Accuses Huawei of Spying on Mobile Phone Users”
* NBC (2/14/20 ([link removed]) ): “US Officials: Using Huawei Tech Opens Door to Chinese Spying, Censorship”
* Business Insider (3/16/19 ([link removed]) ): “Everything You Need to Know About Huawei, the Chinese Tech Giant Accused of Spying That the US Just Banned From Doing Business in America”
Huawei had been cleared of accusations of espionage as early as October 2012, after the White House ordered an 18-month review of security risks by suppliers to US telecommunications companies. The inquiry found no evidence that the company was an espionage asset, although predictable concerns about nebulous “security vulnerabilities” were raised (Reuters, 10/17/12 ([link removed]) ).
In more recent years, Australian officials ([link removed]) led the way in getting Western governments like the US to ban Huawei’s technology ([link removed]) on national security grounds, after conducting simulations on the offensive espionage potential of 5G technology (Sydney Morning Herald, 5/22/19 ([link removed]) ). However, when one reads past sensationalist headlines and looks for evidence that Huawei is conducting espionage on behalf of the Chinese government, one comes up dry.
For instance, the Wall Street Journal’s report headlined “US Officials Say Huawei Can Covertly Access Telecom Networks” (2/12/20 ([link removed]) ) cited anonymous US officials claiming that Huawei "can covertly access mobile-phone networks around the world through ‘backdoors’ designed for use by law enforcement.” When one reads further down, however, the Journal admitted that the officials “didn’t provide details of where they believe Huawei is able to do so,” and that they “declined to say” whether the US has observed Huawei taking advantage of these supposed backdoors.
This is consistent with the US government’s assumption that it doesn’t need to show proof of malicious activity by Huawei; it’s a Chinese company, and therefore could be ordered to install backdoors or share data with the Chinese government, despite denials by both Huawei and the Chinese government of those allegations (Wall Street Journal, 1/23/19 ([link removed]) ). In the absence of evidence, the US government has relied on asking foreign governments to shun Huawei’s technology based on speculative “what if” scenarios (Axios, 1/30/20 ([link removed]) ).
Critics of baseless US government accusations have argued that it wouldn’t make sense for China to jeopardize their own business interests by spying through Huawei’s technology, because the US and other Western countries are China’s best customers, aside from its domestic market, and it would be catastrophic if espionage were ever discovered (ZDNet, 5/20/19 ([link removed]) ). This might be why Huawei has stated they are willing to sign “no spy” agreements to reassure suspicious governments that there are no backdoors in their technology (BBC, 5/19/19 ([link removed]) ).
But one doesn’t need to take Huawei or the Chinese government’s word for it, as other Western governments have confirmed there is no evidence for the US government’s allegations. The British National Cyber Security Centre (NCSC) reported that they haven’t seen any evidence of malicious activity by Huawei, contradicting evidence-free US government allegations ([link removed]) (Reuters, 2/20/19 ([link removed]) ).
Although German spy chief Bruno Kahl claimed that Huawei “can’t be fully trusted ([link removed]) ,” he didn’t cite any evidence of malicious activity by Huawei, and the head of Germany’s IT watchdog (Federal Office for Information Security), Arne Schönbohm, stated they had “no evidence” of Huawei conducting espionage (The Local, 12/16/18 ([link removed]) ). France’s cybersecurity chief, Guillaume Poupard, the head of the national cybersecurity agency ANSSI, stated that “there is no Huawei smoking gun as of today in Europe” (South China Morning Post, 1/31/20 ([link removed]) ).
** 'Is TikTok Spying on You?'
------------------------------------------------------------
CBS: How TikTok could be used for disinformation and espionage
Because of TikTok, a Heritage Foundation analyst told CBS (11/15/20 ([link removed]) ), if China "were to try and source a human-intelligence asset, well, they know the exact type of legend or profile that they need to have."
Other speculative headlines about Chinese cyberespionage revolved around the popular social media app TikTok:
* Washington Post (7/13/20 ([link removed]) ): “Is it Time to Delete TikTok? A Guide to the Rumors and the Real Privacy Risks.”
* Forbes (7/25/20 ([link removed]) ): “Is TikTok Spying on You For China?”
* Bloomberg (5/13/21 ([link removed]) ): “A Push-Up Contest on TikTok Exposed a Great Cyberespionage Threat”
* CBS (11/15/20 ([link removed]) ): “How TikTok Could Be Used for Disinformation and Espionage”
Although these headlines suggest that the Chinese government is using the video sharing platform to spy on users, when one actually reads these reports, it becomes apparent that there is no evidence that TikTok takes more data from users than other social media apps like Facebook, or that it shares that data with the Chinese government.
CBS (11/15/20 ([link removed]) ) cited numerous claims from experts they contacted about how China could potentially share data with the Chinese government or “push disinformation” through the “For You” page on the app that recommends videos--though it doesn’t mention a single instance where TikTok actually did such those things. Forbes (7/25/20 ([link removed]) ) admitted that despite “all the talk, there is no solid proof that TikTok sends any data to China, there is no solid proof that any information is pulled from users’ devices over and above the prying data grabs typical of all social media platforms.” Although Bloomberg (5/13/21 ([link removed]) ) stated that claims of cyberespionage are difficult to
verify, it acknowledged there’s “no publicly available evidence that TikTok has passed American data to Chinese officials.” The Washington Post (7/13/20 ([link removed]) ) concluded that “TikTok doesn’t appear to grab any more personal information than Facebook,” and there is “scant evidence that TikTok is sharing our data with China.”
Critics of the insinuations ([link removed]) used by US government officials to try to ban TikTok on national security grounds have argued that “TikTok isnot fundamentally different from other social media platforms ([link removed]) ,” as DW editor Fabian Schmidt (8/8/20 ([link removed]) ) put it. It is of “no importance in the end who runs the platforms where people choose to put themselves on stage,” Schmidt argued, since the users themselves are “primarily responsible for protecting their own data on social media.”
However, people need not take TikTok’s word that it is not spying on behalf of the Chinese government, as groups from Citizen Lab to the CIA have concluded that there’s no evidence that Beijing has intercepted data or used the app to access users’ devices (South China Morning Post, 3/23/21 ([link removed]) ; New York Times, 8/7/20 ([link removed]) ).
These accusations of Chinese hardware and software conducting espionage on foreigners on behalf of the Chinese government are ironic, since there is more evidence of the US government spying on Huawei ([link removed]) , and using Huawei’s technology ([link removed]) to spy on others, than there is of Huawei spying for the Chinese government. And Washington has been caught inserting secret backdoors on US hardware and embedding software on mobile apps to spy on and keep track of people’s movements, while the NSA spies on Americans and people abroad operating on a “collect it all ([link removed]) ” ethos (Der Spiegel, 12/29/13 ([link removed]) ; Wall Street Journal, 8/7/20
([link removed]) ).
** Motives to sully Chinese tech
------------------------------------------------------------
Breakthrough News: Why They’re Telling You to Fear China All of a Sudden
Breakthrough News (10/28/20 ([link removed]) ): "China hysteria has become a weapon of mass distraction for the US political establishment."
Journalist Vijay Prashad (Breakthrough News, 10/28/20 ([link removed]) ) has pointed out that the US information war on China ([link removed]) has intensified in recent years, as China’s technology industry has either become a peer competitor to or surpassed the US in certain sectors. Huawei once surpassed Apple ([link removed]) as the second-largest smartphone maker in 2018, and TikTok is one of the most popular social media apps ([link removed]) in the US.
Similar Yellow Peril propaganda campaigns ([link removed]) were waged by the US against Japan in the 1980s, with familiar tropes ([link removed]) of alleged unfair trading practices ([link removed]) when Americans were anxious regarding Japan’s rising economy as a peer competitor, noting their dominance in exporting technology like cars, computers and semiconductors. Japan's economy is widely believed ([link removed]) to have been sabotaged ([link removed]) by the 1985 Plaza Accord ([link removed]) Tokyo was pressured to sign by the US.
Despite racist insinuations that China isn't capable of innovating ([link removed]) and claims that its success stems primarily from stealing intellectual property ([link removed]) from the US, China is now in the lead regarding 5G (and potentially 6G mobile technology ([link removed]) ) and artificial intelligence ([link removed]) , and has had a lead over the US in global patent filings ([link removed]) since 2019. China's status as a competitor to the US and emerging leader in the tech industry has even led US Secretary of
Commerce Gina Raimondo to say that the US and Europe should work together to "slow down China's rate of innovation" (CNBC, 9/28/21 ([link removed]) ).
But whereas other East Asian countries like South Korea ([link removed]) and Japan ([link removed]) are politically subordinate to the US, in addition to having much smaller economies, China is politically independent of the US, and has already surpassed the US’s GDP ([link removed]) when measured in purchasing power parity terms. Western corporate media thus have less incentives to vilify those countries compared to China, since they will not be independent countries capable of rivaling the US anytime soon.
It is admittedly possible that the Chinese government is lying about not trying to conduct cyberespionage on foreign delegations at the Olympics, or spying on people through Huawei’s technology and social media platforms like TikTok. But Western media insistence on potential cyberespionage hazards are accusations without evidence. The US’s hybrid war on China includes diplomatically isolating ([link removed]) it in world events like the Olympics, and unsubstantiated allegations of nebulous security vulnerabilities can be used to smear and sabotage China’s increasingly competitive tech industry as well.
Read more ([link removed])
Share this post: <a rel="nofollow" target="_blank" href="[link removed]" title="Twitter"><img border="0" height="15" width="15" src="[link removed]" title="Twitter" alt="Twitter" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="Facebook"><img border="0" height="15" width="15" src="[link removed]" title="Facebook" alt="Facebook" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="Pinterest"><img border="0" height="15" width="15" src="[link removed]" title="Pinterest" alt="Pinterest" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="LinkedIn"><img border="0" height="15" width="15" src="[link removed]" title="LinkedIn" alt="LinkedIn" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="Google Plus"><img border="0" height="15" width="15" src="[link removed]" title="Google Plus" alt="Google Plus" class="mc-share"></a>
<a rel="nofollow" target="_blank" href="[link removed]" title="Instapaper"><img border="0" height="15" width="15" src="[link removed]" title="Instapaper" alt="Instapaper" class="mc-share"></a>
© 2021 Fairness & Accuracy in Reporting. All rights reserved.
You are receiving this email because you signed up for email alerts from
Fairness & Accuracy in Reporting
Our mailing address is:
FAIRNESS & ACCURACY IN REPORTING
124 W. 30th Street, Suite 201
New York, NY 10001
FAIR's Website ([link removed])
FAIR counts on your support to do this work — please donate today ([link removed]) .
Follow us on Twitter ([link removed]) | Friend us on Facebook ([link removed])
change your preferences ([link removed])
Email Marketing Powered by Mailchimp
[link removed]
unsubscribe ([link removed]) .
Message Analysis
- Sender: Fairness & Accuracy In Reporting (FAIR)
- Political Party: n/a
- Country: United States
- State/Locality: n/a
- Office: n/a
-
Email Providers:
- MailChimp