Athlete surveillance warnings cloud China’s Winter Olympics
Researchers have said a virus-monitoring app all Winter Olympics attendees must use has a ‘simple but devastating’ encryption flaw.
BEIJING: A growing number of Western nations and cybersecurity groups have issued digital surveillance warnings for next month’s Winter Olympics in Beijing, with some advising foreign athletes to leave personal phones and laptops at home.
China hopes to pull off a successful, coronavirus-free Games that will burnish its international reputation.
But the run-up has been fraught with political controversies including diplomatic boycotts over Beijing’s rights record and worries about the safety of tennis star Peng Shuai, who was not seen for weeks after accusing a former Communist Party leader of sexual assault.
Now concerns are focusing on whether the tens of thousands of foreign athletes, dignitaries and media workers will be safe from China’s vast array of surveillance tools.
Everyone taking part in the Games will operate in a bubble that separates them from the rest of the population, to reduce the chances of the coronavirus spreading into China, which sticks to a strict zero-Covid policy.
Earlier this week, researchers at the University of Toronto’s Citizen Lab said a virus-monitoring app all attendees must use was found to have a “simple but devastating” encryption flaw that could allow personal data including health information and voice messages to leak.
Citizen Lab said it notified Beijing organisers of the issues in early December, but received no reply.
“China has a history of undermining encryption technology to perform political censorship and surveillance,” researcher Jeffrey Knockel wrote.
“As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence.”
Canberra-based cybersecurity firm Internet 2.0 also warned in a recent report that official Games software — including a VPN and an anti-virus product — from two of the event’s Chinese tech sponsors could potentially collect troves of user data without their knowledge.
– Burner phones –
The Beijing Winter Olympic Organising Committee told AFP that cyber-threat allegations “have zero evidence and concerns are totally unnecessary”, adding that “relevant information is only used for the Olympic and Winter Olympic Games”.
The International Olympic Committee has also dismissed the Citizen Lab claims, citing assessments from two unnamed cybersecurity organisations which “confirmed that there are no critical vulnerabilities”.
But such assurances have done little to mollify some Western teams.
National Olympic associations in the United States, Canada, the United Kingdom and Australia have advised athletes to leave their personal devices at home and use temporary burner phones if possible while in China for the Games.
“We’ve reminded all Team Canada members that the Olympic Games present a unique opportunity for cybercrime,” the Canadian Olympic Committee said in a statement, adding it warned athletes to be “extra diligent”.
Dutch and Belgian media reported last week that their athletes had been given similar advice. Australia will provide its own Wi-Fi for athletes in designated areas, Bloomberg reported.
Some of these countries have joined a growing diplomatic boycott of the Games that has incensed China. Other European nations are unruffled. The Spanish and Italian Olympic committees told AFP they had given no specific advice to athletes on cybersecurity.
– ‘Uncensored does not mean unmonitored’ –
China maintains the world’s most sophisticated digital tools to monitor and censor the internet for its citizens, keeping the online world behind a “Great Firewall” and blocking major Western platforms such as Twitter, Facebook and YouTube.
It has previously provided uncensored internet access to guests at international events on Chinese soil.
The IOC has said China will give athletes and accredited foreign journalists uncensored internet access through Wi-Fi networks and official SIM cards.
State-owned China Unicom will provide 5G data SIM cards to incoming foreign journalists, according to an article on the news site of the Ministry of Industry and Information Technology.
But analysts fear such Wi-Fi networks could still pose potential cybersecurity threats to users, such as surveillance and personal data theft.
It is common practice for foreign diplomats to leave behind personal phones when visiting China on work trips for the same reasons.
“It would be a good assumption that connecting to public Wi-Fi in the bubble is not safe — that the Ministry of Public Security and the Ministry of State Security could have access to the data,” said Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York.
Robert Potter, co-founder of Internet 2.0, agreed that caution was reasonable, saying that “the surveillance state does not have an exception clause for athletes”.
“Uncensored does not mean unmonitored,” he told AFP. “I don’t know of anyone who has entered China who has not been subject to some level of electronic surveillance.”