Olympic Athletes Advised to Leave Phones at Home to Dodge Spying
(Bloomberg) -- Beyond Omicron and gold medal tallies, athletes arriving in China’s capital for the Winter Games next month may have one more thing to worry about: is it safe to access the internet?
Beijing has promised the world’s top athletes access to a partially unfettered internet during the Olympics starting Feb. 4, dropping the Great Firewall that blocks services like Facebook and YouTube at official venues and hotels. But security experts say there are reasons to exercise caution.
Chinese companies that specialize in data collection, surveillance and artificial intelligence are among the official sponsors and suppliers for the Winter Olympics. Washington and its allies have accused some of the corporations providing networking and data management, including Huawei Technologies Co. and Iflytek Co., of potentially being used for espionage or surveillance of minorities in Xinjiang. Huawei and its peers deny those allegations, but cybersecurity consultants warn that those systems will subject athletes to the same kind of surveillance, movement tracking and monitoring that most Chinese citizens deal with.
Among the concerns is the risk that state actors or criminals could use the designated Wi-Fi bubbles to snoop on private communications or even install malware and other vulnerabilities onto personal devices. That could in turn open up contacts -- both sporting and political -- to subsequent attack.
A growing number of delegations are taking that potential threat seriously. Australia, Belgium, the Netherlands and Canada are among the delegations that are advising athletes to keep their devices off Wi-Fi networks and use burner phones if possible. And the U.S. has issued a warning to American athletes that their devices may also be compromised with malicious software, with unknown consequences for future use.
“My advice to athletes would be to go buy a cheap second phone and don’t use your principal iPhone or Android system,” said Larry Diamond, senior fellow at the Hoover Institution at Stanford University. “We don’t know where this is headed. The only thing we know is that China is constructing the most sophisticated authoritarian digital surveillance state, and I don’t think people should be blasé in taking their equipment to interact with that.”
The Beijing committee has rejected the reported advice given to athletes, saying, “This is completely groundless and these concerns are wholly unnecessary.” The committee said China had passed several cybersecurity laws that provided protections for privacy and data security for its citizens and foreign visitors.
China’s government blocks swaths of the internet to maintain control over public discourse at home. Its dropping that blockade as part of a pledge to put on a “simple, safe and splendid” games -- an opportunity for the country to showcase its rising economic and political prowess.
But its alleged track record of drafting companies in widespread surveillance, such as by keeping tabs on minorities in Xinjiang, has raised alarm bells. Athletes with global profiles represent high-value targets for cyberspies and bad actors and may be opening their devices up to long-term tracking, Diamond said.
It’s a risk because of “the broad data collection culture associated with surveillance in China,” said David Robinson, co-founder of cybersecurity company Internet 2.0. “If athletes do not want the Chinese government to be able to identify their normal phone, then using a new phone will shield the collection of sensitive data.”
One of the 5G technology suppliers is Huawei, the company blacklisted by the U.S. and others that lies at the heart of growing Washington-Beijing tensions. That’s in cooperation with official telecommunication provider China Unicom Beijing, whose parent is on the Treasury Department’s list of sanctioned Chinese military-industrial complex companies. Another is Iflytek, the exclusive supplier of automatic speech transcription, which was added to a U.S. blacklist in 2019 -- prohibiting the sale of American technology without approval -- for involvement in human rights abuses in Xinjiang. It will use artificial intelligence and big data “to provide real-time analysis and resource allocation” for Olympics-related facilities and events, Iflytek said on its website.
The games’ official anti-virus software provider, Qi An Xin, will run a central hub offering “full coverage and high-quality network security,” the company said in a statement. Its majority shareholder, Qi Xiangdong, is a co-founder of Qihoo 360, sanctioned in 2020. Qi An Xin will have visibility over data that crosses the network -- including overseas traffic, said Robinson. In an analysis of Qi An Xin’s mobile protection software, Internet 2.0 reported that “a significant amount of user data is being collected by the software.” Qi Xiangdong parted ways with Qihoo 360 in 2019.
Representatives for Huawei and Iflytek didn’t respond to requests for comment. Qi An Xin said it has no shareholder or business relationship with Qihoo and deferred requests for information to Beijing’s Olympic committee.
Another company, Kingsoft Office Software, is supplying office software for the games, according to its website. The company was one of those targeted in an executive order by former President Donald Trump in 2021, when he banned U.S. transactions with several Chinese applications including WeChat Pay and Alipay, over concerns of mass collection of personal data. The order was revoked months later by President Joe Biden, who instead ordered a review into the national security risks of the apps.
A representative for Kingsoft didn’t respond to a request for comment.
Some countries have already taken precautions. Australia will provide its own Wi-Fi “in areas allocated to us which is being provided by our IT branch,” an Australian Olympic Committee spokesperson said. Belgium has recommended that their athletes not bring personal electronic devices to China.
Dutch athletes have received similar warnings. And Team Canada members have been reminded that the games “present a unique opportunity for cybercrime,” the Canadian Olympic Committee said in a statement. It too is recommending its athletes leave personal devices at home and to limit the personal information stored on devices they bring to China.
“In regards to the so-called national security questions regarding Huawei, Iflytek and other tech companies, China’s relevant departments have already repeatedly refuted this issue, but the U.S. has continued to use this as a pretense to suppress Chinese high-tech companies,” the Beijing committee said in an email. “This kind of bullying is bound to be increasingly resisted and opposed by the international community.”
The committee also addressed questions about My2022, a multi-purpose app through which participants upload their health status daily for two weeks before the Games begin. Citizen Lab, a research group at the University of Toronto, said in a report released Tuesday that flaws in the app’s encryption technology could connect it with a malicious host, or allow interception of information transmitted.
The Beijing committee said My2022 had “passed the examination of overseas mobile application markets such as Google, Apple and Samsung” to feature in their stores, and users had the ability to turn off permissions for the app to access other features on their devices.
©2022 Bloomberg L.P.