The FBI on Tuesday advised all participants in the Beijing Olympics not to use their own electronic devices. In recent weeks, warnings against the use that China could make of digital surveillance devices have multiplied. Starting with… the official Olympics app.
All to your prepaid, disposable phones. The FBI strongly suggestedTuesday 1er February, athletes and others attending the Beijing Olympics to leave their smartphones at home.
Without citing any specific risk, the famous American intelligence agency saw fit to add its voice to the growing chorus of warnings, while the Olympics begin in two days. “You have to remain vigilant and be aware of the digital environment [sur place]“, specified the FBI. The agency thus echoes in particular the American athletics federation, which had made the same recommendation to these athletes a week ago.
Big Brother is in the app
China is, in fact, renowned for its use of digital weapons to control the information circulating on the networks and monitor entire sections of its population. The facial recognition, artificial intelligence used for censorship purposes or the almost systematic filing of the Uyghur minority are part of the arsenal of what NGOs like Human Rights Watch call the first “digital dictatorship“.
For the Olympic Games, it is the official MY2022 application that crystallizes criticism of the risk of “made in China” cyber-surveillance. This mandatory application for anyone who wants to attend or participate in the Olympics is a kind of health passport on steroids. In addition to data relating to the Covid-19 epidemic (vaccination status, results of daily PCR tests, etc.), it also contains information on the identity of its user, tourist advice, the possibility of storing files and a voice and text messaging service.
Developed by the Beijing Olympic Games Organizing Committee, this application will therefore be a real gold mine for anyone who has access to it. The problem is that it seems quite easy for the first cyberspy to get all this data, discovered the CitizenLab, a famous research center at the University of Toronto.
“This application has vulnerabilities with devastating effects for the security of data exchanged or stored on MY2022”, summarize the researchers from CitizenLab, who published a technical analysis of the security flaws on January 18.
Information sent from the app – whether via the messaging service or health data like PCR test results – is not properly encrypted. A person with access to the wifi network used by athletes can thus read, or almost, what the participants in the Olympic Games (athletes, journalists, coaches, etc.) are doing on MY2022.
The application does not check, moreover, if the data transmitted have arrived safely. In other words, the personal information supposed to be sent, for example, to the organizers of the Olympics may very well end up in the hands of another organ of the Chinese regime without “the user being informed”, summarizes the CitizenLab. .
In the eye of censors like hackers
These experts also discovered a file in the application containing a list of 2,442 “illegal words”. Phrases like “the Chinese Communist Party is evil”, proper nouns like “Xi Jinping” or “Xinjiang” (the region where the Uyghurs live), slurs like “the Chinese are all dogs” or “the Jews are pigs” are on that long list of terms to ban.
Again, “these are common practices in most Chinese applications in order to control what is said on the Internet”, recalls the CitizenLab. In MY2022, nothing seems, for the moment, to activate this list in order to censor discussions. But maybe an update to the application just before the start of the Olympics will allow the authorities to use it.
There is no evidence that these vulnerabilities were intentionally inserted by the developers, but regardless, they put Olympics participants at “significant risk”, assures the New York Times. Chinese censors are probably not the only ones interested in what Olympic champions are doing on their smartphones. Such gross flaws can be exploited by cybercriminals eager to get their hands on the information of athletic stars. They can then blackmail them or usurp their identity online, specifies the American daily.
But MY2022 is not the only problem. “The data provided during the visa application will allow the authorities to create files in order to classify each athlete in one of the following categories: those who have espoused views that the Chinese Communist Party considers dangerous (in favor of human rights, Tibet, the cause of homosexuals, for the independence of Hong Kong) and those who can be considered as ‘friends of China'”, summarizes Nicholas Eftimiades, American specialist in Chinese intelligence operations , in a column published by the site The Diplomat.
For him, those in the first category risk being subjected to more extensive electronic surveillance. To do this, there is not only MY2022. The Olympic Village is full of surveillance cameras. The authorities have also promised that all those who reside there will have access to a Western-style Internet… that is to say without the restrictions imposed on common Chinese, who cannot consult Facebook, Twitter or some of the international media.
But to do this, athletes must go through VPN services (virtual networks) and operators validated by Beijing, suspected of providing a list of sites visited to the authorities. These are companies like iFlytek, “renowned for working closely with state security services,” said Nicholas Eftimiades.
Why go to so much trouble monitoring the electronic tribulations of athletes in China? After all, they don’t have the reputation of being among the “most openly politically engaged” individuals, notes the Washington Post. Especially since they will be “most of the time confined to the Olympic village” anyway, adds Nicholas Eftimiades.
For this expert, it is simply a matter of image. In 2008, China had planned several spaces for possible demonstrations during the Olympics of the time. Proof that she did not want to appear, at the time, as the big bad censor.
Nothing like this this time. And the fact that Beijing has put everything in place to be able to anticipate the fact that an athlete is planning, for example, to stand on a podium wearing a T-shirt in the colors of Tibet, proves how much the context has changed. China assumes to pass for Big Brother if it allows it to have the smoothest Olympics possible.
Even human rights NGOs are aware of this hardening. “Silence can be a form of complicity, but we advise athletes to be silent during the event and to speak only once they have returned home”, told the Guardian Rob Koehler, director of Global Athlete, an association that campaigns for athletes to be more engaged. Yaqiu Wang, a researcher for Human Rights Watch, added that “what had happened to Peng Shuai [une joueuse de tennis qui a disparu après avoir accusé un cadre du régime d’agression sexuelle, NDLR] was a good indicator of what athletes risk if they speak up.”