China Dismisses Concerns About Olympic Participants’ Cyber Security

By Patrick Goodenough | January 19, 2022 | 4:26am EST
A visitor in Beijing takes pictures of logos for the 2022 Winter Olympic Games. (Photo by Wang Zhao/AFP via Getty Images)(Photo by Wang Zhao/AFP via Getty Images)
A visitor in Beijing takes pictures of logos for the 2022 Winter Olympic Games. (Photo by Wang Zhao/AFP via Getty Images)(Photo by Wang Zhao/AFP via Getty Images)

(CNSNews.com) – The Chinese government has slapped down criticism after several countries’ national Olympic committees advised their athletes not to take personal mobile devices to Beijing for the upcoming Winter Games due to hacking and surveillance risks.

Organizers of the controversial games defended the security of a mobile app which all participants and attendees are required to download and use. Expert researchers in Canada have raised concerns about “a simple but devastating flaw” in the Chinese-designed app, which will hold users’ demographic information, health and travel history, and other personal data.

Athletes from the United States, Canada, Germany, the Netherlands, Belgium, and Australia, among others, are being counseled not to use personal phones or laptops in Beijing during the games.

The Wall Street Journal recently reported that the U.S. Olympic and Paralympic Committee advised athletes in recent months that “every device, communication, transaction and online activity may be monitored” while they are in China.

“Your device(s) may also be compromised with malicious software, which could negatively impact future use.”

The report said members of Team USA should consider taking cheap, disposable phones along instead.

With reports of similar advice from other countries’ national committees, Chinese foreign ministry spokesman Zhao Lijian was invited to comment.

“By raising the so-called cybersecurity issue in China, relevant countries, who are guilty of the charge themselves, are accusing the innocent party without any evidence,” he said, alluding to Beijing’s often-stated charge that it is the victim, not the perpetrator, of cyberattacks.

The Chinese Communist Party oversees one of the world’s most intrusive systems of Internet control and censorship, sometimes dubbed the “Great Firewall.”

As the coronavirus pandemic continues, the protocols for the tightly-managed Winter Olympics include a requirement that all participants download and use the “MY2022” app.

Among other things, it includes a Health Monitoring System (HMS) that carries vaccination data and manages daily health checks and regular COVID-19 testing.

All Beijing Olympics participants are expected to download and use the 'MY2022' app.  (Image: Screengrab)
All Beijing Olympics participants are expected to download and use the 'MY2022' app. (Image: Screengrab)

This week, researchers at Citizen Lab, a project focused on Internet censorship and human rights at the Munk School of Global Affairs and Public Policy at the University of Toronto, published a report on its findings regarding the security of the app, whose functions include voice audio chat, file transfers, and news and weather updates.

 

They found that flaws in the app’s encryption left users’ data vulnerable to hacking.

The app fails to validate SSL certificates – pieces of code that provide security for online communication – which means that it “can be deceived into connecting to a malicious host while believing it is a trusted host, allowing information that the app transmits to servers to be intercepted.”

Citizen Lab says its previous work “suggests that insufficient protection of user data is endemic to the Chinese app ecosystem.”

Chinese state media quoted a spokesperson for the 2022 Games organizing committee as saying in response to criticism that all of the committee’s actions abide strictly by China’s laws on personal information protection.

The CCP mouthpiece Global Times cited the spokesperson as saying that “athletes are advised to voluntarily download My 2022 app on their phones as it provides information on weather, catering, accommodation, traffic, event news and medal list.”

Despite that claim that use of the app is voluntary, the official document known as the Beijing Playbook suggests that it is a mandatory requirement.

“If you are an overseas accredited Games participant, you will have to download ‘My 2022’ and log in to the HMS at least 14 days before travelling to China,” it states. “You will be required to check your health status daily for 14 days before travelling and report your health status during your entire stay in China.”

The requirement applies not only to athletes, but also to traveling family members, support staff, press representatives and broadcasters. (It does say that app functions can also be accessed via a web browser on a PC.)

In a statement on Tuesday the International Olympic Committee also defended the app, saying that its use was not mandatory, and that two independent cybersecurity testing organizations had found it to have “no critical vulnerabilities.”

‘Embolden the actions of the Chinese authorities’

Meanwhile the fact the February 4-20 games are going ahead in a country whose government stands accused of genocide, crimes against humanity, widespread religious freedom violations, and the stifling of democracy in Hong Kong, continues to cause controversy.

More than 250 human rights groups have put their names to a letter calling on U.N. Secretary General Antonio Guterres to disavow his decision to attend the opening ceremony, noting that U.N. human rights experts have been urging the international community to “act collectively and decisively to ensure China respects human rights.”

“Your participation would undermine the United Nations’ efforts to hold China accountable and go against the core principles enshrined in the Universal Declaration of Human Rights and relevant treaties,” the letter said.

“Furthermore, as the highest representative of the U.N., your attendance will be seen as credence to China’s blatant disregard for international human rights laws and serve to embolden the actions of the Chinese authorities.”

Guterres confirmed earlier this month that he plans to attend the opening ceremony, telling reporters the event “symbolizes the role of sports in bringing people together and in promoting peace.”

“It is in this strict context and without any political dimension that I intend to be present in the opening – with this message that Olympic Games must be an instrument for peace in the world," he said.

The United States, Britain, Australia, Canada, Japan, Lithuania, and Denmark are among the governments that are supporting a diplomatic boycott of the games – meaning athletes will participate but government officials will stay away – over Beijing’s human rights record.

MRC Store