Taiwan's communications regulator, the National Communications and Communications Commission (NCC), recently announced that seven apps built into a Xiaomi 5G phone can automatically review more than 2,000 "politically sensitive words", as well as block Internet access or link related issues. Doubts about the return of the browsing history. Although Xiaomi denies and emphasizes that it will not restrict users' personal behavior. However, experts say that the digital surveillance network that the CCP has built in China through Chinese companies has long been no secret, and now the target of surveillance may have extended to overseas Chinese. If personal information monitored by mobile phones is sent back to China, it may become irrefutable evidence for the CCP to prosecute or frame the public in the future.
Taiwan's National Communications Commission (NCC) announced on January 6 an information security sampling test report on built-in software in smartphones. Among them, five mobile phones of Chinese brands with high sales in the second half of 2020 failed the initial test. After improvement, it will pass the retest. Of the ten mobile phones of different brands sent for testing in the first half of 2021, only the American brand Apple iPhone 12 passed the information security requirements. Among them, the Xiaomi Mi 10T 5G mobile phone sold in Taiwan was found to have an automatic censorship function for politically sensitive words in its built-in software. And there may be doubts about the return of information.
CCP censors "sensitive words"?
The Xiaomi Mi 10T 5G mobile phone was released at the end of September 2020 and has been sold globally for more than a year. At the end of September last year, the Lithuanian National Cyber Security Center (NCSC) revealed that the software built into the European version of the mobile phone has a text censorship function. Therefore, it called on the whole people to abandon Chinese mobile phones, which also triggered the security departments of various countries to start investigations on Xiaomi mobile phones. .
In October last year, Taiwan’s NCC commissioned the Telecommunications Technology Center (TTC) to detect the same Xiaomi mobile phone sold in Taiwan and found that there were seven built-in applications, including personalized themes, music, software package installer, mobile phone manager, and garbage removal. , download management and Xiaomi Video, will download a "blacklist" comparison file from a specific server (globalapi.ad.xiaomi.com), and target "Free Tibet", "Taiwan Independence", "Hong Kong Independent Media", " More than 2,000 political, social, religious and other "sensitive words" recognized by Beijing, including "June 4 Incident" and "Tsai Ing-wen", were automatically censored.
Mobile phones of various brands usually provide the option of setting the function on or off when it involves the user's private information, but this Xiaomi mobile phone does not provide this function, which means that Xiaomi is allowed to decide the disposal of these private information. According to Article 14 of the National Intelligence Law of the People's Republic of China, Chinese people and enterprises have the obligation to support, assist and cooperate with national intelligence work. As a result, analysts say it is difficult for Xiaomi to avoid playing an assisting role in the Chinese government's digital surveillance.
Taiwan's NCC also believes that Xiaomi mobile phones have concerns about sending users' privacy back to China, which may infringe on the personal information or privacy of users in Taiwan.
CCP ’s “Expansive” Digital Surveillance
Zeng Yishuo, an assistant researcher at the Institute of Cyber Security and Decision-making at the National Defense Security Institute in Taipei, said that digital surveillance is used in the business world to collect business intelligence and analyze big data, but it is worth noting that Xiaomi has joined many political parties. The censorship and monitoring of sexually sensitive words, based on Xiaomi's users all over the world, may infringe on the information rights of overseas users, including Chinese in free areas.
Zeng Yishuo told VOA: "Chinese-style digital surveillance constitutes a very important part of digital authoritarianism. This surveillance is for any Internet access and should not appear in the content of the mobile phone used. These sensitive words it (the CCP) has identified. But The problem is that its (the CCP) digital authority and digital surveillance, viewed in this way, have become extended beyond the territory, because in terms of its digital sovereignty or network sovereignty, it is not the same as the EU's. Digital sovereignty is the exact opposite.”
The CCP launched a “National Anti-Fraud Center App” in March last year, which was suspected to be surveillance software. For this software, Xiaomi once refuted rumors on its official Weibo account that its mobile phone “does not have a built-in “National Monitoring Center App”. The majority of netizens made fun of this place without silver 300 taels, but equated the "anti-fraud center" with the CCP's surveillance. Some netizens also shared their experience, saying that after installing the app, they only need to browse overseas websites or install a VPN. Wall software, the police will soon come to the door.
Zeng Yishuo pointed out that in 2020, the “Citizen Lab” of the University of Toronto in Canada released a report revealing that WeChat, China’s largest communication software with 1.225 billion monthly active users, will use a “keyword list” to censor Chinese users and transmit sensitive data. Images related to the event are also blocked, which in turn blacklists users. Zeng Yishuo said that even if you don’t log in to WeChat, you will be monitored as long as you use a mobile phone of a Chinese brand. This is the CCP’s method of expanding surveillance.
Zeng Yishuo told VOA: "These overseas Chinese also want me (the CCP) to be able to monitor them, and they can be used as a cleanup at that time. I want to hold them accountable and even prosecute them with the law as evidence, so this is the (CCP) evidence. ) For digital surveillance, the further implementation of the Chinese version of the concept of cyber sovereignty. It (surveillance) is mainly defensive, it (the CCP) does not want these people to pass on anything it does not want to (see), but these defensive The practice is an expansive and permeable means.”
Xiaomi denies being an accomplice in CCP surveillance
According to a survey conducted by the Lithuanian National Cyber Security Center last year, Xiaomi phones will automatically download a "blacklist" comparison file. Among the 449 sensitive words that were censored, they included titles of political figures, names of people, names of religious or political groups, and social movements. name etc.
Taiwan's NCC recently detected Xiaomi mobile phones sold in Taiwan and confirmed that it also contains this automatic review mechanism.
However, in response to the NCC's allegations, Taiwan's Xiaomi Corporation solemnly denies, and reiterates that Xiaomi has never and will not restrict, return or block any personal behavior of mobile phone users. Xiaomi explained that the "blacklist" file mentioned in the NCC report is used to manage the paid advertising content pushed by advertisers in Xiaomi's own APP to protect users from pornography, violence, hate speech or highly likely to offend. Information about local users, which is a common practice on smartphones and social networking sites.
However, the mobile software development community (XDA Developers), which has 5 million users around the world, has also tested Xiaomi mobile phones. The community found that Xiaomi's "blacklist" comparison files appeared such as "Tibet", "Hong Kong", etc. Politically sensitive words, but also words that are not sensitive, such as "China", "Chinese Communist Party", and even "Xiaomi" and "Xiaomi mobile phone", etc. Therefore, the community believes that this "blacklist" comparison file is not Used to assist the CCP in blocking website content.
Cha Shichao, a professor at the Department of Information Management at the National Taiwan University of Science and Technology in Taipei, said that before 2019, Xiaomi mobile phones had little control over advertising content, and users criticized the proliferation of inappropriate advertisements containing pornographic or vulgar content. For archives, in addition to "blocking advertisements", it can also censor political vocabulary. Regardless of whether there is surveillance or not, it does not look good to Taiwanese.
Cha Shichao told VOA: "Originally, the mechanism design of its (Xiaomi mobile phone) was to update some of the latest advertisements or some blocked words in real time, so it used the server method to do it. The blocking function, at least in Lithuania and Taiwan's mobile phone, is not turned on. If it is to be turned on, it is actually going to push some updated data to the mobile phone through a method similar to mobile phone update, and then the mobile phone will go to the mobile phone. Enable filtering."
Cha Shichao said that there is currently no evidence that the CCP used this comparison file for censorship, but it does not mean that it cannot be used for censorship in the future. He said that certain phone makers could take advantage of an update to the phone's system at any time to "smuggle" the list in and monitor it without anyone noticing.
Cha Shichao told VOA: "Mobile phone manufacturers can do any update or install any program on your phone, not necessarily without your knowledge."
Regular detection to prevent information security vulnerabilities
In order to avoid potential damage to national security, Taiwan's Executive Yuan has reiterated on December 18, 2020 that the information communication equipment used by various government agencies, including official mobile phones, must not be Chinese brands, in order to avoid official and personal sensitive data. was improperly stolen. However, there are no restrictions on the use of smartphones by the general public.
Lin Yilong, chairman of the Taiwan Association for Digital Forensics Development (ACFD) in Taipei, said that modern people frequently use mobile phones to download, which is likely to cause information security loopholes.
Lin Yilong told VOA: "Generally speaking, in terms of mobile phone attacks, the first is that anyone likes to download apps casually. The more apps are downloaded, the more loopholes. The so-called Trojans include ransomware. Third, in addition to its own loopholes, the download process contains a so-called virus program startup code, which will download a certain one of its settings. Website viruses come in."
Lin Yilong said that a smartphone is equivalent to a mobile computer. As long as it is turned on, it means that the mobile phone can monitor the user's every move at any time. Under this premise, everyone should raise the awareness of personal data protection and privacy security, and use the mobile phone prudently. Internet functions, especially government officials, need to carry out information security protection from time to time to prevent the leakage of sensitive information.