Data is currency. Are they spying on you too?

Complex data bases are indispensable for conducting many processes. They are repositories of countless zeros and ones describing anything we allow them to register and also what we so far regarded as “private”. Capitalists relish trading terabytes of data. Governments as well, since the data allows them to read their citizens like an open book.

The People’s Republic of China uses the achievements of technology for spying on its citizens. The authorities execute control over the monitoring systems across the entire territory of the country. By using artificial intelligence and on the basis of collected data it is possible to create exact profiles of the inhabitants. Special algorithms assess people’s behavior and “sort” them into groups. This grading and the sum of points collected within the system of social trust determine for example whether a given person will get into college, be able to buy a train ticket or be granted a more favorable credit.

Surveillance behind the Great Wall

Surveillance of the Chinese people is based not only on the abovementioned system of social trust. The censure of Internet (The Great Firewall of China) and imposition of verified Chinese analogues of global application programs play an important role.

The substitute of  Google in China is the Baidu search engine. Instead of Amazon the Chinese use the offer of the Alibaba holding (the owner of i.a. AliExpress). Tencent Corporation offers a multifunctional application program WeChat. It not only performs the function of a communicator (like Messenger or WhatsApp) and social media (like e.g. Facebook), but is also a mobile payment and networking tool and has other functions. So it collects varied information on consumers.

One should remember that the Communist Party of China claims access rights to sensitive data acquired by any business functioning within land borders. This applies also for communication companies, mobile device producers or the abovementioned corporations. Thus the “western” fear of  TikTok expansion and concerns regarding privacy protection of the users of Chinese articles of technology industry. It is interesting that insofar the giants of technology named often by the acronym BATX (Baidu, Alibaba, Tencent and Xiaomi) willingly export their goods to the foreign markets, the access to the GAFAM products — Google (today also: Alphabet), Amazon, Facebook (also: Meta), Apple and  Microsoft — is consequently restricted in China.

Dangerous “made in China”?

At the beginning of 2023 scientists from the universities of Edinburgh and Dublin have published the results of a very perceptive analysis of data transfer by smartphones from three Chinese brands: OnePlus, Xiaomi and Realme. The devices were bought from Chinese distribution sources, they were equipped with local SIM cards and their localization was simulated as China. All these measures were to recreate the conditions under which a citizen of the Middle Kingdom uses his phone.

Information on installed apps and the history of their use, data on geolocation, sent data and connections made and even audio and notebook recordings — all this information, without the permission of the user, was passed by the devices to several servers in China. What is most disconcerting is that there is no possibility of withdrawing the permissions assigned by default. The control sample of models intended for the global market has not shown such extensive data acquisition, but the devices still send some amount of it to the external company servers.

The potential threat coming from products that spy for China  is not limited to smartphones alone. In 2022, Great Britain, United States and Australia withdrew from Chinese monitoring systems in government buildings and other vulnerable places. It wasn’t easy, since the British police, for example, used till that time (in the majority of cases) the equipment produced, at least partially, in China.

In the USA the government has banned completely the sale of products made by companies such as Huawei, ZTE, Hikvision, Dahua and Hytera, considering Chinese devices to be a threat to national security. But in many European countries CCTV cameras of Chinese brands such as Dahua or Hikvision are still being used. They are monitoring the public space (e.g. airports and city streets, public transport vehicles), government institutions and private buildings. In Poland such cameras  “guard” also the Cracow villa of president Duda. Attention is drawn to the possibility of the existence of the so called “backdoors” in Chinese devices, which make unauthorized capturing of collected data possible. Besides, according to Chinese law, the authorities may demand access to information on users, also the foreign ones, collected by local companies. It also poses an ethical problem when we know that in China the Hikvision devices are used for controlling (and repressing) the ethnic minorities, e.g. the Uighurs.

It borders on miraculous that, despite the growing number of reservations regarding the Chinese equipment, its popularity on the western market does not decrease. The key word in this case seems to be the price. The Hikvision devices may cost even ten times less than the competitor’s products. This lure works on crowds of consumers  — governments as well as individual customers — just perfectly. Possibly it is the close ties to the Chinese authorities that allow enterprises to offer so significantly reduced prices. For us this should rather be another reason for concern.

The mirror in which America is reflected or the American dream come true turning into a nightmare?

Many people still regard China an exotic curiosity and an example of how an authoritarian government takes actions. At the same time the possibility of any serious surveillance existing in democratic countries is being counted among Hollywood fairytales. Looking with a critical eye upon the actions of the US secret intelligence we can still see a problem  of much similar nature, particularly in the light of the NSA and CIA actions uncloaked in 2013. Edward Snowden, who at that time was working at the National Security Agency, has shown to the press proof of wide-scale surveillance practices by the US authorities and became perhaps one of the best recognizable whistle-blowers of our times. The existence of  PRISM and XKeyscore spyware has been revealed.

Enterprises such as Facebook, Microsoft, Google, Skype or Apple have joined the American government system PRISM. This way, NSA could ask for access to a range of information from the internet service providers: data from the electronic post and chats, photos made accessible by the users, videos (including call records) and data collected on social networks. Furthermore XKeyscore allows the intelligence services to omit  the VPN security net and detect the IP addresses of users who visit a given site. A NSA analyst may also monitor the search history. The program allows surveillance in real time, keeping abreast of the internet activity of the target.

Such activities are excused as concern for the safety of the US citizens. The Patriot Act, passed in a hurry after the tragic events of September 11th, 2001, was supposedly aiming at the assassins. The presentation describing the functioning of  XKeyscore, purloined by Snowden, informs that on the basis of data obtained due to spyware tracked and caught were 300 terrorists. This number still seems to be disproportionately small as compared to the efforts and scale of the operation.

In reality the act allows the investigative services access to very sensitive and detailed data of  “ordinary” citizens — without a court order. Perhaps then the attitude towards privacy and security on the opposite sides of the global political scale is not that much different and the American surveillance philosophy shows no substantial deviation from the Chinese one. Snowden’s words in this respect are worth quoting: if something can be done, it probably will be done, and possibly already has been. There simply was no way that America  – having so much information on the activities of the Chinese – would not resort to the same methods. Governments and corporations on both sides of the political barricade are leading a fight for our data. Considering the scale of surveillance in China and its influence on the lives of its inhabitants we cannot allow that our everyday life takes the same shape.

Global market of malpractices

It would be naive to believe that the mentioned cases were incidental. Spyware basing on various technologies functions in every region of the world. Beginning with military satellite solutions, through  electronic intelligence systems such as Echelon, ending with infecting mobile phones with spyware of Pegasus type.

In 2018 the laboratory Citizen Lab operating at the University of Toronto has published a research report on the use of Pegasus all over the world. Operations with this program were detected in as many as 45 countries, including Poland. Devices with Android or iOS may be infected by sending a telephone connection signal or a link which displaying or clicking into results in connecting the device with the operator’s server. This way Pegasus gets access to all telephone functions and also to the settings. It collects information on the localization, connections made and sent messages. Possible is also insight into photos and search history as well as control over the option to register the sound. Without any knowledge of the user his smartphone becomes a bugging device.

Often the use of this Israeli NSO Group Company product (meaning Pegasus) is aimed to hit the activists, social workers, journalists or lawyers. The President of the European Commission, Ursula von der Leyen, clearly pointed out that the surveillance practices contradict the values represented by the European Union. In March 2022, a special committee of inquiry was set up within the European Parliament (PEGA). Its work should show whether in particular cases the use of surveillance programs infringes EU law.

Strong resistance raises against the surveillance programs used in politics. Journalist investigations  in Poland allowed to determine that the Central Anticorruption Bureau (Centralne Biuro Antykorupcyjne; CBA) has most probably bought Pegasus in 2017. The transaction was supposed to concern the means of special technology used for detection and prevention of crime. However, it has been shown that with the help of this program land authorities were invigilating opposition activists and lawyers.

On-demand tracking?

Yet, for example representatives of the Hungarian authorities see nothing wrong in the surveillance of citizens. Lajos Kosa, one of the Parliament members, was to say that the giants of technology execute a much broader surveillance over their users than the Hungarian government. What is worse, it is possible that he was right. The mosaic of capitalistic dependencies which define the present reality and the progressing digitization of almost every life domain do not allow us to forget that the new currency of control is information. It is traded by all players that count.

Berenika Serwatka

Translated from Polish by Beata Kita, August 2023