Behind the spectacle of Beijing 2022, visitors’ digital freedoms may be left out in the cold

Human rights and media orgs offer OPSEC warning to Winter Olympics attendees

ANALYSIS Next week, the world’s top sporting athletes and media from around the globe will descend on the Chinese capital of Beijing for the 2022 Winter Olympics.

Experts, however, have warned that behind the fanfare and spectacle of the four-yearly event, which starts on February 4, the Chinese government could impose measures that would limit the digital freedoms of visitors.

Read more of the latest cybersecurity news from Asia

In an open letter posted on its website, human rights organization Amnesty International has urged the International Olympic Committee (IOC) to ensure that media reporting on the games are not subverted.

The statement called on the IOC to “insist that the Chinese government keeps its promise to guarantee media freedom, including unrestricted internet access for Chinese and international journalists”.

Amnesty International’s China Campaigner Gwen Lee told The Daily Swig: “At this Olympics, Amnesty is calling on the Chinese authorities, in line with their Olympic promises, to ensure media freedom, including unrestricted internet access, for both Chinese and international journalists in all parts of China before and during the Olympics.

“They should also ensure that there are genuine opportunities for peaceful demonstration during the Olympics and that there is no punishment for doing so.”

Surveillance state

China is no stranger to mass surveillance. The country is known to monitor citizens through their internet usage, CCTV, and other covert means.

The so-called ‘Great Firewall’ limits access to the internet for its residents, which makes it easier to ensure they only consume content that’s deemed ‘safe’ and in-line with the Chinese Communist Party’s political agenda.

Reporters Without Borders, an international non-profit, has urged journalists to take steps to protect themselves from surveillance during the event.

READ MORE Behind the Great Firewall: Chinese cyber-spies adapt to post-Covid world with stealthier attacks

The organization warns against the use of Chinese-owned communication apps such as WeChat, Baidu, or TikTok, which are rumored to grant the government exceptional access to user data.

It also warned not to trust claims by ISPs and telcos that data passing through their servers in China is encrypted or immediately deleted, recommending the use of end-to-end encrypted chat services such as Signal or Threema.

Amnesty International has echoed this stance, telling The Daily Swig: “Our advice for people who are going to China is to ensure that they have their digital security enhanced and generally assume that the authorities are monitoring internet usage.”

The 2022 Winter Olympics opening ceremony takes place on February 4The 2022 Winter Olympics opening ceremony takes place on February 4

Skating on thin ice

In a report released this week, cybersecurity threat intelligence firm Recorded Future warned that individuals or affiliates of governments or other organizations that have publicly criticized the Chinese government on “politically sensitive issues” are at enhanced risk of both digital and physical surveillance and monitoring while in the country, including in both public and private spaces, such as hotel rooms and while using public WiFi networks.

“Given the seriousness with which the Chinese government approaches these issues, it is almost certain that such organizations or individuals are being monitored in the run-up to the event and will continue to be so throughout and even after the conclusion of the Olympic Games,” the paper (PDF) warned.

It continued: “This surveillance is very likely to extend to personal mobile devices equipped with special SIM cards offered to foreign athletes that allow circumvention of the Great Firewall while on Chinese telecommunications networks, and the MY2022 Olympic Games app that is required to be installed by all attendees, including members of the press and competing athletes.”

MY2022 app – mandatory for athletes

The MY2022 app is mandatory for all athletes and media to download, but Recorded Future warned that it “collects a range of personally identifiable information, including users’ demographic, passport, and Covid-19 health information.”

The report continues: “Citizen Lab identified that the app has two security vulnerabilities related to the transmission of user data that have not been fixed at the time of this writing and could be exploited by threat actors to steal the aforementioned sensitive information.

“The Chinese government will almost certainly be able to access data held on the app without needing to exploit these vulnerabilities, given that the app is used by foreign visitors to submit required information to the government and is owned by the state-owned company Beijing Financial Holdings Group.”

Athletes have been advised to leave their personal devices as home and instead carry ‘burner phones’, wiping them of all data and using a VPN at all times.

“However, we believe it is unlikely that all athletes advised to leave their personal devices at home will do so and that a risk to their data will remain, given that burner phones with good cameras and other features are expensive,” Recorded Future said.

“Athletes will undoubtedly want to post on social media throughout the games to advertise and attract sponsorship and boost their social media following.”

YOU MIGHT ALSO LIKE EU criticized for ‘fragmented and slow’ approach to cyber-attack attribution