Recently, the media reported that in mid-September the Australian cyber security company Internet 2.0 had uncovered that a Chinese company named Zhenhua Data had leaked data of 2.4 million people. This included people from America, the UK, Spain and other countries, including 480 persons from Latvia – politicians, military officials, entrepreneurs, employees and public officials, as well as a number of lesser known persons.
The leaked data also contained photographs of the people, and the data had been acquired from different sources over varying periods of time, prompting the questions – was the data gathered manually and was this an attempt of profiling the particular persons? Internet 2.0 believes that the actual number of people whose information had been gathered could be larger because only 10% of the acquired data could be restored.1
I should note that it’s nothing new to hear that China is gathering data on foreign citizens using various companies, even private ones. In 2019, a Chinese telecommunications company was accused of gathering different data in the Czech Republic, including the number of children a person has, hobbies and financial situation.2
What concerns the scope of China’s plans, we cannot ignore the conclusions drawn by the Lithuanian Ministry of Defense’s (MoD) National Cybersecurity Center that the Chinese-produced surveillance cameras Hikvision and Dahua – that are widely used in Lithuanian public institutions – have security vulnerabilities that make it easy for outsiders to access and use them.3
The Latvian State Security Service was already aware of the security risks of these cameras and expressed that it does not recommend using technology produced by companies with a questionable reputation in the EU and NATO.4 Cert.lv explained that the Hikvision and Dahua cameras are popular across the globe, including in Latvia, because of their technical possibilities and price, but adding that the more complicated a technology is, the larger the possibility of vulnerabilities and faults.
As I already said, Latvia is no exception. Upon reviewing publicly available information, I found that these cameras are used by the Office of the Prosecutor General, Riga Stradins University and the municipalities of Daugavpils and Valmiera. I was also surprised to find out that in 2019 the Latvian National Armed Forces held a negotiated procedure “Modernization of the video surveillance and security system” (ID No. AM NBS NP 2019/030; CPV code: 50343000-1, 50343000-8), and the documents indicate that they are using products from both of the aforementioned companies.5
Reality is that tenders require that products or services be acquired at the lowest possible price, and this is no problem for Chinese companies because often their goal isn’t to make money but to serve the Chinese government and cooperate with security services.
China’s aggressive attempts to sell their produce to as many countries as possible are evidenced by China’s announcement that it will only invest in countries with a safe environment, adding that a safe environment can only be provided by their products.6 China employs this approach against countries that are already desperate or somehow lost the connection between their wishes and possibilities.
That is why I found it interesting that Russia and China intend to strengthen cooperation in the sphere of information security. Both countries are already technologically strong each in their own right and both have a specific approach to human rights, including data protection. Moreover, both countries share eagerness to acquire as much information as possible on their own and foreign citizens. We will not go into the topic of stealing other states’ secrets. If both countries establish some sort of a joint system, it means that the more clever and impudent one will have access to the information acquired by the other.
Russia most likely still believes that when cooperating with China it is the more cunning one, while the Chinese – being raised to be very polite – allow Russia to believe whatever it wants while they slowly advance towards their goal.
What do we make of all this? I would say five conclusions can be drawn:
First, China has shown numerous times that it wants to control every aspect of its citizens’ lives;
Second, we know that China has attempted to acquire information on foreign nationals many times;
Third, China’s focus on IT has allowed it to establish several platforms it can use to acquire information from all over the globe without anyone knowing.
Fourth, China’s policies are expanding its possibilities to acquire information. And in a way this also concerns Russia – in the past, the Soviet Union acted arrogantly when it provided military assistance to the “underdeveloped” China. Now, China has slowly but steadily surpassed Russia in the armaments industry. Even now, we can see that Russia still sees itself as the number one player, while China politely allows Russia to think so.
Fifth, the low production costs and the range of products has allowed China to dominate the globe. This means that we shouldn’t ask the question whether China acquires data from the technologies we use in our everyday lives, we should ask – how much data is it gathering? There is no doubt that China will not hesitate to use the information it has gathered on specific persons to further its goals. The public must understand one basic truth – if you’re using a Chinese-produced device that connects to the internet, you can be almost certain that the information you send via this device will be known to the sender, the receiver and a Chinese man.