China crisis is a TikToking time bomb
ByteDance with the devil if you dare
Opinion As country after country bans TikTok from official systems, it’s fair to ask what’s so dodgy about a social network filled with dance crazes, makeup advice and cats.
You can understand why selling the Middle Kingdom state-of-the-art EUV lithography gear might be a bad idea, but this? Is it the xenophobia China often blames for Western reticence? Plain old trade barriers? Cold war cultural imperialism? No, it really is a security matter, and one that’s far more serious than it looks.
State security and national intelligence can look like, and often is, a proxy for political machinations. This is not that. It’s not a matter of morality or the ethical superiority of democracy. The West can bug, spy, infiltrate and deceive with the best of them. The CIA secretly owned Crypto AG, a Swiss cryptography company, and most certainly snaffled a ton of data from unsuspecting organisations as a result.
There’s no equivalence here between the East and West, no two sides of the same coin. The difference is the extensive legal framework protecting Western citizens and companies from state security overreach. Imperfect and constantly stretched as it is, the law is on our side. The NSA or GCHQ cannot compel cooperation - they can ask, but even so within limits. Apple and Google can and do tell the FBI to get a warrant or go swivel. Xiaomi and Vivo don't have that option.
Chinese law, specifically Article 7 of the National Intelligence Law compels all citizens and organisations to act as covert arms of state security on demand, even if overseas. There is no saying no. There is no even admitting it’s happened. Chinese owned technology companies can deny this as much as they like, in fact they have to, but the law is clear. The TikTok CEO can offer all the safeguards, promises and firewalls he likes; he is required by law to secretly bypass all those on command.
This is before the obscure and impenetrable intermingling of state, military and private funding and governance for Chinese companies. The People’s Liberation Army is a major source of funding for enterprise: if you think private equity funding comes with strings in the West, wait until it comes with nuclear missiles and aircraft carriers. Then there’s the disconcerting disappearances of top executives who displease Beijing. All Chinese technology is under the direct control of Chinese state security, and all Chinese technology companies are kept in line by whatever means necessary.
TikTok isn’t anything special beyond being a lightning rod because it is so popular. By the inescapable logic of China’s own laws, no Chinese technology can be trusted not to spy on you. Be it smartphone, tablet, laptop, car, IOT or connected toy, you can’t use it if you don’t like it being a potential hotline back to the world’s most efficient and ruthless authoritarian state apparatus.
There are two possible exemptions. One is if you trust the Chinese state’s bona fides as a respecter of international law and the right of privacy. That is quite a leap of faith versus experience - just ask the Qantas airline pilots who find their communication, navigation and safety systems interfered with by Chinese warships. By all means pop over and ask all the questions you like about how things work in that department. Let us know how it goes.
- You can't spell 'electronics' without 'elect': The time for online democracy has come
- The Wristwatch of the Long Now: When your MTBF is two centuries
- TSMC and China: Mutually assured destruction now measured in nanometers, not megatons
- Any fool can write a language: It takes compilers to save the world
The other possible way to defang the dragon is to demand complete oversight of technology, effectively opening the systems up to Western inspection. The UK’s been trying that appraoch with Huawei through the Huawei Cyber Security Evaluation Centre (HCSEC). For the past ten years it's been trying to get the source code from Huawei so that it can build binary equivalent images for firmware in devices used in the UK's national comms infrastructure. The last annual report, published in 2021, admitted some challenges.
There’s been no sign of a report in 2022 but that may be because UK government ruled that all Huawei kit must be ripped from UK networks by 2027... the game is over. Huawei has always denied any links with the Chinese government.
If you want a taste of what they’re up against, if you own a Chinese-brand smartphone and you’re Linux-savvy, go and look at what’s in the firmware and process list. You will be entertained.
Until Chinese law is changed to respect basic principles of safeguarding rights of citizens, companies and international law, any connected device running Chinese software can be seen as an agent of the state. That state is betting the rest of the world is hungry enough for cheap tech to accept universal covert surveillance with no protection. It may even be right.
Choose how happy that makes you, but it’s just the way it is. ®