Secure line

India may hang up on Chinese telecom equipment and system providers

INDIA-CHINA-INTERNET-SECURITY-TIKTOK In the dock: TikTok, which India banned, has denied sharing information on Indian users with the Chinese government | AFP

Dezinformatsiya, which means disinformation in Russian, is a term widely used to describe an alleged covert online campaign to sway the results of the 2016 US Presidential elections. American cybersecurity experts have blamed Russian intelligence for spreading disinformation on social media to manipulate voters and turn the tide in favour of Donald Trump.

As India is trying to block Chinese manoeuvrers in the Galwan Valley and on the Line of Actual Control, intelligence agencies are worried about the People’s Liberation Army using the backdoor of popular Chinese applications to access critical information and manipulate the sentiments of Indian users. As a defensive step, India has blocked 59 Chinese applications, including popular ones like TikTok, Helo, WeChat, ShareIT, UC Browser and Club Factory. The decision came after intelligence agencies noticed that all these applications were capable of transferring data to servers outside India.

John Scott-Railton, senior researcher at The Citizen Lab, told THE WEEK that applications developed for the Chinese market had built-in censorship and, in some cases, surveillance tools.
The certification process for security clearance should be strong. Only then we will be able to avoid knee-jerk reactions- Pamela Kumar, director general of Telecommunications Standards Development Society

On May 7, The Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, came out with shocking disclosures on how non-China users of WeChat were subject to pervasive content surveillance. WeChat, a multipurpose app for messaging, social media and mobile payment, is the most popular social media platform in China and the third most popular in the world.

John Scott-Railton, senior researcher at The Citizen Lab, told THE WEEK that applications developed for the Chinese market had built-in censorship and, in some cases, surveillance tools. “This is just another example of that problem,” he said. “It is the scale of users that makes it so troubling.” He said there were serious national security concerns for other countries that use such products.

A report prepared by Indian security agencies has raised concerns over Chinese corporations having a Communist Party cell to monitor and ensure that the party line is maintained. It refers to the Cybersecurity Law of People’s Republic of China, which came into effect on June 1, 2017, and mandates all Chinese companies to cooperate with and collaborate in national intelligence work. “This means that China can weaponise their data for information warfare,” said a senior cyber security official.

For instance, TikTok, which is owned by the Chinese internet giant ByteDance, has around 119 million active users in India. If the Chinese government or the Communist Party has access to these accounts, they can read the popular sentiments in the country by analysing the data or spread disinformation to manipulate these sentiments.

TikTok strongly denied the allegations. Nikhil Gandhi, head of TikTok India, said the platform complied with all data privacy and security requirements under Indian law and had not shared any information of its users with any foreign government, including the Chinese. Meanwhile, the Chinese foreign ministry said New Delhi’s decision to ban Chinese apps was discriminatory and it ran against fair and transparent procedure requirements.

China’s giant telecommunication companies like Huawei and ZTE are also bound by the Chinese Cybersecurity Law, and India is not the only country worried about it. On June 30, the US Federal Communications Commission (FCC) designated Huawei, ZTE and their affiliates and subsidiaries as national security threats and blocked their deals of expanding internet access in rural America. “Both companies have close ties to the Chinese Communist Party and China’s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services,” said FCC chairman Ajit Pai.

Huawei and ZTE are among the world’s biggest suppliers of telecom gear and have a strong presence in 5G telecom technology.

While the ban on Chinese applications is the first step, the government may further tighten the noose around the Chinese telecom equipment and system providers. A report prepared by security agencies has noted that over the past decade, Huawei had teamed with members of various organs of the PLA on at least 10 research projects on subjects like artificial intelligence and radio communications. “They include a joint effort with the investigative branch of the Central Military Commission—the armed forces’ supreme body—to extract and classify emotions in online video comments,” said the report.

The report also pointed towards the initiatives taken by these companies in collaboration with the National University of Defence Technology in Changsha, Hunan, to explore the ways of collecting and analysing satellite images and geographical coordinates. “These projects are just a few of the publicly disclosed studies that shed light on how staff at China’s largest technology companies teamed with the PLA on research into an array of potential military and security applications,” said an official. “It would be naive on the part of anyone to consider that there would be no backdoor from a Huawei 5G core network to the PLA.”

Huawei and ZTE did not respond to the calls from this correspondent.

Cyber security officials say it is important for India to develop its own applications and have its own servers to prevent misuse of data. Moreover, dependency on imported 5G network equipment will put India at the risk of collateral damage if Chinese and western countries target each other’s equipment.

“We need to put in place a robust technological system for our security and safety,” said Pamela Kumar, director general of Telecommunications Standards Development Society. “A system for setting testing standards, policies, testing, certification and continuous surveillance, and for ensuring that application configurations, methods and processes are there to check if any leakage is happening. The security lacunae can be plugged by setting up exclusive labs to test and ratify equipment and technologies. The certification process for security clearance should be strong. Only then we will be able to take preemptive steps and avoid knee-jerk reactions.” She said India needed to build its own cyber security force. “Unless we prioritise and invest in that the visible and invisible threats will continue.”