In a previous article, I looked at the security issues with the MY2022 app, the official app for the 2022 Beijing Olympic Games, and the app that everyone who attends must download. The app has two key vulnerabilities that leave user data exposed when sending information over WiFi.*
Aside from these vulnerabilities, the University of Toronto-based Citizen Lab found a list of censored keywords in the app’s code, as well as the capability to report someone who has sent politically contentious content over the messaging service. The keyword feature does not seem to be active, but as Jeffrey Knockel, author of the Citizen Lab report, told the New York Times, they could censor content with “the flip of a switch.”
This is one of the reasons why several countries have instructed their athletes and other persons traveling to China for the Olympics to download the app on burner phones.
There is concern that these surveillance measures will be used to punish athletes or journalists for saying politically taboo topics, such as the human rights abuses in the Xinjiang Uyghur Autonomous Region. Out of concern for their safety, athletes have been instructed to keep silent about human rights issues while in China and to wait until they return home before speaking out.
2,442 Words You Can’t Say in China
The MY2022 app includes a text file with a list of 2,442 keywords, named “illegalwords.txt.” The Citizen Lab report indicates that most of the keywords are in simplified Chinese, although there are some in Tibetan, Uyghur, traditional Chinese, and English. The list has content that references pornography, swear words, and derogatory phrases, but a sizable portion of the list is of politically sensitive references or topics. The Citizen Lab report says,
The politically motivated keywords include negative references to the Chinese political system and intra-party power struggles (e.g., “胡江内斗”, “Hu (Jintao) Jiang (Zemin) infighting”), Falun Gong (e.g., “法轮大法好”, “Falun Dafa good”), and the Tiananmen Movement (e.g., “Tiananmen暴乱”, “Tiananmen riot”). Notably, the list also includes neutral references to the names of Chinese leaders as well as government agencies (e.g., “国家知识产权局”, The China National Intellectual Property Administration).Jeffrey Knockel, “Cross-Country Exposure: Analysis of the MY2022 Olympics App” at Citizen Lab
While keyword lists are commonly found in Chinese apps, this app included words written in Uyghur and Tibetan script, which is unusual. The words tended to be religious in nature, such as references to torn-down mosques, Islam, Tibetan Buddhism, or the Dali Lama. (Note: The report references the full list, which I will not link here since it has derogatory and vulgar content.)
Chinese language words included political terms such as “CCP evil,” “viiv [June 4] band” “Xi Jinping” and “National Assembly of the PRC.”
Of the English-language text, many of the numerals were variations of 6, 4, and 89, referring to June 4, 1989. Some of the English words were “Tiananmen” and “bloodisonthesquare” as well as a reference to the Falun Gong. Other prohibited references in English were “TNT” and “C4.”
The illegal words list did not appear to be associated with any active function in the app, but the app does have a feature that allows someone to report direct messages containing violent, vulgar, or deceptive content. The reporting feature also has an option for reporting “politically sensitive content.”
According to the Citizen Lab report, it is unclear whether the keyword list was included for any reason other than that Chinese apps often include a censorship list:
On one hand, the inactiveness of the blocklist may be resulting from the same kind of accident that may have produced the app’s failure to validate SSL certificates. On the other hand, the censorship may have been intentionally disabled, in a bid to hide the extent of China’s censorship regime from outsiders or out of pressure from the IOC, who has previously attempted negotiations with the Chinese government over what content it can and cannot censor at the games.Jeffrey Knockel, “Cross-Country Exposure: Analysis of the MY2022 Olympics App” at Citizen Lab
Notably, companies are required to include a mechanism to censor sensitive content, but the Cyberspace Administration of China does not publish an official list of censored words. So, it is up to the company to figure out what to censor and hope that it will not be punished for allowing questionable content through.
Since everyone who attends the Beijing Olympics must download the MY2022 app, the U.S., Canada, the U.K., Australia, and the Netherlands have instructed their athletes to use burner phones. The Dutch Olympic Committee is going as far as to distribute phones to their athletes and then destroy them when the athletes return. The Committee to Protect Journalists has suggested journalists covering the Olympics use burner laptops or Chrome books for cybersecurity reasons, along with other suggested precautions, such as creating a new work email specifically for the trip, assuming their hotel room is under surveillance, and wiping all devices upon return.
One concern was that the athletes, journalists, and other personnel attending the Olympics would be required to download and use China’s digital yuan to make any purchases, but the Beijing Committee has assured visitors that they will not be required to download or use the digital yuan.
The U.S. Olympic & Paralympic Committee said in a bulletin in December that athletes should assume every device, communication, transaction, and online activity may be monitored. According to The Wall Street Journal, the bulletin also said, “Your device(s) may also be compromised with malicious software, which could negatively impact future use.” (See also: “The Beijing 2022 Olympic and Paralympic Winter Games: Issues for Congress”.)
The IOC, China, and Genocide
In December, the U.S. House of Representatives unanimously voted on a bill (H. Res. 837) recognizing that “the International Olympic Committee failed to adhere to its own human rights commitments.”
There has been controversy over China hosting the Olympic Games because of concerns over human rights abuses like the Chinese government’s complicity in genocide against Turkish minorities living predominantly in the Xinjiang Uyghur Autonomous Region in northwest China. The IOC has been criticized for its silence on the matter and was criticized recently for not demanding more proof that tennis doubles champion and former Olympic athlete Peng Shuai was safe.
The Wall Street Journal reports that athletes are dreading going to the Beijing Olympics. They have been coached to not say anything that might cause their visas to be revoked or lead to punishment from the Chinese government.
Mr. Hoffman, now a board member of athlete-advocacy group Global Athlete, said he advises Olympians in Beijing to stay silent and give priority to personal safety. Political statements can wait, he said. “I would be planning to speak out on every platform when I get back,” he said.Rachel Bachman and Stu Woo, “Spying. Human Rights. Covid-19. Beijing Olympic Athletes Face the Most Complex Games Ever” at Wall Street Journal
While political protests might not receive swift punishments during the Olympics, Sarah Cook of The Diplomat writes that there will be many opportunities for reprimands after the Winter Games have concluded. The lighter punishments might come in the form of journalists having their visa credentials revoked or athletes being barred from playing non-Olympic sporting events in China.
However, human rights organizations are concerned that athletes may face harsher punishments. The Beijing Organizing Committee said in a press conference that “Any behavior or speech that is against the Olympic spirit, especially against the Chinese laws and regulations, are also subject to certain punishment.” When asked what the maximum punishment might be for an athlete who breaks these rules, the spokesperson for the Beijing Organizing Committee declined to answer.
In a report on key issues for the U.S. Congress regarding the Beijing Olympics is what actions should the U.S. take if the Chinese government decides to use its own domestic laws to “punish” any member of Team USA who speaks out on a sensitive issue. (See page 38 of “The Beijing 2022 Olympic and Paralympic Games: Issues for Congress.”)
However, as China Digital Times points out, “It is the Chinese citizens, of course, rather than visiting athletes, who are most at risk for censorship and surveillance.” Ahead of the Olympics, authorities have arrested several Chinese activists and suspended multiple Weibo accounts. As we saw with the centennial anniversary of the founding of the Communist Party of China, authorities typically become less tolerant of dissent and more stringent on censorship.
If China’s goal for the 2022 Winter Olympics is to showcase its authoritarian system of government, it is certainly going to do accomplish that.
* See the official “Playbook” for Olympic athletes traveling to Beijing
In case you missed it:
2022 Winter Olympics: Security Vulnerabilities in the MY2022 App. All Olympics attendees are required to download the MY2022 app to track their health and other personal data, despite security concerns. According to a cybersecurity group, MY2022 has devastating security flaws that violate China’s own laws as well as Google and Apple privacy requirements. (Heather Zeiger)