Spying fears prompt warnings to Olympic athletes over phones

Beyond Omicron and gold medal tallies, athletes arriving in China’s capital for the Winter Games next month may have one more thing to worry about: is it safe to access the internet?

Beijing has promised the world’s top athletes access to a partially unfettered internet during the Olympics starting on February 4, dropping the Great Firewall that blocks services such as Facebook and YouTube at official venues and hotels. But security experts say there are reasons to exercise caution.

Chinese companies that specialise in data collection, surveillance and artificial intelligence are among the official sponsors and suppliers for the Winter Olympics.

Washington and its allies have accused some of the corporations providing networking and data management, including Huawei and Iflytek, of potentially being used for espionage or surveillance of minorities in Xinjiang. Huawei and its peers deny those allegations, but cybersecurity consultants warn that those systems will subject athletes to the same kind of surveillance, movement tracking and monitoring that most Chinese citizens deal with.

Among the concerns is the risk that state actors or criminals could use the designated Wi-Fi bubbles to snoop on private communications or even install malware and other vulnerabilities onto personal devices. That could in turn open up contacts — both sporting and political — to subsequent attack. 

A growing number of delegations are taking that potential threat seriously. Australia, Belgium, the Netherlands and Canada are among the delegations that are advising athletes to keep their devices off Wi-Fi networks and use burner phones if possible. The US has issued a warning to American athletes that their devices may also be compromised with malicious software, with unknown consequences for future use. 

“My advice to athletes would be to go buy a cheap second phone and don’t use your principal iPhone or Android system,” said Larry Diamond, senior fellow at the Hoover Institution at Stanford University. “We don’t know where this is headed. The only thing we know is that China is constructing the most sophisticated authoritarian digital surveillance state, and I don’t think people should be blasé in taking their equipment to interact with that.”

The Beijing committee has rejected the reported advice given to athletes, saying: “This is completely groundless and these concerns are wholly unnecessary.”

The committee said China had passed several cybersecurity laws that provided protections for privacy and data security for its citizens and foreign visitors.

China’s government blocks swathes of the internet to maintain control over public discourse at home. It is dropping that blockade as part of a pledge to put on a “simple, safe and splendid” Games — an opportunity for the country to showcase its rising economic and political prowess. 

But its alleged track record of drafting companies in widespread surveillance, such as by keeping tabs on minorities in Xinjiang, has raised alarm bells. Athletes with global profiles represent high-value targets for cyberspies and bad actors and may be opening their devices up to long-term tracking, Diamond said.

It’s a risk because of “the broad data collection culture associated with surveillance in China”, said David Robinson, co-founder of cybersecurity company Internet 2.0. “If athletes do not want the Chinese government to be able to identify their normal phone, then using a new phone will shield the collection of sensitive data.”

One of the 5G technology suppliers is Huawei, the company blacklisted by the US and others that lies at the heart of growing Washington-Beijing tensions. That is in co-operation with official telecommunication provider China Unicom Beijing, whose parent is on the treasury department’s list of sanctioned Chinese military-industrial complex companies.

Another is Iflytek, the exclusive supplier of automatic speech transcription, which was added to a US blacklist in 2019 — prohibiting the sale of American technology without approval — for involvement in human rights abuses in Xinjiang. It will use artificial intelligence and big data “to provide real-time analysis and resource allocation” for Olympics-related facilities and events, Iflytek said on its website.

The Games’ official antivirus software provider, Qi An Xin, will run a central hub offering “full coverage and high-quality network security”, the company said in a statement.

Its majority shareholder, Qi Xiangdong, is a co-founder of Qihoo 360, sanctioned in 2020. Qi An Xin will have visibility over data that crosses the network — including overseas traffic, said Robinson. In an analysis of Qi An Xin’s mobile protection software, internet 2.0 reported that “a significant amount of user data is being collected by the software”. Qi Xiangdong parted ways with Qihoo 360 in 2019. 

Some countries have already taken precautions. Australia will provide its own Wi-Fi “in areas allocated to us which is being provided by our IT branch”, an Australian Olympic Committee spokesperson said. Belgium has recommended that their athletes not bring personal electronic devices to China. 

Dutch athletes have received similar warnings. And Team Canada members have been reminded that the Games “present a unique opportunity for cybercrime”, the Canadian Olympic Committee said. It too is recommending its athletes leave personal devices at home and to limit the personal information stored on devices they bring to China.  

“In regards to the so-called national security questions regarding Huawei, Iflytek and other tech companies, China’s relevant departments have already repeatedly refuted this issue, but the US has continued to use this as a pretence to suppress Chinese hi-tech companies,” the Beijing committee said. “This kind of bullying is bound to be increasingly resisted and opposed by the international community.”

The Beijing committee said My2022 had “passed the examination of overseas mobile application markets such as Google, Apple and Samsung” to feature in their stores, and users had the ability to turn off permissions for the app to access other features on their devices.

Bloomberg News. More stories like this are available on bloomberg.com.