Chinese camera apps could open user data to Beijing government demands



Tourists take selfies on June 7, 2019.

Carl de Souza | AFP | Getty Images

Chinese companies are behind some of the world’s most popular photo and video apps. This may mean that vast treasures of user data are at risk of falling into Beijing’s hands, cybersecurity experts say.

Concerns are growing around the world about internet privacy security and data protection, and attention has recently been focused on photo apps. Chinese mobile programs have hundreds of millions of active users, but their ability to ensure privacy remains a matter of debate, especially with less emphasis on this factor at home.

In fact, Robin Li, the billionaire CEO of tech giant Baidu, set off an uproar last year, when he said that the Chinese “are not that sensitive to privacy issues and are often willing to trade privacy for efficiency,” according to CNBC’s translation.

If the companies do not comply with the government’s demands, they will be in trouble with the Communist Party.

Leland miller

CEO of China Beige Book

The recent overnight popularity of Russian FaceApp’s aging feature has raised concerns about the potential collaboration of tech companies with governments. App CEO Yaroslav Goncharov reportedly said The Washington Post that Moscow does not have access to photos and the company does not share user data with third parties.

But unlike FaceApp, some of China’s biggest camera apps explicitly state in their privacy agreements that they provide data to third parties. However, it remains unclear whether the so-called third parties include government agencies.

“Structural problem” in privacy law

China is not lawless when it comes to cybersecurity. In fact, the country has several sets of guidelines, according to Samm Sacks, cybersecurity policy specialist and Chinese digital economy member of think tank New America.

In May of this year, Beijing new regulatory policies proposed to punish companies that violate confidentiality agreements.

Yet China uses “vague” language, Sacks said, and these laws are “selectively applied as a tool according to the needs of the government.”

Government scrutiny is the highlight of China’s approach to regulating digital businesses, experts told CNBC. In fact, it’s part of what is driving Washington’s warnings about telecom giant Huawei.

“If companies don’t comply with the government’s demands, they will be in trouble with the Communist Party,” Leland Miller, CEO of independent data-tracking company China Beige Book, told CNBC in a telephone interview.

“This does not mean that government requests always happen,” he said, adding that “there is not sufficient law to protect user data if the government chooses to request this information.” .

In other words, the data privacy situation in China is not a “legal problem”, but rather a “structural problem”, according to Miller. He said anyone using a Chinese app is realistically “vulnerable” within Beijing’s grasp.

Even one of China’s best-known tech companies, Tencent, was ambiguous on the matter. It wrote in its general privacy policy web page that it “may disclose your personal information … to comply with applicable laws and regulations.” Tencent is the parent company of WeChat, the most widely used social media app in China, and various other internet services, including the Tiantian P-Tu photo editing app.

When asked by CNBC if the wording in its privacy policy meant that applications developed by Tencent provided user data to authorities, a spokesperson for the company simply replied “no comment.”

Miller said that language like Tencent’s policy “is generally added to indicate that the company reserves the right to respond as it sees fit to any law or judgment that occurs in the future, which (of course) ) opens a huge door for Beijing to use if he wishes. “

As long as an app is developed by a Chinese company – even if the user lives overseas or the company is registered overseas – it will fall under the country’s cybersecurity laws and therefore be subject to requests from Beijing, according to a blog post by Sara Xia, lawyer at Harris Bricken.

Sharing user data

Chinese photo editing app Meitu, which means “to beautify images” in Chinese, offers features that can remove wrinkles, smooth pores and lengthen legs. The mobile app had 332 million monthly active users in December of last year, of which nearly 68% were Chinese users and 32% were from the rest of the world according to its annual report 2018.

According to Meitu privacy policies, it collects personal information such as names, genders, locations, types of devices and even network operators used.

The company wrote to CNBC that it only uploads user information to the cloud with “express consent.” Most of the content is processed on users’ devices, according to Meitu.

When asked how long the company retains user information, Meitu responded by saying that its “retention period strictly complies with the local laws and regulations applicable to where our users are based.”

After repeated requests from CNBC, Meitu declined to deny that he would share data with the Chinese government, saying instead that, as of now, he had not. “Meitu strictly adheres to applicable local laws and regulations,” a spokesperson told CNBC.

MEITU Mobile CEO presents the feature of the new MEITU M4 phone with his own photos in Beijing, China.

South China Morning Post | Getty Images

Meanwhile, the world’s most downloaded non-game app, TikTok also has ties to China.

The app was originally developed by Beijing-based Bytedance under the name Douyin. The international version (which does not serve China) was relaunched in 2017 as TikTok.

A company spokesperson said the app “does not share information with the Chinese government and does not operate in the country.”

“We work with leading third-party data partners and store all user data outside of China,” the representative said. “We are working with an independent US-based internet privacy company to audit our practices and confirm that we use leading standards for storing and protecting TikTok user data.”

Still, TikTok’s 2018 privacy policy says the company may transfer international users’ data to China, according to archived versions of this web page. The company, however, appears to have removed this clause in its update. 2019 privacy policy page.

It now says, “We may share your information with a parent company, subsidiary, or other affiliate of our group of companies. This means it would include Bytedance, based in China.

Sacks said Bytedance goes to great lengths to separate TikTok as an international operation. But content created outside of China could be a “major threat to the (Chinese Communist Party) and national stability. So they have a lot of incentives to keep international content and data fairly isolated,” he said. she adds.

“There has been no public evidence contradicting TikTok’s statement… we have no way of really knowing beyond speculation,” Sacks pointed out.

But Miller maintains his skepticism. In fact, if the China-based parent company is invited to share information by Beijing, it will “adhere to any Party request.”

TikTok has been installed by more than 1.1 billion users worldwide (excluding China) and grossed $ 80 million in in-app purchases, according to April figures from app data tracking company Sensor. Tower.

– CNBC’s Wendy Ye contributed to this report.

Source link


Leave A Reply