5/5 (2)

JingWang Weishi: it’s the latest addition to things that residents of Xinjiang are required to have by law. No, it’s not an ID card and no, it’s not health insurance either. It’s a piece of government made spyware.

The use of spyware and hacking tools by governments is nothing new. There have been numerous scandals in countries with repressive regimes, such as the United Arab Emirates^[1] and Syria^[2]. However, also countries with democratically elected governments, such as Germany^[3] and The Netherlands^[4], have turned out to be using all sorts of hacking tools to get data on individuals. In 2015 it even turned out that the British intelligence agency GCHQ spied on Amnesty International^[5], for reasons still unknown.

Although the use of spyware and hacking tools by governments is nothing new, JingWang Weishi  (which translates to web cleansing or clean internet) takes surveillance to Orwellian heights. Previously, governments used to at least try to cover that they monitored citizens. With JingWang Weishi this is no longer the case. People of the Uighur ethnic minority in Xinjiang, China, a region which has seen tensions recently, are forced to download the JingWang Weishi app to their smartphones. The app sends information about the phone and its user (IMEI, MAC Address, phone number, etc.) to an outside server. It also scans the phone for media files and compares these with a list of files that are deemed to be dangerous. To top it off, all this information is sent in plaintext via HTTP, which makes it very easy to intercept^[6].

Although there are many things that are wrong with these practices, the most frightening thing in my opinion is that people are openly told to download the app to let it monitor their behaviour, as if this is a normal thing. Combine this with an app that promotes citizens to inform the government about individuals that might endanger the “social security and stability”^[7] and it all starts to look very dystopian.

 

How do you feel about developments like these? Do you (expect to) see similar things happening in other countries?

Sources:

[1] https://www.nytimes.com/2018/08/31/world/middleeast/hacking-united-arab-emirates-nso-group.html

[2] https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?_r=0

[3] http://www.spiegel.de/international/germany/the-world-from-berlin-electronic-surveillance-scandal-hits-germany-a-790944.html

[4] http://www.spiegel.de/international/europe/hacking-the-hacks-dutch-government-admits-spying-on-news-agency-a-515640.html

[5] https://www.independent.co.uk/life-style/gadgets-and-tech/news/uk-was-illegally-spying-on-amnesty-international-mistakenly-forgot-to-tell-human-rights-group-10360533.html

[6] https://www.opentech.fund/news/app-targeting-uyghur-population-censors-content-lacks-basic-security/

[7] http://www.globaltimes.cn/content/1044528.shtml

5/5 (2)

Ever since the early file-sharing days, discussions have been going on regarding digital copyright protection. The most recent discussions have mainly revolved around the EU’s proposed Directive on Copyright in the Digital Single Market¹. The main goals of this directive are to:

• legally protect press publications;
• correct the disparity in profits made between content creators and internet platforms;
• improve cooperation between rightsholders and online platforms.

There is a huge difference between profits made by platforms and search engines (e.g. Facebook, YouTube, Google) and profits made by content creators (e.g. news outlets, artists, film studios). The lack of sufficient earnings for the latter is one of the reasons for the decrease in quality news articles. Because of the importance of quality, independent journalism for a liberal democracy to work, I believe the EU’s intentions in this regard are perfectly justifiable. However, the way in which these intentions are to be substantiated through the proposed directive is far from justifiable and demonstrates little technical understanding.

Article 13 of the Copyright Directive requires online services (e.g. forums, platforms, online file storages) to identify and remove any content that has been posted or will be posted without the rightsholder’s consent. This would effectively result in a filter on every file you upload. Apart from the fact that this might be incompatible with earlier UN treaties², the practical execution of this directive would be very complicated. It would require online services to check each and every song, video, text document and any other type of file that is uploaded. It is impossible to do this manually, due to the sheer number of daily uploaded content. Hence, this would be automated and it would be up to algorithms to decide whether something is to be uploaded or not. However, even the most advanced algorithms for this (such as the ones used by YouTube) are far from perfect since they often fail to capture sarcasm, context and who the actual rightsholder is³. If this directive were to take effect, it would have a dramatic influence on how the internet is used and what can still be uploaded online.

A vote on this directive has been postponed to 12 September 2018 to give more time for discussion and amendments. Let us hope that the calls for amendments by companies, civil rights organizations⁴ and academics⁵ will change the directive for the better.

 

Sources:

1 https://ec.europa.eu/digital-single-market/en/news/proposal-directive-european-parliament-and-council-copyright-digital-single-market

2 https://www.ohchr.org/Documents/Issues/Opinion/Legislation/OL-OTH-41-2018.pdf

3 https://juliareda.eu/2017/09/when-filters-fail/

4 http://copybuzz.com/wp-content/uploads/2018/07/Copyright-Open-Letter-on-EP-Plenary-Vote-on-Negotiation-Mandate.pdf

5 https://www.ivir.nl/academics-against-press-publishers-right/