Surveillance: It is a little known but obvious irony that the efforts of the Chinese government to keep tabs on its populace with surveillance means it must demand its own domestic tech companies install weakened security.
The relatively lax level of security allows for Beijing to snoop on its citizens – but also allows Western spooks the same opportunities.
For instance, all messages sent on WeChat, China’s most widely used messaging application, must pass through central servers as plain text, unencrypted, so that the company can filter and censor them according to the government’s surveillance requirements.
This makes those servers a ripe target for any foreign agents who want to spy on Chinese citizens, who between them have more than a billion WeChat accounts.
“If I were a Western intelligence agency, those servers would be incredibly valuable,” says Matthew Green, a cryptography expert at Johns Hopkins University in the US.
Weak security is the rule, not the exception, in digital services for the Chinese public. Email and social media must all facilitate state access, as must industrial networks used to run factories and offices, even if the extent to which the government uses that access varies for surveillance.
The government has different security standards for itself, but these are secret. Speculation about the devices and systems that senior party members use to communicate is common.
Internet users in China have long objected to the low standards of data protection. Online crime and leaked databases are rife. Last year someone stole the account details for all 538m users of Sina Weibo, a microblog, and posted them on the dark web for sale.
There is little question that spy agencies in America and other countries use China’s weak security to their advantage.
The government’s calculation is unlikely to change. Its focus on surveillance and censorship of its own people is growing.