China starts smartphone inspections to boost 'anti-espionage efforts', raising fears among expatriates and foreign business people about arbitrary enforcement
- China implemented new regulations on Monday under its toughened counterespionage law, which enables authorities to inspect smartphones, personal computers and other electronic devices, raising fears among expatriates and foreign businesspeople about possible arbitrary enforcement.
- A Japanese travel agency official said the new regulations could further prevent tourists from coming to China. Some Japanese companies have told their employees not to bring smartphones from Japan when they make business trips to the neighboring country, according to officials from the companies.
The new rules, which came into effect one year after the revised anti-espionage law expanded the definition of espionage activities, empower Chinese national security authorities to inspect data, including emails, pictures, and videos stored on electronic devices.
Such inspections can be conducted without warrants in emergencies. If officers are unable to examine electronic devices on-site, they are authorized to have those items brought to designated places, according to the regulations.
It remains unclear what qualifies as emergencies under the new rules. Foreign individuals and businesses are now expected to face increased surveillance by Chinese authorities as a result of these regulations.
A 33-year-old British teacher told Kyodo News at a Beijing airport Monday that she refrains from using smartphones for communications. A Japanese man in his 40s who visited the Chinese capital for a business trip said he will "try to avoid attracting attention" from security authorities in the country.
In June, China's State Security Ministry said the new regulations will target "individuals and organizations related to spy groups," and ordinary passengers will not have their smartphones inspected at airports. However, a diplomatic source in Beijing noted that authorities' explanations have not sufficiently clarified what qualifies as spying activities.
Last week, Taiwan's Mainland Affairs Council upgraded its travel warning for mainland China, advising against unnecessary trips due to Beijing's recent tightening of regulations aimed at safeguarding national security.
In May, China implemented a revised law on safeguarding state secrets, which includes measures to enhance the management of secrets at military facilities.
At some point I'm going to have to because the woman I love is from there. Probably I will need to get a burner phone for the occasion. It does seem like a beautiful country full of interesting culture. Shame about the government though.
Stick close to her and trusted family and friends. Though cash must be accepted legally , its hardly used. Getting a simcard requires registering with your passport now. If you're okay with that, a cheap burner phone with wechat for payments and comms and standard phone number yo get hold of your family back home. Needless to say you wont be anonymous so my attitude when visiting there was kind of just accept that, and don't do/say anything stupid. i.e assimilate temporarily with that way of life. All of these concerns are only a small part of life and of course a billion or so people are living with it. You are totally right that the place is full of interesting and amazing history, culture, food and really friendly and hospitable people despite the bs they have to put up with.
The countryside is beautiful and the rich parts are nice but most of the country is a slum and the vast majority of the people there live in poverty. Check out China Insider on YouTube.
Bringing your real phone instead of a burner phone into the PRC is just asking for your shit to get stolen. I have never brought my real phone into the PRC.
Love to live in a country where my data is always secure and my government would never try to harvest my data in bulk. Liberty! Whiskey! Sexy! USA! USA!
I legitimately can't tell if this is satire or not. I think you're confusing the USA with a European country that actually has data privacy and consumer protection laws.
The worst that my country wants to do with my data is attempt to sell me shit I don't want. (OK yeah we have one or two taboos: antisemitism and actual terrorism, but that's about it.)
In some other countries, drawing parallels with certain emperors and certain A.A.Milne characters could cost me my freedom and possibly my life. Ain't nothing stopping me standing outside #10 and yelling Rishi is a wanker!
Even as far back as 2010 the corpo I worked for had an official travel protocol that dictated backing up Blackberries, factory resetting them, crossing the border, then restoring them from the cloud. That was for crossing any border.
I'm not saying that that's an unreasonable policy for companies to have, but I will bet that only a very small portion of individuals normally do that for personal smartphones.
I've personally never done the trip to China for a lot of reasons (you know you are living your best life when a postdoc explains that you should never under any circumstances go to China because of what you have said) but do a lot of foreign travel for work:
No company should let any employee bring corporate electronics on international travel. Have burner phones and laptops that are set up to do incredibly minimal work locally (basically just have the slides... maybe) and to remote in. And work with your IT department to "randomly lock" them if a wrong password is detected in an airport or government facility.
It doesn't matter if it is the UK asking if we want the left or right hand this time or the CCP: It is just an unnecessary risk that is easily avoided.
And then inform the traveler of whether they want to bring their personal devices or not.
This is the approach I use with laptops domestically, and I think that there's something to be said for it. Like, the laptop itself doesn't store important information. A remote server does. The laptop is just a thin client. If the laptop gets lost or stolen -- which I've had happen -- I revoke the credentials. No important information is lost, and no important information is exposed.
Whole-disk laptop encryption has improved things too from an exposure standpoint (albeit not a loss standpoint), though I don't use it myself (don't want to spend any battery life on it). I assume that smartphones have some form of reasonably-secure storage hardware, but I don't know if it involves encryption.
What I found irritating -- and this is years back now -- was an employer who didn't care if I took a laptop in or out or what information I stored on it (as long as it was a work system), but who refused to provide remote access to the network, so I couldn't just keep the important information on the work network. I mean, I get if they want to have some sort of isolated DMZ and require an externally-accessible server to live there, not provide VPN access in to the general network, but not having the ability to have remote network access to work systems at all is just incredibly obnoxious.
I think that some of it is that Windows is not phenomenal to use remotely. Yeah, there are solutions, but they aren't great if you're on a high-latency, low-reliability, or low-bandwidth link. I try to use console Linux for as much of my stuff as possible. That whole ecosystem was designed around thin-client, remote use.
Oh yeah. I DEFINITELY have some horror stories over needing to access GUI apps remotely (my favorite involved a secure tunnel to one facility to then tunnel back to a machine that was literally three doors down from my office...)
But stuff like the web interfaces to ms/google office make the vast majority of this trivial. Since SSH always worked in Windows via (god awful) putty. And increasingly other applications are understanding they need to support server/client setups so you are just connecting over a tunnel rather than using a remote desktop protocol.
It doesn’t matter if it is the UK asking if we want the left or right hand this time or the CCP
Unfortunately, there's this baseline understanding of liberal western democracies providing security while eastern fascist dictatorships of the proletariat are looking for people to punish arbitrarily. The tolerance for British mass surveillance (some of the worst in the world) is sky high, simply because they're doing it the white way.
The CCP are actively engaging in genocide (remember the Uyghurs? Probably shouldn't if you don't want to piss off the CCP) and have a long history of "reeducation" camps.
While I have very serious problems with how the majority of western nations handle immigration and human rights violations, that is more along the lines of "oh, please stop isreal. By the way, here are all those bombs you asked for. Don't use them all on one mosque!" or actively turning people back to be executed in the horror they are running from (although, the US is doing a great job of having some stuff that looks a lot like concentration camps on the Southern border...).
But it is still night and day in terms of horror. The day is pretty shitty but the night... holy fuck.
But also? That doesn't change anything. It is a nation's responsibility to engage in basic espionage if only to protect its people's interests. And governments all have the power to basically shit on a visitor's human rights so long as they can keep the embassies from finding out. So why take any risks you don't need to?
That's just so impractical. The point of business travel is to get something done. For that you need your devices, and access to relevant data and systems.
Setting up a clean device for every trip where you cross a controlled border is such a hassle it wouldn't really pass in any company. Well with the exception of defense companies, I could understand them being paranoid enough.
Plenty of companies are, rightfully, adopting security models where even domestic workers never have a copy of anything sensitive on a laptop (sometimes even desktop) and rely on corporate servers to do work. Yes, it really fucking sucks during an outage but it avoids the never ending problem of people leaving their laptop at a starbucks. There is absolutely zero reason to not do that on foreign travel.
Also: The point of business travel is to have meetings or collaborations that can't be done remotely. For the former, you basically just need that set of slides and the ability to fetch a limited subset of other data. For the latter? You are by necessity taking corporate secrets and having a secure connection back home is a bare minimum.
And if your IT department have problems reprovisioning laptops to contain basically a VPN client and a web browser? Then you have even bigger problems. In a semi-competent world, you just reimage a laptop in a closet to the minimum machine that you give to a new hire and then you flag the user's account for heightened security in whatever VPN setup you have. Because it is REALLY easy to detect if something is connecting from where it shouldn't be (e.g. Fred is in Canada but suddenly is trying to connect from Australia) or is anywhere near a government facility or airport (... no comment).
As an aside, I'll point out that I have worked with various government and government adjacent orgs over my years. Their security is complete dogshit next to a decent sized company. Because they are just protecting government secrets and focused on covering their asses. A company is protecting potentially billions of dollars and everyone's livelihood. Which makes for an environment where you aren't ten years behind the state of the art because nobody wants to risk jail time (which they would not get if they are acting in good faith...) over approving something as crazy as a VPN.
is such a hassle it wouldn't really pass in any company
Hate to tell you, this is now the norm. Right now, today, thousands of corporate travelers!
Company creates a travel laptop, perhaps even just a completely empty kiosk laptop. Corporate traveler downloads critical data to the laptop in an enclave (like a presentation). They have a two-factor token with them. If they need to get back to the corporate network for whatever reason, they use remote desktop software and no data is stored on the local device. They're given policies telling them that if the computer is out of their possession, or view at any time, that the device is not to be used whatsoever afterwards. Contact security and let them deal with it.
When the traveler comes back to the mothership, laptop is checked into IT, it's completely wiped.
Does remote desktop software suck? Yeah. It's better than the alternative though
Where do you think Americans learn about non-European countries in World History? History started with the founding of England and ended with WW2. I think we dropped a nuclear bomb on some East Asian country where all the anime comes from. But other than that, who gives a shit about Asia?
At some point, its just tiring to see folks slam their fists in their palms and declare whole-heartedly "I will NEVER visit China for ANY REASON!" when half our country is broke as shit and our planes occasionally just have the doors fall off mid-flight.
As if you were booking a vacation to Macau ten minutes ago, but now you've suddenly changed your mind. Come the fuck on, dude.
Fun fact. If you come to Australia the border force can basically do the same thing. Take a burner with you when you travel, it’s not worth the hassle at the airport. Bonus points, if you lose your phone or get it stolen it won’t hurt as much as if it happened to your main device.
First, obviously this is not good. Secondly, if anyone is complaining about this from the USA, you don't get to. CBP has the right to inspect your electronics with no questions asked by you. They have a right to make a copy of all data. They have a right to seize your electronics and decrypt them if you fail to provide the encryption pin. They have the right to compel you to unlock and decrypt your devices if it uses fingerprint or facial unlock. They have the right to revoke your residency status if you aren't a citizen.
CBP has authority to do this at any sea, land, or air crossing. It also has the authority to do this within 100 miles of any border. That means about 70% of all Americans live their day to day lives within the scope of the exact same legislation. And yes it is used, all the time. If you think it isn't, you're just ignorant.
Not one single comment on this post has said anything about how America does not have this issue, or America at all for that matter. In fact, the only comments that are about a country other than china (you know... the country the fucking article is about) mentions how Australia's border/customs do the same thing.
Do you realize we are allowed to discuss and criticize things around the world whether or not America is guilty of something similar right? Is it really necessary to immediately without any prompting regurgitate an 'AMERICA DOES IT TOO!!!' comment on any article with negative sentiment regarding a non-American power?
Do you realize we are allowed to discuss and criticize things around the world whether or not America is guilty of something similar right?
It becomes tiresome to read "Foreign Country is doing the EVIL THING! Rally around the burn pit and lets talk about how intrinsically bad their are!" when they learned this shit by watching every other western country do it first. Just feels like another edition of American Exceptionalism and hysterical far-right xenophobia.
But the US is not an authoritarian shithole (it's not a perfect democracy either, but it can't be compared to the Chinese dictatorship in any way), which develops its domestic industries on industrial espionage and stolen intellectual property. Unlike... China. The TSA doesn't get orders from the US government to steal trade secrets and other critical information from business people, in order to boost US industries.
A century ago the eunuchs run China. The secretary censors run China now, not the technocrats from the previous generation. Secrets and intrigue instead of information and openess.