No further investigation into the censorship software found on Xiaomi phones is needed. Several foreign government agencies have determined that although this software is present on the smartphones of the Chinese manufacturer, it has been disabled in the EU. The cabinet is investigating whether it is necessary to amend the Telecommunications Act on this point.
This is what Minister of Economic Affairs and Climate Policy Micky Adriaansens writes in a response to written questions from Queeny Rajkowski (VVD).
Xiaomi installs content filter on smartphones
The VVD politician put a number of questions on paper in response to the report that Xiaomi phones collect all kinds of data about users. This data would then be forwarded to countries where the General Data Protection Regulation (GDPR) does not apply. Xiaomi phones would collect and pass on up to 61 parameters of data.
The phones of the Chinese manufacturer are also equipped with a content filter or censorship software. As soon as a user uses specific keywords, the smartphone blocks this content. Then you should think of keywords such as ‘Free Tibet’, ‘Taiwan Independence’ and ‘Democratic Movement’. Researchers came across a blacklist containing 449 such search terms. This list is also regularly updated.
No additional research needed
Minister Adriaansens confirms that the Lithuanian Ministry of Defense has conducted research into Xiaomi’s smartphones. Employees indeed found censorship software on the mobile phones of the Chinese manufacturer. However, this content filter has been disabled in the European Union, the minister emphasizes.
The German Bundesambt für Sicherheit in der Informationstechnik (BSI) has also determined that this software is not active in Europe. Minister Adriaansens assumes that this will not happen in the future. She, therefore, does not consider it necessary to conduct additional research into the application of the censorship software in practice. If someone objects to this content filter, this person can ask the court to rule on the lawfulness of such a filter.
Minister considers amendment of Telecommunications Act
The minister may see one problem. The current Telecommunications Act stipulates communication secrecy, which means that conversations may not be tapped. However, the article in the law is limited to telecom companies that offer public communication networks and services. Manufacturers such as Xiaomi are not bound by this.
The new European ePrivacy regulation fixes this, but it is currently still in the making. “Because the ePrivacy Regulation is still pending, I will further examine whether it is effective to amend the Telecommunications Act on this point,” writes Minister Adriaansens to the House of Representatives.
Minister strongly supports BYOD policy
In the letter, Adriaansens defends the Bring-Your-Own-Device (BYOD) policy of the government. Each ministry has its own rules. “If the use of own devices is permitted, then, just as for government devices, the correct measures are taken on the basis of risk assessment to sufficiently protect government information, for example by applying cryptographic solutions that can be used on one’s own device.”, said the minister.
Since 2018, the Ministry of the Interior has purchased 60 phones from Xiaomi. These are used for technical, forensic, and criminal investigations. They are therefore not part of the BYOD policy.
Tightened purchasing and tendering policy
Rajkowski asked Minister Adriaansens whether the Government Information Security Baseline (BIO) contains sufficient tools to prevent potential risks such as censorship software. According to the minister, the BIO has no specific measures against such software. The guidelines will be evaluated this year. The issue of the VVD member will be included in this, the minister promises.
The minister emphasizes that the purchasing and tendering policy was tightened at the end of 2018 to reduce national security risks. According to this policy, when purchasing and implementing sensitive equipment or software, both risks in relation to a supplier and the concrete use of the systems are taken into account, for example when it comes to access to systems by third parties. Adriansens.
Minister not afraid of Chinese software
“What would you think if government officials downloaded Chinese censorship software onto their devices?” Rajkowski wonders aloud. According to her answer, Minister Adriaansens is not afraid of that. The working environment of civil servants on mobile devices is located in a protected area that is not accessible to other software.
The minister finds it undesirable if manufacturers secretly eavesdrop on users from a distance, or deliberately hide information from them. However, both Lithuanian and German research shows that this is not done on Xiaomi phones in the European Union.
“In general, it is important that users know and understand the limitations of their equipment and, if they wish, can choose from alternative browsers and search engines to meet their information needs,” the minister adds.
GDPR sets requirements for data exchange
When asked what the minister thinks about the fact that data from Dutch people is forwarded to China via Xiaomi phones, she answers that the GDPR sets a limit to this. Furthermore, the Minister of Economic Affairs and Climate emphasizes that there is no adequacy decision from the European Commission for China. This is a decision stating that a country has a proper level of protection for personal data.
Structural issuance can then only take place if the controller (Xiaomi in this case) offers appropriate guarantees. It is up to the Dutch Data Protection Authority to monitor this and to judge whether this is the case. If this is not the case, the regulator can impose fines or prohibit the exchange of data.
Catch up on more articles here
Follow us on Twitter here