Athletes and associations fear for digital security at the Olympics. Experts discovered security flaws in the My2022 Olympic app. The course of the games will show how great the risk is
Beijing/Munich – The Olympic Winter Games* in Beijing are fraught with conflicts and problems like no Olympic Games have been for decades. The Games are taking place in a sealed bubble in the midst of the global omicron wave of the Corona pandemic. The host country China has been criticized for human rights violations. And there is concern among the teams about data security in the Olympic Village. US cross-country skier and former Olympian Noah Hoffman from the organization said the US Olympic team never once spoke only about the sport at its pre-departure meetings Global Athlete, which advocates a better balance between athletes and associations, at a recent discussion event. “Instead, every single meeting focused either on Covid protocols or on issues of personal safety, digital privacy and freedom of speech.”
It must have been the same for many teams. In the days before the flight to Beijing, digital security was at the center of the debate alongside Corona. Will China* control what athletes post on social media or what comments they leave on international websites? Is their personal data stored somewhere? Questions to which there are no real answers so far. How justified the worries are will only become clear in the course of the games.
Olympic app My2022: security gaps discovered
A stumbling block is the app My2022 – in German “My 2022”. Every athlete had to download this onto their own smartphone at least 14 days before leaving for Beijing in order to save their daily health data and information such as their passport number. This is according to the IOC and the organizers for contact tracing in the event of positive corona tests. Such apps have been available in China for the entire population since 2020.
According to the findings of Canadian specialists, the problem with My2022 are blatant security gaps. My2022 regulates access to events based on health data, for example, but also contains news feeds, information on sports facilities and tourist offers — as well as chat functions. The latter are obviously vulnerable. The Citizen Lab at the University of Toronto, which specializes in digital security, warned in January, the encryption of voice messages and data transfers could easily be circumvented by “a simple but devastating error” in the app. The health forms contained therein, including passport numbers and personal data, are also vulnerable, it said. In the case of health data, it is also unclear with whom the organizers shared them. My2022 includes features “that allow users to report ‘politically sensitive’ content.” The researchers also discovered a list of 2,422 keywords such as “Dalai Lama”, “Koran” or “Tian’anmen” which are “illegal” from the Chinese point of view. However, Citizen Lab did not determine that these censorship functions were activated at the time.
Citizen Lab’s report confirmed fears of surveillance of athletes and delegations in Beijing. “There have long been concerns that athletes and other participants could be spied on during the games,” said Maximilian Klein from the independent advocacy group Athletes Germany. “The revelations about the glaring security vulnerabilities of the My2022 app confirm our long-held fears.” The IOC pointed out that the app has been checked and approved by two independent cyber companies – and is available from Google and Apple. But because of the vulnerability, they will follow up again.
China: Internet censorship and lack of transparency
It’s a vague sense of insecurity that reflects a lot of the statements from the teams. Not just because of the app. Internet censorship is strict in China, especially on local social media. These are scanned for prohibited terms by censors, employees of the provider companies and algorithms. And these terms are constantly changing. After tennis star Peng Shuai accused a former Vice Prime Minister of sexual assault*, the term “tennis” even made it onto the index for a while. Search queries will not show posts containing such terms. Providers close the accounts of users who post content full of taboo terms. You are obliged to do so.
The system is not transparent, so the West’s confidence in Beijing’s assurances is minimal. “It should be assumed that all data and communications in China can be monitored, compromised or blocked,” the US Olympic Organizing Committee wrote in a guide. Some National Olympic Committees, including the German Olympic Sports Confederation (DOSB), therefore advised their athletes not to take private devices such as smartphones, laptops and tablets with them to China.
After their arrival in China, the athletes received a mobile phone from the Olympic sponsor Samsung with a local SIM card from the International Olympic Committee (IOC). With this SIM card, you can access all the websites that are normally blocked in the People’s Republic, the organizing committee said. According to experts, the network activities of the athletes could still be monitored. The Dutch therefore allegedly want to destroy all of these mobile phones after their athletes return.
Olympic athletes: Going to China with a queasy feeling
It is understandable that some athletes got on the plane to Beijing with a queasy feeling in view of the many warnings – especially since every day there is a risk of being thrown out of the competition due to a positive corona test. But some people seem to think the situation is even worse than it is. The news agency Reuters for example, quoted a spokesman for the Dutch Olympic Committee as saying that China had “completely sealed off” its Internet. That’s not really true: China blocks access to websites that the censors find objectionable, from Facebook to primarily English-language media outlets such as the New York Times. But most of the international sites can be accessed normally from the People’s Republic.
China’s officials remain silent on the debates, but some commentators react indignantly. Western demonization of China has ‘damaged common sense’ writes the recently resigned editor-in-chief of the state newspaper Global Times, Hu Xijin. “Where is China supposed to get the manpower and resources to build such a gigantic surveillance system? And to do what?” asks Hu, also known for toxic tweets, on the Chinese social media platform Weibo. Athletes are normal people with no value for spies. “People have seen too many films.”
Athletes in the Olympic Village: Posts about the cold and the facilities — not politics
Almost all the athletes have now arrived at the Beijing Olympic venues. The fact that they post pictures of their training sessions on Instagram shows that the internet at least works. If you use your own smartphone, you need a so-called VPN tunnel for Instagram in China. This uses an intermediary server to conceal which website or app the user is accessing — and thus misleads the censors. Virtually all foreigners living in China use such VPN tunnels on a daily basis.
Most of the athletes’ posts talk about the freezing cold, the facility or show happy selfies with helpers in white protective suits. Some are enthusiastic about slopes or ski jumps, others struggle with the gigantic infrastructure. The mood seems to be calming down, the focus is shifting to the sport. So far, the international reporters who have traveled to the Olympic bubble, who seem to have a constant entourage of security guards, have been monitored.
Experts and even some critics advise athletes against political criticism of China*, for example because of the human rights situation in Xinjiang*. Because China warned very specifically. “Any conduct or speech that violates the Olympic spirit and particularly Chinese laws and regulations will be punished,” said Yang Shu, senior official of the Games Organizing Committee. A possible punishment could be the de-accreditation of critical athletes, according to Yang. The IOC charter prohibits political statements during the competitions, but not around them. (ck) *Merkur.de is an offer from IPPEN.MEDIA.