{"id":37854,"date":"2018-03-13T15:04:58","date_gmt":"2018-03-13T04:04:58","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=37854"},"modified":"2018-03-13T15:04:58","modified_gmt":"2018-03-13T04:04:58","slug":"defence-says-no-wechat","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/","title":{"rendered":"Defence says no to WeChat"},"content":{"rendered":"
<\/figure>\n

The Australian Defence Department <\/em>has banned staff and serving personnel<\/a> from downloading the Chinese social media and messaging app WeChat onto their work phones. ASPI\u2019s International Cyber Policy Centre staff sat down today to discuss the development. Eds.<\/em><\/p>\n

Are you surprised by this development? <\/strong><\/p>\n

Fergus Ryan:<\/strong> Frankly, I\u2019m surprised the ban didn\u2019t come sooner. While I can see why DFAT officials might want to use the app, I don\u2019t see why Defence officials would need to. Given what we know about how closely WeChat works with the Chinese government, it seems prudent to ban it.<\/p>\n

Danielle Cave<\/strong>: No, this isn\u2019t surprising. Let\u2019s keep in mind how limited this ban is: according to Australian media reports, they\u2019ve banned staff from downloading and using WeChat on their work phones only. This ban goes nowhere near as far as India\u2019s, for example, where the media has reported that the Indian government has requested that their defence personnel remove more than 42 Chinese apps<\/a> from both<\/strong> their work and personal phones<\/a>. It\u2019ll be interesting to see if other departments, particularly DFAT, follow Defence\u2019s lead.<\/p>\n

Tom Uren<\/strong>: The default position is that work phones are provided with a limited range of apps. Essentially all apps are banned unless there\u2019s a requirement to have them and they pass a security assessment.<\/p>\n

What\u2019s behind the ban? What\u2019s Defence likely concerned about? Have they made the right call?<\/strong><\/p>\n

Tom<\/strong>: Both personnel and information security are the issues here. Many mobile messaging apps can access both the sensors and a large amount of information from a smartphone, including possibly the camera and microphone, contacts, photos, location and GPS info, Wifi networks accessed, etc. Some messaging apps are written so poorly that messages aren\u2019t encrypted. This presents the risk that eavesdroppers may be able to snoop on Defence personnel. Poorly written apps could also provide another vector for hackers to attack and compromise a phone. In general, more apps mean more opportunities for hackers, so the default department position would be to restrict the number of apps installed.<\/p>\n

Additionally, even entirely secure apps can collect large amounts of data. Defence may be concerned that data collected by WeChat may be made available to the Chinese government. Governments typically have mechanisms to access data from companies but we\u2019re pretty comfortable with Western systems where warrants from independent judiciaries are required. I\u2019ve written previously about the Chinese appetite for data<\/a> and we are probably less comfortable with the independence of Chinese lawful access mechanisms.<\/p>\n

Danielle: <\/strong>Defence has made the right call and I suspect others will follow, both in Australia and around the world. The Chinese government is increasingly investing in surveillance and censorship, and we know that messages within WeChat are monitored and censored. China\u2019s new cybersecurity law requires all companies to store relevant data and WeChat\u2019s own privacy policy is very broad. Amnesty International ranked the privacy and encryption of WeChat\u2019s parent company Tencent very poorly, and Tencent also scored very poorly (20\/100) in the New America think tank\u2019s 2017 ranking of digital rights and corporate accountability<\/a>. It\u2019s not surprising that WeChat didn\u2019t pass a security assessment.<\/p>\n

Fergus<\/strong>: China\u2019s new cybersecurity law<\/a> requires all internet companies to store internet logs and relevant data for at least six months to assist law enforcement. WeChat\u2019s own privacy policy notes<\/a> that it may need to \u2018retain, disclose and use\u2019 user information in response to government requests. There\u2019s also plenty of anecdotal evidence<\/a> to suggest that Chinese authorities are using access to WeChat data to persecute dissidents and activists.<\/p>\n

Regulators have been ramping up pressure on companies<\/a> like Tencent and Sina Weibo to do more to control and suppress content it deems undesirable. Threats of significant fines are already prompting those companies to divert more resources towards that effort.<\/p>\n

Does this ban show that Australia considers China a threat?<\/strong><\/p>\n

Tom: <\/strong>No. Other coverage in the media shows that Australia considers China a threat. :)<\/p>\n

Fergus:<\/strong> Not necessarily. I think the recent Strava app case in which its heat map revealed details of military bases around the globe was probably a wake-up call for many officials working in sensitive areas, prompting them to take a fresh look at tightening up the use of all apps, regardless of where they\u2019re from. Having said that, it\u2019s important to note that this latest decision has been made in the context of growing concerns about Chinese espionage activities and worries that the use of Chinese technology\u2014such as using Huawei to build a 5G network\u2014may create security vulnerabilities for Australia in the future.<\/p>\n

Danielle: <\/strong>No, I think it shows that the Australian Department of Defence is taking cybersecurity seriously. To flip the situation, the Chinese government is incredibly strict about what social messaging apps they allow their population use, let alone their defence personnel! Most are banned anyway, but I highly doubt that officers in the PLA would be allowed to download non-Chinese\u2013made social apps on their official work phones.<\/p>\n

How is the Chinese media reacting? How are people responding to the story on Chinese social media platforms?<\/strong><\/p>\n

Fergus: <\/strong>The Global Times<\/em> published a pick-up of the story<\/a> less than 24 hours after the Australian Financial Review<\/em> broke the story. The summary leaves out much of the context around the Defence Department\u2019s decision. It does, however, make clear that the ban happened in the context of growing concerns over Chinese espionage activities and a growing national security backlash against Chinese foreign investment.<\/p>\n

This story has been shared on the Global Times<\/em><\/a> official Weibo account<\/a>. Although comments are likely not representative\u2013they must be approved by editors and at the time of writing only seven comments of 202 were visible\u2013the most popular highlight the hypocrisy of Australia, which is part of the Five Eyes intelligence alliance. Other comments frame the decision as a gross overreaction to a non-issue.<\/p>\n

Should this ban apply to all Australian officials posted to China?<\/strong><\/p>\n

Fergus: <\/strong>WeChat is so pervasive in China that not being on it isn\u2019t really an option if you want to take part in society. For diplomats, it\u2019s an extremely useful tool for making and maintaining connections and for organising events. Officials would need to take into account the benefit they could get out of the app when weighing up whether to use it or not.<\/p>\n

Danielle:<\/strong> No, it would be difficult to do your job in China\u2014whether you are a Defence attache, a diplomat or an Austrade official\u2014without WeChat. China isn\u2019t unusual in that sense: messaging app KakaoTalk is vital in South Korea, as is LINE in Japan and Taiwan. For a lot of Asia, messaging apps replaced email long ago. What will be important now is that there are very clear and enforceable guidelines about what apps are and aren\u2019t appropriate to use on a work phone so that all officials, across both the policy and national security community, are well aware of the guidelines.<\/p>\n

How should other government departments react to this and approach similar issues in the future?<\/strong><\/p>\n

Tom: <\/strong>It\u2019s up to each organisation to understand the risks and benefits and make their own call about apps based on their needs and risk profile. ASD has information on the risks of using mobile devices and about how to protect data on smartphones (the IOS hardening guide and the Information Security Manual).<\/p>\n

Danielle: <\/strong>I agree, but departments also can\u2019t wait for media enquiries or a story to break before tackling an issue (like the Strava heatmap<\/a> debacle). It\u2019s worrying that new threats always seem to catch government departments on the back foot. In part, I think this is because there\u2019s a tendency in Canberra to view \u2018cyber\u2019 through a very traditional prism that focusses on the types of threats that we see week to week (for example, data theft). If we absorb one lesson from Russia\u2019s cyber interference in the US election, it should be that continuing to view cyber threats through a narrow prism is a mistake<\/a>. It\u2019s vital that the government break out of this reactionary cycle and take a more forward-looking and assertive stance on the less traditional suite of cyber threats<\/a> that might affect Australia and our near region.<\/p>\n

Fergus: <\/strong>A top priority should be for government MPs to be given clarity on whether they should be using WeChat on their own phones\u2014something which has yet to happen<\/a>. Information stored on the phones of our elected representatives would surely be highly prized by foreign governments, so we should be thinking about how we can plug any security holes on their devices as a priority.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Australian Defence Department has banned staff and serving personnel from downloading the Chinese social media and messaging app WeChat onto their work phones. ASPI\u2019s International Cyber Policy Centre staff sat down today to discuss …<\/p>\n","protected":false},"author":691,"featured_media":37857,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[52,224],"class_list":["post-37854","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-china","tag-social-media"],"acf":[],"yoast_head":"\nDefence says no to WeChat | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Defence says no to WeChat | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The Australian Defence Department has banned staff and serving personnel from downloading the Chinese social media and messaging app WeChat onto their work phones. ASPI\u2019s International Cyber Policy Centre staff sat down today to discuss ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-13T04:04:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/03\/11809311223_7a4a4ee561_z.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"425\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Danielle Cave\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Danielle Cave\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/03\/11809311223_7a4a4ee561_z.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/03\/11809311223_7a4a4ee561_z.jpg\",\"width\":640,\"height\":425},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/\",\"name\":\"Defence says no to WeChat | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/#primaryimage\"},\"datePublished\":\"2018-03-13T04:04:58+00:00\",\"dateModified\":\"2018-03-13T04:04:58+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/1730ec525f034baa16dd911fea57775f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Defence says no to WeChat\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/1730ec525f034baa16dd911fea57775f\",\"name\":\"Danielle Cave\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0eb0eb0ac065aaf45b63a5b7a87b53d7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0eb0eb0ac065aaf45b63a5b7a87b53d7?s=96&d=mm&r=g\",\"caption\":\"Danielle Cave\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/danielle-cave\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Defence says no to WeChat | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/","og_locale":"en_US","og_type":"article","og_title":"Defence says no to WeChat | The Strategist","og_description":"The Australian Defence Department has banned staff and serving personnel from downloading the Chinese social media and messaging app WeChat onto their work phones. ASPI\u2019s International Cyber Policy Centre staff sat down today to discuss ...","og_url":"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2018-03-13T04:04:58+00:00","og_image":[{"width":640,"height":425,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/03\/11809311223_7a4a4ee561_z.jpg","type":"image\/jpeg"}],"author":"Danielle Cave","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Danielle Cave","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/03\/11809311223_7a4a4ee561_z.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/03\/11809311223_7a4a4ee561_z.jpg","width":640,"height":425},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/","url":"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/","name":"Defence says no to WeChat | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/#primaryimage"},"datePublished":"2018-03-13T04:04:58+00:00","dateModified":"2018-03-13T04:04:58+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/1730ec525f034baa16dd911fea57775f"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/defence-says-no-wechat\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Defence says no to WeChat"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/1730ec525f034baa16dd911fea57775f","name":"Danielle Cave","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0eb0eb0ac065aaf45b63a5b7a87b53d7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0eb0eb0ac065aaf45b63a5b7a87b53d7?s=96&d=mm&r=g","caption":"Danielle Cave"},"url":"https:\/\/www.aspistrategist.ru\/author\/danielle-cave\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/37854"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/691"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=37854"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/37854\/revisions"}],"predecessor-version":[{"id":37860,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/37854\/revisions\/37860"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/37857"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=37854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=37854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=37854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}