Cristina Criddle YESTERDAY in the FT Magazine writes and document at length her experience with Chinese intelligence.
The story claimed ByteDance employees accessed two reporters’ data through their TikTok accounts. Personal information, including their physical locations, had been used as part of an attempt to find the writers’ sources, after a series of damaging stories about ByteDance. According to the report, two employees in China and two in the US left the company following an internal investigation. In a staff memo, ByteDance’s chief executive lamented the incident as the “misconduct of a few individuals”
Selected summary background:
Her personal experience:
- Christina was contacted confidentially by a ByteDance employee, who indicated Chistina should investigate reporters phones being accessed by ByteDance.
- She later learned that the two reporters being spied on included her.
- under guidance from FT IT she maintained one phone for TikTok only..
- TikTok was pushing back on reports of a toxic workplace, several employees had decided to surveil her phone, tracking her location in hopes of finding her sources
- Switching it on one day in February, I received a verification code, which I had not requested. Often this is sent when you log into a new device. I looked at the logged-in devices on my account and, curiously, saw an iPhone that I do not own. This suggested that a device that was not mine, was at that time, logged into my TikTok account without my knowledge, possibly monitoring activity. TikTok could not explain why another device was logged into my account at the time but said it “did not identify inappropriate access or inauthentic account activity in January and February”.
CEO Shou testifying before US Congress
- Then, half an hour in, he was asked by the chair, Cathy McMorris Rodgers: “TikTok spied on American journalists. Can you say with 100 per cent certainty that neither ByteDance nor TikTok employees can target other Americans with similar surveillance techniques?” Shou looked assured as he replied: “First of all, I disagree with the characterisation that it is spying.” When pushed for a yes or no, he gave neither.
Chinese company’s will use nefarious means to monitor technology users
We should accept this as natural Chinese behaviour.
I have observed two scenarios that are evidence of harbouring lies by China officials.
- “First of all, I disagree with the characterisation that it is spying.”
- General denials that are softly worded possibly leaving the perpetuator wiggle room. A related trick here is to include specificity, in this case months which provide the opportunity for subsequent revision of remarks.
- And a third. The episode of the Chinese ambassador to France talking about borders with ex Soviet countries. China central immediately shut down thIs wolf warrior indicating his views were personal.
Personal and Corporate Risk Management
I do not believe in the US “build a moat” protection approach. The Moat approach results in at best restrictive trade practices, and worst military conflict:
- removing TikTok from Government phones
- restriction of US companies use of certain technologies such as Huawei network components
- IRA restriction on purchase of Chinese manufactured computer chips
These restrictions remind me of a cat chasing its tail. It will never catch the tail.
There must be better risk management by western Companies and western individuals. There are advantages to expansion of the world economic trade activity to include all countries. The alternative is to seek an alternate world order which excludes the Chinas, the Russias and other counties in whom the West believes that their vital interests are threatened.
But if we go a level deeper how much of a threat is sufficient to make it on to the National Security agenda. Here I am aiming directly at the US. The China threat timeline began with constant haranguing by the US to China on the topic of Hunan Rights. There are many organisations and NGO’s who take issue with most countries in Britain, Europe, South America and Asia. But consider the US behaviour during the Russian invasion of Ukraine, and their efforts to import and buy oil from Venezuela.
Are vital interests only vital when it suits the sanctioner? Niall Ferguson has analysed the GDP and revenue flows into Russia since the Feb 22 invasion. Service revenues have increased.
On a similar vein Microsoft did not sell as many copies of Office in the 90’s because illegal copies were sold in China.
Risk Management means assessment of Risk and placing yourself, your company, your country in a position you find acceptable when compared to the alternatives.
In my world as a banker there are no absolutes. We identify the risks and align those risks with mitigating factors which together as a package become sufficiently acceptable to permit business continuance. If there are insufficient mitigants then we pass on the transaction and move on.
But we cannot pass on everything. Business would be shut down. We cannot arrest China obviously. The benefit of the Western Rules Based Order have to become second nature to Chinese leaders and while this take time, it is worth it. It may need a carrot as well as a stick, but stick only will fail.
Conclusion
For Christina and the FT they have personal and corporate health reasons which bring commensurate risk. That risk needs to be addressed head on by both.
More to come on Risk Management.
Tags #cybercrime #illicit-foreign-agency #china-interference #china-disinformation