January 13, 2014 at 12:30 pm
Berkman Center for Internet & Society at Harvard University
23 Everett Street, Second Floor, Cambridge, MA 02138
In the last few years, usage of the mobile messaging app WeChat (微信 Weixin), has skyrocketed not only inside China, but outside, as well. For mainland Chinese, Wechat is one of the only options available, due to frequent blockage of apps like Viber, Line, Twitter and Facebook. However, outside of China, fueled by a massive marketing campaign and the promise of "free calls and texts", overseas Chinese students and family, Tibetan exiles, and Bollywood celebrities also use the app as their primary mobile communications service. It is this phenomenon that might be called an inversion of the Great Firewall. Instead of Chinese users scaling the wall to get out, people around the world are walking up to the front gate, and asking to be let in.
Combined with the rise of attractive, low-cost mobile handsets from Huawei and Xiaomi that include China-based cloud services, being sold in India and elsewhere, the world is witnessing a massive expansion of Chinese telecommunications reach and influence, powered entirely by users choosing to participate in it. Due to these systems being built upon proprietary protocols and software, their inner workings are largely opaque and mostly insecure. Like most social media apps, the WeChat app has full permission to activate microphones and cameras, track GPS, access user contacts and photos, and copy all of this data at any time to their servers. Recently, it was discovered that Xiaomi MIUI phones sent all text messages through the companies cloud servers in China, without asking the user (Though, once this gained broad coverage in the news, the feature was turned off by default).
The fundamental question is do the Chinese companies behind these services have any market incentive or legal obligation to protect the privacy of their non-Chinese global userbase? Do they willingly or automatically turn over all data to the Ministry of Public Security or State Internet Information Office? Will we soon see foreign users targeted or prosecuted due to "private" data shared on WeChat? Finally, from the Glass Houses Department, is there any fundamental difference in the impact on privacy freedom for an American citizen using WeChat versus a Chinese citizen using WhatsApp or Google?
Nathan Freitas leads the Guardian Project, an open-source mobile security software project, and directs technology strategy and training at the Tibet Action Institute. His work at the Berkman Center focuses on tracking the legality and prosecution risks for mobile security apps users worldwide.