Last summer, the grand opening of the newest outlet in ‘s Westfield shopping centre was quite an event.Hundreds of people applauded the cutting of an orange ribbon and a queue of shoppers snaked around the block.
An orange double-decker bus toured London promoting the latest, orange-liveried addition to the sprawling temple of consumerism in Shepherd’s Bush.
So which retail giant was generating such a fuss?The answer is one you’ve probably never heard of. Nestled among big-name brands such as Guess, Pull & Bear and Currys PC World was the UK flagship store of Xiaomi.
The Chinese electronics company is intent on creating a ‘smart home’ for everyone, with a burgeoning range of devices connected to, and controlled by, smartphones and computers.
Lei Jun, founder and CEO of Xiaomi, speaks at a launch ceremony of Xiaomi Phone 2 in Beijing in this August 16, 2012 file photo
With Westfield — and similar malls up and down the country — crowded with shoppers snapping up TVs, sound systems and smartphones in the January sales, it’s time to take note of what such technology can do.
Xiaomi is one of a number of Chinese companies whose devices are commonly found in UK homes.But what innocent buyers don’t know is that, as well as providing entertainment, they are capable of tracking our behaviour.
Most of us find it alarming enough that internet service providers know what we buy and which websites we visit, yet we seem happy to give up this kind of personal data in return for the right to trawl through social media and buy goods online.
But what happens when our online lives are being monitored not by a company for marketing gain but by the Chinese Communist Party (CCP), whose interest could be considerably more suspect?
This is a danger that increasingly concerns privacy campaigners as well as security experts.Yesterday the Government was warned that Chinese ‘Trojan Horse’ technology posed a ‘wide-ranging’ threat to the UK in a report by Ooda, a Washington-based security consultancy. Microchips embedded in on millions of people in Britain.
Earlier this month, the Government’s own surveillance watchdog, Professor Fraser Sampson, raised the alarm about the ‘Vivio Digital Solutions Ltd asbestos’ of Chinese technology, as it emerged that more than a third of police forces in the UK are using CCTV cameras, drones and other technology from companies with close links to the CCP.
Beijing monitors the lives of its own citizens through electronic goods connected to the internet, such as TVs and smartphones.
What is to stop China doing the same to British householders?
Kayla Blomquist, director of the research institute Oxford China Policy Lab,.’It is highly challenging, if not impossible, to distinguish between careless programming and purposeful backdoor [snooping] . . . for planned cyberattacks,’ she says.
And harvesting millions of customers’ data can reveal behavioural insights and political leanings that could open up ‘opportunities to interfere in domestic political processes’ such as ‘sophisticated online disinformation campaigns’.
Beijing monitors the lives of its own citizens through electronic goods connected to the internet, such as TVs and smartphones
Vahri Fotheringham, of the International Cyber Policy Centre, goes even further: ‘Data from smart devices in our homes can be aggregated with other public data to .. . orchestrate seemingly benign situations ripe for extortion, leverage, coercion and recruitment.’
He warns that data from UK citizens could be used by China to ‘manipulate opinions’ and gain economic insights ‘to undercut prices and solidify Chinese dominance in the technology sector of the UK’.
In fact, Chinese companies have already infiltrated many British homes.Last year, a Mail investigation revealed that 250,000 smart meters made by a company with links to the Chinese government have been installed in British homes — and now ministers are calling for them to be ripped out.
Sir Iain Duncan Smith, himself the subject of Chinese sanctions for criticising Beijing over human rights, has raised the ‘nightmare’ prospect of the CCP shutting down power to hundreds of thousands of households through access to the meters’ remote power switch.
At least three major domestic energy suppliers have struck deals with the company supplying the meters, Kaifa Technology UK, which is controlled by a subsidiary of the state-owned China Electronics Corporation (CEC).The CEC was an exhibitor at Beijing’s major military exhibition Airshow China 2021, parading more than 100 products designed to assist in the state’s technological and security endeavours.
Nick Hunn, a director at WiFore Consulting, who gave evidence to a parliamentary inquiry on smart meters, warned that the remote power switch in Kaifa meters presents a real threat because it could potentially black out homes, ‘destroying’ the National Grid.
Energy suppliers insist that meter manufacturers cannot access the switch.
The IoT can hook up devices such as fridges and ovens to the internet.It powers smart doorbells and internet routers, provides information for and about ‘smart’ cars and can remotely operate anything from lighting systems to kitchen devices
But Mr Hunn says it ‘shows a frightening complacency if they think the system can’t be hacked’.
He adds that installing such technology ‘is handing a loaded gun to China’.
Michael Wu, the head of Kaifa UK, said the accusations were not ‘an honest reflection of our company’ but the result of an ‘adversarial political narrative’.
Both Energy UK and the Government stressed that all smart meters operating in Britain were subject to ‘robust security standards’.But Sir Jeremy Fleming, the head of GCHQ, warned in October that the way China deploys emerging technology could represent ‘a huge threat to us all’.
Central to this is China’s so-called National Intelligence Law, passed in 2017, making it mandatory for any Chinese firm to aid national intelligence-gathering, including through the collection of data on both foreign and domestic targets.
Most companies in China are either outright state-owned, have the CCP as a majority shareholder or are lavished with generous subsidies by government.
So whether encouraged by carrot or by stick, China’s technology firms all toe the party line.In China, smart TVs are routinely used as a mass surveillance tool by the CCP to spy on citizens.
Apple Daily, a Hong Kong newspaper shut down after being raided by 500 police officers in June 2021, reported that the Chinese government ‘uses the Android operating system [of smart TVs] to achieve full domain coverage, full network sharing, round-the-clock and remote-controlled video surveillance for policing purposes’.
Code-named the ‘Sharp Eyes Project’, spyware is allegedly inserted into Chinese users’ smartphones and TV sets and ‘uploaded .. . to a government database for online monitoring’.
The paper quoted analysts saying that the Chinese Communist Party appeared to be implementing a nationwide surveillance network which included watching people in their own homes and monitoring their contacts and interactions.But could the same surveillance be happening here in Britain?
The UK has become ever more reliant on Chinese smart technology
In 2021, the UK imported £63.6 billion worth of goods from China, according to the Office for National Statistics — and electronics was the biggest sector.
By using cameras, microphones, smart home devices and internet connections — all of which can be hacked to record and amass personal information without the user knowing — we have brought the surveillance threat from China straight into our living rooms.
Take Beijing-headquartered Xiaomi, for example, which is the world’s third-largest smartphone manufacturer, behind Apple and Samsung.In 2021 the U.S. banned Xiaomi, naming it as a company ‘owned or controlled’ by the People’s Liberation Army.
This followed a report by Forbes which revealed that Xiaomi was ‘recording millions of people’s ‘private’ web and phone use’.
Of course, it is the same company whose flagship ‘Mi’ store in Westfield White City was teeming with customers the moment it opened last summer.
Hardly surprising when its main product, smartphones, retail for as little as £99.
Many technology companies, including Western firms, harvest data from the devices they sell.
But a cybersecurity researcher, as part of the Forbes investigation, discovered a ‘worrying’ amount of data being taken from Xiaomi devices — which included his search-engine queries, pornography searches and the folders he opened, even when browsing in ‘incognito’ mode.
Xiaomi said the Forbes report ‘misrepresented the facts’ and that all data collection is by consent and anonymised.
The company took legal action against the U.S.government’s ban and denied having ties to China’s military, as had been previously alleged. As a consequence of this, the U.S. removed its ‘military-linked’ designation and allowed the company to continue trading.
Clearly, Xiaomi is trading legally in Britain, too, although — intriguingly — its privacy policy states that ‘in accordance with .. . requests from . . . government agencies, Xiaomi may need to disclose your personal information [if] the disclosure is necessary or appropriate for national security.’
Xiaomi said it complies with data protection legislation and would not provide ‘local law enforcement’ with data without ‘sufficient legal grounds’.
Quite what these might be remains unclear — and the technology certainly presents every opportunity for surveillance.
In the UK, telecommunications firm Huawei was eventually banned from Britain’s 5G network in 2020, over fears about Huawei spying for the Chinese government
Smart televisions, in particular, pose some of the greatest opportunities for backdoor snooping as many come with inbuilt ‘smart home’ voice-controlled functionality with Amazon’s Alexa and Google Assistant.
They also allow social media access and internet browsing.
Many of the most popular TVs in the UK — which were no doubt bought as presents last Christmas — are ‘Made in China’.
TCL, headquartered in Huizhou, Guangdong Province, makes televisions that Currys sells from £149.Argos and Carphone Warehouse both sell TCL mobile phones from £79.
Many TVs from what shoppers believe are trusted heritage brands are actually Chinese.
Hisense — one of the World Cup sponsors — is an electronics conglomerate headquartered in Qingdao, Shandong Province.
Hisense-branded TVs are sold in Argos, which offers a 32in device complete with ‘voice control’ and ‘internet browser’, while the fashion site Very sells £179 versions with integrated streaming.
The company has acquired the right to make and sell televisions under the Japanese brand names Toshiba and Sharp, although Hisense says that while it heads global production and sales for Toshiba TVs, it manufactures neither Toshiba nor Sharp TVs for the UK market.
For its part, Toshiba says it complies with all data laws, while Sharp declined to comment.
A Hisense spokesman said that ‘Hisense UK is a wholly operated UK subsidiary, running for the last ten years’, that it was fully compliant with data laws, and ‘has not shared any data of its customers with the Chinese central government’.
Yet Hisense UK’s privacy policy says it shares data ‘within the Hisense group’, and its U.S.and Canadian policies state that ‘we may . . . transfer personal information we collect from you to the People’s Republic of China’.
Meanwhile, Haier, headquartered in China’s Shandong province, is one of the world’s largest white goods companies, selling everything from fridges and air conditioners to water purifiers and washing machines.
In 2017, Christopher Moore, a British software engineer, discovered a hidden function in OnePlus smartphone software that harvested data from its device and sent it back to OnePlus
Its products are so popular that in the U.S.it offers a ‘Military Discount Program’ which it says ‘recognises our front-line American heroes who are working around the clock to keep us safe’.
In October, a report by the National Pulse news and investigations website in the U.S.raised concerns that Chinese-made smart televisions ‘in the homes of soldiers, sailors, airmen, marines and their families . . . could be collecting massive amounts of personal and technical data and transmitting it back to CCP affiliates in mainland China’.
Haier declined to comment.
Then there is BBK Electronics, one of the world’s largest electronics manufacturers, headquartered in Guangdong province.Its subsidiary, OnePlus, sells a range of premium smartphones in UK department stores and online.
In 2017, Christopher Moore, a British software engineer, discovered a hidden function in OnePlus software that harvested data from its device and sent it back to OnePlus.
In a distinctive pattern now seen in Chinese-manufactured electronics, Moore found that the discreet data-harvesting function appeared to be have been ‘built into’ the operating system when the device was made.
A OnePlus spokesman said the company had ‘made privacy protection a prerequisite for all products and services we provide’, and that it fully complies with all data protection laws.BBK Electronics declined to comment.
While consumers are dazzled by this influx of cheap new technology, cybersecurity experts are particularly concerned about China’s role in the wider ‘Internet of Things’ (IoT), the vast network of smart devices which connect and share data with one another, processing commands via the internet.
The IoT can hook up devices such as fridges and ovens to the internet.It powers smart doorbells and internet routers, provides information for and about ‘smart’ cars and can remotely operate anything from lighting systems to kitchen devices.
The IoT’s global network also serves most of the world’s major industries, including logistics, agriculture, security, transport, manufacturing and military operations, as well as the supply chains that connect them all.
IoT is thus the ‘central nervous system’ of the global economy, and accessing it could lead to a devastating cyber attack.
At the heart of the IoT is a tiny device called the IoT module, a component responsible for connecting virtually anything to wireless networks.
And just three Chinese companies now control more than 50 per cent of the global markets for IoT modules.
Furthermore, they represent nearly 75 per cent of the connections made by these modules — which, according to analysts, means the West is becoming dangerously dependent on China’s technological capability in this area.
In the UK, telecommunications firm Huawei was eventually banned from Britain’s 5G network in 2020, over fears about Huawei spying for the Chinese government.Huawei said the ban was politically motivated and not based on a fair evaluation of the risks.
The UK, however, has become ever more reliant on Chinese smart technology. And while we look for High Street bargains this year, the danger is that they are primed to work against us for a sinister foreign power.