Below is part 11 of a series from a report published by the Friedrich Naumann Foundation for Freedom, launched on November 18 in Harare:
TikTok, WeChat, and Fortnite
China has positioned itself as a global leader in the development and export of video games and applications, which are widely accepted as having surveillance capabilities.
One example that has gained worldwide fame is TikTok, a short video sharing platform and application, developed by the Chinese company ByteDance, which by 2021, just five years after its launch, has ranked as the most visited website in the world, overtaking Google.
Along with its explosive growth have been concerns about user privacy. In June 2020, India banned TikTok and 58 other Chinese-developed apps, citing “concerns that these apps were engaging in activities threatening the national security and defense of India, which ultimately impinge on the sovereignty and integrity of India.”
At the time, India was TikTok’s largest market outside of mainland China. Similarly, in August 2020, US President Donald Trump banned TikTok and WeChat from doing business in the US and with any US-based companies. (Although this ban was overturned in June 2021 by current US President Joe Biden.)
TikTok was recently warned by several EU data protection authorities, that its plans to use large-scale data mining and profiling to serve targeted ads without user consent were violating the EU’s General Data Protection Regulations (GDPR) including data protection in the EU. Ireland’s committee is currently investigating TikTok in connection with the processing of children’s personal data and the transfer of personal data to China.
WeChat is an application developed by the Chinese company Tencent, which seeks to gain traction across the African continent. (It should be noted that these companies are global in terms of their shareholders spread across Europe, America and Africa).
Unlike TikTok, which is mostly seen as an entertainment/entertainment app, WeChat combines a number of functions: instant messaging, money transfer, and prepaid electricity and airtime purchases.
In South Africa, WeChat has partnered with local entities such as Standard Bank to provide mobile money transfer services. By 2015 WeChat had five million registered users in South Africa while WhatsApp had 10 million users.
Digital rights organizations such as Mozilla have raised privacy and security concerns on WeChat.
Chinese video game companies have developed or co-published the world’s dominant online game titles such as FortNite, PUBG, and Call of Duty: Mobile.
Some of these games’ privacy concerns include the use of the real-name policy, which requires online gamers to use their real names on their game profiles. Other privacy concerns stem from Tencent’s announcement in July 2021 that it was integrating facial recognition technology into its games for age verification purposes to ensure compliance with a Chinese government rule about only allowing young gamers to play games for a limited amount of time each day.
The possibility that these apps and games are sending information to Chinese servers, along with the fact that facial recognition technology and other forms of spyware are being delivered to these platforms and games, raises legitimate concerns that these apps and video games may be quietly reused for surveillance of their users, either by companies themselves or at the request of governments.
So far, Chinese companies have built some 186 government buildings across Africa and 14 internal government communications networks, all of which are required by law to assist the Chinese Communist Party in intelligence gathering.
In January 2018, French newspaper Le Monde reported that servers installed by Chinese telecom company Huawei at the headquarters of the African Union (AU) were uploading their content to servers in Shanghai, China.
The Financial Times confirmed Le Monde’s account three days later. The AU building, which was built by the state-owned China State Construction Engineering Corporation, was also found during a search to include listening devices.
Beijing could have digital surveillance on a much larger scale of African government facilities than just the headquarters of the African Union.
Chinese technologies and companies
More than 70% of 4G networks in Africa are built by Huawei, and the company is moving ahead with its plans to build 5G networks on the continent.
Huawei, ZTE and other Chinese telecom companies have built and/or equipped at least 14 government networks, including dedicated military and police communications systems, providing monitoring capabilities that go beyond just communications infrastructure.
Chinese entities, also like Huawei, produce a variety of consumer devices such as mobile phones, portable Wi-Fi devices, laptops, and tablet Wi-Fi routers for the home.
In cases where a Chinese manufacturer builds backdoors or vulnerabilities, which state security agencies might exploit, the diverse products will ensure a wide range of surveillance entry points and methods are available to the state.
In Zambia and Zimbabwe, Huawei and ZTE have played a major role in providing telecom infrastructure. After introducing 3G technology to Zambia in 2009, Huawei was contracted to supply and install mobile phone towers across parts of rural Zambia in 2015.
In 2017, the national data center, funded by Chinese banks and technology and equipment provided by Huawei, was handed over to the Zambia Information and Communications Technology Authority (ZICTA). The total cost of this data center has been estimated at approximately US$75 million.
Huawei and ZTE have also contributed to Zimbabwe’s national telecommunications infrastructure. In 2010, Econet, Zimbabwe’s largest mobile network operator, launched plans to build links for SEACOM and EASSy submarine fiber optic cable systems, along with a 7,500 km fiber network linking all major cities in Zimbabwe.
Huawei was the technical partner and supplier for these contracts. In 2015, Econet Wireless announced a $500 million loan from the China Development Bank and Huawei’s Chinese state-owned competitor in the communications equipment market, ZTE. In 2019, it was reported that Econet was collaborating with ZTE to replace redundant core network components, originally supplied by Ericsson.
In 2015, state-owned mobile network operator NetOne began rolling out an LTE network upgrade led by Huawei, with an estimated value of US$218 million funded through a loan obtained from China’s Exim Bank.
In 2017, NetOne received an additional US$71 million from China Exim Bank to expand Huaweito and upgrade its networks. In 2019, TelOne, the state-owned telecom service provider, commissioned the national fiber optic backbone network, the culmination of a US$23.6 million project funded by the Exim Bank of China and built by TelOne and Huawei.
An indication of the close relations that Zimbabwe and Huawei enjoy is the tax exemption granted to Huawei by the government of Zimbabwe in 2020, applied retroactively from December 2009.
State-owned and private media in both countries (Zimbabwe and Zambia) have reported extensively on various public-private partnerships and other agreements between the governments of the two countries and Huawei or ZTE.
However, there is less transparency about the extent of monitoring that takes place through the use of national communications infrastructure.
There is a lack of public information about the extent of state surveillance in terms of laws that allow surveillance in Zambia and Zimbabwe.
These laws provide no avenue for public scrutiny of, for example, telecom companies reporting on the number of intercept requests they have received from state security or law enforcement entities.
Nor do surveillance laws impose any duty on a state or judiciary to proactively provide information on the number of communications interception orders in place or processing.
Surveillance activities are classified as national security endeavors, and as a result are immune from parliamentary and judicial oversight or oversight.
This sense of autonomy is reinforced by the fact that the security and intelligence services responsible for surveillance are under the direct authority of the office of the president.
Survey respondents cited Huawei and Hikvision as suppliers of security cameras introduced to monitor public places that are crime hotspots, traffic, and country borders.
Huawei has been identified as one of the major suppliers of technology and infrastructure used in national data centers in Zambia and Zimbabwe. In addition, in Zimbabwe, Huawei is believed to play a key role in designing a center for cyber security and monitoring interception of communications.
The lack of appropriate privacy frameworks that enable these technologies to be repurposed is a concern.
In addition to providing equipment for the national telecommunications infrastructures of Zambia and Zimbabwe, Chinese manufactured devices are used by the majority of citizens in both countries.
Another Chinese company, Transsion Holdings, was the leading supplier in 2017 of mobile devices in Africa, overtaking more established brands such as Samsung.
While countries such as Australia, the United Kingdom and Canada ban the use of 5G infrastructure from Chinese sources due to surveillance concerns, African countries, including Zambia and Zimbabwe, are involving Chinese manufacturers in spreading 5G coverage in their countries.
Western governments’ pressure against using Chinese-manufactured 5G equipment is initially based on the belief that companies are subordinate to the Chinese government and tend to force them to include backdoors in hardware and software, to give Beijing remote access.
Second, eavesdropping is a risk, although security experts believe that any eavesdropping efforts will be detected by the host country.
A third concern is the possibility that in the event of a larger geopolitical conflict, Beijing could use its access to degrade or disrupt telecom services running on networks built on 5G technology manufactured in China.
The transition from a paper voter registration system to a biometric voter registration system has provided the governments in Zambia and Zimbabwe with more tools that can be reused for mass or targeted surveillance purposes.
Zambia engaged a German company to register identity cards, and an American company to conduct the biometric voter registration process.
In this case, these were not Chinese service providers but the data collected from these registration exercises will be stored in the national data center, running on equipment from Huawei. In Zimbabwe, the government has engaged Laxton, a Chinese supplier of biometric voter registration. A striking example of how repurposing vital databases can do real harm occurred in Afghanistan when the US military and its allies withdrew from the country in 2021, leaving it in the hands of the Taliban.
The Taliban used biometric databases containing data and information on Afghans who worked with the US military and other foreign entities to track and target them.
Biometric data collected during national and voter registration processes must be protected by legal frameworks to ensure that biometric data is not misused.
Musodza is an ICT expert with over 16 years of experience in digital security, internet governance, and cyber policy work. He holds degrees in computer science and law and postgraduate qualifications in cyber law and digital security. He is a co-founder of the Digital Society of Zimbabwe and the AI Ethical Project for Africa. Hoff is a researcher with ten years of experience in information technology law and policy. He has previously headed digital rights work at the Media Institute of South Africa, Privacy International and Consumer International. Saki is an LLD candidate at the University of the Western Cape researching data protection and privacy frameworks with a focus on Zimbabwe. He currently works for a global charity as a Program Officer focusing on closing civic space (both online and offline), and protecting human rights defenders. Writes in a personal capacity.