It's no secret that authoritarian governments (and others) have a tendency to exploit security weaknesses on the internet. It's also no secret that China is a world leader in the field of electronic espionage.
So you could expect that an Olympic app developed in China and recommended for use by all foreign guests could be used not only to trace the paths of possible COVID-19 infections during the upcoming Winter Games in Beijing.
Secret text file
This makes the conclusion of IT forensics experts from the "Citizen Lab" at the University of Toronto that "My2022's security measures are wholly insufficient to prevent sensitive data from being disclosed to unauthorized third parties" all the more serious.
The IT researchers also discovered a text file with more 2,400 terms — including some that are politically sensitive in China, such as "Uyghur" or "Dalai Lama" — included in the app but not yet been activated.
This is proof of what experts have been warning about for a long time: This is not only about medical surveillance, but also about spying on the athletes, their support staff and all other Olympic guests, such as journalists — for political purposes.
Naive, negligent or complicit?
The International Olympic Committee (IOC), as the organizer of the Games, has a duty of care for all competitors. So how does this reflect on it? In the so-called "playbook" for the Beijing Games, the IOC encourages all participants to use My 2022 and assures them that the app complies with "international standards and Chinese law."
Did the IOC really assume that the app would be used exclusively to combat COVID-19? And if IT specialists investigated the app on behalf of the IOC, why didn't they discover these serious security flaws? Could they have tacitly looked the other way in order to avoid any friction with the host of the Games, which happens to be the international power China?
By also doing nothing, one can also make common cause with autocrats.
This opinion piece was translated from German.