Charles Parton

The China threat our politicians don’t seem to have noticed

The China threat our politicians don’t seem to have noticed
Text settings

The Chinese Communist party can congratulate itself on another sign of its rise: for the first time it has become a factor in deciding the fate of British politics. During Monday’s televised leadership debates, Liz Truss and Rishi Sunak tried to appeal to Tory members by outdoing each other on their commitment to protect our national security, economic prosperity, data privacy and values from the CCP.

They both referred to Chinese theft of our science and technology, but the problem is much, much wider than that. What is more serious is our blithe willingness to import Chinese control into the most sensitive areas of our economy and society.

Neither aspiring prime minister mentioned the most crucial area – more crucial than 5G and Huawei. Our politicians have eventually got their minds around the threat in telecoms. They may even have grasped the importance of semiconductors. But they ignore the internet of things (IoT). There is still time to wake up – just.

The IoT is becoming the central nervous system of the global economy. It consists of a vast network of devices connected over wifi or cellular networks. These devices are embedded with sensors, software, processors and communication capabilities. They link up with each other to exchange and process huge amounts of data collected from their environment. They carry out tasks autonomously, at speed, and with limited human engagement. The worry is that in CCP hands these modules would also allow a hostile power to monitor and control the UK’s systems.

At home you will find IoT modules in smart meters, white goods and security cameras (including in your doorbell). They’re also in your car. When you shop or eat out, an IoT module may process your payment data.

Perhaps you do not care who has access to your data. But some people do. Suppose you were a Uighur or an exiled Hong Kong democrat living in Britain. Or perhaps you work in a sensitive government or military position. Would you want the CCP to be able to trace your whereabouts, the people you meet, or even – by applying artificial intelligence algorithms to large amounts of your and others’ data – anticipate who you will meet and where?

But it is outside the home that the threat is greatest. The IoT spans supply chains, manufacturing, agriculture, transport and logistics, urban planning, security and, increasingly, all aspects of human-to-machine and machine-to-machine interactions. It is embedded in our critical national infrastructure, from the military to surveillance cameras, from telecommunications to port operations, from fuel processing and delivery to the provision of electricity and water.

We should hope that Chinese IoT modules would not be allowed inside any of our weapons-manufacturing facilities. But have we considered the intelligence which could be gained from modules embedded in our logistics network?

As anti-tank weapons and missiles are moved around, the transport data and metadata could provide good intelligence on the likely numbers, destinations and reserves of such systems. For example, how many have been shipped to Ukraine? Or in the case of the US: where are its Javelin missiles located and how many have been sold to Taiwan?

Academics define threat as intent plus capability. The CCP has made clear its intent. As General Secretary Xi Jinping said at his first Politburo meeting in January 2013: ‘Chinese socialism must attain the dominant position over western capitalism.’ When he talks of the ‘great rejuvenation of the Chinese people’, translated from party-speak he means China replacing America as the no. 1 superpower and changes to global governance and systems which better suit the People’s Republic. His four main tools for achieving this are an economic ‘sticks and carrots’ diplomacy, massive investment in external propaganda, interference in other countries and domination of the new technologies.

This last is the most potent. The ‘Made in China 2025’ and other industrial policies are backed up by methods fair, but often foul. Subsidy and access to central funding, the hiring and buying of top western brains, espionage and the unauthorised downloading of research in our universities are among the means used. If China can dominate the new technologies and the industries they spawn, it will gain immense economic – and with it geopolitical – power.

When it comes to capability, we could start with the paradox of incapability. Just as with Huawei and 5G, poor design is itself a threat. A GCHQ cell report made clear that the worry with Huawei was bad design: so bad that anyone, not just the Chinese state, stood a good chance of gaining unwarranted access. It is difficult – perhaps deliberately – to know where incompetence ends and malign intent begins. The same applies to Chinese IoT modules. Only last week American security companies had to warn of severe vulnerabilities in Chinese-made IoT GPS trackers for cars and motorcycles that ‘could result in a loss of life’.

Even if a device is clean when installed, over its lifetime of several decades there will be myriad software updates. These may contain malware, and they cannot be adequately monitored.

The coupling of IoT devices and the cloud is a powerful combination. One of the most attractive features of IoT devices is that the enormous amounts of data they gather can be processed at scale, and so can provide detailed and often predictive insights into the processes – or people – being monitored. The information stored in the cloud could be used with hostile Chinese intent. The Chinese firms manufacturing IoT modules are starting to provide services which help companies use their own data. The cheapness is tempting, but storing data in China is madness. Using the cloud in one’s own country or in the United States is more (although not fully) secure. And some organisations will be tempted to use cheaper services in third countries, where China may find it easier to get round security.

Chinese companies may swear that your data stays in your country. But there is scant reason to suppose that they differ from Huawei, which ‘unintentionally’ left access into Vodafone’s systems, or from TikTok, which lied to Congress and to parliament about data going back to China.

A restaurant with the TikTok logo displayed in the window in Beijing (Getty Images)

Ignore their protestations that they are private companies, not state-owned. It is irrelevant. They know – and by now we should know too – that when the CCP asks them to jump, their only response is ‘How high?’ That is what CCP security laws lay down, and no company boss is going to defy them, not if he or she wishes to avoid a corruption charge and a prison sentence.

Chinese producers of IoT modules go under the radar. Yet they are a key part of an ecosystem of Chinese technologies that includes the likes of Hikvision, DJI, ZTE and HiSilicon, as well as Huawei: companies that are subject to export controls in the US because of their roles in helping military modernisation, in building the surveillance and repression systems in Xinjiang and in threatening the security of free and open nations.

Three Chinese companies – Quectel, Fibocom and China Mobile – now control more than 50 per cent of the global markets for IoT modules. More worryingly, they represent nearly 75 per cent of the connections made by these modules. The CCP intention is that they should erode and eventually eradicate western capability in this area.

Dependency is defeat. But the battle is not lost. In the case of Huawei, the only other western choices were Ericsson and Nokia. Fortunately, there are a plethora of western companies producing IoT modules. We have to ensure an unfettered and unthreatening supply chain. That means banning the use of Chinese IoT modules in our countries.

The UK cannot ignore trade and investment with China. The CCP may be a hostile power, but interdependencies mean that we cannot cut them off completely. Just as there are areas where we are happy to co-operate, so there are also areas where national security, human rights or other factors make sharing impossible.

Boris Johnson managed – at the 11th hour and with a little bit of help from the US and clear-sighted backbench MPs – to see sense over Huawei. Judging from Monday night’s debate, our new prime minister will at least recognise the threat from the CCP to our science and technology. Now he or she needs to do more homework. Requesting a briefing on IoT would be a start.

Miss our boat
‘Looks like we’ll miss our boat.’