Security concerns about home devices and apps


Imagine if you had to swear loyalty to the Chinese state just to use a bathroom mirror or a light bulb.

There’s a chance you already have but didn’t know it.

Hidden in the terms and conditions of a range of smart devices – everyday devices that can be controlled remotely via the internet – lurk a number of strange terms.

Among them, you agree not to use the device in any act that includes “opposing the fundamental principles determined in the Constitution”.

In another earlier version, this term reads as follows: ‘the PRC [People’s Republic of China] Constitution”.

Another condition you unwittingly agree to when installing the online application that runs the smart device is that you will not use it to “destroy state religious policy and advocate heresy and feudal superstition”.

A total of nine (sometimes 10) terms – virtual verbatim copies of each other – are written in the user agreement or information content standard of companies selling “Internet of Things” (IoT) devices .

This is a huge growing market, with 12 billion IoT connections worldwide and as of 2020.

It is a market dominated by China.

However, a 10-minute online search by RNZ revealed a dozen non-Chinese companies with the same sort of conditions, including a UK company selling a mirror that can talk to you – some of these mirrors have, strangely, a high integrated level. resolution cameras – and a German company that sells lights.

RNZ first found the terms amid the fine print of an app from an Australian company, Mirabella, after a local consumer encountered them.

Mirabella was the only company to respond to RNZ’s questions – to say they had changed the terms.

“The Genio app’s terms of service were recently updated,” its development manager, John Hoang, said in an email.

“Certain terms that were included by the app developers have been removed as inappropriate for Australia and New Zealand,” he said.

Genio controls doorbells, cameras, smart devices and more from a smartphone.

Its previous service agreement for a “Mi-Light smart platform” had, in point two, a condition not to “endanger state security, disclose state secrecy, subvert the power of the ‘State and sabotaging the unity of the State’.

And in point three, it was not about “damaging the honor and advantages of the state”.

Hoang said that the app and its devices and devices are only intended to be used in accordance with the laws of the country where they are used.

The local consumer who sounded the alarm said: “There’s some weird stuff in there,” adding that he was worried if it meant China was breaking into people’s routers or phones.

It’s not uncommon for end-user license agreements (EULAs) such as these to be a playground for businesses.

Apple, for example, had terms prohibiting its iTunes service from being used to make nuclear or biological weapons, while Amazon was fine with its cloud service being used to fight a zombie apocalypse.

But the terms have the force of law.

Twitter used them to ban Donald Trump and dump screeches of QAnon pages

Privacy activists tried to get Americans’ attention years ago, with the Electronic Frontier Foundation warning that the agreements “are efforts to legally bind consumers to a number of terms strict – and yet you never sign your name”.

The new loyalty commitments, in order to operate a light bulb or a smart heat pump, seem to have serious origins.

The wording “PRC” appears in a notice from the United States Securities and Exchange Commission (SEC) regarding Chinese regulations in 2004 to prohibit the registration of any Internet domain name that violates any of nine conditions, which appear in the same order and with mostly the same language as in the promises of smart devices.

The SEC filing refers to not spreading “rumors, disrupting social order, or sabotaging social stability.”

Encouragement of murder or terror, slander and “crudeness” were also not relevant then or now.

There is a notable change between 2004 and 2022: the old terms say it is not “inciting ethnic hatred or discrimination or undermining ethnic unity”, while the terms of 2022 reformulate this as “incitement to national hatred and discrimination and sabotage of national unity”.

New regulations in 2013 extended this stance against prohibited content to Chinese-made smart devices.

Consumer New Zealand was unaware of the terms, but its Australian counterpart, Choice, said it would look into the matter.

China’s unrivaled grip on the IoT market is the subject of serious research and speculation as to how it is also uniquely placed to disrupt it – and not just your kitchen mixer, but the heavy side of the IoT which encompasses water, transport, waste, CCTV, traffic lights and emergency services.

A 2018 report for the US-China Economic and Security Review Commission said that Beijing is funding a lot of research into IoT security vulnerabilities — to protect itself, but also for operation.

“This should be considered ‘dual use’, as such knowledge can directly fuel unauthorized efforts to access, monitor or penetrate IoT devices,” he said.

Just days ago, the head of the UK’s National Cyber ​​Security Center warned that technology was becoming “an attractive target for a range of threat actors… The threat posed by the United States nations is particularly acute”.

Lobbyists and others have used those fears as a rallying cry for the United States and other Western nations to do much more to pave the way for setting international technology standards where China left them. for dead.


About Author

Comments are closed.