- China implemented new regulations on Monday under its toughened counterespionage law, which enables authorities to inspect smartphones, personal computers and other electronic devices, raising fears among expatriates and foreign businesspeople about possible arbitrary enforcement.
- A Japanese travel agency official said the new regulations could further prevent tourists from coming to China. Some Japanese companies have told their employees not to bring smartphones from Japan when they make business trips to the neighboring country, according to officials from the companies.
The new rules, which came into effect one year after the revised anti-espionage law expanded the definition of espionage activities, empower Chinese national security authorities to inspect data, including emails, pictures, and videos stored on electronic devices.
Such inspections can be conducted without warrants in emergencies. If officers are unable to examine electronic devices on-site, they are authorized to have those items brought to designated places, according to the regulations.
It remains unclear what qualifies as emergencies under the new rules. Foreign individuals and businesses are now expected to face increased surveillance by Chinese authorities as a result of these regulations.
A 33-year-old British teacher told Kyodo News at a Beijing airport Monday that she refrains from using smartphones for communications. A Japanese man in his 40s who visited the Chinese capital for a business trip said he will “try to avoid attracting attention” from security authorities in the country.
In June, China’s State Security Ministry said the new regulations will target “individuals and organizations related to spy groups,” and ordinary passengers will not have their smartphones inspected at airports. However, a diplomatic source in Beijing noted that authorities’ explanations have not sufficiently clarified what qualifies as spying activities.
Last week, Taiwan’s Mainland Affairs Council upgraded its travel warning for mainland China, advising against unnecessary trips due to Beijing’s recent tightening of regulations aimed at safeguarding national security.
In May, China implemented a revised law on safeguarding state secrets, which includes measures to enhance the management of secrets at military facilities.
Another reason to not go to China
At some point I’m going to have to because the woman I love is from there. Probably I will need to get a burner phone for the occasion. It does seem like a beautiful country full of interesting culture. Shame about the government though.
Stick close to her and trusted family and friends. Though cash must be accepted legally , its hardly used. Getting a simcard requires registering with your passport now. If you’re okay with that, a cheap burner phone with wechat for payments and comms and standard phone number yo get hold of your family back home. Needless to say you wont be anonymous so my attitude when visiting there was kind of just accept that, and don’t do/say anything stupid. i.e assimilate temporarily with that way of life. All of these concerns are only a small part of life and of course a billion or so people are living with it. You are totally right that the place is full of interesting and amazing history, culture, food and really friendly and hospitable people despite the bs they have to put up with.
Yeah I would definitely just accept that I don’t get to have privacy from government surveillance. That’s why I’d not want to bring any of my personal electronics with me. It may be particularly challenging since I know two of the places my GF really wants to travel to are Tibet and Xinjiang (apparently both are popular tourist destinations), in both of which I understand Western tourists are under a lot of extra scrutiny because they don’t want more documentary crews and journalists getting in and sneaking some footage of the treatment of minorities. I have to be ready to just swallow my pride and appreciate it for what it is.
It really is a beautiful country with a bunch of really beautiful landscapes, but unfortunately due to their government I wouldn’t dare go to it.
Kinda like Florida, beautiful state with a bunch of beautiful beaches and fantastic weather but due to political reasons I wouldn’t dare visit.
Edit: Spleling
Make sure you’re out before Canada gets into another dispute with China and they resort to hostage diplomacy again.
The countryside is beautiful and the rich parts are nice but most of the country is a slum and the vast majority of the people there live in poverty. Check out China Insider on YouTube.
Bringing your real phone instead of a burner phone into the PRC is just asking for your shit to get stolen. I have never brought my real phone into the PRC.
Fair enough, I mean the history is fascinating, some years ago I might have gone, but nowadays…
Love to live in a country where my data is always secure and my government would never try to harvest my data in bulk. Liberty! Whiskey! Sexy! USA! USA!
Ah yes, my country also has serious problems and therefore it is not only relevant but equivalent.
Nonsense. The only problem my country has is the problem created by the evil foreigners who threaten my liberty and security from the other side of the border. We need to be protected from those evil outsiders. Therefore, I will endorse and participate in an even more invasive degree of surveillance and a more draconian degree of policing.
That’s the only way to keep the foreign bodies from infecting me and taking over. And the idea of the foreigners having any amount of power over me is significantly more frightening than the prospect of a domestic administration having unlimited authority to protect me.
I legitimately can’t tell if this is satire or not. I think you’re confusing the USA with a European country that actually has data privacy and consumer protection laws.
Europe has an enormous surveillance state, increasingly modeled (and managed) by Israeli surveillance systems used in Palestine.
Germany, France, the UK, and Spain already have some of the most advanced facial recognition imagine in the world deployed in their surveillance networks.
And the EU just expanded their legal use
Maybe you’re safer from an American tech company. But not from the local police.
The worst that my country wants to do with my data is attempt to sell me shit I don’t want. (OK yeah we have one or two taboos: antisemitism and actual terrorism, but that’s about it.)
In some other countries, drawing parallels with certain emperors and certain A.A.Milne characters could cost me my freedom and possibly my life. Ain’t nothing stopping me standing outside #10 and yelling Rishi is a wanker!
The worst that my country wants to do with my data is attempt to sell me shit I don’t want.
Facial recognition technology and the growing power of artificial intelligence
In some other countries, drawing parallels with certain emperors and certain A.A.Milne characters could cost me my freedom and possibly my life.
Of course. Always in other countries. Never in mine.
Even as far back as 2010 the corpo I worked for had an official travel protocol that dictated backing up Blackberries, factory resetting them, crossing the border, then restoring them from the cloud. That was for crossing any border.
Like even crossing from France to Monaco or Germany or from the usa to Canada?
I’ve personally never done the trip to China for a lot of reasons (you know you are living your best life when a postdoc explains that you should never under any circumstances go to China because of what you have said) but do a lot of foreign travel for work:
No company should let any employee bring corporate electronics on international travel. Have burner phones and laptops that are set up to do incredibly minimal work locally (basically just have the slides… maybe) and to remote in. And work with your IT department to “randomly lock” them if a wrong password is detected in an airport or government facility.
It doesn’t matter if it is the UK asking if we want the left or right hand this time or the CCP: It is just an unnecessary risk that is easily avoided.
And then inform the traveler of whether they want to bring their personal devices or not.
and to remote in.
This is the approach I use with laptops domestically, and I think that there’s something to be said for it. Like, the laptop itself doesn’t store important information. A remote server does. The laptop is just a thin client. If the laptop gets lost or stolen – which I’ve had happen – I revoke the credentials. No important information is lost, and no important information is exposed.
Whole-disk laptop encryption has improved things too from an exposure standpoint (albeit not a loss standpoint), though I don’t use it myself (don’t want to spend any battery life on it). I assume that smartphones have some form of reasonably-secure storage hardware, but I don’t know if it involves encryption.
What I found irritating – and this is years back now – was an employer who didn’t care if I took a laptop in or out or what information I stored on it (as long as it was a work system), but who refused to provide remote access to the network, so I couldn’t just keep the important information on the work network. I mean, I get if they want to have some sort of isolated DMZ and require an externally-accessible server to live there, not provide VPN access in to the general network, but not having the ability to have remote network access to work systems at all is just incredibly obnoxious.
I think that some of it is that Windows is not phenomenal to use remotely. Yeah, there are solutions, but they aren’t great if you’re on a high-latency, low-reliability, or low-bandwidth link. I try to use console Linux for as much of my stuff as possible. That whole ecosystem was designed around thin-client, remote use.
Oh yeah. I DEFINITELY have some horror stories over needing to access GUI apps remotely (my favorite involved a secure tunnel to one facility to then tunnel back to a machine that was literally three doors down from my office…)
But stuff like the web interfaces to ms/google office make the vast majority of this trivial. Since SSH always worked in Windows via (god awful) putty. And increasingly other applications are understanding they need to support server/client setups so you are just connecting over a tunnel rather than using a remote desktop protocol.
putty
I mean, Windows can do the thin client side fine. I’d personally somewhat-prefer to use Linux for that, but that’s not really my sticking point. I’m normally keeping my software, data, stuff like that on the server, and just running two remotely-connected terminals and a web browser on my client. Virtually all the software can run on the server. My problem is Windows on the server side; like, it’s just not reasonable to use a Windows machine remotely via a command-line for anything other than some very basic administrative tasks, and using a GUI remotely once latency goes up or bandwidth down is just painful.
It doesn’t matter if it is the UK asking if we want the left or right hand this time or the CCP
Unfortunately, there’s this baseline understanding of liberal western democracies providing security while eastern fascist dictatorships of the proletariat are looking for people to punish arbitrarily. The tolerance for British mass surveillance (some of the worst in the world) is sky high, simply because they’re doing it the white way.
The CCP are actively engaging in genocide (remember the Uyghurs? Probably shouldn’t if you don’t want to piss off the CCP) and have a long history of “reeducation” camps.
While I have very serious problems with how the majority of western nations handle immigration and human rights violations, that is more along the lines of “oh, please stop isreal. By the way, here are all those bombs you asked for. Don’t use them all on one mosque!” or actively turning people back to be executed in the horror they are running from (although, the US is doing a great job of having some stuff that looks a lot like concentration camps on the Southern border…).
But it is still night and day in terms of horror. The day is pretty shitty but the night… holy fuck.
But also? That doesn’t change anything. It is a nation’s responsibility to engage in basic espionage if only to protect its people’s interests. And governments all have the power to basically shit on a visitor’s human rights so long as they can keep the embassies from finding out. So why take any risks you don’t need to?
The CCP are actively engaging in genocide
It always gets me to see how Americans treated Afghanistan for 23 years, only to find religion when they see China doing the same Radical Islamic Extremism crack downs the Ted Cruz masterbates to in the middle of the night.
Literally right on the other side of the border! Practically the same dudes. And we outright applauded China for helping us with the genocide under Bush, when we were applauding Russia for the same shit in Chechnya no less.
But now we’re out of there, and in between kicking off massive famines and looting their Treasury, we’ve decided to care about Uyghurs now.
But it is still night and day in terms of horror.
More black and white.
It’s not called The China Man’s Burden, ffs. Who do they even think they are?
Anyway, back to explaining to Houthis why we don’t have health care by blowing up another elementary school in Yemen.
That’s just so impractical. The point of business travel is to get something done. For that you need your devices, and access to relevant data and systems.
Setting up a clean device for every trip where you cross a controlled border is such a hassle it wouldn’t really pass in any company. Well with the exception of defense companies, I could understand them being paranoid enough.
Plenty of companies are, rightfully, adopting security models where even domestic workers never have a copy of anything sensitive on a laptop (sometimes even desktop) and rely on corporate servers to do work. Yes, it really fucking sucks during an outage but it avoids the never ending problem of people leaving their laptop at a starbucks. There is absolutely zero reason to not do that on foreign travel.
Also: The point of business travel is to have meetings or collaborations that can’t be done remotely. For the former, you basically just need that set of slides and the ability to fetch a limited subset of other data. For the latter? You are by necessity taking corporate secrets and having a secure connection back home is a bare minimum.
And if your IT department have problems reprovisioning laptops to contain basically a VPN client and a web browser? Then you have even bigger problems. In a semi-competent world, you just reimage a laptop in a closet to the minimum machine that you give to a new hire and then you flag the user’s account for heightened security in whatever VPN setup you have. Because it is REALLY easy to detect if something is connecting from where it shouldn’t be (e.g. Fred is in Canada but suddenly is trying to connect from Australia) or is anywhere near a government facility or airport (… no comment).
As an aside, I’ll point out that I have worked with various government and government adjacent orgs over my years. Their security is complete dogshit next to a decent sized company. Because they are just protecting government secrets and focused on covering their asses. A company is protecting potentially billions of dollars and everyone’s livelihood. Which makes for an environment where you aren’t ten years behind the state of the art because nobody wants to risk jail time (which they would not get if they are acting in good faith…) over approving something as crazy as a VPN.
is such a hassle it wouldn’t really pass in any company
Hate to tell you, this is now the norm. Right now, today, thousands of corporate travelers!
Company creates a travel laptop, perhaps even just a completely empty kiosk laptop. Corporate traveler downloads critical data to the laptop in an enclave (like a presentation). They have a two-factor token with them. If they need to get back to the corporate network for whatever reason, they use remote desktop software and no data is stored on the local device. They’re given policies telling them that if the computer is out of their possession, or view at any time, that the device is not to be used whatsoever afterwards. Contact security and let them deal with it.
When the traveler comes back to the mothership, laptop is checked into IT, it’s completely wiped.
Does remote desktop software suck? Yeah. It’s better than the alternative though
Anybody surprised by this hasn’t passed basic world history yet…
Where do you think Americans learn about non-European countries in World History? History started with the founding of England and ended with WW2. I think we dropped a nuclear bomb on some East Asian country where all the anime comes from. But other than that, who gives a shit about Asia?
