WSJ OP-ED: "If You Play Videogames, China May Be Spying on You."

Q-BZ

Fully [H]
Joined
Sep 28, 2007
Messages
19,788
https://www.wsj.com/articles/if-you-play-videogames-china-may-be-spying-on-you-11603926979

WSJ OP-ED: "If You Play Videogames, China May Be Spying on You."

By Dave Aitel and Jordan Schneider

Writers' background: Mr. Aitel is a former National Security Agency employee and author of the CyberSecPolitics blog. Mr. Schneider is an adjunct fellow at CNAS and host of the “ChinaTalk” podcast.

Data harvested from game consoles would be far easier to exploit than what TikTok gathers.

Forget WeChat and TikTok. China’s hold on the global videogaming market is the most pressing security vulnerability when it comes to Chinese consumer tech products.

Over the past 10 years, Chinese tech giant Tencent has invested in or outright acquired many of the world’s largest videogame companies, including Activision Blizzard, “League of Legends” maker Riot Games, Epic Games (“Fortnite”), Supercell (“Clash of Clans”) and the communications platform Discord. Americans spend far more time on Chinese-backed videogames than on TikTok and WeChat. While Chinese companies had been content to invest in established Western studios, Chinese developers are now creating enormous hits like “Genshin Impact”—the biggest ever global launch of a Chinese-made title.

Are Chinese videogames really a threat to U.S. national security? Yes—China is already using games to spread its soft power and collect data on U.S. citizens, as the current administration has highlighted. More insidiously, Beijing’s access to millions of gamers’ computers gives its spies an unrivaled opportunity to use games to conduct intelligence operations.

China’s political priorities are already showing up in the content moderation of games it influences. Last year, Blizzard banned a Hong Kong “Hearthstone” player who expressed support for the city’s independence in a postmatch interview. “Genshin Impact” players report that certain political terms have been banned from chat features, including “Hong Kong,” “Taiwan” and “Falun Gong.” More broadly, Chinese law requires Western publishers to form partnerships with Chinese companies like Tencent and NetEase to gain access to China’s large and growing gaming market. The same dynamics pushing Hollywood to hold its tongue on Beijing’s abuses will increasingly affect Western firms hoping to earn money from Chinese gamers.


It may not be long before we see the shutdown of a planned Tiananmen vigil or Free Hong Kong rally being organized on a U.S. server. It’s one thing for Hollywood studios to turn down provocative scripts, but it might boil Americans’ blood to witness China censoring speech in the U.S.

The more direct national-security threat is the access to data China has gained from millions of gaming installs. Data harvested from games could be exploited far more easily than TikTok data. In most cases, gamers playing online must provide their real names, payment information, dates of birth and locations, and they create constant voice samples using in-game chats. In the hands of a Chinese gaming company, it’s reasonable to assume that the data are being stored in China, perhaps in an Alibaba or Tencent cloud service, at the whim of an aggressive Chinese intelligence body.

What might Beijing’s Ministry of State Security do with videogame data? Today, it takes only 10 minutes of audio to create a voice deepfake that might fool your friends and family. This is particularly concerning in light of the likely Chinese hack into the U.S. Office of Personnel Management in 2018, which holds detailed personal information on everyone who has applied for government clearance. The Ministry of State Security could combine those two streams to cross-correlate government officials’ locations every time they play a videogame.

Modern games come with mandatory anticheat software that runs on your computer with the same privileges as your antivirus program. This means it can do anything your computer can do, without being detected. Instead of telling spies to perform risky transfers of sensitive data, a creative Chinese intelligence officer could use this access simply to place whatever files they want to exfiltrate in a folder that a compromised game will upload for them. The possibilities are endless.

These threats draw power from the leverage Beijing holds over Chinese investors. Even though Tencent might prefer not to engage in such activities, private Chinese companies have no way to push back against Beijing’s demands. Chinese regulators have proved willing to take massive bites out of Tencent’s market cap, meaning the company wouldn’t likely ignore the government’s demands. And in its own right, Tencent is a world-class powerhouse when it comes to software vulnerabilities and exploitation.

What’s the solution? It would be overkill for the U.S. to enact an outright ban on any game backed by Chinese investors. A better approach would be to mandate software that would guarantee transparency in videogame data. The U.S. also could require that sensitive data be stored with American cloud providers, or selectively use the Foreign Investment Risk Review Modernization Act to force Tencent and other Chinese gaming companies to divest from games thought to have too broad a reach into sensitive U.S. data. Such measures would help curtail the risk to America in the short term—but they wouldn’t work retroactively. Washington should act as soon as possible to safeguard gaming data.

I think there are some valid concerns cited here going big picture and not just confined to the USA, either. I'll be interested to see people's reaction to this and some of the ideas. I hope it's ok to post this here otherwise I defer to the mods with no hard feeling regardless.
 
The meat of the article is behind a paywall. Hard to say what the point is other than Tencent owns parts of a lot of companies.
 
The meat of the article is behind a paywall. Hard to say what the point is other than Tencent owns parts of a lot of companies.

That's why I quoted the entire article. ;) I used the forum quotation code and if you see my post just click on expand post and it's all there.
 
Yikes, that's some serious fear mongering coming from WSJ. There are definitely concerns to be raised about the huge influence of a country like China having so much access to information about people from a countries that they are on less-than-friendly terms with, but I think this article is taking things a bit far. Gotta love how their solution is basically to give all the information instead to the US government, another entirely untrustworthy entity. For many reasons we seriously need strong data protection and privacy laws in this country but since our government is filled with tech illiterate jackasses who are all paid off by groups that want to keep harvesting data that won't happen.
 
  • Like
Reactions: Q-BZ
like this
Yikes, that's some serious fear mongering coming from WSJ. There are definitely concerns to be raised about the huge influence of a country like China having so much access to information about people from a countries that they are on less-than-friendly terms with, but I think this article is taking things a bit far. Gotta love how their solution is basically to give all the information instead to the US government, another entirely untrustworthy entity. For many reasons we seriously need strong data protection and privacy laws in this country but since our government is filled with tech illiterate jackasses who are all paid off by groups that want to keep harvesting data that won't happen.

Good points. I definitely didn't post this as a "carte blanche co-sign" by any means. I simply thought a few valid points got made in the big picture and after that? Well... people can take it for whatever it's worth. ;)
 
Well they're gonna be pretty chuffed when they realize we're all just looking for new ways to play Skyrim again.
 
Back
Top