https://www.wsj.com/articles/if-you-play-videogames-china-may-be-spying-on-you-11603926979
WSJ OP-ED: "If You Play Videogames, China May Be Spying on You."
By Dave Aitel and Jordan Schneider
Writers' background: Mr. Aitel is a former National Security Agency employee and author of the CyberSecPolitics blog. Mr. Schneider is an adjunct fellow at CNAS and host of the “ChinaTalk” podcast.
I think there are some valid concerns cited here going big picture and not just confined to the USA, either. I'll be interested to see people's reaction to this and some of the ideas. I hope it's ok to post this here otherwise I defer to the mods with no hard feeling regardless.
WSJ OP-ED: "If You Play Videogames, China May Be Spying on You."
By Dave Aitel and Jordan Schneider
Writers' background: Mr. Aitel is a former National Security Agency employee and author of the CyberSecPolitics blog. Mr. Schneider is an adjunct fellow at CNAS and host of the “ChinaTalk” podcast.
Data harvested from game consoles would be far easier to exploit than what TikTok gathers.
Forget WeChat and TikTok. China’s hold on the global videogaming market is the most pressing security vulnerability when it comes to Chinese consumer tech products.
Over the past 10 years, Chinese tech giant Tencent has invested in or outright acquired many of the world’s largest videogame companies, including Activision Blizzard, “League of Legends” maker Riot Games, Epic Games (“Fortnite”), Supercell (“Clash of Clans”) and the communications platform Discord. Americans spend far more time on Chinese-backed videogames than on TikTok and WeChat. While Chinese companies had been content to invest in established Western studios, Chinese developers are now creating enormous hits like “Genshin Impact”—the biggest ever global launch of a Chinese-made title.
Are Chinese videogames really a threat to U.S. national security? Yes—China is already using games to spread its soft power and collect data on U.S. citizens, as the current administration has highlighted. More insidiously, Beijing’s access to millions of gamers’ computers gives its spies an unrivaled opportunity to use games to conduct intelligence operations.
China’s political priorities are already showing up in the content moderation of games it influences. Last year, Blizzard banned a Hong Kong “Hearthstone” player who expressed support for the city’s independence in a postmatch interview. “Genshin Impact” players report that certain political terms have been banned from chat features, including “Hong Kong,” “Taiwan” and “Falun Gong.” More broadly, Chinese law requires Western publishers to form partnerships with Chinese companies like Tencent and NetEase to gain access to China’s large and growing gaming market. The same dynamics pushing Hollywood to hold its tongue on Beijing’s abuses will increasingly affect Western firms hoping to earn money from Chinese gamers.
It may not be long before we see the shutdown of a planned Tiananmen vigil or Free Hong Kong rally being organized on a U.S. server. It’s one thing for Hollywood studios to turn down provocative scripts, but it might boil Americans’ blood to witness China censoring speech in the U.S.
The more direct national-security threat is the access to data China has gained from millions of gaming installs. Data harvested from games could be exploited far more easily than TikTok data. In most cases, gamers playing online must provide their real names, payment information, dates of birth and locations, and they create constant voice samples using in-game chats. In the hands of a Chinese gaming company, it’s reasonable to assume that the data are being stored in China, perhaps in an Alibaba or Tencent cloud service, at the whim of an aggressive Chinese intelligence body.
What might Beijing’s Ministry of State Security do with videogame data? Today, it takes only 10 minutes of audio to create a voice deepfake that might fool your friends and family. This is particularly concerning in light of the likely Chinese hack into the U.S. Office of Personnel Management in 2018, which holds detailed personal information on everyone who has applied for government clearance. The Ministry of State Security could combine those two streams to cross-correlate government officials’ locations every time they play a videogame.
Modern games come with mandatory anticheat software that runs on your computer with the same privileges as your antivirus program. This means it can do anything your computer can do, without being detected. Instead of telling spies to perform risky transfers of sensitive data, a creative Chinese intelligence officer could use this access simply to place whatever files they want to exfiltrate in a folder that a compromised game will upload for them. The possibilities are endless.
These threats draw power from the leverage Beijing holds over Chinese investors. Even though Tencent might prefer not to engage in such activities, private Chinese companies have no way to push back against Beijing’s demands. Chinese regulators have proved willing to take massive bites out of Tencent’s market cap, meaning the company wouldn’t likely ignore the government’s demands. And in its own right, Tencent is a world-class powerhouse when it comes to software vulnerabilities and exploitation.
What’s the solution? It would be overkill for the U.S. to enact an outright ban on any game backed by Chinese investors. A better approach would be to mandate software that would guarantee transparency in videogame data. The U.S. also could require that sensitive data be stored with American cloud providers, or selectively use the Foreign Investment Risk Review Modernization Act to force Tencent and other Chinese gaming companies to divest from games thought to have too broad a reach into sensitive U.S. data. Such measures would help curtail the risk to America in the short term—but they wouldn’t work retroactively. Washington should act as soon as possible to safeguard gaming data.
I think there are some valid concerns cited here going big picture and not just confined to the USA, either. I'll be interested to see people's reaction to this and some of the ideas. I hope it's ok to post this here otherwise I defer to the mods with no hard feeling regardless.