Huawei supports open innovation to speed up tech development thus delivering high quality tech products into the marketplace
In her State of the European Union speech, European Commission President Ursula von der Leyen delivered a clear-eyed assessment of the European Union’s position within the global digital economy. Alongside predictions of a European “digital decade” shaped by initiatives such as GaiaX, von der Leyen admitted Europe had lost the race on defining the parameters of personalized data, leaving Europeans “dependent on others”, writes Louis Auge.
Despite that straightforward admission, the question remains whether European leaders are willing to mount a consistent defence of their citizens’ data privacy, even as they accept reliance on American and Chinese firms. When it comes to challenging American social media or e-commerce giants like Google, Facebook, and Amazon, Europe has no problem seeing itself as the global regulator.
In facing China, however, the European position often seems weaker, with governments only acting to curb the influence of Chinese technology suppliers such as Huawei under intense US pressure. Indeed, in one key area with serious implications for several economic sectors Commission President von der Leyen cited in her speech – unmanned aerial vehicles, otherwise known as drones – Europe is allowing a single Chinese firm, DJI, to corner the market practically unopposed.
A trend accelerated by the pandemic
Shenzhen Dajiang Innovation Technologies Co. (DJI) is the unquestioned leader of a global drone market predicted to skyrocket to $42.8 billion in 2025; by 2018, DJI already controlled 70% of the market in consumer drones. In Europe, DJI has long been the unmanned aerial vehicle (UAV) supplier of choice for military and civilian government clients. The French military uses “commercial off-the-shelf DJI drones” in combat zones like the Sahel, while British police forces uses DJI drones to search for missing persons and manage major events.
The pandemic kicked that trend into high gear. In European cities including Nice and Brussels, DJI drones equipped with loudspeakers admonished citizens about confinement measures and monitored social distancing. DJI representatives have even tried to convince European governments to use their drones to take body temperatures or transport COVID-19 test samples.
This rapid expansion in the use of DJI drones runs counter to decisions being taken by key allies. In the United States, the Departments of Defense (the Pentagon) and the Interior have banned the use of DJI’s drones in their operations, driven by concerns over data security first uncovered by the US Navy in 2017. In the time since, multiple analyses have identified similar flaws in DJI systems.
In May, River Loop Security analyzed DJI’s Mimo app and found the software not only failed to adhere to basic data security protocols, but also that it sent sensitive data “to servers behind the Great Firewall of China.” Another cybersecurity firm, Synacktiv, released an analysis of DJI’s mobile DJI GO 4 application in July, finding the company’s Android software “makes use of the similar anti-analysis techniques as malware,” in addition to forcibly installing updates or software while circumventing Google’s safeguards. Synacktiv’s results were confirmed by GRIMM, which concluded DJI or Weibo (whose software development kit transmitted user data to servers in China) had “created an effective targeting system” for attackers – or the Chinese government, as US officials fear – to exploit.
To address the potential threat, the Pentagon’s Defense Innovation Unit (DIU) has introduced a small Unmanned Aircraft Systems (sUAS) initiative to procure drones from trusted American and allied manufacturers; France’s Parrot is the only European (and, indeed, non-American) firm currently included. Last week, the Department of the Interior announced it would resume purchasing drones through the DIU sUAS program.
DJI’s security flaws have also sparked concern in Australia. In a consultation paper released last month, the Australian transport and infrastructure department flagged weaknesses in Australia’s defenses against “the malicious use of drones,” finding UAVs could potentially be used to attack the country’s infrastructure or other sensitive targets, or otherwise for purposes of “image and signals gathering” and other types of reconnaissance by hostile actors.
In Europe, on the other hand, neither the European Data Protection Board (EDPB), the German Federal Commissioner for Data Protection and Freedom of Information (BfDI), nor the French National Commission on Informatics and Liberty (CNIL) have taken public action on the potential dangers represented by DJI, even after the company’s products were found forcibly installing software and transferring European user data to Chinese servers without allowing consumers to control or object to those actions. Instead, the use of DJI drones by European military and police forces may appear to offer consumers a tacit endorsement of their security.
Despite an opaque ownership structure, links to Chinese state abound
Suspicions of DJI’s motives are not helped by the opacity of its ownership structure. DJI Company Limited, the holding company for the firm via the Hong Kong-based iFlight Technology Co., is based in the British Virgin Islands, which does not disclose shareholders. DJI’s fundraising rounds nonetheless point to a preponderance of Chinese capital, as well as linkages with China’s most prominent administrative bodies.
In September 2015, for example, New Horizon Capital – cofounded by Wen Yunsong, son of former premier Wen Jiabao – invested $300 million in DJI. That same month, New China Life Insurance, partly owned by China’s State Council, also invested in the firm. In 2018, DJI may have raised up to $1 billion ahead of a supposed public listing, although the identify of those investors remains a mystery.
DJI’s leadership structure also points to links with China’s military establishment. Co-founder Li Zexiang has studied or taught at a number of universities linked to the military, including the Harbin Institute of Technology – one of the ‘Seven Sons of National Defence’ controlled by China’s Ministry of Industry and Information Technology – as well as the National University of Defense Technology (NUDT), directly supervised by the Central Military Commission (CMC). Another executive, Zhu Xiaorui, served as DJI’s head of research and development up until 2013 – and now teaches at the Harbin University of Technology.
These links between DJI’s leadership and China’s military would seem to explain DJI’s prominent role in Beijing’s repression of ethnic minority groups. In December 2017, DJI signed a strategic partnership agreement with the Bureau of Public Security of the Autonomous Region of Xinjiang, outfitting Chinese police units in Xinjiang with drones but also developing specialized software to facilitate missions for the “preservation of social stability.” DJI’s complicity in the campaign of “cultural genocide” against the Uighur population of Xinjiang burst into the headlines last year, when a leaked video – shot by a police-controlled DJI drone – documented a mass transfer of interned Uighurs. The company has also signed agreements with authorities in Tibet.
An inevitable crisis?
While DJI has gone to considerable efforts to counteract the findings of Western governments and researchers, even commissioning a study from consultancy FTI that promotes the security of its new “Local Data Mode” while sidestepping existing flaws, the monopolistic control of this emerging sector by a single firm with links to China’s security establishment and direct involvement in systemic human rights abuses could quickly become a problem for regulators in Brussels and the European capitals.
Given how prevalent drones have become across the wider economy, the security of the data they capture and transmit is a question European leaders will have to address – even if they prefer to ignore it.