Published on the 16/02/2023 | Written by Heather Wright
As Australia looks at bans, NZ says ‘we’re good’…
Chinese-made cameras are being removed from Defense Department buildings and MP’s electorate offices in Australia, but New Zealand’s government says it’s confident it has the appropriate controls in place to ensure the technology isn’t misused.
Australia moved last week to remove the devices after an audit found more than 900 pieces of surveillance equipment, including cameras, electronic entry systems, video recorders and intercoms, in use in government and agency offices, had been built by Hikvision and Dahua. A number of defence and military-associated facilities were among those who have the devices in use, along with the Department of Foreign Affairs and Trade.
“The data collected, where it would end up and what else it could be used for would be of great concern to me.”
The Australian government is also considering whether to ban the use of the cameras across all federal agencies.
At issue are security concerns, with Hikvision and Dahua part-owned by the Chinese Communist Party and China’s National Intelligence Law requiring organisations to support intelligence work, forcing companies to hand over material if requested by Beijing.
The same law has sparked concern over TikTok’s data security, with the social media platform admitting last year that staff in China were able to access Australian data. A growing list of Australian government agencies, including the Department of the Prime Minister and Cabinet and the Department of Foreign Affairs and Trade and CSIRO, have banned the app from work devices.
Hikvision and Dahua’s role in perpetuating serious human rights abuses has also seen them facing mounting regulatory pressure. The Washington Post claimed last year Hikvision ‘at the cutting edge of the new totalitarianism’. It claimed the company was ‘about as complicit as it gets’ in the genocide of the Uyghur Muslim minority, ‘with its cameras lining the walls of mosques and detention camps all over the Xinjiang region’.
Geopolitical tensions are further driving increased focus on the security of Chinese made equipment. Australia’s concerns came in the same week that the US Navy shot down a suspected Chinese spy balloon, which had spent days flying across the US, sparking further tensions between the US and China.
In the UK, cameras and technology from Chinese companies including Huawei, Hikvision, ZTE and Hytera Communications, have been banned from use in government buildings over fears device data may be accessed by the Chinese government. In the US too, there’s been a crackdown, with steps taken to ban the import or sale of Chinese telecoms and video surveillance offerings from Hikvision and Dahua, along with Huawei, ZTE and Hytera Communications.
Hikvision has long maintained any security fears around its offerings are unfounded.
The issue flared in Australia following after Shadow Cyber Security Minister James Paterson said his office had uncovered ‘at least 913’ devices across at least 254 sites.
His ‘audit’ followed the inability of the Department of Home Affairs to say how many Hikvision or Dahua surveillance cameras, access control systems and intercoms were installed in Commonwealth departments and agencies, in response to a question from Paterson in September.
“ASIO Director General Mike Burgess has said the data collected by Hikvision and Dahua cameras ‘and where it would end up and what else it could be used for would be of great concern to me and my agency’,” Paterson says. “UK government Biometrics and Surveillance Camera Commissioner Fraser Sampson has labelled these cameras as ‘digital asbestos’.”
Some government agencies and departments, including the National Disability Insurance Agency and the Australian War Memorial, have pledged to remove the devices from their sites.
In an ABC Radio interview Defence Minister Richard Marles said his department was doing an assessment of all technology used for surveillance within the defence department and ‘where those particular cameras are found, they are going to be removed’.
In response to news of the removal of the cameras, Chinese foreign ministry spokesperson Mao Ning said China opposed ‘erroneous practices of over-stretching the concept of national security and abusing state power to discriminate against and suppress Chinese companies’.
“We hope the Australian side will provide a fair, just and non-discriminatory environment for the normal operation of Chinese companies and do more things that could contribute to mutual trust and cooperation between our two countries.”
Those hopes are likely further dashed with News.com.au reporting this week that the Department of Finance has confirmed security equipment from Hikvision and Dahua was installed in the offices of 88 parliamentarians, and that it wrote to affected MPs last year to say it was planning to upgrade security. The Department later updated the figures to 65 offices. Twenty CCTV systems have since been removed, with plans to have all replaced by April. Work to remove the intercom system is still in the scoping stage.
The Kiwi situation
Andrew Little, minister responsible for New Zealand’s GCSB (Government Communications Security Bureau) told iStart this week he’s confident that ‘our controls are appropriate’ when it comes to security concerns over devices such as Hikvision CCTV cameras.
Despite the global controversy, Hikvision cameras remain popular in New Zealand where they are installed in several New Zealand government agencies, including MBIE (the Ministry of Business, Innovation and Employment), school, councils and businesses.
Late last year National MP and co-chair of the Inter-parliamentary Alliance on China, Simon O’Connor, said New Zealand should take a case by case basis on the technology, including taking into account how the technology is used back in China, saying it was ‘both a security and moral issue’.
But Little says no assessment has been done on whether any surveillance technologies from Chinese companies are operating in New Zealand government facilities or any other sensitive facilities, and nor are there any plans to do so.
“The New Zealand Information Security Manual (NZISM) requires all government departments to certify and accredit all new software systems they use,” he says.
“We are confident that our controls are appropriate.”
The NZISM, published by the GCSB, provides mandatory information security advice and guidance for government agencies and departments.
The controls criteria are based on product functionality, including security, and suitability in the first place, Little says.
“The NZISM is product-agnostic, but all government agencies and departments are required to undertake a risk assessment as part of the decision process to purchase and deploy any technology which is operated on their networks.
“Specific product selection is primarily a matter for individual agencies, provided those products meet the guidance and policy requirements of the NZISM and other requirements such as those set out in the overarching New Zealand government Protective Security Requirements,” he adds.
Asked if the changing geopolitical landscape and increasing focus on digital sovereignty necessitate New Zealand relooking at its global purchasing strategies, Little says the government has sought to diversify New Zealand’s supply chains, including through new procurement targets for Māori businesses. Introduced in 2020 that requires government agencies to ensure that at least five percent of relevant contracts awarded are to Māori business – defined as one with at least 50 percent Māori ownership or a Māori Authority.
The Australian government blocked Huawei and ZTE from accessing the national 5G network in 2018 over fears around backdoors into the networks. While New Zealand didn’t ban Huawei from the 5G build an application to build was rejected by the government, based on advice from intelligence agencies. No proof of the backdoors was made public by governments banning the companies.