Last week Reuters reported that the Chinese Ministry of Natural Resources published new rules counteracting espionage.
The rules, effective since publication, demand that automakers and developers of autonomous driving software either apply for a license to collect data or collaborate with a company that holds such a license. The license is need for collecting, storing, transforming, and processing geographic data, which includes “real-time high-precision coordinates, high-definition images and other data support”. According to Reuters, Baidu and Navinfo have already attained their licenses.
The new requirements for licenses follow after a summer where Tesla has been barred from entering the beach resort of Beidaihe, near Beijing. One might wonder if Chinese authorities worry about fashion espionage at the beach resort. It isn’t fashion that is the worry, however, as the resort hosts an annual summer meeting for some of the most powerful Chinese politicians but typically refrains from specifying when. Having American made vehicles recording the surroundings seems to contradict national security, something that has been increasingly important in the context of mounting tensions in the Taiwan Strait.
As China imposes new barriers on automakers for deploying vehicles with sophisticated data collection capabilities there was a leak from one of the tech companies supplying China with facial and number plate recognition. The database at one point held over 800 million records. Neither the database nor the image files were protected by passwords and were accessible from a web browser if you knew what to search for. The leak is the second largest reported from China, only surpassed by the leak of 1 billion records by the Shanghai police station.
Both reported leaks mentioned above are tracible to human error. Someone made the bad decision to store the data on servers run by Alibaba without ensuring that the cloud service would guarantee sufficient security. And someone at Alibaba decided to leave the dashboard for managing the police database open without a password. As if Jack Ma needed more grief with the Chinese authorities!
It seems vital for automakers to get the license. Being in control of every stage in the data management chain is not only a regulatory requirement if a company is to provide vehicles with autonomous features on the Chinese market but also a means to minimise the risk of losing data or information. From a research perspective this seems to be yet another reason for bringing strategic software and digitalization in-house.
Finally, raising suspicions about vehicles used for mass-espionage could backfire. If Chinese authorities are concerned that vehicles could be used by hostile nations to collect sensitive data, what is China’s information and security agencies doing themselves? And not only in China, but whichever market where vehicles with a Chinese ownership are available?
Written by Håkan Burden,
RISE Mobility & Systems