February 9, 2023
Almost 1000 Chinese Communist Party-linked surveillance cameras and other recording devices, some banned in the US and Britain, have been installed across Australian government buildings, leading to calls for their urgent removal amid fears data could be fed back to Beijing.
Government departments and agencies have revealed at least 913 cameras, intercoms, electronic entry systems and video recorders developed and manufactured by controversial Chinese companies Hikvision and Dahua are operating across 250 sites, including in buildings occupied by sensitive agencies such as Defence, Foreign Affairs and the Attorney-General’s Department.
Australia’s Five Eyes and AUKUS partners in Washington and London moved together in November to ban or restrict the installation of devices supplied by the two companies, which are both part-owned by the Chinese Communist Party.
The companies are based in Hangzhou, in eastern China, and are among the world’s leading providers of video surveillance technology and artificial intelligence. All companies headquartered in China are subject to the Chinese National Intelligence Law 2017, which requires them to co-operate with Chinese intelligence agencies if requested to hand over data.
Defence Minister Richard Marles has ordered his department to remove Chinese government-linked security cameras from defence premises following The Australian’s revelations.
“We’re doing an assessment of all the technology for surveillance within the defence estate and where those particular cameras are found, they’ll be removed,” Mr Marles told ABC’s RN.
“It’s a significant thing that’s been brought to our attention and we’re going to fix it – it’s obviously been there … for some time and predates us coming into office.”
Claiming the commonwealth was “riddled with CCP spyware’’, the opposition spokesman on cyber security and countering foreign interference, James Paterson, had called on the Albanese government to immediately get rid of the devices.
The majority are surveillance cameras, which Senator Paterson said posed both national security and moral concerns.
Both companies supply technology to enable the mass-surveillance operation through facial-recognition technology that the Chinese government runs against the minority Uighur population in Xinjiang province.
Senator Paterson uncovered the number of devices after conducting a six-month audit of every commonwealth department. He launched the audit after the Department of Home Affairs was unable to advise how many of the devices were installed in government buildings.
“This presents a unique national security risk to Australia. With Hikvision and Dahua devices fitted across the Australian government, including at the heart of our national intelligence community, the companies and their employees may be forced to provide the Chinese government with their 24-hour access to valuable surveillance data,’’ he said.
“Our AUKUS partners and closest security allies, the United States and UK, announced in November that they were banning the devices from all government buildings because of the national security threat that they pose. So far, the Australian government has announced no plan to do so, although some government departments and agencies including the National Disability Insurance Agency and the Australian War Memorial have pledged to remove the devices from their sites.
“We urgently need a plan from the Albanese government to rip every one of these devices out of Australian government departments and agencies.’’
The government did not respond directly to questions about whether it would remove the cameras and other devices from all government buildings, but indicated it may be under review. “The Protective Security Policy Framework requires all commonwealth agencies to manage security threats, risks and vulnerabilities that impact its people, information and assets,’’ said a spokesman for Attorney-General Mark Dreyfus.
“Protective security settings remain under constant review and the government takes the advice of agencies on emerging risks and appropriate mitigation.”
Senator Paterson’s audit found the Department of Climate Change and Energy had 154 of the devices operating across 32 sites, while Treasury had 115 and the Department of Social Services 138. The Department of Prime Minister and Cabinet had none.
Defence said it was aware of “one system at one site’’ which was now being removed, and that it was now looking to see if any other devices were installed.
The Department of Home Affairs said it was aware of two exposures to the devices, where it rented space in multi-tenanted buildings in which the private landlord had installed Dahua closed-circuit television cameras. The buildings are in Canberra and Adelaide.
The systems were not connected to Home Affairs’ operational CCTV network or their internal computer systems. “Building owners have confirmed the cameras are not connected to the internet, and in their current set-up, cannot be connected to the internet,’’ the department said.
The Department of Foreign Affairs and Trade would not say how many Hikvision and Dahua cameras and other devices it had, but revealed they were operational at 28 sites. In a committee hearing last year,
ASIO director-general Mike Burgess said he shared concerns about the Hikvision and Dahua devices.
“There’s nothing wrong with the technology; it’s that the data it collects and where it would end up and what else it could be used for would be of great concern to me and my agency,’’ he said.
ASIO does not have any of the devices installed.
The British government’s Biometrics and Surveillance Camera Commissioner, Fraser Sampson, last year labelled the devices “digital asbestos” after it was discovered more than a third of UK police forces were using cameras from the two companies.
Both companies have strongly denied they pose any security risks and said they had no access to end-users video data.
Hikvision told CNN last year it was “categorically false to represent Hikvision as a threat to national security.’’
Western democracies continue to clamp down on the use of Chinese technology.
Companies including Huawei were banned from involvement in building 5G networks in countries including Australia.
The wildly popular social media platform TikTok, owned by Chinese company ByteDance, has been banned from US government devices, and many schools and universities, amid fears it is harvesting data.
Senator Paterson said it was concerning the Department of Defence was not able to say how many devices were installed at Defence sites, and had pledged to remove any identified as part of a physical assessment now underway. A large number of the devices would have been installed during the nine years of the Coalition government.
“Regardless of when these devices were installed, now that their prevalence has finally come to light through the audit I launched, they must be dealt with and I urge the government to do so,’’ Senator Paterson said.
As well as concerns about data harvesting, a backdoor vulnerability in the Dahua cameras was identified as early as 2019, which could allow hackers to access the devices and use them to listen in to users, even when the audio on the cameras had been disabled. Earlier flaws had been discovered in 2017. The vulnerabilities required patching to block unauthorised access.
Last year, Russian-language hackers advertised for sale on the dark web compromised credentials that would give access to hacked Hikvision cameras and other devices.