Xiaomi announces second opinion on censorship accusations
After the serious accusations made by a Lithuanian cybersecurity agency last week, Xiaomi released a statement on Monday (27) in which it denied the points raised in the report and that it hired an independent audit to investigate the allegations of the Lithuanian National Cyber Security Center (NCSC),
- Xiaomi questions the allegations of the Lithuanian report and claims to have initiated an independent audit;
- The company was accused by the Lithuanian agency of including a tool that could censor content;
- The manufacturer declares that it complies with the provisions of European data protection law (GDPR).
NCSC’s cybersecurity report assessed 5G devices from three Chinese manufacturers – Xiaomi, Huawei and OnePlus – and claims that the Xiaomi Mi 10T 5G device includes a word filter that could be used for censorship in apps, containing terms related to political and social groups.
The NCSC report itself, however, makes it clear that the filter is not activated on models sold in Europe. Xiaomi’s response in turn does not deny the presence of the wordlist – which according to the Lithuanian agency is distributed in a file named “MiAdBlacklistConfig”. But the builder says it uses a term management system that “can be used to protect users from inappropriate content such as pornography, violence, hate speech and references that may be offensive to local users.”
Xiaomi said in the press release that it is seeking independent expertise to refute the points raised by the NCSC, but did not specify when it expects the analysis to be released. In addition, the manufacturer stressed that it complies with the standards for processing personal data in Europe – gathered in the general data protection law (GDPR, or RGPD in Portuguese, equivalent to the Brazilian LGPD).
Full statement issued by Xiaomi
Xiaomi (“we”) is aware of the recently released “Cyber Security Assessment of 5G Compatible Mobile Devices” (“the Report”) by the Lithuanian Information and Security Authority (NCSC).
We take the allegations made in the report seriously. While we question the characterization of some of the findings, we have asked an independent expert to assess the points raised in the report. We believe in the integrity of our products and our company’s compliance practices in Lithuania and across Europe, and we believe that a third party will confirm this to our users and partners.
In particular, Xiaomi wants to address two important points of the report:
1. Alleged censorship
Xiaomi’s products do not limit or filter communications to or from its users. Xiaomi has never restricted or blocked the personal activities of its smartphone users, such as: B. Searching, calling, surfing the Internet or using third-party communications software. The NCSC report does not say so.
The report points out that Xiaomi uses ad management software with limited capacity to manage paid and push ads sent to devices through Xiaomi’s apps, such as Mi Video and Mi Browser.
This can be used to protect users from inappropriate content such as pornography, violence, hate speech, and referrals which may be offensive to local users. This practice is common in the smartphone and internet industries across the world.
We review our advertising management system guidelines from time to time to ensure they meet the needs and expectations of our users.
Xiaomi is committed to acting responsibly and transparently in all countries. We are committed to continuous improvement and innovation and welcome discussions with users, regulators and other stakeholders.
2. Data processing and transmission
The report also wrongly suggests [an inadequate] data processing procedure. In fact, Xiaomi complies with all the requirements of the General Data Protection Regulation [GDPR], including the use, processing and transmission of end user data. Our compliance applies to all systems, applications and services. Any use of personal data requires the valid consent of the end user and is always carried out in accordance with local or regional laws and regulations of the European Union and its member states.
Xiaomi operates in accordance with ISO / IEC 27001 information security management standards and ISO / IEC 27701 privacy information management system. Xiaomi has also received TrustArc corporate privacy certification every year since 2016. This ensures the best possible protection of privacy and security for the end user.
Xiaomi would like to emphasize once again that we are committed to protecting the privacy and security of our users. We work to the highest standards and comply with all local and regional regulations.
please see Article 13: Controversial Content of Facebook Ads Policies, available at https://www.facebook.com/policies/ads/; Google Ads Rules Political Content Clause, available at https://support.google.com/adspolicy/answer/6008942