Tag Archive for: Strategist special report

DeepSeek is in the driver’s seat. That’s a big security problem

Democratic states have a smart-car problem. For those that don’t act quickly and decisively, it’s about to become a severe national security headache.

Over the past few weeks, about 20 of China’s largest car manufacturers have rushed to sign new strategic partnerships with DeepSeek to integrate its AI technology into their vehicles. This poses immediate security, data and privacy challenges for governments.  While international relations would be easier if it weren’t the case, China’s suite of national security and intelligence laws makes it impossible for Chinese companies to truly protect the data they collect.

China is the world’s largest producer of cars, and is now making good quality, low-cost and tech-heavy vehicles at a pace no country can match. It has also bought European industry stalwarts, including Volvo, MG and Lotus. Through joint ventures, it builds and exports a range of US and European car models back into global markets.

DeepSeek has struck partnerships with many large companies, such as BYD, Great Wall Motor, Chery, SAIC (owner of MG and LDV) and Geely (owner of Volvo and Lotus). In addition, major US, European and Japanese brands, including General Motors, Volkswagen and Nissan, have signed on to integrate DeepSeek via their joint ventures.

Australia is one of the many international markets where Chinese cars have gained enormous traction. More than 210,000 new cars were sold into Australia in 2024, and Chinese brands are set to take almost 20 percent of the market in 2025, up from 1.7 percent in 2019. Part of this new success is due to the government’s financial incentives encouraging Australians to purchase electric vehicles. China now builds about 80 percent of all electric vehicles sold in Australia.

Then, there are global markets where Chinese car brands are not gaining the market share they have in Australia (or in Russia, the Middle East and South America), but where Chinese-made cars are. This is the case in the United States and in Europe, for example. This is because many foreign companies use their joint ventures in China to sell China-made, foreign-branded cars into global markets. Such companies include Volkswagen, Volvo, BMW, Lincoln, Polestar, Hyundai and Kia.

Through its Chinese joint venture, Volkswagen will reportedly partner with DeepSeek. General Motors has also said it will integrate DeepSeek into its next-generation vehicles, including Cadillacs and Buicks. It’s unclear how many such cars may end up in overseas markets this year; that will likely depend on each country’s regulations.

It is not surprising that DeepSeek is a sought-after partner, with companies scrambling to integrate and build off its technology. It also shouldn’t have been a shock to see this AI breakthrough coming out of China—and we should expect a lot more. Chinese companies, universities and scientific institutions made impressive gains over the past two decades across most critical technology areas. Other factors, such as industrial espionage, have also helped.

But widespread integration of Chinese AI systems into products and services carries serious data, privacy, governance, censorship, interference and espionage risks. These risks are unlikely ever to go away, and few government strategies will be able to keep up.

For some nations, especially developing countries, this global integration will be a bit of a non-event. It won’t be seen as a security issue that deserves urgent policy attention above other pressing climate, human security, development and economic challenges.

But for others, it will quickly become a problem—a severe one, given the speed at which this integration could unfold.

Knowing the risks, governments (federal and state), militaries, university groups and companies (such as industrial behemoth Toyota) have moved quickly to ban or limit the use of DeepSeek during work time and via work devices. Regulators, particularly across Europe, are launching official investigations. South Korea has gone further than most and taken it off local app stores after authorities reportedly discovered that DeepSeek was sending South Korean user data to Chinese company ByteDance, whose subsidiaries include including TikTok.

But outside of banning employee use of DeepSeek, the integration of Chinese AI systems and models into data-hungry smart cars has not received due public attention. This quick development will test many governments globally.

Smart cars are packed full of the latest technology and are built to integrate into our personal lives. As users move between work, family and social commitments, they travel with a combination of microphones, cameras, voice recognition technology, radars, GPS trackers and increasingly biometric devices—such as those for fingerprint scanning and facial recognition to track driver behaviour and approve vehicle access. It’s also safe to assume that multiple mobile phones and other smart devices, such as smart watches, are present, some connecting to the car daily.

Then there is the information aspect—a potential influx of new AI assistants who will not always provide drivers with accurate and reliable information. At times, they may censor the truth or provide Chinese Communist Party talking points on major political, economic, security and human rights issues. If such AI models remain unregulated and continue to gain popularity internationally, they will expose future generations to systems that lack information integrity. As China’s internal politics and strategic outlook evolve, the amount of censored and false information provided to users of these systems will likely increase, as it does domestically for Chinese citizens.

Chinese built and maintained AI assistants may soon sit at the heart of a growing number of vehicles driven by politicians, military officers, policymakers, intelligence officials, defence scientists and others who work on sensitive issues. Democratic governments need a realistic and actionable plan to deal with this.

It may be possible to ensure that government-issued devices never connect to Chinese AI systems (although slip-ups can happen when people are busy and rushing), but it’s hard to imagine how users could keep most of their personal data from interacting with such systems. Putting all security obligations on the individual will not be enough.

Australia has been here before. Australia banned ‘high-risk vendors’ in from its 5G telecommunications network in 2018, and the debates leading up to and surrounding that decision taught us how valuable it was for the business community to be given an early and clear decision—something some other countries struggled with. Geostrategic circumstances haven’t improved since Australia banned high-risk vendors from 5G; unfortunately, they’ve worsened.

Australia’s domestic policy settings are also driving consumers towards the very brands that will soon integrate DeepSeek’s technology, which politicians and policymakers have been told not to use. Politicians from all parties test-driving BYD and LDV vehicles highlights that parliamentarians may need greater access to more regular security briefings to ensure they are fully across the risks, with updates provided to them in a timely fashion as and when those risks evolve.

Tackling this latest challenge head-on is a first-order priority that can’t wait until after the 2025 federal election.

Governments must ensure this issue is given immediate attention from their security agencies. This needs to include an in-depth assessment of the risks, as well as a consideration of future challenges. Partners and allies should share their findings with each other. An example of the type of activity that should be incorporated into such an assessment is Australia’s experience in 2017 and 2018 leading up to its 5G decision, when the Australian Signals Directorate conducted technical evaluation and scenario-planning.

There is also a question of choice, or rather lack of it, that needs deeper reflection from governments when it comes to high-risk vendors. Democratic governments should not allow the commercial sector to offer only one product if that product originates from a high-risk vendor. Yet there are major internet providers in Australia which provide only Chinese TP-Link modems for some internet services, and businesses which only sell Hikvision or Dahua surveillance systems (both Chinese companies were added to the US Entity List in 2019 because of their association with human rights abuses and violations).

Not only do the digital rights of consumers have to be better protected; consumers must also be given genuine choices, including the right to not choose high-risk vendors. This is especially important in selecting vendors that will have access to personal data of citizens or connect to national critical infrastructure. Currently, across many countries, those rights are not being adequately protected.

As smart cars integrate AI systems, consumers deserve a choice on the origin of such systems, especially as censorship and information manipulation will be a feature of some products. Governments must also provide a commitment to their citizens that they are only greenlighting AI systems that have met a high standard of data protection, information integrity and privacy safeguards.

Which brings us back to DeepSeek and other AI models that will soon come out of China. If politicians, government officials, companies and universities around the world are being told they cannot use DeepSeek because such use is too high-risk, governments need to ensure they aren’t then forcing their citizens to take on those same risks, simply because they’ve given consumers no other choice.

Defending democracies from disinformation and cyber-enabled foreign interference

The Covid-19 pandemic has caused unique societal stress as governments worldwide and their citizens have struggled to work together to contain the virus and mitigate its economic impact. This has been a trying time for democracies, testing the capacity of democratic governance to mobilise state and citizenry to work together. It has also tested the integrity of open information environments and the ability of these environments to deal with the overlapping challenges of disinformation, misinformation, election interference and cyber-enabled foreign interference.

Covid-19 has spurred the world into a new era of disinformation where we can see the daily erosion of credible information. Individuals, organisations and governments are increasingly fighting for the value of facts. But the global information environment was home to bad-faith actors long before the pandemic hit, from states interfering overseas or misleading their own populations with targeted disinformation to conspiracy groups like QAnon and alt-right extremist groups. Some of these groups have leveraged legitimate public concerns related to the pandemic, vaccine rollouts and issues like data privacy to build new conspiracy theories, and Covid-19 has provided them with a bigger platform to do so.

Relationships between governments and social media platforms are increasingly strained. Divisions are deepening about how to best balance free expression while dealing with the public harms caused by mis- and disinformation and speech that incites violence or hatred, and how to best tackle rapidly emerging issues such as the proliferation of manipulated content and the risks caused by increasingly sophisticated deep-fake technologies that could mislead and erode trust in institutions.

Policymakers are also increasingly frustrated at seeing authoritarian states, particularly China and Russia, leverage US social media networks and search engines to project propaganda and disinformation to an increasingly global audience. This is particularly perplexing, as the Chinese state, for instance, bans these same platforms at home and both limits access to and censors foreign embassy accounts on Chinese social media platforms.

The online ecosystem allows a range of state and non-state actors that are already manipulating the information environment for strategic gain to shift from exploiting the pandemic to disrupting and undermining trust in Covid-19 vaccine rollouts. This shift will only further tear at the already tense relationship between democratic governments and the major technology platforms. Anti-vaccination, conspiracy-infused misinformation disseminated across social media has mobilised public opposition to vaccine programs in several countries.  January’s Capitol Hill riot in Washington demonstrated the potential for online mobilisation to transfer offline and manifest as violent civil unrest.

This is not the public square we want or need, especially as the world seeks to return to some version of normality in 2021.

From elections and state actors to 24/7 cyber-enabled interference

Governments have had more success at raising public awareness about online election interference than other forms of such intrusion. Since the Russian meddling in the 2016 US election, democracies have been concerned that the legitimacy of their mandates could be tarnished through election interference, although this preoccupation has distracted from authoritarian states’ broader efforts to shape the information environment.

ASPI’s research on cyber-enabled interference targeting electoral events has identified two predominant vectors: cyber operations, such as denial-of-service and phishing attacks to disrupt voting infrastructure and/or to target electronic voting; and online information operations that attempt to exploit the digital presence of election campaigns, voters, politicians and journalists. Together, these two attack vectors have been used to seek to influence voters and their turnout at elections, manipulate the information environment and diminish public trust in democratic processes.

ASPI’s research identified 41 elections and seven referendums between January 2010 and October 2020 where cyber-enabled election interference was reported. There has been a significant uptick in this activity since 2017, with Russia the most prolific state actor engaging in online interference, followed by China (whose cyber-enabled election interference activity has increased significantly since 2019), Iran and North Korea.

Following several high-profile incidents of election interference, there is now a proliferation of multi-stakeholder forums designed to coalesce public and policy attention around malign online activity leading up to and during elections. But an exclusive focus on the interference that surrounds elections is problematic. Information operations and disinformation campaigns—that exploit the openness of the information space in democratic societies—are happening every day, across all social media platforms.

In the Philippines, researchers and investigative journalists have repeatedly shown how the Duterte administration has continued to rely on the influence-for-hire market of bloggers, trolls, inauthentic accounts and online influencers to create and promote pro-government content and help distract citizens from issues such as the government’s handling of Covid-19. Social media platforms are showing a growing willingness to publicly attribute such activity. In September, Facebook linked the Philippines’ military and police to the removal of a network of domestically focused fake profiles, consisting of 20 Instagram accounts, 57 Facebook accounts and 31 Facebook pages.

And it’s not just states that spread disinformation. News outlets, fringe media and conspiracy sites—some with significant global reach—are also guilty of deliberately misleading their audiences. For example, in December 2019, Facebook took down more than 800 accounts, pages and groups linked to the conservative, Falun Gong–affiliated Epoch Times for misrepresentation and coordinated inauthentic behaviour.

Governments that shift their attention to these issues only in the lead-up to and during an election miss the bigger strategic picture as malign actors consistently target the fissures of social cohesion in democracies. Some strategic actors have aspirations that are much more global than influencing an individual country’s election outcome. While governments have spent the last few years (re)building their capabilities to counter foreign interference, they are struggling to handle the different set of complicated challenges—from online attribution and enforcement, to protecting citizens from harassment and threats from foreign actors—posed by cyber-enabled foreign interference outside of election time. One issue is that, unlike with traditional foreign interference, the responsibility for action is distributed across the platforms and government agencies. In many countries, unless there’s an election to focus on, government leadership has fallen mainly down the cracks between intelligence, policing and policy agencies.

The Chinese state’s flourishing interference and disinformation efforts

Given authoritarian regimes’ limited capacity to absorb social unrest peacefully, including in cyberspace, the pandemic has threatened stability. The emergence of Covid-19 from Wuhan created the risk of domestic political instability for the Chinese Communist Party. The party-state’s international standing was endangered by the spread of the virus and the resulting global economic disruption.

So how did the CCP respond to this challenge as Covid-19 spread? It threw itself into a battle of information and narratives, much of which played out online and continues to evolve today. At home, it suppressed and censored information about the virus. Open-source researchers and citizen journalists in China who had been collecting and archiving online material at risk from censorship were detained and had their projects shuttered.

China’s censors also sent thousands of confidential directives to media outlets and propaganda workers, curated and amended trending-topics pages, and activated legions of inauthentic online commentators to flood social sites with distracting commentary. One directive from the Cyberspace Administration said the agency should control messages within China and seek to ‘actively influence international opinion’.

The effort to influence international opinion, which remains ongoing, relied on a very different toolkit to the one wielded at home. US social media networks were central, providing the ideal platform for China’s ‘wolf warrior’ diplomats, state media outlets, pro-CCP trolls and influencers, and inauthentic accounts to boost and project the CCP’s narratives, including disinformation about where the virus originated. They also provide the perfect space for this collective of online actors to try to undermine critical reporting from Western media, research institutes and NGOs, and smear and harass researchers and journalists, whose work provided facts and analysis in stark contrast to the propaganda being disseminated globally by the CCP.

The Chinese state’s large-scale pivot to conducting information and disinformation operations on US platforms occurred across 2019 and 2020. As the pandemic spread, the Chinese state found itself ideally positioned to experiment with cross-platform and multi-language information activity that targeted overseas audiences and largely amplified Covid-19-related and political narratives.

But the efforts of the Chinese state lack the sophistication of others that engage in this online behaviour, such as Russia. For example, the Chinese state makes little effort to cultivate and invest in rich, detailed online personas, and it lacks the linguistic and cultural nuance needed to build credible fake influence networks. Despite this, the Chinese state’s information efforts are persistent. While it may have focused on quantity over quality thus far, given the enormous resourcing the CCP can bring to developing this capability, quick improvement can be expected. The Chinese state also brings an alignment in tactics and coordination—among diplomats, state media outlets, co-opted foreign fringe media organisations, and pro-CCP trolls and influencers—that no other state can match.

Stronger defence and models for collaboration

Covid-19 and the CCP’s efforts to control and shape international information flows about the pandemic through online propaganda and disinformation have made clear just how easy it is for malign actors to manipulate open information environments.

Harder choices will have to be made about how to protect our information ecosystems better and how to deter and impose costs on the many malign actors seeking to exploit it. This will require governments to work more closely with the platforms and civil society groups to ‘defend forward’ to counter and disrupt malicious information activity. There is also a lucrative market of influence-for-hire service providers, to which state actors can outsource propaganda distribution and influence campaigns to obfuscate their activities. These commercial actors are increasingly part of the fabric of political campaigning in many countries. However, the lack of transparency around these activities risks corrupting the quality of democracy in the environments in which they operate.

Globalisation and the openness of democracies make these acute challenges, as their openness has left democratic states vulnerable to threats of interference and subversion. Much of the thinking around cyber-enabled foreign interference has been framed by Russian meddling in the 2016 US election, yet other strategic actors are able to exploit disinformation campaigns and information operations in powerful combination with other levers of state power. China, for instance, has interwoven disinformation with its diplomatic and economic coercion of Australia in retaliation for the Australian government’s call for an independent international inquiry into the origins of the Covid-19 pandemic.

Given the cross-cutting nature of this challenge, diplomacy and policy are fundamental to pulling together like-minded countries to engage with and contest cyber-enabled foreign interference and the actors—state and non-state—that spread disinformation for strategic gain. Social media platforms have been a front line on this battlefield, and it is often the platforms that must detect and enforce against state-linked information operations and disinformation campaigns that exploit their users. Yet, the platforms are driven by different motivations from national governments.

Multilateral and multi-stakeholder approaches must be encouraged to facilitate the defence of democracy as a system of governance and values. This is particularly important in the arc of states from Japan down through Southeast Asia to India, many of which have fast-growing economies but fragile democracies, and where the Chinese state’s power projection has the potential to influence a long-term drift away from democratic governance.

There are models for collaboration between states in pushing back against interference. The European Centre of Excellence in Countering Hybrid Threats draws together expertise from across the EU and NATO to facilitate strategic dialogue on responding to hybrid threats, developing best practice, building capacity through training and professional development, and joint exercises. NATO Stratcom is another centre of excellence that combines both strategic and tactical expertise from across the alliance in collective defence against disinformation and information operations.

These models could be replicated through the Quad grouping of Australia, India, Japan and the US. The alignment of interests among these countries could provide an important vehicle for building structures like those that have been trialled elsewhere and offer resilience against cyber-enabled foreign interference. This should include multi-stakeholder 1.5-track engagement that brings together governments, civil society and industry; mitigates against the splintering of economic and national security interests; and drives greater investment in civil society capacity building around detection, strategic communications and digital diplomacy. Social media networks and search engines must do a better job at deterring and punishing actors that actively spread disinformation on their platforms and should audit what they categorise and promote as ‘news’.

Finally, there is strength in democratic collectives. Governments themselves can take steps to mitigate the risks of cyber-enabled foreign interference, but democracies can increase their power by banding together to attribute, raise costs and deter interference by other states. States targeted individually may be reluctant to escalate grey-zone aggression. However, where there’s a collective response, adversaries are likely to recalibrate their behaviour in the face of collective actions like diplomatic measures and economic sanctions.

This is an abridged version of Danielle Cave and Jake Wallis’s essay for the Observer Research Foundation’s 2021 Raisina Dialogue. For the full paper, including detailed policy recommendations, click here.

What satellite imagery reveals about Xinjiang’s ‘re-education’ camps and coerced labour

In September 2018, Australian clothing chain Cotton On sent representatives to Xinjiang in western China to assess a large textile facility in the Korla industrial zone run by the China-based Litai Textile Group. As uncovered by an ABC Four Corners investigation, Cotton On subcontracts Litai Textile to supply it with yarn.

Analysis of open-source data suggests that the factories managed by Litai Textile may be at risk of engaging in labour coercion and unfair labour practices relating to the arbitrary detention of ethnic and religious minorities in Xinjiang.

Chinese government notices regarding Litai Textile–run factories show that the company has been working closely with local government officials in Xinjiang to recruit and train labourers to work in its facilities. These notices appear to refer to the sort of re-education ‘graduation streams’ identified by German academic Adrian Zenz, whereby detainees are integrated into various vocational labour industry streams following their ‘graduation’ from an extended period of political indoctrination and re-education. These labourers may be housed in the factory complex or remain in the re-education camps.

About 6 kilometres from the Litai Textile factory complex lies the ‘Korla Vocational Skills Education Training Centre’—a series of new compounds that appear to include detention facilities and prisons, as well as a ‘re-education’ camp (Figure 1). Satellite evidence reveals that the re-education facility in Korla was largely constructed after the start of Xinjiang’s latest crackdown in early 2017 and consists of several big building wings with varying levels of security.

Since April 2018, fleets of large buses have been regularly present at both locations.

While satellite imagery cannot definitively confirm the movement of people between these facilities, developments like this should act as warning signs for companies doing business in Xinjiang that their supply chains may contain companies that could be associated with unfair or coercive labour practices.

Figure 1: The Korla industrial zone showing the Litai Textile factories and the Korla ‘re-education’ facility, the assumed bus route between them, and observed bus parking sites

Source: Satellite imagery from June 2019, courtesy of Planet Labs.

An estimated 1–1.5 million people from ethnic and religious minorities are currently being arbitrarily detained in a sprawling network of prisons, detention centres and ‘re-education’ camps in Xinjiang. These human rights abuses were called out by 22 nations—including Australia—late last week in a joint statement to the UN Human Rights Council.

The 2018 Cotton On visit to the Litai Textile factory complex occurred when Australian diplomatic staff were refused access to Xinjiang, a situation that remains unchanged today. At least one Australian citizen and around 17 Australian permanent residents are believed to be currently detained in Xinjiang—either held in detention centres, under house arrest or under restricted movement orders that mean they can’t travel to Australia. The entire Uyghur population in Xinjiang is subject to extreme surveillance and restriction of movement—and has been for years—with few having full access to, or use of, their passports.

The situation in Xinjiang is extremely opaque and investigation of what is occurring there is difficult. But collection and analysis of open-source information, including satellite imagery, provide an alternative window into what is happening on the ground.

For example, satellite imagery provides unique insights into the increasingly securitised nature of the region. The Chinese Communist Party has placed strict and coercive controls on individual freedoms, including even the most basic rights to freedom of movement, including for visitors.

In the case of the industrial zone that houses both the Korla training centre and the Litai Textile factories, satellite evidence shows that both have expanded over the past two years. The textile factories expanded rapidly, growing to almost twice their original size during 2018. Those expansions followed other additions in 2017, which included new transport infrastructure including a car park.

The factory expansion coincided with the expansion of the Korla Vocational Skills Education Training Centre (Figure 2). These two separate significant expansions constitute the only major construction in the industrial park since 2017.

Figure 2: Synchronised time lapse of the two facilities between May 2017 and May 2019

Source: Imagery courtesy of Planet Labs.

In mid-2017—while two additional buildings were being added to the Korla training centre—a large car park was built at the centre of the Litai Textile factory complex. The new parking area remained empty for five months after its completion. Then, in April 2018, buses start appearing and can be seen consistently parked in this new area.

Of the 96 commercial satellite images collected and analysed after April 2018, all but one show buses occupying the new, previously empty, car park—during the week and on weekends—at the expanded factory complex.

Buses of similar size, shape and colours are also regularly present in the car park of the Korla training centre. The buses park closest to what is assumed to be the re-education camp component of the facility. In some satellite images, these buses can be seen driving through closed roads within the alleged re-education camp that are blocked off to regular traffic by a checkpoint (Figure 3).

Figure 3: Buses in the Korla industrial zone, 26 August 2018—a bus is parked in an internal parking lot of the re-education camp and a second (red) bus can be seen south of the re-education camp complex on a road blocked to regular traffic

Source: Imagery courtesy of Maxar, via Google.

The satellite evidence on its own is not enough to prove that coerced labour is definitely being used in these factories. The buses at both locations, for example, cannot be definitively linked. Nor can the nature of the labour force used in the factories be ascertained from satellite imagery alone.

However, the dual expansions—along with the sudden and constant appearance of similar coloured buses—at the very least highlight two key new developments on the ground. First, the satellite footage indicates that detainees are regularly being transported into and out of the re-education facilities in which they are detained. Second, the imagery indicates that, since April 2018, buses are moving people into and out of the textile factories—factories that count Australian companies among their client list.

Many Australian companies include Xinjiang in their supply chains, and the Four Corners investigation also looked at the business practices of other Australian companies and multinationals, including Target and IKEA.

Mass human rights abuses in Xinjiang—including coercive labour practices in the region—raise tough questions for Western companies operating there. Beyond the moral and ethical imperatives, several pieces of legislation—including Australia’s Modern Slavery Act 2018—require companies to report on the risk of, and measures to mitigate, the use of forced labour. Cotton On’s modern slavery and transparency statement and ethical sourcing program state that the company is committed to upholding the ‘human rights of all workers’.

Adrian Zenz told the ABC that it will soon become impossible to determine whether products manufactured or sourced in Xinjiang are made with coerced labour.

In response to the Four Corners investigation, Cotton On and Target Australia have said they are now investigating their relationships with suppliers in Xinjiang. Cotton On has stated that it will now undertake an investigation into allegations of coercive labour practices with its Xinjiang-based subcontractors and review the visit by its representatives to the region.

Through the analysis of open-source materials and commercial satellite imagery, it’s possible to detect clear warning signs that subcontractors are potentially at risk of using coerced labour. Regardless of what companies might be told by subcontractors, conducting any business in Xinjiang carries an elevated risk of being party to improper labour practices. All companies that source goods in the region should conduct robust and evidence-focused internal auditing of their supply chains.

Neighbourhood watch keeps an eye to our north

With an estimated two-thirds of women in Papua New Guinea subjected to domestic violence, business, civic and military leaders are working with a formidable Australian couple to deal with a practice that’s devastating the social fabric of a key nation on Australia’s doorstep.

Gender-based violence—being ‘bashed up’—is occurring in crisis proportions and is having a debilitating impact on the population, which flows on through the economy and adds to PNG’s vulnerability.

Last year, the government in Port Moresby released its Papua New Guinea national strategy to prevent and respond to gender-based violence, which says that while clear data on levels of this—violence is scarce, surveys from individual areas came up with proportions such as 65.5%. The government said: ‘It provides evidence to indicate that urgent action is required.’ Many believe the figure of 65.5% is an underestimate.

In the strategy, Prime Minister Peter O’Neill says gender-based violence is a worldwide phenomenon but: ‘This form of human rights violation is occurring at an alarming rate in Papua New ­Guinea.’

He says ‘it must be stopped’ and promises ‘our collective effort will stamp out this epidemic before it is too late’.

Chillingly, the report says: ‘90% of women in prisons in PNG are serving time for murder. They acted in self-defence in response to family violence.’

An earlier government report on prospects for economic development says PNG cannot reach its potential if inequality continues to exist. ‘Victims are not well reported due to cultural issues and fear. There is a need to increase the ­capacity and effectiveness of enforcing agencies and institutions to protect and cater for victims.’

Local business leaders say domestic violence costs them hundreds of millions of dollars a year.

Stephanie Copus-Campbell has been closely involved with PNG for 18 years, first as an Aus­AID official and now as chief executive of an oil industry organisation, Oil Search Foundation, which implements projects in PNG focused on health, education and women’s empowerment.

Approached by local community leaders, she asked Australia’s former sex discrimination commissioner ­Elizabeth Broderick for advice on how to promote change in a distinctly male-dominated society. The local leaders were aware that to effect change they had to involve men as well as women.

The answer, says Broderick, is to harness a high-profile male who had publicly condemned acts of domestic violence in Australia, one of her ‘male champions of change’. An excellent choice, Broderick says, is very close to home: Copus-Campbell’s husband General Angus Campbell, chief of the Australian Defence Force.

Apart from being aware of PNG’s strategic importance, the special forces officer has his own strong interest in helping Australia’s northern neighbour.

He lived in PNG as a child and went back there regularly. He agreed to take part with his wife and Broderick in a leadership forum funded by the Oil Search Foundation to launch a world first private-public program to tackle family and sexual violence.

The forum is part of a broader initiative called Bel isi PNG (A Peaceful PNG), which taps the abundant resources in the business community to prevent domestic violence and improve services for those experiencing it.

Senior PNG military officers quizzed Campbell on the weakening impact domestic violence can have on the culture of a military force and asked him to come back to PNG and talk to the troops about it. Following Campbell’s visit, PNG Defence Force commander Gilbert Toropo, Police commissioner Gary Baki and players from the NRL’s Brisbane Broncos, who have a huge following in PNG, have all committed their support to the Bel isi program. PNG military and police chiefs will join a walk next month to strengthen the message to their own men in uniform that bashing up women has got to stop and it must be taken seriously as a crime.

Port Moresby Governor Powes Parkop is a key driver of change in PNG and he’s initiated 8 kilometre Sunday morning hikes across the city to get the populace healthier and to demonstrate the need for public safety, especially for the hundreds of women and girls who take part.

More often than not, Copus-Campbell is the only expat on these walks but it’s where, she says, ‘the magic happens’ as Papua New Guineans find their own solutions to gender-based violence.

At the leadership forum in Port Moresby, Campbell delivered the same message he’s aimed at perpetrators of domestic violence in Australia, that self-discipline, respect and decent behaviour have to start at home. That domestic violence costs in terms of missed work days, loss of productivity and workplace occupational health and safety concerns. That you don’t want someone flying an aircraft, driving a vehicle, or operating machinery if they’re in serious emotional or physical pain or distracted about whether they’ll be safe when they get home.

As chief of the ADF he was conscious that skills, knowledge, weapons and communication systems made the modern soldier the most lethal ever fielded. That meant that more than ever, perpetrators of family and domestic violence are fundamentally at odds with the meaning and profession of soldiering, Campbell says.

‘When one of my people engages in the illegal and ill-disciplined use of violence at home, in training or on exercise, my confidence in them to execute their duties lawfully and discriminately in circumstances of immense stress on the battlefield is deeply undermined,’ he says.

‘They are not living by Australian Defence Force values: I see cowardice, not courage; comfortable habit, not the initiative to break the cycle. I don’t trust them to respect the innocent, the weak and the wounded, nor to serve the team rather than themselves.

‘This is why family and domestic violence is a war fighting capability and workplace issue.’

Some PNG army officers join Parkop on his walk on the following Sunday and, as they amble along amid a mass of women and girls, they tell Copus-Campbell how inspired they are by what her husband had told them and that they are determined to act on it.

PNG navy captain Philip Polewara tells The Australian he and his fellow officers are grateful that someone as busy as Campbell is willing to come from Australia to talk to them.

He says: ‘Ours is a very masculine society and in many parts of PNG the man is everything. We have to get our men to understand the importance of the role of women, and we appreciate General Campbell and his wife coming to advocate for them.’

Parkop says his goal is to use the capital as a base to change his country. Nearly all of PNG’s 1,000 tribes and 860 languages are represented in the city, which makes it an ideal place to start. The program to end domestic violence is critical to the city and the nation, he says. ‘The biggest challenge is people not respecting themselves. We can build infrastructure, but unless we change attitudes, society will continue to fail.’

Having role models such as Copus-Campbell and Campbell willing to come to PNG is crucial, Parkop says.

‘Stephanie is passionate about PNG and it’s very important for us to hear what Angus is doing for the Australian Defence Force.’

During her time in PNG, Copus-Campbell has been appalled by the impact of extreme ­violence on women and children, and some men.

As the campaign to stop it gathers momentum, there’s been a remarkable response from business leaders who have long wanted to do something but felt the problem was too big to deal with.

Copus-Campbell attributes her own passion about the issue to the emotional stress of seeing many friends and colleagues struggle with it and the increasing burden it has placed on the organisations she’s led. She’s dealt with numerous cases where members of her staff have not come to work for days, or have left work, or have not been able to focus.

A staff member recently missed work for more than a month. When Copus-Campbell was finally able to find her, she discovered the woman had been badly injured in a domestic dispute. She was too ashamed to explain the situation, and had instead stayed home and risked losing her job.

‘As terrible as these stories are, I am excited about how things are slowly starting to shift,’ she says. ‘Thousands of Papua New Guineans are standing up to say enough is enough. They are taking leadership in their families, communities, churches, businesses, government departments and cities to drive change.’

An early experience in PNG that has haunted Copus-Campbell occurred in her first days there when she was in a small hospital in Western Province and met a young mother who had been badly beaten by her husband.

‘She pulled back her shirt and showed me her terrible injuries. She said she came to the hospital because giving birth to her child was the last time she had felt safe.

‘She saw me as this foreign lady, someone with power, someone who could save her. She begged me to help, telling me that if she went home her husband would kill her and her baby.

‘There was nothing I could do. Not a thing. I was in town for a few hours. I knew nothing about the justice system, I had no idea how to engage the police or any other service. Although I spoke with the staff I feared by getting involved I would actually make matters worse. I have no idea what happened to her or her small child. I’ve had to live with this ever since.

‘I could not help her, but I could try to help others. So one way or another I have been committed to doing my bit over the past 18 years.’

The local Bank of South Pacific has donated a building that has become a safe house for victims, and another company, Steamships Trading, has donated an office now being used as a case-management centre. Security company G4S has agreed to send teams, free of charge, to collect victims and transport them to the safe house. Another company is providing cleaning supplies and furniture, and PNG Power is giving free electricity.

The Australian government has provided $4.5 million to support the initiative and the Harold Mitchell Foundation and Newcrest Mines have made donations.

Says Copus-Campbell: ‘I have confronted domestic violence in Alaska, where I grew up, Australia, my home, and PNG, a country I love. I am inspired by the fact so many Papua New Guineans are leading change and I’ve found ways to help them through the private sector.’

Campbell says addressing domestic violence is a shared interest for him and his wife.

‘We both also have a long-term association with PNG. I lived there as a child. Our own children spent their early childhood in Port ­Moresby and I have many longstanding professional relationships with Papua New Guinean military leaders whom I respect.’

The aftermath of a more recent dark event indicates that, albeit slowly, things are changing. A woman working with Copus-Campbell came to her workplace after a vicious assault. ‘She was completely traumatised. But she felt work was a safe space to seek help. I knew exactly how I could help her because Oil Search has just launched a policy that sets out how much leave I could offer, counselling I could pay for and transport I could give her to and from work.

‘I was then able to refer her to the Bel isi PNG case management centre. She sent me a note saying the perpetrator had been apprehended and they were moving to the next steps of prosecution. She told me she could not have gotten that far without the support from work.

‘I recalled again that small steps can lead to nationwide change and that nothing is too hard for a community of people working together.’

Port Moresby-based Serena Sasingian says the efforts of Copus-Campbell and her husband are enormously important to local people because they demonstrate that PNG is not alone in its quest to address gender equality and violence against women.

‘They’re a force for change not only in their own country but in PNG as well,’ Sasingian says.

The African Union headquarters hack and Australia’s 5G network

Last week, Greg Austin wrote in The Strategist that ‘those in Australia advocating for a ban on Huawei in the 5G network—mimicking the opinion of US intelligence chiefs expressed in February 2018—have not reviewed all of the available information and perspectives’. While I don’t agree with the article’s broader argument, Austin was spot-on in one area—we haven’t reviewed all of the available information.

In Addis Ababa, the gleaming 20-storey headquarters of the African Union (AU) rises above the dusty skyline as a testament to the China–Ethiopia and broader China–Africa relationship. The Chinese government, which announced the project in 2006, built and financed the entire US$200 million complex, from the attached 2,500-seat grand conference hall to the office furniture. According to the World Bank, around 12,000 to 15,000 officials and representatives from various entities visit the AU Commission for summits, meetings and other events each year.

In January 2012, the completed building was handed over at a public ceremony. At the opening, Jia Qinglin, then-chairman of the National Committee of the Chinese People’s Political Consultative Conference, delivered a speech in which he said:

The international community should provide support and help to the resolution of African issues. China believes that such help should be based on respect for the will of the African people and should be constructive. It should reinforce, rather than undercut, Africa’s independent efforts to solve problems. Interference in Africa’s internal affairs by outside forces out of selfish motives can only complicate the efforts to resolve issues in Africa.

The AU’s grand and sprawling complex was the focus of intrigue and controversy earlier this year—controversy that sheds light on reported ‘national security concerns’ in Australia about which companies should be involved in our 5G network and other critical infrastructure projects.

In January 2018, France’s Le Monde newspaper published an investigation, based on multiple sources, which found that from January 2012 to January 2017 servers based inside the AU’s headquarters in Addis Ababa were transferring data between 12 midnight and 2  am—every single night—to unknown servers more than 8,000 kilometres away hosted in Shanghai. Following the discovery of what media referred to as ‘data theft’, it was also reported that microphones hidden in desks and walls were detected and removed during a sweep for bugs.

The Chinese government refuted Le Monde’s reporting. Chinese state media outlet CGTN (formerly CCTV) reported that China’s foreign ministry spokesperson called the Le Monde investigation ‘utterly groundless and ridiculous’. China’s ambassador to the AU said it was ‘ridiculous and preposterous’. The BBC also quoted the ambassador as saying that the investigation ‘is not good for the image of the newspaper itself’.

Other media outlets, including the Financial Times, confirmed the data theft in reports published after the Le Monde investigation. It’s also been reported on by think tanks and private consultancies from around the world.

One AU official told the Financial Times that there were ‘many issues with the building that are still being resolved with the Chinese. It’s not just cybersecurity’.

The Le Monde report also said that since the discovery of the data theft, ‘the AU has acquired its own servers and declined China’s offer to configure them’. Other media reports confirmed that servers and equipment were replaced and that following the incident ‘other enhanced security features have also been installed’.

Since the reported theft, the AU Commission has put out a variety of tenders and awarded contracts in relation to the headquarters’ information and communications technology (ICT) infrastructure, including bidding documents for a new WiFi system and a US$85,406 contract for the ‘supply, delivery and installation of firewalls for the AU Commission’.

This week an additional tender was published in relation to the AU’s data centre—the same centre that is referenced in Le Monde’s report. The tender invited organisations to bid for the ‘supply, installation, configuration, testing and implementation of next generation firewall data center for the African Union Commission’ and the bidding document explained that:

African Union’s Data Center is a very critical asset for the African Union. The data stored and systems hosted in this data center need to be protected from any form of internal or external threats and unauthorized access.

What seems to have been entirely missed in the media coverage at the time was the name of the company that served as the key ICT provider inside the AU’s headquarters.

It was Huawei.

The AU Commission signed a contract with Huawei on 4 January 2012. By the time the building hosted its first AU Summit on 29 January 2012, Huawei’s ICT solution—which included computing, storage sharing, WiFi and unified resource allocation services through cloud data centres—was in play. As explained on Huawei’s website:

As a top organization coordinating pan-African political, economic, and military issues, the African Union Commission (AUC) needed a robust information system to support a large number of conferences and the larger amounts of data that they entail. As most of this information is of a confidential nature, legacy PCs were proving too vulnerable to hackers, phishing, viruses, and other forms of compromise.

Huawei provided a range of services to the AU. It provided cloud computing to the AU headquarters and signed a memorandum of understanding with the AU on ICT infrastructure development and cooperation. It also trained batches and batches of the AU Commission’s technical ICT experts.

The main service that Huawei provided to the AU was a ‘desktop cloud solution’. Huawei described the service provision as follows:

The AU needed a robust solution to streamline their conference operations and protect their data from a variety of security threats. They chose Huawei’s FusionCloud Desktop Solution, which offers computing, storage sharing, and resource allocation through cloud data centers.

According to Huawei’s website, part of this solution included providing equipment and resources to the AU’s data centre:

The [Huawei] solution deployed all computing and storage resources in the AU’s central data center where it seamlessly connects to the original IT system. Then, Huawei installed Wi-Fi hotspots and provided the industry’s first Thin Clients (TC) customized with Wi-Fi access …Traditional PC-based architecture exposes data to serious security risks. With Operating Systems (OS) and applications installed on individual machines, data is vulnerable to viruses and plain text transmissions are easier to steal. The FusionCloud solution moves the OS and applications to centralized servers in the AU’s data center to minimize information leakage while TC security measures such as authentication and encryption further secure data.

Huawei’s desktop cloud solution was central to the AU’s cybersecurity and data-protection efforts. Huawei listed ‘better security’ as one of its key benefits. Huawei described the provision of this better security as follows:

Centralized storage in the data center protects data from attack and prevents data leakage from PCs. The system further protects with terminal authentication and encrypted transmission.

But despite the installation and use of Huawei’s ICT services, reputable media outlets reported that the AU’s confidential data wasn’t protected.

There are several possible explanations for why the AU’s confidential data wasn’t protected and safeguarded appropriately from security threats. Let’s say that Huawei was in no way complicit in the alleged data theft. With this option placed to the side, what else is left on the table? There’s the possibility of a (very lengthy) insider threat, for example. There’s also cybersecurity incompetence. Or perhaps the company never discovered the alleged five-year data theft?

Could the reported theft of data have occurred from a set of servers that were outside of Huawei’s purview? While that’s possible, we do know that Huawei ‘deployed all computing and storage resources in the AU’s central data center. Le Monde described the data transfer as occurring from the AU’s servers—servers which were then replaced.

There was also another company that had some involvement in the AU headquarters’ ICT infrastructure: Chinese telecommunications company ZTE. A current bidding document states: ‘New Conference Center (China Building) uses ZTE and HUAWEI technologies.’ There’s little information, in open-source documents at least, about the services ZTE may currently or have previously provided. Nor is there information that suggests it had an overarching role in the provision of ICT services inside the headquarters. Job advertisements for telecommunications engineers inside the AU Commission do cite managing a ‘ZTE integrated business exchange device (IBX)’ as one of the role’s major responsibilities.

So let’s cycle back to the debate on whether Huawei should be allowed to participate in Australia’s 5G network. Let’s say you’re not bothered by the fact that Huawei regularly funds the overseas travel of our politicians (which is within the law). You’re also not convinced by the arguments that Huawei is too great of a technical and cybersecurity risk to our 5G network.

You’ve also decided to dismiss—although I don’t know how—China’s 2017 National Intelligence Law (and other legislation, such as the counterespionage law), which states that ‘all organizations and citizens shall, in accordance with the law, support, cooperate with, and collaborate in national intelligence work, and guard the secrecy of national intelligence work they are aware of’.

Now we have a startling piece of new information to add into the mix. Despite a very public commitment to cybersecurity and the provision of secure data protection, and despite promotional material that boasts of Huawei’s robust and enhanced information security services to the AU—it turns out the AU’s confidential data wasn’t secure at all.

This doesn’t mean the company was complicit in any theft of data from the AU headquarters. But it does mean it must answer some tough questions in relation to this incident. Why? Because it’s hard to see how—given Huawei’s role in providing equipment and key ICT services to the AU building and specifically to the AU’s data centre—the company could have remained completely unaware of the apparent theft of large amounts of data, every day, for five years.

But if in fact Huawei never discovered what appears to be one of the longest-running thefts of confidential government data that we know about, and if it remained completely unaware of this alleged theft for approximately 1,825 days in a row—what are we left with?

A national security concern.