UK intelligence agencies are pushing for new curbs on local authorities’ use of Chinese “smart cities” technology over concerns Beijing could use it for espionage, surveillance or collection of sensitive data.
It is the second intervention by the security services against Chinese suppliers, following the government’s surprise U-turn last summer banning the use of Huawei kit in 5G telecoms networks.
In the security, defence and diplomatic strategy published this week, Downing Street laid the groundwork for future restrictions, stating the UK would “remain open” to trade and investment from Beijing, but would also protect itself from deals that would have “an adverse effect on prosperity and security”.
Key suppliers include camera maker Hikvision, ecommerce group Alibaba, which supplies cloud services and software, and Huawei, which is involved in UK smart city projects as a supplier of hardware, software and telecoms equipment to companies such as BT.
Critics said China’s approach to smart cities is driven by Beijing’s desire to keep its own citizens under surveillance. In some regions, for example, commuters are charged for their bus ride using facial recognition technology.
The National Cyber Security Centre — a branch of signals intelligence agency GCHQ — and MI5 have both raised concerns about the risks presented by this technology.
The agencies are keen on curbs, potentially through legislation, which would bar certain vendors from bidding or ban management contracts allowing companies to run an entire service on behalf of a local authority, according to several people with knowledge of the discussions.
One of the key threats is misuse of personal data. “Because you’ve got all this population-scale data anonymised in different ways, there’s a risk that someone could recombine them to identify . . . the types of people visiting particular buildings or accessing particular services,” a security official said.
There are wider concerns that Beijing could compel Chinese companies to hand over data gleaned from these contracts, which could then be used for espionage.
If the technology itself is insecure, and vulnerable to hackers, this would pose a different type of threat: information about movements of people around cities could assist in terrorist attack planning.
Many local authorities are pursuing safe smart city projects with UK companies, in areas such as AI-controlled road junctions and digitised parking systems.
But the potential scale of Chinese smart city procurement were highlighted last month, when freedom of information requests obtained by Reuters revealed that at least half of London’s boroughs have bought and deployed surveillance systems made by Chinese suppliers, including Hikvision. The company is one of the Chinese suppliers blacklisted by the US over Beijing’s repression of Uyghur Muslims in China.
Central government currently has no powers to prevent councils from signing up with a specific supplier. The NCSC and the Centre for the Protection of National Infrastructure can advise local authorities about prospective projects, and the cyber security team in the Department for Culture, Media and Sport is also assessing how to provide guidance in this area.
Sam Markey, director of strategic analysis at Connected Places Catapult — a government-backed body that provides advice and research on urban innovation — said the resilience of smart city technology and the privacy of personal data gathered through these services was an “increasingly pressing topic of discussion” among both buyers and suppliers of this technology.
“With local budgets tighter than ever in the wake of Covid-19, the benefits of connected places technologies to local authorities, public transport bodies, and property managers are real and obvious,” he said, adding that smart city technologies have “huge potential” to deliver more personalised local services, drive down costs and reduce carbon emissions, if used safely.
Tom Tugendhat, chair of the House of Commons foreign affairs committee and a China hawk, welcomed the push for tighter controls but suggested government should go further in its clampdown on risky technologies. “Data that shapes our lives isn’t just about smart cities,” he said. “Payment systems, social media and many more services need protection, and that means asking the government to help.”
The government said the security and resilience of 5G and other emerging technologies was a “top priority”, and that it was working with local authorities to provide robust guidance so they can “seize the benefits of these technologies in a safe and secure way”.
Alibaba, Huawei and Hikvision declined to comment.