Initiated by Lithuanian MEP Rasa Jukneviciene, the letter to European Commission President Ursula von der Leyen and Vice-President of the European Commission Thierry Breton has been signed by over 30 MEPs from different political groups, including Lithuanian representatives Andrius Kubilius, Ausra Maldeikiene and Juozas Olekas.
In the letter, the MEPs are calling on the Commission "to take appropriate action to safeguard the privacy of mobile users and the freedom of the information space in Europe".
Moreover, the letter cites the Lithuania's National Cyber Security Centre's report published in September and highlighting security, privacy and free speech concerns associated with the use of smartphones produced by Chinese manufacturers Xiaomi and Huawei.
"A technical assessment of recent 5G enabled models has revealed features that collect and transfer excessive personal information, expose users to cybersecurity risks and malware and automatically censor downloaded content if it is not in line with Beijing’s policy at home and abroad," the letter reads.
The findings complement prior data that identifies dozens of vulnerabilities across older generation Xiaomi and Huawei devices. In response to the study, Lithuania's Ministry of National Defense has officially called for caution when using Xiaomi and Huawei smartphones analysed in the report, the MEPs' letter says.
It also pays attention to the fact that EU and its member states have already largely acknowledged the cybersecurity and privacy risks associated with China’s investment in critical infrastructure across the EU and in the rollout of 5G technology in particular.
Having carried out an assessment of 5G smartphones made by Chinese manufacturers, Lithuania's National Cyber Security Centre said in late September that the assessment of a Xiaomi device had revealed a technical functionality that could censor the content of downloaded material. Several apps on the smartphone are periodically downloading a list of banned keywords from the manufacturer. If the content the user is downloading contains keywords from the list, it is automatically blocked.
At the time when the investigation was conducted, the list included 449 keywords and keyword combinations in Chinese characters, for example, free Tibet, America’s voice, democratic movement, Long Live Democratic Taiwan, etc.
The investigation also attributed cybersecurity risks to Mi Browser, the web browser on Xiaomi-manufactured cell phones. It uses not only Google Analytics as other browsers but also Chinese Sensor Data, which collects and periodically sends out data on as many as 61 functionalities regarding user activities on the device.
The assessment of a Huawei 5G cell phone found that AppGallery, the official app store installed by the manufacturer, automatically redirects to their-party e-shops if it does not include what the user is looking for. Part of the apps offered in such e-shops are recognized by antivirus programs malware or infected.
Both Chinese companies have rejected the security allegations and vowed to carry out an external investigation.