The Washington PostDemocracy Dies in Darkness

Opinion Can the Chinese government now get access to your Grindr profile?

China experts and former intelligence officials are raising concerns about user data privacy following the acquisition of Grindr, the world’s largest gay dating application, by a Chinese technology firm. The Chinese government, they say, could be in a position to demand sensitive and embarrassing details on the lives of millions of non-Chinese citizens.

This week, the Kunlun Group completed a full buyout of Grindr, a gay, bi, trans, and queer dating app that claims 3.3 million daily users. The Chinese firm bought 60 percent of the company in Jan. 2016 for $93 million and has now acquired the remaining stake for $152 million, according to stock filings. Grindr announced that Kunlun executives will take over leadership of the company.

That announcement set off alarms among officials and experts that track Chinese intelligence and foreign influence operations in the United States. The Chinese government is sweeping up massive amounts of data on not only its own citizens, but also Americans and others, as part of a unique and well-planned effort to build files on foreigners for intelligence purposes.

“What you can see from Chinese intelligence practices is a clear effort to collect a lot of personal information on a lot of different people, and to build a database of names that’s potentially useful either for influence or for intelligence,” said Peter Mattis, a former U.S. government intelligence analyst and China fellow at the Jamestown Foundation. “Then later, when the party-state comes into contact with someone in the database, there’s now information to be pulled,” he said.

Sometimes, the Chinese government steals the information directly, as it did when hacking the Office of Personnel Management, which gave it highly sensitive details about 21.5 million Americans. But other times, said Mattis, the Chinese government works with Chinese firms abroad or compels them to hand over massive amounts of data illegally.

More and more, the U.S. government is worried about the acquisition of American technology companies by Chinese firms, which are subject to undue influence and control by Beijing. Only last week, the U.S. government rejected a huge Chinese acquisition. The Committee on Foreign Investment in the United States blocked Ant Financial, the investment arm of Alibaba Group, from buying Moneygram, the second-largest financial remittance firm in the United States.

Congress had raised concerns that allowing a Chinese company to own all the data of Americans sending each other money represented a national security issue for the United States. The Trump administration agreed and killed the deal.

This is also not the first time the Kunlun Group’s acquisitions have raised privacy concerns. Only last year, the group’s parent company drastically scaled back its planned acquisition of Opera Software, a Norweigan company, reportedly due to concerns that U.S. regulators would not approve the deal because of risks to users’ privacy.

Grindr’s vice president of marketing, Peter Sloterdyk, told me in a statement that the privacy and security of users’ personal data is a top priority for Grindr, which employs state-of-the-art technical means to protect user data over 190 countries. The company has a long record of working with NGOs around the world to give users extra protection, and Grindr has never disclosed any user data to the Chinese government nor does it intend to do so, he said. Grindr remains a U.S. company governed and protected by the laws of the United States, he said.

The problem is that the exact role Chinese firms have in supplying data to the Chinese government is unclear, said Shanthi Kalathil, director of the International Forum for Democratic Studies at the National Endowment for Democracy. What is assured is that – unlike in a democracy — if the Chinese government demands this kind of data from Chinese companies, the companies have little recourse but to comply.

Under Chinese law, the Chinese government can argue that for “public security” it can compel companies to hand over private information, and it can define “public security” as widely as it wants, she said. Recently, the Chinese government has been increasing its capability to use all types of personal data collected abroad, she added.

“What we need is more clarity on the implications of these sorts of purchases and what it means for non-Chinese citizens,” said Kalathil. “At the very least, if you are thinking about blackmailing individuals or compelling people to act in a certain way, that information is incredibly valuable.”

Grindr’s assurances notwithstanding, due to the opaque nature of the relationship between the Chinese government and its large overseas firms, and what we know about the Chinese strategy to collect data on foreigners, the risk to Grindr users that the Chinese government will know their secrets has just increased.