| Recurring |
unknown |
(a) The software failure incident related to the surveillance app compromising tourists' phones has not been reported to have happened again within the same organization or with its products and services. Therefore, there is no information available in the provided article to suggest a similar incident occurring again at one organization.
(b) The software failure incident related to the surveillance app compromising tourists' phones has not been reported to have happened again at other organizations or with their products and services. Therefore, there is no information available in the provided article to suggest a similar incident occurring again at multiple organizations. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the development of the surveillance app used at the border crossing between Xinjiang and Kyrgyzstan. The app, named Fēng cǎi, was designed to extract personal and private information from travellers' devices and search for suspicious files. However, the failure occurred when border officers tasked with installing and operating the app failed to properly uninstall it from some tourists' phones, leading to the discovery of the app's existence on their devices even after they had left the border crossing [86896].
(b) The software failure incident related to the operation phase is evident in the misuse of the surveillance app by border officers. The app required the user to unlock the phone and hand it over for installation and operation by the authorities. However, the failure occurred when officials failed to uninstall the app from some tourists' phones after the inspection was completed. This failure in the operation of properly uninstalling the app led to the discovery of the app's presence on the devices of some travellers even after they had left the border crossing [86896]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in the article is primarily due to contributing factors that originate from within the system. The failure occurred because the border officers tasked with installing the surveillance app on travellers' devices were careless and failed to uninstall the app as required. This led to the app remaining on some tourists' phones, compromising their privacy and allowing the Chinese state to snoop on them [86896]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case can be attributed to non-human actions, specifically the failure of the border officers to properly uninstall the surveillance app from the tourists' phones after extracting information. This failure led to the app remaining on the devices and continuing to operate, compromising the privacy of the travellers [86896].
(b) On the other hand, human actions also played a significant role in this software failure incident. The failure was exacerbated by the carelessness of the border officers who were tasked with removing the app from the tourists' phones but failed to do so effectively. Their negligence in properly uninstalling the app contributed to the continuation of the surveillance activities on the devices [86896]. |
| Dimension (Hardware/Software) |
hardware |
(a) The software failure incident related to hardware:
- The incident involved a surveillance app being installed on travellers' phones by border officers [86896].
- The app required the user to unlock the phone and hand it over for installation and operation [86896].
- The app extracted personal and private information from the traveller's device and searched for suspicious files [86896].
- Information retrieved by the app was sent for storage on a server on the border office's local intranet [86896].
- The app searched the phone against a list of more than 70,000 files to identify suspicious content [86896].
(b) The software failure incident related to software:
- The software, named Fēng cǎi, was not particularly sophisticated in its operation [86896].
- The app was developed in Nanjing by an arm of the Chinese state-affiliated networking company Fiberhome Networks [86896].
- The failure in this incident was not due to a software bug or fault but rather due to the misuse of the software by border officers [86896]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The objective of the software failure incident was malicious, as the surveillance app installed on tourists' phones in China was designed to extract personal and private information from the devices, search for suspicious files, and potentially track travellers via future connections to mobile phone towers [86896]. The app was not uninstalled as intended by border officers, leading to unauthorized data extraction and potential privacy violations. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was poor_decisions. The failure was due to contributing factors introduced by poor decisions made by border officers who were supposed to uninstall the surveillance app from tourists' phones but failed to do so, leading to the discovery of the app's intrusive capabilities [86896]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in Article 86896 can be attributed to development incompetence. The incident occurred due to the border officers' carelessness in not properly uninstalling the surveillance app from tourists' phones after extracting information. This lack of professional competence led to the app remaining on the devices, exposing the techniques used by China to snoop on visitors and the information being harvested from their phones [86896].
(b) Additionally, the failure can also be categorized as accidental. The officials failed to uninstall the app on some tourists' phones, indicating that the incident was not intentional but rather a result of oversight or negligence on the part of the border officers [86896]. |
| Duration |
temporary |
The software failure incident described in the article is more of a temporary nature. The failure occurred due to the contributing factor of officials failing to uninstall the surveillance app from tourists' phones as they were supposed to do during the border crossing process. This failure was not permanent as it was specific to certain circumstances where the officials neglected to follow the correct procedure of uninstalling the app [Article 86896]. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident in the article can be categorized as a crash as the surveillance app installed on the tourists' phones was supposed to be uninstalled by border officers after use. However, officials failed to uninstall the app on some tourists' phones, leading to a situation where the app continued to operate even after the intended use, causing a system crash in terms of losing state and not performing its intended functions [86896].
(b) omission: The software failure incident can also be classified as an omission. The failure occurred due to the omission of the border officers to perform their intended function of uninstalling the surveillance app from the tourists' phones after the inspection was completed. This omission led to the app continuing to operate on some devices, compromising the privacy of the users [86896].
(c) timing: The timing of the software failure incident can be seen in the context of the system performing its intended functions (installing the surveillance app) correctly but at the wrong time. The app was supposed to be installed by border police after the user unlocked the phone and handed it over. However, the failure occurred when the app was not uninstalled at the appropriate time, causing a delay in removing the surveillance software from the devices [86896].
(d) value: The software failure incident can also be attributed to a failure in terms of value. The surveillance app extracted personal and private information from the travellers' devices, including emails, contact numbers, SMS messages, social media account identifiers, and more. This action of extracting and storing sensitive data without consent represents a failure in terms of the system performing its intended functions incorrectly by violating user privacy and security [86896].
(e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure, which involves erroneous behavior with inconsistent responses and interactions. The incident described in the article primarily focuses on the unauthorized extraction of data and the failure to uninstall the surveillance app, rather than displaying inconsistent or conflicting behaviors within the system [86896].
(f) other: The other behavior exhibited in this software failure incident is a violation of user privacy and potential surveillance. The app not only failed to uninstall properly but also harvested sensitive information from the travellers' devices without their knowledge or consent. This behavior goes beyond a simple crash or omission and raises concerns about unauthorized data collection and potential tracking of individuals by the Chinese state [86896]. |