Transparency with Chinese Characteristics: Xiaomi’s First Report
Trustee Chair in Chinese Business and Economics > Trustee China Hand
By Scott Kennedy
In June 2021, Chinese smartphone giant Xiaomi released the inaugural edition of its transparency report, meant to explain how the company responds to information requests from governments around the world. According to Xiaomi, the report exemplifies the company’s commitment to “disclosure as a key building block of trust for its consumers.”
Foreign markets have been a key contributor to Xiaomi’s impressive growth in recent years. According to Canalys, in Q2 2021, Xiaomi’s year-on-year global sales increased 83%, raising its worldwide market share to 17%, second behind Samsung (19%) and ahead of Apple (14%). In a February 2020 interview, Shou Zi Chew, then president of Xiaomi International, explained Xiaomi’s overseas expansion strategy: “We need to think like a local, we need to comply with rules like a local and we need to invest like a local.” The company’s new transparency report appears to be the latest application of that strategy.
Since Google pioneered the practice in 2010, some Western technology companies have embraced transparency reporting as a tool for building trust with their customers and the broader public. Companies use the reports to clarify their relationship with governments around the world, detailing how many requests for user information they receive and how they respond to those requests. Based on similarities in style, format, and reporting categories, it appears that Xiaomi modeled its report on those produced by Apple. Xiaomi provides data on worldwide government requests for information on user devices, financial identifiers, and user accounts. The report also provides a breakdown of Chinese government requests by the type of legal process through which the information was requested.
After reviewing Xiaomi’s report and comparing it with others, here is our bottom-line conclusion: The report has significant shortcomings that make it hard to determine whether this represents a genuine effort at transparency or is just a superficial public relations bid; nevertheless, the report is still valuable in providing insights into Xiaomi’s overall approach to managing government requests for user data and its view of how to build trust with both officialdom and consumers.
Comparing Apples to Xiaomis
As far as we know, Xiaomi and Apple are the only smartphone makers in the world that have released transparency reports. Given the similarities in their reporting metrics, it would be useful to compare their reports for 2020 activity side-by-side (see Figure 1), globally and for mainland China. Since Apple has yet to release a transparency report for the second half of 2020, this part of our analysis only compares data from Apple’s H1 2020 report with Xiaomi’s data for all of 2020.
Figure 1: Government Requests to Apple and Xiaomi
In terms of raw numbers, PRC authorities in the Mainland, Hong Kong, and Macau made far more requests for information to Apple in just the first half of 2020 (1,329) than they did to Xiaomi in all of 2020 (172). However, the PRC accounted for just 3.2% of world total requests to Apple, even though Apple’s 2020 Q2 and Q3 financial statements show that the “Greater China” market provided 16% of Apple’s total revenue during the same period. By contrast, Chinese government requests made up 73.8% of all requests to Xiaomi in 2020, outstripping mainland China’s proportional contribution to Xiaomi’s revenue (50.2%). Furthermore, while the data reveal that both companies usually acquiesced to Chinese government requests for user information, Xiaomi stands out for its near total compliance, providing data 94.8% of the time, compared with Apple’s 91.5% compliance rate for the Mainland. Interestingly, Apple’s compliance rate for requests from Hong Kong and Macau was only 31.9% (hence, the total 74.5% rate for the PRC as a whole).
A more detailed comparison reveals that the Mainland Chinese government sought different types of information from the two companies (see Figure 2). Whereas the vast majority of Chinese government requests to Apple were about the device (89.0%), the Chinese government was almost exclusively interested in obtaining user account data from Xiaomi (93.6%). There is no obvious explanation for the huge difference, but according to Apple’s report, the large volume of device requests is the product of their devices being part of “tax and customs investigations.” Another potential source of the difference is that whereas the 3 requests for device information by mainland Chinese authorities touched upon 808 actual Xiaomi devices, the 910 requests made to Apple involved 13,243 actual devices, meaning the gap in government requests between the two phone-makers isn’t as large as some of the request data imply.
Figure 2: Handling Requests from Mainland China
A Broader Comparison
The non-profit group Access Now reports that just under 90 tech companies have issued transparency reports over the past decade. A few things stand out when comparing Xiaomi to some of the larger companies (see Figure 3). Xiaomi reports the smallest number of government requests out of any of the companies; their 233 requests are a blip in comparison to requests made to Facebook, Google, and others. At the same time, Xiaomi faces the highest percent of queries from Chinese authorities of any tech firm. Moreover, Xiaomi is the most compliant vis-à-vis the Chinese government, providing data in almost 95% of cases.
It appears that in general companies tend to be more responsive to requests from their home country governments, possibly because authorities are more adept at tailoring their requests to meet the legal and organizational standards of companies within their own jurisdiction. Each of the US companies listed in Figure 3 complied with a greater proportion of requests from the US government than from the world as a whole in 2020. Still, Xiaomi’s 94.8% compliance rate for Chinese government requests is unusually high, indicating that Xiaomi may be less capable of resisting pressure from Chinese authorities.
Figure 3: Transparency Reports from Several Major Tech Companies (2020)
The Weaknesses of Xiaomi’s Report
Xiaomi deserves some credit for simply issuing a transparency report in the first place. Even if not perfect, such efforts typically improve over time, with more details about various kinds of requests and Xiaomi’s responses. And the report does have some useful information that provides a baseline of understanding.
That said, there are a variety of weaknesses with the report that raise concern. At the broadest level, one wonders whether the 233 requests for data Xiaomi received from governments around the world, including the 172 from China, is absolutely comprehensive, or if these figures leave out broad swaths of queries or investigations. This seems likely given how amazingly low Xiaomi’s numbers are in comparison to that of other companies. One possibility is that national security-related were intentionally left out due to PRC government restrictions. this reflects the intentional lack of inclusion of cases that potentially touch upon national security and that Xiaomi could not report. (Apple reports U.S. government national security requests only within ranges permissible by law pursuant to the USA FREEDOM Act of 2015.) Given the opacity in sensitive areas of Chinese governance, it would not be surprising if we have been given only a partial picture. Another explanation is insufficient coordination across units within Xiaomi, such that not all requests made by authorities in China and elsewhere never actually reached the appropriate unit within the company that could fully handle and respond to these requests – and that is responsible for assembling the data for these reports. One sign that the latter explanation may matter is how few jurisdictions Xiaomi includes in the report. There are data from only 4 countries for two of the categories (device and financial-identifier information) and only two countries for the last category (account information).
Another challenge with Xiaomi’s data is its lack of specificity. For example, whereas Apple breaks down US government requests into six specific judicial process categories (search warrants, wiretap orders, pen register/trap and trace orders, subpoenas, other court orders, and emergency requests), Xiaomi only provides two judicial process categories: investigation orders and other court orders. Similarly, Xiaomi is equally vague about the steps it takes when granting government requests, with none of the details found in Apple reports, including content removal, account preservation/deletion, and private third-parties requests for information. How Xiaomi precisely complies is still a mystery.
Looking ahead, one hopes Xiaomi could address some of these inadequacies, with clarity about the comprehensiveness of their transparency, fuller reporting from more countries where they operate, and greater detail about the kinds of government queries and their responses. On top of all of this, one would hope that Xiaomi would issue future transparency reports not only in English but in Chinese as well. Otherwise, it gives the impression that these efforts are meant for foreign consumption and not the domestic audiences, both the Chinese government or its customers.
Readers Beware
Despite the various challenges we have identified in Xiaomi’s initial report, it may be wise for observers to take all such transparency reports from any company – whether from China, the United States, or elsewhere – with several grains of salt. While transparency reports are better than nothing, and Apple’s report offers a useful model for how Xiaomi can expand its report moving forward, it still is an imperfect model. The raw statistics used in all transparency reports can provide a general picture, but could also be misleading, as quantitative statistics only take you so far. A company may reject 99% of government requests for information, but that says nothing about the requests themselves. And it may be that the 1% that are granted includes highly problematic requests that consumers would find troubling.
In order to provide transparency that is more valuable to the public, companies must go beyond the raw statistics to provide a clearer systematic accounting of their decision-making processes and more information about important cases. Transparency reports should tell us not just how many requests were granted, but why some requests were granted and others rejected. Otherwise, these reports will risk being viewed not as a sincere effort to protect the customers' and companies’ data privacy and security but as part of a broader public relations campaign.
Although Apple is a donor to the Trustee Chair in Chinese Business and Economics, this blog post was made possible by general support to CSIS.
Related Trustee Chair Activity
Blog Post: Seungha Lee, “Coming into Focus: China’s Facial Recognition Regulations,” CSIS, May 4, 2020.
Event: “US-China Tech Competition and Cooperation in the COVID-19 Era,” April 8, 2020.
Report: Scott Kennedy, The Fat Tech Dragon: Benchmarking China’s Innovation Drive, CSIS, August 2017.