Exposed database reveals depth of Chinese surveillance state – System kept real-time data on more than 2.5 million people in western China

In this Aug. 31, 2018, file photo, policemen patrol past a building's wall mounted with surveillance cameras in Peyzawat, western China's Xinjiang region. The Chinese database Victor Gevers found online was not just a collection of old personal details. The discovery by Gevers, a Dutch cybersecurity researcher who revealed it on Twitter last week, has given a rare glimpse into China’s extensive surveillance of Xinjiang, a remote region home to an ethnic minority population that is largely Muslim. The area has been blanketed with police checkpoints and security cameras that apparently are doing more than just recording what happens. The database Gevers found appears to have been recording people’s movements tracked by facial recognition technology, he said, logging more than 6.7 million coordinates in a span of 24 hours. (AP Photo/Ng Han Guan, File)

By YANAN WANG and DAKE KANG,  Associated Press  BEIJING (AP) 02/19 — The Chinese database Victor Gevers found online was not just a collection of old personal details.

It was a compilation of real-time data on more than 2.5 million people in western China, updated constantly with GPS coordinates of their precise whereabouts. Alongside their names, birthdates and places of employment, there were notes on the places that they had most recently visited — mosque, hotel, restaurant.

The discovery by Gevers, a Dutch cybersecurity researcher who revealed it on Twitter last week, has given a rare glimpse into China’s extensive surveillance of Xinjiang, a remote region home to an ethnic minority population that is largely Muslim. The area has been blanketed with police checkpoints and security cameras that apparently are doing more than just recording what happens.

The was a compilation of real-time data on more than 2.5 million people in western China technology, he said, logging more than 6.7 million coordinates in a span of 24 hours.

It illustrates how far China has taken facial recognition — in ways that would raise alarm about privacy concerns in many other countries — and serves as a reminder of how easily technology companies can leave supposedly private records exposed to global snoopers.

In this Nov. 5, 2017, file photo, residents pass by a security checkpoint and surveillance cameras mounted on a street in Kashgar in western China’s Xinjiang region. The Chinese database Victor Gevers found online was not just a collection of old personal details. The discovery by Gevers, a Dutch cybersecurity researcher who revealed it on Twitter last week, has given a rare glimpse into China’s extensive surveillance of Xinjiang, a remote region home to an ethnic minority population that is largely Muslim. The area has been blanketed with police checkpoints and security cameras that apparently are doing more than just recording what happens. The database Gevers found appears to have been recording people’s movements tracked by facial recognition technology, he said, logging more than 6.7 million coordinates in a span of 24 hours. (AP Photo/Ng Han Guan, File)

 

Gevers found that SenseNets, a Chinese facial recognition company, had left the database unprotected for months, exposing people’s addresses, government ID numbers and more. After Gevers informed SenseNets of the leak, he said, the database became inaccessible.

“This system was open to the entire world, and anyone had full access to the data,” said Gevers, noting that a system designed to maintain control over individuals could have been “corrupted by a 12-year-old.”

He said it included the coordinates of places where the individuals had recently been spotted by “trackers” — likely to be surveillance cameras. The stream indicated that the data is constantly being updated with information on people’s whereabouts, he said in an interview over a messaging app.

Gevers posted a graph online showing that 54.9 percent of the individuals in the database were identified as Han Chinese, the country’s ethnic majority, while 28.3 percent were Uighur and 8.3 percent were Kazakh, both Muslim ethnic minority groups.

A person who answered the phone at SenseNets declined a request for comment. The Xinjiang regional government did not respond to faxed questions.

Xinjiang, which borders central Asia in China’s far west, has been subject to severe security measures in recent years as part of what the government says has been a successful program to quash extremist and separatist movements.

The U.S. and other countries have condemned the crackdown, in which an estimated 1 million Uighurs, Kazakhs and other Muslim minorities have been detained in internment camps that the government says are vocational training centers designed to rid the region of latent extremism.

Gulzia, an ethnic Kazakh woman who didn’t want her last name used out of fear of retribution, said that cameras were being installed everywhere, even in cemeteries, in late 2017. Now living across the border in Kazakhstan, she told The Associated Press by phone on Monday that she had been confined to house arrest in China and taken to a police station, where they photographed her face and eyes and collected samples of her voice and fingerprints.

“This can be used instead of your ID card to identify you in the future,” she said they told her. “Even if you get into an accident abroad, we’ll recognize you.”

In this Aug. 31, 2018, file photo, children play outside the entrance to a school ringed with barbed wire, barricades and surveillance cameras near a sign which reads: “Please use the nation’s common language” indicating the use of Mandarin in Peyzawat, western China’s Xinjiang region. The Chinese database Victor Gevers found online was not just a collection of old personal details. The discovery by Gevers, a Dutch cybersecurity researcher who revealed it on Twitter last week, has given a rare glimpse into China’s extensive surveillance of Xinjiang, a remote region home to an ethnic minority population that is largely Muslim. The area has been blanketed with police checkpoints and security cameras that apparently are doing more than just recording what happens. The database Gevers found appears to have been recording people’s movements tracked by facial recognition technology, he said, logging more than 6.7 million coordinates in a span of 24 hours. (AP Photo/Ng Han Guan, File)

 

The security clampdown is far heavier in Xinjiang than in most parts of China, though outside analysts and human rights activists have expressed concern that Xinjiang may be a testing ground for techniques that may be creeping into other parts of the country.

Joseph Atick, a pioneer in facial recognition technology, said that facial recognition products can use algorithms to recognize and track people in a crowd, but that privacy regulations in Europe, for example, make it much harder to launch a wide-scale application such as that of SenseNet.

“The technology around the world is becoming uniform and it is just the political climate that is different and leads to different applications,” he said.

According to a company registry, SenseNets was founded in the southern China city of Shenzhen in 2015 and is majority-owned by Beijing-based NetPosa, a technology company specializing in video surveillance. SenseNets’ website showcases partnerships with police forces in Jiangsu and Sichuan provinces and the city of Shanghai.

A promotional video boasts about SenseNets’ capacity to use facial and body recognition to track individuals’ precise movements and identify them even in a crowded or chaotic setting. Another video on its website shows surveillance cameras zeroing in on the path of a runaway prisoner who ends up in an ailing relative’s hospital room.

NetPosa’s website says it has offices in Boston and Santa Clara, California. The website of NetPosa’s U.S. subsidiary touts its products’ use in urban anti-terrorism.

In recent years, NetPosa has been buying stakes in American surveillance startups such as Knightscope, a security robot maker. In 2017, NetPosa tried to buy the now-bankrupt California surveillance camera maker Arecont, but later backed out, court records show.

In 2010 U.S. chip maker Intel announced a strategic partnership with NetPosa and an Intel subsidiary bought a stake in the company, but NetPosa said in 2015 that Intel had notified the Chinese company of its intent to divest its 4.4 percent stake by 2016.

Gevers said his discovery of the database presented an ethical dilemma. He is the co-founder of GDI Foundation, a Netherlands-based nonprofit that finds and informs entities of online security issues. He has become well-known in recent years for helping to uncover similarly exposed information on databases built with the open source MongoDB database program and left unsecured by their administrators.

GDI generally reports such discoveries to the entity that holds the information. Part of its mission is to remain neutral and not engage in political controversies.

Hours after he revealed his findings on Twitter, Gevers said, he learned that the system might be used to surveil Xinjiang’s Muslim minority groups.

He said that made him “very angry.”

“I could have destroyed that database with one command,” he said. “But I choose not to play judge and executioner because it is not my place to do so.”

 

https://www.apnews.com/6753f428edfd439ba4b29c71941f52bb

Copyright 2018 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

 

Posted in: Civil Rights, Intelligence Agencies, International Policing, Police Equipment/Technology, Surveillance, Surveillance State

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − eleven =

Terms of Use for Posting Comments

Terms of Use

This site (the “Site”) is operated and maintained by Law Enforcement Education Foundation, Corporation (“Company”). Throughout the Site, the terms “we”, “us” and “our” refer to Company.  The words “user,” “you” and “your” as used herein refer to you.

Please read these terms and conditions of use (“Terms of Use”) carefully before contributing content. If you do not agree to these Terms of Use, please do not contribute content. Your use of the Site is subject to the Terms and Conditions found here .

By contributing content to the Site, you represent and warrant that you are at least eighteen (18) years old and that you have read and understand these Terms of Use and any amendments thereto and agree to be bound by them. If you are not at least eighteen (18) years old or you do not agree and accept these Terms of Use, you are prohibited from contributing content.

From time to time, we may permit users to submit content to the Site.  You hereby acknowledge and agree that by submitting remarks, comments, suggestions, ideas, graphics, feedback, edits, concepts, comments, photographs, illustrations and other materials (other than personal information and/or registration information) through the Site (individually and collectively, “Submissions”), you (i) grant us a nonexclusive, royalty-free, perpetual, transferable, irrevocable and fully sub-licensable right to use, reproduce, modify, adapt, translate, distribute, publish, create derivative works from and publicly display and perform such Submissions throughout the world in any media, now known or hereafter created, without attribution to you; (ii) grant us the right to pursue at law any person or entity that violates your and/or our rights in your Submissions; and (iii) forever waive any and all of your rights, including but not limited to moral rights, if any, in and to your Submissions, including, without limitation, any all rights or requirements of attribution or identification of you as the author of the Submission or any derivative thereof.  We reserve the right to remove any of your Submissions from the Site, in whole or in part, without notice to you, for any reason or no reason.

Submissions are made voluntarily. Any submissions which include personally identifiable information are subject to our Privacy Policy found here .  You may not upload or otherwise publish content on the Site that (i) is confidential to you or any third party; (ii) is untrue, inaccurate, false or other than an original work of your authorship; (iii) that relates to or impersonates any other person; (iv) violates the copyright, trademark, patent or other intellectual property rights of any person or entity; (v) contains any content, personally identifiable information or other information, or materials of any kind that relate or refer to any other person or entity other than the provider of the products, goods or services to which the Submission relates; or (vi) violates any law, or in any manner infringes or interferes with the rights of others, including but not limited to the use of names, information, or materials that (A) libel, defame, or invade the privacy of any third party, (B) are obscene or pornographic, (C) are harmful, threatening, offensive, abusive, harassing, vulgar, false or inaccurate, racially, sexually, ethnically or are otherwise objectionable or otherwise contrary to the laws of any place where such Submissions may be accessed; (D) constitute personal attacks on other individuals; (E) promote criminal, immoral or illegal activity; (F) promote or advertise any person, product or service or solicit funds; or (G) are deemed confidential by any contract or policy.

You are solely responsible for any Submissions you make and their accuracy. We take no responsibility and assume no liability for any Submissions posted by you or any third party.

Unless approved by us in writing in advance, you agree not to: (i) provide or create a link to the Site; or (ii) create any frames at any other sites pertaining to any of the content located on the Site.

We reserve the right, in our discretion, to update, change or replace any part of these Terms of Use for Posting Comments by posting updates and/or changes to our Site.  It is your responsibility to check this page periodically for changes.  Your continued use of, and/or access to the Site, following the posting of any changes to these Terms of Use for Posting Comments, constitutes your acceptance of those changes.