Chinese artists put on performances to highlight the ubiquitous prevalence of surveillance cameras. Privacy activists have filed lawsuits against the collection of facial recognition data. Ordinary citizens and institutional educators alike have opposed the misuse of Covid-tracking apps by authorities to curtail protests. Netizens share tips on how to avoid digital surveillance.
As China builds up its own extensive security and surveillance apparatus, it faces growing public concerns about the lack of safeguards to prevent personal data theft or misuse. The ruling Communist Party is well aware of the credibility cost of any major security holes: Last week, it moved systematically to silence news about what was likely the largest known breach of a Chinese government computer system, including the personal information of as many as possible. billion citizens.
The hack dealt a blow to Beijing, as it exposed the perils of its vast endeavor to dump vast amounts of digital and biological information about its people’s daily activities and social relationships from social media posts, biometric data, phone records and surveillance videos. The government says these efforts are essential to public safety: to curb the spread of Covid, for example, or to catch criminals. But its failure to protect data exposes citizens to problems like fraud and extortion, and threatens to undermine people’s willingness to comply with surveillance.
“You never know who will sell or leak your information,” said Joel Liao, a Shanghai resident, whose details were revealed in the leak.
“It’s a bit unusual to see that even the police are also at risk,” said Ms. Liao.
China, which has been racing to implement one of the world’s toughest data privacy regulations, often criticizes companies for mishandling data. But authorities rarely point the finger at the country’s biggest personal information collector: the government itself.
Security researchers say the leaked database, apparently used by police in Shanghai, has been left online and unsecured for months. It was revealed after an anonymous user posted on an online forum offering to sell a large batch of data for 10 bitcoins, or about $200,000. The New York Times confirmed parts of a sample database posted by the anonymous user, who was posted under the name ChinaDan.
In addition to basic information such as names, addresses and identification numbers, the sample also included details that appear to have been taken from external databases, such as instructions to delivery companies about where to deliver shipments, raising questions about how much information private companies share with authorities. Of particular concern to many, it also contains extensive personal information, such as police reports that included the names of people accused of rape and domestic violence, as well as private information on political dissidents.
The government has sought to erase nearly all discussion of the leak. At a cabinet meeting chaired by Chinese Premier Li Keqiang last week, officials made only a passing reference to the issue of privacy, stressing the need to “defend information security” so that the public and businesses “can work with peace of mind, according to the official Xinhua News Agency. .
Last year, Chinese authorities issued two new laws on data security and privacy, similar to the European Union’s General Data Protection Regulation. The laws were mostly aimed at addressing the collection of private data by companies – and the prevalence of online fraud and theft of personal information that emerged as a result.
However, the government’s efforts to set up safeguards have slowed in its push to collect information. In recent years, The Times has reviewed other leaked databases used by police in China, which have been left online with little or no protection; Some of them contained facial recognition and identity scanning records of people in a Muslim ethnic minority area.
Now, there are signs that people are growing wary of government and public institutions as well, as they see how their private data is being used against them. Last month, a nationwide protest erupted over the misuse of Covid-19 tracking technology by local authorities.
The latest in China: essential things to know
Protesters fighting to get their savings back from four rural banks in the central Chinese city of Zhengzhou have found that mobile apps used to identify and isolate people who may be spreading Covid-19 have turned from green – in a safe sense – to red, a rating that would prevent them from moving free.
“There is no privacy in China,” said Silvia C, 30, a protester whose health code has been turned red. The authorities in Zhengzhou, under pressure to explain the incident, subsequently punished five officials for changing the codes of more than 1,300 customers.
Even when Covid-19 tracking technologies are used for their stated purpose, more people seem willing to question whether surveillance is excessive. On Thursday, a blogger in Beijing posted on Weibo that he refused to wear an electronic bracelet to track his movements while in isolation, saying the device was an “electronic limitation” and a violation of his privacy. The post has been liked about 60,000 times, and users have been flooding his post with replies. Many said it reminded them of the treatment of criminals. Others described it as a ploy to surreptitiously collect personal information. The blogger said the post was later removed by a sergeant.
In recent years, individuals have sought to draw attention to privacy concerns. In 2019, a law professor in Hangzhou, a prominent tech hub in eastern China, sued a local zoo to force him to provide facial recognition data for entry, the first lawsuit of its kind in China. He won the case.
Starting in late 2020, several Chinese cities began to prevent neighborhood committees from forcing residents to submit to biometric monitoring to enter their compounds. At about the same time, toilet paper dispensers using facial recognition technology were removed from public restrooms in the southern Chinese city of Dongguan after public outcry.
On online forums like Zhihu, a Quora-like platform, Chinese users share tips on how to evade surveillance (the tips include wearing hats, masks, and pointing flashlights at security cameras). More than 60 percent of Chinese say facial recognition technology has been misused, according to a study of more than 20,000 Chinese conducted jointly in late 2020 by a Chinese research center and government task force. More than 80 percent expressed concern about whether and how facial recognition data would be stored.
“Rising public awareness of data privacy is an inevitable trend,” said Dragon Zheng, an artist based in southern Guangxi province whose practice explores the interaction between technology and governance.
In 2016, Mr. Zheng installed security cameras inside a large exhibition hall, which broadcast live footage to the monitoring room set up in the center of the hall. Visitors are invited to enter the room, where they can manipulate the cameras and experience what Mr. Zeng called the feeling of being “watched, watched, controlled, and controlled.”
However, he stressed that the risks and benefits of the technology are not limited to China.
“Technology is like Pandora’s box,” said Mr. Zheng. “Once you open it, how you use it depends on the hand of the person who falls into it.”
Few Chinese citizens publicly questioned the government about its collection of personal data. Part of that may be the result of sweeping government oversight and threats to personal safety from criticism of the government. But many residents also see data delivery as a necessary trade-off for security and convenience.
“There has always been this divided identity when it comes to awareness of privacy in China,” said Samm Sacks, a technology policy researcher at Yale Law School and the New America. “People generally trust how government entities handle their personal information and are more skeptical about the corporate sector.”
Legal analysts said any disciplinary action resulting from the breach of the Shanghai police database is unlikely to be made public. There are a few mechanisms in place to hold Chinese government agencies responsible for their data leakage. For many citizens, this lack of recourse contributed to a feeling of resignation.
However, they occasionally have small victories, as did Xu Beilin when she took over the local neighborhood committee last year. She had returned home to her apartment building in Beijing one day to find that the complex required residents to submit to a facial recognition scanner to enter.
“It was crazy,” said Ms. Shaw, 37, a project manager at a startup. She said it reminded her of one of her favorite TV shows, the British science fiction series Black Mirror.
Mrs. Shaw disturbed the neighborhood committee by phone and text until she relented. For now, Ms Xu said, she could still enter her condominium with her master card, although she thought it was only a matter of time until facial recognition devices became mandatory again.
“All I can do now is continue to resist on a small scale,” she said.
zixu wang Contribute to the preparation of reports.