A data leak has brought to light widespread surveillance that has been happening in the Xinjiang region of China.
A data leak that has been discovered by a Dutch security researcher has brought to light the surveillance carried out by a Chinese technology firm in the Xinjiang region, which is home to the majority of China’s Uighur ethnic minority.
Reuters reports, “An online database containing names, ID card numbers, birth dates, and location data was left unprotected for months by Shenzhen-based facial-recognition technology company SenseNets Technology Ltd, according to Victor Gevers, co-founder of non-profit organization GDI.Foundation, who first noted the vulnerability in a series of social media posts last week.”
After inter-ethnic tensions in recent years, Xinjiang has been under heavy police surveillance for quite some time. The Reuters report observes, “The Chinese government has ramped up personal surveillance in Xinjiang over recent years, including the construction of an extensive video surveillance system and smartphone monitoring technology.”
China has been facing international criticism over the policies that it had adopted in Xinjiang. Almost one million people, according to various reports, have probably been rounded up and detained in camps.
The Guardian, in a detailed report on the data leak, highlights the extent of the surveillance; the report notes, “China faces growing international criticism over its policies in Xinjiang, after a series of attacks in the 1990s and 2000s. Over the last three years, researchers and advocates believe 1 million Uighurs as well as Kazakhs, Hui and other Muslim minorities have been rounded up and detained in internment camps.”
The report further says, “Those outside the camp are also closely monitored, with surveillance cameras mounted over villages, street corners, mosques, and schools. Commuters must go through security checkpoints between all towns and villages, where they undergo face scans and phone checks. Last year Xinjiang residents were reportedly ordered to download an app that scans for specific content…According to a report last year by Human Rights Watch, many Uighur families have QR codes fixed to their homes so local police can scan them for the family’s details.”
Victor Gevers has reportedly revealed that the data exposed showed about 6.7 million location data points linked to the people which were gathered within 24 hours. Moreover, the data also linked people to GPS coordinates, tagged with descriptions such as “mosque”, “hotel,” “internet cafe” etc. The database was left fully open and anyone with an internet connection could simply go in and do anything with it, including reading, updating or editing anything, without any kind of authentication.
SenseNets and its parent company NetPosa Technologies Ltd work with China’s police across several cities in China, according to reports. Reuters reports that neither of these companies responded to requests for comment on the incident. The Xinjiang regional government has also not commented. However, Victor Grevers has reportedly clarified that after his GDI.Foundation directly alerted SenseNets to the vulnerability, the company did take steps to secure the database.