EFF Prefers Critique China Surveillance State vs Its Own In USA

grarpamp grarpamp at gmail.com
Mon Mar 4 18:23:34 PST 2019


Although relatively little news gets out of Xinjiang to the rest of
the world, we've known for over a year that China has been testing
facial-recognition tracking and alert systems across Xinjiang and
mandating the collection of biometric data -- including DNA samples,
voice samples, fingerprints, and iris scans -- from all residents
between the ages of 12 and 65... Earlier this month, security
researcher Victor Gevers found and disclosed an exposed database
live-tracking the locations of about 2.6 million residents of
Xinjiang, China, offering a window into what a digital surveillance
state looks like in the 21st century...

Over a period of 24 hours, 6.7 million individual GPS coordinates were
streamed to and collected by the database, linking individuals to
various public camera streams and identification checkpoints
associated with location tags such as "hotel," "mosque," and "police
station." The GPS coordinates were all located within Xinjiang. This
database is owned by the company SenseNets, a private AI company
advertising facial recognition and crowd analysis technologies. A
couple of days later, Gevers reported a second open database tracking
the movement of millions of cars and pedestrians. Violations like
jaywalking, speeding, and going through a red-light are detected,
trigger the camera to take a photo, and ping a WeChat API, presumably
to try and tie the event to an identity.

China may have a working surveillance program in Xinjiang, but it's a
shockingly insecure security state. Anyone with an Internet connection
had access to this massive honeypot of information... Even
poorly-executed surveillance is massively expensive, and Beijing is no
doubt telling the people of Xinjiang that these investments are being
made in the name of their own security. But the truth, revealed only
through security failures and careful security research, tells a
different story: China's leaders seem to care little for the privacy,
or the freedom, of millions of its citizens.
EFF also reports that a Chinese cybersecurity firm also recently
discovered 468 exposed MongoDB servers on the internet, including
databases containing detailed information about remote access consoles
owned by China General Nuclear Power Group.

Meanwhile, ZDNet suggests that SenseNets may actually be "a government
contractor, helping authorities track the Muslim minority, rather than
a private company selling its product to another private entity.
Otherwise, it would be hard to explain how SenseNets has access to ID
card information and camera feeds from police stations and other
government buildings."

More information about the cypherpunks mailing list