A publicly accessible database managed by a surveillance contractor showed China has used a full suite of AI tools to monitor its Uyghur population in the far west of the country.
Victor Gevers, a cyber security expert and a researcher at the non-profit GDI Foundation, found that a database managed by SenseNets, a Chinese surveillance company, and housed in China Unicom cloud platform, has stored large quantities of tracking data of the residents in the Xinjiang autonomous region in west China. The majority of monitored are the Uyghur ethnic group. The data covered a total number of nearly 2.6 million people (2,565,724 to be precise), including personal information like their ID card details (issue & expire dates, sex, ethnic group, home address, birthday, photo) as well employer details, and the locations they have been tracked (using facial recognition) in the last 24 hours, during which time a total of 6,680,348 records were registered, according to Gevers.
Neither the scope nor the level of detail of the monitoring should be a surprise, given the measures used by China in that part of the country over the last two years. If there is anything embarrassing for the Chinese authorities and their contractors in this story, it will be the total failure of data security: the database was not protected at all. By the time Gevers notified the administrators at SenseNets, it had been accessible to anyone for at least half a year, according to the access log. The database has since been secured, opened, and secured again. Gevers also found out that the database was built on a pirate edition of Windows Server 2012. Police stations, hotels, and other service and business establishments are also found to have connected to the database.
This is a classic example of human errors defeating security systems. Not too long ago, Jeff Bezos of Amazon sent intimate pictures to his female companion, which ended up in the wrong hands. This led to the BBC’s quip that Bezos was the weak link in cybersecurity for the world’s leading cloud service provider.
Like other technologies, facial recognition can be used by overbearing governments for monitoring purposes, breaking all privacy protection. But it can also do tremendous good. EU citizens travelling between the UK and the Schengen Area have long got used to having their passports read by a machine then their faces matched by a camera. The AI technologies behind the experience have vastly simplified and expediated the immigration process. But, sometimes, for some reason, the machine may fail to recognise a face. In that case, there is always an immigration officer at the desk to do manual check.
Facial recognition, coupled with other technologies, for example blockchain, can also improve the efficiency in industries like cross-border logistics. The long border between Sweden and Norway is largely open despite that a passenger or cargo vehicle travelling from one country to another would be technically moving between inside the EU (Sweden) and outside of it (Norway). According to an article in The Economist, the frictionless transit needs digitalisation of documentation (of goods as well as on people), facial recognition (of drivers), sensors on the border (to read code on the driver’s mobile phone), and automatic number-plate recognition (of the vehicles).
In cases like these, facial recognition, and AI in general, should be lauded. What the world should be on alert to is how the data is being used and who has access to it.
There is this company in China named SenseNets. They make artificial intelligence-based security software systems for face recognition, crowd analysis, and personal verification. And their business IP and millions of records of people tracking data is fully accessible to anyone. pic.twitter.com/Zaf6w5502i
— Victor Gevers (@0xDUDE) February 13, 2019