China’s Surveillance State: Henan, Xinjiang, and Beyond

As new Chinese surveillance technology spreads across the country and beyond, Sixth Tone’s Bibek Bhandari describes the use of new facial recognition-enabled headsets by railway security staff ahead of the Spring Festival travel rush.

Railway police in , the capital of central China’s Henan province, are the first in the country to start using eyewear to screen passengers, the online arm of Party newspaper People’s Daily reported Monday. Security personnel at East Railway Station donned the new accessories ahead of the Chinese New Year travel rush to help them verify passengers’ identities, spot impostors — and even catch suspected criminals.

Spring Festival, or the lunar new year, is one of the busiest travel periods in China, putting immense pressure on the country’s transportation networks. This year, officials expect more than 389 million train trips alone during the peak travel period from Feb. 1 to March 12, when people return home for the holidays.

The glasses — which resemble Google Glass — are connected to a police database that can match passengers with criminal suspects. Since Zhengzhou railway police started using the eyewear earlier this year, they have identified seven people suspected of crimes ranging from human trafficking to hit-and-run accidents, according to the report. [Source]

Read more on the uses of facial recognition, from fast food payments to criminal justice and transport security to toilet paper rationing, via CDT.

The western region of Xinjiang has been a particular focus and testing ground for new surveillance tech as part of a broad spectrum of security measures and social controls. Georgetown University’s James A. Millward described the current situation in Xinjiang in a New York Times op-ed on Saturday:

Imagine that this is your daily life: While on your way to work or on an errand, every 100 meters you pass a police blockhouse. Video cameras on street corners and lamp posts recognize your face and track your movements. At multiple checkpoints, police officers scan your ID card, your irises and the contents of your phone. At the supermarket or the bank, you are scanned again, your bags are X-rayed and an officer runs a wand over your body — at least if you are from the wrong ethnic group. Members of the main group are usually waved through.

You have had to complete a survey about your ethnicity, your religious practices and your “cultural level”; about whether you have a passport, relatives or acquaintances abroad, and whether you know anyone who has ever been arrested or is a member of what the state calls a “special population.”

This personal information, along with your biometric data, resides in a database tied to your ID number. The system crunches all of this into a composite score that ranks you as “safe,” “normal” or “unsafe.”Based on those categories, you may or may not be allowed to visit a museum, pass through certain neighborhoods, go to the mall, check into a hotel, rent an apartment, apply for a job or buy a train ticket. Or you may be detained to undergo re-education, like many thousands of other people. [Background.]

A science-fiction dystopia? No. This is life in northwestern China today if you are Uighur. [Source]

A report last week from the BBC’s John Sudworth showed a similar picture:

Millward’s piece includes an account from a Uyghur living overseas whose elderly parents had cut off contact after several intimidating visits from security agents, apparently triggered by their international phone calls. Buzzfeed’s Megha Rajagopalan, who reported on Chinese surveillance in Xinjiang last year, recently recounted a similar story on Twitter. It showed, she wrote, "how surveillance wielded by a government as powerful of China goes way beyond targeting extremists or even political dissidents. It tears ordinary families apart and colors every aspect of life — even death."

Both the Uyghur and Tibetan diasporas are also long-suffering targets of hacking, widely presumed to emanate from China. A Citizen Lab report last week detailed how overseas Tibetans are being targeted, and how they and others might better protect themselves.

The Tibetan community has been persistently targeted by digital espionage operations for over a decade. Historically, malware sent as email attachments was the most common threat Tibetan groups experienced. Recently, we have observed an increase in phishing operations targeting the community suggesting a possible shift in adversary tactics. This latest operation is another example of this trend.

The phishing tactics used in the operation could have been blunted if targets used security features like two factor authentication, which requires a second ‘factor’ to access an account. Unfortunately, two factor authentication is not enabled by default on most popular platforms, and there are a number of hurdles to ensuring widespread adoption among civil society groups such as lack of awareness, potential usability issues, and the general challenge of shifting user behaviour across a community. Adoption rates for two factor authentication across user populations are very limited. For example, according to a recent presentation by a Google employee less than 10% of Gmail users have enabled two factor authentication. [Source]

Last July, the organization issued another report detailing unsuccessful phishing attempts targeting CDT.