A mobile app used by police to track citizens in China’s far west region of Xinjiang shows how some of the country’s biggest technology companies are linked to a mass surveillance system that is more sophisticated than previously known, according to a report from Human Rights Watch.
The app uses facial recognition technology to match faces with photo identification and cross-check pictures on different documents, the New York-based group said on 2 May. The app also takes a host of other data points — from electricity and smartphone use to personal relationships to political and religious affiliations — to flag suspicious behaviour, the report said.
The watchdog’s report sheds new light on the vast scope of activity China is monitoring as it cracks down on its minority Muslim Uighur population in a bid to stop terrorism before it happens. The US state department says as many as two million Uighurs are being held in camps in Xinjiang, a number disputed by Chinese authorities even though they haven’t disclosed a figure.
In an address on 30 April, US secretary of state Michael Pompeo urged corporate America to think twice before doing business in Xinjiang.
“We watch the massive human rights violations in Xinjiang where over a million people are being held in a humanitarian crisis that is the scale of what took place in the 1930s,” he said, according to comments released by the state department.
Human Rights Watch said that so-called data doors at checkpoints may be vacuuming up information from mobile phones from unsuspecting citizens. Some Xinjiang residents who suspected their phones were being used as monitoring devices even buried them in the desert, a move that could later hurt them if the system loses track of their phone, according to Maya Wang, a China researcher for Human Rights Watch.
‘Virtual fences’
“The political re-education camps are one pen, but then you have a series of bigger pens that are like virtual fences,” Wang said.
China’s State Council Information Office did not reply to a request for comment sent by fax. The government has said the surveillance measures in Xinjiang are necessary to prevent terrorism and grow the region’s economy.
Human Rights Watch said information in the report is based on reverse-engineering the police app, which communicates with a database known as Integrated Joint Operations Platform, or IJOP. The group said it enlisted Berlin-based cybersecurity firm Cure53 to conduct a technical assessment of the app after finding that it was publicly available online last year.
IJOP is mainly a tool for data collection, filing reports and prompting “investigative missions” by police. The report called for China to shut down the database behind the app, and for foreign governments to impose targeted sanctions such as visa bans and asset freezes against leaders in Xinjiang.
Human Rights Watch said the mobile app was developed by a unit of state-owned China Electronics Technology Group, a Fortune 500 company known as CETC with US$30-billion in revenue and 169 000 employees. The group has expanded its various operations abroad, from developing smart city solutions in Tehran to a cooperation agreement with German engineering group Siemens.
CETC did not respond to calls and emails requesting comment.
Human Rights Watch said on 2 May it found code in the app from Face++, a facial recognition technology brand of Beijing-based Megvii. But the group in early June corrected its report to note that code found in the login function was “inoperable”.
Megvii said it doesn’t have any relationship with the IJOP database nor knowledge of why its technology appeared in the police app. The company has not granted any licences related to the IJOP app.
“Megvii does not host any third-party data nor does it have any access to the IJOP platform or the national ID database,” the company said in an emailed reply to questions, adding that Human Rights Watch didn’t provide access to the full report before it was published.
Megvii’s investors include Alibaba Group — co-founded by China’s richest man, Jack Ma — and its affiliate Ant Financial Services, as well as Sinovation Ventures and Foxconn Technology Group. Alibaba and Ant declined to comment, while neither Sinovation or Foxconn responded to requests for comment.
Data collection
Beyond collecting data and tipping off the police, the IJOP-linked app has a range of other functions. It provides a system for officials to communicate across voice, e-mail and telephone calls, uses Baidu map functionality for geolocation, and allows officials to search for information about people using their name and various other inputs.
The Human Rights Watch report provides insight into what type of behaviour puts Xinjiang’s citizens on the radar of authorities. Those particularly at risk include people who move in or out of a registered residence, download certain software or content on a mobile phones, or have links to people who are abroad.
The report includes screenshots of the app, which prompts authorities to choose whether data collection is happening in home visits, on the streets, in political education camps, during registration for travel abroad, or when dealing with Xinjiang residents living in the mainland. Higher-level officials with administrative rights also have a sixth choice: collecting information from foreign nationals who have entered Xinjiang.
Officials are then prompted to log on and input data ranging from a person’s height to blood type and political affiliation. Another page examined by Human Rights Watch shows 36 “person types” that attract special attention, including people who don’t socialise with neighbours or those who use “an abnormal amount of electricity”.
The app also uses the central IJOP system to send instructions for officers to investigate certain individuals, prompting them to collect identifying information such as vehicle color and type and log whether they use one of 51 “suspicious” internet tools like WhatsApp or Virtual Private Networks. — Reported by Blake Schmidt, with assistance from Peter Martin and Venus Feng, (c) 2019 Bloomberg LP