Tech partnerships are empowering new methods of control.
BY LINDSAY GORMAN, MATT SCHRADER | MARCH 19, 2019, 10:39 AM
When a Dutch cybersecurity researcher disclosed last month that Chinese security contractor SenseNets left a massive facial recognition database tracking the movements of over 2.5 million people in China’s Xinjiang province unsecured on the internet, it briefly shone a spotlight on the alarming scope of the Chinese surveillance state.
But SenseNets is a symptom of a much larger phenomenon: Tech firms in the United States are lending expertise, reputational credence, and even technology to Chinese surveillance companies, wittingly or otherwise.
The SenseNets database logged exact GPS coordinates on a 24-hour basis and, using facial recognition, associated that data with sensitive personal information, including national ID numbers, home addresses, personal photographs, and places of employment. Nearly one-third of the individuals tracked were from the Uighur minority ethnic group. In a bizarre juxtaposition of surveillance supremacy and security incompetence, SenseNets’ database was left open on the internet for six months before it was reported and, according to the researcher who discovered it, could have been “corrupted by a 12-year-old.”
The discovery suggests SenseNets is one of a number of Chinese companies participating in the construction of a technology-enabled totalitarian police state in Xinjiang, which has seen as many as 2 million Uighurs placed into “re-education camps” since early 2017. Eyewitness reports from inside the camps describe harsh living conditions, torture, and near constant political indoctrination meant to strip Uighurs of any attachment to their Islamic faith. Facial recognition, artificial intelligence, and speech monitoring enable and supercharge the Chinese Communist Party’s drive to “standardize” its Uighur population. Uighurs can be sent to re-education camps for a vast array of trivial offenses, many of which are benign expressions of faith. The party monitors compliance through unrelenting electronic surveillance of online and physical activities. This modern-day panopticon requires enormous amounts of labor, but is serving as a testing ground for new technologies of surveillance that might render this process cheaper and more efficient for the state.
Toward this goal, the party is leveraging China’s vibrant tech ecosystem, inviting Chinese companies to participate through conventional government-procurement tools. Companies built the re-education camps. Companies supply the software that watches Uighurs online and the cameras that surveil their physical movements. While based in China, many are deeply embedded in the international tech community, in ways that raise serious questions about the misuse of critical new technologies. Foreign firms, eager to access Chinese funding and data, have rushed into partnerships without heed to the ways the technologies they empower are being used in Xinjiang and elsewhere.
In February 2018, the Massachusetts Institute of Technology (MIT) announced a wide-ranging research partnership with Chinese artificial-intelligence giant and global facial-recognition leader SenseTime. SenseTime then held a 49 percent stake in SenseNets, with robust cross-pollination of technical personnel. SenseNets’ parent company Netposa (also Chinese) has offices in Silicon Valley and Boston, received a strategic investment from Intel Capital in 2010, and has invested in U.S. robotics start-ups: Bito—led by researchers at Carnegie Mellon University—and Exyn, a drone software company competing in a Defense Advanced Research Projects Agency (DARPA) artificial-intelligence challenge. This extensive enmeshing raises both moral and dual-use national-security questions. Dual-use technology is tech that can be put to both civilian and military uses and as such is subject to tighter controls. Nuclear power and GPS are classic examples, but new technologies such as facial recognition, augmented reality and virtual reality, 5G, and quantum computing are beginning to raise concerns about their dual applicability.
Beyond SenseNets, Chinese voice-recognition leader iFlytek may also besupplying software to monitor electronic communications in Xinjiang. A 2013 iFlytek patent identified by Human Rights Watchspecifically touted its utility in “monitoring public opinion.” Nonetheless, like SenseTime, iFlytek recently established a multiyear research partnership with MIT. These partnerships lend reputational weight to activities that undermine freedom abroad.
Equally concerning is that the details of technical and research collaborations with Chinese companies can be opaque to international partners, concealing ethically objectionable activities. When Yale University geneticist Kenneth Kidd shared DNA samples with a scientific colleague from the Chinese Ministry of Public Security’s Institute on Forensic Science, he had no idea they would be used to refine genetic surveillance techniques in Xinjiang. Massachusetts-based company Thermo Fisher is also implicated: Until it was reported last month, the company sold DNA sequencers directly to authorities in Xinjiang for genetic mapping. Western companies and institutions must be far more vigilant in scrutinizing how Chinese partners are using their products, especially emerging technologies.
Equally concerning is that the details of technical and research collaborations with Chinese companies can be opaque to international partners, concealing ethically objectionable activities.
Facial recognition is a good place to start. The industry needs to establish global standards for appropriate applications—use that respects human rights and the rule of law. In the United States, Microsoft has been an industry leader in calling for regulation and has tapped employees, customers, public officials, academics, and civil society groups to develop a set of “principles for facial recognition,” which it plans to launch formally this month. When it comes to building out regulation, the devil may be in the details. But the principles—fairness, transparency, accountability, nondiscrimination, notice and consent, and lawful surveillance—are sound. Surprisingly, SenseNets lists Microsoft itself as a partner on its website, along with American chip manufacturer AMD and high-performance computing provider Amax.
In the case of SenseNets, these partnerships could be false claims by a company looking to boost credibility, unwitting collaboration on the part of U.S. tech firms, or true business relationships. “We have been able to find no evidence that Microsoft is involved in a partnership with SenseNets,” a spokesperson for Microsoft told the authors, “We will follow up with SenseNets to cease making inaccurate representations about our relationship.” But if these partnerships are real, they would violate all six of Microsoft’s principles. California-based Amax, which specializes in high-performance computing for deep-learning applications, touts a partnership with Chinese state-owned Hikvision, the world’s largest supplier of video surveillance products. AMD is also involved in a Chinese joint venture supplying proprietary x86 processor technology.
Despite a general awareness of the ways American companies and individuals are abetting surveillance in Xinjiang, U.S. Congress and government officials have yet to call for a review of the extent of U.S. investment and research partnership entanglements. The Commerce Department’s proposed rule-making on controls for certain emerging technologies is a start, but its scope remains unclear.
READ MORE
Virus Competition Is Wrecking China-U.S. Cooperation Hopes
China Is Fighting the Coronavirus Propaganda War to Win
The international tech community can help guide the ethical application of its developments. After employee protests, Google reportedly suspended plans to launch Dragonfly, a censored version of its search engine custom-built for China, although there are suspicions the project may not be entirely dead. Authoritarianism has proven it can use emerging technologies to undermine democratic norms and freedoms. As such, U.S.-based research-and-development organizations should perform basic due diligence on partnerships to assess their connection to surveillance regimes.
International scientific exchange has yielded awe-inspiring achievements, from the discovery of the Higgs boson to the eradication of smallpox. And cooperation is growing faster than ever. But by taking basic steps to understand their partners, investors can mitigate some of the unintended risks of that cooperation. If they fail to do so, they will end up owning some of the responsibility for human rights abuses in Xinjiang and elsewhere.