Chinese facial recognition database exposes 2.5m people

A company operating a facial recognition system in China has exposed millions of residents’ personal information online.

Shenzen-based SenseNets is an artificial intelligence company that uses a network of tracking cameras to spot people and log their movements in its database. Unfortunately, the company exposed that information publicly online allowing anyone to access the information in plain text, it emerged this week.

Dutch cybersecurity researcher Victor Gevers found the vulnerable database online and tweeted about it.

The database housed records on over 2.5m people, including their gender, nationality, address, date of birth, photo, and employer. A lot of this was linked to their ID card number, which was also revealed in the database records. China maintains a compulsory national identity card system for residents.

SenseNet maintained a collection of trackers which logged whomever it identified in the database. This created over 6.6m logged entries in a single 24-hour window, Gevers revealed.

In another tweet, Gevers showed what appeared to be an abandoned location in Keriya, in southern China, with a tracking device installed:

Gevers works at the GDI Foundation, a Dutch non-profit dedicated to reporting internet security issues. According to CNet, Gevers had reported the issue to SenseNet in July.

Since Gevers went public with the breach online, the company has blocked access to the public database, he tweeted, adding that it may only have been blocked to requests from outside China.

SenseNet’s website has displayed a default empty web server page for months, but in 2017 it explained in Chinese that:

Face recognition is performed on real-time video captured by HD cameras, which compares black and white lists, confirms identity, and implements alarm, tracking, and disposal functions.

Facial recognition is big business in China. Chinese citizens can now check in and clear security using facial recognition at Shanghai Hongqiao International Airport, and the Beijing subway has announced facial recognition plans to help streamline passenger flow, sparking privacy fears.

Chinese companies are also using the technology to allow citizens to do everything from paying with a smile to dispensing rationed toilet paper.

However, facial recognition technology in China also has its darker, more authoritarian side. Government agencies including its Ministry of Public Security are building a facial recognition system, nicknamed Skynet, that would eventually cover China’s entire population of well over a billion people. It will achieve 100% coverage in “key public areas” next year, according to official government documents.

Chinese police are already using augmented reality glasses to scan and recognise faces, enabling them to quickly identify and apprehend suspects. Schools are planning to use facial recognition to ensure that children attend class and check that they’re paying attention.

Perhaps most unsettling of all: China has also introduced facial recognition technology that tracks people’s movements and predicts how likely they are to commit a crime – Minority Report-style.