Doomed by data, our new Trojan Horse

Surveillance is tightening inside China—but our carelessness also gives the regime huge capabilities abroad

Features
A Chinese flag with a surveillance camera underneath the flag. Picture taken at Tiananmen Square, Beijing. (©KLEPO/ALAMY STOCK PHOTO)

Recently a friend was talking about CCTV cameras being installed at a wine warehouse in the UK.

“What happens,” the owner asked, “if I want to see what happened in my warehouse last night?”

“Don’t worry, the information is all stored in China. You just dial up and it comes down the internet in seconds.”

But any information on servers back in China is available to the Communist Party and its security services. They are unlikely to be interested in staring at wine bottle labels, but they might like data from CCTV cameras installed by the British police or outside UK government buildings.

Data, like the jungle, is neutral. But its users are not. Engineering Global Consent, a new paper by Samantha Hoffman, a Canberra-based American expert, tracks the activities of GTCOM, a Chinese company whose technology harvests bulk data and uses machine learning and artificial intelligence (AI) to process data into usable products, provide translation services, perform analysis and more. It claims to collect globally 2-3 petabytes a year, equivalent to 20 billion Facebook photographs or 1.5 trillion pages of typed text. It runs cloud services and also has a tie-up with Alibaba Cloud. It has agreements with Huawei, Alibaba, Haier and other big Chinese companies about embedding its software in their products and it works closely with foreign universities. Another company GTCOM works with has lip-reading technology.

GTCOM is a state-owned enterprise (SOE), owned by the Central Propaganda Department. Hoffman has unearthed a photograph of one of its senior executives speaking in front of a slogan which reads “90 per cent of military-grade intelligence data can be obtained from open data analysis”. It is just one of hundreds of SOEs and Chinese companies shipping your data and metadata back to China. Your Huawei phone, Lenovo computer, Alipay or Alibaba Cloud, or Hikvision—the world’s biggest CCTV maker—are all doing it. If GTCOM’s translation software is embedded in an app you are using, your material is going back, and is available to the Chinese Communist Party (CCP).

The head of Huawei, Ren Zhengfei, and others claim that they are private companies and that, if asked to install back doors in their products, they would refuse. What else could they say? The truth is that their ownership structures are irrelevant. We do not even need to see the National Security Law, which requires all individuals and organisations to accede to requests from the state security organs, to know that they are being disingenuous. In the words of Xi Jinping, “the Party leads everything”. Refuse a request from the security services and you would not remain at the head of your company for long.

The Communist Party, big data and AI are a scary mix. Suppose I am of interest to the CCP and foolish enough to own a Huawei phone. Couple the way my phone locates me with the Hikvision CCTV in the café where I am talking to someone, add lip-reading technology and a sprinkling of algorithms, and you might not even need a microphone to eavesdrop on our conversation.

In Mao’s days every Chinese had a dang’an or file, which recorded their marriage, job, health, contraception, political reliability, and permission to move towns. The arrival of a more complex and free society led to its demise. But technology provides the CCP with an opportunity to resuscitate a modern and more powerful version of the dang’an.

This combines four elements: recognition technology (face, voice, fingerprints, DNA and gait—particularly useful if people wrap up or wear masks); real-time positional monitoring through personal mobile devices backed up by other public systems, such as CCTV (the announced intention is to have over 400 million by 2020, one for every 3.5 citizens); life monitoring, including health and education records, purchase details and internet activity; and finally, computer power and AI to sift and operationalise the information. 

This panopticon is not the widely misunderstood Social Credit System, which in the absence of rule of law in China, is not in itself a bad thing. It lists untrustworthy folk such as debt defaulters. But the CCP can see how in future it might play a bigger role.

The CCP set out to use new technology to control and condition its people with the Golden Shield project, announced in 2002. It had four main aims: to allow the authorities to know within a few seconds everything about a particular person; to predict who might cause trouble to the regime; to anticipate the organising of any action deemed inimical to the Party; and to curtail the freedom and actions of anyone deemed dubious.

At a conference in September 2017 and not for the first time, Meng Jianzhu, the erstwhile head of the security system, hailed big data and modern information technology for its role in “extending social governance to the smallest social units, such as villages and communities, in order to realise precise governance”. The State Council’s national artificial intelligence development plan declares that AI “is indispensable for the effective maintenance of social stability”.

The euphemism “precise governance” is an authoritarian’s dream and a libertarian’s nightmare. The precision can be seen from the musings of the Ministry of Education, which, conscious of students as the perennial catalyst of protest, has suggested monitoring their political sentiments and ideology by collating data from library records, surveys, social media posts, performance and opinions in class, and more. Such a gauge of political reliability could be used to decide who might be eligible for jobs in state run organisations and businesses.

To achieve its aims the Ministry of Public Security (MPS) is constructing the “Police Cloud”. By researching provincial tender documents, Human Rights Watch shows that this “aims to integrate different types of information . . . such as residential addresses, family relations, birth control methods, and religious affiliations . . . hotel, flight and train records, biometrics, CCTV footage, and information from other government departments and even private companies”. It can find out, for example, who has travelled together twice with a person of interest, or gone to an internet café with them.

In one city HRW discovered that the Police Cloud aimed to integrate 63 types of police data and 115 types of data from 43 other government departments and industries.

Intention and implementation are not the same thing. The “Golden Shield” remains penetrable and the “Police Cloud” still nebulous, at least at the national level. But like the Death Star in Star Wars, it is already operating even though it is still being built.

One question concerns the CCP itself. At what level of seniority are cadres to be excused from surveillance? Whoever controls the data will have immense power in factional struggles: who will guard the guards? But other restraints are few. The political leadership will support the funding. Business is keen: there are big contracts to be won. The public prizes convenience over privacy.

The CCP proceeds methodically, with plans, pilot projects, assessment of lessons learned and finally national implementation. Anhui province is working on a voice recognition database. But Xinjiang, where the Uyghur population is being subjected to appalling oppression, is the main laboratory for the new systems of control.

All Uyghurs must download an app which automatically reports their browsing of undesirable sites, as well as their location. The authorities are collecting the DNA of all ethnic minorities. Petrol stations allow filling only after facial recognition linked to ID cards gives clearance. How long before cars have technology which requires facial recognition and approval before a car motor can be switched on? As for public transport, the sale of bus, train or plane tickets is easy to link to ID, while taxis can be fitted with facial recognition equipment linked to a database to identify undesirable passengers.

Will it work? Anyone who has worked in government knows the difficulty of integrating new and old IT systems, of linking up separate buildings and departments, and of management and maintenance. Chinese organisations have been notoriously bad at exchanging information. For example, the old Ministry of Water Resources and the Ministry of the Environment never managed a daily exchange of data despite their overlapping responsibilities. Most organisations will have more pressing concerns than ensuring a smooth feeding back of information to the public security authorities.

Then there are the costs. Beyond the computing development and equipment, there is recognition system hardware, staff to run and maintain the system, using the output effectively. A recent study of the semi-conductor business in China found a shortage of 400,000 trained personnel.

For those who live or do business in China, it is a given that all their information is being collected. Wechat is indispensable for keeping in contact. Payments via Alipay or other apps are unavoidable, because many outlets no longer take cash. The Social Credit System seems to demand complete transparency of foreign companies’ operations, technology, and records to the security authorities.

But Chinese apps and games are becoming more common abroad. If we come to depend on, say, Wechat, we are at best enabling Chinese snooping, and at worst allowing the CCP the ability to harm our communications by closing Wechat down. An even bigger threat comes from Chinese companies’ mass collection of data abroad, and its mining on behalf of the security authorities.

The fall of Troy is an unsettling parallel. The Greeks did not force their way in. Rather the Trojans welcomed the horse inside. The CCP has a similar strategy: “Smart Cities”. Networked digital devices improve the provision of services and utilities, traffic flows, policing and parking. Naturally telecommunications, CCTV and facial, number plate and other recognition technologies feature prominently. That is all to the good. But this technology is “dual use”. It not only helps unpleasant regimes such as Zimbabwe to control dissent; it also facilitates the transfer of information that the Chinese authorities can use against us.

This is a very different threat to that we have faced in the past. We should forget talk of war, whether hot or cold. The CCP will not go to war. The nuclear deterrent has not simply evaporated; and even an invasion of Taiwan, unlikely to succeed anyway, would bring huge economic disruption. The resulting unemployment and unrest might shake the CCP’s hold on power. The weapons of choice are those which slip under the radar: dependency; undermining the will to oppose or the will to uphold security, interests and values; divide and rule; and playing on vanity and greed.

The foundation of any success will be whether the CCP can forge those weapons through the collection and use of big data and AI. It is unlikely to catch up with liberal democracies  while competing on our terms. The one hope is to get ahead in the data and digital revolutions—and win in a game with different rules.