Protocol | China

China sours on facial recognition tech

State media and new regulations are going after dodgy company practices. Government still gets a free pass.

China sours on facial recognition tech

A screen shows visitors being filmed by AI (artificial intelligence) security cameras with facial recognition technology at the 14th China International Exhibition on Public Safety and Security at the China International Exhibition Center in Beijing on October 24, 2018.

NICOLAS ASFOURI / Contributor/ Getty Images

Hundreds of thousands of surveillance cameras throughout China have been hoovering up facial recognition data without notifying the people attached to the faces. Now, the companies behind the tech are finally under the microscope after a blistering recent exposé — one carried by a major mouthpiece for Beijing, the same government known for its own untrammeled intrusions into private life.

On March 15, China Central Television broadcast its annual consumer rights gala, a long-running annual special that has uncovered many high-level consumer frauds. One segment revealed that facial recognition security cameras located at chain stores nationwide have been picking up shoppers' personal information without their knowledge or consent. The revelations ignited a furious backlash against the companies. "Two characters," went one popular online comment about the findings: "wu chi (无耻)," meaning "shameless." It's another instance of grassroots pushback against surveillance tech in China, a global leader in surveillance research as well as in deployment.

The central irony went unremarked: that Beijing has become both the critic and perpetrator of mass surveillance.

Caught in the act

In the 10-minute investigative segment, undercover reporters talked to surveillance camera providers who proudly exhibited the power of their facial recognition systems. Within seconds of encountering a shopper, cameras installed in retail stores could recognize and document that person's, age, ethnicity and even emotional state. The cameras also successfully identified return customers, allowing sellers to call up purchase histories in real time.

Such technologies have been branded "VIP customer identification," promising to use facial recognition to help retailers identify their frequent clients in order to serve them better. In fact, the cameras collect and store information from everyone who's ever stepped in a store, regardless of status.

The website of Ovopark, one of the firms exposed for selling surveillance cameras and software, once proudly noted that this technology had been sold to retailers including international brands Kohler and MaxMara, both of which have operations in China. (That assertion was no longer posted as of Monday, the day the CCTV take-down aired.) In a blog post published in November 2020, Ovopark, a Suzhou-based startup founded in 2014 that raised $12 million in its series B round last May, said its cameras work covertly in situations where customers wouldn't want their biometric data to be collected. It gave the example of a real estate sales office. "Customers there will never agree to have their facial recognition data collected, so [we offer] Facial Recognition Technology for Non-Cooperative Individuals at a Distance, designed for commercial environments," the blog post reads. Ovopark has since published a vague statement on its website saying the company is investigating the issues the investigation raised.

Kohler also released a statement saying it has ordered the immediate removal of all surveillance cameras from its stores in China. Kohler and retailer MaxMara separately claimed they used the cameras only to count customer traffic.

It's an open question how much CCTV's latest exposé will change corporate behavior. The surveillance industry is thriving in China, which combines abundant engineering talent with a relatively lax environment for deployment. According to data analytics firm Qichacha, over 7,000 companies in China provide services or equipment related to facial recognition.

Some of China's AI unicorns are getting in on the action. CloudWalk, one of China's "four AI dragons," currently seeking approval for a domestic IPO, said in a Sep. 2018 press release that it was helping equip several prominent shopping malls with tech that performed functions similar to Ovopark's. Cloudwalk boasted of an innovative way of obtaining facial recognition data: by prompting customers to participate in "face swaps" and "celebrity look-alike" games to capture their faces, then asking for their phone numbers in exchange for cash incentives.

Big brother Beijing

Private companies haven't vaulted China to its leading status in facial recognition tech by themselves. National tech policies and standards have encouraged its research and commercial implementation since 2015. In a 2017 blueprint to "facilitate the development of next-generation AI industry," China's Ministry of Industry and Information Technology said that by 2020 it aimed to support recognition that would work on "people from different regions" and achieve recall rates of 97% and recognition rates of 90% "under complex/dynamic conditions."

Crucially, China's state surveillance projects have also offered industrial applications for technologies once only used in labs. "Sharp Eyes," a controversial nationwide program that aimed to cover all of China's public spaces with public safety cameras by 2020, has been a boon for the surveillance tech industry. "'Sharp Eyes' facilitated the exponential growth of the video surveillance market as part of the larger security industry," Beijing-based think tank EqualOcean wrote in a market analysis. "It has significantly stimulated demand for high-resolution cameras, facial recognition cameras and other video surveillance equipment."

While such projects are often officially for public safety purposes, they're frequently abused to infringe on individual privacy. For example, surveillance cameras have become ubiquitous in the western region of Xinjiang to monitor and suppress ethnic minorities, including Uyghurs and Kazakhs.

Hints of a movement

Given the consequences for political dissent, it's risky for Chinese people to speak out against state-sponsored or state-imposed surveillance projects. But pro-privacy sentiment is still gathering steam. In a 2019 public survey conducted by a Chinese think tank, over 70% of respondents said they worried about their facial recognition data being leaked. Over 40% said the use of these technologies should be limited in certain situations.

Most ire at privacy violations is directed towards private companies. In 2019, a law professor in the tech-friendly city of Hangzhou sued a local zoo for forcing him to submit facial recognition data to gain access. He later won the case, widely regarded as the first facial recognition lawsuit in China. There are regular conversations on social media about the ubiquitousness and invasiveness of surveillance cameras.

CCTV's exposé shows the state is well aware of these societal concerns. Beijing genuinely concerned with privacy abuses and happy to crack down on them — when the private sector is the perpetrator. In 2020, China's Ministry of Industry and Information Technology tested 520,000 mobile apps for their privacy protection practices, according to the minister. Many popular apps owned by China's Big Tech, including Tencent and JD, were ordered to make changes.

But the state has been quiet about how it uses the surveillance tech the private sector has developed for its own purposes. CCTV didn't say whether facial recognition cameras or similar equipment were being deployed by government actors.

Regulation is here to help, sometimes

A new law likely to be passed in 2021 will help government further regulate the commercial uses of facial recognition. Article 27 of the draft Personal Information Protection Law states that "image collection or personal identity recognition equipment" shall only be installed in public venues "as required to safeguard public security and observe relevant State regulations," adding that "clear indicating signs shall be installed."

A major question for now is what constitutes a "public venue."

"Even though [shopping malls] may be privately owned, you've got the general public running in and out. It's not like it's a private club or a person's house," Jamie Horsley, a visiting lecturer at Yale Law School and an expert on Chinese administrative law, told Protocol. She pointed to 2016 regulation that includes "malls (shops), bookstores" and many more retail spaces to the definition of "public venues."

The draft law, Horsley said, primarily regulates private companies, not governments. Under the new rules, facial recognition can still be deployed for public security purposes and when required by "relevant regulations." That allows authorities to keep their police surveillance projects.

There is a provision in the law that restricts government use of facial recognition as well. But actually enforcing it will be difficult. Chinese courts lack judicial independence and rarely accept cases brought against the state.

Regardless, the forthcoming rules, which adopt provisions from existing privacy laws around the world, could be the beginning to the end of China's facial recognition free-for-all. "The government is very interested in social stability, and so they recognize that how they handle personal data ... is now an issue at the forefront of people's minds," Horsley said. "[Even] if you are a powerful government agency."

Clarification: This article has been updated to clarify comments made by Yale Law School lecturer Jamie Horsley.

Power

How the creators of Spligate built gaming’s newest unicorn

1047 Games is now valued at $1.5 billion after three rounds of funding since May.

1047 Games' Splitgate amassed 13 million downloads when its beta launched in July.

Image: 1047 Games

The creators of Splitgate had a problem. Their new free-to-play video game, a take on the legendary arena shooter Halo with a teleportation twist borrowed from Valve's Portal, was gaining steam during its open beta period in July. But it was happening too quickly.

Splitgate was growing so fast and unexpectedly that the entire game was starting to break, as the servers supporting the game began to, figuratively speaking, melt down. The game went from fewer than 1,000 people playing it at any given moment in time to suddenly having tens of thousands of concurrent players. Then it grew to hundreds of thousands of players, all trying to log in and play at once across PlayStation, Xbox and PC.

Keep Reading Show less
Nick Statt
Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

While it's easy to get lost in the operational and technical side of a transaction, it's important to remember the third component of a payment. That is, the human behind the screen.

Over the last two years, many retailers have seen the benefit of investing in new, flexible payments. Ones that reflect the changing lifestyles of younger spenders, who are increasingly holding onto their cash — despite reports to the contrary. This means it's more important than ever for merchants to take note of the latest payment innovations so they can tap into the savings of the COVID-19 generation.

Keep Reading Show less
Antoine Nougue,Checkout.com

Antoine Nougue is Head of Europe at Checkout.com. He works with ambitious enterprise businesses to help them scale and grow their operations through payment processing services. He is responsible for leading the European sales, customer success, engineering & implementation teams and is based out of London, U.K.

Protocol | Policy

Why Twitch’s 'hate raid' lawsuit isn’t just about Twitch

When is it OK for tech companies to unmask their anonymous users? And when should a violation of terms of service get someone sued?

The case Twitch is bringing against two hate raiders is hardly black and white.

Photo: Caspar Camille Rubin/Unsplash

It isn't hard to figure out who the bad guys are in Twitch's latest lawsuit against two of its users. On one side are two anonymous "hate raiders" who have been allegedly bombarding the gaming platform with abhorrent attacks on Black and LGBTQ+ users, using armies of bots to do it. On the other side is Twitch, a company that, for all the lumps it's taken for ignoring harassment on its platform, is finally standing up to protect its users against persistent violators whom it's been unable to stop any other way.

But the case Twitch is bringing against these hate raiders is hardly black and white. For starters, the plaintiff here isn't an aggrieved user suing another user for defamation on the platform. The plaintiff is the platform itself. Complicating matters more is the fact that, according to a spokesperson, at least part of Twitch's goal in the case is to "shed light on the identity of the individuals behind these attacks," raising complicated questions about when tech companies should be able to use the courts to unmask their own anonymous users and, just as critically, when they should be able to actually sue them for violating their speech policies.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Protocol | Workplace

Remote work is here to stay. Here are the cybersecurity risks.

Phishing and ransomware are on the rise. Is your remote workforce prepared?

Before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

Photo: Stefan Wermuth/Bloomberg via Getty Images

The delta variant continues to dash or delay return-to-work plans, but before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

So far in 2021, CrowdStrike has already observed over 1,400 "big game hunting" ransomware incidents and $180 million in ransom demands averaging over $5 million each. That's due in part to the "expanded attack surface that work-from-home creates," according to CTO Michael Sentonas.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.
Protocol | Fintech

When COVID rocked the insurance market, this startup saw opportunity

Ethos has outraised and outmarketed the competition in selling life insurance directly online — but there's still an $887 billion industry to transform.

Life insurance has been slow to change.

Image: courtneyk/Getty Images

Peter Colis cited a striking statistic that he said led him to launch a life insurance startup: One in twenty children will lose a parent before they turn 15.

"No one ever thinks that will happen to them, but that's the statistics," the co-CEO and co-founder of Ethos told Protocol. "If it's a breadwinning parent, the majority of those families will go bankrupt immediately, within three months. Life insurance elegantly solves this problem."

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

Latest Stories