China

China sours on facial recognition tech

State media and new regulations are going after dodgy company practices. Government still gets a free pass.

China sours on facial recognition tech

A screen shows visitors being filmed by AI (artificial intelligence) security cameras with facial recognition technology at the 14th China International Exhibition on Public Safety and Security at the China International Exhibition Center in Beijing on October 24, 2018.

NICOLAS ASFOURI / Contributor/ Getty Images

Hundreds of thousands of surveillance cameras throughout China have been hoovering up facial recognition data without notifying the people attached to the faces. Now, the companies behind the tech are finally under the microscope after a blistering recent exposé — one carried by a major mouthpiece for Beijing, the same government known for its own untrammeled intrusions into private life.

On March 15, China Central Television broadcast its annual consumer rights gala, a long-running annual special that has uncovered many high-level consumer frauds. One segment revealed that facial recognition security cameras located at chain stores nationwide have been picking up shoppers' personal information without their knowledge or consent. The revelations ignited a furious backlash against the companies. "Two characters," went one popular online comment about the findings: "wu chi (无耻)," meaning "shameless." It's another instance of grassroots pushback against surveillance tech in China, a global leader in surveillance research as well as in deployment.

The central irony went unremarked: that Beijing has become both the critic and perpetrator of mass surveillance.

Caught in the act

In the 10-minute investigative segment, undercover reporters talked to surveillance camera providers who proudly exhibited the power of their facial recognition systems. Within seconds of encountering a shopper, cameras installed in retail stores could recognize and document that person's, age, ethnicity and even emotional state. The cameras also successfully identified return customers, allowing sellers to call up purchase histories in real time.

Such technologies have been branded "VIP customer identification," promising to use facial recognition to help retailers identify their frequent clients in order to serve them better. In fact, the cameras collect and store information from everyone who's ever stepped in a store, regardless of status.

The website of Ovopark, one of the firms exposed for selling surveillance cameras and software, once proudly noted that this technology had been sold to retailers including international brands Kohler and MaxMara, both of which have operations in China. (That assertion was no longer posted as of Monday, the day the CCTV take-down aired.) In a blog post published in November 2020, Ovopark, a Suzhou-based startup founded in 2014 that raised $12 million in its series B round last May, said its cameras work covertly in situations where customers wouldn't want their biometric data to be collected. It gave the example of a real estate sales office. "Customers there will never agree to have their facial recognition data collected, so [we offer] Facial Recognition Technology for Non-Cooperative Individuals at a Distance, designed for commercial environments," the blog post reads. Ovopark has since published a vague statement on its website saying the company is investigating the issues the investigation raised.

Kohler also released a statement saying it has ordered the immediate removal of all surveillance cameras from its stores in China. Kohler and retailer MaxMara separately claimed they used the cameras only to count customer traffic.

It's an open question how much CCTV's latest exposé will change corporate behavior. The surveillance industry is thriving in China, which combines abundant engineering talent with a relatively lax environment for deployment. According to data analytics firm Qichacha, over 7,000 companies in China provide services or equipment related to facial recognition.

Some of China's AI unicorns are getting in on the action. CloudWalk, one of China's "four AI dragons," currently seeking approval for a domestic IPO, said in a Sep. 2018 press release that it was helping equip several prominent shopping malls with tech that performed functions similar to Ovopark's. Cloudwalk boasted of an innovative way of obtaining facial recognition data: by prompting customers to participate in "face swaps" and "celebrity look-alike" games to capture their faces, then asking for their phone numbers in exchange for cash incentives.

Big brother Beijing

Private companies haven't vaulted China to its leading status in facial recognition tech by themselves. National tech policies and standards have encouraged its research and commercial implementation since 2015. In a 2017 blueprint to "facilitate the development of next-generation AI industry," China's Ministry of Industry and Information Technology said that by 2020 it aimed to support recognition that would work on "people from different regions" and achieve recall rates of 97% and recognition rates of 90% "under complex/dynamic conditions."

Crucially, China's state surveillance projects have also offered industrial applications for technologies once only used in labs. "Sharp Eyes," a controversial nationwide program that aimed to cover all of China's public spaces with public safety cameras by 2020, has been a boon for the surveillance tech industry. "'Sharp Eyes' facilitated the exponential growth of the video surveillance market as part of the larger security industry," Beijing-based think tank EqualOcean wrote in a market analysis. "It has significantly stimulated demand for high-resolution cameras, facial recognition cameras and other video surveillance equipment."

While such projects are often officially for public safety purposes, they're frequently abused to infringe on individual privacy. For example, surveillance cameras have become ubiquitous in the western region of Xinjiang to monitor and suppress ethnic minorities, including Uyghurs and Kazakhs.

Hints of a movement

Given the consequences for political dissent, it's risky for Chinese people to speak out against state-sponsored or state-imposed surveillance projects. But pro-privacy sentiment is still gathering steam. In a 2019 public survey conducted by a Chinese think tank, over 70% of respondents said they worried about their facial recognition data being leaked. Over 40% said the use of these technologies should be limited in certain situations.

Most ire at privacy violations is directed towards private companies. In 2019, a law professor in the tech-friendly city of Hangzhou sued a local zoo for forcing him to submit facial recognition data to gain access. He later won the case, widely regarded as the first facial recognition lawsuit in China. There are regular conversations on social media about the ubiquitousness and invasiveness of surveillance cameras.

CCTV's exposé shows the state is well aware of these societal concerns. Beijing genuinely concerned with privacy abuses and happy to crack down on them — when the private sector is the perpetrator. In 2020, China's Ministry of Industry and Information Technology tested 520,000 mobile apps for their privacy protection practices, according to the minister. Many popular apps owned by China's Big Tech, including Tencent and JD, were ordered to make changes.

But the state has been quiet about how it uses the surveillance tech the private sector has developed for its own purposes. CCTV didn't say whether facial recognition cameras or similar equipment were being deployed by government actors.

Regulation is here to help, sometimes

A new law likely to be passed in 2021 will help government further regulate the commercial uses of facial recognition. Article 27 of the draft Personal Information Protection Law states that "image collection or personal identity recognition equipment" shall only be installed in public venues "as required to safeguard public security and observe relevant State regulations," adding that "clear indicating signs shall be installed."

A major question for now is what constitutes a "public venue."

"Even though [shopping malls] may be privately owned, you've got the general public running in and out. It's not like it's a private club or a person's house," Jamie Horsley, a visiting lecturer at Yale Law School and an expert on Chinese administrative law, told Protocol. She pointed to 2016 regulation that includes "malls (shops), bookstores" and many more retail spaces to the definition of "public venues."

The draft law, Horsley said, primarily regulates private companies, not governments. Under the new rules, facial recognition can still be deployed for public security purposes and when required by "relevant regulations." That allows authorities to keep their police surveillance projects.

There is a provision in the law that restricts government use of facial recognition as well. But actually enforcing it will be difficult. Chinese courts lack judicial independence and rarely accept cases brought against the state.

Regardless, the forthcoming rules, which adopt provisions from existing privacy laws around the world, could be the beginning to the end of China's facial recognition free-for-all. "The government is very interested in social stability, and so they recognize that how they handle personal data ... is now an issue at the forefront of people's minds," Horsley said. "[Even] if you are a powerful government agency."

Clarification: This article has been updated to clarify comments made by Yale Law School lecturer Jamie Horsley.

SKOREA-ENTERTAINMENT-GAMING-MICROSOFT-XBOX
A visitor plays a game using Microsoft's Xbox controller at a flagship store of SK Telecom in Seoul on November 10, 2020. (Photo by Jung Yeon-je / AFP) (Photo by JUNG YEON-JE/AFP via Getty Images)

On this episode of the Source Code podcast: Nick Statt joins the show to discuss Microsoft’s $68.7 billion acquisition of Activision Blizzard, and what it means for the tech and game industries. Then, Issie Lapowsky talks about a big week in antitrust reform, and whether real progress is being made in the U.S. Finally, Hirsh Chitkara explains why AT&T, Verizon, the FAA and airlines have been fighting for months about 5G coverage.

For more on the topics in this episode:

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

COVID-19 accelerated what many CEOs and CTOs have struggled to do for the past decade: It forced organizations to be agile and adjust quickly to change. For all the talk about digital transformation over the past decade, when push came to shove, many organizations realized they had made far less progress than they thought.

Now with the genie of rapid change out of the bottle, we will never go back to accepting slow and steady progress from our organizations. To survive and thrive in times of disruption, you need to build a resilient, adaptable business with systems and processes that will keep you nimble for years to come. An essential part of business agility is responding to change by quickly developing new applications and adapting old ones. IT faces an unprecedented demand for new applications. According to IDC, by 2023, more than 500 million digital applications and services will be developed and deployed — the same number of apps that were developed in the last 40 years.[1]

Keep Reading Show less
Denise Broady, CMO, Appian
Denise oversees the Marketing and Communications organization where she is responsible for accelerating the marketing strategy and brand recognition across the globe. Denise has over 24+ years of experience as a change agent scaling businesses from startups, turnarounds and complex software companies. Prior to Appian, Denise worked at SAP, WorkForce Software, TopTier and Clarkston Group. She is also a two-time published author of “GRC for Dummies” and “Driven to Perform.” Denise holds a double degree in marketing and production and operations from Virginia Tech.
Policy

Congress’ antitrust push has a hate speech problem

Sen. Klobuchar’s antitrust bill is supposed to promote competition. So why are advocates afraid it could also promote extremists?

The bill as written could make it a lot riskier for large tech companies to deplatform or demote companies that violate their rules.

Photo: Photo by Elizabeth Frantz-Pool/Getty Images

The antitrust bill that passed the Senate Judiciary Committee Thursday and is now headed to the Senate floor is, at its core, an attempt to prevent the likes of Apple, Amazon and Google from boosting their own products and services on the marketplaces and platforms they own.

But upon closer inspection, some experts say, the bill as written could make it a lot riskier for large tech companies to deplatform or demote companies that violate their rules.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Boost 2

Can Matt Mullenweg save the internet?

He's turning Automattic into a different kind of tech giant. But can he take on the trillion-dollar walled gardens and give the internet back to the people?

Matt Mullenweg, CEO of Automattic and founder of WordPress, poses for Protocol at his home in Houston, Texas.
Photo: Arturo Olmos for Protocol

In the early days of the pandemic, Matt Mullenweg didn't move to a compound in Hawaii, bug out to a bunker in New Zealand or head to Miami and start shilling for crypto. No, in the early days of the pandemic, Mullenweg bought an RV. He drove it all over the country, bouncing between Houston and San Francisco and Jackson Hole with plenty of stops in national parks. In between, he started doing some tinkering.

The tinkering is a part-time gig: Most of Mullenweg’s time is spent as CEO of Automattic, one of the web’s largest platforms. It’s best known as the company that runs WordPress.com, the hosted version of the blogging platform that powers about 43% of the websites on the internet. Since WordPress is open-source software, no company technically owns it, but Automattic provides tools and services and oversees most of the WordPress-powered internet. It’s also the owner of the booming ecommerce platform WooCommerce, Day One, the analytics tool Parse.ly and the podcast app Pocket Casts. Oh, and Tumblr. And Simplenote. And many others. That makes Mullenweg one of the most powerful CEOs in tech, and one of the most important voices in the debate over the future of the internet.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Workplace

Ask a tech worker: How many of your colleagues have caught omicron?

Millions of workers called in sick in recent weeks. How is tech handling it?

A record number of Americans called in sick with COVID-19 in recent weeks. Even with high vaccination rates, tech companies aren’t immune.

Illustration: Christopher T. Fong/Protocol

Welcome back to Ask a Tech Worker! For this recurring feature, I’ve been roaming downtown San Francisco at lunchtime to ask tech employees about how the workplace is changing. This week, I caught up with tech workers about what their companies are doing to avoid omicron outbreaks, and whether many of their colleagues had been out sick lately. Got an idea for a future topic? Email me.

Omicron stops for no one, it seems. Between Dec. 29 and Jan. 10, 8.8 million Americans missed work to either recover from COVID-19 or care for someone who was recovering, according to the Census Bureau. That number crushed the previous record of 6.6 million from last January, and tripled the numbers from early last month.

Keep Reading Show less
Allison Levitsky
Allison Levitsky is a reporter at Protocol covering workplace issues in tech. She previously covered big tech companies and the tech workforce for the Silicon Valley Business Journal. Allison grew up in the Bay Area and graduated from UC Berkeley.

The fast-growing paychecks of Big Tech’s biggest names

Tech giants had a huge pandemic, and their execs are getting paid.

TIm Cook received $82 million in stock awards on top of his $3 million salary as Apple's CEO.

Photo: Mario Tama/Getty Images

Tech leaders are making more than ever.

As tech giants thrive amid the pandemic, companies like Meta, Alphabet and Microsoft have continued to pay their leaders accordingly: Big Tech CEO pay is higher than ever. In the coming months, we’ll begin seeing a lot of companies release their executive compensation from the past year as fiscal 2022 begins.

Keep Reading Show less
Nat Rubio-Licht
Nat Rubio-Licht is a Los Angeles-based news writer at Protocol. They graduated from Syracuse University with a degree in newspaper and online journalism in May 2020. Prior to joining the team, they worked at the Los Angeles Business Journal as a technology and aerospace reporter.
Latest Stories
Bulletins