China

Beijing sours on facial recognition, unless it’s the one doing it

State media and new regulations are going after dodgy company practices. Government still gets a free pass.

Beijing sours on facial recognition, unless it’s the one doing it

A screen shows visitors being filmed by AI (artificial intelligence) security cameras with facial recognition technology at the 14th China International Exhibition on Public Safety and Security at the China International Exhibition Center in Beijing on October 24, 2018.

NICOLAS ASFOURI / Contributor/ Getty Images

Hundreds of thousands of surveillance cameras throughout China have been hoovering up facial recognition data without notifying the people attached to the faces. Now, the companies behind the tech are finally under the microscope after a blistering recent exposé — one carried by a major mouthpiece for Beijing, the same government known for its own untrammeled intrusions into private life.

On March 15, China Central Television broadcast its annual consumer rights gala, a long-running annual special that has uncovered many high-level consumer frauds. One segment revealed that facial recognition security cameras located at chain stores nationwide have been picking up shoppers' personal information without their knowledge or consent. The revelations ignited a furious backlash against the companies. "Two characters," went one popular online comment about the findings: "wu chi (无耻)," meaning "shameless." It's another instance of grassroots pushback against surveillance tech in China, a global leader in surveillance research as well as in deployment.

The central irony went unremarked: that Beijing has become both the critic and perpetrator of mass surveillance.

Caught in the act

In the 10-minute investigative segment, undercover reporters talked to surveillance camera providers who proudly exhibited the power of their facial recognition systems. Within seconds of encountering a shopper, cameras installed in retail stores could recognize and document that person's, age, ethnicity and even emotional state. The cameras also successfully identified return customers, allowing sellers to call up purchase histories in real time.

Such technologies have been branded "VIP customer identification," promising to use facial recognition to help retailers identify their frequent clients in order to serve them better. In fact, the cameras collect and store information from everyone who's ever stepped in a store, regardless of status.

The website of Ovopark, one of the firms exposed for selling surveillance cameras and software, once proudly noted that this technology had been sold to retailers including international brands Kohler and MaxMara, both of which have operations in China. (That assertion was no longer posted as of Monday, the day the CCTV take-down aired.) In a blog post published in November 2020, Ovopark, a Suzhou-based startup founded in 2014 that raised $12 million in its series B round last May, said its cameras work covertly in situations where customers wouldn't want their biometric data to be collected. It gave the example of a real estate sales office. "Customers there will never agree to have their facial recognition data collected, so [we offer] Facial Recognition Technology for Non-Cooperative Individuals at a Distance, designed for commercial environments," the blog post reads. Ovopark has since published a vague statement on its website saying the company is investigating the issues the investigation raised.

Kohler also released a statement saying it has ordered the immediate removal of all surveillance cameras from its stores in China. Kohler and retailer MaxMara separately claimed they used the cameras only to count customer traffic.

It's an open question how much CCTV's latest exposé will change corporate behavior. The surveillance industry is thriving in China, which combines abundant engineering talent with a relatively lax environment for deployment. According to data analytics firm Qichacha, over 7,000 companies in China provide services or equipment related to facial recognition.

Some of China's AI unicorns are getting in on the action. CloudWalk, one of China's "four AI dragons," currently seeking approval for a domestic IPO, said in a Sep. 2018 press release that it was helping equip several prominent shopping malls with tech that performed functions similar to Ovopark's. Cloudwalk boasted of an innovative way of obtaining facial recognition data: by prompting customers to participate in "face swaps" and "celebrity look-alike" games to capture their faces, then asking for their phone numbers in exchange for cash incentives.

Big brother Beijing

Private companies haven't vaulted China to its leading status in facial recognition tech by themselves. National tech policies and standards have encouraged its research and commercial implementation since 2015. In a 2017 blueprint to "facilitate the development of next-generation AI industry," China's Ministry of Industry and Information Technology said that by 2020 it aimed to support recognition that would work on "people from different regions" and achieve recall rates of 97% and recognition rates of 90% "under complex/dynamic conditions."

Crucially, China's state surveillance projects have also offered industrial applications for technologies once only used in labs. "Sharp Eyes," a controversial nationwide program that aimed to cover all of China's public spaces with public safety cameras by 2020, has been a boon for the surveillance tech industry. "'Sharp Eyes' facilitated the exponential growth of the video surveillance market as part of the larger security industry," Beijing-based think tank EqualOcean wrote in a market analysis. "It has significantly stimulated demand for high-resolution cameras, facial recognition cameras and other video surveillance equipment."

While such projects are often officially for public safety purposes, they're frequently abused to infringe on individual privacy. For example, surveillance cameras have become ubiquitous in the western region of Xinjiang to monitor and suppress ethnic minorities, including Uyghurs and Kazakhs.

Hints of a movement

Given the consequences for political dissent, it's risky for Chinese people to speak out against state-sponsored or state-imposed surveillance projects. But pro-privacy sentiment is still gathering steam. In a 2019 public survey conducted by a Chinese think tank, over 70% of respondents said they worried about their facial recognition data being leaked. Over 40% said the use of these technologies should be limited in certain situations.

Most ire at privacy violations is directed towards private companies. In 2019, a law professor in the tech-friendly city of Hangzhou sued a local zoo for forcing him to submit facial recognition data to gain access. He later won the case, widely regarded as the first facial recognition lawsuit in China. There are regular conversations on social media about the ubiquitousness and invasiveness of surveillance cameras.

CCTV's exposé shows the state is well aware of these societal concerns. Beijing genuinely concerned with privacy abuses and happy to crack down on them — when the private sector is the perpetrator. In 2020, China's Ministry of Industry and Information Technology tested 520,000 mobile apps for their privacy protection practices, according to the minister. Many popular apps owned by China's Big Tech, including Tencent and JD, were ordered to make changes.

But the state has been quiet about how it uses the surveillance tech the private sector has developed for its own purposes. CCTV didn't say whether facial recognition cameras or similar equipment were being deployed by government actors.

Regulation is here to help, sometimes

A new law likely to be passed in 2021 will help government further regulate the commercial uses of facial recognition. Article 27 of the draft Personal Information Protection Law states that "image collection or personal identity recognition equipment" shall only be installed in public venues "as required to safeguard public security and observe relevant State regulations," adding that "clear indicating signs shall be installed."

A major question for now is what constitutes a "public venue."

"Even though [shopping malls] may be privately owned, you've got the general public running in and out. It's not like it's a private club or a person's house," Jamie Horsley, a visiting lecturer at Yale Law School and an expert on Chinese administrative law, told Protocol. She pointed to 2016 regulation that includes "malls (shops), bookstores" and many more retail spaces to the definition of "public venues."

The draft law, Horsley said, primarily regulates private companies, not governments. Under the new rules, facial recognition can still be deployed for public security purposes and when required by "relevant regulations." That allows authorities to keep their police surveillance projects.

There is a provision in the law that restricts government use of facial recognition as well. But actually enforcing it will be difficult. Chinese courts lack judicial independence and rarely accept cases brought against the state.

Regardless, the forthcoming rules, which adopt provisions from existing privacy laws around the world, could be the beginning to the end of China's facial recognition free-for-all. "The government is very interested in social stability, and so they recognize that how they handle personal data ... is now an issue at the forefront of people's minds," Horsley said. "[Even] if you are a powerful government agency."

Clarification: This article has been updated to clarify comments made by Yale Law School lecturer Jamie Horsley.

Enterprise

SEC cyber reporting regs may be stuck. CISA is poised to do better.

CISA’s initiative to regulate critical infrastructure on incident reporting is just beginning. The focus on industry engagement by CISA and its director, Jen Easterly, could be about to pay off.

CISA director Jen Easterly is focusing on cyber industry engagement.

Photo: Kevin Dietsch/Getty Images

As the chief information security officer of a large, publicly traded tech company, Drew Simonis has been keeping a close eye on the SEC's proposed rules to require reporting of major cyberattacks.

Simonis, who works at Juniper Networks, has some serious concerns shared by many executives in U.S. private industry. Some of the proposed cyber incident reporting rules seem like they'd be counterproductive to the goal of creating transparency, and would likely just increase confusion for corporate shareholders, he said. Overall, by requiring public disclosure of major cyber incidents within four business days, the approach seems to lack a basic understanding of the "fluid nature of security events," Simonis said.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.

Sponsored Content

How Global ecommerce benefits American workers and the U.S. economy

New research shows Alibaba’s ecommerce platforms positively impact U.S. employment.

The U.S. business community and Chinese consumers are a powerful combination when it comes to American job creation. In addition to more jobs, the economic connection also delivers enhanced wages and a growing GDP contribution on U.S. soil, according to a recent study produced by NDP Analytics.

Alibaba — a leading global ecommerce company — is a particularly powerful engine in helping American businesses of every size sell goods to more than 1 billion consumers on its digital marketplaces in China. In 2020, U.S. companies completed more than $54 billion of sales to consumers in China through Alibaba’s online platforms.

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.
Entertainment

EA’s mobile chief: ‘We believe we will thrive in this environment’

Electronic Arts is faring better than its rivals. The company’s mobile chief knows why.

FIFA Mobile, a new version of which launched in January, just had its best-ever quarter.

Photo: Electronic Arts

Electronic Arts, the sports game publisher that spent years neglecting the mobile gaming market, couldn’t have picked a better time to jump in the deep end.

Last year, EA spent close to $4 billion acquiring its way to a stronger position in mobile. This year, it launched a new iteration of its popular FIFA franchise for smartphones and released a mobile spinoff of its hugely successful Apex Legends battle royale. The company's competitors have also followed suit with even more eye-popping acquisitions, including Take-Two Interactive’s purchase of Zynga for nearly $13 billion back in January and Microsoft’s record $69 billion acquisition of Activision Blizzard, which includes Candy Crush studio King, soon after.

Keep Reading Show less
Nick Statt

Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

Policy

NYC’s bungled monkeypox vaccine rollout has a familiar ring

The failures raise questions about the due diligence undertaken by officials in awarding contracts.

The tech failures are part of a broader mishandling of the monkeypox outbreak at all levels of government, which is causing public health experts to fear that the virus could already be out of hand.

Photo: Kobi Wolf/Bloomberg via Getty Images

In 2016, New York's state Attorney General Eric Schneiderman reached a settlement with a company known as MedRite Urgent Care, after Yelp caught the company paying for fake positive reviews. At the time, the attorney general's office accused MedRite of "misrepresentation and deceptive acts," for which the urgent care provider agreed to pay a $100,000 fine.

And yet, just six years later, in the midst of its fast-growing monkeypox outbreak, New York City chose MedRite to operate its monkeypox vaccine scheduler. The first day of the rollout, MedRite's system crashed, leaving New Yorkers scrambling to get access to a vaccine that is already in limited supply.

Keep Reading Show less
Kwasi Gyamfi Asiedu

Kwasi (kway-see) is a fellow at Protocol with an interest in tech policy and climate. Previously, he covered global religion news at the Associated Press in New York. Before that, he was a freelance journalist based out of Accra, Ghana, covering social justice, health, and environment stories. His reporting has been published in The New York Times, Quartz, CNN, The Guardian, and Public Radio International. He can be reached at kasiedu@protocol.com.

Fintech

Credit where it’s due: BNPL wants in on credit reports

The CFPB, “buy now, pay later” companies and credit bureaus all think BNPL data should be factored into credit scores. So what’s the hold up?

Currently, most “buy now, pay later” products can only hurt a user’s credit, but major BNPL companies, consumer advocates and credit bureaus all say they're trying to change that.

Illustration: Christopher T. Fong/Protocol

Currently, most “buy now, pay later” products can only hurt a user’s credit — if there’s even an impact on their credit score at all. But major BNPL companies, consumer advocates and credit bureaus all say they are trying to change that.

The effort began to gain steam in June, when the CFPB urged “pay-in-four” BNPL companies, credit bureaus and scoring companies to work together on incorporating BNPL data into users’ credit scores in a way that rewards responsible behavior. But BNPL companies say they are hesitant to trust credit bureaus with the data.

Keep Reading Show less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

Latest Stories
Bulletins