Chinese Facial Recognition Database Exposes 2.5 Million People

An artificial intelligence company operating a facial recognition system in China recently left its database exposed online, leaving the personal information of some 2.5 million Chinese citizens vulnerable. Considering how much the Chinese government relies on facial recognition technology, this is a big deal—for both the Chinese government and Chinese citizens.

What Happened With This Chinese Facial Recognition Database?

So what happened? The database belongs to SenseNets Technology, Ltd, a company that develops artificial intelligence security software systems, including facial recognition, crowd analysis, and personal verification. Founded in 2015 and based in Shenzhen, China, SenseNets’ technology is used by police surveillance systems in many Chinese cities. SenseNets’ video tracking cameras monitor people and record their movements as data. As you might imagine, SenseNets has access to a lot of data, gathered from watching millions of people all day, every day. The big deal? That boatload of information was exposed to the public because the company failed to password protect it. The data was in plain text, and anyone nosing around could easily access it.

Victor Gevers, a Dutch cybersecurity researcher at the non-profit group, GDI.Foundation, discovered the open database online because, well, it’s what he does. Grevers discovered the problem in July of 2018 and warned the company about it, but the company didn’t reply. In February of 2019, Grevers publicly shared information about the breach on Twitter. Grevers’ tweets indicate the data has been viewed and in some cases copied by visitors to the access point. SenseNets has since blocked access to the database and as refrained from any comment on the occurrence.

As an aside, Grevers is also the person who discovered what is being called the “BreedReady” database this past weekend. This is an open database in China apparently developed to register the personal information of some 1.8 million women. The information in the database includes age, addresses, phone numbers, education, location, ID number, and what is being called a “BreedReady” status of these women. For a Communist country suffering from falling birthrates, an extreme shortage of women, this shouldn’t come as a surprise, but is nonetheless alarming.

What Kind of Information Was Exposed?

The database exposure included the gender, address, birthdate, and nationality of more than 2.5 million people in China. It also included each person’s employer and a photo. This type of private information is linked to the ID card number that Chinese residents are required to have. That ID number was also exposed in this Chinese facial recognition

How Does China Use Facial Recognition Technology?

In China, facial recognition technology is sophisticated and part of everyday life. The government watches everything and everyone, all day every day. Residents who go through the security checkpoint at the Shanghai Hongqiao International Airport have to get through the facial recognition step first. The subway system in Beijing is getting ready to use this technology, and police officers use special glasses that let them quickly recognize faces, to aid in the rapid identification of suspects. Schools in China may start using facial recognition to take attendance each day, and it’s even been considered to use the system to ensure the children are paying attention during class.

The Chinese are currently testing a very controversial social credit scoring system, designed to monitor unattractive or unhealthy behavior (e.g. frivolous spending, being wasteful, smoking where it’s not permitted, or not being a “good citizen.” This system is expected to roll out in 2020 and may preclude Chinese citizens with low social credit scores from traveling, getting a loan, a good job, or having educational opportunities.

Facial recognition technology and the artificial intelligence that fuels it is cool, without question, and can be used for much good. But when it’s left unsecured and unprotected, it poses extreme danger to the millions of people potentially impacted. Chinese citizens, while accustomed to being under constant surveillance, quite likely are less comfortable having their personal information available online. Unfortunately for them, there’s probably not much they can do about it.

Here in the U.S., we’re not unaffected by the potential dangers of facial recognition technology. As just one example, facial recognition on the devices we use every day is largely insecure. See the recent report of the Samsung Galaxy S10 facial recognition being fooled by a video of the phone owner for more on that. Also, note that the U.S. Customs are reported to be speeding up facial recognition adoption at airports, in spite of a myriad of security concerns. China is a few years ahead of us in terms of how they are publicly using AI and facial recognition, but I predict we’ll be seeing more and more of it in the not too distant future.

Shelly Kramer

Shelly Kramer is a senior analyst at Futurum Research and one of the founding partners. She covers trends in B2B marketing and sales, digital transformation, customer experience, and marketing technology.She also covers topics, trends, and technologies related to the Future of Work, the transformation of the workplace, and how people and technology are driving that transformation. As a brand strategist, she has decades of experience helping global companies with sales and marketing challenges, messaging strategies, and driving strategy for B2B brands across multiple verticals, with a strong track record in software technologies and all things technology-related. Shelly offers valuable insights for enterprises of all sizes.
Shelly Kramer