FB pixel

Researchers find biometric, biographical and location data of thousands of China’s school children unprotected online

Categories Biometrics News  |  Facial Recognition  |  Schools
 

A database of Chinese school children’s faces and their locations on Alibaba Group Holding Ltd. servers has been found online unprotected.

According to a Wall Street Journal article, the database of thousands of students collected by Safe School Shield, a surveillance system, involved 23 schools in Sichuan province. A Netherlands-based nonprofit, GDI Foundation, which seeks Internet vulnerabilities so they can be fixed, made the discovery.

An unnamed third-party cloud service hosted on Alibaba servers had the files. Along with facial biometrics and location information, the database holds student names as well as the names and mobile telephone numbers of students’ parents.

The article says that the cache — 1.3 million bits of information — has since been secured by Alibaba, however, a criminal could have created an administrative account to retain access after it was secured.

In fact, the data had been gathered over 10 days, and the database was available via search engines used by cybersecurity developers and researchers for about a month.

Chinese residents largely favor the use of facial recognition by the government, saying it makes them safer. A surveillance state has been created in the Xinjiang region, home to 14 million Muslims, a minority in China that government officials would like to see stripped of its cultural independence.

But the Journal quoted a survey by the Nandu Personal Information Protection Research Center that shows 40 percent of respondents feel the potential for leaks was a concern.

That is a relatively mild reaction out of China, which is known for numerous domestic cybercrimes involving the theft and sale of personal information. This might be changing, however.

The article recounts the local social-media unrest raised after it was revealed that a Nanjing school had used face-scanning systems to monitor which students were paying attention.

And last spring, Chinese police put 32 people in jail — after detaining more than 50 — as part of a three-year investigation into the stealing and trading of 39 million bits of personal data.

Those jailed allegedly were part of a nationwide gang trafficking in stolen information, according to the South China Morning Post. Data was gotten from hacking personal computers as well as local government offices.

Measures are being taken in China to better protect private information stored online. In June 2017, the nation enacted the Cyber Security Law, China’s first attempt at comprehensive regulation of data.

It is a complex statute full of standards, guidance and rules, and it is still being interpreted and changed through drafts of various sections. The question is, can a government that so enthusiastically deploys surveillance systems against its own population effectively regulate its semi-private business sector?

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics race for the borders

Biometrics to ease border crossings are a major theme of the week among Biometric Update’s most-read articles of the week….

 

US election likely to be a missed opportunity to advance digital ID policy

The 2024 U.S. election represents an opportunity for social dialogue around digital identity policy in the wake of a series…

 

India to pilot Digi Yatra for foreign nationals in 2025

India is planning an international pilot project for June 2025 that will see the introduction of facial recognition technology beyond…

 

Papua New Guinea advances digital ID, wallet and govt platform to pilot

Papua New Guinea has stood up a new digital ID, wallet and online government platform, and plans to pilot them…

 

UK police organized crime unit seeks new facial recognition software

The UK’s main law enforcement agency against organized crime is looking into new facial recognition solutions, as the country doubles…

 

The EUDI Wallet was not meant for age assurance: AVPA

The European Union should not look at the EU Digital Identity (EUDI) Wallet as an age-assurance solution to keep minors…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events