Biometric data collection by Chinese government still growing, along with breaches
Beijing appears to be ramping up its collection of biometric data, as reports roll in of increased surveillance and monitoring of citizens across China. Wristbands that track emotions; facial recognition scans used to record students’ moods; the casual cataloguing of Tibetans’ DNA: all of these scenarios would fit right into a sci-fi spy film — but they are becoming the day-to-day reality for ordinary Chinese people.
China is already the world’s most heavily surveilled country, according to the Independent. But its pursuit of even more control over digital ID and biometric data is barreling ahead. In Beijing, 1800 haptic bracelets have already been handed out to long-distance bus drivers, to monitor vital signs such as heart rate and blood oxygen. The city’s public transport authority has plans to roll out 5,000 additional “recognition systems” to police drivers’ behavior.
In Tibet, meanwhile, China appears to be using the playbook it deployed in the Xinjiang region, where DNA collection among Uyghurs and other ethnic minorities preceded a mass campaign of detention and forced labour. The pricking of fingers has become common among groups from monks to schoolchildren, according to The Economist. Researchers from the Citizen Lab at the University of Toronto say Chinese authorities may already have collected DNA from up to 35 percent of Tibet’s population.
Beijing’s standard justifications for its biometric surveillance activities are increasing public safety, maintaining social stability, and so on. But in the case of collecting Tibetans’ DNA — technically illegal under Chinese law — authorities have been blunt, listing “population control” among their reasons.
As the grip tightens at one end, however, it is not stopping leaks at the other. According to Bloomberg, it is increasingly easy to find Chinese data for sale on cybercriminal sites, in the aftermath of a massive personal ID breach in June 2022. That incident saw a hacker allegedly seize the data of over one billion Chinese people from the Shanghai police and post it for sale on an underground marketplace known as Breach Forums. Then, in August, another user posted data taken from nearly 50 million registrants of Shanghai’s mandatory healthcare system.
Nor is this expected to be the end of it. Feixiang He, a researcher at the Singapore cybersecurity firm Group-IB, told Bloomberg that interest in Chinese data on Breach Forums has skyrocketed. “The forum has never seen such an influx of Chinese users,” he said, “[and] the number of attacks on Chinese users may grow in the near future.”