China Just Gave a Foretaste of One of the Biggest Dangers of Biometric Surveillance Systems

Like just about anything on the Internet, biometric surveillance systems are eminently hackable as well as prone to human error. 

As previously reported on Naked Capitalism, biometric surveillance systems, a common trope in dystopian novels, are being hastily rolled out across the West, with next to no public debate. That, of course, is for an obvious reason: if an open, informed debate on the pros and cons of biometric surveillance systems was actually allowed, the public would overwhelmingly reject it. Which is why these systems are increasingly encroaching into our lives under the radar, with limited public knowledge or understanding.

Insecure Data

However, a recent incident in China has underscored the potential vulnerability of biometric data storage systems. As Tech Crunch reported on Tuesday, a Hangzhou-based tech company called Xinai Electronics has left a huge cache of data containing 800 million records, including millions of faces, vehicle license plates and resident ID numbers, exposed to public view and access for months on end:

The company builds systems for controlling access for people and vehicles to workplaces, schools, construction sites and parking garages across China. Its website touts its use of facial recognition for a range of purposes beyond building access, including personnel management, like payroll, monitoring employee attendance and performance, while its cloud-based vehicle license plate recognition system allows drivers to pay for parking in unattended garages that are managed by staff remotely.

It’s through a vast network of cameras that Xinai has amassed millions of face prints and license plates, which its website claims the data is “securely stored” on its servers.

But it wasn’t.

Security researcher Anurag Sen found the company’s exposed database on an Alibaba-hosted server in China and asked for TechCrunch’s help in reporting the security lapse to Xinai.

Sen said the database contained an alarming amount of information that was rapidly growing by the day and included hundreds of millions of records and full web addresses of image files hosted on several domains owned by Xinai. But neither the database nor the hosted image files were protected by passwords and could be accessed from the web browser by anyone who knew where to look.

The database included links to high-resolution photos of faces, including construction workers entering building sites and office visitors checking in and other personal information, such as the person’s name, age and sex, along with resident ID numbers, which are China’s answer to national identity cards. The database also had records of vehicle license plates collected by Xinai cameras in parking garages, driveways and other office entry points.

TechCrunch says it contacted the company on numerous occasions to warn it about the exposed database, yet its emails were never returned. The database was publicly accessible for at least several months before finally being taken down in mid-August. But that was only after a data extortionist claimed to have stolen the contents of the database. If true, the implications are dire. Given the innate uniqueness of biometric data, if it is hacked, there is no way of undoing the damage. You cannot change or cancel your face, iris, fingerprint, or DNA like you can change a password or cancel your credit card.

The Growth of Biometric Surveillance in the West

Meanwhile, at the opposite end of the Eurasian landmass, the EU is assembling a gargantuan facial recognition system, by allowing, for the first time ever, police forces across the EU to link their photo databases. Brussels is also about to launch an automated Entry/Exit System (EES) to register travelers from third countries. The system will register the traveler’s name, type of travel document, biometric data (fingerprints and captured facial images), as well as the date and place of entry and exit.

The UK and the US are also investing heavily in facial recognition technologies, despite fierce opposition from civil liberties groups. As I reported in late July, the US is even preparing to share the biometric data of its citizens with the national governments of select countries, including the UK and the EU — on a quid pro quo basis, of course.

In the almost total absence of public debate — and in many cases, even public awareness — about these developments, what little debate that does occur is largely informed by surveys and opinion polls commissioned by the very firms that stand to benefit most from the roll out of the new systems.

A case in point: the French military contractor Thales Group, which is helping American Airlines develop its digital ID app and has been instrumental in efforts to roll out national digital identity programs in Africa, recently conducted its own survey of 1,800 residents of seven EU countries. The results of that survey, published in June, showed a significant majority (66%) of the respondents would happily use a digital ID wallet.

This is, of course, good news for Brussels, since it is on the verge of launching an EU-wide ID wallet, which Member States must have ready for public use by 2024. The goal of the ID wallet is to establish a unified digital identification system in Europe and it is meant to simplify — and, of course, digitize — the way people identify themselves in just about every facet of their lives and in any EU country. Use of the wallet will be totally voluntary (at least to begin with).

Also, as luck will have it, Thales Group is one of Europe’s leading providers of digital identity systems. In fact, as you can (and I would suggest, should) see in the slick corporate video below, the company was already showcasing the benefits of its digital ID wallet app almost two years ago, in October 2020.  Those benefits included helping the app’s users schedule appointments for mandatory vaccination, which is curious given that at that time there was no mandatory vaccination for COVID-19, since there were no COVID-19 vaccines available.


Another company that recently commissioned a survey on public attitudes toward new digital technologies — in this case, biometric payment technologies — is Mastercard, which,  is piloting a biometric checkout program dubbed, in pure Orwellian fashion, “Smile to Pay”. Seventy percent of the survey’s respondents, from six Asia Pacific countries (Australia, China, India, Japan, New Zealand, Thailand and Vietnam), said that using fingerprint or facial recognition to authenticate transactions was easier than remembering PINs or passwords (d’uh!), though 72% expressed concerns about which entities would have access to their data. Sixty-nine percent said they found the system more secure.

But is it?

A system like “Smile to Pay” may offer greater security by adding an extra factor to the authentication process, but consumers will not have to use the two-factor authentication — biometrics plus a PIN or password — if they don’t want to. And they are largely being encouraged by Mastercard not to, since the main selling points of the new technology are speed and convenience. What’s more, as the data breach at Xinai Electronics showed, the actual data underpinning the system may not be secure at all.

Other Data Breaches in China

The breach at Xinai was not the only mass leak of sensitive data that appears to have occured in China in recent months. In July, a huge trove of data containing information on around one billion Chinese residents was allegedly siphoned from a Shanghai police database stored in AliBaba’s cloud. As Techcrunch noted shortly after the alleged data leak,  “[w]ithout the (unlikely) confirmation from the Chinese government, it’s difficult to know for sure if the seller’s claims are genuine and the data was obtained from Shanghai’s police department, as is claimed.”

A month later, a hacker claimed to have obtained the personal information of 48.5 million users of a COVID health mobile app run by the city of Shanghai. The data is managed by the city government and users can access the app either by downloading it or opening it using the Alipay app, owned by fintech giant and Alibaba affiliate Ant Group, and Tencent Holdings’ WeChat app. Ant Group and Tencent are the two largest tech firms in China and are absolute behemoths.

If authentic, these breaches raise serious questions about the Chinese government’s cybersecurity regime, little more than a year after Beijing launched a crack down on private companies’ collection and collation of facial recognition data. As Sandra Watcher, a data ethics expert at the Oxford Internet Institute, told the Guardian last year, the security systems guarding our biometric data are only state-of-the-art until the day they are breached:

“The idea of a data breach is not a question of if, it is a question of when. Welcome to the Internet: everything is hackable.”

A Deeply Flawed Control System

There are, of course, plenty of other reasons why the creeping use of biometric surveillance systems, not just in China but across Asia, Africa and the West, by autocratic and ostensibly democratic states alike, should creep us out. First of all, these systems offer today’s governments surveillance powers that even the most efficient police states of the past could only have dreamt of — and what’s more, at a time of rising economic insecurity and political instability.

But that does not mean they are infallible. In fact, the systems are notoriously inaccurate on women and those with darker skin, and may also be inaccurate on children whose features are still changing rapidly. Yet despite these flaws police forces around the world are increasingly turning to facial recognition technologies to identify criminals and, in some cases, protesters. For Delhi police, for instance, a similarity score of just 80% is apparently enough to indicate a positive match, according to the force’s response to a query from the Internet Freedom Foundation, an Indian civil liberties group.

India offers an interesting case study on how biometric surveillance systems can, once the roots are planted, get out of control very quickly. In November 2021, Amnesty International warned that the capital city of Hyderabad, which has emerged as a challenger to India’s Silicon Valley, Bengaluru, is “on the brink of becoming a total surveillance city”:

The city in Telangana state – one of the most surveilled cities in the world – has begun construction of an ominous ‘Command and Control Centre’ (CCC), intended to connect the state’s vast facial recognition-capable CCTV infrastructure in real time. In addition, a study by the Internet Freedom Foundation found that Telangana state has the highest number of facial recognition technology (FRT) projects in India.

“Hyderabad is on the brink of becoming a total surveillance city. It is almost impossible to walk down the street without risking exposure to facial recognition,” said Matt Mahmoudi, Amnesty International’s AI and Big Data researcher.

“In addition to CCTV, we are concerned that law enforcement’s practice of using tablets to stop, search and photograph civilians without charge could be used for facial recognition.”

As biometric surveillance technologies advance, their use poses an ever-larger threat to privacy and basic freedoms, as the Electronic Frontier Foundation (EFF) warns:

As face recognition technologies become more effective and cameras are capable of recording greater and greater detail, surreptitious identification and tracking could become the norm.

The problems are multiplied when biometrics databases are “multimodal,” allowing the collection and storage of several different biometrics in one database and combining them with traditional data points like name, address, social security number, gender, race, and date of birth. Further, geolocation tracking technologies built on top of large biometrics collections could enable constant surveillance.

That is a disturbing enough prospect, especially given the minimal benefits — essentially minor gains in convenience and time — citizens actually stand to gain from giving up their most precious data to governments and corporations. But it is even more disturbing if you consider that this data, once relinquished, may not even be safe in the hands of governments or corporations, especially as cyber warfare becomes an increasing part of wider conflict.


Print Friendly, PDF & Email


    1. jr

      Amen to that. I already have enough children in my life who I have to watch inherit a dying, dystopian world. That’s bad enough.

  1. Arizona Slim

    Such a timely post for Cash Fridays. And what, you may ask, is this all about?

    Well, if you’re out and about and shopping on Fridays, pay cash. If you don’t have cash with you, pay with a check drawn on a locally owned and operated financial institution.

    Why Cash Fridays? It’s a silent rebellion against social credit scores, digital IDs, and other pernicious forms of social control.

    BTW, it’s okay to pay cash on other days of the week.

    1. Chas

      That’s a good idea. I’ve been thinking about ripping up the credit cards and using only cash all of the time. I think the only inconvenience would be paying at the gas station because I would have to go inside. Also, I never got a cell phone and after reading this article I never will.

      1. Arizona Slim

        Fun thing about paying cash: In the past, I was in the habit of whipping out the plastic whenever I went to the hardware store. No more.

        During my most recent trip, I paid with cash. Boom. Done.

        When I got home, I realized that this purchase was mine. Paid for in full. No need to pay off a credit card.

        That, people, is what empowerment really feels like.

    2. Oh

      I think a check payment will usually require your driver’s license no./other id for verification by the payee. The payee’s bank will scan the front and back of your check. This opens up the possibility for someone to store your name, address and phone no (if it’s on the check) plus your id info and your attempt to stay private will be compromised. Better to go with you Plan A, cash!

  2. jr

    I was forced to use a biometric identification system to receive some of my unemployment benefits. I worry about that data sitting on some half-a$$ed secured server. Who knows where it will finally end up?

    1. YankeeFrank

      “Secured server”. Hahaha.

      What’s even funnier about that joke is the companies that get this type of government work pay their employees poorly and have awful processes. Not a recipe for secure anything. Not that other tech companies can offer much better. Security on the internet where systems can be bombarded as soft targets all day long until a hole is found are by their nature insecure.

      The only thing that “protects” the vast majority of systems is that nobody cares about getting at the data.

      1. Mikel

        True. You can count one hand the types that want the info.

        The data is mainly passed around to advertisers and businesses and so they can spin tales to each other about their “influence.”

        Criminals vibe toward the financial info.

        The state and its puppeteers only becomes interested in a particular database if a person seeks or attains perceived or real influence.

  3. YankeeFrank

    These systems are easily hacked (as are all databases) and can’t be changed once hacked — tech disaster and mass system failure. Better hold onto your cash.

    Can a camera pick up the difference between a face and a photo of a face? Of course not.

    Its a combination of total lack of understanding of technology and a fetish for control and domination. As Walter Kirn wrote yesterday on twitter:

    “The reason big shots in big organizations are so often in error compared to people on the street is that they overestimate the credibility of other big shots in big organizations. Authority just tends to trust authority, and a closed cycle of high-level ignorance often results.”

  4. Eureka Springs

    Thank you Nick.

    I wonder just how energy intensive all this surveillance and it’s trappings might be? A recent article pointing out a smart phone is pinged and data saved over a thousand times a day, nothing good can come of that. I told someone the other day, remember those nosy loud Karen neighbors on shows like Andy Griffith and how everyone hated them, well they rule the world now, it’s the most profitable business model, and they know everything. And the point about what happens when your theft of face, dna, fingerprints, which are not something one could change like an I.D. number should be an all stop moment. I mean seriously, anyone aside from say, a medical professional needing dna info or plastic surgeon needing face info should be arrested for even asking for these things.

    Just like asking nuke power cheerleaders, what about nuke waste and who’s going to take care of it for at least 100,000 years is an all stop moment.

    1. Altandmain

      Salt mines are currently being explored. There are other expensive options. Nuclear waste can be reprocessed.

      Alternatively, fast breeder technology can be utilized. There are concerns with building them, mostly around proliferation of weapons, but in practice, most developed nations already have the capability to build a functional weapon anyways. It’s the treaties that prevent it and the difficulty of building ICBMs or SLBMs to deliver the payload to a target, which would cost many times that of the bomb itself.

      I suspect that someday, we might end up in a situation where we might not have a choice.

      Someday, we might even teach a point where the uranium 238 in nuclear waste might be invaluable for breeder reactor fuel.

      If fast breeder technology is deployed, the waste issue will be mostly resolved.

      1. Bsn

        Hmmm. You start with “Nuclear waste can be reprocessed.” Then you end with “If fast breeder technology is deployed, the waste issue will be mostly resolved.”
        So you start with “can” and end with “if” and “will be MOSTLY”. So which is it? Sounds a bit like John Carey when he says we’ll fix climate change with technology that hasn’t been invented yet. Not real convincing.

  5. Rip Van Winkle

    Always amused that the ads for these ‘advances’ whether this Alexa, Venmo
    Etc show young hipsters and not some Archie Bunker characters. Thank God I was in my teens in the ‘70s and 20s in the ‘80s.

    When I’m dead my estate sale will include 1984, Animal Farm and Brave New World. All required reading in my high school back in the day. There is a handwritten inscription by me in each – “Goodbye and good luck!”

    May as well be the Talking Rings in The Time Machine.

  6. The Rev Kev

    There seems to be this idea running through modern governments everywhere about total awareness and total dominance. It it does not matter the amount of resources or the billions thrown at it, they still persist with this dream – or nightmare. But of course the tighter they squeeze the tighter the pressure. And then comes a point when all those resources and databases count for nothing in a popular revolt. It is inevitable as new factors arise that sabotage such attempts whether it be climate change or even depletion of resources. But in the meantime it makes a nice living for millions of people who would otherwise have to go get useful jobs.

    1. vao

      Whereas by “modern governments” one should mean “governments for the past 120 years”.

      The infamous tsarist political police, the Okhrana, had in its time set up a tentacular organization to keep track of dissidents, infiltrate political parties, monitor the activities of terrorist organizations and thwart their attacks. By opening correspondence, infiltrating moles in armed organizations, employing an army of snitches and informers rivalling what the GDR would do much later, and relying upon new filing technologies.

      After the October 1917 revolution, Victor Serge visited the headquarters of the Okhrana with a bolshevik official (I do not remember whether he was invited, or whether he convinced the official to let him do the visit).

      He was aghast. On the walls of the headquarters were displayed the entire structures of practically every anarchist, socialist-revolutionary and bolshevik organization that counted. Everything represented as graphs, linking every member with an indication of their role and personal details. Even the most secretive terrorist cells were there. The Okhrana had an almost total awareness of its enemies, and that still did not prevent the tsarist regime from collapsing after decades of bombings and assassinations.

      This episode is reported in the very nifty book by Victor Serge entitled “Ce que tout révolutionnaire doit savoir de la répression” — I do not know whether it was ever translated into English.

      Of course, the bolshevik promptly put the tsarist information to use in order to eliminate their SR and anarchist adversaries.

      1. JBird4049

        The Stasi also had a vast amount of data due to its penetration of society and the extensive use of informants. However, if everyone is a suspect, no one is a suspect, and if the means of control, or the living conditions of the society, become too onerous and all you have is the hammer for the supposed nail, things can very quickly fall apart.

        I think that authoritarian and totalitarian states have more control and are likely to last longer, but when they do fall, it is more unexpected and it is more chaotic. Subsuming all the means of control and information gathering into a central organization means that the rest of the society is not only lacking those means, but has become less capable and informed then they were previously. Tough, but with hidden lines of brittleness.

  7. wendigo

    A couple of weeks ago Mastercard sent me a new card.

    Letter said my current card was compromised and would be deactivated in 7 days. Destroy the old card immediately.

    So, with Smile to Pay will they send me a request to get a tatoo, maybe a .1 on my forehead?

    Or just send someone to punch me in the face hard enough to change the biometrics?

    Once your face has been hacked I hope they have the option of going back to a pin and not requiring the new unhackable implant. And I hope they let you keep your face.

    1. ambrit

      Even scarier is the idea, as I first encountered it in George Lucas’ film “THX 1138” of ‘your’ identity being given to someone else, after you have “died.” This is what happened the Thix’ wife’s number in the film. She disappeared and her identity number was transferred to a fetus, waiting to be ‘born.’
      We are in uncharted territory.
      One thing the cynic in me screams is: “Expect the worst and you will not be disappointed.”

      1. Petter

        Pessimist: “Everthing is terrible, everything is falling apart. It can’t get any worse than this.”
        Optimist: “Oh yes it can.”

  8. bold'un

    40 years ago when visiting less-developed countries, it used to be considered both advisable and polite to ask before taking photographs of people.
    Is there something unbalanced with current copyright law that says that if I take a picture of you, the copyright in the resulting image is 100% mine?
    Is a concealed recording device a form of theft; indeed there has always been some such connotation in the word ‘stealth’…

  9. Exiled_in_Boston

    ‘…if an open, informed debate on the pros and cons of biometric surveillance systems was actually allowed, the public would overwhelmingly reject it.’
    I believe this to be wildly optimistic.

  10. ejf

    Just took a course on facial recognition, some of its history, and how to code for it. The instructor referred to a number of academic papers, a good number of them written by Chinese digital scholars. The papers were dated from around 2005 to 2020. Then again there was “biometric badging” in Fallujah, 2007. The US military has been using it for some time. The more or less open software that’s available now has expanded on what the US military developed years ago. For those of you with a technical bend have a look here:
    The above link is a fairly good explanation of one facial recognition app. It explains how simple it is to install on your computer, easy to scare friends and family, and has lots of links for further study. Are we past 1984? We are well “over the horizon”.

  11. vao

    The dangers of biometrics as an authentication mechanism for essential services have been amply demonstrated by the Aadhaar system in India. After more than 12 years since it was launched, the authorities have not been able to make Aadhaar tamper-proof. Year after year, criminal gangs get their hands on biometric data and use them to defraud the State or pilfer unsuspecting victims:

    2017: Watch out, Aadhaar biometrics are an easy target for hackers

    2017: Cyber thieves use biometric skimmers to steal Aadhaar info

    2018: Another Aadhaar scam busted: Your data can apparently be tampered with even a rubber thumb

    2018: 164 Aadhaar-Related Frauds Reported Since 2011, Most in 2018: New Database

    2022: In new-age data theft, fraudsters steal thumb prints from land registries

    2022: Goon caught with 2,000 stolen fingerprints in Hyderabad, cops flag ID thefts

    Criticisms have been showered on Aadhaar, but the old iron law applies: once an institution is in place, it requires extraordinary circumstances to abolish it, even if it does not fulfil the requirements, or even is detrimental to achieving the stated objectives.

  12. Phenix

    Mask up and wear sun glasses?

    As a side note, I remember lot of people claimed that the Chinese data breaches were impossible because of their scale and not trustworthy since they showed Chinese policy towards minority groups.

    If I had the time Id read more about the topic. I hope that more people with more time and more ability than me will do the same.

    1. Half Bankrupt

      Phenix – you beat me to it! As I’m reading the article I’m thinking “mask up, mask up, mask up”.

  13. JBird4049

    But Butler’s case is just one of many that highlight growing questions in the world of forensic science: what exactly are fingermarks, DNA or gunshot residue actually evidence of – particularly now that even tiny traces can be detected?

    It’s a riddle whose answer may have profound consequences. According to research published by Morgan and her colleagues, rulings for 218 successful appeal cases in England and Wales between 2010 and 2016 argued that DNA evidence had been misleading, with the main issues being its relevance, validity or usefulness in proving an important point in a trial.

    But Butler’s case is just one of many that highlight growing questions in the world of forensic science: what exactly are fingermarks, DNA or gunshot residue actually evidence of – particularly now that even tiny traces can be detected?

    It’s a riddle whose answer may have profound consequences. According to research published by Morgan and her colleagues, rulings for 218 successful appeal cases in England and Wales between 2010 and 2016 argued that DNA evidence had been misleading, with the main issues being its relevance, validity or usefulness in proving an important point in a trial.

    Massive, very vulnerable databases. Inaccurate photo identifications, bad drug tests, flawed use of inaccurate gun shot locators, flawed DNA, fingerprint, and gunsmoke residue tests and analysis, corruption in criminal labs. Poorly maintained and therefore inaccurate criminal databases leading to arrests for failure to appear, car theft, failure to pay, bench warrants, etc. Failure to properly check identifying information, including properly comparing ID, warrant information, and looking at the arrested person in front of them.

    Biometric surveillance is just the continuation of heads we win and tails you lose style of government with the more authoritarian or corrupt the government is, the less they care about it. It becomes an issue of it being close enough for the government or whether the person has the status and money to challenge the mistake.

    1. Sue inSoCal

      Late to the party as always, but this is my question after watching this disgusting video: if you’re going to create total surveillance State a la Thales (French! I love it!) are they going to supply these phones gratis? That just doesn’t happen in the grifting US. Personally, I’ll never buy another cell phone. (Of course you have total control over your data!) That’s what those electronic medical records were all about. “You have control over your medical records.” Sure you do. That was a gift from Obama to big health insurance, imo.

      1. JBird4049

        Well, unfortunately, employers are starting to expect access to a cellphone even if you have a landline. At the least, they look at you funny for not having one. A person who does not have a landline, say if they are homeless, must have that bit of spyware, although it could be flip phone, I guess.

      2. Hepativore

        How long will it be before most employers routinely ask employees to waive their rights to medical privacy as a condition of employment to see if you have any medical issues that will cause excessive payouts on the employee health plan? You could hypothetically refuse, but then most employers will refuse to hire you as a result.

  14. Ignacio

    I do not worry any more. After WWIII the surviving mutants won’t be recognizable any longer and the hell if someone is recognized when it doesn’t matter any more. Just feeling optimistic today eh!

  15. Altandmain

    Cybersecurity becomes absolutely critical to the transition to more digital payments and as the article notes, biometric surveillance systems.

    I find that many organizations tend to neglect it until they learn the hard way. Hopefully the Chinese government will show a bit more competence about this matter.

    To be honest, I think biometric surveillance will happen to the Western world as well. Western nations are all plutocracies pretending to be democracies. Any challenges to the rich will be met with authoritarian measures.

    It’s likely that the Western governments won’t show much competence either to protecting people’s data. More likely the data will be used to help the rich and Establishment politicians retain power. They won’t care as much about data breaches.

    One can already see the rhetoric aimed at critics of the US and Western policy towards Russia. It is not too hard to imagine what might happen should a Bernie Sanders type of politician genuinely gain popularity.

    Somehow, I get the feeling that even if China is a warning sign for these systems, the wealthy that really control the governments of the Western world won’t allow a democratic debate on biometric surveillance.

Comments are closed.