“Chinese surveillance” became a buzzword in early February, after a spy balloon from China was discovered over the continental United States. While China does have robust espionage operations abroad, it also devotes a great deal of resources to surveilling its own population, both online and in the real world.
Wall Street Journal reporters Josh Chin and Liza Lin delved into the political imperatives and technologies driving China’s surveillance operations in their book “Surveillance State: Inside China’s Quest to Launch a New Era of Social Control.” In this written interview, The Diplomat’s Shannon Tiezzi asked Chin and Lin about the scope of surveillance in China, the public reaction, and the future direction of such efforts.
The balloon incident of early February brought China’s foreign surveillance operations into the spotlight. But as your book outlines, China also has an extensive internal surveillance apparatus, targeting its own citizens. How do these two sectors overlap and reinforce each other?
On the surface, there’s a world of difference between a spy balloon like the kind the U.S. shot down and a face-scanning camera of the type you see blanketing Chinese streets. Not only do they look very different, they also are collecting very different types of information. One is designed to collect information about high-value military or infrastructure targets. The other is gathering data about human behavior.
But there is one important parallel. Of the six Chinese companies the U.S. blacklisted following the balloon incident, five are private companies the U.S. alleges are part of a “civil-military fusion” campaign that blurs the line between business, research, and the People’s Liberation Army. Several Chinese surveillance companies likewise have ties to the PLA. That includes the world’s largest maker of surveillance cameras, Hikvision, which is a subsidiary of a state-owned military contractor called China Electronics Technology Group Corporation.
In other words, Chinese authorities are subjecting both foreign governments and their own people to military-grade surveillance. You see this most clearly in the northwestern region of Xinjiang, where CETC is helping police track minority populations using a cutting-edge data analysis platform originally designed to enable the PLA to track enemy fighters.
Can you walk us through the kinds of surveillance a Chinese person might encounter during a typical day? Say, while driving or taking public transportation to work, spending the day in an office, eating dinner out, returning home – and browsing the internet and social media throughout?
For residents in large cities like Beijing or Shanghai, the surveillance starts the moment you step outside. There are countless security cameras on the streets, and in public squares, subway and railway stations. Even places of worship. These cameras often come with analytics such as image recognition, and are connected to a control center where police can monitor the footage. The cameras record details such as clothing, gender, age, and some run face images past a police blacklist to identify persons of interest. Public procurement documents also show Chinese police requests for AI analytics such as behavior or gait recognition, crowd-counting, recognition of individuals according to ethnicity.
But there’s just as much, if not more, tracking in the virtual world. Chinese internet companies Alibaba and Tencent collect a cross-section of behavioral data from their users that Silicon Valley companies can only dream of. Both have widely used mobile payment systems, which means they can cross-reference data on what you spend money on – movie tickets, utility bills, taxis, investments – with information on other parts of your life: who your friends are and what you say to them, where you live and work, content you like, etc. It’s the equivalent of Google, Facebook, and Amazon pooling their data in one place and offering it up to the government with effectively zero protections.
When we talk about “Chinese surveillance,” we might imagine a central government office overseeing a vast trove of data. But in reality, surveillance is carried out by many different actors, including private companies and local governments. How fragmented is the surveillance environment in China? Does it vary based on where you live and what products you use?
China’s government has more and better access to individuals’ data than any other government anywhere else in the world, but it’s far from seamless. Like in any bureaucracy, Chinese government agencies guard their data jealously and don’t always want to share it with other agencies. State security agents don’t always want to share surveillance footage with regular police, for example. The same goes for double for Chinese companies, who see their data as their most valuable asset.
Even when the central government strong-arms two different agencies into sharing information, the systems the data is stored on aren’t always compatible. Engineers refer to this as the “data island” problem. At present, China is one huge archipelago of data islands.
It’s a problem that afflicts all would-be surveillance states. But the Chinese government is working hard to build the bridges it needs to link up all its pockets of data. In tech-savvy cities like Hangzhou, where Alibaba is based, officials already enjoy something pretty close to that Big Brother-style view.
Xinjiang is the most extreme example of China’s government using surveillance technology to track and control the population. Some activists have raised concerns that Xinjiang might be a testing ground, with the same technologies soon to be deployed across China. Have you seen this happening?
When we first started reporting on the spread of surveillance in Xinjiang, a human rights lawyer in Beijing said just that: it was a testing ground for the rest of China. We were skeptical, if only because it seemed like overkill. Why invest in a system capable of tracking people with that level of intensity when only a tiny fraction of them pose a threat?
But then came COVID-19. Within weeks of the lockdown of Wuhan in 2020, you started to see cities like Beijing and Shanghai deploying many of the same tactics being used in Xinjiang, in this case targeting an actual virus instead of an “ideological” one. The parallels really exploded when China introduced health codes, which tracked the movements of essentially every adult in China in real time and judged them according to their risk of exposure.
The COVID-19 surveillance was driven primarily by public health concerns, but there was an undeniable element of political control mixed in, just like in Xinjiang. You saw that clearly late last year, with police using COVID-19 surveillance tools to track down people who participated in street protests against zero COVID measures.
What is the reception within China to the surge in data collection, location tracking, facial recognition technology, etc.? Are there public debates about data privacy, or is this a topic of censorship?
Pre-COVID-19, many Chinese accepted state surveillance. They saw positive externalities from police and other official agencies’ surveillance of the streets, such as perceived better law and order or cleaner sidewalks. During COVID-19, they also accepted state tracking as something that helped society function more efficiently and smoothly, and reduced the casualties from the coronavirus.
2022 was a major turning point. Government surveillance mechanisms meant to nip the spread of COVID-19 in the bud within China failed to catch up with the highly infectious Omicron variant. The state then turned its surveillance on its people. Drones were being deployed in apartment compounds to make sure no one stepped out, and buzzers that would send alerts to local authorities if residents opened their doors too wide. Much of this, including the abuse of some state surveillance mechanisms last year, led to widespread unhappiness in many cities. Some of China’s largest protests in recent decades took place in major cities late last November.
As for data privacy, public debates on the subject are rare and often censored. When one of the largest cybersecurity breaches in Chinese history – involving a Shanghai police database containing personal information of nearly a billion citizens – happened last year, there was hardly any mention of it in state media or on the internet. Interestingly, when the data privacy debate or breach involves a privately-run business or company, state media play up the issue and hold the company accountable.
In the U.S., the popular video app TikTok, which is owned by Chinese company ByteDance, is a major source of concern regarding the potential for surveillance. Do you think TikTok users should be worried about the Chinese government “spying” on them?
TikTok’s been under some scrutiny because its parent company ByteDance has thousands of staff in China and several business units headquartered there. One big risk with TikTok is that China has introduced a suite of national security laws over the last decade that compel domestic companies to share data with the Chinese government for national security or intelligence purposes. I believe spying on the vast majority of TikTok users would not be very practical as it would require a lot of resources and storage and is incredibly cost-intensive. There are one billion users of the app each month.