Reverse Engineering a Xinjiang Police Mass Surveillance App
hrw.orgIt would be helpful to get some true, short stories about the path from harmless activity -> data collection -> re-education camp to show people in the rest of the world why their techie friends are always harping on the dangers of online tracking and the erosion of privacy. This is the depressing doomsday scenario we're all trying to avoid. It's already real and it's happening in a massive country with an eye towards expansion.
What if there aren't any such stories?
From the article:
In Xinjiang, authorities have created a system that considers individuals suspicious based on broad and dubious criteria, and then generates lists of people to be evaluated by officials for detention. Official documents state that individuals “who ought to be taken, should be taken,” suggesting the goal is to maximize the number of people they find “untrustworthy” in detention. Such people are then subjected to police interrogation without basic procedural protections. They have no right to legal counsel, and some are subjected to torture and mistreatment, for which they have no effective redress, as we have documented in our September 2018 report. The result is Chinese authorities, bolstered by technology, arbitrarily and indefinitely detaining Turkic Muslims in Xinjiang en masse for actions and behavior that are not crimes under Chinese law.
> The IJOP center also sends officials to investigate cases when an individual’s phone, ID card, or vehicle has gone “off-grid.” Screen 15 displays the prompt sent to officials requesting them to investigate a phone number that the system has lost track of. The officer is prompted to probe, using a drop-down menu, why the phone went off-grid. The officer is then asked to note whether the person questioned seems suspicious and whether the case needs further investigation.
> ...
> The IJOP system also alerts officials when people are using phones that do not belong to them, giving the officials information about the case and the personal particulars of the person who is registered to the phone account, such as their ID number (see screen 19). It is unclear how the system “knows” that a person is using a phone that does not belong to them.[80] Officials are again required to log the reasons for the mismatch and decide if the person is suspicious.[81]
This technique especially scary for people concerned about privacy, because it means passive attempts to avoid surveillance will invite more direct invasions.
.2 they are scanning for new IMSI/IMEI pairs and comparing with known database.
Or perhaps transmitting photographs on screen unlock that are used for image recognition
I'm surprised Western governments don't automatically mark anyone using Tor as highly suspect.
Great article for getting a sense of what is of interest to a state. China has its own issues, but as a sample of what a given state considers interesting, it's a map for detecting how other countries likely collect the same information with some pretense of discretion. I'm sure we're all "shocked, shocked!" to have just found this out.
article says the level of surveillance carried out with this app in Xinjiang exceeds what is allowed by the law in China
Many—perhaps all—of the mass surveillance practices described in this report appear to be contrary to Chinese law.
Really important article IMO.
It's too bad this is probably going to be flagged to death (or at least off the front page).
Of all the articles about Xinjiang and Chinese human rights issues, this is one of rare ones that's right up HN's alley, because of its focus on the details of the technology of mass surveillance.
It's been one hour and already made it to the RSS feed. Maybe our Chinese overlords are sleeping, but I think it's safe.
Why would it be flagged?
Brigading from folks with some reason or another to be very pro china.
Already off the front page. The brigading is strong against this one.
Or it could be just the security warnings when opening the page
Edit: The error was coming from the office filtering.
What security warnings? I'm not seeing any in the US with Chrome or Firefox.
Or are you talking about the Great Firewall, which unsurprisingly appears to be blocking the Human Rights Watch website:
http://www.chinafirewalltest.com/?siteurl=https%3A%2F%2Fwww....
I'm getting security warnings on Firefox and Edge. But it maybe from my computer configuration.
What is the warning...?
What I'm getting on Firefox:
Someone could be trying to impersonate the site and you should not continue.
Websites prove their identity via certificates. Firefox does not trust www.hrw.org because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.
Error code: SEC_ERROR_UNKNOWN_ISSUER
I went to the page, it's blocked by the office network (as Advocacy Organizations), the warning was put there because the web filtering uses a certificate with a different name from the web site.
So, China basically treats Uyghurs citizens as foreigners. The app is a digitalized DS-160 form, and checkpoints are customs.