Chinese 'Muslim tracker' surveillance system monitoring movements of 2.5m people in Xinjiang

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

A Chinese surveillance company has been tracking the movements of more than 2.5 million people in a region where authorities have waged a crackdown on Muslim minorities, a researcher has discovered.

Police checkpoints and security cameras have been recording the location data of residents of the Xinjiang region, according to a Dutch cybersecurity expert, who uncovered an online database containing names, photos, ID card numbers, birth dates and employment details of people monitored.

Victor Gevers said the database was left unprotected for months by facial-recognition technology company SenseNets Technology.

Mr Gevers, co-founder of non-profit internet security organisation GDI Foundation, first noted the vulnerability in a series of Twitter posts.

He said he believed the database was "built and operated for only one goal".

"It's a 'Muslim tracker' funded by Chinese authorities in the province of Xinjiang to keep track of Uyghur Muslims," he tweeted.

Mr Gevers was able to see 6.7 million geographical coordinates showing the whereabouts of citizens over the last 24 hours. The data was tagged with descriptions such as mosque, hotel, internet cafe, and other places where surveillance cameras were likely to be found.

“It was fully open and anyone without authentication had full administrative rights. You could go in the database and create, read, update and delete anything,” the researcher said.

The system was “open to the entire world” and could have been “corrupted by a 12-year-old,” he added.

Some 54.9 per cent of the people in the database were identified as Han Chinese, the country's ethnic majority, while 28.3 percent were Uighur and 8.3 percent were Kazakh, both Muslim ethnic minority groups.

China’s crackdown on Islam in Xinjiang has involved the incarceration of millions of Muslims in re-education camps where inmates have allegedly been tortured, forced to consume pork and alcohol, and ordered to renounce their religion.

Human rights activists, the United Nations and foreign governments have condemned the crackdown, which the Chinese authorities have depicted as a successful programme to quash extremism and separatist movements.

The Chinese government has ramped up personal surveillance in Xinjiang over recent years, including the construction of an extensive CCTV network and smartphone monitoring technology.

Outside analysts believe the western region may be a testing ground for techniques that could be creeping into other parts of the country.

SenseNets was founded in the southern Chinese city of Shenzhen in 2015 and is majority-owned by Beijing-based NetPosa, a video surveillance technology firm with US offices in Boston and California.

The SenseNets website showcases partnerships with police forces in Jiangsu and Sichuan provinces and the city of Shanghai. A promotional video boasts about its capacity to use facial and body recognition to track individuals' precise movements and identify them even in a crowded or chaotic setting.

Mr Gevers said his discovery of the database presented an ethical dilemma. GDI Foundation generally reports such vulnerabilities to the organisation that holds the information, while remaining neutral and not engaging in political controversies.

Mr Gevers said he alerted SenseNets to the data leak. The company did not respond, but has since taken steps to secure the database.

Hours after he revealed his findings on Twitter, the researcher learned that the system might be used to monitor Xinjiang's Muslim minority groups. He said that made him "very angry."

"I could have destroyed that database with one command," he added. "But I choose not to play judge and executioner because it is not my place to do so."

SenseNets, NetPosa, and Xinjiang's regional government have not replied to requests for comment.