Last month, a Dutch cybersecurity expert revealed that Chinese security contractor SenseNets left an active facial recognition database of over 2.5 million people in China's Xinjiang province exposed on the web. The massive security breach to Chinese citizens' privacy shows the disturbing extent to which the state is monitoring the public.
But it also served as a microcosm for another problem: the fact that American technology firms are aiding Chinese surveillance companies by providing expertise and technology, whether they know it or not. The SenseNets database contained exact GPS coordinates of the individuals in its system 24 hours a day. And, with facial recognition, it was able to match individuals with their national ID numbers, places of employment, and personal photos. Almost 33% of the 2.5 million tracked belonged to the Uighur minority ethnic group. The database was available on the internet for half a year before it was reported.
In February of last year, the Massachusetts Institute of Technology revealed a large research partnership with Chinese artificial-intelligence and facial-recognition leader SenseTime—the company that had a 49% stake in SenseNets and supplied the company with tech experts. Netposa, SenseNet's parent company, though based in China, has offices, investors, and investments in the U.S. The increasingly mutual relationship between entities in both countries raises glaring concerns about dual-use technology, or tech that has both civilian and military uses.