South China Morning Post
Advertisement
Advertisement
Surveillance
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
CCTV cameras made by surveillance equipment maker Dahua Technology at the Security China 2018 exhibition. Photo: Reuters
TechPolicy

Chinese surveillance giant expanding in the US attracts scrutiny over possible targeting of Uygurs

  • After cybersecurity researchers found code with an ethnic designation for Uygurs, Dahua promptly pulled and updated the code on its website
  • Dahua, the second largest surveillance company in China, rebranded its product lines in North America following a US$10 million deal with Amazon this year
Surveillance
Masha Borak
Masha Borak
Why you can trust SCMP

A Chinese surveillance company with eyes on the US market has fallen under scrutiny after researchers found software code that appears to enable ethnic profiling of China’s Uygur minority using artificial intelligence.

Zhejiang Dahua Technology is one of several Chinese AI and surveillance companies that was barred from importing US technology over its purported role in targeting Uygurs, a predominantly Muslim minority in the country’s western Xinjiang region. Despite this, Dahua has been pushing to expand in the US this year, with a rebranding effort last month and a deal with Amazon in April.

One of the functions of the code seems to be AI recognition in video feeds, which includes recognising people and related attributes, according to software security engineer Serge Bazanski, also known as q3k, who made the discovery. Identifiable characteristics in the code include a section for ethnicity, with Uygur as the only ethnicity classified by name.

When asked about the code, Dahua denied that it was selling the ability to identify people by ethnicity.

“Dahua Technology does not sell products that feature [an] ethnicity-focused recognition function,” the company responded by email.

While the code may not have been sold, it was open source and freely available online as a software development kit (SDK). The software manual explains that the development kit is used to write software that can interact with Dahua’s surveillance products, including cameras.

“Usually when you write these SDKs you kind of set them in stone, and you don’t put things there accidentally or just in case,” Bazanski said.

Dahua's software development kit (SDK) code included a section for designating ethnicity (left) before being removed and reuploaded to the company website on Wednesday. Picture: Screenshots of Dahua SDK

After the findings were made public on Monday, the GitHub repository hosting the SDK code was removed on Tuesday. Dahua then took it down from its official website. The SDK files reappeared on the site Wednesday with the section for ethnic identification removed.

Two other cybersecurity researchers, Ran Locar and Victor Gevers, have independently confirmed with the Post that the software could allow for ethnic profiling based on features identified from facial recognition.

Gevers said that his research team found facial recognition systems with this functionality last year. The possibility of facial recognition being used to identify Uygurs has raised concerns among developers.

“If instead of ‘Uygur’ the code would have had references to ‘Jew’ or ‘Arab’ in the context of facial identification, everybody would have gone crazy by now,” Locar said.

Software development kits (SDK) in different coding languages were removed from Dahua’s official website after the discovery of code that appears to allow for the profiling of Uygurs. Picture: Zhejiang Dahua Technology

Hangzhou-based Dahua is not well-known in much of the world. But in China, it is the second-largest surveillance equipment maker. For Amazon, that made the company a top candidate for providing 1,500 heat-mapping cameras valued at US$10 million, according to a Reuters report in April. The cameras were meant to help monitor workers’ temperatures and prevent the spread of Covid-19.

The deal came despite Dahua’s placement on an entity list from the US Department of Commerce that restricts its ability to import products and technology from the US. The list does not preclude Dahua from selling its products to US companies.

Other Chinese companies have also wound up on the US Entity List for reasons related to their technology being used in the Xinjiang Uygur Autonomous Region.

The region has been subjected to heavy state surveillance targeting minorities in recent years. The Chinese government has been putting Uygurs in internment camps, with as many as a million detained by one 2018 estimate from the UN.

Critics accuse Beijing of trying to erase the culture of Uygurs and other Muslim minorities in the region with reports accusing authorities of torture and forced sterilisation. Beijing has repeatedly dismissed these claims, calling its facilities re-education camps and saying they are meant for job training and countering extremism.

“Skynet”, China’s massive video surveillance network

In October 2019, the US blacklisted multiple Chinese AI firms thought to be involved with “high-technology surveillance against Uygurs, Kazakhs, and other members of Muslim minority groups” in Xinjiang.

Hikvision, the world’s largest video surveillance manufacturer and Dahua’s biggest competitor, was the most high-profile company to make the list. At the same time, AI firms SenseTime, Megvii and Yitu were all put on the US Entity List and CloudWalk Technology was added in May.

In April 2019, a report from The New York Times identified each of these companies as offering features that allowed for identifying Uygurs. SenseTime and Megvii have denied ethnic profiling. Hikvision started phasing out minority recognition in 2018, the Times reported, citing people familiar with the matter.

Dahua is China’s second-largest surveillance equipment maker, behind Hikvision. Both companies have been blacklisted by the US. Photo: Xinhua

News of Dahua’s code comes at a sensitive time for the company, which has been seeing growth in North America. This led Dahua to rebrand its product lines in the region under the names WizSense and WizMind in October.

Amazon has already faced some criticism over its deal with Dahua because of the reasons that landed it on the US Entity List. With the new controversy, Dahua responded quickly by replacing the SDK files. The company, however, did not respond to additional inquiries about its code.

Bazanski said that a more detailed picture of the software would require further investigation. Some parts of the code that could still be considered sensitive remain in the new update. A designation for race that appears to be based on skin colour is still there. Many other less sensitive personal attributes, such as whether someone wears glasses and the colour of clothing, are also available.

Developers can pick which features they wish to implement, which means Dahua’s customers are not necessarily profiling Uygurs. However, a recent report from ChinaFile analysing a cache of procurement documents shows local governments have sought facial recognition systems that can determine a person’s ethnicity.

In addition to North America, Dahua’s products are also sold across Europe, Asia, Africa and South America. But its largest clients are likely in China.

Dahua has made deals with municipal governments throughout Xinjiang worth hundreds of millions of dollars, including for surveillance, policing and counterterrorism projects, according to publicly available data gathered by the Australian Strategic Policy Institute.

This article appeared in the South China Morning Post print edition as: Software ‘could have identified Uygurs’
Post