Smart cities are Designed to make life easier for its residents: better manage traffic by scanning roads, making sure that public transport works on time, and that cameras are kept in mind from the top.
But what happens when the data leaks? One database was open for several weeks to anyone looking inside.
Uncertain John Wythington Find the smart city database that can be accessed from a Web browser without a password. It passes the database details to TechCrunch in an attempt to obtain secure data.
The database was the Elasticsearch database, where you store gigabytes of data – including face recognition scans on hundreds of people over several months. The data was hosted by the Chinese technology giant Alibaba. The customer, who did not mention Alibaba, exploited the cloud platform artificial intelligence of the technology giant, Known as the brain city.
"This is a database project created by clients and hosted on Papa Cloud A spokesman for Ali Baba said. "Customers are always advised to protect their data by setting a secure password."
As a general cloud service provider, we do not have the right to access the content in our customer database. " The offline database was pulled out shortly after TechCrunch arrived in Alibaba.
But although Alibaba may not have a vision in the system, we did.
While the city's smart intelligence-based technology provides insight into how the city works, facial recognition and monitoring projects are available Come under extreme scrutiny Of the advocates of civil liberties. Despite privacy concerns, the smart city and surveillance systems are slowly making their way to other cities Both in China And abroad, Such as Kuala Lumpur, and Soon the West.
"It is not difficult to imagine the possibility of misuse if such a platform is presented to the United States without regulations or civil and government oversight," said Wetherington. "Although companies can not simply connect FBI data sets today, it will not be difficult for them to access other local or state criminal databases and start creating their own profiles on customers or liabilities."
We do not know the database leaked client, but its contents provide a rare look at how the smart city system works.
The system monitors the population around at least two small residential communities in eastern Beijing, the largest of which is Liangmaqiao, known as the city's embassy neighborhood. The system consists of several data collection points, including cameras designed to collect facial recognition data.
Exposed data contains enough information to determine where people are, when and how long, allowing anyone with access to data – including the police – to build a picture of a person's daily life.
Alibaba provides techniques such as City Brain to customers to understand data they collect from various sources, including license plate readers, door access controls, smart objects, Internet-connected devices, and face recognition.
Using the City Brain's massive background data, cameras can manipulate details of faces, such as whether a person's eyes or mouth are open, or wearing sunglasses, or a mask – common during periods of heavy smog – a person smiling or even a beard.
The database also contains the approximate age of the subject as well as an "attractive" grade, according to the database fields.
But the system's capabilities have a darker side, especially given China's complex politics.
The system also uses facial recognition systems to identify and distinguish ethnicities – such as "汉族" for Han Chinese, China's main ethnic group – and "维族" – or Uighur Muslims, an ethnic minority persecuted by Beijing.
Where races can help police identify suspects in an area even if they do not have a name that matches them, the data can be used for abuse.
The Chinese government detained more than a million Uighurs in concentration camps last year, according to United nations Commission on Human Rights. It is part of a large-scale campaign by Beijing on the ethnic minority. Just this week, details emerged An application that the police use to track Uighurs Muslims.
We have also found that the client system also pulls data from the police and uses this information to detect persons of interest or criminal suspects, suggesting that it may be a government agent.
Every time someone is discovered, the database will launch a "warning" with reference to the date, time, location, and corresponding note. Many of the records that TechCrunch has seen include the names of the suspects and their national ID number.
"Alert key employees by the Public Security Bureau:"[name] [location]"- 177 camera detects the individual (s) key," reads the translator's record, courtesy of Rita Liao from Techcrunch. (The designated security office is the Federal Police Department of China, Ministry of Public Security).
In other words, the record shows a camera at a certain stage that detects the face of a person whose information matches a police watch list.
Many records associated with a watch list may include reason, such as whether a person is recognized as "hooked" or "released from prison".
The system is also programmed to alert the client if there are problems controlling access to smoke alarms and equipment failure – such as when cameras are not connected to the Internet.
The client system also has the ability to monitor devices that support Wi-Fi, such as phones and computers, using sensors created by Renzixing for Chinese networking technology and placed all over the region. The database collects dates and times that pass through the radius of its wireless network. The fields in the Wi-Fi registration table indicate that the system can collect IMEI and IMSI numbers, which are used to uniquely identify a cellular user.
Although the smart city system of the client was a small scale with only a few dozen sensors, cameras and data collection points, the amount of data collected in a short time was amazing.
Last week alone, the size of the database has increased – suggesting that it is still actively collecting data.
"It is a very real threat to the privacy and security of everyone." "We have to look carefully at how this technology is misused by other countries and companies before allowing them to be deployed here," said Witherington.
It's hard to tell if facial recognition systems are such good or bad. There is no real line in the sand that separates good uses from bad uses. Face recognition systems and objects can detect criminals over the long term and detect weapons Before mass shooting. But some worry about the fallout that is watching every day – even hikers You do not get a free pass. The proliferation of these regimes remains a concern for the privacy of civil liberties groups.
But as these systems evolve and become more powerful and comprehensive, companies may be in a better position to make sure, first and foremost, that large data banks do not inadvertently leak.
Got information? You can send tips securely via Signal and WhatsApp to +1 646-755-8849. You can also send PGP email using fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.