China data leak exposes mass surveillance in Xinjiang

A Chinese technology firm has compiled a range of personal information on 2.6 million people in Xinjiang -- from their ethnicity to locations -- according to a data leak highlighting the wide extent of surveillance in the restive region. Xinjiang is home to most of China’s Uighur ethnic minority lives and has been under heavy police surveillance in recent years after violent inter-ethnic tensions.

Nearly one million Uighurs and other Turkic language-speaking minorities in Xinjiang are reportedly held in re-education camps, according to a UN panel of experts. The leak was discovered last week by security researcher Victor Gevers, who found that Chinese tech company SenseNets had stored the records of individuals in an open database “fully accessible to anyone”. The records included information such as their Chinese ID number, birthday, address, ethnicity, and employer.

The exposed data also linked individuals to GPS coordinates -- labelled with descriptions such as “mosque” -- captured by tracking devices around the region. Within a 24-hour period, more than six million locations were saved by SenseNets’ tracking devices, according to Gevers, who works at Dutch online security non-profit GDI Foundation and posted his findings on Twitter.

“You can clearly see they have absolutely no clue about network security,” he told AFP, describing SenseNets’ IT skills as belonging “to the early 90s”.