Equipment supplied by American businesses remains vital to the operation of China’s nationwide surveillance and censorship apparatus, according to a report analyzing the companies and the technology involved.
In recent years, China has worked to massively upgrade its ability to monitor and control its citizens, rolling out sophisticated facial-recognition and tracking tools, and upgrading the Great Firewall to more closely limit what can be shared and discussed online.
While many of the companies leading this charge are domestic, researchers found that software and equipment supplied by U.S. companies are still playing a major role. This is occurring even as pressure is growing on American businesses to scrutinize their ties with China, particularly the western region of Xinjiang, where authorities have been accused of interning more than a million Uyghurs and other ethnic minorities.
“You would have expected some scaling back, but there is still a large variety of products being shipped to Chinese security bureaus,” said Valentin Weber, a cybersecurity researcher at Oxford University. “It’s quite stunning.”
He co-authored the report, published Tuesday, with Vasilis Ververis, a researcher at the Humboldt University of Berlin. It was funded by a Digital Rights Research Grant from Top10VPN, a British-based company that focuses on internet privacy and anti-censorship tools. The report did not focus on Canadian or other non-U.S. tech companies.
Drawing on publicly available government tenders and bidding records, the pair found that technology from U.S. companies is being used by public-security bureaus across China – including in Xinjiang – to power facial recognition, big data processing, and internet surveillance and monitoring, often in conjunction with equipment from Huawei, Hikvision and other Chinese surveillance companies.
While in recent years there has been a “drive for technological decoupling from China, both for geopolitical but also human-rights reasons,” Mr. Weber and Mr. Ververis write, “technology made by seven American companies, including IBM, Microsoft and Oracle, continues to facilitate China’s surveillance state.”
Oracle, which is also referenced in the report, did not respond to a request for comment. A spokesperson for Microsoft said the company has “put in place a robust set of policies intended to safeguard against the misuse of our technology, including refusing to deploy technologies like facial recognition in ways that may put people’s safety or human rights at risk.”
IBM responded with an e-mailed statement that said it opposes and “will not condone any use of technology for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose that conflicts with our values and principles. We enforce rigorous processes across our global operations to protect against direct or third party business engagements that may run counter to these commitments.
“As a company focused on operating responsibly, IBM continually reviews and strengthens our screening processes based on global best practices and evolving circumstances worldwide.”
After revelations that potentially millions of Uyghurs and other ethnic minorities had been detained in what China calls “vocational training camps” in Xinjiang, the U.S., Canada and the European Union have imposed sanctions on various officials and entities connected to the crackdown there. President Joe Biden’s administration has described the repression as a “genocide.”
Lawmakers across the political spectrum in Washington have also ramped up pressure on U.S. companies doing business in China, even if they are not necessarily in contravention of recent sanctions.
During a congressional hearing in May, Representative Chris Smith questioned how sponsors of the Beijing 2022 Olympics could reconcile their “ostensible commitment to human rights” with evidence that the host country is “actively committing human-rights abuses, up to and including genocide.”
In an open letter to the National Basketball Association the following month, the chairs of the Congressional-Executive Commission on China urged players to cut ties with equipment makers who are alleged to rely on forced labour from Xinjiang in their supply chain.
Mr. Weber called for similar scrutiny to ensure that technology products are not used to aid continuing crackdowns or curtail civil liberties in China. In the past, U.S. lawmakers criticized companies such as Google and Microsoft for complying with Beijing’s censorship directives, though the footprint of many companies has been reduced as Chinese authorities have pushed for greater technological independence, particularly in the security sphere.
That products from IBM, Cisco and others remain widely used by public-security bureaus shows how vital they are to the operation of many surveillance systems, Mr. Weber said, and throws into question how much work U.S. companies do to ensure that their products aren’t facilitating repression.
“What is their due diligence in China? Do they have a policy of engaging with third-party contractors that sell to the government?” he said. “Maybe with this report they will actually wake up to this.”
A representative of one of the companies mentioned in the report argued that Mr. Weber’s findings only showed commercial or “off-the-shelf” usage in many cases – such as buying widely available software or products – and no active partnering with Chinese security services. The Globe and Mail is not identifying the individual because they were not authorized to comment publicly on the matter.
The Microsoft spokesperson said that partners are required to abide by the company’s human-rights policies, “and we investigate and enforce violations up to ending the relationship.”
This is not the first time American technology companies have been accused of ignoring how their products are used in China.
“We do not customize our products in a manner that harms human rights,” Cisco said in a statement late Monday. “Our policy is that we sell for lawful uses and that we build to global standards.”
Cisco, which provided much of the core technology that powered the early versions of the Great Firewall, was sued in 2011 for allegedly working with Chinese authorities to help track and monitor Falun Gong practitioners, resulting in their arrest. Cisco has denied the accusations and the case is still continuing.
In April this year, online investigative news outlet The Intercept reported, citing internal documents, that Austin-based computer giant Oracle had sold sophisticated analytics software to Chinese security services and worked with resellers to “funnel Oracle technology to the police and military in China.”
In a statement, an Oracle executive denied the story, writing that it was “the only U.S. technology company that has steadily reduced its footprint in China, while all other U.S. technology companies have rushed into China with cloud technology and cutting-edge artificial intelligence.”
Do you have information on how foreign technology is used by the Chinese security state? Have you worked with a company you feel fails to do its due diligence on China? Contact the author of this story, James Griffiths, via Signal on +1 (858) 434-8850, or send documents via The Globe and Mail’s SecureDrop service.
James Griffiths is The Globe and Mail’s Asia Correspondent, based in Hong Kong. He is the author of The Great Firewall of China: How to Build and Control an Alternative Version of the Internet