The Chinese administration’s large-scale database management has enabled the leakage of personal information, and is being attacked by party officials like “boomerangs.”
News Analysis
After a 13-year-old girl caused an internet storm by publishing and identifying information about a public figure or without permission about a public figure, a sweeping collection of private data from the Chinese Communist regime has reentered the public debate.
The incident first attracted attention last month when the girl was suspected of her father, Xie Guangjun, Baidu’s vice president, Xie Guangjun, retrieved data from a technology conglomerate dominating China’s search engine market. Baidu is also a Chinese equivalent to Wikipedia and is a major player in other fields such as video streaming, cloud computing, artificial intelligence, and more. “Open box” means that when someone’s information is there it is like Pandora’s box being opened.
Following an internal investigation, Baidu said the girl retrieved information from overseas social engineering databases, not from her father or company, via a messaging app with a name that began with “T.”
Several Chinese media reports that civil servants, including police, are involved in the data black market, which is primarily operated on telegram messaging apps.
Chinese experts and opposition told the Epoch Times that the administration’s obsession with data collection has enabled it to leak citizens’ personal information and the double-edged sword of the Chinese Communist Party (CCP).
Related Stories
This recent famous “open box” incident also occurred against the backdrop of the intense idolatry subculture amongst Chinese youth.
On March 12, Chinese fans of the K-Pop singer launched an abuse campaign against pregnant women over comments about the pop star. The woman’s personal information was made public online, resulting in her family being harassed online. Several others who supported the women were doxxed the following day as well.
On March 16, internet users discovered that the Canadian-based account owner “opens the box” appeared to be Xie’s daughter. The revelation raised concerns that anyone’s personal information could be revealed as the tech giant executives wish.
Xie confirmed on March 17th via the social media app WeChat that his teenage daughter had released personal information obtained from “overseas social media websites.” Xie apologised for not educating her daughter.
Baidu has issued a March 19th statement on Weibo. An internal audit confirmed that Xie had no access to identifiable user data and that no abnormal activity was found in his logs. The company highlighted that there are no employees with access to identifiable user data and that the girl retrieved data from a social engineering database overseas via the “T” app.
The Epoch Times contacted Baidu for further comment but did not receive a response at the time of publication.
Epoch Times conducted Google searches using keywords translated into “open boxes” and “social engineering databases” and found multiple links to telegram channels that sell information about Chinese citizens. Some channels also say they have information about Taiwanese citizens.
The telegram channel checked by Epoch Time had tens of thousands of monthly users. The range of personal information provided varies, but can include records such as your individual’s national ID card number, name, residential address, email address, social media account, device number, and hotel stay and purchase history.
In a statement to the Epoch Times on Friday, Telegram spokesman Remi Vaughn said Doxing is expressly prohibited by Telegram’s terms of service and will be removed by moderators whenever they are found.
“Moderators who accept user reports to actively monitor the public parts of the platform and remove millions of harmful content each day,” Vaughn said.
“Insider” leak information
After the incident, Metropolis, a southern Chinese tabloid, said on March 19 that journalists could purchase accurate information from colleagues, including 300 yuan (about $41) old dorms and addresses in their current home. Journalists were told that 80% of the fees were “making screenshots from the police database,” the report said.
The report added that another data bootlegger charged the same amount and boasted that he was working with the police to access real-time information and split the profits.
According to an article published in December 2023 by the state-managed China Youth Daily, database operators relied heavily on “insider” partners in sectors and industries in a variety of states, ranging from banks to hospitality services.
Zhong Shan, a US-based telecommunications engineer, said it is clear that Chinese administration cyber police, which has access to a vast amount of personal data, is involved in the black market.
Zhong told the Epoch Times that the value of China’s databases became invaluable during the Covid-19 pandemic when the administration consolidated all databases about personal IDs, phone numbers, financial and bioinformation. Social media platform users should also check their identity.
“Previously (the Covid-19 pandemic), there was previously insulation between various data. The Ministry of Public Safety (MPS) had no control over data of such a magnitude. Since then, the MPS, particularly its cyberpolizing arm, has managed a huge amount of data about citizens,” he said. “Anyone with the data would want to sell it.”
He said it is virtually impossible to close the black market due to high demand for data from lenders, marriage, financial or business disputes.
U.S.-based Chinese human rights lawyer Wu Khoping said the level of detail in leaked information indicates that the administration’s insiders are involved in selling the data.
Totalitarian regimes have personal information from all citizens, and lawmakers are “the largest owner and controller of personal data,” he told the Epoch Times.
In addition to insiders, China’s centralized database also shows vulnerability to hacking.
Boomerang effect
The CCP uses big data to monitor and control citizens, but its data collection is also used by opposition parties to publish information about officials accused of human rights violations.
“Most of them are CCP members, most of whom work in China’s policing and judicial systems,” he told the Epoch Times, adding that the system is the epicenter of CCP’s “wicked conduct.”
Lynn said the purpose of the database was to create oversight of officials and hold them accountable for human rights violations. If a human rights violation is stopped, the individual will be removed from the database.
Zhong described CCP data collection as Boomerang, saying that the CCP is an “open box” for identifying and arresting citizens, and the data is currently being used to identify officials as well.
Yi Ru contributed to this report.
