China’s new national digital ID program is on about as fast of a rollout schedule as is possible, with a trial program spanning 81 commonly used apps initiated only a week after the government released draft regulations and initiated a public comment period. This has stoked existing privacy concerns, with critics contending that the plan will be used to tighten social controls and more readily conduct surveillance of citizens.
Questions have also been raised about what may happen if a citizen’s digital ID is revoked by the government. The concern is particularly acute for minority groups such as the Uyghurs, who have already had technology put to use against them to identify them in public and warn law enforcement officers of their presence.
Digital ID program adds facial biometrics to national ID card
China’s residents are not yet required to make use of the digital ID, but can voluntarily sign up by matching their existing national ID card to facial biometrics. In the testing phase, the digital ID can be used to sign up for and log in to popular apps such as WeChat and Taobao.
The government says that the digital ID plan is meant to rein in data collection (and potential abuse) by these assorted commercial apps. It is also part of the broader “RealDID” program that seeks to store individual identity records on the country’s government-run Blockchain-based Service Network (BSN). There are even more ambitious future plans for this program including verifying identities in the real world via personal phones and allowing for encrypted data transfers between individuals.
Privacy concerns were already stoked when the government released the draft provision in late July, but the situation has been exacerbated by the very swift movement to allowing for user signups and trialing the program across so many apps. The draft provision remains in an open public comment period until August 25.
The government paints the digital ID scheme as the ultimate form of data protection, eventually preventing even ISPs and other private interests that might be “leaky” from holding potentially damaging sensitive personal information on the country’s residents. But critics with privacy concerns believe the real aim is to further clamp down on expression and the free exchange of information online, eventually removing a means for people to post anonymously or without having their entire internet presence readily open to government inspection.
Privacy concerns grounded in recent actions
The government has pointed to a string of its own regulatory actions against both domestic and international firms as justifying the need for it to serve as intermediary of personal data, a pattern that now dates back several years and has involved the adoption of new and revised laws along the way. Public privacy concerns were raised by relatively lax enforcement of personal information handling prior to this decade, something that the central government has parlayed into a general crackdown on domestic companies in the name of national security interests.
Privacy concerns are not just based on the government’s established penchant for surveilling the populace, but also its own failures to secure the personal data it holds. One of the major examples is the mid-2022 breach of the Shanghai National Police (SHGA) that saw a hacker steal 23 terabytes of records that included millions of national IDs and phone numbers.
On top of the privacy concerns are worries that the government will use any centralized system to limit fundamental rights. An example that directly informs these concerns is the use of the national Covid-19 tracking app to “red flag” protesters in 2022, preventing them from traveling to a planned protest site. But the national government points to provincial officials going rogue in that particular case, and claims that the new data privacy law adopted in 2021 (PIPL) was also meant to apply to smaller and more regional government entities that have been caught abusing or being neglectful with citizen data.
Much of the concern about the digital ID program stems from the central government’s ongoing treatment of Ugyhurs living in the Xinjiang province. This has included surreptitious searches of phones for copies of the Quran and other Islamic religious materials, a sprawling web of over a thousand cameras with facial recognition technology dotting the province, and the use of the Integrated Joint Operations Platform (IJOP) app to automatically flag “persons of interest” based on reams of data fed to it. The incredibly broad range of data feeding IJOP’s algorithm includes the installation of encrypted messaging apps on personal phones, whether a person seems to avoid “normal” levels of socializing and opening their door to visitors, how much electricity they use and when and where they travel outside of the province. The central government claims that all of this is necessary due to the potential for terror attacks. Hardline separatist groups have conducted mass casualty attacks in the region, with a period of high activity from 2013 to 2015 that resulted in hundreds of total deaths. But actions in the region have since been criticized by human rights and activist groups as being arbitrary in application and overbearing, and in some cases based on a lack of any demonstrable evidence.