Data Security Takes Center Stage at Consumer Rights Gala
How well do companies in China protect your personal data? Perhaps even more poorly than you might imagine, consumer watchdogs suggest.
For its “315 Evening Gala” event Monday, which each year coincides with World Consumer Rights Day on March 15, state broadcaster China Central Television took aim at U.S. home manufacturing company Kohler, spyware apps that target the elderly, and several domestic recruitment platforms for a host of security-related issues.
Often, cases of companies ignominiously featured in the 315 Evening Gala attract responses from Chinese law enforcement. Previous broadcasts have targeted well-known brands such as Burger King and Vanke (2020), Volkswagen (2018), and Muji and Nike (2017).
In recent years, online privacy and personal information security have emerged as hot-button issues. From 2012 to 2019, CCTV’s 315 Evening Galas exposed 14 such cases. This year, several more were added to the list.
Who stole my face?
Kohler, others called out for installing facial-recognition cameras in their stores.
Surveillance cameras are ubiquitous in Chinese cities: You’d be hard-pressed to walk around Shanghai for five minutes and not spot one. Those equipped to detect faces can identify individual citizens from among the country’s 1.4 billion people in a matter of seconds. And these days, such technology is creeping from the public to the private sector.
Monday’s gala exposed how at least 20 businesses across the country, including U.S. home manufacturing company Kohler, have been using facial-recognition cameras to collect biometric information from their customers. According to the program, Kohler had installed facial-recognition cameras in thousands of its kitchen and bathroom showrooms to record information about the people who visited — including their gender and approximate age, as well as whether they were returning customers — without their knowledge or consent. The surveillance system’s manufacturer claims that its product can be used for “precision marketing.”
Kohler apologized Tuesday after the gala, saying its stores had been ordered to either remove the surveillance equipment overnight or shut it off until it could be removed.
There are more than 6,500 facial recognition companies operating in China, according to corporate database Tianyancha, and the proliferation of cameras hasn’t gone unnoticed by the public. A 2019 survey found that, while a majority of more than 6,000 respondents in China agreed that facial-recognition technology was convenient and beneficial for public safety, 80% were concerned about their personal information being leaked due to a lack of security.
In response to such fears, China’s first-ever civil code, which went into effect in January, said that biometric data, including facial scans, should be considered personal information, and as such should not be used for commercial purposes without the express permission of the party to which it belongs.
A black market for résumés
Users with paid memberships on top Chinese job-hunting sites have been downloading candidates’ CVs and selling them to data hoarders.
Out of work and in need of a spruced-up, if completely fraudulent, résumé? There’s a black market for that.
CCTV reported that several domestic recruitment sites including Zhaopin.com, Liepin.com, and 51job.com failed to control information leaks from paid users who were downloading large quantities of candidates’ CVs and illegally selling them to third parties.
During one segment that aired during the gala, a CCTV reporter joined a chat group on messaging app QQ and paid 7 yuan (just over $1) for the résumé of a job seeker on Zhaopin.com, getting access to the person’s gender, age, full name, photo, contact information, work history, education, and other personal information. Sellers can even tailor their products to a potential customer’s requirements — graduates of the prestigious Peking University, for example.
A follow-up police investigation confirmed key details of CCTV’s report, including that a large amount of personal information from résumés is continuously flowing into the domestic black market. Police have cracked a number of such cases in recent years, including one where they reportedly found a hard drive containing more than 7 million CVs.
Hours after the gala concluded, Zhaopin.com, Liepin.com, and 51job.com had all issued apologies and said they would strengthen oversight of how candidates’ personal documents are used by paid members. The problem could persist, however, as long as downloading such documents remains an option.
Seniors targeted with mobile malware
China’s elderly are especially susceptible to malicious apps that often do the very opposite of what they say.
The 315 Evening Gala featured a woman in her 70s surnamed Li who would frequently receive warning notifications — including “Virus!” and “Insufficient memory!” — while reading web novels or the news on her smartphone. She followed the warning pop-ups’ recommendations, clicking and installing things, only to receive even more of the annoying notifications. She also noticed her phone was slower.
CCTV’s reporters said such issues could be traced to malware apps with misleading names like “Memory Optimization Master” and “Mobile Housekeeper Pro.” Such apps hinge on convincing users — often older people — that their devices are infected with viruses or are vulnerable to data thieves, and in need of protection.
According to He Yanzhe, a network security official at the China Electronics Standardization Institute, many apps that masquerade as mobile optimization tools are actually busy harvesting and sending user data, such as people’s personal photos, in the background. To gain access, He added, the apps resort to blatantly deceptive marketing that some elderly mobile users may not be tech-savvy enough to see through.
Editor: David Paulk.
(Header image: People on an escalator at a shopping mall in Shanghai, May 2020. People Visual)