Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

In less than two weeks, two major reports have been published that contain leaked Chinese government documents about the persecution of Uighurs and other Muslim minorities in China. Details include the extent to which technology enables mass surveillance, making it possible to track the daily lives of people at unprecedented scale.

The first was a New York Times article that examined more than 400 pages of leaked documents detailing how government leaders, including President Xi Jinping, developed and enforced policies against Uighurs. The latest comes from the International Consortium of Investigative Journalists, an independent non-profit, and reports on more than 24 pages of documents that show how the government is using new technologies to engage in mass surveillance and identify groups for arrest and detainment in Xinjiang region camps that may now hold as many as a million Uighurs, Kazakhs and other minorities, including people who hold foreign citizenship.

These reports are significant because leaks of this magnitude from within the Communist Party of China are rare and they validate reports from former prisoners and the work of researchers and journalists who have been monitoring the persecution of the Uighurs, an ethnic group with more than 10 million people in China.

As ICIJ reporter Bethany Allen-Ebrahimian writes, the classifed documents, verified by independent experts and linguists, “demonstrates the power of technology to help drive industrial-scale human rights abuses.” Furthermore, they also force members of targeted groups in Xinjiang region to live in “a perpetual state of terror.”

The documents obtained by the ICIJ detail how the Integrated Joint Operations Platform (IJOP), an AI-based policing platform, is used by the police and other authorities to collect personal data, along with data from facial-recognition cameras and other surveillance tools, which is then fed into an algorithm to identify entire categories of Xinjiang residents for detention. The Human Rights Watch began reporting on the IJOP’s police app in early 2018 and the ICIJ report shows how powerful the platform has become.

The Human Rights Watch reverse-engineered the IJOP app used by police and found that it prompts them to enter a wide range of personal information about people they interrogate, including height, blood type, license plate numbers, education level, profession, recent travel and even household electric-meter readings, data which is then used by an algorithm that determines which groups of people should be viewed as “suspect.”

The documents also say that the Chinese government ordered security officials in Xinjiang to monitor users of Zapya, which has about 1.8 million users, for ties to terrorist organizations. Launched in 2012, the app was created by DewMobile, a Beijing-based startup that has received funding from InnoSpring Silicon Valley, Silicon Valley Bank and Tsinghua University and is meant to give people a way to download the Quran and send messages and files to other users without being connected to the Web.

According to the ICIJ, the documents show that since at least July 2016, Chinese authorities have been monitoring the app on some Uighurs’ phone in order to flag users for investigation. DewMobile did not respond to ICIJ’s repeated requests for comments. Uighurs who hold foreign citizenship or live abroad are not free from surveillance, with directives in the leaked documents ordering them to be monitored as well.

Allen-Ebrahimian describes the “grinding psychological effects of living under such a system,” which Samantha Hoffman, an analyst at the Australian Strategic Policy Institute, says is deliberate: “That’s how state terror works. Part of the fear that this instills is that you don’t know when you’re not OK.”

The reports by the New York Times and the ICIJ are important because they counter the Xi administration’s insistence that the detention camps are “vocational educational and training centers” meant to prevent extremist violence and help minority groups integrate into mainstream Chinese society, even though many experts now describe the persecution and imprisonment of Uighurs as cultural genocide. Former inmates have also reported torture, beatings and sexual violence including rape and forced abortions.

But the Chinese government continues to push its narrative, even as evidence against it grows. The Chinese embassy in the United Kingdom told the Guardian, an ICIJ partner organization, that the leaked documents “pure fabrication and fake news” and insisted that “the preventative measures have nothing to do with the eradication of religious groups.” (The Guardian published the embassy’s response here.)

In October, the United States placed eight companies, including SenseTime and Megvii, on a trade blacklist for the role the Commerce Department says their technology has played in China’s campaign against Uighurs, Kazakhs and other Muslim minority groups. But the  documents published by the New York Times and ICIJ show how deeply entrenched the Chinese government’s surveillance technology has become in the daily life of Xinjiang residents and underscores how imperative it is for the world to pay attention to the atrocities being carried out against minority groups there.


TechCrunch

The UK’s Information Commissioner is starting off the week with a GDPR bang: this morning, it announced that it has fined British Airways and its parent International Airlines Group (IAG) £183.39 million ($ 230 million) in connection with a data breach that took place last year that affected a whopping 500,000 customers browsing and booking tickets online. In an investigation, the ICO said that it found “that a variety of information was compromised by poor security arrangements at [BA], including log in, payment card, and travel booking details as well name and address information.”

The fine — 1.5% of BA’s total revenues for the year that ended December 31, 2018 — is the highest-ever that the ICO has levelled at a company over a data breach (previous “record holder” Facebook was fined a mere £500,000 last year by comparison).

And it is significant for another reason: it shows that data breaches can be not just just a public relations liability, destroying consumer trust in the organization, but a financial liability, too. IAG is currently seeing volatile trading in London, with shares down 1.5% at the moment.

In a statement to the market, the two leaders of IAG defended the company and said that its own investigations found that no evidence of fraudulent activity was found on accounts linked to the theft (although as you may know, data from breaches may not always be used in the place where it’s been stolen).

“We are surprised and disappointed in this initial finding from the ICO,” said Alex Cruz, British Airways chairman and chief executive. “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”

Willie Walsh, International Airlines Group chief executive, added in his own comment that “British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”

The degree to which companies are going to be held accountable for these kinds of breaches is going to be a lot more transparent going forward: the ICO’s announcement is part of a new directive to disclose the details of its fines and investigations to the public.

“People’s personal data is just that – personal,” said Information Commissioner Elizabeth Denham in a statement. “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The ICO said in a statement this morning that the fine is related to infringements of the General Data Protection Regulation (GDPR), which went into effect last year prior to the breach. More specifically, the incident involved malware on BA.com that diverted user traffic to a fraudulent site, where customer details were subsequently harvested by the malicious hackers.

BA notified the ICO of the incident in September, but the breach was believed to have first started in June. Since then, the ICO said that British Airways “has cooperated with the ICO investigation and has made improvements to its security arrangements since these events came to light.” But it should be pointed out that even before this breach, there were other examples of the company treating data protection lightly. (Now, it seems BA has learned its lesson the hard way.)

From the statement issued by IAG today, it sounds like BA will choose to try to appeal the fine and overall ruling.

While there are a lot of question marks over how the UK will interface with the rest of Europe over regulatory cases such as this one after it leaves the EU, for now it’s working in concert with the bigger group.

The ICO says it has been “lead supervisory authority on behalf of other EU Member State data protection authorities” in this case, liaising with other regulators in the process. This also means that these authorities where its residents were also affected by the breach will also have a chance to provide input on the ruling before it is completely final.


TechCrunch

Created by R the Company. Powered by SiteMuze.