Police seize on COVID-19 tech to develop international surveillance

Huizhong Wu China correspondent primarily based in Taiwan Huizhong_Wu By GARANCE BURKE, JOSEF FEDERMAN, HUIZHONG…

Huizhong Wu

China correspondent primarily based in Taiwan

Huizhong_Wu

By GARANCE BURKE, JOSEF FEDERMAN, HUIZHONG WU, KRUTIKA PATHI and ROD McGUIRK

December 21, 2022 GMT

JERUSALEM (AP) — Majd Ramlawi was serving espresso in Jerusalem’s Previous Metropolis when a chilling textual content message appeared on his cellphone.

“You will have been noticed as having participated in acts of violence within the Al-Aqsa Mosque,” it learn in Arabic. “We’ll maintain you accountable.”

Ramlawi, then 19, was amongst a whole lot of people that civil rights attorneys estimate bought the textual content final yr, on the peak of probably the most turbulent current durations within the Holy Land. Many, together with Ramlawi, say they solely lived or labored within the neighborhood, and had nothing to do with the unrest. What he didn’t know was that the scary inside safety company, the Shin Wager, was utilizing mass surveillance know-how mobilized for coronavirus contact tracing, in opposition to Israeli residents and residents for functions totally unrelated to COVID-19.

Within the pandemic’s bewildering early days, hundreds of thousands worldwide believed authorities officers who stated they wanted confidential knowledge for brand new tech instruments that might assist cease coronavirus’ unfold. In return, governments bought a firehose of people’ personal well being particulars, pictures that captured their facial measurements and their residence addresses.

Now, from Beijing to Jerusalem to Hyderabad, India, and Perth, Australia, The Related Press has discovered that authorities used these applied sciences and knowledge to halt journey for activists and abnormal folks, harass marginalized communities and hyperlink folks’s well being data to different surveillance and regulation enforcement instruments. In some circumstances, knowledge was shared with spy businesses. The problem has taken on recent urgency nearly three years into the pandemic as China’s ultra-strict zero-COVID insurance policies lately ignited the sharpest public rebuke of the nation’s authoritarian management because the pro-democracy protests in Tiananmen Sq. in 1989.

For greater than a yr, AP journalists interviewed sources and pored over 1000’s of paperwork to hint how applied sciences marketed to “flatten the curve” had been put to different makes use of. Simply because the steadiness between privateness and nationwide safety shifted after the Sept. 11 terrorist assaults, COVID-19 has given officers justification to embed monitoring instruments in society which have lasted lengthy after lockdowns.

“Any intervention that will increase state energy to observe people has a protracted tail and is a ratcheting system,” stated John Scott-Railton, a senior researcher on the Toronto-based web watchdog Citizen Lab. “When you get it, could be very unlikely it’ll ever go away.”

CODE RED

In China, the final main nation on the planet to implement strict COVID-19 lockdowns, residents have been required to put in cell-phone apps to maneuver about freely in most cities. Drawing from telecommunications knowledge and PCR check outcomes, the apps produce particular person QR codes that change from inexperienced to yellow or pink, relying on an individual’s well being standing.

The apps and lockdowns are a part of China’s sweeping pandemic prevention insurance policies which have pushed the general public to a breaking level. When an residence hearth in Urumqi final month left at the least 10 useless, many blamed zero-tolerance COVID insurance policies. That sparked demonstrations in main cities nationwide, the biggest show of defiance in many years, after which the federal government introduced it might solely test well being codes in “particular locations,” comparable to faculties, hospitals and nursing properties.

Final week, the federal government went additional, saying it might shut down a national-level well being code to ease journey between provinces. However cities and provinces have their very own codes, which have been extra dominant. In Beijing final week, eating places, places of work, inns and gymnasiums had been nonetheless requiring native codes for entry.

Over the previous few years, Chinese language residents have wanted a inexperienced code to board home flights or trains, and in some cities even to enter the grocery store or to get on a bus. In the event that they had been discovered to have been in shut contact with somebody who examined constructive for COVID-19, or if the federal government imposed an area quarantine, the code would flip pink, they usually had been caught at residence.

There’s proof that the well being codes have been used to stifle dissent.

______

This story, supported by the Pulitzer Middle on Disaster Reporting, is a part of an ongoing Related Press collection, “Tracked,” that investigates the ability and penalties of selections pushed by algorithms on folks’s on a regular basis lives.

_____

In early September, former wealth supervisor Yang Jiahao purchased a practice ticket to Beijing, the place he deliberate to lodge varied complaints with the central authorities. The evening earlier than, a girl he described as a handler invited him to dinner. Handlers are often employed by state safety as a part of “stability upkeep” operations and may require folks to fulfill or journey when authorities fear they may trigger hassle. Yang had a meal with the handler, and the subsequent morning Guangzhou well being authorities reported a COVID-19 case lower than a kilometer from the place they dined, he stated.

Based mostly on metropolis laws, Yang’s code ought to have turned yellow, requiring him to take a number of COVID checks to indicate he was unfavorable.

As a substitute, the app turned pink, regardless that checks confirmed that he didn’t have COVID. Yang was ordered to quarantine and a paper seal was positioned on his door.

“They’ll do no matter they need,” he stated.

An officer on the Huangcun station of the Guangzhou police referred remark to city-level authorities on Yang’s case, saying he required proof that the caller was from the AP. Guangzhou’s Public Safety Bureau and town’s Middle for Illness Management and Prevention didn’t reply to faxed requests for remark.

In one other present of how the apps can management lives, in June, a bunch of financial institution clients had been successfully corralled by the well being codes once they tried going to Henan’s provincial capital in Zhengzhou to protest being unable to entry their on-line financial institution accounts.

A discover stated the issue was attributable to a system improve. However the clients quickly discovered the actual cause: a police investigation into stockholders within the father or mother financial institution had rendered 40 billion yuan in funds inaccessible, in accordance with native media experiences. Annoyed after months of complaints, a bunch of shoppers determined to carry a protest in Zhengzhou on the provincial banking fee.

Buyer Xu Zhihao uploaded his itinerary to get the Henan province well being code after he examined unfavorable for COVID-19 in his coastal metropolis of Tianjin, simply south of Beijing. As he bought off the practice in Zhengzhou, Xu was requested to scan his QR code on the station, and instantly it turned pink. The practice station worker referred to as safety and took him to a police sales space.

Xu stated police took him to the basement to quarantine. Three different folks joined him, and all 4 realized that that they had come to get their a reimbursement.

“That they had set the web in place, ready for us,” Xu stated.

From a bunch chat, Xu and others realized that many protesters had met an identical destiny, on the high-speed rail practice station, on the airport and even on the freeway. A authorities inquiry later discovered that pink codes got to 1,317 folks, a lot of whom had deliberate to protest.

China’s Nationwide Well being Fee, which has led the COVID response, didn’t reply to a fax requesting remark. The Henan provincial authorities didn’t reply both.

Even after China ends lockdowns, some dissidents and human rights activists predict the local-level well being codes will keep on as a technological technique of social management. Early on, provinces didn’t share knowledge, however up to now few years, that has modified.

Some provincial governments have created native apps that may hyperlink well being, location and even credit score data, which leaves open the likelihood for these apps or the nationwide databases they draw from for use to observe folks sooner or later, in accordance with an AP assessment of procurement paperwork, analysis and interviews. Xu and Yang, as an illustration, had been each stopped of their tracks by native well being codes.

In February, police in northeastern Heilongjiang province sought to improve their native well being code so they may search PCR check outcomes for anybody in China, in actual time, in accordance with procurement paperwork offered completely by ChinaFile, a digital journal revealed by the Asia Society. An organization whose father or mother is government-owned gained the non-competitive bid to attach that app to a nationwide database of PCR knowledge run by the State Council, China’s Cupboard, fulfilling a nationwide directive, the paperwork present. The identical firm, Beijing Beiming Digital Expertise, additionally claims on its web site that it has developed greater than 30 pandemic apps.

“It’s the governance mannequin, the philosophy behind it’s to strengthen social management by know-how. It’s strengthened by the well being app, and it’s undoubtedly going to remain after COVID is over,” stated Yaqiu Wang, a senior researcher with Human Rights Watch. “I feel it’s very, very highly effective.”

“THERE ARE TWO SETS OF LAWS”

In Jerusalem’s Previous Metropolis, vacationers sipping recent pomegranate juice, worshippers and locals taking a shortcut residence are all monitored by Israeli safety forces holding automated weapons. The labyrinth of cavernous pathways can also be lined with CCTV cameras and what authorities have described as “superior applied sciences.”

After clashes in Might 2021 on the Al-Aqsa Mosque helped set off an 11-day conflict with Hamas militants within the Gaza Strip, Israel skilled a number of the worst violence in years. Police lobbed stun grenades into the disputed compound recognized to Jews because the Temple Mount, residence to Al-Aqsa, Islam’s third-holiest website, as Palestinian crowds holed up inside hurling stones and firebombs at them.

By that point, Israelis had turn out to be accustomed to police exhibiting up outdoors their properties to say they weren’t observing quarantine and knew that Israel’s Shin Wager safety company was repurposing cellphone surveillance know-how it had beforehand used to observe militants inside Palestinian territories. The observe made headlines at first of the pandemic when the Israeli authorities stated it might be deployed for COVID-19 contact tracing.

A yr later, the Shin Wager quietly started utilizing the identical know-how to ship threatening messages to Israel’s Arab residents and residents whom the company suspected of collaborating in violent clashes with police. Among the recipients, nevertheless, merely lived or labored within the space, or had been mere passers-by.

Ramlawi’s coffeeshop sits within the ornate Cotton Service provider’s Market outdoors the mosque compound, an space lined with police and safety cameras that probably would have recognized the barista had he participated in violence.

Though Ramlawi deleted the message and hasn’t acquired an identical one since, he stated the considered his cellphone getting used as a monitoring device nonetheless haunts him.

“It’s like the federal government is in your bag,” stated Ramlawi, who worries that surveillance enabled to cease COVID-19 poses a long-lasting menace for east Jerusalem residents. “While you transfer, the federal government is with you with this cellphone.”

The Shin Wager’s home use of the know-how has generated an uproar over privateness and civil liberties inside Israel, in addition to questions on its accuracy. The Ministry of Communications, which oversees Israel’s telecommunications corporations, refused a request searching for additional particulars submitted for the AP by the Motion for Freedom of Info, a nonprofit that ceaselessly works with media organizations.

Gil Gan-Mor, an legal professional with the nonprofit Affiliation for Civil Rights in Israel, estimates that a whole lot of Arabs in Jerusalem acquired the threatening message through the unrest and stated the mass textual content message blast was unprecedented.

“You can not simply say to folks, ‘We’re watching you … and we are going to get revenge,” he stated. “You can not use this device to frighten folks. You probably have one thing in opposition to somebody, you possibly can put them on trial.’”

After Gan-Mor’s group sued, Shin Wager made no apologies.

“There was a transparent safety must ship an pressing message to a really massive variety of folks, all of whom had a reputable suspicion of being concerned in performing violent crimes,” the company stated in a authorized submitting final yr. The submitting, signed by “Daniella B.,” the Shin Wager’s authorized adviser for the Jerusalem district, additionally acknowledged that “classes had been realized.”

In February, Israel’s legal professional common upheld the continued use of the know-how, saying it was a reliable safety device, whereas acknowledging glitches within the system and that messages had been distributed to a small variety of unintended targets. Israel’s Supreme Courtroom is now reviewing the matter.

Sami Abu Shehadeh, a former Arab lawmaker who served in Israel’s parliament on the time Shin Wager despatched its warning texts, stated the messages reveal the broader struggles of Israel’s 20% Arab minority.

“The state doesn’t take care of us as residents,” he stated. “There are two units of legal guidelines — one for Jews and one for Arabs.”

‘360 DEGREE SURVEILLANCE’

Applied sciences designed to fight COVID-19 had been redirected by regulation enforcement and intelligence companies in different democracies as governments expanded their digital arsenals amid the pandemic.

In India, facial recognition and synthetic intelligence know-how exploded after Prime Minister Narendra Modi’s right-wing Hindu nationalist Bharatiya Janata Occasion swept into energy in 2014, changing into a device for police to observe mass gatherings. The nation is searching for to construct what will probably be among the many world’s largest facial recognition networks.

Because the pandemic took maintain in early 2020, state and central governments tasked native police with implementing masks mandates. Fines of as much as $25, as a lot as 12 days’ pay for some laborers and unaffordable for the practically 230 million folks estimated to be dwelling in poverty in India, had been launched in some locations.

Within the south-central metropolis of Hyderabad, police began taking footage of individuals flaunting the masks mandate or just sporting masks haphazardly.

Police Commissioner C.V. Anand stated town has spent a whole lot of hundreds of thousands of {dollars} lately on patrol automobiles, CCTV cameras, facial recognition and geo-tracking purposes and several other hundred facial recognition cameras, amongst different applied sciences powered by algorithms or machine studying. Inside Hyderabad’s Command and Management Middle, officers confirmed an AP reporter how they run CCTV digital camera footage by facial recognition software program that scans pictures in opposition to a database of offenders.

“When (corporations) resolve to put money into a metropolis, they first have a look at the law-and-order state of affairs,” Anand stated, defending the usage of such instruments as completely needed. “Individuals listed below are conscious of what the applied sciences can do, and there may be healthful help for it.”

By Might 2020, the police chief of Telangana state tweeted about his division rolling out AI-based software program utilizing CCTV to zero-in on folks not sporting masks. The tweet included pictures of the software program overlaying coloured rectangles on the maskless faces of unsuspecting locals.

Greater than a yr later, police tweeted pictures of themselves utilizing hand-held tablets to scan folks’s faces utilizing facial recognition software program, in accordance with a put up from the official Twitter deal with of the station home officer within the Amberpet neighborhood.

Police stated the tablets, which may take abnormal pictures or hyperlink them to a facial recognition database of criminals, had been a helpful approach for officers to catch and advantageous masks offenders.

“After they see somebody not sporting a masks, they go as much as them, take a photograph on their pill, take down their particulars like cellphone quantity and identify,” stated B Guru Naidu, an inspector in Hyderabad’s South Zone.

Officers resolve who they deem suspicious, stoking fears amongst privateness advocates, some Muslims and members of Hyderabad’s lower-caste communities.

“If the patrolling officers suspect any particular person, they take their fingerprints or scan their face – the app on the pill will then test these for any previous prison antecedents,” Naidu stated.

S Q Masood, a social activist who has led authorities transparency campaigns in Hyderabad, sees extra at stake. Masood and his father-in-law had been seemingly stopped at random by police in Shahran market, a predominantly Muslim space, throughout a COVID-19 surge final yr. Masood stated officers instructed him to take away his masks so they may {photograph} him with a pill.

“I instructed them I gained’t take away my masks. They then requested me why not, and I instructed them I can’t take away my masks.” He stated they photographed him with it in place. Again residence, Masood went from bewildered to anxious: The place and the way was this photograph for use? Wouldn’t it be added to the police’s facial recognition database?

Now he’s suing within the Telangana Excessive Courtroom to seek out out why his photograph was taken and to restrict the widespread use of facial recognition. His case might set the tone for India’s rising ambition to mix rising know-how with regulation enforcement on the planet’s largest democracy, consultants stated.

India lacks an information safety regulation and even present proposals gained’t regulate surveillance applied sciences in the event that they turn out to be regulation, stated Apar Gupta, govt director of the New Delhi-based Web Freedom Basis, which helps to symbolize Masood.

Police responded to Masood’s lawsuit and denied utilizing facial recognition in his case, saying that his {photograph} was not scanned in opposition to any database and that facial recognition is simply used through the investigation of against the law or suspected crime, when it may be run in opposition to CCTV footage.

In two separate AP interviews, native police demonstrated each how the TSCOP app carried by police on the road can evaluate an individual’s {photograph} to a facial recognition database of criminals, and the way from the Command and Management Middle police can use facial recognition evaluation to check saved mugshots of criminals to video gathered from CCTV cameras.

Masood’s legal professionals are engaged on a response and awaiting a listening to date.

Privateness advocates in India consider that such stepped-up actions underneath the pandemic might allow what they name 360 diploma surveillance, underneath which issues like housing, welfare, well being and different kinds of knowledge are all linked collectively to create a profile.

“Surveillance in the present day is being posed as a technological panacea to massive social issues in India, which has introduced us very near China,” Gupta stated. “There isn’t any regulation. There aren’t any safeguards. And that is common objective deployment of mass surveillance.”

‘THE NEW NORMAL’

What use will finally be manufactured from the information collected and instruments developed through the peak of the pandemic stays an open query. However current makes use of in Australia and the USA could provide a glimpse.

Throughout two years of strict border controls, Australia’s conservative former Prime Minister Scott Morrison took the extraordinary step of appointing himself minister of 5 departments, together with the Division of Well being. Authorities launched each nationwide and state-level apps to inform folks once they had been within the neighborhood of somebody who examined constructive for the virus.

However the apps had been additionally utilized in different methods. Australia’s intelligence businesses had been caught “by the way” amassing knowledge from the nationwide COVIDSafe app. Information of the breach surfaced in a November 2020 report by the Inspector-Normal of Intelligence and Safety, which stated there was no proof that the information was decrypted, accessed or used. The nationwide app was canceled in August by a brand new administration as a waste of cash: it had recognized solely two constructive COVID-19 circumstances that wouldn’t have been discovered in any other case.

On the native degree, folks used apps to faucet their telephones in opposition to a website’s QR code, logging their particular person ID in order that if a COVID-19 outbreak occurred, they might be contacted. The information typically was used for different functions. Australian regulation enforcement co-opted the state-level QR check-in knowledge as a type of digital dragnet to analyze crimes.

After biker gang boss Nick Martin was shot and killed at a speedway in Perth, police accessed QR code check-in knowledge from the well being apps of two,439 drag racing followers who attended the December 2020 race. It included names, cellphone numbers and arrival occasions.

Police accessed the data regardless of Western Australia Premier Mark McGowan’s promise on Fb that the COVID-related knowledge would solely be accessible to contact-tracing personnel on the Division of Well being. The homicide was ultimately solved utilizing totally conventional policing techniques, together with footprint matching, cellphone monitoring and finally a confession.

Western Australia police didn’t reply to requests for remark. Queensland and Victoria regulation enforcement additionally sought the general public’s QR check-in knowledge in reference to investigations. Police in each states didn’t deal with AP questions relating to why they sought the information, and lawmakers in Queensland and Victoria have since tightened the principles on police entry to QR check-in data.

Within the U.S., which relied on a hodge-podge of state and native quarantine orders to make sure compliance with COVID guidelines, the federal authorities took the chance to construct out its surveillance toolkit, together with two contracts in 2020 price $24.9 million to the information mining and surveillance firm Palantir Applied sciences Inc. to help the U.S. Division of Well being and Human Companies’ pandemic response. Paperwork obtained by the immigrant rights group Simply Futures Legislation underneath the Freedom of Info Act and shared with the AP confirmed that federal officers contemplated the way to share knowledge that went far past COVID-19.

The probabilities included integrating “identifiable affected person knowledge,” comparable to psychological well being, substance use and behavioral well being data from group properties, shelters, jails, detox services and faculties. The U.S. Facilities for Illness Management doesn’t use any of that individual-level data within the platform CDC now manages, stated Kevin Griffis, a division spokesman. Griffis stated he couldn’t touch upon discussions that occurred underneath the earlier administration.

The protocols appeared to lack data safeguards or utilization restrictions, stated Paromita Shah, Simply Futures Legislation’s govt director.

“What the pandemic did was blow up an business of mass assortment of biometric and biographical knowledge,” Shah stated. “So, few issues had been off the desk.”

Final yr, the U.S. Facilities for Illness Management bought detailed cellphone location knowledge revealing folks’s day by day whereabouts, nationwide. “Mobility insights” knowledge from at the least 20 million gadgets might be used to “challenge how a lot worse issues would have been with out the bans,” comparable to stay-at-home orders and enterprise closures, in accordance with a July 2021 contract obtained by the nonprofit group Tech Inquiry and shared with the AP.

The contract reveals knowledge dealer Cuebiq offered a “system ID,” which generally ties data to particular person cell telephones. The CDC additionally might use the data to look at the impact of closing borders, an emergency measure ordered by the Trump administration and continued by President Joe Biden, regardless of prime scientists’ objections that there was no proof the motion would gradual the coronavirus.

CDC spokeswoman Kristen Nordlund stated the company acquired aggregated, nameless knowledge with in depth privateness protections for public well being analysis, however didn’t deal with questions on whether or not the company was nonetheless utilizing the information. The CDC might nonetheless entry combination, county-level cell phone knowledge by October, a number of months after its contract ended, Cuebiq spokesman Invoice Daddi stated on Tuesday. He added that earlier than then, the CDC additionally might have analyzed privacy-protected particular person cell phone knowledge, however selected to not.

For Scott-Railton, that units a harmful precedent.

“What COVID did was speed up state use of those instruments and that knowledge and normalize it, so it match a story about there being a public profit,” he stated. “Now the query is, are we going to be able to having a reckoning round the usage of this knowledge, or is that this the brand new regular?”

___

Former AP video journalist Rishabh R. Jain contributed to this report from Hyderabad, India. AP staffers Lori Hinnant contributed from Paris; María Verza from Mexico Metropolis; Astrid Suárez from Bogotá, Colombia; Edna Tarigan from Jakarta, Indonesia; Tong-hyung Kim from Seoul, South Korea; and Eileen Ng from Singapore. Daria Litvinova and retired Related Press Afghanistan and Pakistan Bureau Chief Kathy Gannon additionally contributed. Deputy Editor of The Mail & Guardian Athandiwe Saba assisted from Johannesburg. Burke reported from San Francisco; Federman from Jerusalem; McGuirk from Canberra, Australia; Pathi from Hyderabad, India; and Wu from Taipei, Taiwan.

___

This reporting was produced in collaboration with researcher Avani Yadav with help from the Human Rights Middle Investigations Lab on the College of California, Berkeley. It was partially supported by the Starling Lab for Digital Integrity, co-founded by the College of Southern California and Stanford College, the place Burke was a journalism fellow.

___

Comply with Garance Burke on Twitter at @garanceburke. Contact AP’s international investigative workforce at Investigative@ap.org or https://www.ap.org/ideas/