ChinAI #163: Prospects for a Chinese Facial Recognition Law?
Professor Weijun Liu posts on Caijing's Elaw Portal
Greetings from a world where…
magic and science collide in the world of Arcane
…As always, the searchable archive of all past issues is here. Please please subscribe here to support ChinAI under a Guardian/Wikipedia-style tipping model (everyone gets the same content but those who can pay support access for all AND compensation for awesome ChinAI contributors).
Feature Translation: Prospects for face data protection legislation
Context: Weijun Liu is a Professor at the People’s Public Security University of China (PPSUC). Founded in 1948, PPSUC not only trains people in criminology and policing but also develops technological applications for public security, in partnership with companies like Hikvision and many public security bureaus across the country. Liu published this thought-provoking piece in Caijing ELaw, a new(ish) independent content platform focused on internet governance under the umbrella of Caijing Magazine, a respected business platform known for publishing investigative, critical pieces.
Key Takeaways:
Why does China need a facial recognition law?
The Data Security Law (DSL), Personal Information Protection Law (PIPL), and other existing laws are plagued by “poor operability.” What’s their guidance for on-the-ground decisions like how to store sensitive facial data? Should it be encrypted? Should it be stored separately through physical isolation? “Obviously, the current, overly crude legislation can hardly answer these questions clearly,” states Liu.
Liu also articulates two additional, more complex reasons for a facial recognition law:
Liu gestures at the need to ensure existing efforts to protect privacy and data security will extend to government actors, not just commercial firms. Regarding the necessity of a facial recognition law, he writes: “For government departments that are responsible for the application of facial recognition technology, it is necessary to set procedural rules specifically for how facial recognition technology applications are developed for these departments to perform their duties, under the framework of the PIPL and other laws and regulations.”
Liu wants public security bureaus to get ahead of future controversies related to facial recognition. Here’s the most interesting passage, in my opinion, from the article: “It is conceivable that if the regulations are passed early, video surveillance in public spaces and the application of corresponding technologies can be regulated, and controversial issues such as separate lanes for facial recognition security checks in subways and the installation of facial recognition equipment in residential building elevators may not become the focal point of public opinion.” Liu’s rationale: the legislative environment and public discourse surrounding facial recognition have changed drastically since 2016, which was when the Ministry of Public Security last issued draft regulations for managing video image information systems.
What would a facial recognition law include? The general idea is to take legal principles in existing laws and transformed them into operational specifications for the use of facial recognition technology. Liu outlines a few planks:
Clearly stipulate scenarios where facial recognition is prohibited, including a whitelist/blacklist system for application scenarios. One line that caught my eye: “Without a legal basis, do not allow the use of facial information to carry out analysis activities on aspects such as emotions, psychological activities, and religious beliefs, etc.”
Establish a filing and annual evaluation system for facial recognition technology applications. Liu writes, “Face recognition technology application entities with a certain scale (based on the amount of face data processing or revenue scale, etc.) should undergo regular security assessments.”
Require processing of face data to be done locally (at the end terminal) and only allow transmission through public networks if it is for greater legal benefits. Delete collected or generated face data immediately after the face recognition function is complete.
Strengthen protections for the face information of special subjects. These include minors, as well as party and government leaders. For the latter group, as Liu writes, “the main purpose of protection is to prevent counterfeiting of faces and the use of face recognition technology for trajectory tracking.”
Let me close by saying 6 things that can be true at the same time:
This is only one article, and we should be careful about drawing bold conclusions.
Previous ChinAI issues (ChinAI #77) that featured outspoken voices against Chinese tech-enabled surveillance were early indicators of substantial backlash against facial recognition systems.
This is one piece of evidence that public backlash on facial recognition applications by private companies could also constrain Chinese government surveillance. There are boundaries between these two domains but they are still interconnected.
China’s party-state system will make it difficult for sustained checks on government power, and this piece does not directly address facial recognition-enabled ethnic profiling.
Even if you are very skeptical about any checks on China’s “digital authoritarianism,” you should at least be open to the possibility that debates like the ones unfolding in this article are taking place.
There are probably many articles like this one out there that will never be translated. I would wager that the vast majority of Western experts on China’s digital governance have never heard of Caijing Elaw (and neither did I until a couple weeks ago) — and it’s been around since January 2020.
A lot more interesting details in the FULL TRANSLATION: Focus on front-end governance — Prospects for face data protection legislation
ChinAI Links (Four to Forward)
Should-listen: Casey Johnston on Longform Podcast
Johnston is a journalist and editor who writes about working out and lifting weights. During her interview with Longform, this analogy really resonated with me:
I feel more comfortable lately with a sort of beloved-local-restaurant level of success. What's nice about Substack is that we've come to this place, that I hope lasts, where we can have this sort of local-restaurant relationship with writers, or I can have that with readers, where I don't have to be part of this big machine in order to do something that I really like.
I used to care a lot about how many people read ChinAI, but now I also feel really comfortable with a local-restaurant relationship with readers.1 No need to come every week, but do come back and try the new dishes every now and then. And tips (in the form of paid subscriptions) are always welcome!
Should-read: overlooked debate over data localization policies in China
Tom Nunlist, an analyst at Trivium, summarized a recent op-ed by a CAICT researcher arguing against restrictive data localization policies. Interestingly, he points out the deeper context that surround this op-ed: the bureaucratic infighting and internal debates over data localization that exist within the Chinese government.
Should-read: U.S. Companies Aid China’s Bid for Chip Dominance Despite Security Concerns
For The Wall Street Journal, Kate O’Keeffe, Heather Somerville, and Yang Jie report:
U.S. venture-capital firms, chip-industry giants and other private investors participated in 58 investment deals in China’s semiconductor industry from 2017 through 2020, more than double the number from the prior four years, according to an analysis of deals data by New York-based research firm Rhodium Group done at the Journal’s request.
Should-read: Public Debate on Facial Recognition Technologies in China
Tristan Brown, Alexander Statman, and Celine Sui published a cool case file in August 2021 for the MIT Case Studies in Social and Ethical Responsibilities of Computing:
China’s ascent on the global stage in the fields of artificial intelligence (AI) and facial recognition has been widely noted in Western-language scholarship and media. Much of the attention has focused on the applications of these technologies in government security systems and their geopolitical implications. Here, we seek to explore the private and domestic uses of facial recognition. What dynamics inform popular debates about the use and applications of these technologies in China, and how do they fit into a more global picture? We present a series of cases from the past three years in which facial recognition software attracted media attention in legal, commercial, and educational settings. Acknowledging that China is far too large and diverse for there to be just one dynamic at play, we propose that while debates about facial recognition have indeed become more common, there is still broad-based public support for uses that promise increased security or convenience. The state has been selectively receptive to limited critique, but typically in a manner that preserves its active role in shaping the contours of public discussion.
Thank you for reading and engaging.
These are Jeff Ding's (sometimes) weekly translations of Chinese-language musings on AI and related topics. Jeff is a postdoctoral fellow at Stanford's Center for International Security and Cooperation, sponsored by Stanford's Institute for Human-Centered Artificial Intelligence.
Check out the archive of all past issues here & please subscribe here to support ChinAI under a Guardian/Wikipedia-style tipping model (everyone gets the same content but those who can pay for a subscription will support access for all).
Any suggestions or feedback? Let me know at chinainewsletter@gmail.com or on Twitter at @jjding99
I recognize that I’m in a privileged position to do this as a side hustle.