UK officials, business tycoons and even tourists are being routinely placed on a Chinese police security watchlist, according to a leaked database seen by the Telegraph.
A former British Army officer and a director of a nuclear engineering company along with pilots, doctors and teachers feature on the database.
A Telegraph investigation has traced more than a hundred British citizens who travelled to Shanghai for business or leisure and whose details, including dates of birth and passport numbers, were put under state scrutiny. It also shows their points of entry and exit.
The snapshot of the database seen by this newspaper contains details of 150 UK citizens among international visitors. But it also has files on a further 7,600 Uyghur Muslims in Shanghai, who are blacklisted on the database as “terrorists” as well as crime data for alleged offences ranging from extortion and rape of underage girls to the illegal transportation of explosives.
MI5, Britain’s domestic intelligence service, has been passed the files and is investigating. The disclosure comes at a fraught time in the UK’s relationship with China. Last week, China imposed sanctions on nine UK citizens, including five MPs and two peers, in retaliation for measures taken against Beijing by the UK Government for human rights abuses against Uyghur Muslims.
Security analysts believe the database provides a snapshot of a huge data-gathering exercise by Chinese authorities in which foreigners and Uyghurs are lumped together as possible threats to national security.
The information was contained on servers inside the Public Security Bureau in Shanghai, which in turn reports to the centralised Ministry of Public Security in Beijing. The information seen by the Telegraph contains data on British visitors largely gleaned in a six-month period in 2018.
Internet 2.0, a cyber security consultancy that obtained the database and analysed its contents, said it had uncovered 1.1 million records, providing a “highly detailed window into the surveillance state of China”.
In its report, Internet 2.0 said: “The system gives us new insight into how China tracks dissidents, operates overlapping policing strategies which include both political and standard criminal mission sets, and seeks to exploit data on foreign entries and companies.”
Its authors added: “This dataset furthers our understanding of how China operates and conducts surveillance. Information contained within the system was more detailed than we have previously seen. The system draws on much larger systems which are significantly more advanced in both scope and scale than those operated in democratic states.”
While Britain maintains a security database on thousands of foreign terrorist suspects and serious criminals, it would not routinely hold material on innocent foreign visitors and residents.
It is unclear how the names on the Chinese list were selected to be uploaded onto the database or if it simply represents only a snapshot of all the data it contains.
It suggests China is harvesting the identities of every international visitor to cross its borders and passing that information on to its police and security forces and potentially its intelligence services. The list also includes the identities of several children, suggesting Chinese authorities may be storing data for generations to come.
British intelligence services would typically only add people to a “watch” list if they were suspected terrorists or accused of committing other serious crimes.
The Chinese database was obtained, according to Internet 2.0, through ‘open sources’ and insecure servers inside the Public Security Bureau in Shanghai.
Under scrutiny: UK officials, academics and tourists
The British names seen by the Telegraph include a number of senior figures in the British Chamber of Commerce operating in China.
One of Britain’s most senior female business leaders, Margaret Johnson OBE, who is chief executive of a worldwide marketing company with an office in Shanghai, is listed. The database includes teachers at international schools in China, an academic at a UK university, employees of the accountancy firms PwC and Ernst & Young and two pilots for Virgin Atlantic.
Virgin Atlantic told the Telegraph it takes “matters concerning the security and wellbeing of our people extremely seriously”.
Many on the database are involved in importing or exporting products in China, and some have connections to the energy industry. Stuart Kewell, an employee of BP, is named, alongside Mary Corrie, a Trustee Director of the Shell pension fund.
A director of the Fort Vale nuclear engineering company in Lancashire is listed after her trip to Shanghai in November 2018.
The data includes foreigners who have no apparent connection to China beyond short-term visits, including a woman, who runs a bar in Liverpool with her partner, and an office manager at Liverpool City Council who visited a friend in China in 2018.
A 55-year-old female tourist, whose passport was flagged in the snapshot of the database seen by The Telegraph was at the time working as a freelance Ofsted inspector of UK nurseries.
A former British Army officer, who visited China on a business trip in 2018, said he had taken security precautions before his trip but was still flagged on the database.
“I was concerned that my contacts would be taken at the airport, so I took a mobile phone with no contacts on there, understanding that the surveillance there is pretty active,” he said.
“I didn’t want to expose any of my former work contacts to scrutiny.”
“What worries me that is that I may have to return to China for work, and I wouldn’t want to jeopardise my ability to do so.”
But despite taking blank devices, the former officer said just “45 seconds on Google” would have revealed his work history to the Chinese authorities.
Steve Mathers, director of a UK manufacturing firm that operates in China, is listed on the database entering Shanghai in September 2018.
“I’m not aware of any reason why I’d be a risk to national security, either for Chinese or UK authorities,” he said.
“I’ve certainly never had any difficulties going through passport control in either region.
“I travel extensively around the world, and it’s never been an issue for me.”
The database includes identities of foreigners as well as evidence of facial and vehicle number plate recognition systems, according to the analysis by Internet 2.0. It also shows ‘target tracking’, where individuals thought to be a threat to Chinese security have been watched and followed.
“Those subject to technical surveillance and investigation within this system were overwhelmingly ethnic minorities and disproportionately Uyghur,” concluded Internet 2.0. Many were branded as ‘terrorists’.
‘A grotesque invasion of privacy’
The database held by Shanghai’s Public Security Bureau drew on information supplied from China’s immigration border inspection unit; its Ministry of Public Security crime data; and Shanghai’s company and employee registration system among others.
Internet 2.0 also found evidence of tracking of “companies, people and vehicles involved in the movement of drug precursors, explosives and volatile chemicals”. It also found a camera tracking system around Shanghai’s harbour that fed into the Public Security Bureau database.
“It shows a willingness to use the term ‘terrorist’ more broadly than operations in the west,” concluded Internet 2.0’s founders Robert Potter, an adviser to governments on cyber security, and David Robinson, a retired captain in Australian Army intelligence. Their report adds: “It also shows a willingness to merge significant amounts of parallel data into single systems as the surveillance state grows.”
The existence and extent of the database will cause further alarm among China’s critics. Sam Armstrong, spokesman for the Henry Jackson Society, which has highlighted concerns over China’s intelligence gathering, said: “For too long our political and business leaders have deluded themselves that China’s surveillance state and Uyghur persecution are distant problems. The fact that we now know innocent UK nationals are being caught up is not only a grotesque invasion of privacy but clear evidence that the UK needs to dramatically scale up the protection and advice for anyone involved with or visiting Communist China.”
A spokesman for the Chinese embassy in London declined to comment on the claim that foreign visitors were being placed on the Public Security Bureau database. The spokesman said: “Providing names, dates of birth, passport numbers and points of entry/exit when traveling to and in a foreign country is the common international practice. In China, this applies to both Chinese citizens and foreigners.”
The embassy referred the Telegraph to the relevant authorities in China for further comment on the PSB database. The Telegraph requested comments from the authorities in China but had had no response at the time of going to press.
The MPS: ‘A coercive arm of the Communist Party’
Just a few blocks from the Yellow River that slices through Shanghai is a sprawling stone building in one of the city’s oldest districts. A sign, emblazoned with the words “Public Security,” stretches across the entrance, Sophia Yan writes.
This is one of the thousands of stations in China that fall under the Ministry of Public Security – some housed in mammoth buildings and others in mobile van units – responsible for law and order.
Day-to-day, the MPS works to combat criminality in all its forms – homicide, theft, drugs, economic crime, counterterrorism. It also functions at the grassroots-level – conducting neighbourhood patrols, shooing away illegal street vendors, writing traffic tickets and ensuring social distancing compliance in restaurants.
But in China, the MPS – with two million officers and a widespread network of branches – does much more than a regular police force.
“The MPS – they aren’t just police,” said Samantha Hoffman, a senior analyst at the Australian Strategic Policy Institute, a think tank.
“They’re there to protect the party-state as well, and Xi Jinping has made that clear…. Ultimately, the MPS is loyal to the [Chinese Communist] Party, and must be loyal to the Party, just like any other part of the party-state.”
Above all, the MPS “is the coercive arm of the Communist Party,” said Edward Schwark, an academic who studies China’s security policy and PhD candidate at Oxford University. “It is tasked fundamentally with enforcing dictatorship over the Party’s enemies. That is how the MPS sees its core mission.”
In recent years, public security bureaus across China, like the one in Shanghai, have upgraded their technological capabilities to serve a multitude of purposes, collecting millions of data points on Chinese citizens, foreign residents, and visitors, such as businesspeople, tourists and exchange students.
Anyone entering China is tracked to a certain extent – upon landing, biometric data is collected, and their movements are recorded as people pass through checkpoints while on the go.
Further data comes in via high-tech surveillance, implemented by using scores of cameras, facial recognition technology, and GPS systems.
To a certain extent, data captured in this way is routine and can help the authorities, for instance, by improving traffic management and identifying potholes for repair. But experts say the same technology is also used to track and suppress individuals deemed a threat or a target to watch, like human rights dissidents and diplomats.
‘“This is the way the party approaches social management – it’s not coercive all the time, because it’s problem-solving as well,” said Ms Hoffman. “But it doesn’t mean that it’s one or the other; it’s always both.”
“The ultimate goal for the Party is really its own security,” she said. “Social management fits within that framework…[in terms of] preventing the emergence of a crisis at all.”
China’s security agencies, including the MPS, also have access to data and activity by users via social media platforms run by private, third-party companies, like Tencent’s ubiquitous WeChat platforms.
This allows Chinese authorities to find and reprimand people like late whistleblower Dr Li Wenliang, who warned colleagues of a novel coronavirus in late 2019 using WeChat.
It’s unclear how long such data is kept by an agency like the MPS and its web of bureaus – possibly indefinitely, experts said.
‘A digital authoritarian state’
What is clear is that China is working on how to make better sense of all the data being collected with artificial intelligence, and organising it in a more coherent way by integrating different platforms used.
In the long run, experts like Ms Hoffman say China is on track to create a digital authoritarian state with hardware and software that can be easily exported to other countries.
One of the reasons China’s police have been drawn toward the use of technology is partly related to how the ministry has organised and funded local bureaus, said Mr Schwarck.
The central government will foot part of the budgets of local public security bureaus, but much of the funding comes from lower levels of government, which often don’t have enough resources to spread around.
Technology “allows them to address, or circumvent some of the longstanding problems they’ve had with budgetary resources and manpower shortages, said Mr Schwarck. “These networks – surveillance platforms, CCTV cameras – offer a sort of coverage that a police force, just in manpower terms, wouldn’t be able to offer otherwise.”
“It’s like a force multiplier,” he said. If there aren’t “enough police on the beat, you don’t have enough resources to launch investigations, it’s handy to have this sort of system of network surveillance that gives you a ubiquitous view of what’s going on.”