The Chinese Communist authorities, in order to control the people, have reached an obsessive level in obtaining and controlling all personal information and data, from previous personal files and ideological reports to now personal identity, property, biological information, etc. However, data is like a double-edged sword, and the act of “opening the box” is like a boomerang striking back at the Communist Party.
Since the incident of the daughter of Baidu’s vice president Xie Guangjun “opening the box” to disclose netizens’ personal data, the “opening the box” industry chain has begun to be known to the public.
Initially targeting celebrities, “opening the box” is now getting closer to ordinary people. For just a few hundred yuan, anyone can buy others’ personal information on overseas Telegram groups, including identification documents, photos, phone numbers, real estate owned, travel information, dating history, or the monthly usage trajectory of a China Unicom mobile phone.
“How far is an ordinary person from being ‘opened’?” has become a topic of media inquiry.
Lin Shengliang, founder of the Chinese Human Rights Accountability Database (Evil List), told Dajiyuan that the most common way of “opening the box” is through the social engineering database on Telegram. Various industries in China, such as express delivery, hospitals, civil affairs, and public security systems, have had massive data leaks, which have been transferred and stored in the Telegram social engineering database, becoming an industry chain.
“For example, if someone needs marriage information about a person, they can find it by checking that system.”
Zhong Shan, a senior engineer at a Silicon Valley communication network in the United States, told Dajiyuan that the “opening the box” industry chain generally operates on Telegram, and both parties engage in underground transactions in anonymous Telegram groups.
After the “opening the box” incident involving Xie Guangjun’s daughter in March, a large number of mainland journalists checked the Telegram social engineering database. Both journalists themselves and their colleagues could basically find out the real basic information of individuals. However, some journalists noticed that most of this information was from many years ago. If they wanted to check current information, they would need to pay extra.
This seemingly proves that the information in the social engineering database is not just a storage repository for old data but can also be synced in real-time with domestic data to obtain the latest personal information.
Lin Shengliang believes that general information can be queried through the social engineering database, but for precise searches, it is generally dependent on internal staff of public security, civil affairs, or prison systems, known as “moles.” For example, a prison guard in the prison system who can log into the computer can retrieve information on all prisoners and sell it.
In a report in March, a journalist from Southern Metropolis Daily accidentally discovered that mainland public security was involved in the buying and selling of citizens’ privacy when purchasing information from the social engineering database.
According to a December 2023 report in China Youth Daily, operators of “social engineering databases” said that “moles” have become the main suppliers of their “goods,” stating, “As long as there are people inside each system, this information can be found without worry.”
A social engineering database operator who claimed to have worked as a phone customer service representative in a certain operator said that although he was only a basic employee at the time, he had high backend system privileges and could “find everything.”
Zhong Shan believes that in Telegram business groups, it is not difficult to guess that the public security cyber police department is behind them. This is because the public security cyber police department has greatly delegated its powers, and even grassroots cyber police can access a large amount of data.
He analyzed that during the CCP pandemic period, all personal information of individuals, including identification numbers, phone numbers, property information, DNA samples, were aggregated; and major mainstream social platforms have databases that require aggregating identification cards, logistics addresses, etc. When all these fragments are aggregated, valuable complete information is created.
“In the past, information was compartmentalized, and the Ministry of Public Security did not have such extensive data. Since then, the Ministry of Public Security, especially the cyber police and web monitoring departments, have obtained a large amount of citizen data.”
“Whoever has the data tends to seek profit and rent-seeking,” he said.
Zhong Shan stated that this industry chain is fundamentally uncontrollable because there are huge profits in “opening the box,” such as debt collection companies chasing debtors, those who owe mortgages or violate mortgage agreements, marital disputes, property disputes, disputes over company control, etc.
In recent years, under the rule of the CCP in China, there have been frequent large-scale leaks of personal information.
For example, at the end of June 2022, a hacker user put up for sale about one billion pieces of personal data stolen from the Shanghai Public Security database on the internet; in early 2023, it was reported that 4.5 billion pieces of personal information in mainland China were leaked, suspected to be data from e-commerce or express logistics industries, and more.
This leaked personal data has become a convenient tool for the online fraud industry, with the most famous being the Burmese online fraud garden.
Recently, there was a circulating story of a 20-year-old Chinese girl who went to Malaysia to study and, on the fifth day, received a call from a fraud group accusing her of being involved in a felony extortion case. Believing she had actually caused someone’s death, the girl felt extreme guilt and jumped from the 39th floor of an apartment on the ninth day of her arrival in Malaysia.
Zhong Shan stated that data is a double-edged sword, and its harm or benign use depends on who is using it.
He believes that in an ideal situation, data should not be highly aggregated and should be managed in layers. At least this is the case in the United States. For example, DNA data is not open for national security unless it is needed to solve a case, but this requires approval.
Based on each person’s right to “private and family life, their home, and their communications privacy,” the European Union passed the General Data Protection Regulation (GDPR) in 2016, becoming the “golden standard” in the field of data protection laws. In just 2020-2021, GDPR recorded over 120,000 data breach notifications, with total fines close to 160 million euros.
Why have large-scale data leaks in China led to the formation of an industry chain and online fraud?
Lin Shengliang stated that the source of all information leaks lies in the CCP’s violation of citizens’ privacy rights. This is because when setting up large-scale data monitoring for the people, every department was required to build its database, which is ultimately owned by the CCP.
“The CCP cannot control it either; they can’t contain it no matter how they tout it. Because in China, you have to show your ID everywhere, meaning disclosing information whenever you receive a package.”
Wu Shaoping, a human rights lawyer in the United States, told Dajiyuan that the CCP’s authoritarian system seeks to control society by implementing real-name registration, which gives it access to personal data of all citizens nationwide. “Where you live, who you live with when you stay somewhere, it knows everything clearly.”
Wu Shaoping stated that every department of the CCP has its database, such as China Mobile, China Unicom, telecommunications companies, and departments like education, industry and commerce bureau, etc., all possess rich personal identity information.
He mentioned that public security is the largest holder and controller of personal data. Every public security office has the authority to access citizens’ personal information, such as phone numbers, addresses, bank cards, and social media accounts, among others.
“These departments have administrative authority, meaning they have control over public resources, hence they have the power to monetize.”
Wu Shaoping pointed out that the online fraud sector in the Golden Triangle of Myanmar has existed for so many years, and they have vast, complete personal information about Chinese residents, even knowing how much money is in their bank accounts. Where do they get this personal information from?
“If it weren’t for insiders within relevant departments in mainland China colluding with these online fraud zones, or even possibly systematically participating, these fraud zones would not have obtained such extensive personal information.”
Although the CCP consistently emphasizes counterespionage and data security, and has enacted multiple related laws, the fact that the personal data of Chinese citizens has been extensively exposed undoubtedly contradicts the CCP authorities. Whose data security does the CCP really want to protect?
Following the exposure of the incident where the daughter of Baidu’s vice president Xie Guangjun disclosed netizens’ personal data through “opening the box,” Weibo has taken action against some accounts involved in “opening the box,” and Xinhua News Agency has also called on the public to say no to “fleshing out the box.”
Some commentators believe that the reason why the authorities took such actions is not to genuinely protect the data security of the people, but out of fear of backlash hitting themselves.
Many overseas individuals have mentioned the “Evil List,” which is specifically aimed at exposing CCP officials through “opening the box.”
The “Evil List,” also known as the “Chinese Human Rights Accountability Database,” is a website established by overseas justice advocates targeting law enforcement officials from the CCP’s public prosecution and judicial systems who violate human rights. The basic information of these wrongdoers, such as identification documents, phone numbers, photos, and the evil deeds they have done, are all listed.
Wu Shaoping stated that the CCP fundamentally doesn’t care about whether the personal information of the people has been leaked or if their lives and property safety is threatened. Just look at the online fraud zones; how many Chinese citizens are exploited, deprived, or even trafficked there every year. Besides media attention, does the CCP truly care about them? It’s just that public opinion has grown, so they put on a show to pacify society.
“Now they have found that this ‘opening the box’ has turned against them and disturbed their plans.”
Zhong Shan stated that now the boomerang has come back and hit them.
“The Communist Party used to use ‘opening the box’ to catch the common people, then, motivated by interests, they could catch officials as well. Isn’t this a boomerang effect? Because the Evil List is now getting more and more help from the ‘opening the box’ organization, essentially promoting the force of ‘opening the box.’ While it’s not direct causation, there is certainly an impact.”
Lin Shengliang stated that the CCP has made the people all “bare,” without any privacy. Now, when they are made a little vulnerable, they pull out the excuse of protecting people’s privacy. If they genuinely want to protect people’s privacy, they wouldn’t have implemented so much surveillance, commentators, blind hole identification, facial recognition, fingerprint recognition, etc.
“The CCP knows how to monitor the people, but it can also be used to supervise them” he said.
As the founder of the Chinese Human Rights Accountability Database (Evil List), Lin Shengliang stated that all the people they’ve disclosed are basically evildoers or authorized evildoers within the CCP, with not a single ordinary citizen involved.
“The majority are party members, with the largest portion being law enforcement officials, as the central region where evils concentrate is within the public prosecution and judicial system,” he added.
Lin Shengliang stated that as officials, according to international norms, they ought to be publicly disclosed, such as their property and assets. Not doing so while engaging in wrongdoing is why they’ve established the Evil List, to provide a kind of oversight on them by a third party. Using this symmetric approach achieves a form of information equilibrium.
Their ultimate goal is to increase the cost of their wrongdoing, to suppress their evils. If those listed continue their wrongdoings, their personal information will continue to be publicized, but they can be delisted if they stop their wrongdoing.
“At present, we have 570 people on this Evil List, and four to five have already been delisted. Of course, if they continue their wrongdoing, we can restore their information at any time.”
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sundanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu