The Chinese communist regime’s sweeping collection of private data has reentered public discussion after a 13-year-old girl sparked an internet storm by “opening boxes,” a Chinese cyber slang term for doxxing, or publicly revealing private or identifying information about someone without their permission.
The incident first gained public attention last month when the girl was suspected of obtaining the data from her father, Xie Guangjun, a vice president at Baidu, the technology conglomerate that dominates China’s search engine market. Baidu also operates a Chinese equivalent of Wikipedia and is a leading player in other areas, including video streaming, cloud computing, and artificial intelligence. “Opening boxes” implies that once someone’s information is out there, it’s like Pandora’s box has been opened.
Following an internal investigation, Baidu said that the girl had obtained the information from an overseas social engineering database via a messaging app with a name that began with “T,” not from her father or the company.
Several Chinese media outlets have reported that public servants, including the police, are involved in a data black market, which largely operates on the Telegram messaging app.
China experts and dissidents told The Epoch Times that the regime’s obsession with data collection has enabled the leaking of citizens’ private information, a double-edged sword for the Chinese Communist Party (CCP), as the black market has also been used to expose CCP officials accused of human rights abuses.
This recent high-profile “open box” incident also occurred against the backdrop of an intense idol-worshipping subculture among China’s youth, in which different fandoms often engaged in vicious online sparring wars.
On March 12, Chinese fans of a K-pop singer launched an abuse campaign against a pregnant woman over a comment she had made about the pop star. The woman’s private information was published online, and her family members were harassed online as a result. Several others who supported the woman were also doxxed in the following days.
On March 16, internet users found that a Canada-based account holder, who had been “opening boxes” appeared to be Xie’s daughter. The revelation raised concerns that executives of the tech giant can reveal anyone’s private information as they wish.
Xie confirmed on March 17 via the social media app WeChat that his teenage daughter had published private information that she had obtained from an “overseas social media website.” Xie apologized for failing to educate his daughter.
Baidu published a March 19 statement on Weibo saying that an internal audit confirmed that Xie didn’t have access to identifiable user data and that no unusual activities were found in his log. The company stressed that no employee has access to identifiable user data and that the girl had obtained data from an overseas social engineering database via the “T” app.
The Epoch Times reached out to Baidu for further comment but did not receive a response by publication time.
The Epoch Times conducted a Google search using keywords that translate to “open box” and “social engineering database” and found multiple links to Telegram channels that sell information on Chinese citizens. Some channels say they also have information on Taiwanese citizens.
The Telegram channels that The Epoch Times checked each had tens of thousands of monthly users. The range of private information provided varies but can include an individual’s national ID card number, name, residential address, email address, social media accounts, device number, and records such as hotel stays and purchase history.
In a statement to The Epoch Times on Friday, Telegram spokesperson Remi Vaughn said doxing is expressly forbidden by Telegram’s terms of service and is removed by moderators whenever discovered.
‘Insiders’ Leak Information
Following the incident, the Chinese tabloid Southern Metropolis Daily said on March 19 that its journalists had been able to buy accurate information about a colleague, including the addresses of their old dorm and current home, for 300 yuan (around $41). The journalists were told 80 percent of the fee was for “making a screenshot from the police database,” the report said.The report added that a different data bootlegger charged the same amount, and boasted that they were working with the police to access real-time information, and splitting the profit.
According to an article published in December 2023 by state-controlled China Youth Daily, database operators relied heavily on “insider” partners in various state sectors and industries, ranging from banks to hospitality services.
U.S.-based telecommunications engineer Zhong Shan said it’s obvious that the Chinese regime’s cyber police, which have access to an enormous amount of private data, are involved in the black market.
Zhong told The Epoch Times that the value of China’s databases became invaluable during the COVID-19 pandemic when the regime consolidated all databases on individuals’ identities, phone numbers, financial information, and bio information. Users of social media platforms are also required to verify their identities.
“Before [the COVID-19 pandemic], there used to be insulation between various data; the Ministry of Public Security (MPS) didn’t control data on such a scale. Since then, the MPS, in particular, its cyber policing arm, have been in control of a huge amount of data on citizens,” he said. “Whoever has the data would be tempted to sell it.”
He said it’s virtually impossible to shut down the black market because of the high demand for data from lenders, those in marital, financial, or business disputes, and others.
U.S.-based Chinese human rights lawyer Wu Shaoping also said the level of detail in leaked information shows that regime insiders are involved in selling data.
The totalitarian regime has all citizens’ personal information, and the MPS is “the biggest owner and controller of personal data,” he told The Epoch Times.
Besides insiders, China’s centralized database has also shown vulnerability to hacking.
Boomerang Effect
While the CCP uses big data to monitor and control citizens, its data collection has also been used by dissidents to publish information about officials who are accused of human rights violations.“Most of them are CCP members, and most are those who work in China’s policing and judicial system,” he told The Epoch Times, adding that the system is an epicenter of the CCP’s “evil doings.”
Lin said the purpose of the database is to create oversight of the officials and hold them accountable for human rights violations. Individuals would be removed from the database if they stopped human rights violations.
Zhong described the CCP’s data collection as a boomerang, saying the CCP has been “opening boxes” to identify and arrest citizens, and the data are now also used to identify officials.
