China bans compulsory facial recognition and its use in private spaces like hotel rooms

Asia In Brief China’s Cyberspace Administration and Ministry of Public Security have outlawed the use of facial recognition without consent.

The two orgs last Friday published new rules on facial recognition and an explainer that spell out how orgs that want to use facial recognition must first conduct a “personal information protection impact assessment” that considers whether using the tech is necessary, impacts on individuals’ privacy, and risks of data leakage.

Organizations that decide to use facial recognition must data encrypt biometric data, and audit the information security techniques and practices they use to protect facial scans.

Chinese that go through that process and decide they want to use facial recognition can only do so after securing individuals’ consent.

The rules also ban the use of facial recognition equipment in public places such as hotel rooms, public bathrooms, public dressing rooms, and public toilets.

The measures don’t apply to researchers or to what machine translation of the rules describes as “algorithm training activities” – suggesting images of citizens’ faces are fair game when used to train AI models.

The documents linked to above don’t mention whether government agencies are exempt from the new rules. The Register fancies Beijing will keep using facial recognition whenever it wants to as its previously expressed interest in a national identity scheme that uses the tech, and used it to identify members of ethnic minorities.

Zoho wins India’s web browser challenge

Zoho has won the competition to create a made-in-India web browser that the nation’s government will champion as idea for local users.

India’s government launched the Web Browser Development Challenge in 2023 and called for competitors to develop apps that use a root certificate issued by the nation’s Controller of Certifying Authorities so local users would not be dependent on certificates issued by entities controlled by other government.

Zoho’s Ulaa browser won the competition the company won ₹1 Crore ($115,000) to ensure its compatibility with iOS, Windows, and Android. Two startups, Team PING and Team Ajna, were named as first and second runners up.

India’s government hasn’t outlined a plan to have device-makers adopt the browsers, which may be hard to achieve as the nation’s dominant mobile carrier Jio is so close to Google that the two collaborated on a custom version of Android for low cost home brand handsets.

Volt Typhoon-adjacent gang targets Taiwanese infrastructure

Cisco’s Talos threat-hunters last week reported attacks on critical infrastructure in Taiwan, including telecommunications, healthcare, and information technology operations, by a crew that uses similar tactics to those employed by the probably-China-backed Volt Typhoon and Flax Typhoon crews.

Talos named the group “UAT-5918” and assessed it as “motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim environments for information theft and credential harvesting.”

UAT-5918 often gains access by exploiting a known, and unpatched, vulnerability. Once it compromises and org, it moves laterally and looks for juicy info to exfiltrate.

X apparently sues India

Elon Musk’s social network X has reportedly sued the government of India over laws that allow content takedowns.

India has argued it needs laws to take down content that could threaten national security, but its government has sometimes decided that posts about mass protests against its policies should be taken down. X’s court filing, seen by Reuters, aims to fight India’s laws on grounds they violate freedom of speech.

Japan claims new cyber-law won’t hurt privacy

Japan’s government last week tabled a new cybersecurity bill that will shift the nation to an “active defense” stance – including offensive operations against offshore targets felt to represent a threat to national security.

Digital Minister Masaaki Taira said the law follows international norms.

The bill faces opposition at home as it allows Japan’s government to obtain info from operators of critical infrastructure such as electricity and railways to obtain communications information to monitor for potential cyberattacks.

Minister Taira assured Japan’s parliament personal information is not the target, and assured lawmakers that the bill includes safeguards that will preserve privacy.

Aussie think tank claims Chinese harassment

The Australian Strategic Policy Institute (ASPI), a think tank founded and funded by Australia’s government, last week claimed it had become the target of Chinese trolls after publishing research critical of the Middle Kingdom.

“Staff have been threatened, harassed & abused, with female staff targeted most viciously. Most of the claims made in Chinese state media are false, including that ASPI has halted its China research,” wrote ASPI executive director Justin Bassi. ®

READ MORE HERE