Even if you have never set foot in China, Hikvision’s cameras have likely seen you. By 2017, Hikvision had captured 12 percent of the North American market. Its cameras watched over apartment buildings in New York City, public recreation centers in Philadelphia, and hotels in Los Angeles. Police departments used them to monitor streets in Memphis, Tennessee, and in Lawrence, Massachusetts. London and more than half of Britain’s 20 next-largest cities have deployed them.
Hikvision’s reach requires a map to fully appreciate it. A recent search for the company’s cameras, using Shodan, a tool that locates internet-connected devices, yielded nearly 5 million results, including more than 750,000 devices in the United States. The results map, which uses red dots to represent devices, looked like a coronavirus-pandemic tracker, with clusters of activity in major cities.
Offering huge discounts to American redistributors, Hikvision has supplied cameras to Peterson Air Force Base, in Colorado, as well as the U.S. embassies in Kyiv, Ukraine, and Kabul, Afghanistan. More than 90 companies relabeled the cameras with their own brands, according to IPVM, a surveillance-industry-research group. Citing national-security concerns, Congress ordered federal agencies to remove Hikvision cameras by August 2019. The U.S. government struggled to find them all.
The company began as a Chinese state entity and maintains close ties with China’s Communist leaders. The China Electronics Technology Group Corporation (CETC), a fully state-owned defense-industrial conglomerate, is Hikvision’s largest shareholder and straddles the military and civilian sectors, producing such varied goods as lasers and washing machines. Since its public listing on the Shenzhen Stock Exchange in 2010, Hikvision has, if anything, strengthened its connections with the government.
It’s a symbiotic relationship. In 2015, the chair of Hikvision emphasized the importance of integrating Communist Party policies with business-development goals. Not long after, Chinese President Xi Jinping visited Hikvision’s headquarters, and the government provided Hikvision with a $3 billion line of credit.
With generous state support at home and low-cost sales abroad, Hikvision has become the world’s surveillance heavyweight. Its facilities can churn out 260,000 cameras daily—two for every three people born each day. In 2019, it produced nearly a quarter of the world’s surveillance cameras, with sales in more than 150 countries.
Among the policies that Hikvision’s products have supported is China’s wide-ranging crackdown against the predominantly Muslim Uyghurs and other minority groups in the western province of Xinjiang. There, CETC has supplied military-style command and surveillance systems, facial-recognition systems that automate ethnic profiling, and a police program that aggregates data and flags people deemed potentially threatening. “Our goal is to lead the development of China’s electronics industry and build the cornerstone of national security,” CETC’s chair said in 2017. (Hikvision did not respond to requests for comment for my book or for this edited excerpt.)
Far from being appalled by Hikvision’s role in China’s atrocities, however, plenty of foreign leaders are intrigued. They see an opportunity to acquire tools that could reduce crime and spur growth. Of course, the authoritarian-leaning among them also see a chance to monitor their domestic challengers and cement their control. But mayors in developing countries are just as focused on creating jobs and improving city services as their counterparts in wealthier countries. They have fewer resources, though, which can make Chinese technology even more appealing.
Hikvision is fighting for a lucrative opportunity to watch your front door, and it is hoping you will welcome it inside. As the cost of processors and sensors has plummeted, and broadband speeds have risen, more household devices are being connected to the internet—washing machines, televisions, even toasters. In 2020, Cisco estimated the number of all internet-connected devices, inside and outside homes, at 50 billion. By 2030, it projects there will be 500 billion. Put differently, that is 500 billion eyes and ears.
Surveillance cameras may seem like an extreme example, but the constant collection of data by other devices carries serious risks as well. Fitness watches and bands are growing in popularity and often track movements, heart rates, and sleep patterns. Xiaomi, a top Chinese manufacturer of phones and other gadgets, sells a fitness band with a military-grade sensor and 30-day battery life for $35. Its motto is “Understand your every move.” These types of products—whether produced in China or elsewhere—offer new forms of convenience, but many lack proper privacy and security safeguards.
Connected homes are an efficiency dream—and a cybersecurity nightmare. Microphones are not only on smartphones but also in speakers, alarm clocks, TVs, cars, refrigerators, and most places where people spend their time. An internet-connected refrigerator seems benign, but as the scholar Laura DeNardis explains in her book The Internet in Everything, it could reveal private details about an individual’s health as well as when that person is home, or even provide an avenue to access other devices on the same network.
U.S. officials’ public warnings against connected devices have largely gone unheeded. As the former director of National Intelligence James Clapper told Congress in 2016, “Intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.” Seven months after Clapper’s warning, a botnet named Mirai infected more than half a million devices, many of them Chinese-made webcams, and used them to knock major websites offline. Cybersecurity researchers recently discovered a crucial vulnerability that allows attackers to gain control of affected Hikvision devices, which John Honovich, the founder of IPVM, described as “by far, the biggest vulnerability to ever hit video surveillance.” Hikvision has since released a patch to fix the shortcoming.
As the internet expands ever further into the physical world, security remains too often an afterthought rather than a primary selling point for consumer devices. Designing technology that is more secure and that can be patched in the future when vulnerabilities are discovered requires more time and money. These issues suggest that companies will keep security to the bare minimum until consumers or regulators demand otherwise. These practices aren’t limited to just Chinese companies. As the cybersecurity expert James A. Lewis observes, “Chinese actors appear to have little trouble accessing U.S. data and devices even if they do not use Chinese services or were not made in China.”
Looking to profit from the smart-home bonanza, Hikvision’s U.S. subsidiary, EZVIZ, has tried to put a friendlier face on its products. EZVIZ emphasizes that it is based in City of Industry, California, and its ads suggested at one point that the company had been started by three Millennials from the Midwest. Since arriving in the U.S. in 2015, the EZVIZ brand has expanded from cameras to doorbells, locks, and even automated lights. Its products are sold by Home Depot, Walmart, and other major retailers.
In 2018, the Consumer Electronics Show, which is to electronics what the Detroit Auto Show is to cars, gave EZVIZ an innovation award for its Smart Door Viewer. The device watches through a peephole, examines faces, and compares them with images in a user-defined database.
Let this sink in. The same technology that is contributing to the greatest human tragedy of this century may also watch over streets in your city, buildings in your neighborhood, and the living room next door.
While trying to learn more about how these tools work, I discovered that Hikvision’s online training and certification courses were still open. Topics ran the gamut, including license-plate recognition and thermal cameras. Curious to see how the company was pitching its products, I enrolled in two professional-certification courses.
The first, Hikvision’s sales training for North America, promised to cover “the key topics crucial to effectively positioning and selling Hikvision products.” What it provided was a peek into an alternative reality.
The course began by proudly recounting Hikvision’s rapid rise. It touted Hikvision’s 14,500-employee salesforce, its 8 percent of annual revenue invested in R&D, and its presence in more than 150 countries. These stats would be helpful for sales reps introducing the Chinese company to potential customers.
Some customers would have already heard about the company, and their first impressions may not have been positive. Because of the company’s growing challenges in the U.S., I expected that the course would include some suggested answers to frequently asked questions: What is the relationship between Hikvision and the Chinese government? Does Hikvision sell equipment to Chinese security forces in Xinjiang?
But these topics were ignored entirely. There was no mention of human-rights issues, let alone allegations of violations. There was no explanation for how a large customer—the U.S. government—became Hikvision’s most vocal critic. There was not even a hint of the company encountering trouble in the U.S. market. Hikvision described itself as a thriving business with no obstacles and only upside ahead.
The course did, however, make a direct appeal to help Hikvision’s image. “Social media exposure, speaking engagements, and promotion of cybersecurity initiatives help the installer and integrator with their customers … If we look good, you will look good with your customer.” (The reality is much less flattering: In early 2021, Google’s top suggested question for a search of the company’s name was “Why is Hikvision banned?”)
The second course was more revealing of the equipment’s capabilities and limits. Made for surveillance-industry professionals, it covered how to design, install, and operate Hikvision systems. While the sales course described what the “smart” features can do, this technical course explained how they work and how to properly set up cameras to use them.
Most of the case studies focused on protecting private property. “Intrusion detection,” which triggers an alarm when a person or vehicle enters a defined zone, was shown guarding an oil pump. “Line-crossing detection” was protecting a fence alongside a road. “People counting” and “heat mapping” were used in a department store to monitor foot traffic. The course argued that surveillance is often viewed as an expense, but the data it provides can be used to increase revenue.
Not mentioned was how these capabilities can be used in drastically different ways. People counting can also alert repressive governments when large groups are gathering. Line detection can alert local police when people come and go from a dissident’s house. Automated alarms can keep people from being free.
Hikvision’s facial-recognition arsenal offers a single system to dole out punishments and rewards. “Recognise people from your blacklist and notify security to take action to reduce risks,” a brochure says. “Recognise whitelist customers so they can experience exclusive VIP service from the moment they arrive.” Looking beyond the racist terms, which industry professionals have advocated replacing, one does not require much imagination to see the potential for abuse: With facial recognition, a club owner can spot valued patrons and lavish them with free drinks, or a despot can identify, track, and silence opponents.
Both courses were naturally focused on showcasing what the products could do, but they did occasionally hint at limitations. The people-counting feature, Hikvision explained, is only 90 percent accurate when traffic is heavy. Softening customer expectations, one slide noted that “entertainment TV is fiction. What they do on CSI and NCIS and other programs is not reality. A CCTV system is NOT going to have unlimited zoom with crisp images.”
These caveats are not readily advertised to prospective customers. One reseller of Hikvision products claims that its facial-recognition cameras capture images with an accuracy greater than 99 percent, and are unaffected by slight changes in lighting, hair style, or facial expression.
Yet facial-recognition products have biases that arise from the data used to train them. Hikvision’s algorithms are most accurate on people from East Asia and least accurate on people from Africa, according to third-party tests.
With more training and data, these systems are improving, but I would not trust them to make important decisions. It is one thing to have a system miscount the number of people who spent time in the produce section of a grocery store and quite another to have it misidentify an individual as the suspect of a crime. These are not theoretical risks, nor are they limited to Chinese suppliers: By the end of 2020, three cases had emerged in which U.S. police had wrongly arrested Americans because of false positives in facial recognition. All were Black men.
As the second course continued, it delved into surveillance capabilities while ignoring all constraints. The objective of every training scenario was to expand the ability to surveil and detect. In every case, the person behind the camera accumulates power, while, for good or bad, the person on camera becomes a target. The authoritarian approach does not question this imbalance. It makes no effort to minimize harm.
The use of military language, common in the surveillance industry, heightens the sense that these tools can easily become weapons. Cameras can be set to “patrol,” meaning that they can pan and tilt at predefined intervals, scanning areas on a loop. “Intrusion detection” sounds like a method for defending a bank or a military base—a system that catches only bad guys. Hikvision’s cameras do not check identities. They “capture” faces.
When I finished both courses, I was relieved to be done, but also unsatisfied. After passing two exams, I was supposedly qualified to sell and install systems that use AI to identify faces and analyze behavior. But I remained utterly unequipped to deal with the privacy and human-rights concerns that these systems raise.
This ethical blind spot is hardly limited to Chinese surveillance companies, or even the surveillance industry writ large. Oracle, a Texas-based tech company, has marketed police applications of its software in countries with poor human-rights records, including China, Brazil, Mexico, Pakistan, Turkey, and the United Arab Emirates, as the journalist Mara Hvistendahl has reported. More fundamentally, private companies’ bulk collection of personal data—what the Harvard professor Shoshana Zuboff has dubbed “surveillance capitalism”—has wide-ranging implications not only for privacy but also for social control.
Many technology companies have sought to cast themselves as high-tech hardware stores, simply selling tools to customers who are ultimately responsible for how they are used. When asked whether the telecommunications-equipment company Huawei could be held accountable for the Chinese government’s use of its products in Xinjiang, the company’s founder and CEO, Ren Zhengfei, replied, “Can a carmaker determine who it will sell the cars to? What the carmaker sells is just the car itself. What will be put into the car is determined by the driver.”
But Huawei, Hikvision, and others sell capabilities as well as methods. To borrow Ren’s metaphor, they provide driver training, and sometimes chauffeurs too. They do not check to see if you have a bad driving record or a license to drive. They have been willing to sell any product they have to anyone who will buy, with very few exceptions.
That laissez-faire approach appears unsustainable. As more communities debate the merits of AI-powered surveillance, companies will be forced to play a more active role in preventing harm. Those that engage constructively in this conversation can earn trust and stand to profit from addressing social concerns. As the environmental movement inspired ecologically minded standards and green products, the push for socially responsible AI could influence the market for surveillance equipment. The U.S. could work with its partners and allies to lead this charge. Such an effort would challenge China’s current activities by drawing a stark contrast, providing a superior alternative, and offering incentives for adoption.
For a company whose motto is “See far, go further,” Hikvision has appeared shortsighted, if not willfully ignorant, in view of the growing backlash. Evidence of the company’s role in Xinjiang’s camps surfaced as early as 2018. But it was not until 2019, after Western investors began divesting, that Hikvision issued its first environmental, social, and governance report. “There have been numerous reports about ways that video surveillance products have been involved in human rights violations,” it noted. The document was heavy on passive voice and light on specifics.
Hikvision’s concern for human rights seems superficial. It promised to incorporate the United Nations’ Universal Declaration of Human Rights, among other provisions, into its practices and hired a U.S. law firm, Arent Fox, to conduct an internal review, which it has not made public. After waiting for a copy of the review, a Danish pension fund finally divested from Hikvision in November 2020, noting that it had “lost patience with the company.” Hikvision also appointed a chief compliance officer, who is vaguely responsible for “covering areas of human rights protection, data security and privacy protection as well as social responsibility, etc.” Apparently, the company could not be bothered to finish the sentence and fully articulate the position.
Social risks are an even greater worry for Hikvision’s clientele, including the Chinese government. Fear about social unrest is what motivates the construction of a surveillance state that attempts to reach deeper into citizens’ lives. By clumsily imposing more invasive measures, however, the state could strengthen the very forces of resentment that it fears the most. When systems do not deliver the precision they promise, privacy advocates and dissident groups are not the only ones who are disappointed. After enough errors, even supporters of surveillance measures begin asking questions.
This post was excerpted from Hillman’s new book, The Digital Silk Road. When you buy a book using a link on this page, we receive a commission. Thank you for supporting The Atlantic.