China's Public Security Cloud
A look at the massive growth of cloud computing in China's public security sector
This is the second article in a two-part series following the recently publicized leak of a Chinese public security database. Part 1 provides an overview of the leak, while this article takes a broader look at the cloud’s role in China’s public security system.
Following the recent leak of nearly 1 billion records from a Shanghai police database hosted by Alibaba Cloud, updates have come in bits and pieces. Recently, the Wall Street Journal reported that Alibaba Cloud executives had been called in to speak with Shanghai authorities.
I wrote about the data leak in last week’s article.1 This week I’m examining the rise of cloud technology in China’s public security apparatus to provide some context on the scope of cloud technology in China’s public security systems.
First, I should point out that China’s public security cloud infrastructure is an immense topic spanning over a decade of public policy, countless regional cloud projects, as well as billions upon billions of yuan in government and enterprise investment. As such, this article seeks to present an overview of the subject. I also encourage readers to use it as an entry point to further study and analysis.
The State of the Public Security Cloud
The growth of China’s public security cloud is tied to the same core concept driving the country’s tech- and data-based growth: informatization.
Informatization2 is a broad term typically referring to the adoption of information and communication technologies on a national scale. In regard to China’s public security sector, the term typically refers to the spread of big data and cloud computing.
The informatization of the public security sector has led to the spread of the “police cloud” (警务云), a term referring to a private cloud used by a regional (city, provincial, etc.) public security body.
According to a report from ASKCI Consulting published earlier this month, China has steadily increased its investment in informatizing the public security sector, from over 16.38 billion yuan in 2018 to an estimated 24.37 billion yuan this year3 — an annual increase of over 10%. The report also summarizes the scope of this informatization:
Following the motivation spurred by government policy as well as the gradual maturation of big data application patterns in recent years, China’s growing investment and expenditure in the informatization of public security, and the continued achievements of efforts such as the Golden Shield4 project, the Peaceful City5 project, and the Sharp Eyes6 project, a series of public security informatization projects — including foundational public security communication equipment, online platforms, application systems, and public security safeguard systems — have gradually reached completion.
The high-speed development of cloud computing and big data has spurred the constant improvement of big data strategies in public security. The storage, management, and analysis of data have already become important means of administrating society and stopping crime.
A 2018 report from Guosheng Securities states that government investment in public security informatization has steadily constituted roughly three-quarters of the above numbers, while enterprise investment has made up the remaining quarter each year.
On a more granular level, this same report breaks down the companies that build these cloud platforms into three categories:
Traditional server manufacturers, such as Inspur and Lenovo.
Information system integrators, such as Tianyuan DIC.
Professional suppliers specializing in public security informatization.
The Guosheng report also names the cooperation between Tianyuan DIC and Huawei as the strongest force in China’s push to build modern public security hardware and software (as of 2018).
Building a Public Security Cloud Ecosystem
When did the rise of China’s cloud-based public security platforms begin?
A little over a decade ago, China’s policies began to paint a clearer picture of how informatization should be applied to the public security sector.
In 2010, the Ministry of Public Security (MPS) published a document titled The Ministry of Public Security’s Guiding Suggestions on How to Further Standardize and Strengthen the Informatizational Development of Law Enforcement for Public Security Agencies. Addressed to public security bureaus and departments across the country, the document provided China’s policing agencies with a foundational set of policies for building more modern technical infrastructures. The first section summarized the document’s overall objective:
To use public security agencies’ comprehensive police platforms to create an informatized law enforcement system — which will be completed in the eastern, central, and western regions by the middle of 2011, before the end of 2011, and before the end of 2012 respectively — in order to achieve the online entry of law enforcement information, the circulation of law enforcement computer programs, the monitoring of law enforcement activity, the establishment of online platforms for law enforcement training; to practically strengthen the immediacy, orderliness, and systematic management of public security agencies’ law enforcement activities; and to comprehensively enable public security agencies to carry out the law more capably and more effectively, with greater quality and greater public trust.
In 2012, the MPS published a document supplementing the Twelfth Five-Year Plan for the Construction of National Public Security Equipment,7 which explicitly incorporated the concept of building cloud computing centers for public security agencies into China’s plans for informatization.
In 2013, Shandong Province became the first location in China to launch a provincial-level cloud platform for conducting police affairs. The project was carried out by the domestic tech company Inspur. A press release from Inspur called the project one that would “serve as a positive model for promoting the use of Chinese-made cloud computing platforms in China’s public security system.”
Four years later, the Ministry of Industry and Information Technology would name Inspur’s work on police cloud platforms as one of the “top ten big data case studies” of 2017.
A quick Baidu search will reveal countless announcements and proposals for cloud infrastructure projects from public security agencies ranging from local to national levels.
One prominent example is the Beijing police, who paid two separate companies 72 million yuan in 2019 and 246 million yuan in 2021 to build out their cloud platform. More recently, the MPS just finished seeking bids for work on “Project 607,” a new comprehensive information platform for public security personnel that leverages the cloud.
Regulating the Public Security Cloud
As the number of public security agencies leveraging cloud platforms and big data has grown, the Chinese government has also published laws and guidelines regarding how these platforms should grow and how they should protect data.
This includes comprehensive digital regulations like 2019’s Baseline for Classified Protection of Cybersecurity and last year’s landmark Personal Information Protection Law. Notably, the Personal Information Protection Law imposes penalties on government officials who fail to protect citizens’ personal information.
In addition, there are government guidelines specifically for the development of cloud platforms in the public security field.
In early 2018, the Ministry of Public Security’s Office of Technology and Informatization published A Guide Framework for Public Security Cloud Platforms, a document that provided public security agencies with clear guidelines for building cloud systems.8 Some of the requirements laid out in this document are particularly interesting in light of the Shanghai data breach, as the document places a significant focus on database security measures. These include database monitoring and auditing, multi-factor authentication, and multi-layer authentication. In addition, database weaknesses, login accounts and tools, and data interactions must be tracked.
Very recently, 2021’s Fourteenth Five-Year Plan for National Informatization (covering 2021-2025) prominently mentioned cloud computing and also included guidelines for improving “smart” public security infrastructure, specifically mentioning big data.
To get a sense of the various regulations that factor into the growth of China’s public security cloud, one can also examine the contents of the various cloud project announcements posted by Chinese public security agencies. Consider this 2019 announcement published by the Zhongshan public security bureau in Guangdong inviting bids for an upgrade to its cloud infrastructure:
With the swift development of the informatization of public security systems across the country, the conveniences of cloud computing and big data are becoming clearer with each day. Additionally, the Ministry of Public Security has explicitly stated the following in the Twelfth Five-Year Plan for Building National Public Security Equipment and the Special Thirteenth Five-Year Plan for Innovation in Public Security Technology: “Use cloud computing technology to transform the operating environments of information centers; increase information centers’ capacities for operational management, resource integration, guaranteeing safety, and disaster backup; and provide the most foundational operational and supporting environment for the informatization of public security.”
Local Sentiment
A 2018 article from the Jilin Daily on the “police cloud” system completed in late 2017 for the department of public security for Jilin Province provides a snapshot of local attitudes towards this transition. The article presents the move to the cloud and big data is presented as a point of pride as well as a modern necessity.
Below is a quote from Liu Jinbo, deputy governor and head of the provincial department of public security, taken from the article:
The frontier of technology forms the core of our strength. We must persevere in developing in a direction that prioritizes the grassroots level, actual conditions, and society. We must stick to the core concept of implementing a big data strategy for public security. We must put all of our efforts into building a new technological system, creating data-based policing, and building “smart” public security, all with the deeper usage of the “police cloud” at the core.
The opening line of this Jilin Daily article aptly sums up China’s push to modernize its public security tech:
In the era of big data, whoever controls the data has the advantage.
Although the first part of this series was published in early July, I’ve since updated that article to include the details regarding Alibaba Cloud and its executives reported by the Wall Street Journal.
DigiChina’s analysis of China’s 2021-2025 plans for informatization provides a helpful introduction to China’s current goals for informatization in a general sense.
While the text of the report summary uses the unit 万 (10,000), the corresponding chart uses the unit 亿 (100 million), which I have used here. The latter unit is corroborated by this Guosheng Securities report, which contains similar numbers.
A nationwide network security project spanning security management and criminal information, along with other areas. It is thought to include the Great Firewall.
A large-scale urban security and administration project whose scope includes public security, traffic, disaster warnings, and other aspects of urban management.
A broad-scale public security and monitoring project that aims for complete coverage of public spaces and relies on public participation. The name of the project originates from a quote by Mao Zedong: “The people have sharp eyes.” (“公众的眼睛是雪亮的”)
Titled 《关于贯彻落实〈全国公安装备建设“十 二五”规划〉指挥信通装备建设项目的工作意见》, this document is mentioned in multiple sources ranging from this 2013 press release from Inspur to this 2018 report from Guosheng Securities. I’ve been unable to locate a hosted version of the document on the MPS’s site; if anyone comes across a copy of the original document, feel free to get in touch.
While I have been unable to locate the official text of this document, countless references to it exist online, ranging from a government document to online articles, including summaries of its contents. The document linked here was obtained through a Baidu Cloud-hosted copy. While an MPS-hosted version of this document does not appear to exist, I do believe it to be the real thing. The date of the linked document is December 2017, which would make sense given its reported publication date of January 2018 and at least one reference citing the document as being from 2017.