China has long been known for one of the most advanced domestic surveillance systems in the world. But a new report from Deutsche Welle raises a troubling question for travelers, foreign workers, journalists and business visitors: what happens when a country’s surveillance infrastructure begins building detailed profiles not only of its own citizens, but also of foreigners moving through its cities?
DW reported that a Chinese cybersecurity expert using the name NetAskari discovered what appeared to be a demonstration version of a remote tracking system built for public security authorities in Zhangjiakou, the Hebei province city that hosted events during the 2022 Winter Olympics. According to DW’s reporting, the system was described as capable of creating “holographic profiles” by combining multiple streams of personal data into a searchable law-enforcement tool. A Taiwan News republication of the DW report says the system appeared to contain real datasets, not just dummy demonstration data.
The report has not been independently confirmed by Chinese authorities, and China has not publicly acknowledged that specific system as described by DW. But the broader direction is not new. China’s police and security agencies have spent years building systems that combine cameras, identity records, phones, travel records, internet activity, biometrics and other data into tools for monitoring and predicting behavior.
From a cybersecurity perspective, that raises two separate but connected risks. The first is state surveillance: the possibility that a government can track where people go, who they meet, what they say online and whether they should be flagged for additional attention. The second is data security: the risk that massive government-linked databases containing personal information could be exposed, abused, misused or breached.
For foreigners, the issue begins at the border. China’s Exit and Entry Administration Law requires foreigners entering China to submit passports, visas or other entry permits for inspection. Foreigners applying for residence permits may also be required to provide biometric identification information, such as fingerprints, and foreigners 16 or older who stay or reside in China must carry travel or residence documents and accept inspection by public security organs.
That means a foreign visitor’s identity is already connected to official records before they ever check into a hotel, buy a train ticket, use a phone, enter a government building or pass through a camera-dense public area.
The concern is what happens when those records are fused.
The Associated Press reported in 2025 that China’s surveillance systems can mine large volumes of information, including calls, payments, flights, video, DNA, mail deliveries, internet use and even utility data, to identify people deemed suspicious or politically sensitive. AP’s investigation found that U.S. technology companies played a major role over decades in helping build parts of China’s digital policing infrastructure, although companies that responded said they complied with applicable laws and export controls.
China’s government has defended its security systems as necessary for public safety, counterterrorism and crime prevention. That argument is not unique to China. Governments around the world use cameras, border databases, facial recognition, phone records and financial monitoring for legitimate law-enforcement and national-security purposes.
The difference is oversight and freedom.
In an open society, surveillance powers are supposed to be limited by courts, independent media, legislative oversight, privacy law and public challenge. In China, critics say those safeguards are weak or unavailable when the government defines speech, religion, association or activism as threats to stability. Freedom House has repeatedly ranked China among the world’s most repressive internet environments, describing online conditions there as “profoundly oppressive.”
That matters for foreigners because they may assume they are only visiting China, not entering a permanent data file. But a modern surveillance system does not need to arrest someone to restrict freedom. It can create a chilling effect. A business traveler may avoid meeting certain people. A journalist may hesitate before contacting a source. A student may self-censor. A foreign employee may avoid discussing politics, human rights, Taiwan, Tibet, Xinjiang, Hong Kong, labor disputes or military issues, not because they have done anything wrong, but because they do not know how their activity will be interpreted.
The U.S. State Department currently warns that the People’s Republic of China may arbitrarily enforce local laws, including exit bans on U.S. citizens and citizens of other countries, without fair and transparent legal process. That warning is not only about technology. It is about the legal environment surrounding the technology.
China has also moved to regulate facial recognition. Reuters reported that rules issued by Chinese authorities in 2025 said individuals should not be forced to use facial recognition for identity verification and should be given alternatives, with requirements for consent and visible notices where facial recognition is used. Those rules may offer privacy protections on paper. But civil-liberties advocates question how meaningful consent can be when the state itself is the dominant collector, regulator and user of identity data.
For travelers, the practical cybersecurity lesson is clear: assume that digital privacy in China is limited.
That does not mean every visitor is being actively monitored by a human officer. It means the systems are capable of collecting, storing and connecting data in ways most visitors cannot see or challenge. A phone carried into China may reveal contacts, messages, app logins, location history, cloud accounts and work communications. Hotel registrations, train tickets, payment apps, surveillance cameras and internet activity can create a digital trail. Once collected, that trail may be difficult or impossible for a foreigner to inspect, correct or delete.
For companies, the risks are even broader. Employees traveling to China may carry intellectual property, client files, confidential communications, legal strategy, government-related work or personal information belonging to others. If those devices connect to local networks or apps, the cybersecurity exposure may follow the company home.
A cautious travel policy would treat China as a high-surveillance environment. That means using clean travel devices, limiting stored data, avoiding sensitive conversations on local networks, disabling unnecessary cloud syncing, using strong account protections, and assuming that hotel Wi-Fi, public Wi-Fi, local apps and border inspections may not provide the same privacy expectations Americans are used to.
But the larger issue is not just whether a traveler’s phone is safe. It is whether the expansion of surveillance technology changes how people behave.
When cameras, biometric databases, internet controls and police analytics merge, freedom can disappear quietly. People do not need to be told directly that they are not free. They begin to understand that every movement, message and meeting may be recorded somewhere. That is the real power of a surveillance state: it turns ordinary life into something people manage defensively.
China’s system is often presented as a domestic political issue, but DW’s reporting suggests the reach may be broader. Foreigners who enter China may not be outside the system. They may simply be newer entries in it.
For Americans and other foreign visitors, the lesson is not panic. It is awareness. China remains a major destination for business, education, tourism and diplomacy. But anyone traveling there should understand that the same technology that can make a city efficient, safe and convenient can also make privacy fragile and freedom conditional.
