Oracle is Powering China’s Surveillance State

Oracle’s technology is embedded in China’s surveillance state, powering repression in Xinjiang while raising questions about US national security, human rights, and corporate accountability.

In the far northwest of China, in the Xinjiang Uyghur Autonomous Region, police sift through enormous troves of personal data—from facial recognition images to DNA profiles—to surveil, track dissent, and oppress the region’s Muslim population. To do this, the region’s police use software and data services from a well-known American company: Oracle. At a time when Washington is increasingly wary of Beijing’s techno-authoritarian ambitions, Oracle’s extensive operations in China raise urgent questions. How can an American company enable repression abroad while simultaneously working directly with the US government? Policymakers must confront this contradiction head-on, guided by a simple principle: US companies should not be complicit in foreign oppression while receiving American taxpayer support.

Oracle’s Roots in China Public Sector IT Systems 

Oracle, a titan of enterprise software, has a long history of engagement with Beijing and is perhaps the quintessential case of a US tech firm entrenched in China’s public-sector IT infrastructure. By the mid-2010s, Oracle’s database and enterprise management tools were ubiquitous across Chinese government agencies and state-owned enterprises, forming a critical backbone of official IT systems. An online portal run by China’s State Council even touted that Oracle databases power e-government services at all levels. In effect, Oracle became woven into the fabric of China’s governance networks; networks that are being leveraged for surveillance and censorship. 

Courting China’s Surveillance State

This entanglement was no accident. Oracle aggressively courted Chinese state clients with tools and expertise that fit neatly into the Communist Party’s surveillance ambitions. As Chinese authorities invested heavily in “smart city” surveillance and predictive policing programs, Oracle positioned itself as a ready partner. The company marketed its advanced data analytics platforms, such as the Oracle Endeca Information Discovery system, explicitly as law enforcement solutions for China’s police. Oracle representatives in Beijing even held up American examples to sell their products: in one presentation, they highlighted how Chicago police used Oracle software to monitor protesters, implicitly suggesting Chinese security forces could do the same. 

In 2018, at an Oracle conference in California, a Beijing-based Oracle engineer showcased a case study of police in Liaoning province using Oracle tools for “criminal analysis and prediction,” essentially bragging that Oracle’s technology could help sift through massive citizen databases to flag suspects and dissidents. When pressed on this, Oracle’s Executive Vice President Ken Glueck offered no apologies. “We proudly partner with law enforcement,” he said, adding that it was only natural to market a successful US policing project “elsewhere”. In other words, Oracle was content to export its most potent surveillance-enabling technologies to any willing buyer—including an authoritarian regime—under the banner of business as usual.

Using Domestic Intermediaries 

One of Oracle’s strategies in China was to work through domestic intermediaries, allowing it to enable surveillance while keeping a low profile. Local resellers and systems integrators with government ties funneled Oracle tech into state security projects, effectively letting Oracle power China’s surveillance state from the shadows. A prime example is Digital China, a former Lenovo affiliate turned major government IT contractor, which partnered with Oracle for two decades. In 2018—the same year reports of mass detention in Xinjiang began to surface—Oracle crowned Digital China its global “Partner of the Year,” just after Digital China helped implement a $10 million surveillance system for Chinese authorities. That project, complete with Oracle servers, software, and even Oracle engineers on-site, analyzed live video feeds and citizen data for a public security bureau. Thanks to such partnerships, Oracle’s cutting-edge data tools reached police departments in major cities and provinces across China, all while Oracle’s name stayed largely in the background. Through these intermediaries, Oracle became a force multiplier for China’s surveillance apparatus, providing the technological backbone while local partners handled implementation and relationship management with the CCP.

Xinjiang: Oracle’s Tech Powering Oppression 

Nowhere was this quiet complicity more egregious than in Xinjiang, where Oracle’s technology aided what may be the most dystopian surveillance campaign on Earth. Even as Beijing’s repression of Uyghur Muslims in Xinjiang provoked worldwide condemnation, Oracle kept doing business with the Xinjiang Public Security Bureau, the very agency orchestrating mass internments and pervasive digital surveillance. Internal documents and presentations from Oracle in that period reveal that the company’s data analytics and security software were used by Xinjiang police. In fact, for at least a year after the world learned of “re-education” camps and draconian controls in Xinjiang, Oracle was still providing tools that supercharged the authorities’ ability to monitor and classify the region’s oppressed minorities. 

The scope of data Oracle’s systems helped process is staggering: facial recognition images, license plate numbers, DNA profiles, religious activity logs, all funneled into Oracle-powered databases, filtered for “pre-crime” signals by software like Endeca. This predictive policing infrastructure, integrated into platforms such as China’s Integrated Joint Operations Platform (IJOP), enabled officials to track entire populations in real time and algorithmically flag “suspicious” persons for possible detention. In Xinjiang, Oracle’s code quietly became an instrument of oppression.

Aligning With China’s Cyber Sovereignty Demands 

As Oracle technology buttressed China’s surveillance state, the company also demonstrated a keen willingness to comply with China’s restrictive cyber laws to preserve its market access. When Beijing rolled out the 2017 Cybersecurity Law and strict data localization mandates, Oracle did not flinch. Instead, it aligned its business model to honor China’s “cyber sovereignty” dictates, ensuring that Chinese user data remained within reach of state authorities. In 2018, Oracle struck a deal with Tencent—a conglomerate deeply intertwined with the Chinese state—to open a dedicated Oracle Cloud region in China. By partnering with a Chinese cloud provider and keeping all customer data on Chinese soil, Oracle satisfied regulators that foreign tech would not undermine their control. Oracle even indicated its openness to accommodating other demands: hosting transparency centers where Chinese officials could inspect its source code and tailoring its cloud services to meet local standards. In effect, Oracle bent over backwards to show Beijing that it was a team player in upholding the Great Firewall and the regime’s control of information.

To Oracle’s credit, it apparently stopped short of some extremes seen in other firms. For example, the company claims it did not form joint ventures with China’s military-linked companies or hand over source code to the People’s Liberation Army. But such distinctions ring hollow when weighed against Oracle’s overall posture in China. 

Undermining American Values 

The company’s compliance-first approach bought it goodwill in Beijing and helped sustain its government partnerships even as US-China relations soured. Meanwhile, that very compliance undermines the principle of an open, free internet. By localizing data and assisting China’s censorship regime, Oracle directly contradicted American commitments to internet freedom. If a US tech giant willingly enforces Beijing’s cyber sovereignty model for profit, it sends a dangerous message: market share comes before democratic values. And it hands China’s rulers exactly what they want: Western innovation harnessed to reinforce digital authoritarianism at home.

Oracle’s entanglement with China’s techno-authoritarian agenda isn’t just a moral issue—it’s a strategic one. The Chinese Communist Party has made clear its ambitions to lead in artificial intelligence (AI), big data, and surveillance tech as part of a model of governance antithetical to liberal democracy. When an American company like Oracle emboldens China’s security apparatus with cutting-edge tools, it inadvertently strengthens an adversary’s hand. Every Oracle-powered police database in China, every provincial surveillance system optimized by Oracle software, helps perfect a model of high-tech repression that Beijing can deploy at home and even export abroad. China’s surveillance state is a cornerstone of its domestic control and a key feature of its influence on other authoritarian-leaning governments. By helping to refine that machinery, Oracle may be bolstering a system that ultimately threatens US interests and global human rights.

Risks to US Security and Trust  

There’s also a more direct concern: trust and security. Oracle today is a major contractor for the US government, providing cloud services and databases that store sensitive national security information. And the company is far from a marginal player; it is a trusted federal contractor, paid with taxpayer dollars. In 2022, Oracle was one of a handful of companies awarded a share of the Pentagon’s $9 billion multi-cloud contract, alongside major peers such as Amazon and Microsoft. Oracle also benefits from lucrative deals to provide cloud services to the US intelligence community. 

American officials and taxpayers have a right to ask whether Oracle’s cozy ties with China pose risks. If Oracle has allowed Chinese regulators to scrutinize its source code or systems, even under controlled conditions, could that knowledge be misused to exploit vulnerabilities elsewhere? If Oracle’s business incentives require keeping Beijing happy, will that influence how it responds to US security needs or export control laws? Washington has deemed China “the most active and persistent cyber threat” to America’s government and critical infrastructure. In such an environment, relying on a company that has actively catered to China’s cyber governance regime is, at best, a significant point of concern for US national security.

The Moral Imperative

Oracle’s partnership with China also undermines American moral authority. The United States has historically championed human rights and internet freedom, opposing Beijing’s authoritarian excesses. Yet how convincing is that stance if American firms are found enabling the very abuses Washington condemns? Congress recognized China’s atrocities in Xinjiang by passing the Uyghur Forced Labor Prevention Act in 2021, explicitly stating that combating mass internment and forced labor is in the US national interest. It would be a profound hypocrisy to condemn surveillance and repression in Xinjiang on one hand, while tolerating or ignoring an American company’s role in facilitating that repression on the other. Such double standards erode US credibility and undermine the impact of any sanctions or diplomatic pressure aimed at foreign perpetrators. Defending human rights and democratic values requires consistency. If Oracle (or any other US tech firm) aids China’s rights abuses, it must face real accountability at home, lest America’s silence be seen as acquiescence.

The federal government has both the right and the responsibility to demand higher standards from its private partners. Companies that receive public funds and enjoy the privilege of working on sensitive government projects should be held to an elevated ethical bar. Congress and executive agencies should operationalize this principle through rigorous oversight. This could mean greater disclosure requirements about overseas business dealings, human rights due diligence for contractors, or even legislation barring federal contracts for companies that materially support foreign human rights abuses. The goal is not to punish American success, but to align our economic power with our values and security interests.

The Need for Accountability

Oracle’s leadership has thus far defended its China engagements as ordinary business, noting that other Western companies did much the same. But “everyone does it” is a poor excuse for abetting oppression. Policymakers in Washington, urged on by a bipartisan consensus about the China challenge, are growing less tolerant of US companies acting as bystanders—or worse, accomplices—to Beijing’s misconduct. The message from policymakers to firms like Oracle should be unequivocal: you cannot build the digital scaffolding of Chinese tyranny with one hand and expect American taxpayers to pay you with the other.

About the Author: Luke Hogg