China ponders creating a national 'cyberspace ID'
- Reference: 1722230893
- News link: https://www.theregister.co.uk/2024/07/29/china_cyberspace_id_proposal/
- Source link:
Although the policy is only open for comments and not certain to be adopted, the IDs would [1]serve to "protect citizens' personal information, regulate the public service for authentication of cyberspace IDs, and accelerate the implementation of the trusted online identity strategy," according to a notice posted by the State Council – China's equivalent of a ministerial cabinet.
The ID will take two forms: one as a series of letter and numbers, and the other as an online credential. Both will correspond to the citizen's real-life identity, but with no details in plaintext – presumably encryption will be applied. A government national service platform will be responsible for authenticating and issuing the cyberspace IDs.
[2]
The [3]draft comes from the Ministry of Public Security and the Cyberspace Administration of China (CAC). It clarifies that the ID will be voluntary – for now – and eliminate the need for citizens to provide their real-life personal information to internet service providers (ISPs). Those under the age of fourteen would need parental consent to apply.
[4]Scammers use India's real-time payment system to siphon off money, send it to China
[5]China's internet cleanup campaigns are going so well it needs a new one to protect kids
[6]Japan's digital minister surrenders salary to say sorry for data leaks
[7]Beijing demands government apps must shed their bureaucratic skins
China is one of the few countries in the world that requires citizens to use their real names on the internet. ISPs are required to collect the real names and ID numbers when customers sign up for services and, since 2017, social media sites like Weibo and WeChat must authenticate accounts with documents – including national ID.
Requiring real name registration makes it easier to identify those responsible for online harassment and spread of misinformation, but also raises concerns over stifling of free speech.
[8]
[9]
It's also a chore for companies to acquire and retain the data.
Relying instead on a national ID means "the excessive collection and retention of citizens' personal information by internet service providers will be prevented and minimized," reasoned Beijing.
[10]
Which is good news for anyone more afraid of a corporate data leak than state surveillance.
"Without the separate consent of a natural person, an internet platform may not process or provide relevant data and information to the outside without authorization, except as otherwise provided by laws and administrative regulations," reads the draft.
But just because the data is in the hands of the government and not private companies does not mean a leak won't occur – just ask the Unique Identification Authority of India (UIDAI).
[11]
The agency;s national biometric identification scheme, Aadhar, is used for a wide range of services, from accessing government subsidies and benefits to opening bank accounts and obtaining mobile connections. It also has suffered several [12]breaches since it launched in 2010.
Notably, in 2023, 815 million Indians had their personal Aadhar information [13]put up for sale on the dark web.
Japan's national identification system, MyNumber card, has also faced criticism for privacy concerns and security issues. Last August, Japan's digital minister, Taro Kono [14]offered up three months' salary as an apology for the digital ID's data leaks.
The card had problems even getting off the ground, with records for 130,000 out of 55 million citizens linked to the wrong bank accounts. ®
Get our [15]Tech Resources
[1] http://english.scio.gov.cn/pressroom/2024-07/27/content_117334604.htm
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZqdoRL9fH6y@qzQgiqB89QAAARU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.cac.gov.cn/2024-07/26/c_1723675813897965.htm
[4] https://www.theregister.com/2023/10/24/scammers_use_indias_realtime_payment/
[5] https://www.theregister.com/2024/07/15/cac_summer_cleanup/
[6] https://www.theregister.com/2023/08/17/japanese_minister_offers_up_salary/
[7] https://www.theregister.com/2023/12/19/cac_app_fornalism_crackdown/
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZqdoRL9fH6y@qzQgiqB89QAAARU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZqdoRL9fH6y@qzQgiqB89QAAARU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZqdoRL9fH6y@qzQgiqB89QAAARU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZqdoRL9fH6y@qzQgiqB89QAAARU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[12] https://www.theregister.com/2023/10/24/scammers_use_indias_realtime_payment/
[13] https://www.livemint.com/news/india/aadhaar-data-leak-massive-data-breach-exposes-815-million-indians-personal-information-on-dark-web-details-here-11698712793223.html
[14] https://www.theregister.com/2023/08/17/japanese_minister_offers_up_salary/
[15] https://whitepapers.theregister.com/
Re: Not Surprised
There are real life 'living dead'... people being declared 'dead' and having to fight bureaucracy to get their life back because someone somewhere rubber-stamped a piece of paper with DECEASED by mistake
Just a question...
In which country can you sign up to an ISP without giving a real name and address? How are they going to serve you if they dont have that info? At least where I live, even pre-paid telephones require submission of ID's. Is that not a requirement, pretty much everywhere?
Online services, absolutely dont need real info. And I could see a potential benefit for having a single portal, as then the various Tech firms dont get any info to sell on, except an ID. Although lets be honest they'll probably track that to build up a profile they can sell on anyway. Hopefully, that would be forbidden in any legislation setting this up, but who knows...
But then we all know that the Chinese Government aren't interested in this for the benefits of the Chinese people, only the benefit of the CCP. It's for control and going after dissidents, that's all.
It might be slightly funny, if this does gets implemented though. If a Malware/Phishing campaign can be directly tied to a specific Chinese IP Address, it will be funny to hear what excuses the Chinese Government comes up with for why they cant possibly identify the Malware scum, despite having all of this lovely tracking info available...
Re: Just a question...
Maybe I also live in one of the ‘few countries’…
I have a contract with my ISP and they know my exact address – for obvious reasons.
Re: Just a question...
But the point is it's just an address. Who lives there is, according to the supplier, just the name on the bill. If 24 people live in your address, this "privacy measure" would allow you to all sign on with your unique biometrics. Connecting to a public wi-fi? Just use your state-issued biometric id. Logging onto Facepalm, X(?), your "private" email or whatever - just use that state issued id.
It's great in theory and only becomes a problem when you have something to hide, however minor or insignificant that may be but is disliked by the current state overseers ... like daring to email a jpg of Pooh Bear.
Re: Just a question...
Iglethal,
It's pretty easy to get on the internet anoymously. I don't think there are any ISPs in the UK you can pay for with some sort of pre-paid card / voucher - and given you're wired to a specific address - anonymity isn't exactly easy. But you could use a Mobile phone / 5G modem on a Pay-as-you-Go tariff paid for with pre-pay phone cards with cash. I presume China's laws mean that mobile companies will have to get a name and ID number on all phones.
Re: Just a question...
My memory is a bit fuzzy, but when I had a Pay-as-you-go tariff in the UK, I think I still had to provide ID in order to get the number in the first place...
Admittedly, that's almost 20 years ago (way to make myself feel old!), so maybe I'm remembering wrong, or maybe the rules have changed since then... Maybe it was also because I was a dirty foreigner... :P Perhaps the rules are different for Brits...
Not Surprised
They're only a little ahead of the way the whole world seems to be going.
Presumably none of the numpties read any of the old Sci-Fi stories where someone gets locked out of everything due to a data glitch.