APP can simulate the health code at will, and one sentence of disclaimer can get away with it?
This kind of software is difficult to put on the domestic application store or website platform.
The National Cyberspace Administration of China, the Ministry of Industry and Information Technology, etc. all have relevant regulations on this, stipulating platform responsibilities, which means that software suspected of illegal or spreading bad information on the platform must be deleted in time. The platform has this obligation.
Shan Yong Professor of Law School of Nanjing University
It can simulate health codes, resumption codes, and pass codes in multiple locations; customize regions, cities, and names; set green codes, yellow codes, and red codes at will... When the domestic situation of new crown pneumonia epidemic prevention and control becomes severe again, one The "Health Code Demo" APP was recently exposed by netizens.
On January 13, the official Weibo of the Information Office of the Hangzhou Municipal People's Government issued a notice stating that the software developer was 41-year-old Xie XX and that criminal coercive measures have been taken.
After the public security department intervened in the investigation, the software was immediately removed.
However, the public concerns and discussions caused by the software have not ended. Some netizens worry that it may be used illegally: Will there be fake health codes when this software is on the shelves?
So, how does the law stipulate the behavior of writing and publishing health code demonstration software?
What is the behavior if someone uses this software?
Can additional technical means be added to the health code verification link?
To this end, a reporter from Science and Technology Daily visited relevant experts in computing technology and law.
Health code demo software appeared in the application market
On January 11, the Weibo blogger @路纽约 announced that in the Google Play application store, a software called "Health Code Demo" can display the health codes of various places at will according to personal needs.
This APP can be described as a supernatural power. It can simulate health codes, resumption codes, and pass codes from all over the country. It can also display different health codes as needed, such as green code, yellow code, red code, etc., and can customize input and display related data. Such as region, city, name, etc.
It can be said that there are codes for what codes and names for what codes.
It is worth pondering that the APP also marked "Precautions" on the details page, saying that the application is only for demonstration purposes. The QR code is not the actual health code or resumption code. Please do not use it when the code is scanned, so as not to cause trouble. A necessary misunderstanding.
The software has been taken down due to reports by many people, but it has been downloaded more than 1,000 times.
The Google Play application software store is mainly for foreign users. Under the severe situation of increasing imported epidemics, once used by immigrants for domestic travel, it is very easy to cause the spread of the epidemic.
The Hangzhou public security organ quickly intervened in the matter after learning about it.
However, netizens soon discovered that the company name and address on the software were fake.
The registered address of the software is a private residence in Hangzhou, not an office space, and the “Papai Technology” company displayed by the software cannot find relevant information.
"As far as we know, the software author once uploaded the code to a hosting platform for open source and private software projects, GitHub, but it has been deleted." Lei Ming, a teacher at the School of Computer and Software, Nanjing University of Information Science and Technology, told reporters that the development of this Software is not difficult, it can be completed by a university undergraduate who has studied computer software development.
According to Run Leiming, the developer should have collected health code patterns from all over the country, used QR code generation technology to simulate health codes from all over the country, and set various personal and regional information through custom options.
"Uploading an APP in the Google Play application software store requires registration first. Both companies and individuals can publish the software after paying a registration fee of more than $20, and Google will also review the software." Leiming said.
Disruption of public order, disclaimer is not a safe haven
On January 12, Xie XX was filed for investigation by the West Lake District Bureau of Hangzhou Public Security Bureau.
According to the WeChat public account of the People's Procuratorate of Xihu District, Hangzhou City, Zhejiang Province on January 17, the court has sent prosecutors to intervene in advance in accordance with the law.
Currently, the case is being further processed.
It is still unknown what Xie XX developed this software for, but he clearly knew that his actions might touch the legal red line.
It can be seen from one detail: He not only used false company name and address information, but also deceived himself by labeling "Precautions" in an attempt to excuse himself.
"This statement is useless. The law does not depend on what he says, but on what he did." Shan Yong, a professor at the Law School of Nanjing University, believes that Xie Mo's behavior disrupted epidemic prevention and control measures and social order, so The official announcement from Hangzhou called it a "Internet illegal case involving the epidemic."
Shan Yong said that the health code is related to the effectiveness of epidemic prevention and control and the stability of social order. From this perspective, the relevant provisions of the "Infectious Disease Prevention and Control Law" and "Public Security Management Punishment Law" are applicable to this case.
However, it is not ruled out that through the investigation of the public security organ, it is found that his behavior is suspected of violating the criminal law.
In terms of nature, “providing software for forging health codes is a network assistance behavior that hinders the prevention and control of infectious diseases and other illegal acts that endanger public health order. The specific crime involved in this case depends on the evidence obtained by the public security agency’s investigation. "Shan Yong said.
Shan Yong told reporters that the current domestic epidemic prevention and control situation is severe. This is a typical behavior that disrupts epidemic prevention and control. Judicial authorities are likely to handle it as a typical case, which will play a role in explaining and reasoning for the society. "We punish The ultimate goal of Xie XX is not only to punish individuals, but more importantly, to deter similar cyber violations through the handling of the case, and at the same time to spread the law to ordinary people.”
At the same time, Shan Yong also emphasized that although the perpetrators using the software are not involved in criminal offences under normal circumstances, they have disrupted public order and other violations of relevant administrative regulations. Using this software for the convenience of traffic may violate the "Public Security Management Penalty Law."
Improve verification methods to plug security loopholes
While many netizens condemned Xie Xie, they also expressed dissatisfaction with Google.
Previously, the Google Play application software store had stipulated that contact tracking applications that were publicly released must be issued by, commissioned by, or directly endorsed by official government entities. Such applications include those used for the purpose of responding to or mitigating the COVID-19 epidemic. All apps that track or monitor COVID-19 infected persons or contacts.
However, how did such an app with an obvious fake health code pass the review and put it on the shelves?
According to Shan Yong, “This kind of software is difficult to be put on the domestic application store or website platform. The State Cyberspace Administration of China, the Ministry of Industry and Information Technology, etc. have related regulations and stipulate platform responsibilities, which means that the platform is suspected of illegal or bad communication. The information software must be deleted in time, and the platform has this obligation."
At the same time, the software also revealed that there are still many loopholes in the health code verification link.
At present, whether it is going to public places such as supermarkets and restaurants, or taking transportation such as subways and high-speed rails, the verification of health codes is mostly done manually, which gives fraudsters and fraudsters an opportunity to take advantage of.
Run Leiming said that from the perspective of network security, there is still room for improvement in the security of the health code. “It is an electronic certificate. If an electronic certificate is to be secure, a very complex security mechanism must be designed to ensure that it is undeniable and unforgeable. ".
But Leiming also believes that from the current health code application scenarios, it is not necessary to upgrade the health code or switch to other means, and only need to improve the verification method to plug this loophole.
According to expert tips, the reporter used the Alipay mobile client to scan the health code of Jiangsu Province, and a prompt popped up immediately: If you are a staff member of the card gate, please use DingTalk to "scan" the health code of the person entering the card, check the health code and report the status .
Compared with the mobile phone scanning code, it is faster to use a code scanning handle similar to the supermarket cashier.
"Electronic vouchers are best verified by electronic testing methods. A hand-held scanner for more than 100 yuan can scan the authenticity of the health code. Technically speaking, it is not complicated, but it may greatly increase the difficulty and cost of administrative management. This requires comprehensive consideration by managers." Run Leiming said.