Resume privacy is clearly marked and face data is transmitted in plain text
How to solve the personal information protection dilemma
As long as you pay a fee to the website, you can get your resume without asking the applicant’s consent; it looks like an app used to clean up mobile phone trash, but it keeps reading user information behind the scenes; with thousands of stores Well-known merchants used cameras to capture the faces of customers and automatically generated numbers... At this year's CCTV 3.15 party, many companies were exposed for profiting from citizens' personal information.
With the in-depth integration of informatization and economic society, the use of personal information to infringe the lives of the people is not uncommon, and various illegal and criminal activities such as telecommunication fraud that breed from this have intensified.
Why is the chaos in the field of personal information protection hard to stop?
How to protect our privacy in the digital age?
How will the legislative level respond to social concerns?
Personal information leaks occur frequently, and medical, online shopping, real estate, education and other fields have become hardest hit areas
In a QQ group called "58 Zhilian Fans", you can buy a job applicant's resume on the Zhaolian recruitment platform for only 7 yuan. The information is all available... At the CCTV 3.15 evening party, Zhaolian Recruitment The details of user resumes flowing into the "black market" were disclosed one by one.
According to the seller, you can easily get a large number of resumes by registering an account on Zhaopin Recruitment and paying a fee. "Personal accounts are not good, they must be corporate accounts."
In actual operation, the download price of the resume is divided into three levels according to the qualifications, work experience, salary level and other conditions of the job applicant, which are 40 yuan, 60 yuan and 100 yuan.
As long as the corporate account pays to apply for membership, you can download the complete resume of job applicants without limitation. When registering a corporate account, even fake qualification applications can be passed smoothly.
After downloading and purchasing resumes by means of the above methods, criminals can obtain detailed personal information of citizens, thereby implementing precise fraud.
In the related cases uncovered by the police in recent years, there was a suspect who stored more than 7 million resumes of job applicants on the hard drive.
The reporter combed and found that in the past year, similar personal information leakage incidents have occurred frequently, and fields such as medical care, online shopping, real estate, and education involving massive amounts of user information have become the hardest hit areas.
In July 2020, internal employees of a courier company colluded with external criminals and used employee accounts and third-party illegal tools to steal waybill information, resulting in the leakage of 400,000 pieces of user personal information, of which approximately 45,000 pieces of effective information were effective. The information was packaged and sold at a price of 1 yuan each to areas with high incidence of telecommunications fraud.
"In this era, everyone's personal information is at great risk." Zhou Hanhua, deputy director of the Institute of Law of the Chinese Academy of Social Sciences, said that the leaked courier information not only includes the address, name, and address of the sender and recipient. Telephone calls also involve ID numbers and user preferences. Once this information is applied to big data analysis, it may become a profit-making method for criminals. "Express delivery information has always been a place where criminals and criminals have been watching more closely."
In addition, in the extraordinary period when the new crown pneumonia epidemic is sweeping the world, the frequent application of big data technology has also increased the risk of personal information leakage.
Previously, a list of people entering and leaving a hospital had been published to multiple WeChat groups, involving the ID numbers, residential addresses, and types of medical treatments of more than 6,000 people.
Some netizens reported that, “Some friends around me have been harassed by phone because they have been to the hospital and isolated at home, and they were rumored to have contracted new coronary pneumonia.”
The security boundary of biometric information collection and use is blurred, and "ten steps and one face" raises concerns about technology abuse
In addition to physical information such as phone numbers and addresses, with the development of digital technology, biological information such as faces, fingerprints, and irises is becoming another "high-risk zone" for privacy leakage.
Take, for example, the installation of face recognition cameras in Kohler Bathroom, which was exposed at the CCTV 3.15 party. The company has thousands of stores across the country. As long as consumers walk into one of the stores, they will be captured by the camera without their knowledge. And automatically generate ID number.
A retail sales director of Kohler Sanitary Ware said that after the number is generated, the consumer enters other stores, and the system will prompt the store staff, "How to receive him, how to make a quotation, there is a psychological preparation."
It is understood that the face recognition camera used by Kohler Sanitary Ware was provided by Suzhou Wandianzhang Network Technology Co., Ltd.
In terms of recognition rate, the staff of Wandianzhang said that wearing a mask can reach 80%-85%, and it can reach more than 95% without a mask.
The person in charge of the company, Manager Xue, said that the face data collected by various companies can be seen on the total account of Wandianzhang, "it must be hundreds of millions now."
In the digital age, biometric information such as human faces and fingerprints is widely used in banking, mobile payment, station ticket inspection and other fields. While obtaining convenient experience, the fuzzy security boundary has also triggered the public’s "ten steps and one face". One hidden worry about the status quo.
According to the "Public Research Report on Facial Recognition Applications (2020)" issued by the APP Special Governance Working Group established by the National Information Security Standardization Technical Committee and other organizations, among more than 20,000 interviewees, 60% believe that facial recognition technology has abused Trends, 30% of respondents said they have suffered privacy or property losses due to the leakage or abuse of facial information.
"Face information is transmitted in plaintext, and it will be uploaded repeatedly every time you swipe your face to unlock it. It is easy to leak, and the recognition reliability is poor. It can be easily cracked by using a photo retake." He Yanzhe, Director of the Review Department of the Information Security Research Center of China Electronics Standardization Institute It was pointed out that the security risks in mobile apps should also not be ignored. “In the APP privacy policy, there is no description of the rules for the collection and use of sensitive personal biometric information such as facial information, and users cannot delete them through the logout mechanism.”
Tan Jianfeng, chairman of the Shanghai Information Security Industry Association, said that personal biometric data is unique and non-renewable. Once stolen, it cannot be recovered and changed, which will bring great and irreversible risks to personal privacy protection.
The responsible subject’s internal supervision has failed, the judicial remedy channels are not smooth, and multiple reasons have caused chaos in the field of personal information security.
Excessive collection, random use, illegal stealing, open trafficking... What are the underlying reasons behind a series of personal information security chaos?
The reporter combed and found that, from government functional departments to private enterprises, the subjects that can access citizens' personal information are diverse and extensive, but there have been varying degrees of regulatory failure at many gates.
As far as state agencies are concerned, the collection of citizens’ personal information is out of public interest and social management needs. However, some departments have loopholes in the management system, and the related staff do not perform their duties properly, resulting in irregular storage and random sharing. It happened.
What's more, they use their positions to provide the citizens' personal information in their hands to others for profit.
"How the public authority manages the personal information in its hands and how to restrict it is an inevitable issue." said Zhou Guangquan, a special inspector of the State Supervision Commission and a professor at Tsinghua University Law School.
From a corporate perspective, some companies with a weak sense of social responsibility put commercial interests above social interests and are unwilling to perform personal information and data-related responsibilities, and some even use loopholes to collect personal information in violation of regulations.
The reporter learned from the Ministry of Industry and Information Technology that as of March 12, there are still 117 apps that involve illegal collection or use of personal information that have not yet been rectified.
"User agreements and service terms provided by network service providers are usually not directly displayed and are lengthy and cumbersome. Important terms such as the scope of personal information collection, retention time limit, and processing methods are difficult to identify and unreasonable. In this case, the user makes a consent decision The authenticity and voluntariness of the NPC are greatly reduced." said Liu Xiuwen, a member of the Standing Committee of the National People's Congress.
In terms of external attacks, in the past 20 years, the protection of citizens’ personal information rights in the Chinese legal system has been fragmented for a long time. Related clauses are scattered in some laws, regulations and normative documents, and some clauses conflict with each other. The situation has led to problems such as difficulty in unifying standards for identification, management, and punishment, unclear authority and responsibilities of law enforcement agencies, and unsmooth judicial relief channels.
Comprehensively strengthen the legal protection of personal information and promote the resolution of pain points and difficult problems
Improving relevant data standards and regulations as soon as possible and advancing relevant legislative work is an objective requirement to further strengthen the legal protection of personal information protection, and it is also a practical need to maintain a good ecology in cyberspace.
On January 1, 2021, the "Civil Code of the People's Republic of China" was formally implemented.
The reporter noticed that the "Civil Code" separates personality rights into a separate chapter, and uses the "Privacy Rights and Personal Information Protection" chapter to define privacy and personal information, protection principles, legal responsibilities, subject rights, information processing and other issues. Make provisions.
Many experts said that the "Civil Code" provides detailed regulations on the protection of personal information from the perspective of the Civil Basic Law, which is groundbreaking and will help solve the pain points and difficult problems from the legal level.
In response to the previous vague definition of the concept of personal information, Article 1034 of the Civil Code clarified that personal information is a variety of information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information, including the name and birth of a natural person Date, ID number, biometric information, address, phone number, email address, health information, whereabouts information, etc.
Liu Junhai, a professor at the School of Law of Renmin University of China, said that “precise portraits” of personal information are the basis for protecting the rights of natural persons and curbing information infringement, while regulating the collection and processing of personal information is the key to protection. Article 1035 clarifies the principles that should be followed in the processing of personal information: legal, proper, and necessary, and must not be excessively processed, and must meet 4 specific conditions such as obtaining the consent of the natural person or his guardian."
It is worth noting that although the "Civil Code" has outlined a basic personal information protection framework, its main focus is on legal remedies after infringements. To further enhance the system and pertinence of legal norms, it is still necessary to Special legislation is carried out for the protection of personal information.
"To formulate a special personal information protection law is not simply to add a law, but to solve the current problems, and also to consider the changes in the way of informed consent brought about by the development of new technologies in the future." Zhou Guangquan told reporters that the Japanese prerequisites The "Personal Information Protection Law (Draft)" reviewed by the Standing Committee of the National People's Congress regulates prominent issues in the digital age from a legislative perspective. "For example, platforms cannot only push personalized information and advertisements to users; collected personal images, personal Identity characteristic information can only be necessary to maintain public safety, and may not be disclosed or provided to others, etc."
At the same time, the "Personal Information Protection Law (Draft)" stipulates that companies can be fined less than 50 million yuan or less than 5% of the previous year's turnover for related violations.
"Improving the cost of violations and delimiting the red line of severe punishment will help better protect the security of citizens' personal information." Zhou Guangquan said.
There is a long way to go to protect personal information, and multiple parties need to work together to break through the obstruction and form a situation of coordinated and co-governance
Although relevant work is progressing steadily, the road to personal information protection still has a long way to go.
Chen Sixi, a member of the Standing Committee of the National People's Congress, said that some concepts in the "Personal Information Protection Law (Draft)" are still relatively vague and may cause difficulties in implementation. "How to distinguish between the collection and protection of public information and undisclosed information? Whether the purpose of collecting information is for personal use or sale, temporary storage or long-term storage, these relationships must be clarified and regulated in different categories before the law is feasible."
On the other hand, how to find a balance between the protection of citizens' rights and the development of the digital economy is another difficult problem facing the protection of personal information.
"The relationship between the two is dialectical. Enterprises cannot ignore the protection of citizens' personal information because they pursue the core asset of big data. Similarly, they cannot one-sidedly emphasize the protection of personal information and blindly suppress the enthusiasm and creativity of enterprises in the development of big data. "Liu Junhai said.
Liu Xiaochun, executive director of the Internet Rule of Law Research Center of the University of Chinese Academy of Social Sciences, believes that the rule design of the Personal Information Protection Law will have a very profound impact on the development of industry, economy and society. “I hope this law can fully protect the security of personal information. At the same time, some room for innovation is reserved for the development and application of specific rules, especially for the development of future industries, to achieve win-win results in a dynamic process."
As far as the supervisory department is concerned, it is still necessary to further strengthen the crackdown on illegal and criminal activities that infringe on citizens' personal information, and continue to form a high-pressure situation.
Since last year, public security organs across the country have deeply promoted the "Net Net 2020" special operation. As of December 20 last year, more than 3,100 criminal cases of infringement of citizens' personal information have been investigated.
In response to violations such as "APP illegally collecting personal information of the elderly" exposed by the CCTV 3.15 party, the Ministry of Industry and Information Technology immediately organized technical inspections and carried out severe investigations.
Similar crackdowns will help compress the criminal space that infringes on citizens’ personal information and better maintain the order of cyberspace.
In addition to strengthening legislation and intensifying crackdowns, to protect personal information security, it is also necessary to move forward to prevent it, consolidate the main responsibility of information collection parties such as state agencies, enterprises, and network entities, and urge to strengthen internal supervision and self-discipline, and use anti-theft protection. , Anti-tampering and other technical means to build a "firewall", effectively solve the problems of misuse of personal information, ineffective management of personal information and data, and promote the formation of a collaborative and co-governance situation.
(Our reporter Zuo Handi Huang Qiuxia)