Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label China Government. Show all posts
Technology
China China Government Digital ID digital identification technology Digital Identity Digital system Technology

China’s National Digital ID System Trials Begin Across 80 Internet Service Applications

 

China has initiated trials for its new national digital identification system across more than 80 internet service applications. This move follows the release of draft rules on July 26, with a public review and comment period open until August 25. The proposed system marks a significant step toward enhancing digital security and privacy for Chinese internet users. Internet users can now apply for their national digital ID by logging onto a mobile app called National Web Identification Pilot Version, developed by China’s Ministry of Public Security (MPS). 

This digital ID, which displays the user’s name, a “web number,” and a QR code, requires users to complete several verification steps, including national ID card verification and facial recognition. The digital ID can currently be used on 81 different applications, encompassing 10 public service platforms and 71 commercial apps. Notable platforms participating in the trial include the popular social media provider WeChat, the online shopping service Taobao, and the online recruitment platform Zhaopin. This broad implementation aims to test the ID’s functionality across a diverse range of services, highlighting its potential to streamline user identification and enhance security across various online activities. 

The proposed digital ID, detailed in a draft provision released by the MPS and the Cyberspace Administration of China (CAC), aims to reduce the amount of personal information that internet platforms can collect from their users. The draft rules state that applying for the digital ID is voluntary, offering users the choice to opt-in to this new system. This initiative is part of a broader effort to address privacy concerns and reduce the risk of data leaks, which have been exacerbated by the misuse of the current real-name registration system by some internet platforms. The current real-name registration system has allowed internet platforms to accumulate excessive amounts of personal information, leading to heightened privacy risks. The proposed digital ID system seeks to mitigate these risks by limiting the data collected by platforms. 

By requiring only essential information for verification, the digital ID aims to provide a more secure and privacy-conscious way for users to interact online. In addition to improving privacy, the digital ID system also promises to enhance convenience for users. With a single digital ID, users can seamlessly access multiple services without repeatedly providing personal information. This streamlined process not only simplifies the user experience but also reduces the opportunities for data to be misused or leaked. The trial of the national digital ID system represents a significant step towards addressing privacy issues while streamlining the process of user identification online. By implementing a digital ID, China aims to create a more secure and privacy-conscious internet environment for its users. 

This initiative reflects a growing recognition of the need for robust digital security measures in an increasingly interconnected world. As the public review and comment period progresses, feedback from users and stakeholders will be crucial in refining the digital ID system. The insights gained from this trial will help shape the final implementation, ensuring that the system effectively balances security, privacy, and user convenience. China’s commitment to enhancing digital security and privacy through this national digital ID system sets a precedent that could influence similar initiatives worldwide.
Read more »
Security incidents
China China Government China's MIIT Color-coded contingency plan Cyber Security MIIT Security incidents

China’s MIIT Proposes Color-coded Contingency Plan for Security Incidents


On Friday, China proposed a four-tier classification system, in an effort to address data security incidents, underscoring concerns of Beijing in regards to the widespread data leaks and hacking incidents in the country. 

This emergency plan comes when the country is facing increased geopolitical tensions with the United States and its allies and follows an incident last year where a threat actor claimed to have gained access to a massive amount of personal data belonging to over a billion Chinese individuals from the Shanghai police.  

China’s Ministry of Industry and Information Technology (MIIT) released a detailed document outlining the procedures that local governments and businesses should follow in evaluating and handling issues of data leaks.  

The plan, which is currently seeking public input, suggests a four-tiered, colour-coded system based on the extent of harm done to the economy, a company’s online and information network, or the running of the economy. 

As per the plan, data breach incidents that involve losses worth a billion yuan ($141 million) or more, and affect the "sensitive" information of over 10 million people will be classified as "especially grave". These will be incidents that must issue a red warning, according to the plan.

MIIT released a 25-page document, where it classified all instances of data being unlawfully accessed, leaked, destroyed, or altered into four hierarchical tiers, based on the extent and severity of the harm inflicted. The classification is as follows: 

  • Red (“especially significant”): This level signifies that the disturbance and shutdown of operations lasted for more than 24 hours, with economic loss of more than 1 billion yuan, or the personal data of more than 100 million people being compromised, or sensitive data of more than 10 million people.
  • Orange (“significant”): This suggests that the interruption lasted for more than 12 hours, with a financial loss between 100 million and 1 billion, or the compromise of personal data of over 10 million people, or sensitive data of more than 1 million people.
  • Yellow (“Yellow”): It implies that the interference lasted for more than 8 hours, with an economic loss ranging between 50 million yuan and 100 million yuan, or affected the personal information of over 1 million people, or sensitive data of more than 100,000 people.
  • Blue (“General”): Incidents involved in this category are comparatively minor, with interruption lasting less than eight hours, with financial compromise of less than 50 million yuan, or affected personal data of less than 1 million people, or sensitive data of less than 100,000 people.

The plan stipulates, among other things, that in the event of red or orange warnings, the concerned companies and the local regulatory authorities shall set up a 24-hour work schedule to handle the situation and notify MIIT of the data breach within 10 minutes of the incident occurring.

A statement by MIIT reads, "If the incident is judged to be grave... it should be immediately reported to the local industry regulatory department, no late reporting, false reporting, concealment or omission of reporting is allowed.”  

Read more »
Subscribe to: Posts (Atom)