Submit your resume at the company? You may have been spotted

Source: China Newsweekly (ID: chinanewsweekly)

Author: Meng Qian

After a netizen recently exposed his story of "front foot to throw a resume, the back foot was laid off", it triggered a hot discussion among netizens: "It turns out that you want to go, the leaders all know" "After updating the resume, Hr looked at my eyes and was not right, the reason was found"... As a result, a magical "departure tendency analysis" system surfaced.

A stone stirred up thousands of waves, and the three words "deeply believed" also appeared in the public eye, which is an established IT company with a history of more than 20 years of development, and its official website shows that it sells a "behavior perception system" that can analyze the tendency to leave, and has now been removed. Companies questioned for using the system have publicly denied it, saying the behavior deviates from its values.

On November 1, 2021, the Personal Information Protection Law of the People's Republic of China came into effect. At the legal level, the information of Internet users is more and more secure, and the public's awareness of personal information protection is increasing, but in practice, finding a balance between data processors and users may be the next problem to be solved.

"Resignation tendencies" and "fishing" cannot escape monitoring

Just after the Spring Festival, on the first day of construction, some netizens were cut. After the leader scolded his face, he found that his resume was monitored when he went to work, which led to the "departure tendency analysis" system.

A background picture circulating online shows that the system can view the details of employees with a tendency to leave, such as an employee visiting a job search website 23 times, submitting a resume 9 times, and 254 chat records with keywords.

According to public reports, the interface disclosed in a product called "Behavior Perception System BA" on the official website of The Service is highly similar to the online transmission page, which is officially described as "another major subversive innovation in Internet behavior management", mainly based on the massive Internet logs of Internet behavior management, in-depth modeling and analysis of user behavior characteristics, and continuous mining of data value.

The system can also list employees with separation tendencies and label them at the level of "high risk, suspect and suspicious", so every employee who wants to "ride a donkey to find a horse" during working hours may be clearly seen by the system. What is the role of the "departure tendency analysis"? The official introduction is: "to solve the risk of leakage and job vacancy caused by the departure of employees".

In his response to the media, Jiang Wenguang, secretary of the board of directors of the company, confirmed that "analysis of the tendency to leave" is a function of the system. He also said it was the customer's own behavior, and that the system only monitored office computers and the company's internal network, not employee behavior on the Internet.

In addition, the system can not only analyze the tendency to leave, but also analyze the employee's slack, and the "fishing" behavior of employees such as shopping, chatting and playing games during working hours is under the control of the company. Through traffic analysis, the list of departments and employees with the most serious slack can be monitored.

In specific cooperation cases, We have demonstrated the use of the system with Everbright Bank Shenzhen Branch, Sina and East China Normal University. At present, the above content has been removed from the shelves.

On the Chinese government's purchase service information platform, two relevant procurement announcements can be found in the past year, one is the "State Administration of Taxation Nantong Municipal Taxation Bureau Intranet Traffic and Behavior Analysis Equipment Electronic Store Procurement Project Transaction Announcement", showing that the transaction amount of the service behavior perception system is 318,000 yuan, the project to enhance network security management capabilities, strengthen intranet behavior and traffic control. The other is the "Announcement of the Bidding project of the Important Information System Security Level Protection and Reinforcement Project of Ningxia Construction Vocational and Technical College", which is believed that the system has also won the bid, and the transaction amount is 102,000 yuan.

A person close to the service told China News Weekly that the product is mainly aimed at governments, schools and enterprises, but according to his understanding, the price of this product is not cheap, for the average unit and enterprise, the burden is not small, so it often appears in larger organizations.

The R&D company behind it is convinced to be mired in controversy

In May 2018, XinxinFun was listed on the Shenzhen Stock Exchange, with a current market value of more than 60 billion yuan and more than 7,000 employees, providing products and services for network security, cloud computing, IT infrastructure and the Internet of Things.

According to the financial report, the behavior management products of the whole network of convinced services have continued to maintain the first domestic market share in the category of security content management for 12 consecutive years from 2009 to 2020, and the domestic market share in the first quarter of 2021 continued to rank first.

Industry insiders revealed that Convinced that the service is located in the first echelon of the domestic network security market, and the Internet behavior management products are not new, it can be said that they are "old" products.

When combing the product context of the above-mentioned people close to the service, they said that in order to keep data from being transmitted and the network permissions separated, the Internet behavior management system came into being, which collects data through the underlying hardware for traffic monitoring. The behavior perception system is further processed and analyzed to form a report after collecting data, which is an upgraded product to some extent. Monitoring employees' "fish-touching behavior" and "tendency to leave" in the behavior perception system is a "featured function".

According to public information, in 2018, XinxinFu applied for "a method, device, device and storage medium for monitoring the working status of employees", and this patent is inseparable from the analysis of employee work efficiency.

Liu Quan, director of CCID Network Security Research Institute, pointed out that the predecessor of the Internet behavior management product is the traffic management and leakage traceability product, and its initial main function is for risk prevention and emergency response, which belong to the scope of network security business. On the one hand, internet behavior management products are inherited from the above network security products, and on the other hand, they can be used by enterprises to monitor internal violations, so network security companies also carry out such business. At present, many large organizations will configure such tools in computers and internal networks, and the market demand is relatively large.

However, in the past two years, the financial situation of Convinced Service cannot be called ideal, and the 2021 interim report shows that the company's main revenue was 2.586 billion yuan, up 48.26% year-on-year; the net profit attributable to the mother was -132.9544 million yuan, down 5.81% year-on-year. On January 25, 2021, Convinced Service released its 2021 annual performance forecast, saying that its expected revenue is about 6.707 billion yuan to 6.816 billion yuan, an increase of 22.87% to 24.87% year-on-year; its net profit attributable to shareholders of listed companies fell by 61.82% to 70.22% year-on-year, about 241 million yuan to 309 million yuan.

For the sharp decline in net profit, Convinced Service explained that one is that the growth rate of operating income is slower, and there is a gap between network security products and solutions from truly meeting the real needs of the industry's customer base; second, the investment is further increased, and the expenses such as research and development and marketing are growing rapidly; the third is the decline in the overall gross profit margin. In addition, the tight global chip supply has led to higher hardware procurement costs.

Yuan Bo, a senior communications engineer, told China News Weekly that this kind of online behavior management system is very common, and it can only enter the market after obtaining a sales license. Companies such as Qianxin, Tianrongxin and 360 have similar products, the industry has room for development, the government and enterprises pay more attention to network security, more and more players enter this field, and the competition is becoming more and more fierce. Inevitably, the conviction will be shocked.

Where are the boundaries of personal privacy?

According to the China Academy of Information and Communications Technology's "White Paper on China's Network Security Industry", the scale of China's network security industry will reach 172.9 billion yuan in 2020 and is expected to reach 200.2 billion yuan in 2021.

Industry insiders pointed out that the current network security market is growing rapidly, but it is also becoming more and more "volume", and this "departure tendency analysis" is a manifestation. In its earnings report, I believe that "the network security business has not built an overall advantage that is clearly ahead of its peers." In order to compete, in the absence of technical advantages, enterprises can only make the system more and more detailed.

In response to the recent "departure tendency analysis" incident, people close to the service believe that the service is only doing the collection of data and data analysis, as to how to use this resource and results, it is the company that uses the system itself. I am convinced that obedience has no right to ask questions.

Chen Wenming, director of Zhejiang Xiaode Law Firm, told China News Weekly that the system of monitoring employees on the Internet believes that there is no direct evidence of service support for construction. If you are convinced that the service provides technical support, it is not necessarily a direct infringement, and if the enterprise clearly informs the employees, it is not illegal to monitor. However, if Convinced Service knows that the company secretly monitors the privacy of employees and still provides technical support, then Company Service may have joint infringement.

Previously, after the statistical investigation of non-work traffic information by Gome headquarters, it was found that some employees occupied the company's public network resources to engage in work-related matters, playing computer games, chatting online, etc. when working. According to the regulations, Gome notified 11 employees who "touched the fish" and punished them accordingly. At that time, the incident also triggered a crowd of netizens, and some people questioned whether Gome infringed on the personal privacy of employees.

Liu Quan said that Article 8 of the Labor Contract Law stipulates that the employer has the right to know the relevant information of the employee and the labor contract, and the employer obtains the personal information of the employee within the statutory scope, which is legally legitimate. However, while obtaining the above information, employers should also comply with the relevant provisions of the Civil Code, the Personal Information Protection Law, and the Data Security Law on personal information and data. However, since the boundaries have not yet been defined, there may be certain conflicts in actual implementation.

He said that the use of data security technology by enterprises for employee departure analysis and dismissal may infringe on the interests of employees, which is undoubtedly a misinterpretation of the Data Security Law and a manifestation of unclear understanding of legal boundaries. Enterprises should establish reasonable technical means for legitimate authority and should not infringe on other legal interests.

In this incident, the agreement between the company and employees on the protection of personal information is not clear at present. Liu Chunquan, a partner at Duan he Duan Law Firm, said that the incident was complicated, and the enterprise should formulate rules and regulations and inform employees through legal procedures in accordance with the labor law. With its consent, the employee's working computer behavior during working hours can be monitored to a reasonable extent, and enterprises like Xinxinfu must carry out compliant design in accordance with the Cybersecurity Law and the Personal Information Protection Law and other laws and regulations to develop related products, otherwise once the infringement, the purchasing and using units and the development unit may not be able to escape legal responsibility.

In the past two years, it is not uncommon for software, platforms, and enterprises to use big data to infringe on the interests of users, and people are very sensitive to personal privacy incidents. Citizens' awareness of privacy protection is also awakening.

Liu Quan pointed out that from the perspective of interests, awareness, and technical capabilities, data processors still need to make progress in their understanding. The fundamental way to solve this problem lies in balancing the relationship between data processors and users, further regulating unequal parties, paying attention to equal relations under the planning of the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law, and strengthening management through reasonable needs and previous authorizations; and incorporating data processing norms into the technical framework, urging data processors to assume equal responsibilities with their rights, and gradually moving data governance behavior forward.

Duty Editor: Wang Lin