According to the "Report on the Development Trend of China's Information Consumption" released by the China Academy of Information and Communications Technology, the scale of mainland Netizens has continued to expand to more than one billion in terms of consumer groups. The "Report" also prompts vigilance against risks such as data security and personal information leakage. Since the implementation of the Personal Information Protection Law, public security organs in Gansu, Jiangsu and other places have cracked many cases of crimes of infringing on citizens' personal information.
The Public Security Bureau of Lingtai County, Gansu Province, recently smashed a criminal gang that bought and sold citizens' personal information online throughout the chain. Criminal suspects Yan xxx and Hu xxx used the business store to defraud user identity information and mobile phone numbers, and illegally registered various types of network accounts, which eventually fell into the hands of criminal gangs of "online number merchants".
Police found that there was also a criminal gang hidden behind the two suspects. From February to March this year, the task force moved to Chongqing, Sichuan, and Yunnan, arresting seven members of a criminal gang that infringed on citizens' personal information. Since 2019, the gang has set up a WeChat group to illegally buy and sell citizens' personal information, and they use the identity of communication business agents to give gifts, phone bills, etc. as bait, deceive users of personal information, register various network accounts, and sell them at a price of 3 yuan to 20 yuan per account, illegally profiting nearly 100,000 yuan.
Jiangsu police have also recently cracked down on a criminal gang that sells citizens' personal information. The gang mainly sells information about shareholders and students, who refer to personal information as "materials." "Shareholder material" includes the name of the stock speculator, mobile phone number, exchange and other information; "student material" includes the parent's name, telephone number, the child's school, etc. "Material" also breaks up the material and AI material. Hand-dialed materials are manually dialed to confirm authenticity and reliability. The AI material is the phone number randomly generated by the suspect through the software, and there is no other identity information.
After review, from 2018 to the present, the gang has sold more than 200,000 pieces of citizens' personal information, making a profit of more than 200,000 yuan.
According to the 49th Statistical Report on the Development of China's Internet Network by the China Internet Network Information Center, as of December 2021, 22.1% of netizens had experienced personal information leakage. The public security organs remind the general public not to click on or use links, websites, and mobile apps from unknown sources, let alone provide SMS verification codes to others, to prevent information leakage.
Some mobile apps monitor users in the background
With the implementation of the Personal Information Protection Law, there is already a law to strengthen the protection of personal information and refuse personal privacy to "run naked" on the Internet. However, many users still feel that they are under the surveillance of mobile apps. Many netizens have had this experience, looking at an item or entering a keyword on the Internet, they will soon receive relevant advertisements or information pushed by mobile apps. What's going on?
At a cybersecurity agency, technicians tested two mobile browsers with detection tools for collecting user information. The technician copied a simulated bank account password, and although the browser was not used at this time, the detection tool found the bank account password in a program called by the browser.
Network Security Engineer Lv Shikui: This app reads the bank card number and password we copied. The process it takes away is actually taken away in clear text, and it does not do the relevant encryption processing.
The technician then selected the phone number and SMS for the test on the mobile phone, and transferred the browser to the background to run, the content of these two operations was also read by the browser, including the product information browsed on the e-commerce platform was also fully recorded by the two tested browsers. One of these browsers is still able to record user behavior even when the process is closed.
Establish a "double list" to protect citizens' personal information
In order to allow users to clearly grasp the activities of mobile App calls and requests for personal information, the Ministry of Industry and Information Technology has previously proposed to establish a "double list" of personal information protection.
Experts pointed out that mobile apps will have activities such as invoking personal information and requesting permissions in the normal use process, and sensitive information such as locations and contacts need to be shared between different mobile apps, which increases the difficulty of supervision of personal information protection. In order to allow users to clearly grasp the sharing of personal information between mobile apps and third parties, the Ministry of Industry and Information Technology proposed to establish a "double list" for personal information protection, requiring relevant enterprises to establish a list of collected personal information and a list of personal information shared with third parties.
Ning Hua, director of the Information Security Department of the Thiel Terminal Laboratory of the China Academy of Information and Communications Technology: Enterprises are required to concisely and clearly list the "list of personal information shared by third parties" in the "secondary menu", including the types of personal information shared with third parties, the purpose of use, the use scenarios and the sharing methods.
Take multiple measures to rectify violations of the collection and use of personal information
In order to deal with the problems of App illegal collection and use of personal information and deception to induce users to provide personal information, the Ministry of Industry and Information Technology entrusted the China Academy of Information and Communications Technology to establish a working group on App user rights and interests protection standards in conjunction with the Internet, mobile terminals, telecom operators and other links of the industrial chain, and organized and formulated the "Minimum Necessary Assessment Specification for app collection and use of personal information" and "App User Rights protection evaluation specification" in accordance with the principles of "informed consent" and "minimum necessity", clarifying the testing requirements and methods. It provides a clearer regulatory basis for supervision.
The reporter learned from the Ministry of Industry and Information Technology that the first batch of major Internet companies have basically completed the setting of the "double list" of personal information protection at the end of last year. On a mobile app, the user can click on the menu to view the type of personal information that the app has collected, the purpose of use, the use scenario, and the personal information shared with third parties and the sharing method. Mobile terminal enterprises have also developed functions such as minimizing app permissions and recommending in accordance with the requirements of the Ministry of Industry and Information Technology, and actively regulate and restrict the excessive request for permissions for apps on mobile phones.
Telecom operators use the anti-tampering features of blockchain technology to track and prevent the risk of personal information leakage.
Warm, head of the information security center of telecom operators: We will put the data characteristics of the operation log on the blockchain to ensure that it cannot be tampered with, and at the same time periodically verify. If the log is tampered with, there is a problem. We will verify specific events in a risky manner.
It is understood that the Ministry of Industry and Information Technology has vigorously rectified violations of the rights and interests of users such as the collection and use of personal information in violation of regulations through the formulation of standards, technical inspections, special rectification, industry self-discipline and other measures. Last year, a total of 2.08 million apps were tested, 1549 illegal apps were notified, and 514 apps that refused to be rectified were removed from the shelves.
Source: CCTV Finance
Editor: Zeng Jiajia
Process Editor: Dan Guo