News Highlights:
- The cyberspace IDs are intended to protect citizens’ personal information, regulate authentication services, and support a trusted online identity strategy.
- A national service platform will authenticate and issue these IDs, which are currently proposed as voluntary.
- The proposal aims to prevent excessive data collection and retention by private companies, addressing concerns over corporate data leaks.
Beijing may soon issue Cyberspace IDs to its citizens, after floating a proposal for the scheme last Friday, according to a report by theregister.com.
Although the policy is only open for comments and not certain to be adopted, the IDs would serve to “protect citizens’ personal information, regulate the public service for authentication of cyberspace IDs, and accelerate the implementation of the trusted online identity strategy,” according to a notice posted by the State Council – China’s equivalent of a ministerial cabinet.
The ID will take two forms: one as a series of letters and numbers, and the other as an online credential. Both will correspond to the citizen’s real-life identity, but with no details in plaintext – presumably, encryption will be applied.
A government national service platform will be responsible for authenticating and issuing the cyberspace IDs, according to the news monitored by Digital TimesNG.
The draft comes from the Ministry of Public Security and the Cyberspace Administration of China (CAC). It clarifies that the ID will be voluntary – for now – and eliminate the need for citizens to provide their real-life personal information to internet service providers (ISPs). Those under the age of fourteen would need parental consent to apply.
China is one of the few countries in the world that requires citizens to use their real names on the internet. ISPs are required to collect the real names and ID numbers when customers sign up for services and, since 2017, social media sites like Weibo and WeChat must authenticate accounts with documents – including national ID.
Requiring real name registration makes it easier to identify those responsible for online harassment and the spread of misinformation, but also raises concerns over the stifling of free speech.
It’s also a chore for companies to acquire and retain the data.
Relying instead on a national ID means “the excessive collection and retention of citizens’ personal information by internet service providers will be prevented and minimized,” reasoned Beijing.
This is good news for anyone more afraid of a corporate data leak than state surveillance.
“Without the separate consent of a natural person, an internet platform may not process or provide relevant data and information to the outside without authorization, except as otherwise provided by laws and administrative regulations,” reads the draft.
But just because the data is in the hands of the government and not private companies does not mean a leak won’t occur – just ask the Unique Identification Authority of India (UIDAI).
The agency’s national biometric identification scheme, Aadhar, is used for a wide range of services, from accessing government subsidies and benefits to opening bank accounts and obtaining mobile connections. It also has suffered several breaches since it launched in 2010.
Notably, in 2023, 815 million Indians had their personal Aadhar information put up for sale on the dark web.
Japan’s national identification system, MyNumber card, has also faced criticism for privacy concerns and security issues. Last August, Japan’s digital minister, Taro Kono offered up three months’ salary as an apology for the digital ID’s data leaks.
The card had problems even getting off the ground, with records for 130,000 out of 55 million citizens linked to the wrong bank accounts.
