Cyberspace ID will replace China’s ‘real name’ approach to digital ID with a tokenised credential and a string of digits. This is a big deal, says Tim Green, MEF’s programme director for ID and data.
This week, on July 15, the Chinese government rolls out its Cyberspace ID system. The scheme will reduce friction, boost privacy, prevent online fraud and reduce the data-gathering burden on service providers.
Alternatively…
This week, the Chinese government rolls out its Cyberspace ID system. The scheme will put an end to online anonymity and lead to an increase in surveillance. The authorities will use it to block dissent and punish ‘anti-social’ behaviour. And, as a centralised system, Cyberspace ID will be highly vulnerable to cyber theft.
Or maybe a bit of both.
Either way, Cyberspace ID is a big moment for those of us tracking the evolution of digital identity. For years, we have talked about a credential-based centralised approach to ID. There have been a few launches. Now, here’s one for a country with a billion internet users.
For now, the system is voluntary. As of June, a reported 16 million people had downloaded the official app used to issue and authenticate Cyberspace IDs. 81 apps that were part of the trial phase, including big names like WeChat and Taobao. The government insists that the system will preserve privacy since service providers will no longer have to collect plain text information. “
But let’s take a step back. If you don’t know much about Cyberspace ID, here’s a bit of history.
Since 2009, China has mandated a ‘real-name’ approach to digital ID. It compelled service providers (retailers, messaging apps, public services etc) to register users with real-name information – or some proxy for it such as a phone number.
However, last summer Ministry of Public Security and the Cyberspace Administration of China decided a new approach was needed – one that hid a user’s real ID behind a randomised string of symbols.
The result was Cyberspace ID. To enrol, a user has to download a government app, enter their national ID and submit to a facial recognition scan. They are then issued with two things:
Network ID Number
This is a combination of letters and numbers linked to individual’s real-name information.
Network ID Certificate
A unique digital credential that carries the Network ID Number and the individual’s non-explicit real-name information.
For now, the system is voluntary. As of June, a reported 16 million people had downloaded the official app used to issue and authenticate Cyberspace IDs. 81 apps that were part of the trial phase, including big names like WeChat and Taobao. The government insists that the system will preserve privacy since service providers will no longer have to collect plain text information.
It says the national internet ID will reduce “the excessive collection and retention of citizens’ personal information by internet platforms on the grounds of implementing real-name registration.”
This is almost certainly true. It’s one of the great benefits of an encrypted digital ID system. But the potential flipside is obvious.
The Chinese communist party already processes huge quantities of data from its network of facial-recognition cameras, drones, and digital platforms. It uses this to operate a social credit system, which punishes perceived violations.
Cyberspace ID will boost its ability to control citizens. Currently, a Chinese internet user blocked on one platform should still be able to access others. But if every online account is linked to a single ID number, the government could shut off all access.
Human rights organisations are understandably worried. In fact, reports say critics such as Tsinghua University law professor Lao Dongyan have already been muted on Chinese social media.
Away from ethical issues, centralised systems like Cyberspace ID also increase the risk of cyber theft. Just because the data is in the hands of the government does not mean a leak won’t occur. Look at India. In 2018, hackers breached Aadhaar, the world’s most extensive biometric ID system. They stole the Protected Personal Information (PPI) of 815 million citizens.
Needless to say, only time will reveal the true impact of Cyberspace ID. But it certainly provides another big test case for a system of centralised ID based on encrypted tokens.
Find out more about the themes discussed –Â Join the MEF ID & Data Interest Group.
