The information of Huazhu Group's 500 million customers is suspected to be leaked, and the price is 370,000 yuan on the dark web; SF Express information is suspected of being leaked 300 million yuan, and the price is also high; 445 million pieces of user data and 200G database information of a Swiss data management company are suspected to be leaked...
On September 18th, when Zuo Jian, director of Chengdu Kela Software Co., Ltd. showed this set of figures, he fell into deep thought on the spot. "These are only part of the vicious information leakage incident within a month." Each case reminds that the protection of personal information is imminent.
status quo Mobile APP
Hardest hit area
Where did personal information leak from?
Many interviewees pointed out that with the high popularity of smart phones, mobile phone APP software has become a "hardest hit area." With the large-scale transfer of Internet services to mobile terminals, coupled with the characteristics of mobile terminal users' high stickiness and high real-time online rate, various security threats have shifted to mobile terminals. "Malicious apps are one of the threats. This kind of apps are more prone to malicious deductions or privacy theft. They tend to have less impact on the operating speed of the system itself, are not easy to be detected, and cause a longer period of infringement on users." China Consumers Association recently The released "APP Personal Information Leakage Investigation Report" was frequently quoted in this forum. The report shows that 85.2% of the interviewees have experienced personal information leakage. "After personal information leakage, consumers are most worried about being used to engage in fraudulent and stealing activities, or to sell, exchange to third parties, or be promoted. Advertising harassment." Such concerns are not unreasonable. We have learned from the Provincial Public Security Department that in recent years, the detection of criminal cases of infringement of personal information by public security organs has been on the rise. Such cases generally show the characteristics of low illegal costs and high difficulty in tracing, and the methods of criminals are still escalating. Last year alone, the province filed and investigated 201 cases of Internet infringement of citizens' personal information, arrested 641 criminal suspects, and confiscated more than 25 billion pieces of personal information of citizens.
Internet security becomes
DilemmaData leakage has become a gray industrial chain
In fact, data leakage is not the responsibility of a certain company, but the result of the joint participation of multiple parties. Respondents said bluntly that in the era of big data, criminals are extremely eager for data, and user privacy and information have become "commodities" sold underground, forming a gray industrial chain. And this information is used by criminals for network fraud, futures, stock promotion and other activities, becoming an industrial chain.
Enterprises are also playing the "side ball." "Relevant companies respond passively to supervision, lack of initiative, and it is difficult to contain related crimes driven by interests." The head of the First Research Institute of the Ministry of Public Security said that these companies often request and store a large amount of personal information, which increases the possibility of information leakage.
Zhou Haiyong, head of the Haiyu Network Security Technology Research Institute, believes that the natural data concentration, ecological openness, open source components of the big data platform, and the emphasis on business and light security on the big data platform itself will bring a series of security problems, "including access control mechanisms." Inadequate, sensitive data tracking, identification, management and control difficulties, as well as insufficient data security audit mechanism in the data use link, etc.
Indispensable for administrative supervision
Information protection is a matter of national security, and it is no longer enough to rely solely on the company's own technology and industry self-discipline. According to the person in charge of the Third Research Institute of the Ministry of Public Security, the European Union has seized the right to formulate global data protection rules through high-standard personal data protection regulations, while the United States has promoted the CLOUD Act in order to obtain more data benefits in the global field. China s personal information protection law, improve the cross-border data flow system, and focus on strengthening content supervision." The action has already begun. Recently, the "Personal Information Security Regulations" has been included in the draft law submitted for deliberation in the "Legislative Plan of the 13th National People's Congress Standing Committee", which has aroused heated discussions among netizens. As one of the drafters of the "Specifications", in Zhou Haiyong's view, it is necessary to combine technology and administrative means. "For example, the network real-name system is not realized through narrow names + citizen ID numbers, but through technical means Anonymity, essentially real name. The entire process does not directly involve personal information, but can accurately and reliably associate the real identity of the user."