Publish on 2024-09-22

New Digital ID proposal of China – A nail in the coffin for user privacy and online anonymity?

བོད་ཡིག་ནང་ཀློག་

“Technology is a useful servant but a dangerous master.”

~ Christian Lous Lange

In the rampant age of diverse national interests compounded with exceeding technological revolutions, the communist regime of China has become a forefront in exploiting digital technologies to control, monitor and suppress the rights of its citizens and ethnic minorities. Sophisticated censorship and surveillance tactics have become a bread and butter for the CCP to protect its geopolitical agenda and enhance its digital authoritarian endeavors.

Back in 2012, the Standing Committee of the National People’s Congress (NPC) of China adopted the decision to promote the ‘Real name registration system’ as a national initiative to “strengthen the protection of internet information”. Under this system, Internet service and content providers in China are required to collect user’s real names, ID numbers, and other information when providing internet services. Fast forward to 2017, the Cyberspace Administration of China effectively imposed the real name registration system under China’s new Cybersecurity Law on all internet services in China. This law has strategically wiped out the online anonymity of internet users, while simultaneously granting the government an upper hand to monitor, control and suppress them. Although the internet for all the right reasons, has globally evolved into a privacy friendly space, such laws limit the freedom of its users and service providers in China out of fear of reprisals.

On 26th July 2024, China under its Ministry of Public Security (MPS) and Cyberspace Administration of China (CAC) proposed a nationwide roll out of digital IDs. Under the pretext to “Strengthen the protection of personal information”, this draft provision claims to prevent misuse of pre-existing real-name registration systems by internet platforms and other commercial entities to curb privacy concerns and risk of potential data leaks. This new Digital ID system claims to be a voluntary program for its users which adds another layer of online identity by replacing their real names and phone numbers used for registration on internet platforms. This draft provision was open for public comment and feedback until 25th August, 2024. Those individuals who wish to obtain a digital ID early can apply through the National Web Identification Pilot Version app, which is developed by the Ministry of Public Security (MPS). As per the report by Ciaxing Global, a Chinese media group based in Beijing, the registration process requires verification of identity documents based on a national ID card matched against their facial biometric data. Once a mobile phone audit is completed and a password has been created, an online number and a digital certificate will be issued. For the initial roll out and feedback phase, users can try out the digital ID on 81 apps which consists of 10 public service platforms and 71 commercial apps. Some of the popular Chinese apps available for digital ID tests are WeChat, online shopping service Taobao and online recruitment platform Zhaopin.

Despite the government’s claim of pushing Digital IDs to protect the personal data of internet users from commercial entities, many experts don’t agree with the narrative. Academicians, researchers and lawyers believe that the claim of this digital ID program is a facade used by the government to regain more rigid and centralized control of individual or collective expressions online. Lao Dongyan, a criminal law professor at Tsinghua University, wrote on Weibo that the proposed system is similar to “installing a monitor for everyone’s online behavior, with all online traces such as one’s internet search history easily collected.” Her Weibo account has been banned eversince her criticism against the digital ID system. Wang Cailiang, a lawyer from Beijing posted on Weibo, “My opinion is short: I am not in favor of this. Please leave a little room for citizens’ privacy.” Jeremy Daum, a senior fellow at the Yale Law School Paul Tsai China Center said Chinese people would be more cautious of such a system following similar use of health codes which was an online identification system used by the government during the pandemic, to record and control citizens’ movement in order to contain the virus.

On a societal and national level, this new digital ID program is yet another addition to China’s pre-existing use of technology and biometric surveillance against their citizens and oppressed minorities including Uyghurs and Tibetans. In times where the global market’s focus towards user privacy and security in technology sectors are on the rise, such vague digital IDs could pose huge challenges for Chinese technological entities to collaborate with the global technological market and align with pre-existing international security standards. It is very crucial to remember that using such free and popular internet services always comes at the cost of our personal data and security. From a cybersecurity perspective, individuals should exercise great caution in the digital sphere to prevent and mitigate potential surveillance, censorship, and other targeted cyber attacks.

To maintain privacy and security on our devices in the face of intense censorship and surveillance, here are some important best practices:

1. Don’t share your personal data if you don’t have to: Ensure not to give up your personal details unless it is legally necessary which include not engaging voluntary submission of your personal data for any internet platforms. Always take the time to read Privacy Policies of internet platforms to ascertain potential threats in giving up your personal data.

2. Don’t Put Personal Information on Social Media: Avoid sharing personal information on social media platforms, as this can be used for surveillance and intimidation by authoritarian regimes.

3. Use Circumvention Tools such as VPNs or Tor: Hide your personal identity and reduce traceability by using reliable and trustworthy VPNs or Tor. These tools help protect your communications from being monitored by authorities.

4. Keep Your Devices Secure: Use strong passwords and enable two-factor authentication (2FA) to protect your devices and online accounts from unauthorized access.

5. Don’t Wait, Update: Regularly update your device software/OS to the latest version. This protects against outdated spywares and malwares that may be installed forcefully or accidentally.

6. Be Cautious with Emails and Links: Avoid clicking on suspicious links or downloading attachments from unknown sources to prevent phishing attacks.