Beware of the "sequelae" of anti-epidemic, can blockchain protect personal privacy data?

Source: Interchain Pulse, the original title "Beware of the sequelae of the epidemic, the Internet Information Office is worried that the blockchain can solve it"

Author: Yuan Shang

"War epidemic" is a major event in China and even the world. The war between humans and viruses without smoke may have begun since the birth of human beings, but there are many tools in human arsenals, including blockchain. Mutual Chain Pulse explores the ability of blockchain to fight the epidemic from multiple dimensions. This is the seventh episode of "Blockchain War Epidemic".

During the New Crown epidemic, the nation's largest collection of personal information was underway. Where it comes from, where it goes, how much body temperature it is, where it lives … Such fine-grained information plus a population base of 1.4 billion may be the largest "census" ever done by humans.

At the same time, chaos in the collection of personal information also appeared, and leakage of personal information became a new problem.

On February 9, the Office of the Central Cyber ​​Security and Informatization Commission (hereinafter referred to as the "Internet Information Office") issued the "Notice on Doing a Good Job in Protecting Personal Information and Using Big Data to Support Joint Prevention and Control." The purpose of the "Notice" is to "do a good job of protecting personal information in the joint prevention and control of new coronavirus infection and pneumonia epidemics" and "use big data including personal information to support joint prevention and control work."

This notice from the Cyberspace Office has a deterrent effect on individuals and institutions trying to leak personal information, but it is difficult to prevent the leakage of information. And if the blockchain technology is used in the information collection process, the network information office's worry will not be afraid.

Messy personal information collection

Since "Wuhan Sealed the City", the author has been required to fill in various information collection forms, including community property management, community neighborhood committees, work units, children's schools, etc. I have clearly identified the entity, as well as the community communication including the signature For "city government", "public security bureau", "health and health committee" and other entities that cannot be identified.

There are various ways to fill in, including H5 format, WeChat mini-program, and Word document. For example, WeChat searches for keywords such as "outbreak", "anti-epidemic", "anti-epidemic", "new crown", "virus registration", etc. There are hundreds of related applets running.

There are also a variety of tools for producing these information collection tools. There are individuals, outsourcing companies, and large Internet companies. This means that the servers that store this information are different, and the security is questionable.

From the perspective of the collection of personal information, it involves very privacy issues, including ID numbers, phone numbers, detailed residence of the family, and a detailed list of family members.

With these contents, you can do a lot of illegal things: including using other people's ID cards and phone numbers for various membership registrations and handling various membership cards; through the ID card number and the bound mobile phone number, you can copy the same Mobile phone number, which leads to the loss of property in the bank card; has very accurate identity information, is sold to advertisers, and is harassed by advertisements; reselling the information to scam companies, scam companies can more easily make stories that the masses believe.

In fact, before the epidemic was over, there had been incidents of personal information leakage. A case has just been investigated and dealt with in Nanhai District, Guangzhou. A passenger was traveling on a cruise ship in the South China Sea, and an epidemic situation appeared on the cruise ship. The passenger's head, identity and other information were transmitted.

This is why the Cyberspace Office has issued a document to protect personal information.

The "Notice" of the Cyberspace Office requires that personal information collected for epidemic prevention and control and disease prevention shall not be used for other purposes. No unit or individual may disclose personal information such as name, age, identity card number, phone number, home address, etc. without the consent of the person being collected, except for the joint defense and joint control work, except for desensitization. The "Notice" also pointed out that the institutions that collect or hold personal information shall be responsible for the security protection of personal information, and adopt strict management and technical protection measures to prevent theft and leakage.

From the perspective of the main body of information collection and the technical service company, it is not easy to meet the requirements of the Internet Information Office. Luo Xiao, CEO of UChain Technology, said to Interlink Pulse: "Now there are many webpages in the form of H5 to obtain citizen information, and because some technology companies have limited technical capabilities, aside from experience, it is extremely easy to cause citizens to leak private information. . "

Blockchain technology is being used to collect personal information for epidemic prevention because it can protect user privacy. For example, the “enter and exit” developed by YuChain Technology is deployed on the YuChain Cloud based on blockchain technology. Encrypted protection of the collected citizen information can ensure data security. Luo Xiao said: "Even U-Chain Technology can't see user information, and after the epidemic is over, it will publicly destroy the deployment of this product."

Use of blockchain and private data

It is worth noting that in the "Notice" of the Cyberspace Office, not only the protection of personal information is required, but also two requirements are put forward.

First, the health department has the right to call. The "Notice" stipulates that, except for institutions authorized by the health department of the State Council in accordance with the "Internet Security Law of the People's Republic of China", "The Law of the People's Republic of China on the Prevention and Control of Infectious Diseases" and "Regulations on Public Health Emergencies", no other unit or individual may use the situation Collect and use personal information without the consent of the person being collected for reasons of prevention, control, and disease prevention.

The second is to collect information differently. The "Notice" stipulates that the collection of personal information necessary for joint prevention and control should refer to the national standard "Personal Information Security Standards", adhere to the principle of minimum scope, and the collection target is limited to key groups such as diagnosed, suspected, and close contacts in principle, and is generally not targeted All groups in a specific area prevent de facto discrimination against specific geographical groups.

However, current personal information collection methods are difficult to fulfill the notification requirements. For example, if the health department calls the data, its operators must be able to obtain the data. At present, it is better to collect all the information than to miss one person.

However, the blockchain has already given solutions at both points.

For example, on July 30 last year, Lai Xin, Chief Engineer of Thunder Chain, released a new Thunder Chain technology-traceable privacy protection technology at the scene of the Fourth China Network and Information Security Conference. This technology is to solve the pain points of data privacy protection and information traceability on the chain. According to reports, this technology encrypts and hides data through encryption algorithms such as ring signatures and zero-knowledge proofs, thereby protecting user privacy, and using cryptographic technology to meet the needs of organizations or institutions with information management authority and minimize risks. In this way, it meets the problem that the health department calls the information, but others cannot see.

Previously, Thunderchain's "On-chain Data Supervisable Privacy Scheme" has been applied in medical scenarios. This plan can also be applied to the collection of personal information for epidemic prevention. For example, relevant collected objects can upload data to the chain by using a supervisable privacy encryption technology to protect the privacy of the data uploaded to the chain. Supervisors with data access authority, such as provincial and municipal CDCs, can view the ciphertext data on the chain through the supervision key, ensuring that the data is timely and effective while achieving security and controllability.

However, at present, blockchain technology has not been used on a large scale in the collection of personal information for epidemic prevention. Everyone needs to pay attention to the possible leakage of personal information after the epidemic technology.