Total protection of privacy is technically impossible, experts say
Data analysts are working mainly under personal and moral restraints rather than being restricted by actual regulations, coders say
During a recent class reunion, Liu Qiang (pseudonym) said something about his job that disturbed his friends. "I can find out what you browse on your mobile phone every day, if I want." No, Liu is not a mind reader, but he is something far more omnipotent - a data analyst.
For a country of 1.3 billion people, China will become the headquarters of online data resources by 2020, the National Development and Reform Commission said in 2016. Being a data analyst is, in essence, having the ability to collect, read and analyze anyone's online behavior, even digging out their most secret messages.
According to a 2017 Caijing report, the pieces of domestic information leakage in China reached 5.53 billion, which means that four pieces of personal information per person was revealed to someone it should not have been in the country. Phone numbers, home addresses, hobbies, favorite restaurant, secret affairs... Data knows everything, maybe even better than you know about yourself.
However, the situation could get even worse if the elite group of coders working behind the scenes at China's most popular apps and social media platforms ever choose to reveal this data to the world.
There is currently no specific law in China targeting privacy protection. Moreover, compared to the newly implemented General Data Protection Regulation in the EU, China's legislation is relatively loose in terms of protecting personal privacy.
"The boundary between big data and privacy must be clarified as soon as possible," Yu Haibo, CEO of a Beijing-based information security company, suggested during a recent data-related forum, proposing that the government should regulate what kind of data apps can collect, instead of giving the choice to users.
Due to the loose legal supervision, many data analysts are subject to following their own fluid set of rules, based merely on self-discipline, according to analysts interviewed by the Global Times.
"To read a person's data will not disturb anyone, as long as I check it covertly," Liu, in his 20s and working for one of China's most famous data companies, told the Global Times.
In China, 80 percent of all disclosed data was leaked by employees at companies that collect data, while only 20 percent came from hackers, a famous former hacker who is now the leader of a security company in China told Caijing.
Zhou Tao, director of Big Data Research Center at University of Electronic Science and Technology of China, said that total protection of privacy is technically impossible. "Our online clicks, photos of us gathered by CCTV cameras while we are walking on the streets, medical and payment histories, are all collected and saved," he said.
"It is not required for users to have the capability or duty to protect their privacy," Zhou added. "Moreover, they cannot."
Data analyst's monologue
Liu has been working at a Beijing-based company that harnesses big data for the past year. Having signed a confidentiality agreement when he started his job, he asked the Global Times to keep his employer's name a secret in case he revealed any trade secrets.
"The data we obtain are macro statistics. It cannot identify a specific person." Hesitating for a few seconds, he changed his mind. "But, you could if you want. For example, if you know a person's phone number, you could look for his or her information in the database."
Sounding like a detective story, Liu explained the process of how he analyzes the data he collects. Based on algorithms, data analysts can speculate particular features of a person with the information they buy from mobile phone carriers. By analyzing users' browsing history and clicks, Liu said he can roughly infer the sex, age, location, habits and preferences of users.
"One of our customers is a popular short-video platform. We help it analyze its users' profile data, such as age distribution, location distribution as well as how many people at the same time use its competitors' apps," Liu said.
Asked whether such information is "private," he gave an affirmative answer.
According to Hu Wei, a lawyer at Beijing-based Globe-Law law firm, China's Cybersecurity Law (CSL) which took effect in 2017, writes that all information pointing to personal identification is private. "ID numbers, mobile phone numbers, shopping history, positional information and consumption records are all private data," Hu said.
Although such personal information, after being processed, cannot identify specific people, Liu does not want other people to know what content he browses, even if nobody knows who he is.
He said he does not feel ashamed when viewing the data of millions of people, because he does not personally know them. "However, if an acquaintance of mine (did this to me), it would be really bad since their impression of me may change; but strangers doing this is okay," he said.
Indeed, what concerns most people is not what kind of data internet titans are gathering and analyzing, but the thought of being "stripped" in front of others, Xie Xiaonan, a young white-collar employee in Beijing, said.
"I am afraid of being stripped and examined by data analysts. This is even creepier than the real world, because everything is out of control in cyberspace. I don't know what those people will do with my data," Wang said.
An anonymous programmer told Renwu that apps reveal who you truly are. "You never tell dirty joke to others, but according to the app you always click pictures of sexy ladies; you publicly claim that you hate IP theft, but you search for and download pirated content."
Honest men can do the job
Lily Zhang works at a market research company that helps investors seek investment opportunities for start-ups. She used to do data mining for the company, which made her realize the true value of her work.
"I'm not sensitive to security. A friend who works at an information security company told me that even if she cares about her privacy, she doesn't have the ability to protect it. It is good if an app knows my age and preferences, because then it can recommend more accurate and personalized content to me," Zhang said.
She thinks data mining provides more convenience rather than worries to her life, but when talking about the potential dangers of data leakage, Zhang said customers simply must trust that third-party companies will keep their data safe.
"Data is encrypted. You can't interpret the relationship between the data without the coder. When our engineers update our system, they must do on-site debugging," Zhang said, explaining how they protect users' data within her company.
She added that if the marketing department wants any data, her team will set a limit on the amount of information they hand over, and "the less people dealing with sensitive data, the better."
Talking about the professional ethics of being a data analyst, Zhang thinks they are working mainly under personal and moral restraints rather than being restricted by actual regulations. But simply relying on self-discipline is obviously not enough to ensure people's privacy security.
In March 2017, a data engineer at JD.com was caught stealing 5 billion pieces of their users' private data and selling on the black market. In the same year, Guangdong police reported that Apple's Chinese employees were involved in obtaining personal information of Apple customers through unlawful means, selling over 200,000 pieces of data illegally for 10 to 180 yuan per piece.
"One way is legislation. Many people and companies taking part in unlawful profit-making (on data) were penalized after the CSL was put into effect," said Zhou.
The government is mounting their efforts in this regard. The Ministry of Public Security revealed Wednesday that an upgraded cybersecurity regulation is coming, which will update the protection level to individuals and institutions, bringing big data, cloud computing and Internet of Things under supervision and regulation.
In addition, improved technology can help prevent data breaches, according to Zhou.
He used Alibaba, China's largest online B2B market platform, to explain how their employees handle sensitive data, which leaves a digital footprint of everyone who has touched the data. As a result, it is relatively easy to find out who leaked private data on which computer at what time and place.
"With the help of technology, we should make it more difficult to breach data, and easier to find out who breached the data," Zhou said, proposing a future path for data protection in China.
Zhang likewise explained her company's data protection operations. "If we want to analyze any data and take it out from the database, our behavior will be recorded. It will tell us who took out any amount of data at what time. If we are caught revealing any data, we cannot work in the industry anymore," she said.
In terms of the data analyst profession itself, which is a well-paid and admired job in Chinese society, Zhang thinks the moral quality of an employee is the key.
"It is very important for data companies to be selective of the talents they hire. They should especially pay attention to applicants' morals. People who are honest will not breach data," Zhang added.