Beijing may soon issue "cyberspace IDs" to its citizens, after floating a proposal for the scheme last Friday.

Although the policy is only open for comments and not certain to be adopted, the IDs would serve to "protect citizens' personal information, regulate the public service for authentication of cyberspace IDs, and accelerate the implementation of the trusted online identity strategy," according to a notice posted by the State Council - China's equivalent of a ministerial cabinet.

The ID will take two forms: one as a series of letter and numbers, and the other as an online credential. Both will correspond to the citizen's real-life identity, but with no details in plaintext - presumably encryption will be applied. A government national service platform will be responsible for authenticating and issuing the cyberspace IDs.

The draft comes from the Ministry of Public Security and the Cyberspace Administration of China (CAC). It clarifies that the ID will be voluntary - for now - and eliminate the need for citizens to provide their real-life personal information to internet service providers (ISPs). Those under the age of fourteen would need parental consent to apply.

China is one of the few countries in the world that requires citizens to use their real names on the internet. ISPs are required to collect the real names and ID numbers when customers sign up for services and, since 2017, social media sites like Weibo and WeChat must authenticate accounts with documents - including national ID.

Requiring real name registration makes it easier to identify those responsible for online harassment and spread of misinformation, but also raises concerns over stifling of free speech.

It's also a chore for companies to acquire and retain the data.

Relying instead on a national ID means "the excessive collection and retention of citizens' personal information by internet service providers will be prevented and minimized," reasoned Beijing.

Which is good news for anyone more afraid of a corporate data leak than state surveillance.

"Without the separate consent of a natural person, an internet platform may not process or provide relevant data and information to the outside without authorization, except as otherwise provided by laws and administrative regulations," reads the draft.

But just because the data is in the hands of the government and not private companies does not mean a leak won't occur - just ask the Unique Identification Authority of India (UIDAI).

The agency;s national biometric identification scheme, Aadhar, is used for a wide range of services, from accessing government subsidies and benefits to opening bank accounts and obtaining mobile connections. It also has suffered several breaches since it launched in 2010.

Notably, in 2023, 815 million Indians had their personal Aadhar information put up for sale on the dark web.

Japan's national identification system, MyNumber card, has also faced criticism for privacy concerns and security issues. Last August, Japan's digital minister, Taro Kono offered up three months' salary as an apology for the digital ID's data leaks.

The card had problems even getting off the ground, with records for 130,000 out of 55 million citizens linked to the wrong bank accounts. ®

https://www.theregister.com//2024/07/29/china_cyberspace_id_proposal/