China’s Communist government has never shown much concern for the privacy of Chinese citizens. If one has something to hide, the thinking goes, they probably need to know it.
In one form or another, surveillance and monitoring have evolved into a well-honed form of social control. And as a result, neither companies nor consumers have traditionally had very high expectations for individual privacy.
That might have been fine before more than 700 million Chinese went online, and before the government began counting on sectors such as e-commerce to ease the economy’s dependency on investment and exports.
If China’s biggest online players want to chart a bigger role for themselves at home and abroad, they are going to need to start taking privacy much more seriously.
The problem came into sharp focus this month, with new data showing that the Chinese police had arrested 4,261 suspects in 1,886 cases related to the theft of personal information last year. That is a steep increase from prior years. Between 2010 and 2014, there were roughly 260 prosecutions under China’s law prohibiting the sale of personal information.
Last year’s suspects included nearly 400 “industry insiders” in banking, e-commerce, telecommunications and delivery services. One estimate placed losses related to these reported crimes at US$13.2 billion (S$18.5 billion). Almost certainly, the scale of the problem is much bigger.
Several factors have made the Chinese vulnerable to identity theft. One is cultural. Broadly speaking, Chinese society favours collective rights over individual ones.
Privacy, except for the wealthiest and most powerful, has historically been a rare luxury, especially in a country where households were typically crowded, multi-generational and located in tightly knit rural communities.
Compared to the snooping most people accepted at home, the government’s poking around in one’s business probably did not feel like such an extreme violation.
Companies have taken advantage of this lackadaisical attitude. The service agreement for Alibaba Group Holding’s Alipay mobile payments system grants Alipay carte blanche, in perpetuity, to disclose user information to third-party vendors; this can include behavioural profiles based on transaction and location history. Users have almost no recourse if they feel that the data has been misused.
And Alipay is hardly alone. Tencent Holdings, China’s biggest videogame company and owner of its most popular social media programme, ranks well below international peers such as Alphabet (formerly known as Google), Facebook, and Twitter in its efforts to protect user data. According to a 2015 survey by a Chinese Internet security organisation, 44 per cent of Chinese websites had security vulnerabilities that led to data leakages.
Cyber thieves have little to fear from the law. Earlier this month, Chinese police arrested a ring of 96 suspects involved in pilfering personal data; one was an engineer at JD.com, one of China’s biggest Internet retailers, who had a record of doing the same thing at other internet firms.
Many third-party brokers ply their trade in the open. In one recent, high-profile example, a journalist with one of China’s leading newspapers reported how he was able to obtain a colleague’s banking information, real-estate transaction history, hotel reservations, border entry-exit records and travel information for roughly US$100. When he tried to report the third-party service he had hired to provide the data, multiple law enforcement agencies brushed him off.
China can no longer afford that kind of complacency. If Chinese consumers lose faith in local Internet companies, the government’s efforts to promote technology and innovation are certain to struggle.
And whatever their previous attitudes toward online privacy have been, the Chinese are growing more demanding as mobile commerce has become tightly integrated into middle-class lives.
Chinese social media exploded with outrage last summer when an 18-year-old high-school graduate suffered a fatal heart attack after losing her personal information and being defrauded of her tuition. Newspapers were soon flooded with accounts of similar scams.
Concerns about data security will also cramp Chinese companies’ ambitions to expand overseas. China wants firms such as Alibaba and Tencent to be global brands no less than Facebook or Google; Tencent’s WeChat, China’s most popular social media platform, has more than 70 million users overseas and aspires to more.
But if they cannot prevent user data from leaking at home, consumers abroad are not likely to trust them either.
In 2014, Target Corp’s revenue saw its profits halved after hackers stole credit card and other personal information from as many as 110 million customers. Chinese companies, largely unknown outside their home markets, have the added burden of making a good first impression.
The good news is that a consensus is growing in China that the problem must be addressed. Any solution will have to start with the government writing national standards on protecting online data. It cannot end there, though.
Earlier this month, during China’s National People’s Congress, Tencent CEO Pony Ma called for standards to be combined with a national system for reporting data breaches, allowing companies like his to close leaks as soon as possible. Such a system might help deter data thieves. More importantly, it would be a reminder to China’s online masses that they, too, have a role to play in protecting their privacy. BLOOMBERG
ABOUT THE AUTHOR:
Adam Minter is an American writer based in Asia, where he covers politics, culture and business. He is the author of Junkyard Planet: Travels in the Billion-Dollar Trash Trade.