Personal Information Trading is Unchecked in China

In June, Wuhan police cracked down a case of selling personal information. They intercepted and captured more than 26 million pieces personal information. On October 7, reporters learned from Wuhan Public Security Bureau that the case had some new progresses. After four months detection, the police recently destroyed five telecom fraud gangs, detaining 58 people in accordance with the law. Behind the case is a profit chain that illegally sells and buys personal information… Who’s the buyer behind the scenes? And what is the information used for?

“Personal information trade” + “network fraud”

In April, the Qingshan District Public Security Bureau of Wuhan Public Security Bureau received a clue that someone illegally sold personal information on the Internet through QQ. After investigation, the police narrowed down to several suspects, detected multiple cases selling personal information and intercepted and captured more than 26 million pieces of personal information. Liu, He and other three people were arrested.

Who is buying the information? In July, five big ” buyers” came into the police’s eye through an analysis of the suspects’ trading records. These people bought a lot of personal data from the criminal suspects for several cents per piece of information. Some people used shareholder information they illegally bought to recommend them stock in WeChat and gained profit under the guise of stock investment company staff. Some guised as trade company employees and called wine buyers to buy fake and inferior red wine. Some even guised as rehabilitation center employees and trapped more than 30 seniors to buy health products at a high price.

The suspect Chu used shareholder information they illegally bought to recommend them stock. In his office, two computers were placed side-by-side. Staff worked on the computer while they were on the phone. The police investigation found that the gang has 12 members. Most only received junior and senior high school education without relevant qualifications. The recommended stock is randomly selected according to online information.

“The customer manager” told shareholders that they had “inside information” and could recommend stock for free. They can even suggest clients when to buy and sell. If the stock gains, the profits will be shared evenly by both. And if the stock price falls, the company would compensate. However, in fact, once stocks fall, shareholders are “blocked”.

The suspect Ke recruited a large number of young people as red wine salesmen. Taking advantage of the personal information that they bought, they sold cheap red wine at a high price to the old customers for profit while claiming it was promotion. Ke claimed the wine they recommended was produced by famous French chateau and the raw material was the average 30-year-old vines delicately selected. But the police investigation found that the so-called high-end imported red wine was all actually made in China. The cheapest was bought at 16 yuan per bottle. Ke confessed that 16-yuan red wine was sold for 100 yuan and wine bought less than 20 yuan was sold at 200 yuan or more. With the more than 60,000 pieces of personal information they bought, Ke illegally gained more than 200,000 yuan in just four months.

How did our personal information leak out?

According to the latest figures from hunting Net Anti-Fraud Platform jointly constructed by Beijing Municipal Public Security Bureau and 360 Internet Security Center, in first half year of 2017, they received over 10000 cases of network fraud from all over the country, loss of 10000 yuan per capita. In terms of the number of reports, the top four categories were: false part-time, false shopping, financial management, and online game trading.

Pei Zhiyong, the chief anti-fraud expert, said that at least 50% of fraud cases were related to personal information leaks from commodity refund fraud and ticket defraud. Criminals used personal information for accurate fraud and ordinary people cannot protect themselves in most cases. In addition to reminding the public to be vigilant, companies and relevant government departments also have legal responsibility to protect personal information.

How does personal information leak out? Pei said there were three main sources: one is the website vulnerability, which is the main source of personal information circulating on the black market. Many websites in China have security holes. If these flaws are not handled timely, it could cause 5 billion to 6 billion pieces of personal information leakage every year. The second is the Trojan virus, phishing website and pseudo base station targeted at individual users. They steal personal information in point-to-point manner. This loophole can cause 1.4 billion pieces of personal information leaks each year. The third is the unscrupulous merchant and the technical hacker.

In 2016 the Ministry of Public Security deployed special operation on cracking down the online infringement of citizens’ personal information crackdown. The national public security organs totally captured 4261 criminal suspects infringing citizens’ personal information. Among them, 391 are staff in banking, education, industry and commerce, telecommunications, express delivery, security, e-commerce sites, and other industries and 98 are hackers.

Laws and regulations still needs improvement

On June 1 this year, People’s Republic of China Network Security Law, China’s first fundamental law regulating cyberspace security order, was officially implemented. The law not only clarifies the functions and powers of government departments, but also strengthens the main responsibility of network operators. “After the law comes out, the website needs to take the initiative to fix loophole. Or, they need to  face greater judicial risks,” said Pei, “but at the moment, the website’s perception of this legal responsibility has yet to be improved”.

Li Mu, head of the Zhongyou Law Firm Hubei Province, said that the implementation of Amendment to Criminal Law and People’s Republic of China Network Security Law shows how the law values the protection of citizens’ personal information. But the responsibility of individual information protection cases involves leaking sources, data sellers, buyers and fraudsters. In practice, it is difficult to form evidence chain. And that how to carry out scientific sentencing is a major difficulty in judicial practice and legislation in the future.

For many experts, personal information is an important resource in big data era. And the best way to protect it is to encourage rational use and development. Du Xiaojun, the director of Wuhan East Lake Trading Center for Big Data, said that China’s data trading was still in its infancy, and there would be broad space for development in the future. At present, how to assess the data is untradeable, ambiguously tradeable or tradeable faces problems like unsound laws and regulations, data security, data ownership and data open. It is necessary to improve data management system, to clarify legal boundaries and to promote reasonable and standard use of data, so as to effectively protect citizens’ personal information and privacy.

This article originally appeared in Xinahua News Agency and was translated by Pandaily.