Feature: Clouds of suspicion in China

CHINA - Following the leaks of nude photos of celebrities after their iCloud accounts were hacked, Zhou Wei is reluctant to use Apple's cloud-based storage service.

"I prefer to store all my information on a mobile hard disk drive rather than use iCloud, although the latter is more advanced and convenient," said the 26-year-old, who works for a Beijing self-media company.

The release online of nude pictures of stars, including Jennifer Lawrence and Scarlett Johansson, that were stored on iCloud has raised concerns about the security of such services and privacy protection in the big data era. Zhou regularly backs up anything she wants to keep on mobile hard disks because she does not fully trust her account number and password in the big data space.

Qi Xiangdong, president of Qihoo 360, China's largest cyber security service provider, said the issue has drawn lots of attention in China "because online security and privacy protection have much to do with State security".

Qi, along with several Web security specialists, wants China's legislature to put a personal information protection law on its agenda. Such a law should clarify what kind of online data should be protected, as well as the obligations of big data companies to boost the industry's self-discipline.

Following the recent hacking of celebrities' iCloud accounts, Apple CEO Tim Cook promised better security features to prevent similar leaks in the future.

Potential risks

Ning Jiajun, a senior researcher with the advisory committee for State Informatization, a government think tank, said "the cloud makes people's lives easier as well as enlarges memory space online".

It is thanks to cloud technology that smartphone users can check a bus schedule using an app, for instance. He said some of people's concerns about online security can be attributed to irresponsible company behaviour.

"There are reports that some companies have purchased private information in our country for their own gain. What's worse, they are hardly punished because of the lack of rules and laws on privacy protection."

He said until such regulations are introduced privacy relies on the self-discipline of the companies and the supervision of industry associations.

Liu Xiaohang, 25, an employee of a finance company in Beijing, uses cloud data storage but not for personal stuff.

"I put my documents on a cloud, so I can share them with my clients. It's convenient, but I won't store my personal information this way," Liu said.

"I was plagued by cold callers and spam e-mails after I left some information on websites in the past. I don't want to take the chance again," he added.

Qi said that big data is a double-edged sword. Although it offers convenience, it also comes with risks.

The popularity of cloud-based products for storing information, not only of individual users but also enterprises or government agencies, means there could be severe consequences if accounts are hacked and sensitive information stolen.

"If a hacker collects and makes use of the data, it could pose risks to the privacy of many people, and even national security," Qi said.

The Internet dependency of industries, such as energy, telecommunications and healthcare, means enterprises are putting huge amount of information online, he said.

The growing popularity of e-commerce and smartphone payment apps means people could be exposing themselves to more risks.

Malicious apps

According to a mobile payment safety report released by online search engine Baidu, more than 36 million mobile payment users in China had been exposed to high security risks as of June. The number of likely cybertheft victims accounts for around 18 per cent of the country's total mobile payment users.

"Every link of the payment process, from a WiFi connection to the smartphone itself, has potential risks that could turn a normal online shopping transaction into a dangerous hacking case," the report said.

App-based mobile payments are more risky than payments made on a PC, said Qi, as "customers find it almost impossible to tell if an app is malicious".

Beijing Rising Information Technology Co Ltd, a Web safety company, which has released a product to protect near field communication services, says NFC is used in more payment scenarios nowadays, and bankcards and smartphones equipped with NFC could potentially be hacked on buses or in shopping malls for instance.

Fred Cohen, a US computer scientist known as the inventor of anti-virus techniques, said the Chinese Internet security industry should work with the rest of the world to build a global online security standard.

"Web attacks are a universal problem, global security players should work together to tackle security threats," Cohen said.

The Cyberspace Administration of China, the nation's top Internet authority, has also highlighted cooperation to push forward cybersecurity.

"If the Internet is not secure, it will lose energy. So we'd like to cooperate with other countries to fight against online threats, learning from others' experiences of privacy protection," said Lu Wei, the authority's director.

Security specialists are also calling on the legislature to draft a law on personal information protection.

"The current legal provisions are too general. They cannot catch up with the Internet's fast pace in this era," said Jiang Kaida, a cyber security analyst from Shanghai Jiaotong University.

However, such a law seems not to be on the legislature's agenda so far.

"So we must be more careful when we upload information on the cloud and enhance security awareness," said Qin Xiongning, a security researcher at China Telecom's Guangxi branch.

Qin suggested that people read contracts carefully before they download an app and avoid using the same password for different accounts.

Contact the writers at caoyin@chinadaily.com.cn and gaoyuan@chinadaily.com.cn