Old Miraheze Wiki Pages:KB202481: Difference between revisions

From The LI AO Wiki
Create the page for later edits. *REMARKS: A DNS zone which serves the Internet domain liao.media on Azure DNS constituted to the successful submission of this version of the page.
 
m 4 revisions imported: Import the dump of the "LI AO's Wiki (Miraheze)" wiki.
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:KB202481: Information Disclosure of New Centralised IT System Used by Banks Interconnecting Chinese Police}}


== Introduction ==
This article documents information of a new system introduced to cater the Chinese police departments with citizens' privacy during bank card account opening processes. Li Ao noticed that the bank may impose customers' Chinese Residential ID Card number into a new system that interconnects police departments, mobile operators' systems, and social insurance IT systems, into a unique IT data platform for police departments to collect citizens' physical activities and for bank institutions to get more insights into customer's privacy.
== Symptoms ==
During a recent visit to a local bank branch, Li Ao noticed that the bank staff were appearantly to importing customers' data into an IT system and get details about the ''double-card'' sanctioning status of them, with a list of name, Chinese phone number and Residential ID Card number combinations of people that appears to be provided by a company containing the listed customers demanding debit cards for salary payments. Each time the staff enters a combination of NRIC card number and mobile phone number paper document was produced with an emblem used by police departments on the top left area and a URL starting with http:// at the bottom, followed by a date which was also printed. The Chinese characters of "double-card" can be easily seen on the top part of the documents.
As confirmed with the bank's staff from the responses, this system is introduced for banks to enter data of customers wanting to open debit card accounts including their Chinese Residential ID Card number and Chinese phone number, and use the responded data for evaluation of eligibility; the system returns whether or not the person is involved in investigations and cases with the matter of the so-called "fraudulent crimes," as defined by the government officials. Furthermore, as Li Ao requested a check with his own identity, she also provided warnings, giving context that  frequent inquiries, which she meant for a singular person, on this system will let the police departments know that the person is "exteremely wanted to open a bank card account," which also confirms that police departments will be able to monitor data activities on this IT system.
This bank staff entered Li Ao's NRIC card number and a 11-digit fictitious phone number, 14000000000, into the system, as he sought information of ''double-card'' sanction statuses on his identity. The returned data includes, but not limited to, the following categories:
# Whether or not currently being sanctioned by the ''double-card'' sanctioning measure;
# Whether or not a ''personnel-in-flushing'' ("''liudong renkou''" in Chinese, 流动人口);
# Whether or not the supplied phone service is recently-opened;
# Whether or not the supplied phone number is involved in ''double-card'' criminal investigation cases;
# Whether or not the person has social insurance.
It's unknown of the scope of social insurance covered by this subset of data, but Li Ao believes that the scope applicated for this type of inquiry is within the city level of municipality.
It's unknown that which factors are considered for the calculation of the ''Whether or not a personnel-in-mobility'' data item; Li Ao later searched on Web from governmental websites for information about the methods of measuring "personnel-in-flusing," and official explanations suggested that the only factor for determine is whether or not a person lives outside the municipal areas his/her ''hukou'' is registered in. Data sources concerning the calculation of this data is unknown.
== Solution ==
Li Ao has determined that, this new system has a role as a successor to the long-term surveillance and tracing practices of the Chinese government. As a general practice, he often simulate the events of computer systems which may happen in the course of transmitting his personal activities which are critical to maintaining his physical safety, before he require services on banks with his ID card, so he is still capable of maintaining his body safety from wrongful arrests of police, before the political situation on handling critical information of citizens' private activities is getting worse.
In order to prevent incorrect or wrongful judgements of bank staff as they determine whether or not the customer in reception  demanding debit card accounts is suspect to pursuading illegal activities, customers are advised to conduct prior evaluation before requesting such kind of service. This check appears as mandatory to customers requesting debit card accounts, and in the current stage other administrative businesses, for example, bank account cancellation, debit card PIN reset, reverse from reporting loss of accounts, may still require only an ''online consolidation of prescribed identity'' (in Chinese, ''lianwang hecha'' 联网核查) as a step informing police departments of presence of citizens at the respective bank locations.
Customers demanding frequent business acceptances visiting bank locations in person are advised to conduct additional security evaluations, to further attest their security during business operations. For example, a customer concerning about wrongful arrest which as a result of wrong database of ''wanted criminals in exile'' (in Chinese, ''zaitao [xingshi] fanzui renyuan'' 在逃(刑事)犯罪人员), may first come to a bank branch where he/she is convenient to access the exits in emergencies, and request a common business which would quickly finish, in order to submit the ID information to the ''online consolidation of prescribed identity'' system, while observing the situations of both bank staff and externally to the bank, for security evaluations; normal responses of the staff and no police activities nearby to the bank usually attests that no criminal details is submitted under their ID card identity. The important point to be alarmed is, as the launch of this ''double-card'' IT system is unlikely to result in increased police activities in the current stage, further expansion of functionalities may significantly affect customers' security, for example, police may be notified followed by an inquiry of a criminal's ID card information.
== Outcome ==
By learning the important changes of IT systems used by Chinese banks, customers demanding frequent business acceptances while visiting in person are expected to be educated themselves to respond to worsened political situation on citizens' privacy protection, and, to gaining alarms by themselves on the potential false arrests of police. Li Ao hopes that every good-minded people living in China will continue to be protected as a result, no unfair prosecutions of political organs may be imposed on those innocent people.
__INDEX__

Latest revision as of 18:14, 28 September 2024


Introduction

This article documents information of a new system introduced to cater the Chinese police departments with citizens' privacy during bank card account opening processes. Li Ao noticed that the bank may impose customers' Chinese Residential ID Card number into a new system that interconnects police departments, mobile operators' systems, and social insurance IT systems, into a unique IT data platform for police departments to collect citizens' physical activities and for bank institutions to get more insights into customer's privacy.

Symptoms

During a recent visit to a local bank branch, Li Ao noticed that the bank staff were appearantly to importing customers' data into an IT system and get details about the double-card sanctioning status of them, with a list of name, Chinese phone number and Residential ID Card number combinations of people that appears to be provided by a company containing the listed customers demanding debit cards for salary payments. Each time the staff enters a combination of NRIC card number and mobile phone number paper document was produced with an emblem used by police departments on the top left area and a URL starting with http:// at the bottom, followed by a date which was also printed. The Chinese characters of "double-card" can be easily seen on the top part of the documents.

As confirmed with the bank's staff from the responses, this system is introduced for banks to enter data of customers wanting to open debit card accounts including their Chinese Residential ID Card number and Chinese phone number, and use the responded data for evaluation of eligibility; the system returns whether or not the person is involved in investigations and cases with the matter of the so-called "fraudulent crimes," as defined by the government officials. Furthermore, as Li Ao requested a check with his own identity, she also provided warnings, giving context that frequent inquiries, which she meant for a singular person, on this system will let the police departments know that the person is "exteremely wanted to open a bank card account," which also confirms that police departments will be able to monitor data activities on this IT system.

This bank staff entered Li Ao's NRIC card number and a 11-digit fictitious phone number, 14000000000, into the system, as he sought information of double-card sanction statuses on his identity. The returned data includes, but not limited to, the following categories:

  1. Whether or not currently being sanctioned by the double-card sanctioning measure;
  2. Whether or not a personnel-in-flushing ("liudong renkou" in Chinese, 流动人口);
  3. Whether or not the supplied phone service is recently-opened;
  4. Whether or not the supplied phone number is involved in double-card criminal investigation cases;
  5. Whether or not the person has social insurance.

It's unknown of the scope of social insurance covered by this subset of data, but Li Ao believes that the scope applicated for this type of inquiry is within the city level of municipality.

It's unknown that which factors are considered for the calculation of the Whether or not a personnel-in-mobility data item; Li Ao later searched on Web from governmental websites for information about the methods of measuring "personnel-in-flusing," and official explanations suggested that the only factor for determine is whether or not a person lives outside the municipal areas his/her hukou is registered in. Data sources concerning the calculation of this data is unknown.

Solution

Li Ao has determined that, this new system has a role as a successor to the long-term surveillance and tracing practices of the Chinese government. As a general practice, he often simulate the events of computer systems which may happen in the course of transmitting his personal activities which are critical to maintaining his physical safety, before he require services on banks with his ID card, so he is still capable of maintaining his body safety from wrongful arrests of police, before the political situation on handling critical information of citizens' private activities is getting worse.

In order to prevent incorrect or wrongful judgements of bank staff as they determine whether or not the customer in reception demanding debit card accounts is suspect to pursuading illegal activities, customers are advised to conduct prior evaluation before requesting such kind of service. This check appears as mandatory to customers requesting debit card accounts, and in the current stage other administrative businesses, for example, bank account cancellation, debit card PIN reset, reverse from reporting loss of accounts, may still require only an online consolidation of prescribed identity (in Chinese, lianwang hecha 联网核查) as a step informing police departments of presence of citizens at the respective bank locations.

Customers demanding frequent business acceptances visiting bank locations in person are advised to conduct additional security evaluations, to further attest their security during business operations. For example, a customer concerning about wrongful arrest which as a result of wrong database of wanted criminals in exile (in Chinese, zaitao [xingshi] fanzui renyuan 在逃(刑事)犯罪人员), may first come to a bank branch where he/she is convenient to access the exits in emergencies, and request a common business which would quickly finish, in order to submit the ID information to the online consolidation of prescribed identity system, while observing the situations of both bank staff and externally to the bank, for security evaluations; normal responses of the staff and no police activities nearby to the bank usually attests that no criminal details is submitted under their ID card identity. The important point to be alarmed is, as the launch of this double-card IT system is unlikely to result in increased police activities in the current stage, further expansion of functionalities may significantly affect customers' security, for example, police may be notified followed by an inquiry of a criminal's ID card information.

Outcome

By learning the important changes of IT systems used by Chinese banks, customers demanding frequent business acceptances while visiting in person are expected to be educated themselves to respond to worsened political situation on citizens' privacy protection, and, to gaining alarms by themselves on the potential false arrests of police. Li Ao hopes that every good-minded people living in China will continue to be protected as a result, no unfair prosecutions of political organs may be imposed on those innocent people.