Privacy guards noticed that the above-mentioned health treasures generally refer to Beijing Health Treasure, and the developer is Beijing Economic and Information Technology Bureau.
According to incomplete statistics, screenshots of nucleic acid detection photos of more than 70 stars are circulating on the Internet. The contents of the screenshot include: the face photo of the star, the initials, the first and second digits of the ID number, the organization of nucleic acid testing and the specific testing time.
Information such as photos of stars in health treasures.
On the afternoon of February 28th, 65438, Privacy Guard contacted a seller "TDD" who sold personal information such as star ID number and itinerary information for a long time. She showed a photo of Jackson Yi's health treasure to privacy guards.
At about 0/4 o'clock on the same day, a staff member of Beijing Economic and Information Technology Bureau told privacy guards that the problem of why the star nucleic acid test photos were leaked and the face recognition function was not triggered has been reflected upwards, and the relevant situation is being verified. Relevant findings will be made public in the future.
Is there a problem with the search function?
Why can I easily get the information registered by others in Health Bao? Privacy guards found that by entering the colleague's name and ID number in the function of "checking other people's nucleic acid test results on behalf of others" in their own health treasure, and clicking "OK", the face photos of colleagues registered in health treasure can be displayed.
It is worth noting that although the above function originally showed "face recognition required", it was not actually triggered. That is to say, at the moment when the star information is "leaked", as long as the name and ID number of the star are mastered, the facial photos of the star registered in Health Bao can be found.
Previously, in order to take care of people who don't have smart phones and can't use them, Beijing Health Bao checked the information of third parties online. Unexpectedly, this function was used by criminals.
In this regard, Xiong, the managing partner of Beijing Law Firm, told privacy guards that in theory, it is necessary to obtain my authorization to inquire about the information in other people's health treasures. Inquiring and selling other people's face photos in Health Treasure without permission is suspected of infringing on portrait rights.
He also said that this may be a consideration in functional design. Even if adding or turning on the face recognition function can prevent the above situation to some extent, it will also reduce the convenience. "Imagine that many elderly people have passed the security check by car, and the staff use the search function to query their information. If everyone does face recognition, traffic efficiency will be greatly reduced. "
Therefore, Xiong Zhong Ding emphasized that whether it is necessary to add additional verification functions to the health care package and whether it is necessary to strike a balance between safety and efficiency and technology cost is not necessarily more conducive to the overall social welfare.
Text/Researcher of Du Nan Personal Information Protection Research Center You Yizhen Trainee Reporter Sun Chao