ENGLISH EDITION OF THE WEEKLY CHINESE NEWSPAPER, IN-DEPTH AND INDEPENDENT
follow us:
               
site: HOME > > Economic > News > Briefs
Company Responds to Yikatong Privacy Concerns
2011-10-14 18:53
letters to editor
S M L
Bookmark
print
Summary:


By Xie Liangbing (谢良兵)
Economic Observer Online
Oct 11, 2011
Translated by Li Meng
Original Article: [Chinese]  

Last Sunday evening, a message posted to a Chinese microblogging site claiming that a transport card used by millions of commuters in the capital, allowed their movements to be tracked.

The post, written by Li Tiejun, a software engineer at Kingsoft Security, caused quite a stir in domestic media the following day.

"Now you can track people without having to retain a private investigator. All you need to do is go to Yikatong's official website and enter the card numbers of their Yikatong (Beijing Municipal Administration and Communications Card). Then the users' record and activities will be available to check."

Right after the post was published, a large number of netizens flocked to the official website of the company that distributes and manages the transport card, causing the site to crash.

Beijing Municipal Administration and Communications Card Co, Ltd. (BMAC), the issuer of Yikatong or the Beijing Super Pass, made a statement on Monday evening on its homepage in response to the claim that the card reveals information abour users location.

The statement argued that, since no personal information is stored on the card and users are not required to register when being issued with a card, the issue of privacy leaks does not arise.

The company admitted that, "The travel records of people taking public transport and usage history from last three months are available to view on the website, which is one of the service functions required of all domestically issued travel cards."

The statement also included a reminder to card users to keep their Yikatong safe.

Li Teijun pointed out that although Yikatong is an anonymous card, it increases the possibility that some people could take advantage of the vulnerability of easily accessible database and card numbers. Li also said it was still necessary to carry out security review of potential privacy risks and raise cyber security defense posture.

He also suggests BMAC shut down the online record check service and limit data access. Li also said that Yikatong users should buy more than one card and rotate them from time to time.

As for the solution of of adding password protection to the website which was suggested by some online commentators, BMAC said they would need to assess the feasibility and potential effects of introducting such measures before making a final decision.
letters to editor
S M L
Bookmark
print

Related Stories

0 comments

Comments(The views posted belong to the commentator, not representative of the EO)

username: Quick log-in

EO Digital Products

Multimedia & Interactive

Podcast: Super Bowl Edition
Podcast
Podcast: Is China Really Killing Us?
Podcast
Podcast: Scamming the Scammers
Podcast
HOME NEWS OPINION CHINA BUZZ MULTIMEDIA DIGEST 中文
Baidu
map