China proposes national internet ID? "Net ID, Net Pass" system may deepen surveillance, requiring ID for online access.

The Ministry of Public Security and the Cyberspace Administration of China have released the "Administrative Measures for National Internet Identity Authentication Public Services (Draft for Solicitation of Comments)". The document mentions that China will issue "Internet Numbers" and "Internet Certificates" uniformly to the public, aiming to provide citizens with real identity registration and verification services based on legal identification information. With the potential implementation of "Internet Numbers and Internet Certificates," this new system will have a profound impact on China's digital life, sparking widespread attention and discussion.

What are China's "Net Number" and "Net Certificate"?

According to the "Solicitation Draft," the "Net Number" is an online identity symbol corresponding to the personal information of a natural person, consisting of letters and numbers without explicit identity information; while the "Net Certificate" carries the Net Number and non-explicit identity information of the natural person for online identity authentication. Citizens can voluntarily apply through the Chinese National Network Identity Authentication Public Service Platform, and use the "Net Number" and "Net Certificate" to log in to online platforms and access relevant services.

The positive discourse is that the implementation of online identity authentication methods is undergoing a transformation, providing users with more entry points when using online services, possibly reducing reliance on information such as phone numbers, thereby enhancing personal privacy protection.

The official document states: "Based on the national network identity authentication public service, when a natural person lawfully needs to register and verify real identity information in Internet services, they can apply for and use 'Net Number' and 'Net Certificate' for non-explicit registration and verification through the national network identity authentication APP, without the need to provide explicit personal identity information to Internet platforms, etc. As a result, it can minimize Internet platforms' excessive collection and retention of citizens' personal information under the pretext of implementing 'real-name system'."

Positive Comments: New Options for Online Authentication, Fraud Tracking

Associate Professor Hu Ling of Peking University Law School pointed out that current online identity authentication mainly relies on mobile phone number verification, where user's real identity information is held by telecommunications operators. The "Net Number" and "Net Certificate" provide users with a new choice, with a service form similar to the Trusted Identity Authentication Platform CTID constructed by the First Research Institute of the Ministry of Public Security, yet with distinctive features.

Hu Ling stated that the implementation of this system may imply that the mobile phone number will no longer be the core of online identity verification, allowing users to enjoy online services more securely and reducing the risk of personal data leakage. The implementation of this system may also help address some identity verification issues that are difficult to achieve due to high verification costs, such as tracking telecommunications network fraud and verifying the identities of minors.

He believes that a nationally unified online identity authentication infrastructure can effectively reduce the cost of organizational member authentication.

Personal Data Security Protected by the State

Supporters believe that the national online identity authentication platform adopts a "static number + dynamic authentication" approach, further preventing personal data leakage and misuse through dynamic QR codes and other technologies.

Transfer of Online Identity Authentication Responsibility

Hu Ling believes that the existing online identity authentication responsibilities will partially shift from telecommunications operators and major platforms to the national network identity authentication public service platform. This change not only requires clear regulations on the use of identity information but may also bring about a series of new legal issues, such as the process of obtaining a criminal's identity, requiring further exploration.

Monitoring Issues of "Net Number" and "Net Certificate"

Any large-scale policy involving personal data requires public trust and acceptance.

Although the system is implemented on a voluntary basis, the public may have concerns about this highly centralized identity authentication system, especially regarding its potential for surveillance or restricting personal behavior. Therefore, transparent operational mechanisms, clear privacy protection measures, and robust regulatory systems will be key to gaining public trust.

Furthermore, if the national online identity authentication platform becomes the sole entry point for all online services, its responsibilities and risks will significantly increase. Once the system experiences data breaches or technical failures, it may have a broad impact on citizens' digital lives.

Nevertheless, as Hu Ling pointed out, fragmented tracking of online behavior has already begun; the emergence of "Net Number" and "Net Certificate" only provides a low-cost and convenient authentication method, rather than comprehensive monitoring of online behavior.

Bidding for DID System! Taiwan's Ministry of Digital Web3 Next-Generation Internet Services kicks off, is the digital wallet for citizens not far away?

DID Decentralized Identity vs. "Net Number" and "Net Certificate" – Which is Better?

Many governments and organizations, including Taiwan, are developing relatively privacy-enhanced DID decentralized identities. How do they compare to the centralized approach of "Net Number" and "Net Certificate"?

Choosing centralized identity authentication (such as "Net Number" and "Net Certificate") may be more suitable for the following situations:

• Strict compliance requirements domestically and scenarios involving government services and legal mandatory requirements.
• Requires high integration with national-level social management systems, such as healthcare, social security, education, etc.
• Wide user base with lower technical adoption thresholds.

Choosing decentralized identity (DID) may be more suitable for the following situations:

• Users have higher demands for privacy protection and data sovereignty and wish to reduce government or institutional data control.
• Application scenarios with global demands spanning different countries and legal systems.
• Users have higher technical capabilities to manage their identity information and private keys.

Centralized and decentralized identity authentication systems each have their advantages and challenges. In the future, both may coexist in different scenarios and even integrate in some aspects to meet diverse needs.