采访视频连接:http://english.cntv.cn/program/china24/20131230/100347.shtml
Tensions between China and Japan are riding high, and is now spreading to technology sectors. China’s search giant Baidu on Thursday denied claims by the Japanese government that it is spying on users through its Japanese input software.
For more insight, joining us now on the phone is Associate Professor Benjamin Chiao from the Shanghai University of Finance and Economics.
Q1:Software using cloud-based technology has been around for a while. Google and Microsoft both use it. Why has the Japanese government waited until now to warn against such risks, and why is Baidu getting so much prominence in the media coverage?
A1:This might be because Baidu was recently reported to have a bug that would let the Baidu input function to continue to send data back to Baidu even the users switched off the function. In fact, Baidu admitted this. Although the Japanese warning against Baidu was recent, it is unknown exactly what time the bug was found. At the same time, some western media linked the warning to recent political events, especially because the Japanese media focused more on the Chinese companies but not other foreign companies. For the very nature of cloud technologies, if your anti-virus program blocks the communication between your software and the outside server, the cloud-based software simply won't work effectively because such technologies put much of the computing workload to the outside servers. A large part of the burden to protect users then is left to the companies--to ask the companies themselves to behave. The Japanese government should know this even before any bugs were found. That said, any highly classified materials should long avoid such technologies at the very outset. In my view, however, there is no hard evidence between the linkage of recent political events and the warning, though I think this is for the audience to judge. Note that there was also no hard evidence reported so far if Baidu has used the data for purposes other than improving the technology but at the same time there is no independent proof either.
Q2. Cloud-based technology is useful. What does the industry need to do to thrive and at the same time protect users’ privacy?
A2:Cloud-based technologies are not going away anytime soon. It is important to have common knowledge about the roles and responsibilities of key players so that users could properly interpret their words and players are properly incentivized to achieve the common good. I see that the key players are users, vendors, whistleblowers, and regulators.
It is routine for computer specialists to report security threats even if no actual damage has been made. It is also normal for companies to continue to thrive as long as they fix the loopholes rapidly. Whistleblowers like most national information security centers are the most risk averse agencies. They will be reprimanded for not warning. That's why it is built into their DNAs to over warn. On a practical level, users should probably adopt the middle ground approach, avoid bending over backwards or being too risk taking. Especially if there is enough competition in the market, companies will improve their service in order to survive. Vendors like Baidu should obviously obey the laws within the jurisdiction they are operating in. If the users opt out of sending their data to Baidu, Baidu should strictly respect this. If the users opt in, Baidu should keep their confidence by considering to disclose part of the source code related to the data transmission or simply adopt an open source software component which users trust and which all programmers in the world could monitor.
Lastly, the boundary of firms and government should be more clearly defined. A lot of warnings could be made by private agencies too. Government intervention should be made cautiously because things could be interpreted differently. We should especially avoid the risk of slippery slope. One might worry that the same argument could be twisted slightly to block many other different types of software or technologies by a particular country or group, when, for example, trade protectionism surfaces.
