原创 侯雪梅 刘烨 上海市法学会 东方法学 收录于话题#法学252#核心期刊249#原创首发381#上海法学研究169
Original by Hershelme Liu Xiao, Shanghai City Law Society, East Methodology, in #Law252# Core Journal 249#, original by 381#Shanghai Law Research169
侯雪梅 北京工商大学法学院副教授、硕士生导师;
Deputy Professor and Master's Lecturer, Beijing School of Commerce and Industry, Faculty of Law
刘 烨 北京工商大学法学院硕士研究生。
Liu Master's degree at the Faculty of Law of the Beijing University of Commerce and Industry.
内容摘要
Executive summary
区块链是目前国家大力发展的技术之一,其去中心化的数据存储功能引起了个人信息保护领域的关注。区块链技术在为个人信息保护理论带来巨大变革的同时,亦存在着法律缺失和与传统制度相冲突的困境。如何既保留区块链为个人信息保护工作带来的极大价值,又不脱离法律的管控,成为理论研究的重点。通过分析个人信息保护立法现状及区块链技术的特性,阐述其在个人信息保护方面的优势与弊端,并针对区块链技术与现行法律的矛盾点及监管困境提出解决方案。
Block chains are one of the most developed technologies in the country, and their decentralised data-storage functions have raised concerns in the area of personal information protection. While they bring about significant changes in personal information protection theory, they also present legal gaps and dilemmas with traditional systems.
关键词:区块链技术 个人信息保护 数据权属 区块链监管
Keywords: block chain technology, personal information protection, data tenure, block chain custody
一、个人信息保护立法现状
I. Status of personal information protection legislation
个人信息的划分最主要的标准在于“识别”,凡是能够识别特定个人的信息,无论是直接识别还是间接识别,均为个人信息。受过去社会经济水平和技术水平所限,个人信息的收集、利用主要是针对直接识别的个人信息,而间接识别的个人信息很少得到商业性利用。随着网络和信息技术的发展,间接个人信息的大规模收集、加工、利用得到了技术支持,成本也大大降低。其商业化利用为许多领域带来了经济价值,也为很多行业的快速发展做出了极大贡献,间接个人信息的安全性逐渐受到了公众的重视。现今,个人信息的概念及保护理论在学界及实务中均存在争议,各国规定也不尽相同。
The most important criterion for the classification of personal information is “identification”, which is personal information, whether direct or indirect. The collection and use of personal information, limited by past socio-economic and technological levels, are primarily aimed at directly identified personal information, while indirect personal information is rarely used commercially. As networks and information technologies develop, the costs of the large-scale collection, processing and use of indirect personal information are greatly reduced.
我国民法典第1034条、网络安全法第76条第5项以及2017年个人信息保护法(草案)均将个人信息定义为“以电子或者其他方式记录的能够单独或者与其他信息结合识别自然人个人身份的各种信息,包括但不限于自然人的姓名、出生日期、身份证件号码、个人生物识别信息、住址、电话号码等”,就列举的内容看,仅涵盖了与隐私权有密切联系的、能够直接识别的个人信息。在信息保护方面,我国法律制度也倾向于将直接识别的个人信息作为一种人格利益加以规制。民法典人格权编中,第六章主要规定了隐私权和个人信息,个人信息保护法(草案)的各个版本对于个人信息的相关规定也是以人格利益为基调,以侵权责任法作为保护手段。从法律现状及发展趋势上不难看出,直接识别的个人信息在概念及保护理论上实现了立法统一。
Article 1034 of our Civil Code, article 76, paragraph 5, of the Cybersecurity Act and the draft Personal Information Protection Act of 2017 define personal information as “the various types of information recorded by electronic or other means capable of identifying individuals individually or in combination with other information, including, but not limited to, the name of a natural person, date of birth, identity card number, biometric information of a person, address, telephone number, etc.” and, for the list, only personal information that is closely linked to the right to privacy and that is directly identifiable. In the area of information protection, our legal system also tends to regulate the direct identification of personal information as a personal interest. Chapter VI of the Civil Code on Personal Rights establishes, inter alia, the right to privacy and personal information, and the relevant provisions of the Personal Information Protection Act (the draft) are also based on personal interests and are based on the law on responsibility for torts.
反观间接个人信息的理论架构,由于长期存在立法缺位导致其性质、归属、如何保护等问题在学界引发了分歧,并基于此派生出人格权说、隐私权说、财产权说、公共产品说等多种观点。虽然没有明确的法律条文对间接个人信息加以规制,但从现有规范中依然可以窥见一斑。数据安全法(草案)第3条规定,数据是指任何以电子或者非电子形式对信息的记录,间接识别的个人信息似乎将被纳入“数据”的概念之中。目前,民法典第127条是唯一对数据和网络虚拟财产有所涉及的现行法律。有观点认为,从第127条体系位置的角度分析,立法者在紧接着人格权、物权、债权和知识产权之后规定对数据的保护,实际上等于认同了数据上的权益是一种新型的财产权益。对于数据的安全保障责任,数据安全法(草案)中拟规定由数据处理者承担。
Article 3 of the draft Law on Data Security provides that data refers to any record of information in electronic or non-electronic form, where indirect identification of personal information appears to be included in the concept of “data”. At present, article 127 of the Civil Code is the only existing law relating to data and virtual property on the Internet. It is argued that, from the standpoint of the location of the article 127 system, the protection of data by lawmakers immediately following personal rights, property rights, claims and intellectual property rights is in fact tantamount to recognizing data interests as a new type of property interest.
笔者认为,间接识别的个人信息同样应当被“个人信息”的概念所囊括。个人信息的概念外沿以是否涉及隐私为基准的划分方法存在不够严谨之嫌,一项信息是否涉及人格尊严,敏感程度如何,每个人都有不同的见解和接受程度。此类更加偏重于主观意愿的标准不应成为立法的准绳,边界过于模糊的法律概念既不能体现私法自治原则,又徒增了同案不同判的裁判风险,以精确的语言框定法律设置的种种限制同样是立法者尊重自治理念的态度体现。同时,这种划分方式也不符合当下社会发展的态势。随着大数据技术的出现与广泛应用,公众微小的网络痕迹、网络数据等虚拟信息通过积累同样可以精确定位到个人,这些看似分散的数据经过技术的整合承担了直接个人信息的识别功能。甚至比起直接个人信息更能体现自然人的特性,每个看似微不足道的信息都被记录、分析,大数据技术构建的“用户画像”比用户本人更加了解自己。
In my view, personal information that is indirectly identified should also be covered by the notion of “personal information”. The concept of personal information is not sufficiently strict in its delineation of whether or not privacy is involved, and whether or not a message involves human dignity, sensitivity, and the degree of opinion and acceptance that each individual has different degrees of opinion. Such criteria that are more subjective in nature should not be the frame of legislation. The overly vague legal concept of borders, which neither reflects the principle of autonomy of private law nor adds to the risk of decisions that differ from one case to another, is also reflected in the manner in which the law is framed in precise language by respect for the notion of autonomy. At the same time, it does not correspond to the way in which social development takes place. With the advent and widespread application of large data technologies, virtual information such as public networks, web data, which can be located with equal precision, assumes the function of identifying direct personal information more technically than users themselves.
虽然间接识别的个人信息没有得到立法上的认可,但在2020年3月发布的《个人信息安全规范》国家标准中规定“个人信息控制者通过个人信息或其他信息加工处理后形成的信息,例如,用户画像或特征标签,能够单独或者与其他信息结合识别特定自然人身份或者反映特定自然人活动情况的,属于个人信息”。即使国家标准较法律相比效力有限,但大数据技术的“加工产物”被纳入国家标准也是间接个人信息逐渐受到关注的信号。
Although the personal information indirectly identified is not legally recognized, the National Standards for the Security of Personal Information, published in March 2020, provide that “the information generated by the personal information controller through the processing of personal information or other information, such as a user image or feature label, is personal and capable of identifying a particular natural person individually or in conjunction with other information or of reflecting the activity of a particular natural person.” Even if national standards are of limited effect in comparison with the law, the incorporation of the “process product” of large data technologies into national standards is an indirect sign of growing concern for personal information.
因此,本文所称的个人信息包括直接识别的个人信息及间接识别的个人信息两方面,具体分析了区块链技术对个人信息保护制度带来的发展与难题。
Thus, the personal information referred to in this paper includes both directly identified personal information and indirectly identified personal information, and specifically analyses the developments and challenges that block chain technology poses to the system of protection of personal information.
二、区块链技术给个人信息保护带来的突破
II. The breakthroughs in block chain technology for the protection of personal information
(一)区块链技术特点
(i) Technical characteristics of the block chain
区块链的概念源自2008年中本聪发布的论文《比特币:一种点对点的电子现金系统》,区块链技术作为比特币等数字加密货币体系的底层技术,经过多年的发展已经十分完善。
The concept of block chains stems from Ben-Sung's paper Bitcoin: an electronic cash system for point-to-point, published in mid-2008, which has been well developed over the years as a bottom-of-the-line technology for digital cryptographic monetary systems such as bitcoins.
狭义来讲,区块链是一种去中心化的共享数据库,数据按照时间顺序被打包成区块,再以链条的方式组合成数据链。在此基础上,以密码学的方式保证链上信息的真实和不可篡改。区块链体系中不存在中心化的管理机构,每台计算机或服务器终端都相当于一个节点,每个节点都承担一定量的工作。节点制造新的交易后,将交易信息向全网广播,矿工节点(也称记账节点,具有验证交易,创建新区块能力的节点)将多条信息打包,形成新区块并再次向全网广播,网络上其他节点接收后检查新区块是否符合要求,如果符合要求则将其添加在已经存储过的区块链的末尾。至此,完成了一条信息从发布到上链存储的全过程。
In a narrow sense, the block chain is a decentralised shared database, and the data are packaged into blocks in chronological order, and then integrated into the data chain in a chain. On this basis, the information on the chain is guaranteed by cryptography as true and indeterminable as it is. There is no centralized regulatory body in the block chain system, each computer or server terminal is equivalent to a node, and each node carries a certain amount of work. After the node is created, the transaction information is broadcast to the whole network, and the miner node (also known as the account node with the ability to verify the transaction and create a new block) packs multiple messages, forming new blocks and rebroadcasting them to the whole network.
区块与区块之间依靠哈希值相互连接,通过哈希算法(Hash)得到本区块的哈希值,同时也成为下一个区块的哈希指针,如果某一个区块的内容被修改将改写此区块的哈希值,使其与下一个区块的哈希指针不一致,导致区块链发生断裂,此机制保障了链上信息的不可删改性。此外,区块链系统仅认可和维护一条区块链,但每个矿工节点都有几率在同一时间生成新区块,为了保证每个节点所存储的区块链账本相同,同时也为了激发矿工节点的工作积极性,区块链技术设计了共识算法,利用共识机制公平选出唯一的新区块,以比特币应用为例,矿工节点成功生成一个新的区块便可以获得系统奖励的比特币。
In addition, the block chain system recognizes and maintains only one block chain, but each mine node generates a new block at the same time, to ensure that each node contains the same chain account, and to stimulate the work of the miner nodes, the block chain technology has designed consensus algorithms, using the consensus mechanism to fairly select the only new block, using bitcoins as an example, and the pit node can be rewarded by bitcoins.
在区块链网络中,每个节点都使用化名以达到匿名的作用,但事实上,比特币作为最早使用区块链技术的应用,采用的是UTXO技术(Unspent Transaction Output,未花费交易输出),只能起到“化名”的作用。此后,许多应用通过变更使用其他匿名方法弥补了UTXO技术的缺漏,真正达到信息无法被追踪的效果。
In the block chain network, each node uses a pseudonym to achieve anonymity, but in fact Bitcoin, as the first application of block chain technology, uses the UTXO technique (Unspent Transport Output, which cost no transaction output) and acts only as a “nom”. Since then, many applications have made up for gaps in UTXO technology by altering the use of other anonymous methods, effectively achieving the effect that information cannot be traced.
区块链根据参与人的不同可分为公有链、联盟链和私有链,公有链系统最为开放,任何节点都可以成为矿工节点参与数据的维护和记录,也是去中心化程度最高的形式,比特币采用的便是公有链。与此相对,私有链一般在企业或机构内部使用,不具备去中心化的特点。联盟链处于半开放状态,只有联盟成员可以参与。其去中心化程度较低,共识机制相对松散,并非每个节点都可以成为矿工节点,但具有计算速度快,可排除激励机制等优势。目前,网络中也存在很多基于联盟链的应用。有较为激进的社论认为,联盟链、私有链没有严格的去中心化,只是分布式数据库,不能称之为区块链。
Block chains can be divided into public, union and private chains depending on the participants, and public chains are the most open. Any node can be involved in the maintenance and recording of data by miners'nodes and is the most centralized form, with Bitcoin adopting a public chain. By contrast, private chains are generally used within enterprises or institutions and do not have decentralized features. Union chains are semi-open and only union members can participate. They are less centralized, and consensus mechanisms are relatively loose, not every node can be a miner's node, but have the advantage of calculating faster and excluding incentives.
区块链虽然根源于比特币,但不与比特币捆绑,作为一种去中心化的分布式数据库可以突破虚拟网络货币的局限在许多领域发挥作用。很多国家不承认加密币作为合法货币,其前景不被看好,但区块链技术作为底层架构未来将拥有广泛的发展空间。
The block chain, although rooted in bitcoin, is not tied to bitcoin, and a decentralized distributed database can work in many areas beyond the limits of virtual cyber-currency. Many countries do not recognize cryptic currency as a legitimate currency, and their prospects are not promising, but block chain technology as a bottom structure will have extensive development space in the future.
(二)信息安全危机下以技术补足制度缺漏
(ii) Deficiencies in technology-filling systems in the context of information security crises
当下,公民为了维持日常活动的正常运转,每天源源不断地为社会机构贡献个人信息。仅以电商平台为例,创建账号需要提供身份证号码等直接识别的个人信息进行实名认证,使用搜索功能,平台会记录使用者的个人偏好、消费能力等间接识别的个人信息。这些个人信息被社会机构统一存储,形成一个中心化的信息管理系统。然而,发达的网络信息技术使中心化存储模式的安全性饱受质疑。从外部看,网络服务商遭到恶意攻击的事件屡见不鲜,中心化的信息管理系统本身存在安全缺陷,一旦遭遇有效攻击将导致个人信息的大批量泄露。从内部看,数据控制者主动泄露客户信息以谋取利益,监守自盗现象丛生。社会机构长期面临外部和内部双重的信任危机。陌生人社会的信任机制来自法律的担保,但遗憾的是,网络时代个人信息的失窃与物品失窃不同,信息一经传播,很难挽回全部损失,而法律作为社会制度,重在事后补偿,无法从技术角度避免非法传播的发生。
In order to maintain normal day-to-day operations, citizens contribute personal information to social institutions on a continuous basis. For example, the creation of an Internet platform requires the physical authentication of directly identified personal information, such as identity card numbers, using a search function, and the recording of indirectly identified personal information, such as the personal preferences of users. These personal information is stored by social institutions as a central information management system.
区块链技术便是在机构失信、监管失灵的社会背景下诞生的“信任机器”,意在以技术取代信任。首先,将区块链作为底层技术具有天然的抗攻击性。区块链不存在中心化的管理机构,信息分散保存在各个节点,链中单个节点受到攻击不会危及其他节点的安全。且如果删改任意一个区块里的内容都会改变本区块的哈希值,从而导致下一个区块失效。据此,无论是账户持有人还是攻击者均无法随意修改。以POW(ProofofWork,工作量证明)共识机制为例,51%攻击是唯一可以导致过往区块中数据被篡改的攻击方式,在一个区块中有无数个节点,当某个或某组节点的计算能力(哈希算力)超过全网计算能力的50%时,才能够自建一条新链以取代原本得到所有诚实节点确认的旧链,达到篡改过往信息的目的。当前,在加密货币市场中,大型加密货币安全性很高,从侧面验证了区块链强大的抗攻击性。币种的网络规模越大意味着诚实节点越多,导致不诚实节点企图超越诚实节点达到全网算力51%的成本低于收益,所以诸如比特币、以太坊等很难被攻克。只要保障诚实节点的算力足够强大,则去中心化的区块链在抵御外部攻击方面较传统信息存储方式具有明显的优越性。其次,区块链还具有匿名性的特点,即使在很多区块链应用中,所谓的“匿名”只能达到“化名”的效果,但对直接识别的个人信息依然具有保护作用。任何需要验证身份的场合,都可以以提供公钥自证虚拟身份的形式代替直接提供敏感的身份信息。这种方式减少了社会机构为进行验证而储存个人信息的情况,从源头避免了内部人的非法传播。
Block chain technology is a “trust machine” born in the social context of institutional failure and regulatory failure, which is intended to replace trust with technology. First, by using Pow (Prooffork, workload proof) consensus mechanisms as bottom technologies, 51% of attacks are the only ones that can lead to data being tampered with in a block, there are numerous spots in a block that do not endanger the security of other nodes. If the content of any block is deleted, the content in any one block changes the Hashi value of the block, thereby rendering the next block ineffective. Thus, neither the account holder nor the attacker can easily modify it. Using Prooffork, workload proof, 51% of attacks are the only ones that can lead to the manipulation of data in a block, there are numerous spots in a section where there is no threat of attack.
无论是基于家族纽带和熟人关系形成的人际信任,还是基于法律所确保的制度化信任,都为“人为”的失信提供了可乘之机,以技术弥补信任机制的不足是必然的发展方向。
Whether institutionalized trust is based on family ties and acquaintances or is ensured by law, it provides an opportunity for “man-made” loss of faith, and technology to compensate for the shortcomings of trust mechanisms is the inevitable development direction.
(三)切断个人信息关联性防止数据滥用
(iii) Disconnecting personal information against data abuse
在大数据时代,每个社会机构都建立了自己的中心化数据库,当大型企业涉及多个产业或企业间相互合作时,数据库信息就实现了跨平台的“共享”。2013年,阿里巴巴入股新浪微博几个月后,微博与淘宝实现了“信息数据”和“商品数据”的互通。如今微博用户发布带有某个商品名称的动态后,将会在淘宝等平台接收到这类商品的广告投放。有时甚至不需要平台间达成合作,现今几乎所有的日常活动都需要网络的参与,为了追求方便快捷的注册、登录,手机号、微信号等使用率较为普遍的账号可以绑定多个平台。用户获得便利的同时也导致用户的手机号、微信号无差别的存储于不同的数据库中。收集到了用户的某个账号几乎等同于掌握了用户的全套个人信息,即使是跨平台,找到账号之间的联系也十分容易。
In the age of big data, each social institution has built its own centralized database, which is “shared” across platforms when large enterprises involve multiple industries or business-to-business collaboration. In 2013, Alibaba entered into a new wave of microblogging, a few months later, webbo and Bao achieved a connection between “information data” and “commodity data.” With the release of a dynamic with a commodity name, a user’s account will now receive advertising for such goods on platforms such as treasure-hunting. There is sometimes no need for cooperation between platforms, and virtually all day-to-day activities today require the involvement of networks, and mobile phone numbers, microsigners, etc., can be used more generally to bind multiple platforms in order to facilitate rapid registration, log-in, cellular numbers, and so on. Users’ access also leads to user mobile phone numbers, microscopic signals, which are stored in different databases.
当引入区块链技术作为底层数据存储技术后,此种现象将大有改观。即使用户发布的社交状态与交易记录依然是公开透明的,但不同平台各自拥有独立的链条,每个区块链采用的匿名技术不同,用户在不同主链中具有截然不同的虚拟身份。例如,在比特币中,每个用户以公钥哈希值作为化名,而在其他机构中又有其他化名,化名的背后不承载任何明文的真实个人信息,不需要手机号、身份证号等个人信息验证使用者的身份,以此切断两个平台间账户的联系。甚至对于用户隐私保护更为严格的行业,例如门罗币等平台,采用隐蔽地址和环签名技术,每次交易都将生成一次性的公钥与私钥,以此保证即使在同一个区块链中,用户的交易信息也不被追踪。
This will change considerably when block chain technology is introduced as bottom-level data storage technology. Even if the social status and transaction records issued by users remain open and transparent, separate platforms have separate chains, different anonymous techniques are used in each block chain, and users have distinct virtual identities in different main chains. For example, in Bitcoin, each user uses a public key as an alias, while other aliases are used in other agencies, under which no explicit real personal information is carried, no personal information such as a cell phone number, identity card number is needed to verify the identity of the user, thus severing the connection between the two platforms.
(四)明确间接个人信息权属为财产权理论提供技术支持
(iv) Identification of indirect personal information titles to provide technical support for property rights doctrine
在经济形态已经发生转变的今天,每个使用互联网并留下网络痕迹的人都是社会财富的创造者,应当有所回报。但间接识别的个人信息既没有被法律概念中的“个人信息”所囊括,也没有明确承认信息贡献者的财产权,新型财产权益的概念仅存在于理论中。数据安全法(草案)将间接个人信息作为数据保护,但数据的归属问题也尚未明确。事实上,即使当下立刻明确间接个人信息具有财产利益,用户也很难获得回报。中心化的存储模式使用户只产生数据,并没有控制数据的能力,导致其权属也不甚明确。在财产权理论中,主流观点倾向于将财产权赋予信息控制者。原因在于,信息控制者在收集信息的同时,以提供便利或免费服务的方式支付了对价。实际上,在互联网的洪流之下,网络服务渗透在生活的各个方面,即使用户认为这场“交易”并不公平也无法选择放弃。除了这些以正规渠道采集信息的网络运营商以外,还存在非法爬取数据的现象。无论是面对变相的有偿还是非法的无偿,作为信息生产者的用户都没有能力保护自己的信息安全。
The concept of new property rights exists only in theory. The Data Security Act (draft) uses indirect personal information as data protection, but the question of attribution of data is not clear. In fact, even if it is immediately clear that indirect personal information has a property interest, it is difficult for users to obtain returns. Centralized storage models allow users to produce data only without having control of the data, leading to a lack of clarity about their ownership. In the theory of property rights, the dominant view tends to give property rights to information controllers.
区块链的出现将是此种困境的突破口,去中心化的数据收集机构一旦广泛应用便为权属争议构建了新的理论基础。在公有链中,每个节点都需要承担验证、记录的工作,对于数据的存储贡献了算力和电力,没有任何一个或一组节点独立承担中心化数据控制者付出的成本,这也导致没有任何节点享受原本信息控制人的权利,链上存储的所有信息都应当归属于信息生产者所有。在联盟链以及私有链中,虽然只有预选节点参与验证、记录信息的工作,但与此同时,参与的成员间均存在合作关系或内部关系。法律应当秉持自治原则的精神,允许当事人自行决定信息的归属。申言之,每个贡献信息的人都有控制个人信息并从中获利的权利,区块链技术的出现为此理论的可行性提供了技术支持。
In the public chain, each node is required to perform validation, record-keeping work, contribute arithmetic and electricity to data storage, and no single node or group of nodes independently bear the costs paid by central data controllers. This also results in no point enjoying the rights of the person who controls the original information, and all information stored in the chain should be owned by the information producer. In the union chain and in the private chain, only pre-selected nodes are involved in the validation, recording of information, but at the same time there is a cooperative or internal relationship between the participating members. The law should, in the spirit of autonomy, allow the parties to determine the attribution of the information themselves.
(五)打破透明化的弊端强化个人信息保护力度
(v) Breaking the opacity of transparency and enhancing the protection of personal information
区块链技术最早被用于比特币中,交易信息的公开透明是保证链上所有数据公正、真实的重要一环。但区块链并不局限于作为加密货币的底层技术,越来越多的领域引入了区块链技术。难点在于日常生活中并非每个领域都与透明性适配,更多的行业需要分布式存储技术也需要保障用户的个人信息不被泄露。透明性与隐私权的冲突被视为区块链技术发展之路上的阻碍之一。事实上,隐私性与透明性可以兼容,以SHA-256算法(Secure Hash Algorithm,安全散列算法之一)为例,节点在验证信息是否符合要求时,只需要利用用户公钥解密出哈希值1,再将链上信息输入SHA-256函数得出哈希值2,两个哈希值相同即可得出信息是此用户发出且未被篡改的结论,从而确认信息符合要求,可以添加在新区块中。关键点在于能否提供两个相同的哈希值验证信息的真实性,而非信息是否完全透明。随着链上加密技术的不断精进,零知识证明等加密技术已经得到现实应用,这项技术可以使证明者能够在不向验证者提供任何有用信息的情况下,使验证者相信信息是符合要求的。目前加密货币中,零钞摒弃了比特币的UTXO方式,采用一种名为NOTE(支票)的新方式代替,并使用零知识机制来证明交易有效。零钞可以将交易纪录上的交易双方和金额都加密隐藏起来,节点无法得知交易上的细节,但节点仍然可以通过对比转账方提供的哈希值与签发列表中的哈希值是否相同验证交易的有效性。零知识证明的应用使去中心化的数据库在个人信息保护方面超越中心化数据库的趋势逐渐显现,当下字段级加密技术使数据所有者可将特定字段密文的查看权限授予第三方,其他字段仍为密文。我国区块链服务平台平安壹帐链提供的电子病历云等服务已经实现用户个人信息在不同场合的精准数据分享。加密技术的优化使更多领域可以采用区块链作为底层技术搭建分布式数据库,强化用户对个人信息掌控权的同时也使隐私权也得到保障。
The block chain technology was first used in bitcoin, and the transparency of the trade information is an important link to the integrity and authenticity of all data on the chain. But the block chain is not limited to the bottom of the chain as an encrypted currency, and a growing number of areas have introduced block chain technology. The difficulty is that not every area of daily life is compatible with transparency. More industries also need to distribute their personal information.
三、区块链技术在个人信息保护方面的局限及完善之道
III. Limitations of block chain technology in the protection of personal information and ways to improve it
区块链技术优化了个人信息保护的许多薄弱之处,但任何技术都有两面性,区块链的出现也给个人信息保护带来了新的难题,除公有链固有的承载能力差、无法取消使用代币作为激励机制等使区块链难以普及的技术缺陷外,还出现了与现行法律法规不兼容的问题。区块链技术能否真正在各个领域落地,能否在个人信息保护方面发挥巨大作用值得进一步的探讨。下文将具体分析区块链技术的局限性,并且在确保个人信息权益可以正常行使的情况下提出解决方案。
Block chain technology optimizes many of the weaknesses in personal information protection, but there are two sides to any technology, and the emergence of block chains poses new challenges to personal information protection. In addition to the technical deficiencies inherent in public chains, such as poor carrying capacity and the inability to eliminate the use of tokens as incentives, there are problems of incompatibility with existing legal regulations.
(一)难以删改性与信息更正权、删除权的冲突及解决之道
(i) Difficulty in deleting the right to correct information, conflicts with the right to delete and ways to resolve them
信息更正权、删改权是公民控制个人信息的重要渠道,我国民法典、网络安全法、电子商务法、个人信息保护法(草案)等相关法律均要求信息处理者依法保障公民享有更正、删除个人信息的权利。而在区块链网络中,更正权与删除权面临难以行使的困境。私有链和联盟链去中心化程度不高,矿工节点数量相对较少,往往采取指定节点的计算方式,通过共识机制可以对链上信息进行删改。但对于公有链而言,其共识机制往往从安全性的角度考虑,无一不是以“难以删改”为目标不断发展的,区块链的安全性越高,修改链上信息花费的成本及算力资源也越高。目前,由于技术原因,链上信息只能进行单向度的添加,如果删改其中一个区块的任何信息,都将使此区块的哈希值变动,从而导致下一个区块的哈希指针失效,整条区块链将发生断裂。链上信息的难以删改不仅影响个人信息的更新和撤销,更与我国现行法律制度相冲突。
The right to correct and delete information is an important channel for citizens to control personal information. The Civil Code, the Cybersecurity Act, the Electronic Commerce Act, the Personal Information Protection Act (the draft) and other relevant laws require the information processor to guarantee citizens the right to correct and delete personal information in accordance with the law. In the network of blocks, the difficulty of exercising the right to correct and delete information is high. Private chains and chains of unions are not centralized, the number of nodes of miners is relatively small, and the method of calculating designated nodes can be used through consensus mechanisms.
当下,从技术层面讲,难以删改性是区块链技术的原生特性,尚且没有成熟的技术可以更改或删除链上信息。从法律层面讲,直接识别的个人信息倾向于作为人格利益加以保护,间接识别的个人信息有作为新型财产权益保护的趋势,如果不赋予当事人更正权、删除权有侵犯同为宪法权利的人格权、财产权之嫌,这也是令法律很难做出让步的矛盾点。
At this point, technically, it is difficult to delete the original characteristics of block chain technology, and there is no mature technology to modify or delete the information on the chain. At the legal level, directly identified personal information tends to be protected as a personal interest, indirectly identified personal information tends to be protected as a new type of property interest.
针对区块链删改困难的问题,有观点认为,为了破除区块链的难以删改性,应当探索可编辑区块链技术以实现动态监管。笔者认为,“可编辑”的特性已经违背了区块链信息不可删改的初衷,如果可以编辑已上链区块的内容,将大大降低链上信息的可信性。此外,在权利分配上也将引发新的难题,如果将删改权赋予发布信息的节点,将导致链上信息的真实性遭到严重打击。将删改权赋予某个中心化的管理机构,则整个存储系统将从区块链降级为普通的分布式账本技术,用户个人信息的控制权又回到了中心管理机构的手中。
In response to the difficulty of de-linking blocks, the view was expressed that, in order to break the irreversibility of the block chain, editable block chain techniques should be explored for dynamic regulation. The view was expressed that “editable” characteristics were already contrary to the original purpose of unalterable block chain information, which, if edited, would significantly reduce the credibility of the chain information. Moreover, there would be new difficulties in the distribution of rights, and that the de-allegation of the nodes to publish information would seriously undermine the authenticity of the chain information. The de-allocation of the entire storage system would be downgraded from the block chain to the usual distributed bookkeeping technology, and the control of the user's personal information would return to the central authority.
实际上,技术与法律并非完全无法兼容,个人信息保护法(草案)第30条第3款规定,因存储方式特殊不能删除或需要过多费用才能删除的,应当以封锁代替删除。在删除或更正链上信息实现几率较小的情况下,这项规定为平衡技术与制度的矛盾留下了空间。区块链技术应当转变方向,深耕“封锁”技术取代删改,以消除公有链在各领域落地的阻碍。值得强调的是,封锁不等同于加密,任何加密方式都有被恶意解密的可能,封锁技术需要做到使信息永久的在数据库中灭失,无论是信息生产者还是第三方机构均没有渠道将其再次恢复,达到与删改相同的效果,保障公众删除权、更正权的正常行使。
In practice, technology and law are not completely incompatible, and article 30, paragraph 3, of the draft Personal Information Protection Act (PCPA) provides that a blockade should be replaced by a blockade if storage is particularly unexplicable or costly to remove. In cases where there is less chance of information being removed or corrected on the chain, this provision leaves room for balancing technical and institutional contradictions. Block chain technology should be redirected and “block” technologies replaced by deletions in order to remove obstacles to the public chain in various areas. It is worth emphasizing that the blockade is not tantamount to encryption, that any form of encryption has the potential for malicious declassification, and that blocking technology requires the permanent loss of information in a database, which neither the information producer nor the third-party institution has the means to restore, with the same effect as the deletion and guarantee the normal exercise of the public's right to delete and correct.
(二)私钥无法找回与个人信息控制权的冲突与解决之道
(ii) Private keys cannot be retrieved from conflict with personal information control and resolution
区块链采用非对称加密技术,当用户在区块链应用上“注册”时,系统随机生成一串数字作为私钥,通过算法可以根据私钥推导出公钥及地址。其中,地址相当于普通应用平台的“账号”,公钥用于解密,其他节点利用公钥验证交易信息是否符合规范。而私钥相当于“密码”,仅为用户本人持有。不同于普通应用平台的是,由于缺少中心化的管理系统,私钥丢失将无法追回,也不能利用公钥逆推。此外,私钥是唯一的,即使被盗也无法通过设置新私钥及时止损。与此相对,个人信息保护法(草案)第11条规定,自然人的个人信息权是依法对个人信息享有的支配、控制并排除他人侵害的权利。私钥的不可找回、不可修改将导致用户对自己的个人信息永久失去控制权,与当前法律制度相抵触。
Block chains use asymmetric encryption techniques. When a user applies a “registration” to a block chain, the system randomly generates a number as a private key, which can be deduced by algorithms from a private key. In this context, the address is equivalent to the “account” of the general application platform, the public key is declassified, and the other nodes use the public key to verify whether the transaction information is regular. The private key is equivalent to a “cipher” and is held only by the user. Unlike the ordinary application platform, the loss of a private key will not be recoverable because of the lack of a centralized management system, nor will the public key be used to reverse it. Moreover, the private key is the only one, even if stolen, cannot be destroyed in time by setting a new private key. In contrast, article 11 of the Personal Information Protection Act (draft) provides that the personal information rights of natural persons are the legitimate right to control, control and exclude infringement of personal information.
此外,私钥被盗后,在法律和技术两方面都无法提供有效的救济途径。在我国法律理论中,无论是公民存储在银行中的货币资产,还是由第三方应用管理的,包括个人信息在内的所有数据资产,都不因为账户密码的失窃而失去所有权。但在区块链网络中,私钥是唯一的身份标识,用户在交易时无需提供真实身份信息,导致了“只认私钥,不认人”的现状。即使使用他人私钥进行账户内资产转移或个人信息的盗取、出售也完全符合区块链的“游戏规则”,将成为一笔不可撤销的记录被添加在主链上。由于其高度的匿名性,真正的所有权人无法提供证据证明交易并非由本人操作。遗失私钥后既无法“自证清白”也没有事后救济途径,实质上相当于永久地失去了账户内资产的所有权。区块链技术的抗攻击性大大减少了外部入侵系统的风险,对攻击者来说,直接盗取私钥成为更加经济有效的途径,且随着各个平台的相继上链,用户掌握的私钥越来越多,丢失、被盗的风险也越来越大。私钥问题在法律和现实两个层面阻碍着区块链技术的推行。
In our legal theory, not all data assets, including personal information, that are stored in banks by citizens or managed by third parties, lose ownership because of the theft of the account password. But in the block chain network, the private key is the only identifier, and the user does not have to provide real identity information at the time of the transaction, leading to the status quo of “only the private key, not the identity.” Even if the theft of the account’s assets or personal information by using another person’s private key is fully compatible with the “rules of the game” of the chain, it will become an irrevocable record that will be added to the main chain. Because of its high level of anonymity, real owners cannot provide evidence that the transaction is not in their hands.
控制自己个人信息的权利是用户固有权利,在制度上无法让步,只能通过技术、监管等方式减少控制权丧失的发生。在区块链网络中,有且只有一种方法可以掌控账户内所有信息,即持有私钥。实际上,这种更为“单纯”的技术设计为用户提供了更好地行使控制权的环境,私钥仅个人持有使任何应用平台都无法掌握用户的个人信息,但缺少中心化数据库集中存储信息,导致私钥无法像密码一样以简便的方式找回。在解决私钥问题上,一方面应当建立更加高效且安全的私钥存储系统,使用户可以有选择的交由信任的第三方管理。另一方面应当提高用户对重大个人信息的安全防护意识,不能一味地追求便利导致控制权的丧失。
The right to control one's personal information is an inherent right of the user, which cannot be compromised in a system that can only reduce the loss of control through technology and regulation. In the block chain network, there is only one way to control all information in the account, i.e. to hold a private key. In practice, this more “simple” technical design provides the user with an environment in which to exercise better control. The private key is held only by individuals, which makes it impossible for any application platform to have access to the user's personal information, but the lack of centralized database storage of information makes it impossible for private keys to be recovered as easily as a password. On the one hand, a more efficient and secure private key storage system should be put in place so that users can choose to refer to trusted third-party management.
在比特币等加密货币的发展历程中,出现了多种保护私钥的方式。其中,以互联网是否能够访问用户私钥为基准,分为冷钱包和热钱包。将私钥储存在热钱包中,只要钱包密码或助记词等信息没有丢失就可以再次导出私钥,但热钱包实质上还是由第三方应用对私钥进行管理,依然要面临中心化资产托管服务遭到外部攻击、客户端被劫持本地环境等问题。在所有维护私钥安全的方式中,冷钱包是最为安全的方式,对于安全性要求较高的用户可以采用类似USB的实体设备,在不联网的情况下进行私钥的存储。对于普通用户,可以使用最原始的方式,即写在记事本等不可联网的载体上,以免记录在电子设备上遭到恶意窃取。热钱包的安全性虽然低于冷钱包,但不可否认的是,热钱包是最便利的私钥存储方式,在区块链大面积推行后,并非所有应用都涉及重大资产或信息,要求用户放弃当下享受的便利,转而使用最原始的方式将所有私钥记录在冷钱包中的可行度很低。政府应当从企业信用、安保能力等多方面把控热钱包应用的行业准入,并对相关企业实施常态化监管,在技术和制度双方面提高热钱包的安全性,为用户提供更加高效的私钥管理方式。
In the course of the development of encrypted currencies such as Bitcoin, there are a number of ways to protect private keys. There are cold wallets, which are divided into cold wallets and hot wallets, based on whether the Internet is able to access the private key of the user. The private key is stored in a hot wallet, which can be re-exported as long as the information, such as a wallet password or a helper, is not lost, but the hot wallet is essentially managed by a third party using the private key. While the safeness of the central asset hosting service is less than the cold wallet, it is undeniable that the cool wallet is the safest way to secure the private key, not all applications involving significant assets or information in the large area of the security requirement can be used. For ordinary users, it is possible to use the most primitive means, i.e., unconnectable bodies, such as the bookbook, so as to avoid maliciously stealing them on electronic equipment.
其次,可以采用多重签名的方式减少因私钥被盗发生重大信息泄露事件。多重签名是加密货币交易所为了解决热钱包的缺陷发展出的交易模式,一般来讲,一个地址对应一个关联私钥,多重签名为一个地址对应多个关联私钥。当部分或全部私钥为某一地址签名时,账户内的资产才有权被转移或交易。在个人信息领域,诸如个人生物信息、医疗信息等重大信息需要更严密的安全保护时,同样可以使用多重签名方式,将私钥分开存放,避免其中一个秘钥被盗或丢失导致用户对账户内全部信息丧失控制权。
Second, multiple signatures can be used to reduce significant information leaks due to the theft of private keys. Multiple signatures are the mode of transactions developed by an encrypted currency exchange to address the deficiencies of the hot wallet. In general, one address corresponds to a related private key, and multiple signatures to one address corresponds to multiple related private keys.
(三)加密技术与信息共享、监管等现实需要的冲突与解决之道
(iii) Practically needed conflicts and solutions such as encryption technology and information-sharing, regulation, etc.
区块链技术的落地推广不仅要解决技术本身的局限性,还需要兼容不同领域的应用特点,使技术得以恰当的适用。当下,链上信息加密技术与现实需要在多个角度显现出矛盾与冲突。
Localization of block chain technology not only addresses the limitations of the technology itself, but also needs to accommodate the application characteristics of different fields so that the technology can be properly applied. At this point, the technologies and realities of information encryption on the chain need to reveal contradictions and conflicts from multiple angles.
首先,链上信息不总是需要加密。在社交网站、自媒体网站等以内容表达为主要功能的平台中,用户的直接个人信息可以通过加密技术隐藏,但用户发布的文字、视频都是潜在信息泄露源,区块链只能发挥数据库的作用,无法避免用户的“主动”泄露。即使这些社交动态没有直接导致个人信息外泄,利用网络爬虫对其文字或视频所表达的内容进行信息爬取,加之大数据技术的分析整合,依然可以产生极大的商业价值。诸如DataSift等数据服务公司有能力提供社交平台数据挖掘服务,在大量收集用户实时动态的基础上,为金融、商贸、政治等多个领域的客户进行公众情绪分析。
First, information on the chain is not always encrypted. In social networking sites, self-media sites, and other platforms where content is the main function, direct personal information from users can be hidden through encryption technology, but text and video from users are potential sources of information, and blocks can only serve as databases to avoid “active” disclosure from users. Even if these social dynamics do not lead directly to the release of personal information, the use of web-based reptiles to access information about content expressed in their text or video, together with the integration of analysis of large data technologies, can produce significant commercial value. Data service companies such as DataSift have the ability to provide social platform data extraction services that provide public emotional analysis for customers in a wide range of areas, such as finance, commerce, and politics, based on a large collection of real-time user dynamics.
此外,并非所有平台都允许加密。当区块链落地后,即使技术上可以实现字段级加密,但出于构建信任体系及监管方面的要求,很多平台面临不被允许加密的困境。例如电商平台,公开透明一直是电商行业追求的目标,当每个节点都拥有一份交易记录时,即使利用加密技术隐匿用户身份信息和交易的关联性,基于公开的交易信息,结合网络爬虫及大数据技术,依旧可以分析出市场趋势等数据产品。数据分析机构无偿获取信息并进行商业变现的行为是区块链技术所无法“管辖”的领域。
In addition, not all platforms are allowed to encrypt. When block chains land, even if field-level encryption is technically possible, many platforms face difficulties in not allowing encryption because of the need to build trust systems and regulatory requirements. For example, a power vendor platform, where open transparency has always been the goal of the electric power industry, when each node has a record of transactions, even if the connection of user identification information and transactions is hidden by encryption technology, data products such as market trends can still be analysed based on open trade information, combined with web-based reptiles and big data technology.
其次,过度加密将引发更严重的安全问题。区块链起初是一个信息共享型数据库,比特币从创始至今的所有交易记录都公开透明,其信任机制的构建也来源于此。然而,随着用户对匿名性的要求越来越高,区块链平台不再满足于仅仅提供隐匿身份信息的服务,而是不断精进链上加密手段。从技术角度看,当前链上所有信息均可加密,并且实现了个人信息之间的关联性切断。上文所述门罗币、零钞均已构建了相对完善的加密体系。但从制度角度看,链上信息的过度加密将引起更严重的法律问题。
However, as the user’s demand for anonymity grows, the block chain platform is no longer satisfied with merely providing covert identity information, but is constantly refining the encryption of the chain. From a technical point of view, all information in the current chain is encrypted and personal information is cut off.
面对技术与现实需要产生的矛盾,可以利用制度加以解决。针对无需或无法加密导致数据被非法收集的问题,有资料显示,发生爬取现象的原因之一便是信息壁垒的存在,相关企业无法通过合法渠道获得信息,转而选择非法渠道。区块链技术虽然无法提供全面的技术保护,但去中心化的特点打破了信息垄断,使质量更高的信息进入到合法供给渠道,满足了现实需求。在此基础上,应当加强对非法收集信息的查处及惩戒力度,从技术和制度双重角度打击网络爬虫的泛滥。反观加密程度过高的情况,一方面,应当给予技术充分的发展空间,技术与法律的冲突不能成为遏制其发展的动因。另一方面,审批部门应当承担起事前审核的工作。区块链应用上线之前,综合分析其加密技术设计与监管能力、平台抗攻击等级是否平衡。区分不同领域进行场景化治理,分别设置加密级别上限,确保平台的匿名化不会带来安全隐患。
In response to the problem of illegal data collection due to lack of need or inability to encrypt, information suggests that one of the reasons for the phenomenon is the existence of barriers to information, which prevent firms from obtaining information through legal channels and turning to illegal channels. While block-chain technology does not provide comprehensive technical protection, decentralizing features break the information monopoly and allow higher-quality information to reach legitimate sources of supply and meet real needs. On this basis, detection and discipline of illegal information collection should be strengthened to combat the proliferation of network reptiles from both technical and institutional points of view.
区块链技术尚且处于以小规模局部应用为主2.0高级阶段。全面推广后,相关技术与现实需要的冲突将会更加凸显。在解决这一类型的问题时,应当秉持以制度规制技术的理念。区块链的拥护者不断将其“神化”,事实上,代码至上的原教旨主义式技术信仰非常狭隘。技术不是完美无缺的,区块链的推行并不会使个人数据泄露问题戛然而止,脱离制度设定的框架甚至会造成更严重的法律问题。随着技术的不断发展,决定区块链在多大程度上改善个人信息保护制度的,反而不是技术而是制度。区块链技术可以重置个人信息的财产理论,明确间接个人信息的权属,但信息生产者取得财产权后引发的一系列问题依然需要法律的规制。无论是个人信息买卖的监管,还是大数据带来的社会价值与个人信息保护的价值衡量,区块链都无法给予回应。区块链作为一项技术只能影响社会制度,而非抹灭制度的价值,进而取代制度成为解决所有纷争的万能钥匙。
Block chain technology is still at an advanced stage, dominated by small-scale local applications of 2.0. As technology evolves, the conflict between the relevant technologies and reality becomes even more evident. In solving this type of problem, the notion of system-based technology should be upheld.
四、个人信息保护视域下区块链技术传统监管方式的局限与完善
IV. Limitations and refinements of traditional forms of regulation of block chains in the context of personal information protection
随着区块链网络的去中心化程度越来越高,监管难度也随之上升。在分布式的数据管理模式下,传统监管方式应当进行较大程度的改革以适应新的技术特点。纵观近年来出台的监管政策,呈现出极端化、滞后性、“一刀切”等问题。在区块链信息服务方面,国家互联网信息办公室发布了《区块链信息服务管理规定》(下称管理规定),面对数据存储方式的极大改变,监管模式基本与此前无异,尚未脱离传统监管模式的思维框架。不仅与区块链技术本身的特性难以兼容,而且过度限制是否与原本企图通过引入新技术改变个人信息保护模式的初衷相悖也值得进一步思考。
In the context of block chain information services, the National Internet Information Office has issued the Regulation of Block Chain Information Services (hereinafter referred to as the Management Regulations), which, in the face of significant changes in data storage patterns, remains largely unchanged from the conceptual framework of the traditional regulatory model. Not only is it difficult to reconcile with the characteristics of the block chain technology itself, but it is also in contradiction with the original intent of introducing new technologies to change the personal information protection model.
区块链在个人信息保护领域的缺陷固然存在,但其优势同样十分明显,技术与法律的冲突不能成为遏制其发展的动因。互联网发展之初也因为制度不全、监管无门等问题而被视作洪水猛兽,但技术与制度经过不断的磨合,互联网既受到了法律的监管也便利了人们的生活。区块链亦如此,区块链不是“代码即法律”理念的卷土重来,而是驱动法律发展的新兴技术。个人信息的监管本身就是一个极为复杂的课题,在引入新技术后更应当进行顶层设计,而非事后查漏补缺。虽然目前监管手段过于保守,但政策普遍持鼓励区块链健康发展的态度,立法者不可故步自封,应直面冲突,促进监管技术与区块链技术的融合,出台更加明确有效的管理政策,以实现区块链价值的最大化。
While there are shortcomings in the area of personal information protection, the advantages are also clear: conflicts between technology and law cannot be a deterrent to their development. Internet development was also seen as a flood beast at the beginning because of problems such as inadequate systems and lack of regulatory capacity, but technology and systems have been constantly combined, and the Internet has been regulated and facilitated by the law. The same is true of block chains, which are not a return to the “code or law” concept, but rather an emerging technology that drives legal development.
(一)强化个体概念解决传统监管模式失灵
(i) Strengthening the individual concept to address the failure of traditional regulatory models
区块链在监管上面临全球化问题,在我国政策较为严格的情况下,区块链项目很可能选择监管和准入非常宽松的国家注册,运营只在线上进行,不在任何国家设立实体机构,但项目的投资人和用户可能来自任何地区。除了实体机构的缺失,区块链网络中也不存在中心管理机构。尤其是公有链,维护链上信息安全的责任分散给所有节点,网络服务提供者试图以此逃避承担信息保护的义务。此类监管较为困难的区块链应用不仅容易演变成藏污纳垢的黑市,还面临着安全性差,即使个人信息遭到泄露也难以追责的问题。
Apart from the absence of physical institutions, no central authority exists in the network of blocks. In particular, the public chain, where responsibility for maintaining information security on the chain is spread to all nodes, is an attempt by network service providers to evade the obligation to protect information.
我国的法律适用及管辖权主要遵从属地主义,民事诉讼法第21条规定,对法人或者其他组织提起的民事诉讼,由被告住所地人民法院管辖。根据《最高人民法院关于适用〈中华人民共和国民事诉讼法〉若干问题的意见》第4条,法人的住所地是指法人的主要营业地或者主要办事机构所在地。在营业地分散且没有实体机构的情况下,法人的概念实际上被极大的弱化,法律法规中针对法人的规制都将因为主体缺失而无法适用。如果不针对区块链技术的特性对法律加以修改,个人信息外泄、逃税、非法交易等问题都将无权管辖。
In accordance with article 4 of the Opinion of the Supreme People's Court on the Application of Certain Questions of the Civil Procedure Law of the People's Republic of China, the domicile of a legal person refers to the principal place of business or the seat of the principal office of the legal person. In the absence of a decentralized and entity body of business, the concept of a legal person is virtually weakened, and the regulation of legal persons in the laws and regulations will not be applicable because of the absence of the subjects.
在全球化的趋势下,我国应当积极探索并参加全球范围内对区块链协同监管的讨论,参与规则制定,推动体系的构建,提高我国在国际上的话语权。同时,在形成全球协同监管之前,首先要建立一套切实有效的国内监管政策。面对注册地在他国的区块链项目,我国应当改变原本的属地主义的思维,转向属人主义,将监管对象由法人转为个人。对于注册地国家监管政策不完善的项目,我国监管部门首先应当对其在中国市场的业务活动加强监督,针对不同行业分别建立风险评估标准,有必要时向民众发布风险告知书。风险达到红线后,及时采取熔断措施,停止其继续进入中国市场,以免发生难以挽回的损失。
In view of the trend towards globalization, we should actively explore and participate in global discussions on the coordinated regulation of block chains, participate in rule-making, promote the construction of systems, and enhance our voice at the international level. At the same time, before creating global coordinated regulation, we should first establish an effective domestic regulatory policy.
由于法人的概念被淡化,如果依然引发了信息外泄问题,有很大可能找不到承担责任的法人,适用哪国法律也不明确。但无论虚拟化的程度多大,节点背后都是现实生活中存在的自然人,此时应当本着“谁运营谁负责”的属人主义原则,在法律文件中明确我国公民在个人信息方面的权利受到侵害的,系发生在我国领土上的民事纠纷。我国享有管辖权,可以责令项目发起人、负责人依照本国的法律承担相应责任,以此保障国内用户各项权利的正常行使。
Given the dilution of the concept of a legal person, there is a great risk of not being able to find the legal person responsible if the problem of the disclosure of information still arises, and the application of the laws of the country is unclear. But whatever the degree of virtualization, the nodal is a natural person that exists in real life, and it is in accordance with the principle of “who operates and who is responsible” that the violation of the rights of our citizens with regard to personal information should be made clear in the legal documents that civil disputes take place on our territory.
(二)明确区块链实名制政府主导构建身份系统
(ii) Establishment of identity systems led by a well-known government with a clear block chain
目前,以区块链技术为基底的加密货币应用中,进行交易或挖矿均无需进行身份验证。但加密货币并未被所有国家承认,我国仅将加密货币的交易作为一种互联网上的商品买卖行为,允许普通民众在自担风险的前提下自由参与。所以即使加密货币的讨论度很高,但实际参与的人依然是少数。与加密货币不同,“区块链+”在各行业推行后,实名制注册是大势所趋。原因在于,区块链的核心
Currently, there is no need to authenticate any transactions or mining in encrypted currency applications based on block chain technology. However, encrypted currency is not recognized by all countries as a commodity on the Internet and allows ordinary people to participate freely at their own risk. So, even if there is a high level of discussion about encrypted money, there is still a small number of participants. Unlike encrypted money, when the block chain plus is introduced in various industries, real-name registration is a trend.
价值在于试图使陌生人社会不需要第三方提供信任背书,但在个人信息领域,信任不等于信用。当某一节点发出信息时,其他节点可以通过算法对本条信息“是否由此节点发出且未被篡改”的真实性进行验证,但对于信息本身的真实性无法保障。通俗来讲,某节点添加信息“地址持有人年龄23岁”,其他节点只可以通过验证,信任链上信息并非他人伪造,但对于地址持有人是否真的23岁无从考究,即对节点的信用无法保障。“区块链+”使用户规模极大扩张,虚假个人信息的泛滥不但不利于管理,还将贬损信息的价值,产生虚假的大数据产品。由此,出于对信息价值的保护及监管要求,法律需要明确区块链需要实名制。
The value is to try to make a stranger society need no endorsement of trust from a third party, but trust does not amount to credit in the area of personal information. When the information is sent by a node, other nodes can verify the authenticity of this article's information “whether or not it was sent as a result of the node and has not been tampered with” by algorithms, but the authenticity of the information itself cannot be guaranteed. Generally speaking, one node adds information “at 23 years of age to the address holder”; the other node can only be verified that the information on the trust chain is not forged by others, but that credit on the node cannot be guaranteed if the address holder is indeed 23 years of age.
区块链应用实名制的途径不外乎两种,一是建立身份认证系统,用户在注册各个区块链应用时,分别进行真实身份的核查。二是建立数字身份系统,每个自然人都拥有一个数字身份,可以对接到所有区块链应用。传统模式是由网络服务提供商进行个人信息的真实性确认,个人信息保护法(草案)第8条设立了完整正确原则,要求信息处理主体应当保证个人信息准确、完整。管理规定第8条同样将身份验证工作交由网络服务提供者进行。笔者认为,无论采用何种方式,无论是否以区块链为基底构建系统,推行主体都应当由政府承担。一方面,比起民间机构,政府具有更高的可信度。与其由网络服务提供商或CA(CertificateAuthority)认证系统等非政府的机构承担认证工作后再进行监管,不如直接由政府管理。且区块链项目数量庞大,每个项目都去寻求合作机构对于用户来说等同于再次将身份信息大范围传播。另一方面,政府构建全国性的信息库有利于后续政务管理,所有涉及公民身份的业务,如征税、信息互通、人口普查等都会因为官方个人信息库的存在而更加便利。
There are two different ways of applying a real name system to block chains: the establishment of an identity certification system, in which users verify the true identity when registering the application of each block chain. Second, the creation of a digital identity system, in which each natural person has a digital identity, can be applied to all block chains. The traditional model is the authenticity of personal information. Article 8 of the Personal Information Protection Act (draft) establishes the principle of integrity after certification, requiring that the information-processing subject should ensure the accuracy and integrity of personal information. The regulation also leaves the identity certification to a network service provider.
(三)提高行业准入标准建立行业自治体系
(iii) Improved industry access standards and establishment of a system of industry autonomy
立法与司法在任何一个现代国家都相互独立。但在区块链网络中,代码的架构者充当了“立法者”的角色制定规则,其编写的代码又承担着“执法者”的作用。智能合约便是区块链的法律协议,与传统合约相比,智能合约中包含着代码,目的在于使链上事务在不可撤回、不可篡改的基础上自动执行。面对稍显强硬的“代码”规则,应当分领域订立区块链行业的准入门槛,设置更加严格的标准保障代码本身的公平正义。在资格审核时,不仅要求企业具备足够的技术及资本支持,更重要的是审查其利用代码构建的规则是否相对完备且公正公开,是否可以保障用户在权利义务平等且明确的情况下使用此应用,避免“伪链”“胡链”“弱链”等安全性低,甚至并非区块链的平台打着区块链应用的旗号,行窃取用户个人信息之事。
In a network of block chains, however, the framer of the code acts as “legislator” and the code that it compiles assumes the role of “law enforcer.” Smart contracts are legal agreements on block chains, which contain codes compared to traditional ones, designed to make matters in the chain self-executing on the basis of irreversibility and irreversibility. In the face of a somewhat strong “code” rule, it is important to set entry thresholds for the sector of the block chain, with more stringent standard security codes in place.
在保障区块链项目普遍由优质企业运行后,应当建立行业自治体系。针对个人信息保护问题,内部从业者更加敏感,消息也更灵通,行业内相互监督比外部监督更加及时有效。实务中,我现有治理体系仍以政府监管为主,行业协会的自治权力不足,无法达致自治的地位。我国对行业自律做出规定的23部法律中,仅有6部法律规定了行业协会的惩戒权或纪律处分权,行业协会的争议解决权也没有得到广泛推行和认同。但区块链行业与其他行业有所不同,区块链的创造者及拥护者本身就是一群具有强烈无政府主义价值观的技术极客们,他们所追求的便是利用技术在虚拟空间内实现平等自治。此外,由于其去中心化的特点,区块链网络的监管比传统行业更加困难,所以在治理区块链行业时应当顺势而为,实现技术本身的自律价值。政策及法律应当推动行业自治体系的建构,鼓励设立高水准的行业协会等自治机构,并且明确赋予其争议解决权、惩戒权等必要的权利,对于信息安保措施不到位的项目通过自治机构加以警示、惩戒。
With regard to the protection of personal information, internal practitioners are more sensitive and informed, and mutual supervision within the industry is more timely and effective than external oversight. In practice, my current governance system is still dominated by government oversight and the autonomous powers of industry associations are inadequate to achieve self-government. Only six of the 23 laws that regulate industry self-regulation provide for disciplinary or disciplinary powers for industry associations.
自我管理更能促使企业对自身提高要求,从而引导整个行业健康发展,形成良性竞争。尤其在把控行业准入后,行业构成不再是鱼龙混杂的状态,进入区块链领域的多为信誉良好的优质机构,这也为构建高质量自治机构奠定了基础。在自治机制切实有效的情况下,政府同时也要加以监督。自律与他律的双重看管下,无论是经由内部渠道还是外部渠道导致的个人信息泄露事件都会得到比此前更加有力的控制。
Self-regulation is more likely to encourage firms to increase their demands on themselves, thereby leading to healthy growth in the industry as a whole, leading to benign competition. In particular, access to the controlled sector is no longer a mixed one, and entry into the area of block chains is often a credible and high-quality institution, which also provides the basis for the construction of high-quality self-governing institutions.
(四)细化监管阶段积极探索监管模式
(iv) Active exploration of regulatory models at the regulatory level
区块链的监管难度问题一直是阻碍其发展的主要原因之一。传统模式下,监管部门只需着重监督中心管理机构即可。强化个人概念后,不仅会扩大监管范围、分散监管力量,还会使监管部门监管程序更加复杂,极大地增加了监管难度。如果监管不力可能导致更严重的个人信息泄露事件。对此,管理规定条文较少且尚未脱离传统监管模式的框架,没有解决新技术与旧制度之间的矛盾,很难实际应用。实际上,区块链技术只是与传统监管方案存在冲突,并非完全无法监管。转换治理思路即可使其既在法律的规制范围内,又能发挥出比中心化信息管理系统更加稳定的信息安保功能。
One of the main obstacles to the development of block chains has been the difficulty of regulation. Under the traditional model, regulators need only focus on supervision of central regulatory institutions. Strengthening the individual concept will not only increase the scope of regulation, decentralizing regulatory powers, but will also make regulatory procedures much more complex and difficult.
首先,区块链具有强大的抗攻击性,但需要用户基数达到一定规模。无论区块链应用选择何种共识机制,投放市场初期都是防御力最薄弱的阶段,无论是个人信息还是财产都有可能遭到窃取。例如POW共识机制,主网刚刚上线时节点相对较少,某一个或某一组节点很容易掌握全网50%以上的算力,进而发动攻击。随着区块链中诚实节点的算力越来越难以超越,抗攻击性才会逐渐显露。所以在监管的全过程中,初期投入的力度应当最大,监管者和项目负责人需要时刻关注主链的变动情况,保障共识机制选出的节点为诚实节点,以保护用户的个人信息安全。
For example, the Pow Consensus mechanism, which has a relatively small number of nodes just online, allows one or a group of nodes to capture more than 50% of the value of the net, thus launching an attack. As the calculation of honest nodes in a block chain becomes more difficult to exceed, resistance becomes apparent.
其次,应当实行链上与链下的双重监管,监管者作为节点参与管理工作可以更及时的发现区块链的异常。但链上参与监管不能超过必要限度,避免监管节点成为“超级节点”,拥有掌控整个系统的能力。如果某一机制有能力对共识规则或其他技术属性进行考量和调整,则完全抹灭了区块链去中心化的价值。
Second, there should be double regulation on and below the chain, and the participation of regulators as nodes in the management of blocks can lead to more timely detection of block-chain anomalies. But participation in the chain cannot exceed the necessary limits, avoiding the regulatory nodes becoming “supernodes” and having the ability to control the system as a whole.
目前,大多数国家对区块链技术持积极支持的态度。区块链的全球化特性使其发展与治理不仅是一国内政,而是受到各方关注的国际问题。在监管方面,许多国家或地区均已出台法律对区块链进行监管,2015年英国提出了监管沙盒概念,2018年日本建立了行业自律机构。实际上,无论是行业自律还是沙盒监管(相当于我国的试点)都不是新的监管类型,而是在寻找新技术与传统监管政策间如何兼容。当下,区块链的监管问题依然处在发展初期,我国应当在借鉴优秀经验及基础上,以更加大胆的态度探索技术与法律的融合点,以更优质的监管方案促使区块链技术在个人信息等多个领域发挥出最大优势。
In terms of regulation, many countries or regions have introduced laws to regulate block chains, the United Kingdom introduced the Sandbox concept in 2015 and Japan established industry self-regulatory bodies in 2018. Indeed, industry self-regulation and sandbox regulation (the equivalent of the country’s pilot) are not new types of regulation, but are compatible with the search for new technologies and traditional regulatory policies.
结 语
Conclusion
信息的互联使社会更加不平等,共享经济企业将信息汇集并加以出售,实际上整个过程并没有实现价值的共享。信息、数据等同于资产的时代,除了个人信息存储安全,保护其控制权不被掠夺也应当成为个人信息保护的题中应有之义。在区块链领域中,无论是“代码即法律”还是“监管者能够且应该像管理中心化系统一样管理算法系统”都是非常片面的观点。正如互联网并非法外之地一样,区块链也理应受到法律的限制,但技术是中性的,区块链从不站在制度的对立面,法律的制约也不应以“制裁”技术为目的,而是探求如何在可控制范围内最大程度地保持区块链去中心化的独特价值,一味地限制只会使其沦为普通的分布式账本。区块链技术是对中心化数据管理模式的巨大冲击,即使技术本身依然存在很多阻碍其全面落地的因素,但不可否认的是,区块链同时也蕴含着颠覆传统产业模式的力量,期望法律能够在制度层面为区块链保驾护航,使其发挥出最大效益,为构建信任体系和个人信息保护方面带来真正的曙光。
In the area of block chains, whether “codes or laws” or “custodys can and should manage algorithmic systems as if they were centralized systems” are very one-sided. As in the case of the Internet and illegally, block chains should also be subject to legal constraints, but technology is neutral and should never stand against the regime, and legal constraints should not be aimed at “sanctioning” techniques, but at maximizing the unique value of the chain to be centralized.
原标题:《侯雪梅 刘烨丨个人信息保护视域下的区块链技术: 优势、局限及其完善》
Original title: "The techniques of block chains in the area of protection of personal information: strengths, limitations and their refinements ".
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论