Xiaomi’s Cui Baoqiu: Returning the right to know to users, privacy and security requires industry-wide joint efforts

Recently, the MIDC2020 Xiaomi Developer Conference was held in Beijing.

At the conference, Xiaomi announced a series of core technologies, including new technologies such as MACE Micro, a deep learning framework for mobile, and Little Love Classmate version 5.0. It also held the Xiaomi AIoT Security Summit focused on privacy security, introducing Xiaomi’s trusted framework for security and privacy for consumer-grade IoT devices. From the application layer, cloud platform, transmission layer, and perception layer to build the IoT security and privacy system framework, to fully protect users’ information security and private data.

Xiaomi is also actively opening up its security practices to the industry through the medium of standards, and after 5 years of experience accumulated by the IoT security team, it has refined nearly 200 security requirements covering 14 areas such as hardware security, embedded security, general system security, communication security, secure mobile security, privacy compliance, etc., and officially released the “IoT Product Security Baseline”. Xiaomi’s IoT products can refer to this baseline in all stages of requirements design, development and testing to ensure that they provide users with safe and reliable IoT products.

After the meeting, Speedway interviewed Cui Baoqiu, Vice President of Xiaomi Group, Chairman of the Group Technology Committee and Chairman of the Security and Privacy Committee, as well as colleagues responsible for privacy and security, to further discuss Xiaomi’s achievements and insights when working on privacy and security.

Privacy Security Requires Industry Chain Efforts

Cui Baoqiu said that regarding the privacy of users, Xiaomi has done a lot of work to make users informed, transparent and in control. He cited MACE Micro as an example, generating new technology that allows more and more data to remain on the end, which is Xiaomi’s technological breakthrough in personal data protection and privacy protection, which is significant.

In October this year, the “Law of the People’s Republic of China on the Protection of Personal Information (Draft)” was announced, for individuals to obtain privacy protection through rights and interests, enterprises to win user revenue through compliance, the state balance of interests to promote the data economy put forward relevant requirements. In this regard, Cui Baoqiu said that the continuous improvement of laws and regulations is very encouraging, and called for the protection of user data security and privacy, a company, an industry to do well, is far from enough, only the entire industry and even the whole society has a common awareness of user security and privacy, efforts and development, users will truly feel at ease when using products and services.

In this regard, he also highlighted the “IoT Product Security Baseline”, hoping that it can share all the accumulation of Xiaomi’s IoT security and privacy over the past five or six years, including technology accumulation and experience accumulation, just as Xiaomi embraces open source, so that all ecosystem partners and all industries can learn from it, to promote the rapid and vigorous development of the IoT and IoT security and privacy ecology together.

Cui Baoqiu said: “Xiaomi is an advocate of software open source, while the development of technical standards, but also adhere to the principle of open sharing, actively participate in the development of international and domestic standards, open Xiaomi’s security practices to the industry, and work together to build privacy and security ecology.”

In addition to strengthening its own security capabilities, Xiaomi also pays extra attention to the external security ecology, according to Chen Yang, at the first IoT Security Summit in 2017, Xiaomi had launched a vulnerability reward program of up to 500,000. Now, the program has risen to a maximum of 1 million. To address privacy issues, Xiaomi has also launched a privacy vulnerability rewards program in China.

In the industry exchange, Xiaomi, Tencent, Didi and Huazhu have also jointly released a joint enterprise blues program. The expectation is that in the form of inter-enterprise Blue Army cooperation, to promote the progress of enterprise security capabilities, more comprehensive protection of the security and privacy of all Internet users.

Returning the right to know to users

On privacy protection, Cui Baoqiu believes that one of the most important points is to let users have the right to know, to give users sufficient transparency and control. The Xiaomi team adhere to the principle of “try to tell the user”, even if according to the privacy principles can not tell the user, but it is best to talk to the user, so that users really feel at ease. “Let privacy protection beyond user expectations” is an important concept of Xiaomi products.

In April this year, Xiaomi MIUI12 released a flare, interception net, hidden mask three modules of the functional design, at the same time, Xiaomi released the “Xiaomi Privacy” brand, so that users can see all the mobile phone App to collect personal information permissions, frequency, time of occurrence, as well as the product has occurred blocking the situation. It has been online for more than half a year, and is a favorite among users for defending their data rights with the industry’s strictest privacy standards.

In an interview, Xiaomi Information Security and Privacy Committee Vice Chairman Zhu Lingfeng revealed to Speedway, for the original regulatory difficulties of high frequency beyond the minimum necessary frequency to read personal information, in the mobile phones equipped with Xiaomi Privacy, because of the existence of interception network, flares, it reduced the frequency of 90%. She said that because of some background invisible behavior, so that users have some means to protect themselves, the industry as a whole has woken up and improved the overall level of protection.

After the launch of “Xiaomi privacy”, the impact on the accuracy of Xiaomi services and advertising revenue, Zhu Lingfeng said it did not suffer any impact, she also stressed that “the protection of user privacy and service accuracy, are part of our product experience, we will not use the sacrifice of privacy to get Experience, product precision on the experience, also will not be sacrificed in turn, because they two are already one.”

In the AI algorithm accuracy, millet can use more technical means to solve, such as making the algorithm better, can put the data collection, collection to the end, not to encounter more user privacy data, distinguish privacy, do not disclose personal information, the use of this part of the data to enhance the experience, with more technology, R & D power, make up for this part of the “can’t get” the impact of the data on the service.

Speed network saw, in this MIDC2020, Xiaomi not only reiterated how to use technology to better protect user privacy; also through technical communication in the protection of user privacy at the same time, better use of technology.