This reminds me of the similar controversy that Apple once fell into. Last year, Apple announced that it would scan and detect the child pornography information stored in the cloud photos of users on icloud (except for China), and would report it to the law enforcement department after discovery. It immediately triggered a huge controversy, and a large number of organizations and individuals publicly opposed Apple's invasion of privacy. A few months later, apple deleted the scanning plan on its website, which has not been restored so far.

Today, in combination with these two cases at home and abroad, I will talk to you about the circumstances under which it is legal for Internet companies to scan users' cloud information, which circumstances are illegal or controversial, and what are the problems with the provisions of the WPS user agreement.

WPS is an office software with cloud storage service. Documents created by users using WPS software, whether stored in the memory of users' local computers and mobile phones or stored on the cloud WPS server, if not disclosed, belong to personal privacy. Similarly, users' files and photos stored on personal devices and Apple's icloud are also personal privacy. Without users' permission or legal reasons, WPS and apple, the operator of icloud services, have no right to scan.

The legal basis is the provisions of our civil code: privacy is the private space, private activities and private information that natural persons have a peaceful private life and do not want to be known by others. Natural persons enjoy the right to privacy. No organization or individual may infringe upon the privacy of others by spying, intrusion, disclosure, publicity, etc. In short, local storage and cloud are private spaces, and scanning is spying for privacy.

However, WPS's file blocking this time is different from Apple's icloud scanning plan. The difference lies in the scanning trigger mechanism: according to the statement of WPS company, its scanning behavior is triggered because users share documents. Apple's icloud scanning plan is to actively scan users' photos for child pornography, and will actively report it to law enforcement departments after discovery. So WPS operation company is passive trigger, while Apple is active scanning.

WPS company has compliance requirements for passive trigger scanning. Article 47 of China's "network security law" stipulates that network operators should strengthen the management of information released by their users. If they find information that is prohibited by laws and administrative regulations from being released or transmitted, they should immediately stop transmitting the information, take elimination and other disposal measures, prevent the proliferation of information, keep relevant records, and report to the relevant competent departments. According to this regulation, if the user's document is disseminated externally, WPS operation company should indeed scan it. If it is found that the document has compliance problems, it is responsible to lock the document to prevent information proliferation.

The purpose of Apple's active scanning is to combat sexual crimes against children. Referring to Article 6 of the European Union's general data guidelines (GDPR), scanning users' icloud cloud data can be classified as the purpose of public interest, which is not groundless. However, according to Article 41 of China's "network security law", network operators should follow the principles of legality, legitimacy and necessity in collecting and using personal information. After all, users' data stored in icloud cloud is private, and it is flawed in the legitimacy and necessity to actively scan user data and report illegal content. Once the Pandora's box is opened, the first step is child pornography, the second step may be pirated information, and the third step may be anti political and correct information. This is also the reason why many organizations and individuals in Europe and the United States oppose this.

Although the WPS company's scanning may be legal, the author still wants to roast about their user agreement, and the expansion of power is too much. According to Article 2.2 of Article 5 (user behavior) of Jinshan office online service agreement on the website of WPS company: "For the content you upload, submit, publish, store, send, receive, disseminate or share using this service, we only view, review, analyze, discuss, etc. by ourselves or entrust a third party on the premise of relevant laws, regulations, national policies and other regulations or the requirements of relevant national authorities, and have the right to provide such content to relevant national authorities for review and use for their desired purposes."

What's the problem with this one? According to the provisions of Article 47 of the network security law, network operators have the obligation to review the published and disseminated content and prevent the transmission of information prohibited by laws and administrative regulations. The key point of this article is that the network operators should review the "release" and "dissemination" contents accordingly. In other words, only when the document is not viewed by the person, it can constitute "publishing" or "transmission".

The WPS user agreement clearly states that "WPS has the right to review and take corresponding disposal measures for the content uploaded, submitted, published, stored, sent, received, disseminated or shared". The network security law requires you to manage the release and dissemination, but WPS expands its power by managing the upload, storage and submission. This also violates the principles of legality, legitimacy and necessity stipulated in the network security law, and there are flaws in both legitimacy and necessity.

Finally, as the Internet moves from youth to middle age, people in both East and West have more and more concerns about privacy protection. For Internet companies that rely on the model of transferring privacy for free services, how to deal with this change and how to use personal information and data legally, properly and necessarily will be a challenge that will last for many years.