In order to protect private data, the Metaverse platform should be able to achieve three basic requirements: the full life cycle of data is safe and trustworthy, users have the ability to independently control data, and support distributed collaborative governance among all parti

Content Summary

§ Protecting user privacy and data security is an important prerequisite for the healthy development of the Metaverse industry. In order to protect private data, the Metaverse platform should be able to achieve three basic requirements: the entire life cycle of data is safe and trustworthy, users have the ability to independently control data, and support distributed collaborative governance among all parties.

§ In order to realize the three basic requirements, the distributed technology system represented by blockchain, privacy computing, distributed identity, etc. is an important foundation of the Metaverse and constitutes the technical path for privacy protection of the Metaverse. The complementary integration of blockchain and privacy computing allows data to be stored and circulated safely and reliably, and data value can be shared by multiple parties; distributed identity technology allows users to independently control digital identities and their corresponding data in the metaverse.

§ In addition to protecting privacy through technical paths, regulatory paths are also indispensable because the technology is immature, the governance system and compatibility need to be guided by standards, and relevant real-world business scenarios require it. To this end, it is necessary to improve the self-governance capabilities within the platform through "soft law" rules such as platform service terms and community norms, and to achieve external supervision of the platform through "hard law" such as policies, regulations and technical standards.

§ It is necessary to balance the relationship between privacy protection and maintenance of public order in the metaverse, and prevent illegal and criminal behaviors from being hidden in the name of privacy. However, due to the rich variety of digital content formats and scenarios in the Metaverse, which may also involve transnational scenarios, the traditional centralized content supervision and review model may encounter greater challenges and is not conducive to attracting users. Distributed governance voluntarily implemented by communities and users in accordance with "soft law" can serve as the main support to achieve a balance between supervision and privacy protection.

§ How to achieve a balance between privacy protection and supervision in the metaverse and promote the healthy development of the industry is an open question. Distributed technology combined with spontaneous governance provides a feasible idea. The development of the industry requires the development of multi-level privacy protection technical standards to improve interoperability between different manufacturers. The privacy protection specifications and differentiated guidelines applicable in different metaverse scenarios constitute further research topics.

Text

In recent years, the concept of the metaverse has been hotly debated and imaginative. It may have a non-negligible impact on traditional industries such as the Internet, games, media, industry, tourism, etc., and will have diverse application scenarios[1] . Corresponding to the real world, the metaverse as a virtual digital world will also have an economic and social system and establish a new rule and order. In these rules and orders, privacy protection will be an important piece of the puzzle to control the potential risks of improper use of massive users and behavioral data .

In order to better supervise the industrial order of the Metaverse, regulate its development, and protect the interests of users, this article will deeply explore the privacy protection technology system and industry supervision issues applicable to the Metaverse. The reason why we focus on technology first is that in the Internet era, people have put forward the important concept of "Privacy by Design" and believe that the technical measures of information systems are the first barrier to privacy protection and should be protected. The concept of privacy is applied to product and service design through technical means to achieve prior prevention and subsequent relief [2]. Many international legal and technical standards have absorbed this concept [3].

Specifically, this article will answer the following questions in turn: First, what are the characteristics and requirements of privacy protection in the Metaverse? Second, what kind of technical system is needed for privacy protection in the Metaverse? Third, in addition to protecting privacy through technology, how should regulatory policies be set to enhance privacy protection? Fourth, how to balance the relationship between privacy protection and necessary supervision at the same time? Is it possible that there is a different regulatory model in the metaverse than in the real world?

It should be noted that privacy usually refers to information related to the private life of a single or a group of natural persons (such as a family). The legal and philosophical basis is the dignity of human individuals [4], and generally does not include the confidentiality of legal entities and administrative agencies. information. Nonetheless, the techniques and some of the regulatory principles discussed in this article are equally applicable to protecting an organization's confidential information.For example, when an entire enterprise joins the Metaverse as a user, it may be an ordinary node on the blockchain. The relevant data protection measures in the Metaverse are basically the same as those of individual natural users who are also nodes.

1. The importance and basic requirements of privacy protection in the Metaverse

(1) Privacy protection is an important prerequisite for the development of the Metaverse industry

In recent years, in the Internet platform economy that we are familiar with, protecting user privacy and data security is an important issue. It is a hot topic, and both my country and Europe and the United States have introduced many laws to regulate related behaviors. For the budding Metaverse industry, privacy protection is also critical and is an important prerequisite for the healthy development of the industry. To some extent, its significance is more prominent than privacy protection within the traditional Internet.

First of all, compared with the traditional Internet, the Metaverse has real-time and immersive characteristics, and collects more types of personal data and is more sensitive . User data obtained by traditional Internet applications such as WeChat, Douyin usually includes text, photos, voice videos, browsing history and other information. This can be asynchronous, non-real-time information, nor is it personal identifiable information that can be traced back to a specific natural person. For example, the same text or photo can be sent by different people. But the metaverse is different. It usually requires terminal carriers such as VR/AR helmets and wearable devices. All individual attributes and behaviors of users in the space are recorded in real time and accurately in digital form. For example, after a user puts on a special helmet and gloves, subtle expressions and eye movements will be captured, and even physiological data such as blood pressure, breathing, and brain waves will be collected [5]. Not only is this data synchronized in real time, but it is also typical personal sensitive information and may more accurately locate a natural person.

Secondly, compared with the traditional Internet, the Metaverse has "ultra-realistic" characteristics [6], realistically simulating diverse scenes in the real world, and the personal data collected will be more comprehensive . An application on the traditional Internet can only obtain data in a single scenario. For example, Taobao mainly obtains a person's shopping data, and QQ obtains chat records. However, an application in the Metaverse may include shopping, chatting, games, sports and other rich scene information at the same time. This means that compared to the real world where a large number of daily life behaviors are not recorded, all behaviors and preferences of users in the Metaverse may be recorded, thus splicing together a more three-dimensional and realistic user portrait.

Therefore, once the private data of Metaverse applications is leaked, the amount of data leaked will be larger than that of traditional Internet applications, and the impact on users may be greater. This means that privacy protection in the Metaverse should be stricter.

(2) Three major requirements for privacy protection in the Metaverse

In the Metaverse, protecting user data and privacy does not mean not using data or letting the data "sleep", but must balance the protection of user rights and legal compliance with the application of data. The relationship between. To this end, we analyze what functions the platform system should have based on the nature of the metaverse. It is generally believed in the industry that the Metaverse is a digital space based on the Web 3.0 technology system and operating mechanism [7]. In Web 1.0, users can only passively accept and consume content. What it produces is "information", such as , Sina , Yahoo and other portal websites. Web 2.0 refers to a network platform where users can independently create and disseminate content and interact with servers, that is, they can read (read) and write (write) content, thus generating user "data", such as Douyin, , Zhihu, , B Stand and wait. Today's traditional Internet is in the form of Web 1.0 and 2.0. In these two forms, users are just users of the Internet platform and cannot enjoy the economic dividends after the platform prospers. At most, they can only obtain certain reward points in exchange for services or goods sold on the platform.

Compared with the previous two generations of the Internet, Web 3.0 refers to a new Internet form [8] in which users can not only accept and produce network content, but also own the ownership of the network platform based on their contributions and share the platform to generate economic benefits.The platform will distribute equity certificates to users, and each certificate represents the right to dividends on the platform’s profits. The more active a user is on the platform and the more they contribute to the operation of the platform's traffic content, the more revenue vouchers they can obtain. So for users, Web 3.0 applications are creating "assets" for them. Bitcoin is the earliest Web 3.0 application. Each miner node can obtain a certain number of Bitcoins after completing block packaging. The more prosperous the community is, the higher the value of Bitcoin may be, which will bring greater incentives to miners. The income certificate of Bitcoin becomes the asset of miners.

On the issue of privacy protection, as an "advanced version" of the Internet, the digital space in the form of Web 3.0 should first continue the most basic requirements of the previous two generations of Internet, ensuring that data must be safe and trustworthy from the moment it enters the space, and will not be easily leaked. and deletion. Security and trustworthiness throughout the entire life cycle are the foundation of order in the entire digital space. Without basic privacy security, data is unreliable, and everything is impossible.

is different from the previous two generations of the Internet. The "advancement" is reflected in the fact that Web 3.0 gives users certain platform ownership and other additional rights, which brings new connotations to the privacy protection of the Metaverse (Chart 1). In the privacy protection legal and policy systems of Web 1.0 and 2.0, the data controller (controller) is the core role, and data governance is an important part of the system [9]. Data is an important source of economic benefits on the Internet, so the control over it affects the distribution of data rights and interests to a great extent and is the economic rule of the network; data governance is the decision-making model for many data issues in the network public space and determines the Formulation, dissemination and enforcement of data rules [10]. In Web 3.0, both are equally indispensable. However, the data controller of the traditional Internet is the network and platform operators, who can rely on data to occupy commercial interests and dominate platform governance; but in the metaverse based on Web 3.0, users as privacy subjects also have platform ownership and income rights. , then you must take back control of your private data to truly protect your rights. If users do not have data control rights, then the platform may have "moral hazard" and rely on data to make profits without sharing the benefits. At the same time, as part of the owners, users should also obtain the necessary equal governance rights. Otherwise, users will have no say in the "game rules" of the platform and it will be difficult to truly protect their rights and interests in the long term. Just like in joint-stock enterprise , in addition to ownership and income rights, small shareholders also have the right to vote for governance, otherwise their interests may be infringed by major shareholders.

It can be seen from this that in order to balance privacy protection and compliance utilization in the metaverse, the system should meet at least three basic requirements, namely, the full life cycle of data is safe and trustworthy, users can independently control data, and support distributed collaboration among all parties. Govern . Security and trustworthiness are the common requirements of the three generations of Internet, while autonomous control and distributed governance are the advanced requirements of Web 3.0.

Chart 1: Comparison of privacy protection requirements between the traditional Internet and the Metaverse

Source: CICC Research Institute

1. Security and trustworthiness throughout the data life cycle

According to the core principle of "Privacy by Design" (Privacy by Design), privacy protection The most basic requirement is that the entire life cycle of user data from collection to disposal must be compliant to ensure security and trustworthiness [11]. This is true for real-world and traditional Internet applications, and the Metaverse is no exception. The life cycle of private data covers the entire process of data collection, transmission, storage, use, sharing, transfer, disclosure, disposal and destruction. Each link should not be accessed by unauthorized third parties to ensure data security and operation process. Trustworthy. For example, the storage of data should be safe and reliable, not easily vulnerable to attacks and leaks, and cannot be tampered with at will; when data is transferred to different users, user authorization should be obtained so that the entire transfer process is traceable and auditable.

2. Users independently control data

In traditional Internet platforms, platforms often obtain the right to collect, store, process, and disclose user data to third parties by signing privacy agreements with users, and actually control the data.If the user does not agree to the privacy agreement, the core functions cannot be used, so the user has very little choice and is often forced to transfer or transfer these rights under the unconscious state of and . Users' identity information and behavioral data are recorded on the platform. The control rights of the data are held by platform companies. Companies can use these data for commercial purposes, but users lack the right to freely dispose and share revenue. Moreover, such a centralized management method has greater agency risks and is more prone to privacy leaks and abuse risks.

is different from the previous two generations of the Internet. A fundamental feature of Web 3.0 is that rights are returned to the users themselves. Users have full autonomy over their own data, which is embodied in the ability to autonomously manage digital identities in cyberspace and independently control all data. All behavioral data generated are [12]. Here, we emphasize control rather than ownership because the ownership of user data is a highly controversial issue. Although the original data is generated by users, the enterprise has paid a lot of data cleaning and processing costs to form usable standardized data. This data contains the labor of two parties, and the concept of exclusive ownership has become controversial. However, control rights are less controversial and have become a consensus in international privacy legislative practice. Laws such as the U.S. Privacy Act of 1974, the California Consumer Privacy Act, and the EU GDPR all focus on consumers’ control over the use and flow of personal data, rather than emphasizing the granting of ownership to a certain subject[13] . When users gain control of their data, it becomes difficult for the platform to monopolize the commercial benefits of further use of the data without permission.

As a typical form of Web 3.0, the Metaverse also requires users to independently control identity and behavioral data. Users can independently manage the content, assets and behavioral data generated in different scene spaces of the metaverse, avoiding the risk of misuse of private data. Moreover, under the premise of independent authorization, users can provide data to other entities, thereby sharing the benefits generated by the data.

3. Distributed collaborative governance

Different from the real world, the Metaverse is a distributed economic and social system. The so-called "distributed economy" in can be understood as a social network built by multiple behavioral subjects with equal status. These subjects spontaneously carry out social division of labor according to transparent preset incentive mechanisms and governance rules. , exchange and share benefits, and collaboratively manage the entire system [14]. In a metaverse, many users join as virtual identities, interact according to a new business and social rule system, form diversified autonomous organizations, and collaborate to create a variety of new content and business value. It embodies the characteristics of distributed economy.

In such a distributed economic system, if we want to analyze and utilize multi-party user data and collaboratively create value, we should achieve three goals [15]: First, make data from different sources mutually identifiable, trustworthy, and verifiable. This data storage and circulation infrastructure should be interconnected; second, design a reasonable circulation incentive mechanism and give reasonable returns to data contributors, so as to form a benign data sharing and collaboration mechanism; third, let the data subject (principal) Various roles such as controller, processor and user have the opportunity and right to jointly negotiate data protection and application rules and mechanisms to handle various situations. Among them, the owner refers to the natural person to whom the private data directly points, the controller refers to the relevant party who can decide the purpose and method of data processing, and the operator refers to the relevant party who specifically processes the data according to the instructions of the controller [16].

2. The technical path of privacy protection in the Metaverse

Since the privacy protection of the Metaverse should meet the three basic requirements of data security and trustworthiness throughout the life cycle, distributed collaborative governance, and user independent control of data, uses blockchain and privacy computing. Technical systems represented by privacy-preserving computation and decentralized identity have become important technical foundations of the Metaverse.The architecture of these technologies all reflect the characteristics of the " distributed system " (distributed system) to varying degrees - a cluster of loosely coupled nodes that cooperate to perform tasks on the network based on established protocols and algorithms [17]. The blockchain itself is a peer-to-peer (peer-to-peer) network architecture; privacy computing allows multiple independent data sources to communicate with each other to complete computing tasks without data flow; the distributed identity system relies on multi-party cooperation to calibrate Verify identity and corresponding information.

Among the three, the application fields of blockchain and privacy computing go beyond the Metaverse. In contrast, distributed identity technology is more coupled with the Metaverse [18]. Therefore, the following will first briefly explain how the characteristics of blockchain and privacy computing meet the requirements of matching privacy protection, and then the next section will focus on the important role of distributed identity in metaverse privacy protection.

(1) Blockchain and privacy computing

1. Blockchain allows data to be stored and circulated securely and reliably

In recent years, the concept of blockchain has become widely known. It is a point-to-point distributed data collection (called a "distributed ledger"). Each node reaches a consensus based on the consensus mechanism and is linked through cryptographic technology [19]. It has the characteristics of multi-center, extremely difficult to tamper, and smart contracts to solve the storage and circulation problems of data assets and support reliable collaboration between multiple parties. The basic form of the

blockchain is that multiple nodes jointly network and jointly maintain data, which naturally builds a multi-center collaboration model. All nodes share transparent and tamper-proof information, do not rely on an intermediary, and collectively maintain the operation of the system through consensus rules and smart contracts. The various tokens on the chain help motivate users to actively participate [20]. Moreover, based on cryptography technology, once the data is uploaded to the chain, it is extremely difficult to tamper with, thus achieving reliable evidence storage and data confirmation, and the subsequent circulation of the data can also leave traces and be tracked throughout.

In the metaverse, users' identity, assets, behavior and other data are required to be independently controlled instead of being stored on a centralized platform. Therefore, a multi-level and diverse distribution is formed between users and users, and between users and institutions. web . In order to reliably complete digital asset transactions, data sharing and other behaviors in this network, blockchain has a natural place to play.

2. Privacy computing allows multiple parties to collaborate with each other more reliably and share the value of data

Privacy computing refers to the computing theory and technology oriented to the collection, storage, processing, release (including exchange), destruction and other life cycle processes of private information, while ensuring The data provider can analyze the calculation data and verify the calculation results without leaking sensitive data, and realize the value of the data safely [21]. Privacy computing does not refer to a single technology, but a comprehensive technology system that includes , artificial intelligence, , cryptography, data science and other disciplines. Depending on the actual use, its specific technical routes include secure multi-party computation, federated learning, trusted computation, etc. Federated learning is used to allow data distributed among multiple institutions to perform joint machine learning, modeling and prediction without leaving the database; secure multi-party computing uses cryptography and distributed technology to allow multiple parties to interact and verify Or calculate data, but do not disclose the plain text information of the data; trusted computing places the data in a protective hardware environment (this hardware is called a "trusted execution environment", trusted execution environment) to isolate the calculation to ensure data security. The goal of

privacy computing is to keep the data opaque, non-disclosure, and unobtainable by computing parties and other unauthorized parties during the process of processing and analyzing computing data. In this way, each participant with unique data can share it in a novel form where the data does not leave the local area or is transmitted encrypted [22], thereby sharing "value", "knowledge" and "information" instead of the original data, making the data "available and available". visible". As a result, the potential data value is mined and released without compromising the rights and privacy of the data owner [23].The distributed collaborative governance of the Metaverse is inseparable from the sharing of data among multiple parties. At the same time, it is very possible to ensure the security of the shared data and cannot do without privacy computing.

3, privacy computing and blockchain integration are complementary

In fact, privacy computing and blockchain can also be integrated with each other and play complementary roles. On the one hand, privacy computing is only used to ensure the safety and reliability of data in the "computing" link, but other links in the entire data process ((data confirmation, source tracing, process recording) require blockchain to ensure reliability, so blockchain Becoming the "base" for the data required for privacy computing, it can not only become a reliable ledger for data storage, but also record and trace the data sets and data circulation process in multi-party collaboration, so that all parties can evaluate and measure the contribution in the collaboration.

. On the one hand, in some application scenarios where data has multiple levels of sensitivity and importance, blockchain solutions will be more "clunky", and privacy computing is more suitable, such as those constructed on the blockchain [24]. In the asset trading scenario, institutions do not want their business information and user information to be disclosed on the chain. Different information has different levels of confidentiality. However, transactions and blocks on the chain need to be "packaged" for node verification, and the verification process may be leaked. Information. To this end, the traditional approach is to rely on an authoritative institution to maintain the entire ledger, while ordinary institutions and ordinary users join the blockchain in layers to differentiate permissions, but this will make the system more complicated. Finally, the confidentiality of data on the chain is enhanced, and the risk of information leakage can be minimized through selective disclosure. In this way, the system does not need to be so complicated and does not necessarily require a centralized authority, which meets the requirements of the Metaverse to independently control privacy data

(2). Distributed identity

1, autonomously controlled digital identity is the core element of the metaverse

Digital identity is a core element of the digital economy industry. The source of data is generated from the description of entities and their characteristics in the real world, and. Recording of the activities of entities in social interactions. In other words, the generation and continuous accumulation of all data are centered on the entity. The entity can be a person, an institution, or any object, such as a car or an object. A mobile phone. Digital identity is a unique identification and representation of an entity in the Internet world. It maps an entity in the physical world to the digital world through a specific set of digital sequences, thereby realizing digital functions such as identity recognition and information verification. Identity is the key link between the digital world and the real world.

In the current Internet world, a user's digital identity is represented by a personal account in each application, and the account and its data storage are recorded in the account. In the application operator's server, the operator is responsible for managing and ensuring the security of data storage. This digital identity system that relies on others has five outstanding problems: First, users do not know how the product operator will handle the data and privacy. The risk is very high; secondly, accounts between different application products are not connected to each other, and users often need to open new accounts; thirdly, users are in a passive position in cross-system data flow. If the operators of different applications There is no information transmission protocol between different applications, and it is difficult for users to actively initiate data migration and requests between different applications, that is, the lack of "right to data portability" [25]; Fourthly, if the product system fails, there will be The account and its data may be damaged; fifthly, once the user cancels the account, the data will be lost, and the user will have to fill in the information repeatedly when re-opening the account. The root cause of these problems is that the control of the account belongs entirely to the application service provider, and the user does not have control over the account and its internal data. There are also multiple application scenarios in the

metaverse, and there may also be accounts. However, due to the basic requirement of autonomous control of private data in , users need to integrate multiple application accounts through a self-managed digital "identity" [26]. Users can switch between different scenarios with this digital identity, and the data corresponding to the identity is stored on distributed storage infrastructure such as blockchain.Users use digital identities to uniformly and autonomously manage their behavior and asset data generated in different scenarios without having to hand over control to other institutions. only allows other organizations to check the data corresponding to the identity if the user authorizes it. To achieve the above goals, distributed identity is a very suitable technical solution.

2. The concept and basic principles of distributed identity

The traditional digital identity system is centralized. Each Internet company and enterprise organization centrally manages the identity account information of its own users, while distributed identity technology is based on blockchain and public-private secrets. A set of solutions to realize decentralized management of digital identity through key system [27]. The key to "centralization" here is whether the control of identity data is in the hands of the organization or the user themselves, rather than whether the data is stored centrally on the server. Of course, if the data is also stored distributedly on user nodes, the degree of decentralization will be even more complete. The

distributed identity solution consists of two parts, namely decentralized identifiers (DIDs) and verifiable credentials (VCs). The credentials record the data owned by the identity subject. Only when the user authorizes it with the key corresponding to the identity, can others check the data in the certificate (see the appendix for details). Users can independently complete a series of functions such as distributed identity creation, verification and private data management. Each distributed identity identifier (DID) of

uniquely corresponds to an entity, such as representing a person, an object, etc., and is a unique identification of different entities [28]. DID itself is just an string . Like a real ID card number, it does not carry information. It will be attached with a document (DID document) that records the technical attributes related to the identifier, including the public key of the DID. key), verification method, etc. It is called "distributed" because DID and documents are not stored in a certain enterprise's database, but are stored on a blockchain composed of multiple institutions. As long as the user authorizes it, any person or institution can verify the user's identity through the DID and its documents on the chain, thereby breaking down the barriers between institutions and enabling entities to freely control identities.

However, a large amount of specific information related to entities is not included in DID and DID documents. Questions such as "Who am I and what information do I have?" require verifiable credentials (VC) to answer. The essence of VC is a digital certificate that carries certain data. It can provide proof of our identity information, characteristics and attributes, etc., thereby ensuring that we can use certain social services normally. The VC records the DID of the holder, and is accompanied by the digital signature encrypted by the issuer using the private key (private key), which naturally also contains the DID of the issuer.

VC makes up for the shortcomings of traditional credentials in terms of credibility and verifiability. Imagine a scenario: someone wants to buy a prescription drug at a drug store, and the drug store asks to verify whether he meets the purchase conditions for the prescription drug, so he shows the drug store the prescription issued by the doctor, and the drug store sells the drug to him after verifying the prescription. . In this example, the hospital prescription is a voucher that provides proof of the qualifications of the person purchasing the medicine. However, in actual operation, it is difficult for pharmacies to verify the authenticity of the voucher: How to verify that the prescription was indeed issued by the hospital? How to verify that the contents of the prescription are authentic and not tampered with during the circulation process? The most intuitive verification method is to query the prescription issuance record in the hospital system and compare it with the existing voucher. However, in reality, it is difficult for pharmacies to have the authority to do this, which leaves room for information fraud.

For this reason, the solution is to store the relevant DID information or certificates of the certificate issuer (hospital) and holder (patient) in a trusted data registration agency (Verifiable Data Registry) or blockchain, which constitutes the issuer , the trust triangle of the holder and the inspector (pharmacy) (Exhibit 2). Under the premise of the holder's authorization, the three parties will ultimately verify through complex interactions whether the VC is really issued by the issuer and whether the information has been tampered with by the holder. For detailed technical principles and application cases, please refer to the appendix of this report.

Chart 2: The "Trust Triangle" of the Verifiable Credential System

Source: CICC Research Institute

3. Regulatory Path for Metaverse Privacy Protection

(1) Promoting Privacy Protection through Regulation

The distributed technology system introduced above can Let users control their personal data independently and achieve safe and trustworthy storage and sharing of data throughout the entire process. In addition to these distributed technologies, necessary conventional software security technologies are also standard, such as identity management, key management, network security, etc. However, these professional privacy and security technologies are only the first line of defense and are not enough to give people peace of mind. Industry supervision and governance are essential. There are at least four reasons:

First, the effect and performance of privacy protection technology are not yet mature, and there are certain bottlenecks or hidden dangers. For example, the security of federated learning and trusted execution environments, and the transaction performance of blockchain need to be improved [29]. In the case of imperfect technology, regulation needs to control privacy violations through various rules.

Second, when applying privacy protection technology, Yuanverse platform operators and technology suppliers need to establish a complete technical governance system. This governance system should make corresponding personnel and process management provisions for the selection, maintenance, auditing, emergency response, etc. of technical products. For this purpose, there should be necessary regulatory guidelines or industrial technical standards [30].

Third, in the future, there will be metaverse platforms built by multiple suppliers to provide a wider variety of scenarios. In addition to applying cross-chain technology, various companies also need to collaborate to solve identity and data compatibility issues between platforms, and may even require Unified tools to manage user security, ensuring users can safely and conveniently use a digital identity "single sign-on" to access different platforms. In order to promote cross-platform and cross-supplier compatibility and maintain market order and data security, industry supervision should play its due role.

Fourth, although the Metaverse is a virtual world, its important value is to serve the production and life of these scenes by simulating real-world manufacturing, office, education, scientific research and other real scenes (such as "digital twins") demand[31]. Then when interacting with the real world, some application business scenarios should be subject to certain constraints from real-world supervision, and real-world rules must also be introduced into them. If the virtual world is not restrained, the risks of the virtual world may spill over to the real world. For example, the virtual world has not yet established supervision of financial payments and asset transactions, and there is room for regulatory arbitrage with the real world. If the risks in the virtual world are uncontrollable, there are enough participants, and the amount of funds invested is large enough, it may have a greater impact on the real world. large negative externalities.

(2) Improve intra-platform governance with "soft law" rules such as terms of service and community norms.

The specific role of industry supervision includes not only clear requirements from the government through laws and policies, but also the promotion of market self-discipline and the creation of autonomy by practitioners. social norms such as [32]. Among them, compared with the former which has hard binding effect (called "hard law"), the latter belongs to the category of "soft law". 's so-called soft law refers to legal norms that cannot be implemented using state coercion, including autonomous and self-discipline norms and advocacy rules created by various social organizations [33]. Although soft law does not rely on state coercion to restrict behavior, it is of great significance in adjusting social relations and regulating people's behavior, and it has an increasingly prominent position in public governance in modern society[34]. For example, in the field of information technology, relatively loose open source protocols such as MIT and Apache protocols can be regarded as soft laws in this field.

Regarding the issue of privacy protection in the Metaverse, promoting technology companies to establish the self-governance capabilities of platforms and communities belongs to the "soft law" approach to supervision, establishing a second line of defense for privacy protection. In , the platform here refers to the digital space of the Metaverse that builds and carries content, while the community refers to the virtual user group organizations in different scenarios within the Metaverse. The specific approach is for technology companies to formulate necessary platform terms of service (term of service), and form autonomous codes of conduct (code of conduct) in various internal communities.The platform service terms not only announce the privacy commitments and rights and obligations of the operators to users, but also stipulate some codes of conduct for compliance and privacy protection. Once someone is found to have violated the terms, users and platform operators can report and hold accountable according to the terms. There is also a section called "community standards" in the terms of service, which lays a common foundation for each community to form a secondary order. These may be written in code to execute. In addition to the unified service terms and community standards of the platform, each community can form autonomous norms to supplement the requirements of the terms and standards, giving full play to the subjective initiative of each community.

takes a well-known game Second Life as an example to explain in detail [35]. This game is close to the metaverse concept to a large extent. Second Life is an online virtual game launched by Linden Lab in 2003. Each user is a "resident" in it. Everyone can create various things and hold activities in it, such as socializing, trading, building houses, and taking rides. Transportation, etc., and its own currency system. Platform operator Linden Lab has created a set of "Linden Law" (Linden Law), which consists of platform service terms and community standards, and is written into code. This is a kind of "soft law". The terms of service stipulate that users must abide by the established rules of conduct of the platform; the community standards stipulate that residents enjoy a reasonable level of privacy and share personal information (such as gender, religion, age, marital status, etc.) ) is an invasion of privacy and prohibits monitoring conversations and posting and sharing conversation logs without residents’ consent. Once a resident violates the Linden Law, the offended resident can report it, and the user account may be punished by the game, ranging from warning, temporary suspension, and banishment and cancellation from light to severe. Different communities within Second Life have a certain degree of autonomy, and the platform will try to minimize interference in each community.

(3) Promote off-platform supervision through "hard laws" such as policies, regulations and technical standards

"Soft laws" such as platform service terms and community norms only apply to privacy protection governance within the Yuanverse platform, but outside the platform, there are Privacy issues involving the metaverse. As mentioned above, first, platform operators and technology suppliers need to establish a privacy-protecting technical governance system to better utilize technology; second, different operators must be compatible and coordinated so that users can access it with a single identity. Multiple platforms and autonomous data migration; third, the business applications of Metaverse may involve many real-life data and privacy protection issues. In order to solve these problems, realistically binding "hard laws" such as policies, regulations and technical standards are needed to play a role. It is called "hard law" because policies and regulations have a certain degree of mandatory guarantee, and some technical standards are promulgated by government agencies and are also mandatory.

For technical governance systems and technical compatibility issues, it is a common regulatory behavior to formulate industry and even national technical standards to ensure the reliability and interoperability of technology [36]. For example, the financial industry standards "Security Specification for Financial Distributed Ledger Technology" and "Specification for Financial Application of Cloud Computing Technology" issued by the People's Bank of China put forward security governance structure and management responsibility requirements for technology suppliers. International organizations such as ISO and IEEE also When formulating relevant blockchain standards, it is very important for the safe operation of the Metaverse blockchain base, whether it is built on a public chain or a consortium chain. In addition, the industry is also promoting the formulation of cross-chain standards for blockchains to make the underlying frameworks of different blockchains compatible. These standards will help improve the privacy protection technology governance system of the Metaverse and the compatibility and coordination of different platform operators, making user data migration and platform switching more convenient. Real-life applications of the

metaverse may involve sensitive data flow issues. In the real world, there are already clear laws and regulations for data flow, such as the EU GDPR and my country's "Personal Information Protection Law" and "Data Security Law". The Metaverse should be similarly subject to these existing regulatory policies. However, in the Metaverse, the existing regulatory measures may need to be revised and expanded to better adapt to the actual situation of the Metaverse.

The first new situation is that the data flow in the metaverse is more complex, and may flow across borders, or across the virtual and real worlds . The former refers to the information transfer within the metaverse between users from different countries, and the information is transferred from domestic user nodes to foreign servers; the latter refers to the user’s private information first entering the metaverse from the real world, which involves the transfer of data between two Movement between worlds.

For example, the cross-border transfer of personal data is a particularly sensitive issue. Imagine a large-scale metaverse medical community that brings together many doctors from around the world to register as users. A Chinese patient meets an American doctor in the virtual space and authorizes the doctor to obtain his medical record data and real-time posture and physiological data measured by high-precision wearable devices. These data need to be transmitted to the American doctor's studio for analysis by his device software. . In turn, American patients may one day ask Chinese doctors for help. In this way, cross-border transmission of personal health data occurs, involving the US "Health Insurance Portability and Accountability Act" (HIPPA) and my country's "Personal Information Protection Law". The "Personal Information Protection Law" stipulates that operators of critical information infrastructure and personal information processors that handle the amount of personal information required by the national cybersecurity and informatization department shall store personal information collected and generated within the country, unless it is processed through the national cybersecurity and informatization department. Only the security assessment organized by the department can be transmitted externally. HIPPA requires that the storage, maintenance, and transmission of any form of personal health care information must comply with security regulations. If patients or doctors in the medical community are EU residents, or data processing occurs within the EU, then data transfer and processing will also be subject to GDPR [37].

So how these current regulatory laws adapt to the application scenarios of the Metaverse is a new topic. We can draw some inspiration from the experience of the European Union and the United States. In order to reconcile the contradiction between EU user privacy protection and the business of American Internet companies, the EU and the United States have successively concluded the Safe Harbor Agreement (Safe Habour), the Privacy Shield Agreement (Privacy Shield), and the latest Transatlantic Data Privacy Framework 》 (Trans-Atlantic Data Privacy Framework) and other bilateral privacy protection treaties, a compromise solution is to establish a corporate whitelist and strengthen supervision by the US government. Although these treaties cannot completely resolve the fundamental differences between the two parties, they have maintained the normal business of American Internet companies in the EU for a long period of time [38]. When China develops the metaverse industry, it may be a phased solution to conclude bilateral or multilateral privacy treaties with other countries.

The second new situation is that the legal specification object may change . The current legal and policy targets for data supervision are centralized development and operation platforms, but the Metaverse with the characteristics of Web 3.0 is likely to be a distributed platform. Data is stored on the users themselves or on entrusted and trusted nodes. Each node constitutes A "decentralized autonomous organization (DAO)". DAO is a non-traditional organizational form with a new set of economic collaboration mechanisms. There is currently no legal framework for supervising DAO in the world, not to mention the data and privacy involved. Supervising the data on the DAO will be a more difficult subject.

4. Balance privacy protection and maintenance of public order

(1) Protect privacy while maintaining public order

According to the "privacy in context theory" in privacy law, personal privacy and data flow are not absolutely protected. rights, but appropriateness must be judged based on the specific context. In different contexts, specific subjects may have specific rights and abilities, and data may not necessarily remain absolutely private [39].

is mapped to the traditional Internet space. "Reasonable protection" of the right to freedom of speech in cyberspace is an important legal issue and cannot violate the public order of the country, society and economy. cyberspace is a public domain, so although the law protects freedom of speech, this freedom has boundaries. You cannot use this freedom to infringe on the legitimate rights and interests of others. You cannot arbitrarily spread rumors and slander or even publish things that violate public order and good customs and undermine national and social security. speech, or allow users to leak some national security and commercial confidential information obtained from their work in the real world, and engage in related harmful behaviors. Once such behavior occurs, network operators have the right to "delete posts" and "ban accounts" in accordance with laws and regulations. In serious cases, they will also bear legal responsibility. This is true whether in China or the United States. In 1996, the United States legislated to allow Internet operators to delete harmful content out of "good faith"; in 2018, a new bill was introduced to prohibit the spread of sex trafficking content on the Internet. Therefore, traditional Internet space requires state regulatory power to maintain necessary public order and refrain from absolute protection of privacy.

Now that it has evolved from the traditional Internet to the Metaverse, the important question is, in terms of privacy and data, should the Metaverse follow the practices of the traditional Internet and the real world, and also maintain necessary supervision and content review? As with the traditional Internet, the principle of balancing personal freedom and public order also applies to the Metaverse. The strong privacy protection of the metaverse does not mean absolute freedom of content. Many contents come from users’ independent creation and interaction results. The head of security at Microsoft pointed out that illegal content such as virtual violence, pornography, terrorism and anti-government may exist in the metaverse [40]. The Anti-Defamation League (ADL), a U.S. non-profit organization, released a report investigating hate, harassment and other disruptive behavior and harmful information in online multiplayer interactive games, and found that 74% of adult online games Players have encountered text, voice, picture, etc. harassment inside and outside the game, and 29% have encountered online "human flesh" violence, causing many people to have social barriers in the real world [41]. The report calls on governments to enact strict laws to combat such illegal behavior in online social networking and gaming. These problems also occur in the Metaverse. Therefore, there is no "absolute" privacy, and illegal speech and content that undermines public order cannot be protected on the grounds of protecting personal data and freedoms. There must be corresponding content review and supervision to restrict it.

(2) The centralized supervision and review model has many difficulties

Although public order needs to be maintained in the Metaverse, many other opinions point out that if the government and Metaverse platform companies centrally control user behavior data from top to bottom Carrying out “penetrating supervision” will face many difficulties and challenges. The so-called centralization may include setting up a hub server for data information communication, or it may include setting up high-authority regulatory nodes on the blockchain, placing a trusted execution environment for privacy computing in regulatory agencies, and other measures. The difficult challenges of centralized regulatory review include technical and standard obstacles, conflicts with the essential attributes of the metaverse, and the compatibility of cross-border regulation.

First, the digital content format of the Metaverse is more complex than traditional Internet platforms and 2D media. It is difficult for top-down content review technology to achieve the balance between privacy, security, timeliness and accuracy [42]. Traditional media and the Internet mainly present static text, pictures and recorded audio and video content, but the metaverse of multi-person interaction and immersive experience also presents high-dimensional information such as multi-person real-time voice dialogue, visual display and behavioral expression, which is more abundant. At present, it is technically difficult to achieve efficient top-down real-time review. Even if some AI algorithms are used to automate monitoring [43], the effect is not very good, and a large number of variants of "Internet language" (algospeak) will be misjudged or missed. ; If the regulation is reviewed after the fact, not only will the effect be greatly reduced because the matter has already happened, but it will also cause privacy concerns for users [44].

Second, the diverse scenarios in the metaverse make it difficult to grasp the standard scale of top-down content review and respect for privacy. For example, in the metaverse, some scenes are users speaking in a virtual public square, and some are users talking in private rooms; some are children playing and playing, and some are adults' conversations.In different scenarios, users have different expectations for privacy and security, and the boundaries between privacy and legality are different. It is not appropriate to implement the same standards for review. So when the scenarios continue to increase, the number of centralized review standards will not only make it difficult to formulate standards, increase the difficulty of review judgment, and reduce the efficiency of supervision, but also further increase the difficulty and difficulty of technology development due to the multi-version of supervision functions. cost.

Third, centralized supervision and review of user data will put a "panopticon" on the Metaverse, which is not conducive to attracting users and generating rich scenario applications. Due to the strong protection characteristics of blockchain and privacy computing, governments and platform companies usually need to set up "super permissions" that can penetrate the underlying data. But such a "God's perspective" means that users of the Metaverse face the danger of the "panopticon" proposed by the British philosopher Bentham [45]. This kind of panopticon allows a guard to monitor all the prisoners from a tall tower in the middle, and the prisoners do not know whether they are being monitored at the moment. In the real world, many words and deeds of users in social interactions are not monitored at all times, but this virtual world is a panopticon that is monitored at all times, which essentially erases the "borderline" between personal autonomy and social boundaries. If there is a "blank" area, the right to privacy does not exist [46]. So how attractive is the Metaverse, which originally demonstrated distributed and autonomous control of private data, to users, and how many rich interactive scenarios can it generate? The development of the Metaverse platform is likely to be limited.

Fourth, if the Yuanverse industry wants to move toward international operations and competition, it will inevitably face different judicial positions on “penetrating regulation” of privacy in various countries. The domestic Yuanshi platform not only develops within one country, but also needs to move towards international operations. A platform operated across countries will inevitably accommodate users of different nationalities, and servers will also be distributed in different countries. However, different countries have very different stances on penetrating supervision of privacy and data, which can cause problems for normal cross-border applications. Take again the fundamental differences between the United States and the European Union. The European Union regards the right to privacy as part of basic human rights that cannot be infringed by governments. However, the United States believes that national security is more important than personal privacy. The government can monitor and collect data on domestic citizens in the name of security, so the "Snowden incident" occurred. The bilateral treaties on data transmission and privacy protection between the two parties have never eliminated fundamental differences. Recurring conflicts resulted in the treaty being abrogated and re-amended several times[47].

(3) Use distributed governance to maintain the gray balance of supervision and privacy protection

The implementation of complete centralized supervision and review of whether data and content is illegal faces a series of problems, so the distributed governance system voluntarily executed by the community and users in the metaverse Governance may be a more feasible solution at this stage that can produce a certain effect. The distributed governance of is similar to the distributed technology and application nature of the Metaverse. The specific means of implementation is to give users the right to democratic supervision, and inform users of what regulatory requirements and community norms they will face in different scenarios and communities - that is, the "soft law" rules mentioned above, allowing users to both self-discipline and It can monitor the behavior of others, and users will form clear expectations for the experience in the scene and decide whether to enter the scene.

In the process of distributed governance, when users encounter speech behavior that does not meet the requirements of public order in this scenario, or feel offended and harassed, they can adopt two methods to perform supervision, although each method will exist. Defect [48]. The first way is to rate others and give low scores to those who engage in destructive behavior and spread bad information, so that the system will record it and facilitate subsequent supervision of the system. This score cannot be publicly visible in the Metaverse to prevent stigmatization and exacerbating divisions between groups of people. Each party can check their own score (similar to the current credit reporting system) and retain the right to appeal. However, this method can easily transform the Metaverse into “information cocoon rooms” and “echo walls”, antagonizing and separating user groups. The second way is to report illegal behavior.But if it is reported to the platform’s algorithm or operator for supervision, is the algorithm smart enough to determine complex issues, and does the platform operator have the necessary legal literacy and public conscience? And it has the potential to cause conflicts and divisions within the community. In addition, using community "soft law" autonomy also has a theoretical risk of "governance attack", that is, users can obtain more than 51% of the voting rights in a short period of time through some means, and it is possible to modify the community governance rules. to damage the rights of other users. For example, in the DeFi scenario, some projects have launched governance tokens, and users may suddenly obtain a large number of governance tokens from the outside through loans and other forms to carry out attacks [49]. Although

will have flaws, distributed governance ensures that the metaverse forms a fuzzy equilibrium state [50] in terms of privacy protection and order maintenance. The so-called "grey balance" refers to a vague and uncertain intermediate stable state. Regulators cannot guarantee that there will be no bad information at all times, nor can they eliminate it at the same time. However, conversely, bad information cannot spread in a short period of time. , it is impossible for users to obtain all bad information at the same time. Management in the real world is often a gray-scale equilibrium. In many things, there will be neither absolute control nor absolute laissez-faire, but a balance of appropriate tightness and dynamic adjustment. In a metaverse of with large-scale users and rich application scenarios, appropriate grayscale balance may be a way to reduce governance costs and achieve a balance between effective privacy protection and effective government supervision.

Moreover, this loose regulatory governance approach may be more conducive to the early development of the Metaverse industry in its early stages. Section 230 of the Communications Decency Act of 1996 in the United States stipulates that operators of Internet services shall not be regarded as publishers and therefore shall not be legally responsible for the speech of third parties using their services. This provision is considered to protect early-developing Internet companies and build legal protection for the emergence and development of services such as search engines and social media [51]. Although this law has faced a lot of controversy in recent years [52] and it is impossible for our country to copy it completely, its implication is that a relaxed environment is conducive to early innovation in emerging industries. In the early stages of the development of the Metaverse, there is no need to set up too many centralized supervision methods, and they can be improved according to the situation.

5. Achieving effective protection and supervision through distributed technology and spontaneous governance

Privacy protection is a necessary prerequisite for the healthy development of the Metaverse industry. Since the Metaverse is an emerging thing that is very different from tradition and has not yet taken shape. It is in the stage of concept discussion, technical research and prototype attempts. What kind of technology and supervision are better privacy protection paths that can achieve effective protection and Supervision will be a long-term open issue. The "effective" here in includes the meaning of effect, which allows users' data privacy to be legally protected and respected; it also includes the meaning of efficiency, which allows supervision to maintain the necessary order in the metaverse at a relatively small cost without damaging Economic efficiency of industrial development.

In order to achieve effective and appropriate privacy protection, the Metaverse system should achieve three basic requirements - the full life cycle of data is safe and trustworthy, users have the ability to independently control data, and support distributed collaborative governance by all parties. In order to achieve these three basic requirements, distributed technology and governance will be the main feasible ideas, which can provide inspiration for the formulation of relevant technical policies and regulatory policies. The distributed technology of

is based on blockchain as the underlying architecture, privacy computing protocols and algorithms as core components, and distributed identity as the basic module. Among them, blockchain and privacy computing are complementary and integrated, allowing data to be stored and circulated safely and reliably, and data value shared by multiple parties; distributed identity technology allows users to independently control digital identities and their corresponding data in the metaverse. These three technologies and other data security technologies are still in the cutting-edge research stage, and have also been included in various financial technology and digital economy development plans, and have attracted much attention. Blockchain has been popular in China for more than five years, especially since the Politburo collectively studied the industry in October 2019, it has developed rapidly.With the implementation of laws and regulations related to privacy protection and data security, privacy computing will also become a hot topic starting in 2021.

In view of the fact that many manufacturers are currently developing related technologies and promoting application implementation, recommends accelerating the formulation of multi-level privacy protection-related technical standards, promoting the development of product technical specifications, and improving interoperability between different manufacturers. The multi-level standard refers to filling gaps at the four levels of international, national, industry and group based on technology and industry maturity, building a high-quality domestic technical standard system, actively participating in and striving for international technical voice to adapt to the metaverse needs for the international development of the platform. The reason why we should focus on the interoperability between technologies from different manufacturers is to lay a technical foundation for building interconnected Metaverse applications, so as to eliminate the differences between blockchains with different architectures, different digital identity technical specifications, and different privacy computing frameworks. Compatibility issues.

Distributed spontaneous governance refers to relying on the independent power of the community and users within the Metaverse, paying attention to the role of "soft law" rules such as platform service terms and community norms to achieve a balance between privacy protection and necessary supervision . First, it helps to supplement the external regulatory force of traditional “hard laws” such as policies, regulations and technical standards, and establish a “second line of defense” for privacy protection. Secondly, "soft law" can also help maintain public order and good customs in the metaverse, allowing industries to develop healthily on the track of the rule of law. Since the digital content formats and scenarios of the Metaverse are rich and diverse, and may also involve transnational scenarios, the traditional centralized supervision and content censorship model poses great challenges and is not conducive to attracting users. Governance voluntarily implemented by communities and users in accordance with "soft law" can serve as the main support to achieve a gray-scale equilibrium state of supervision and protection. The distributed spontaneous governance idea of ​​

can complement traditional centralized and top-down supervision. It can be adapted to the needs of DAO and the metaverse in rich scenarios, and is more easily accepted by diverse users. Since the privacy boundaries in different application scenarios are different, the legality boundaries and supervision levels of users' words and deeds are also different. recommends that when exploring and developing Metaverse applications in the future, the applicable privacy protection specifications in this scenario should be studied simultaneously to form an operational framework. and distinguish different levels of code requirements to facilitate community implementation.

In fact, in addition to being used in privacy protection, 's distributed spontaneous governance ideas can also play a role in other compliance and internal governance issues in the Metaverse. The metaverse simulates the complex relationships in the real world in the digital space. Therefore, various contradictions and complex relationships in the real world may also occur in the metaverse. If you encounter disputes that lack clear laws or rules in the real world, in the metaverse It is also difficult to rule from the top down. What's more, the Metaverse emphasizes equality and decentralization among users, and often lacks authoritative hierarchical systems like parents and leaders in the real world to suppress conflicts and adjudicate disputes. Therefore, how to properly resolve disputes and coordinate interests among users of various backgrounds, overcome the opportunistic tendencies of some users, and maintain the economic system and market system in the metaverse will be very challenging issues. The 2009 Nobel Prize winner economist Ostrom found in research that people with equal status in the real world have the ability to form polycentric autonomous organizations, overcome the inherent shortcomings of collective action, and spontaneously manage shared but limited public resources. [53]. Then it is entirely possible to rely on the spontaneous governance of users and communities to maintain the public system order and achieve healthy development in the Metaverse. This will depend on the coordination between developers, operators, users and regulators as new applications continue to sprout in the future. Explore together.

Appendix: Principles of Distributed Identity (DID) technology[54]

In order to better promote the construction and development of digital infrastructure and promote the implementation of distributed digital identities, many international organizations are currently committed to developing corresponding Technical standards to better achieve compatibility of technical applications.As the most authoritative and influential international neutral technical standards organization in the field of Web technology, W3C (World Wide Web Consortium) has successively released recommended standards for distributed digital identity identifiers and verifiable credential data models, which have also become the current distributed digital identity identifiers and verifiable credential data models. The most influential technical specification in the field of digital identity [55]. Other technical standards organizations in this field have also proposed a series of protocol standards from different technical directions. For example, the OpenID Foundation (OIDF) has developed a set of Web-based digital identity technologies [56], the Decentralized Identity Foundation (The Decentralized Identity Foundation, DIF) proposed the DIDComm2.0 protocol to formulate specifications for the secure communication mechanism of DID [57]. These organizations have played an active role in promoting the development of the distributed digital identity ecosystem. At present, the technical specification system proposed by the W3C working group is relatively complete and highly recognized, and has become the main reference for the distributed digital identity system. We will use this as a standard to introduce the principles of DID technology in the future.

(1) DID basic layer: distributed digital identity identifier

The essence of a distributed digital identity identifier (decentralized identifier, also abbreviated as DID) is a series of globally unique strings. Each DID uniquely corresponds to a Entity identity to achieve unique identification of different entities. The W3C specification gives a standard example of DID (Figure 3). The DID string consists of three parts: (1) The starting template (Scheme) is both did, indicating that this is a DID string, similar to http/ in the URL https and other protocols; (2) DID method (Method) indicates which set of methods this DID needs to use for creation, parsing and other operations. Its essence is a set of specific specifications applicable to certain DIDs under the general specification of DID. Developers can define this specific specification by themselves and register it with W3C to avoid conflicts in the use of method names; (3) The last part is the unique identification string under the DID method. These three parts ensure the uniqueness of DID and ensure that each DID independently identifies an entity. To give a more popular example, if we design a Chinese vehicle identity management system, assign a DID to each car, and name the method ccar, then the DID of a certain car is "did:ccar:京A12345 ". The DID method is very important. On the one hand, "Beijing A12345" may not be a unique identifier in the world, but is only unique under the ccar method; on the other hand, because the DID is created under the specific specification of ccar, it cannot be identified outside of ccar. None of the other DID methods can correctly parse this string.

Chart 3: DID identifier example

Source: CICC Research Institute

Chart 4: DID on-chain storage

Source: CICC Research Institute

Chart 5: Asymmetric encryption algorithm principle

Source: CICC Research Institute

DID The verification mechanism is based on the asymmetric encryption algorithm and relies on the public key and private key key pairs. In the current real identity system, "account + password" is the most commonly used authentication method. Entering the correct password means that the user himself is performing the operation [58]. But to prove that the password is correct, the premise is that the platform also needs to know what the password is. In other words, both the user and the platform have the key to open the account. This symmetric encryption algorithm theoretically has hidden dangers in data security. . The characteristic of the asymmetric encryption algorithm is that it generates a pair of keys at the same time, namely a public key and a private key. The public key is a key that can be disclosed to others, while the private key is a key that is kept privately. Each pair of keys has a one-to-one correspondence. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt it. Correspondingly, if a private key is used to encrypt the data, only the corresponding public key can be used to decrypt it. Figure 5 presents how the asymmetric encryption algorithm works. During the transmission of encrypted information, A (receiver) first tells B (sender) its public key. B uses A's public key to encrypt the information and then transmits it to A. At this time, A receives After encrypting the encrypted information with his own public key, A can decrypt it with his private key to obtain the original information.Step 3 is the real information transmission process. In this process, what is actually transmitted is the information encrypted by the public key. Since only the paired private key can be decrypted under the asymmetric encryption algorithm, and this private key is only held by A himself. , so even if there may be a risk of information leakage during the transmission process, people other than A cannot decrypt the information, which ensures the security of the information in an absolute sense.

DID itself does not carry information, but each DID can be parsed into a DID document (DID Document), which records the attributes related to DID, mainly including public key, authentication method (Authentication), etc. Verification of DID is achieved through the information provided in the DID document. When the platform needs to perform DID verification on a user, the platform can set a piece of verification information and encrypt it using the public key disclosed by the user in the DID document. The platform sends the encrypted information to the user. If the user can use the private key to decrypt the information, it proves that the current DID is indeed operated by the user himself.

DID and DID documents are not stored in a company's database, but are stored on the blockchain (Figure 4). The DID after being uploaded to the chain is publicly accessible. Everyone can query the contents of the DID and the document to verify the user's identity. In this process, the user only needs to use the private key for authorization without any other centralization. Agency authorization. The freedom of identity management brought by the DID system is also reflected in the free use of multiple digital identities. Although each DID only corresponds to one entity, one entity does not necessarily correspond to only one DID. Just like everyone can register multiple QQ numbers, each entity can have multiple DIDs, which mainly depends on the user's own wishes. Using multiple DIDs at the same time is usually for the purpose of classifying and managing identity information and isolating identity interactions.

(2) DID application layer: verifiable credentials

The DID base layer answers the question "I am me", while the application layer answers the question "who am I and what information do I have". DID is a string of identifiers, and the DID document describes only the usage attributes of the DID. They do not contain any real information related to the entity, such as name, date of birth, etc. Therefore, the base layer can only verify that the user is the person holding the DID, but cannot verify other identity information. In the DID system, this function is implemented by verifiable credentials at the application layer, which is also the core part of identity management.

Verifiable credential (VC) is essentially a digital certificate that carries certain data. It can provide proof for our identity information, characteristics and attributes, etc., thereby ensuring that we can use certain social services normally. VC, like ID cards, driver's licenses, academic certificates and other traditional physical credentials commonly used in our daily lives, is composed of three basic components: metadata, claim and proof. Metadata describes the attributes of the certificate, including certificate type, issuer, etc., with the purpose of telling everyone how to use the certificate. For example, metadata is recorded on the front of an ID card, which indicates that the type of certificate is an ID card, the issuer is a certain public security bureau, etc. The statement is the most important information component in the voucher. Each statement about the subject information of the voucher is called a statement, such as name, gender, date of birth, etc. A voucher can contain one or more statements, but the statement must at least contain a statement of the subject's unique identifier. In VC, it refers to the subject's DID, which corresponds to the ID number in the ID card. Finally, proof actually refers to an encryption mechanism, which is some details that can prove the authenticity of the certificate. Our ID cards usually have some anti-counterfeiting stamps, the purpose is to prove that the certificate is real and not forged. Digital signature (Signature) technology is usually used in VC to encrypt credentials.

Figure 6: The basic structure of a verifiable certificate (VC)

Source: CICC Research Institute

Figure 7: The basic structure of a verifiable credential

Source: CICC Research Institute

Traditional credentials have loopholes in verifiability. When introducing distributed identity in the second section of this article, an example is given of a patient taking a hospital prescription to a pharmacy to buy medicine. The core is to verify that the prescription is authentic and was written for the patient.The solution of DID technology is to store identities and credentials in a verifiable data registry (Verifiable Data Registry), and completely separate the issuance, holding and verification operations of credentials based on trusted encryption technology. There are three main roles in the system, called the "Trust Triangle" (Figure 2): (1) Issuer (Issuer): The issuer of VC, most of which are authoritative institutions registered in verifiable data registration agencies, such as the above example The hospital that issued the prescription; (2) Holder: the holder of the VC, usually the information subject who records relevant information in the VC, such as the patient holding the prescription; (3) Verifier: A party that needs to use the relevant information in the VC and verify it, such as a pharmacy that verifies prescriptions. The running path of the VC system is as follows: (1) The issuer issues VC to the holder and stores the VC in a verifiable data registration agency; (2) When the holder encounters a situation that requires identity information verification , authorize and present the VC to the verifier, (3) the verifier verifies the VC. As a result, issuers, holders and verifiers are reconstructed based on mutual trust relationships, and a new trust mechanism based on verifiable data registration institutions is established. The verifier no longer needs to request authorization from the issuer, but can directly go to the verifiable data registration authority to complete the verification operation of the certificate, which greatly improves the verifiability of the certificate.

So specifically, how does the system ensure the credibility and security of the verification mechanism? In fact, the verification process of VC and DID is also based on asymmetric encryption algorithm. The issuer of VC is also a DID entity and also has a pair of public and private keys. When issuing a VC, the issuer first performs a hash calculation on the metadata and declaration structure in the VC to generate a hash string of the VC, and then uses the private key to encrypt the hash value. The encrypted result is the issuer's digital signature. . The issuer rewrites the digital signature into the VC as a proof of the VC to prove that the VC was signed by the signer himself (Figure 8).

Chart 8: Verifiable certificate issuance process

Source: CICC Research Institute

The verification of VC is divided into two steps. The first step is to verify that the VC is indeed issued by the issuer (red process in Figure 9). In this step, the verifier needs to extract the digital signature from the VC and find the issuer's public key for verification. The issuer's public key is obtained by calling the issuer's DID document in the DID base layer system. Since the public key and the private key have a one-to-one correspondence, only the corresponding public key can decrypt the content encrypted by the issuer using the private key. Therefore, if the verifier successfully decrypts using the public key, it means that the VC is indeed issued by the issuer. The second step is to verify that the content of the VC is authentic and has not been tampered with (black process in Figure 9). When issuing a VC, the issuer will hash the VC structure to encrypt and record the specific content of the VC. When verifying, the verifier can also hash the VC according to the verification mechanism pointed out in the VC certification section to obtain a hash value. As long as the hash value calculated by the verifier is compared with the hash value at the time of issuance, the authenticity of the current VC content can be proven.

At present, mainstream DID manufacturers usually adopt two methods to verify the authenticity of VC content. is an embedded verification method . uses digital signature technology to embed the hash value of the VC issued by the issuer into the VC's certification structure . As mentioned earlier, the digital signature in VC is the result of the issuer using the private key to encrypt the hash value of the VC. Therefore, when the verifier uses the public key to decrypt and verify the digital signature, the result is the hash of the VC when the issuer signed it. value. If the verifier performs a hash calculation on the VC submitted by the holder at this time, and the hash value obtained is exactly the same as the hash value at the time of issuance, then it means that the VC has not been tampered with from beginning to end. Another method of is external verification, which stores the hash value of the VC issued by the issuer in an external , such as on the blockchain. Under this verification mechanism, the verifier only needs to find the hash value of the corresponding VC on the blockchain and compare it with the self-calculated hash value to complete the verification.These two verification methods exist in practical applications. The former is a set of off-chain verification methods that do not rely on blockchain, while the latter needs to be based on blockchain technology. W3C mentions both types of verification mechanisms in VC's technical specifications, but clearly states that it will not standardize specific verification methods.

Chart 9: Inspection process of verifiable credentials

Source: CICC Research Institute

(3) Application Cases

1, Verification Voucher Cases

In the real world, identity verification usually requires first verifying the authenticity of the credential information, and then verifying the authenticity of the credentials. Whether the person is the subject described in the credential information. This is just like when checking in at an airport. Passengers not only need to show their flight tickets to verify their eligibility to fly, but also need to use facial recognition and other methods to verify that they are the ticket owners. The distributed digital identity system also follows similar steps to complete double identity verification. First, verify whether the current VC holder and the DID subject described by the VC are the same person, and secondly verify whether the VC information is authentic and trustworthy.

The following is a case to illustrate the above process. A job seeker applied for a position in a company. The company required the applicant's academic background to be verified before joining the company, so the applicant presented the company with an academic certificate issued by a university. The company naturally believes in the credibility of the certificate issued by the university as an authoritative institution, but the company still remains skeptical about two issues: First, is the academic certificate indeed issued by the university and not forged? Is the content authentic and not tampered with? Second, does this academic certificate really belong to the applicant and not an impostor?

Chart 10: Verification process of academic background

Source: CICC Research Institute

In order to verify the first question, the company’s specific approach is: ① Find the university DID reflected in the VC, ② Find it on the blockchain where the DID is stored Corresponding DID document, extract the public key from it, ③ use the public key to verify the digital signature in the VC. If the verification passes, it proves that the VC is authentic and has not been tampered with. The specific method of

to verify the second question is: ① Find the job seeker's DID reflected in the VC, ② Find the corresponding DID document on the chain, extract the public key from it, ③ Use the job seeker's public key to encrypt a piece of verification information and send it to Job seekers, ④ request the job seekers to use their own private keys to decrypt the verification information. If the decryption is successful, it proves that the certificate is indeed owned by the job seekers.

2. Cross-border data sharing case

The DID system has brought huge breakthroughs in promoting data sharing. Policy and legal restrictions in the traditional system are often major obstacles to data interoperability and information sharing. Especially when it comes to cross-border data flow, policy barriers are almost difficult to break. However, as the DID system breaks the traditional centralized data structure and realizes the independent carrying of personal information data, the problem of cross-border information authentication has also been solved.

Since the outbreak of the new coronavirus, dynamic monitoring of health codes has made outstanding contributions to epidemic prevention and control in various places. However, the lack of mutual recognition of health codes in various places, especially cross-border health codes, has still caused great troubles to people's production and life. In 2020, WeBank used blockchain-based DID and VC technology to launch the Guangdong and Macao health code cross-border mutual recognition project, using a distributed solution to solve the problem of cross-border data sharing. This project has brought great convenience to the normal cross-border customs clearance for residents of Guangdong and Macao. Its outstanding role in the national epidemic prevention and control work was recorded in "A Brief History of the Communist Party of China" [59].

Chart 11: Diagram of the Guangdong and Macao Health Code Mutual Recognition Project

Source: CICC Research Institute

In the Guangdong and Macao Health Code Mutual Recognition Project, the governments of Guangdong and Macao act as the issuer and verifier respectively. As an authoritative institution, the local government has the ability to endorse residents' nucleic acid test results, so the government can issue verifiable digital certificates (VC) to residents upon application. After the resident holder carries the VC across the border, he or she will present the VC to the other government, and the other government will verify the contents of the VC to confirm the authenticity and validity of the information. The establishment of the VC trust triangle allows institutions in the two places to still verify personal information and nucleic acid test results even if the backend is not interconnected.

Note:

[1] Tsinghua University: "Metaverse Development Research Report Version 2.0", 2022.

[2] Deloitte. 2015. Privacy by design setting: A new standard for privacy certification.

[3] For example, EU GDPR, international standards ISO/IEC 27001, 27002, California and federal Consumer Privacy Act or draft , see https://gdpr-info.eu/issues/privacy-by-design/.

[4] Decrew, Judith. 2018. Privacy. Stanford Encyclopedia of Philosophy. See https://plato.stanford.edu/entries/privacy/. See also https://www.privacyinternational.org/explainer/56/what -privacy

[5] Shen Jun: "A Preliminary Study on the Legal Issues of the Metaverse: Taking Immersive Objects as an Example", "China Law Review" Issue 2, 2022.

[6] Yuan Yu: "Panorama and Outlook of the Metaverse from a Global Perspective", see https://mp.weixin.qq.com/s/FC_o_4haVbbIBbd_X44gKw.

[7] Li Ming: "The Metaverse is a Web 3.0 digital ecosystem with blockchain as the core", see https://5gai.cctv.com/2022/03/02/ARTI3S8KYgpUf28wFsk2z8sJ220302.shtml.

[8] See Citi Bank. 2022. Metaverse and money. https://www.discoursemagazine.com/culture-and-society/2021/10/27/the-web-3-0-revolution/, https:/ /future.a16z.com/why-web3-matters/. It is worth noting that many people believe that the core feature of Web 3.0 is decentralization - users can enter the network without permission (permissionless), and data is scattered and stored on the user's own backup. However, we believe that it does not necessarily need to be completely decentralized. The polycentric model also supports Web 3.0 to a certain extent. Users can join with approval, and data does not have to be completely dispersed and stored on user nodes. Multiple backups can be made. Stored on the platform or on a server trusted by the user. The most essential feature of Web 3.0 is to emphasize that users enjoy certain ownership and revenue sharing. To achieve this, a central or multi-center data control and governance model will naturally be derived.

[9] my country's "Data Security Law", "Personal Information Protection Law" and various related standards emphasize the management procedures and obligations of network operators or data controllers, emergency response methods, etc. The government itself is also a network governance system key role.

[10] Tiwana, A., Konsynski, B., Bush, A. A. 2010. Platform evolution: Coevolution of platform architecture, governance, and environmental dynamics. Information Systems Research, 21(4), 675–687. Steurer, R. 2013. Disentangling governance: a synoptic view of regulation by government, business and civil society. Policy Sciences, 46(4), 387–410.

[11] Cavoukian, Ann. 2010. Privacy by Design: The 7 Foundational Principles Implementation and Mapping of Fair Information Practices. National standard "Information Security Technology Personal Information Security Specification", GB/T 35273-2020.

[12] Yao Qian: "Web 3.0: The approaching new generation of Internet", "China Finance" Issue 6, 2022.

[13] Luo Han Tang: "Data and Privacy in the Digital Age", 2021.

[14] Ma Zhitao, Yao Huiya, Li Bin, etc.: "Distributed Business", CITIC Press 2020 Edition.

[15] WeBank: "White Paper on New Data Infrastructure", 2020.

[16] International Standards Organization ISO standard. Information technology-Security techniques-Privacy framework (ISO/IEC 29100).

[17] University of Washington. 2007. Introduction to Distributed Systems.

[18] This does not mean distributed Identity is only useful in the Metaverse. From the appendix below, it can be seen that its application scenarios also transcend the Metaverse, but its functions can be concentrated in the Metaverse.

[19] National Standard "Information Technology Blockchain and Distributed Accounting Technology Reference Architecture" (Draft)

[20] Davidson, Sinclair, Primavera De Filippi, and Jason Potts. 2016. "Economics of Blockchain." In Proceedings of Public Choice Conference, Fort Lauderdale.

[21] Li Fenghua, Li Hui, Niu Ben, Chen Jinjun: "Privacy Computing—Concepts, Computing Frameworks and Future Development Trends", "Engineering (English Edition)" Issue 6, 2019 .

[22] In federated learning, the data does not leave the local area, and the parameters of model training are transferred between nodes; in secure multi-party computing, the data will be transferred after certain changes.

[23] Xu Lei, Wei Siyuan: "The Connotation, Application and Development Trend of Privacy Computing in the Financial Industry", "China Banking Industry" Issue 11, 2021.

[24] Zhang Zhangxiang: "Why is the integration of blockchain and privacy computing an inevitable trend?" 》, https://mp.weixin.qq.com/s/0KVSZ3PcS3f2NOVodFJm6Q, 2021.

[25] Jinlianmeng, Guantao Zhongmao, Fintech micro-insight: "DDTP: Distributed Data Transfer Protocol".

[26] Li Ming (2022), Yao Qian (2022)

[27] Strictly speaking, distributed identity can be based on other distributed ledger technology (distributed ledger technology), not necessarily blockchain, blockchain Chain is just the most mainstream distributed accounting technology.

[28] An entity can create multiple DIDs, but one DID can only correspond to one entity.

[29] Regarding the effects and performance deficiencies of federated learning, please refer to Yang Qiang, Liu Yang, et al.: "Federated Learning", China Industry and Information Technology Press, 2020 Edition; regarding the security risks of trusted execution environments, please refer to https://blog .csdn.net/webankblockchain/article/details/106821891.

[30] The application standards of emerging technologies such as cloud computing and blockchain have similar governance requirements, such as the financial industry standard "Cloud Computing Technology Financial Application Specification" JR/T 0168-2018, and "Financial Distributed Ledger Technology Security" Specification》JR/T 0184-2020.

[31] He Zhe: "Virtualization and Metaverse: Singularity and Governance in the Evolution of Human Civilization", "E-Government" Issue 1, 2022.

[32] Lessig, Lawrence. 1999. Code and other Laws of Cyberspace, New York: Basic Books.

[33] Luo Haocai, Song Gongde: "Soft Law Also Legal", Law Press 2009 edition.

[34] See the article "We must pay attention to the role of soft law" in the Procuratorate Daily on September 4, 2014, http://newspaper.jcrb.com/html/2014-09/04/content_167634.htm.

[35] The introduction to Second Life mainly comes from Leenes, R. E. 2009. Privacy regulation in the metaverse. In B. Whitworth, A. Moor (Eds.), Handbook of Research on Socio-technical Design and Social Networking Systems. Information Science Reference.

[36] Su Jun: "Introduction to Public Science and Technology Policy", Science Press, 2014 edition.

[37] Xu Lei: "Big deal!" The European Union officially released GDPR applicable geographical guidelines (translation), see https://mp.weixin.qq.com/s/vsAup3j40_sgCjyX9BQZ1A, 2020.

[38] Liu Yaohua: "After Europe and the United States lose the "Privacy Shield"", "Global" Issue 11, 2020; Schwartz PM. Global data privacy: The EU way. New York Univ Law Rev. 2019;94(4):771 -818.

[39] Nissenbaum, Helen. 2010. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press. Ni Yunwei: "Theoretical Evolution and Conceptual Reconstruction of Privacy Rights in American Law" ———Analysis based on the theory of situational context integrity and its implications for Chinese law", "Politics and Law", Issue 10, 2019.

[40] https://blogs.microsoft.com/blog/2022/03/28/the-metaverse-is-coming-here-are-the-cornerstones-for-securing-it/

[41] ADL. 2019. Free to Play? Hate, Harassment, and Positive Social Experiences in Online Games.

[42] Londoño, Juan. 2022. The Erosion of Intermediary Liability Protections Can End the Metaverse Before It Even Starts. ITIF Report. Castro, Daniel. 2022. Content Moderation in Multi-User Immersive Experiences: AR/VR and the Future of Online Speech. ITIF Report.

[43] For example, Robolx has connected to the “human interaction audit system” of the third-party company Community Sift since 2017. The purity of games for minors is ensured through artificial intelligence real-time and manual retrospective punishment methods.

[44] Londoño, Juan. 2022. Lessons from Social Media for Creating a Safe Metaverse. ITIF Report. See also another comment by this author https://www.americanactionforum.org/insight/assessing-the-impact -of-the-widespread-adoption-of-algorithm-backed-content-moderation-in-social-media/

[45] Foucault: "Discipline and Punish: The Birth of the Prison", Sanlian Bookstore 2013 edition.

[46] Cohen, Julie E. 2019. Turning Privacy Inside Out. Theoretical Inquiries in Law 20 (1): 1–31.

[47] Jia Kai: "Global Governance of Cross-Border Data Flows: Power Conflict and Policy Cooperation 》, Journal of Shantou University (Humanities and Social Sciences Edition), Issue 5, 2017.

[48] Jacob, Stella. 2022. Rethinking moderation systems for the Metaverse. https://www.xrmust.com/xrmagazine/editorial-moderation-metaverse/

[49] In the Maker project, someone once used flash loans to initiate Profited from attacks, but the Maker project later modified the protocol, delaying the possibility of governance attacks. But similar vulnerabilities may still exist in other projects. See https://www.likecs.com/show-204069453.html, https://www.jinse.com/blockchain/592199.html.

[50] See "Metaverse, who wants us to run into the panopticon?" 》https://mp.weixin.qq.com/s/R_HjMnVK9tU8-fJ0w_kUjQ, 2021.

[51] Huang Yushuai: "Tracking US Internet Governance: The History, Current Situation and Future of Section 230 of the Communications Decency Act", "Network Information Law Research" Issue 1, 2021.

[52] Yuan Jihui: "Platform Responsibility Reform: Observation on the Amendment to Section 230 of the U.S. Communications Decency Act", available at https://www.secrss.com/articles/26591, 2020.

[53] Ostrom, E. 1990. Governing the Commons: The Evolution of Institutions for Collective Action. Cambridge University Press.

[54] We would like to thank intern Sun Yufan for his contribution to this appendix.

[55] The latest released specification document can be found at Decentralized Identifiers (DIDs) v1.0, https://www.w3.org/TR/2021/PR-did-core-20210803/; Verifiable Credentials Data Model v1.1 , https://www.w3.org/TR/2022/REC-vc-data-model-20220303/.

[56] A series of technical specifications proposed by OpenID are detailed at https://openid.net/developers/specs/.

[57] For details of the DIDComm2.0 specification, see https://identity.foundation/didcomm-messaging/spec/.

[58] Of course, passwords can be in various forms. In addition to traditional digital passwords, they can also be more secure fingerprint passwords, face passwords, mobile phone verification codes, etc., but no matter which form, the essence is a symmetric password .

[59] The writing team of this book: "A Brief History of the Communist Party of China", People's Publishing House, Chinese Communist Party History Press, 2021 edition.

Article source

Reference for this article: "Privacy Protection in the Metaverse: Technology and Supervision" published by CICC Research Institute on June 20, 2022. The author's information is:

Xu Lei SAC Practice Certificate No.: S0080121060033, SFC CE Ref: BRO889

Zhao Yang SAC practicing certificate number: S0080521080006, SFC CE Ref: AZX409

Legal statement

Slide up to see the complete legal statement

This public account is not a publishing platform for research reports of China International Capital Corporation (hereinafter referred to as "CICC"). This public account only reposts and excerpts some of the views of relevant research results written and produced by CICC Research Institute or other professionals/institutions. Subscribers who use the information contained in this public account may not understand the complete report due to lack of understanding. Or the lack of relevant interpretation leads to ambiguity in understanding the information, opinions, judgments, etc. in the materials. Subscribers must seek the guidance and interpretation of professional advisors before using this material.

Subscribing to this official account does not form the basis of any contract or commitment. CICC will not regard subscribers as customers of CICC due to any mere subscription to this official account.

The information and opinions contained in this public account do not constitute a bid or solicitation for the purchase or sale of any securities or other financial instruments or a service providing any investment decision-making advice. Such information and opinions shall not constitute targeted, specific investment operational opinions for anyone at any time. Subscribers should evaluate the information and opinions in this public account, make independent decisions based on their own circumstances and make their own decisions. Take risks.

CICC does not make any express or implied guarantee as to the accuracy, reliability, timeliness and completeness of the information contained in this official account. CICC and/or its affiliated institutions and related personnel do not assume any form of responsibility for any consequences caused by relying on or using the information contained in this official account.

The opinions, assessments and predictions contained in the relevant information of this public account are only the opinions and judgments on the date when the information is issued. These opinions, assessments and forecasts are subject to change at any time without notice. At different times, CICC Research may issue research reports that are inconsistent with the opinions, assessments and forecasts contained in this material. CICC's sales staff, traders and other professionals may express orally or in writing market comments and/or opinions that are inconsistent with this information based on different assumptions and standards and using different analysis methods. This public account may forward and excerpt relevant research results written and produced by other professionals/or institutions. The relevant research opinions only represent the analysis and judgment of the person/the institution and do not represent the views of CICC. CICC has no regard for the information contained therein. and its views without any form of confirmation or guarantee.

This subscription account is an official subscription account established and maintained by CICC Research Institute. Unless otherwise stated, the copyright of all materials in this subscription account belongs to CICC. No organization or individual may forward, reproduce, reproduce, copy, publish, publish, modify, copy or quote the contents of this subscription account in any form without written permission.