Bitcoin receiving app “Chivo” puts users’ personal data at risk
Computer science and data protection experts are of the opinion that a wallet developed by the government should have several requirements to ensure the security of personal data. Cybercrime or identity theft are some of the risks.
“No one has to receive bitcoins if they don’t want them,” the republic’s president, Neb Bukele, said during the national chain of crypto broadcasts on Thursday night, June 24.
In the series, the president announced a new mobile application that will act as a virtual wallet (or wallet, in English) to be able to transact with Bitcoin, the recently ratified cryptocurrency that will be adopted in the country in September. The main question is what it means to implement this application.
The aspect that raised the most doubts about the “Chivo” wallet, which will be developed, managed and controlled by the government, is the issue with the personal data it will collect from each user, who will have to provide their biometric data such as facial recognition, as well as the unique identity document (DUI) number ). That is, in a country where a proposal for a personal data law protecting people from using their data improperly or without their consent was recently rejected.
Carlos Palomo, president of the Association for Transparency, Social Observer, and Open Data (Tracoda), who told El Diario de Hoy that it’s “amazing” to try to use this kind of technology because, in theory, the app shouldn’t ask for more information than is absolutely necessary.
The risks it may contain
Cybercrime, identity theft, and the potential for our data to be used improperly are some of the risks pointed out by attorney Laura Hernandez, a data protection expert. In his opinion, the thing that generates more concern is that in the country there is “no regulatory framework on the use of data”.
According to Hernández, the Bitcoin law has been prioritized over another very important law, the Personal Data Act, which was recently introduced by the new Legislative Assembly, which would have come to prevent the risks involved in using an app like one the government intends to implement. .
“We focus a lot on technological solutions,” notes the lawyer, who emphasizes that important aspects such as the human rights of people who will use the platform are not taken into building the law, as she does not consider it to be an effective or comprehensive solution.
You may be interested in: The government will allocate $120 million to bitcoin users, without detailing the element
Similarly, Hernandez concluded that in the absence of this law, Salvadorans who are victims of illegal activities involving the mishandling of their personal and biometric data would be practically unprotected.
It would be very easy to “fall victim to violations in the environment in which the application operates”, as well as the possibility of having excessive permissions and entering personal files such as photos, calls, contacts, activating the camera or geolocation, something the expert warns that will make it easier for “cybercriminals” to create fake profiles and commit crimes using our data, identity, and resources.
Other security considerations
James Humberstone, a computer science engineer with a master’s degree in applied informatics, asserts that, almost by default, Chivo must meet minimum security requirements that ensure the protection of Salvadorans’ data. However, Palomo notes that “we still don’t know what security measures will be used.”
This is because, at the moment, the knowledge about the aforementioned application is very limited, because only the basic characteristics, but not the technical aspects such as the security mechanisms that it will include in its development and implementation, which according to Palomo, must be presented in a document in which everything related to these The wallet is transparent, along with its source code.
That is why Humberstone considers that the application should include more elements of authentication and authorization in addition to recording the user’s face and his DUI number, that is, the use of other elements such as a fingerprint or the use of codes to confirm transactions, using in order to reduce risks.
On the other hand, this computer expert asserts that one of the dangers of the application is that many users will use it in public WI-FI connections, so that transactions and operations are at the mercy of third parties to be able to put some malicious code that leads to identity theft or, at worst, funds contained in the wallet.
This weakness, according to Humberstone, lies in the fact that when developing an application whose goal is heavy use, they “sacrific security to increase people’s usability” and this, in the first place, presents a rather obvious weakness.