At the 3rd Cybersecurity Summit, I had the opportunity to interview Tsuyoshi Nakayama, LINE’s Chief Information Security Officer, Chief Privacy Officer, and Chief Information Protection Officer. We discussed LINE’s recent progress in cybersecurity.Work hard, as well as the measures LINE has taken in response to the Facebook privacy scandal and the EU's upcoming implementation of the most stringent data protection law in history, GDPR. It also revealed that it will definitely use new technologies such as blockchain to ensure user privacy security in the future.
Regarding LINE's current cybersecurity measures, Tsuyoshi Nakayama explained that by absorbing technical talent from around the world, the security performance of the LINE service platform continues to develop at a faster pace. At the same time, by collaborating with third-party organizations such as Intertrust and through vulnerability bounty programs, more white hat hackers are attracted to help discover system problems that the system itself cannot immediately discover, so that LINE's vulnerabilities continue to decrease.
Nakayama Tsuyoshi stated that LINE has already become a substantial service platform, continuously accumulating a significant number of users and private information. Therefore, it naturally has a greater social responsibility to protect user privacy and security, which has led to continuous advancements in its security technology. Nakayama emphasized that the current LINE security standards are higher than those of previous years. Furthermore, LINE has also simplified personal data protection by adapting to user behavior, such as through Letter Sealing, which encrypts chat messages, and a simple four-digit password, which ensures security and allows users to log in more easily.
However, even though LINE continues to work hard to promote the growth of information security protection technology, it is inevitable that users will still lack information security awareness. For example, they may directly transmit their personal account passwords through LINE, or tell their personal four-digit passwords to others, putting their personal accounts at risk of being stolen.
Therefore, in addition to improving service security, LINE also focuses on user education activities. For example, in the past year, it has visited a total of 2500 elementary, middle and high schools in Japan to promote the concept of personal information security protection to young users. At the same time, it also discusses with teachers and parents to let more people know about current Internet security knowledge and possible problems at this stage. Through interactive methods, LINE can also obtain more actual usage feedback, thereby making the service more perfect.
In Taiwan, we have also communicated on information security issues through events such as the Internet Governance Forum and the HITCON Annual Hacker Conference in the past. We have also communicated with institutions such as colleges and universities to learn more about the problems faced when using services.
At the Cybersecurity Conference held last October, LINE announced that Taiwanese smartphone users have an average of 10-6 frequently used apps, but only use 7-1 password combinations at most. This means personal accounts are relatively vulnerable to theft. Furthermore, many older people, worried about forgetting their passwords, often share this information with others. Consequently, LINE subsequently partnered with celebrity Crowd Lu for a promotional campaign. This campaign, which ran for a month on LINE and other channels, and offered stickers as rewards to attract more users to view the promotional content, significantly reduced the number of account thefts resulting from leaked four-digit passwords.
By cooperating with such promotional activities and interactive communications, LINE believes that while continuing to optimize the user experience, it will be able to more efficiently promote information security protection.
Taking Facebook's privacy breach as a lesson, we should be cautious about the EU GDPR regulations.
And from the recentFacebook user privacy leaked, and the EU is about to promote the most stringent cybersecurity protection law in history, GDPR. Tsuyoshi Nakayama said that from the perspective of LINE itself being a "data company", the recent problems faced by Facebook are indeed an important lesson for LINE. After all, the services provided by LINE not only include users' personal privacy, daily conversations and other content, but are also tied to the login mechanisms of many online services, or involve LINE Pay payment functions such as credit card information. Therefore, LINE is also particularly cautious in handling this part.
Nakayama Tsuyoshi explained that in the past, online services often provided lengthy user manuals explaining how their personal information would be used. However, most users didn't have the patience to read through the entire document, often quickly scrolling down and clicking "Agree," which often led to numerous issues. Following Facebook's recent privacy scandal, it is expected that more people will become more cautious about privacy issues, leading to more online services taking user privacy seriously. LINE will continue to improve security, make its user interface more user-friendly, and maintain ongoing communication with users to ensure tangible improvements in user information security.
Regarding the EU's GDPR, which will be implemented on May 5, Tsuyoshi Nakayama said that LINE had already started researching it a long time ago. He also emphasized that LINE will comply with local laws in different markets. Therefore, before the GDPR law officially came into effect, it continued to pay attention to relevant details and made adjustments based on actual usage behavior in Europe.
However, based on LINE's own development model of expanding into the global market, whether such legal adjustments will lead to differences in the usage of service content in different regions, according to Tsuyoshi Nakayama, if it is restricted by local laws and regulations, it is indeed possible that the user experience will be different, but LINE will still try its best to ensure that the overall user experience does not have significant differences.
At the same time, LINE has cooperated with government agencies in Japan to implement a high level of personal privacy protection design in the past. Tsuyoshi Nakayama believes that even if the GDPR's restrictions on the use of user privacy information are followed, it will not cause major changes to the LINE service platform.
In the future, blockchain technology will be used to ensure user privacy and security
At this year's annual conference, LINE announced that it would invest in blockchain technology and launch its own virtual currency exchange service to expand its financial technology (FinTech) growth. Nakayama Tsuyoshi explained that the company has established an internal blockchain laboratory and has begun researching how to apply related technologies within LINE services. Although no specific details are available at this time, it is expected that blockchain technology will also be used to ensure user privacy and security in the future.
Currently, more and more services are introducing blockchain technology. At the same time, through decentralization and tokenization, user privacy comparison data can be safely "stored" in personal devices, rather than simply accessing data stored in cloud servers through account login and password, thereby ensuring that personal privacy can be truly protected.
However, decentralized and tokenized operating models do face new challenges, such as how to seamlessly transfer user privacy information between devices, how to retrieve and back up internally stored information when the current vehicle is lost or damaged, and even whether it can be used synchronously through cloud services. These issues are all aspects that must be considered in the future development of technology.
Regarding LINE's current cybersecurity technology development, Tsuyoshi Nakayama said he will not be satisfied with it, especially in today's rapidly growing technology landscape. He believes that cybersecurity issues will be viewed with higher standards and will continue to accept challenges.
