China may have added to the so-called “Great Firewall of China,” on Monday, November 7, 2016, by passing a new cybersecurity law, all part of a broader effort to define how the Internet is managed inside China’s borders. The legislation, passed by China’s largely rubber-stamp parliament, is set to take effect in June 2017. President Xi Jinping has focused Internet policymaking on so-called “cyber-sovereignty” throughout his administration. Since the advent of the Internet, the government of China has created sixty Internet regulations, many of which involve blocking Internet content or monitoring Internet access for individuals.
The bill passed despite foreign protestations, with over forty global business groups petitioning Parliament in August to amend numerous controversial sections of the law. Although ostensibly created to strengthen networks against hackers, critics warn that the bill will further erode Chinese Internet freedom. Key contentious provisions include requirements for companies in industries like finance and communications to store personal information and data within China, pass national security reviews, and provide general technical support to various security agencies. These rules are a hindrance for multinationals that rely on cross-border flows of business data. Companies fear that these demands would require them to hand over intellectual property or “open back doors within products in order to operate in China’s market.”
According to James Zimmerman, chairman of the American Chamber of Commerce in China, these regulations will provide no security benefit, but allow for technological isolation from the rest of the world. Although it is unclear how much power the law will actually have, as many of the provisions are already applied in practice, their formal codification is an important statement from Beijing about the need for tighter Internet controls over companies.
The law is the latest in a series of security policies adopted under President Xi Jinping. Last year, Beijing adopted a sweeping national security law that aimed to make crucial sectors secure and controllable. According to tech and human rights critics, this means companies can be forced to allow third-party access to their networks, hand over source code, and provide encryption keys.
Zhao Zeliang, spokesman for the Cybersecurity Administration of China, informed reporters that the law is consistent with international trade, applying to foreign and Chinese companies alike. However, American tech companies, including Apple, have already had products subjected to security reviews that target encryption.
Ironically, the law may end up doing the opposite of what it intended. As network threats become transnational, technical isolation and a lack of global cooperation could make it more challenging to prevent cyber-attacks.
foreign-business-worries-over-strict-chinese-cybersecurity-law (PDF)