China has approved a new controversial cybersecurity law, and it is making foreign companies extremely nervous.
The country’s top legislative body, the Standing Committee of the National People’s Congress, passed a new law Monday to “monitor, defend and handle cybersecurity risks and threats originating from within the country or overseas sources, protecting key information infrastructure from attack, intrusion, disturbance and damage.”
A number of aspects of the new law, which is broad, unclear, and gives the Chinese government greater control over domestic cyberspace, has foreign businesses worried. The new legislation is “vague, ambiguous, and subject to broad interpretation by regulatory authorities,” James Zimmerman, chairman of the American Chamber of Commerce in China, told Reuters.
Although foreign companies, as well as human rights organizations, have been criticizing drafts of the legislation for months, China approved the law without any significant changes.
Some observers see the new cybersecurity law as a “no trespassing” sign for foreign tech companies, noting that a lack of clarity makes it difficult for companies to come into compliance. There is the possibility that the law will shut them out of the critical market sectors.
Data storage is another particularly troubling issue.
“The operators of such infrastructures are obliged to locally store data and personal information collected and produced by their services in China,” the new law states, “Personal information and other important business data gathered or produced by critical information infrastructure operators during operations within the mainland territory of the People’s Republic of China, shall store it within mainland China.”
Many foreign companies operating in China have expressed concern over this provision, as well as aspects of the new law requiring firms to permit state security agents to carry out undefined technical support and evaluations to ensure that company systems are secure.
Foreign companies fear that the new law will force them to surrender intellectual property to the state and expose key vulnerabilities, making it easier for China to seize possession of foreign technology and harder for overseas companies to do business in China. Companies are concerned that they will have to reveal their “source code and corporate secrets,” Jake Parker, vice president of China operations for the U.S.-China Business Council told the Wall Street Journal.
“We’ve heard from companies that they feel these policies cite national security for protectionist purposes,” Parker added.
China’s cybersecurity legislation also allows the state to take “necessary measures” against foreign hackers that “attack, intrude, interfere with or sabotage the nation’s key information infrastructure.” Specifically, the law gives the Chinese government the authority to freeze the assets of foreign cyber criminals.
While China is often blamed abroad for criminal activity in cyberspace, China argues that it is a victim. In fact, China has referred to itself as “the biggest victim of cyber crime.” The Cyberspace Administration of China (CAC) claimed in 2014 that every month, at least 10,000 websites, 80% of which were government websites, were tampered with by American cyber criminals. The law could be the next stage in the cyber war with the West.
Human rights organizations have reportedly attacked the law because it strengthens the Great Firewall of China, improving Chinese efforts to censor, control the internet and limit online freedom. “The already heavily censored internet in China needs more freedom, not less,” explained China Director for Human Rights Watch Sophie Richardson.
CAC spokesman Zhao Zeliang said Monday that China’s efforts to make key network infrastructure and information systems “secure and controllable” will not affect foreign businesses.
Zuo Xiaodong, vice president of the China Information Security Research Institute, told Xinhua reporters that the new legislation is in compliance with international conventions for the protection of essential information infrastructure.
China’s new cybersecurity legislation appears to be a part of state efforts to secure government control of the internet and possibly reduce China’s reliance on foreign technology.
“China’s government has come to recognize that cyberspace immediately and profoundly impacts on many if not all aspects of national security,” Rogier Creemers, a researcher at Leiden University in the Netherlands, told Reuters, “It is a national space, it is a space for military action, for important economic action, for criminal action and for espionage.”
“This is about how the internet might harm the Chinese state in the broadest sense possible,” Creemers explained to the WSJ.
Send tips to ryan@
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.