Skip to main content

The Ultimate Aim Of China's 2016 Cybersecurity Law Is Now Clear: Nothing Digital Can Be Secret From The Authorities

It's no secret that China is tightening its control of every aspect of the online world -- Techdirt has been reporting on the saga for years. But what may not be so clear is how China is doing this. It is not, as many might think, the direct result of diktats from on high, but flows naturally from a massive program of carefully-crafted laws and new government initiatives created with the specific intent of making the online world subservient to the Chinese authorities. Central to this approach is a law passed three years ago, generally known in the West as "China's cybersecurity law".

A review of the law in 2017, by the New America think tank, brought some useful clarity to complicated political landscape. It names a number of powerful players involved, including the Cyberspace Administration of China, the Ministry of Public Security, the Ministry of Industry and Information Technology, the country's military and intelligence establishment, and BAT -- Baidu, Alibaba, Tencent -- China's Internet giants. The legal framework is also complex. The 2017 article picks out six "systems": the Internet Information Content Management System; the Cybersecurity Multi-Level Protection System; the Critical Information Infrastructure (CII) Security Protection System; the Personal Information and Important Data Protection System; the Network Products and Services Management System; and the Cybersecurity Incident Management System.

Clearly, there's a huge amount of activity in this area. But because of the many interlocking and interacting elements contributing to the overall complexity, it's hard to discern what's key, and what it will all mean in practice. A 2018 report on the law from the Center for Strategic & International Studies noted that one of the systems -- the Multi-Level Protection System (MLPS) -- has a far wider reach than its rather bland name implies:

MLPS ranks from 1-5 the ICT networks and systems that make up China's CII based on national security, with Level 5 deemed the most sensitive. Level 3 or above triggered a suite of regulatory requirements for ICT products and services sold into that CII, including indigenous Chinese IP in products, product submission to government testing labs for certification, and compliance with encryption rules banning foreign encryption technology.

That in itself is not surprising. Governments generally want to know that a country's digital infrastructure can be trusted. However, it turns out these rules will apply to any company doing business in China:

MLPS 2.0 will cover any industry with ICT infrastructure because it covers the vague category called "network operators," which can include anyone who uses an ICT system. MLPS 2.0 also appears to have a focus on cloud computing, mobile internet, and big data.

That extremely broad reach has been confirmed following the recent appointment of a big data expert to oversee the implementation of MLPS. The China Law Blog has analyzed several Chinese-language articles giving details of this move, and what emerges will be deeply troubling for any foreign business operating in China:

This system will apply to foreign owned companies in China on the same basis as to all Chinese persons, entities or individuals. No information contained on any server located within China will be exempted from this full coverage program. No communication from or to China will be exempted. There will be no secrets. No VPNs. No private or encrypted messages. No anonymous online accounts. No trade secrets. No confidential data. Any and all data will be available and open to the Chinese government.

As the China Law Blog explains, this means that there will be important knock-on consequences:

Under the new Chinese system, trade secrets are not permitted. This means that U.S. and EU companies operating in China will now need to assume any "secret" they seek to maintain on a server or network in China will automatically become available to the Chinese government and then to all of their Chinese government controlled competitors in China, including the Chinese military. This includes phone calls, emails, WeChat messages and any other form of electronic communication.

As previous Techdirt posts have reported, China has been steadily moving in this direction for years. Nonetheless, seeing the endgame of the authorities -- unchecked access to everything flowing through Chinese networks -- confirmed is still troubling. The intentions are now clear, but a key unanswered question is how rigorously the strategy will be enforced. The situation for social media censorship in China gives some grounds for hope. An article on the Asia Dialogue site explains:

Despite the broad and still expanding legal framework, the actual implementation of China’s information control is neither monolithic nor consistent. While the Chinese government is increasingly adept at managing and using new media and advanced technologies to its advantage, it also relies heavily on private companies to carry out government directives on a daily basis.

The same may be true for the implementation of MLPS 2.0 in particular, and China's cybersecurity law in general. If it isn't, Western companies are likely to find operating in the country even more difficult than it is now, when it is hardly plain sailing.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.



Permalink | Comments | Email This Story


Udimi - Buy Solo Ads from Techdirt. https://ift.tt/2nTg7pb
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi...
Post a Comment
Read more

Emulating USB Dongle – Introducing HASP Dongle Emulator Software

Information Technology Blog - - Emulating USB Dongle – Introducing HASP Dongle Emulator Software - Information Technology Blog Over the years the methods used by software developers and producers to limit the amount of users to a specific number in a licensing agreement have become more complex.  The aim of copy protection is to protect the intellectual rights and financial investment of the individual developers and manufacturing companies.   A way of getting around this protection is to reproduce the media through which you can deliver the application to other users,  meaning that the software can be replicated far in excess of that specified in the license. One of the most common methods has been to use hardware keys or dongles which will enable the user to activate an application, unlocking its full functionality without using a device.  In addition, it offers good protection against attempts to pirate the software. In this article, we will look at th...
1 comment
Read more

Advantages and Disadvantages of using Vouchers in eCommerce

Information Technology Blog - - Advantages and Disadvantages of using Vouchers in eCommerce - Information Technology Blog To decide whether vouchers and coupons are the right tool to add to your online marketing strategy, it is essential that you consider the benefit and the cost of using coupons. In this article, we will use Gtech coupon marketing strategy as an example a successful coupon strategy.  Also check out these great books on coupon codes for ecommerce . Advantages of Using Coupons Increase Sales This is the obvious benefit. Coupons serve to increase sales especially for high ticket items such as luxury gadgets. Gtech discount codes is a good example as Gtech quality is reflected on the price of both the Gtech eBike and Gtech AirRam. In order to boost sales, the company releases 10% off offers certain times of the year when online sales would normally be low. Enlarge Email List Acquiring a customer can be expensive in terms of advertising and marketing. If yo...
1 comment
Read more