China's new National Security Law bodes ill for Western comms companies wanting to do business in the PRC
© flickr/CC-licence/Nick Russell
Back in May the Chinese authorities released a draft of the PRC's new "National Security Law". In traditional fashion the document was long on verbiage and short on clarity. Indeed, to say that it was opaque is like saying that it is quite difficult to read the immortal Thoughts of Chairman Mao through a glass-bottomed bucket full of molasses.
Now the legislation in its final form has been duly rubber-stamped, enacted and published, its provisions are somewhat clearer and the global comms industry doesn't like them one little bit.
The new law embodies the requirement for a “national security review” of technology industries, companies (and that includes all products and services) and foreign investment. The legislation also mandates that technology deemed to be deployed-in and supporting-of "crucial sectors" of the Chinese economy and industries must be “secure and controllable.”
This is being taken as a sort of officialese for a new regime that will be used to compel overseas companies doing business in China to provide the Chinese authorities with encryption keys and back-door entrances and even source code to and for the technologies and services they are providing - or simply not do business with the PRC at all.
Many times in the past the US has said that the Chinese government both permits, sponsors and directs hacking of companies around the world in general and in the US in particular to cause mischief, gain illegal access to intellectual property, to foster unfair commercial advantage and for both blanket and targeted industrial and military espionage.
China makes its move
The Chinese riposte is that the US government is hypocritical and, as evidenced by the disclosures of Edward Snowden, the American security agencies routinely adapt and tamper with Western technologies that are sold to the PRC and used in Chinese networks.
After the most recent diplomatic clash over online security and technology control policies, which happened in April, the US government and US multinationals were surprised when the Chinese suddenly announced that it would rescind a law that severely restricted the types and numbers of comms and other technology products that could be sold to Chinese banks and other financial institutions by foreign companies.
The likes of Apple and Microsoft rubbed their hands in glee at the news but it seems the Chinese move was little more than a feint. Under the new law extra restrictions will now be placed on foreign high-tech imports and they could become even more swingeing when China enacts its new counterterrorism legislation later in the year. It is being widely trailed that the new law will clamp down even harder on foreign technologies being sold into the country.
It seems inevitable then that the US administration, piqued by the changes and under increasing pressure from lobbyists acting on behalf of US-headquartered multinationals will introduce tit-for-tat measures of it's own to curtail the spread of Chinese into US industries and interests.
Commenting on developments, Adam Segal, Senior Fellow at the Council on Foreign Relations in New York said, “I think it’s a perfect storm: The cybersecurity concerns because of Snowden and the techno-nationalist perspective have really gained strength over the past few years. China is not particularly swayed by or sympathetic to arguments that the foreign companies have made, and they’re going to push forward on all these fronts.”
Respect our sovereignty
Meanwhile, at a news conference in Beijing, Ms. Zheng Shuna, the Deputy Director of the Legislative Affairs Commission of the National People’s Congress, (the Chinese parliament) said, “China’s cyber-sovereignty shall be respected and maintained. Raising the idea of ‘safeguarding national cyber-sovereignty’ in the National Security Law is a response to the needs of the development of the Chinese Internet. It provides the legal basis for managing cyberactivity on China’s soil and resisting activities which jeopardise China’s cyber-security.”
US technology companies have long and vociferously complained that China's use of governmental oversight bodies and agencies to 'review' national security concerns in regard to foreign investment in the communications and computing industries is a deliberate strategy to strangle importation of US technology into the People's Republic. However, it should be noted that, in the US, the Committee on Foreign Investment in the United States, not only polices Chinese investment in what it calls "sensitive industries" but from time to time also prevents China from investing in, or providing high-tech equipment to, US companies and networks.
As Adam Segal points out the phrase “secure and controllable" is is loaded to the gunwales with potential menace. "Since no one knows how you implement that phrase, foreign companies are worried about what it's going to mean. Does it mean they have to give access through back doors, or are they going to have to partner with Chinese firms?, he asks.
Mr. Segal says one avenue of recourse could be for western multinationals to put the case to the World Trade Organisation that China's "national security" argument is 'invalid 'under the terms of extant international trading agreements reached with and via the WTO.
Well good luck with that. Given past experience any such move would take a minimum of a decade to wend its tortuous way through the byzantine back passages of that particular bureaucracy and even if a decision in favour of the American argument was eventually to be reached, the authorities in Beijing would ignore it anyway.
As the old Chinese curse has it, "May you live in interesting times." Ah, I almost forgot, we already are.