China’s legislature unanimously passed a controversial anti-terrorsim law on Sunday despite months of objections from major tech firms and Washington alike. Among other requirements, the new rules state that telecom operators and internet service providers must “provide technical support and assistance, including decryption” to Chinese authorities to help prevent and investigate terrorist activities. The new law does not require that companies operating in China hand over encryption keys.
Like somewhat similar recent proposals from groups in the UK and US, Beijing claims such assistance is necessary to defend itself against terrorism. But many in the west are understandably concerned about providing such assistance to the Chinese government, considering its track record of censorship and repeated allegations of cyber-espionage against US firms and government agencies.
Earlier this year, President Obama raised his concerns over draft regulations with China’s President Xi Jinping, saying that the rules amounted to a dangerous backdoor to internet services. He added, “We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States,” alluding to additional worries that the anti-terrorism law is designed to give a disadvantage to western internet companies in China.
OBAMA HAS PERSONALLY SHARED CONCERNS OVER LAW WITH CHINA’S PRESIDENT
China is underplaying the doors — back or not — that have been opened by the law. Li Shouwei, a National People’s Congress official involved in the regulation, told reporters: “Relevant regulations in the anti-terrorism law will not affect the normal business operation of companies, and we do not use the law to set up ‘backdoors’ to violate the intellectual property rights of companies.” He added, “The law will not damage people’s freedom of speech or religion.”
The law goes into effect on January 1st. Despite the requirements set out by the law, many tech firms, like Apple, do not hold the encryption keys to individual devices and would be unable to provide access to customers’ data even if requested to do so by the government. The law could set the stage for a fight over privacy concerns and business, as losing access to the extremely lucrative Chinese market may not be an option for many companies. There’s no indication yet that China would ban such companies from the country, however.
Correction: Reuters and others originally stated that the law “requires technology firms to hand over sensitive information such as encryption keys.” However, that language was from a draft and did not make it into the final law passed Sunday. This article has been updated.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.