The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China.
The new rules, laid out in a 22-page document approved at the end of last year, are the first in a series of policies expected to be unveiled in the coming months that Beijing says are intended to strengthen cybersecurity in critical Chinese industries. As copies have spread in the past month, the regulations have heightened concern among foreign companies that the authorities are trying to force them out of one of the largest and fastest-growing markets.
The draft antiterrorism law pushes even further, calling for companies to store all data related to Chinese users on servers in China, create methods for monitoring content for terror threats and provide keys to encryption to public security authorities.
In short: if you don’t play ball, China is likely to take a dim view about allowing you to sell your technology into its country.
And before anyone reading this feels outraged that China would treat Western companies in this way, don’t forget the challenges that network hardware producer Huawei has faced over the years, due to lingering concerns that the Chinese company was a threat to US national security.
China may claim that it needs to see the source code to determine if software is secretly spying on Chinese businesses, and it may argue that it needs a backdoor to snoop on private communications to fight its enemies, but the truth is that such steps lead to weaker not stronger security for everybody.
Because any time a weakness or backdoor is introduced into a system, it increases the chance for regular organised criminals to take advantage of it… as well as, of course, professional hackers working for a curious foreign state.
So, congratulations Mr Cameron. You’ve found a country that seems to agree with your proposal, and is pushing ahead with something similar itself. Albeit not a country which has the cleanest record when it comes to human rights and liberty… but hey, you can’t have everything right?
I wonder how technology companies will respond to the demands of the Chinese, and whether some will simply not find the regulations acceptable and choose to turn their back on the country instead? And I also wonder what banks will think…
Let’s hope the same doesn’t happen in the UK, eh?
- Listen to this BBC radio punch-up over David Cameron’s surveillance backdoor
- David Cameron in ‘cloud cuckoo land’ over encrypted messaging apps ban – The Guardian
- Can the government ban encryption? – BBC News
- What David Cameron just proposed would endanger every Briton and destroy the IT industry – Boing Boing
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.