China’s cyber-security law angers foreign companies
China has adopted a controversial cyber-security law that is aimed at dealing with online hacking and terrorism but foreign business and rights groups have expressed fears about the potential for government snooping.
The bill was described as an “objective need” for China as a major internet power and is set to take effect in June 2017.
But the legislation has received criticism from foreign companies who say it will shut them out of ‘critical’ sectors and includes contentious requirements for security reviews and for data to be stored on servers in China.
Rights advocates also say the law will enhance restrictions on China’s internet, already subject to the world’s most sophisticated online censorship mechanism, known outside China as the Great Firewall.
Yang Heqing, an official on the National People’s Congress standing committee, said the internet was already deeply linked to China’s national security and development.
“China is an internet power, and as one of the countries that faces the greatest internet security risks, urgently needs to establish and perfect network security legal systems,” he said.
More than 40 global business groups petitioned against the legislation in August, urging Beijing to amend what they said were controversial sections of the law. Chinese officials have said it would not interfere with foreign business interests.
Contentious provisions remained in the final draft issued by the parliament, including requirements for “critical information infrastructure operators” to store personal information and important business data in China, provide unspecified “technical support” to security agencies, and pass national security reviews.
Those demands have raised concerns within companies that fear they would have to hand over intellectual property or open back doors within products in order to operate in China’s market.
James Zimmerman, chairman of the American Chamber of Commerce in China, called the provisions “vague, ambiguous, and subject to broad interpretation by regulatory authorities”.
Human Rights Watch said elements of the law, such as criminalising the use of the internet to “damage national unity”, would further restrict online freedom.
“Despite widespread international concern from corporations and rights advocates for more than a year, Chinese authorities pressed ahead with this restrictive law without making meaningful changes,” said Sophie Richardson, China Director at Human Rights Watch.
Zhao Zeliang, director of the Cyberspace Administration of China’s cyber-security coordination bureau, told reporters that every article in the law accorded with rules of international trade, and China would not close the door on foreign companies.
“They believe that [phrases such as] secure and independent control, secure and reliable, that these are signs of trade protectionism. That they are synonymous. This is a kind of misunderstanding, a kind of prejudice,” Zhao said.
China’s foreign ministry spokesman Lu Kang told a regular press briefing that the law was similar to other countries’ rules and did not distinguish between foreign and Chinese companies.
Many of the provisions had been previously applied in practice, but their formal codification coincides with China’s adoption of a series of other regulations on national security and foreign civil society groups.
In 2015, China agreed to reduce its hacking of foreign targets in the US. A US-based network security company later found that the number of hacking attempts had indeed dropped by 90 per cent by June this year.