China’s Proposal to Spy on US Technology Firms Is Not Dead

June 19, 2015 Updated: June 19, 2015

The Chinese Communist Party (CCP) is creating new laws that could give it legal ground to spy on users, undermine the security of U.S. technology, and expand its control of the global Internet.

The new push comes from Chinese laws falsely rumored to have been defeated by foreign pressure. These include a “counterterrorism” law that will force U.S. technology companies to hand over their security keys, and a “national security” law that may expand the CCP’s policies for controlling the Internet abroad.

President Barack Obama criticized the CCP’s counterterrorism law in early March, saying “We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States.”

Rumors soon followed that the Chinese regime had backed down. Yet, according to a recent congressional hearing, the rumors have “proved unfounded.”

Samm Sacks, a China analyst at Eurasia Group, detailed some of the new developments during a June 15 hearing of the U.S.-China Economic and Security Review Commission.

Not only are the new laws alive and well, he said, but “Beijing is likely to be less receptive to pressure from U.S. officials than in the past given the current policy climate.”

A look at the pending legislation shows a concerning picture. He said they are widely rumored to include a “purge of foreign firms” from government offices, and restrictions on foreign equipment in the Chinese banking sector.

The “counterterrorism law” will require telecom and Internet companies to give the Chinese regime their encryption keys, which will “enable government surveillance and store data on local Chinese servers.”

A draft “national security law” expands the CCP’s ability to regulate companies, “under a broad and far-reaching definition of national security and calls for sovereignty in cyberspace.”

Alongside these, the CCP is creating a new cyberspace review body that will evaluate the security of all Internet and Internet technology (IT) products. And it is implementing its 13th Five Year Plan for software and big data, focused on building data security for its state-owned enterprises, financial institutions, and government agencies.

Sacks said the laws will likely be passed in 2016. He said that additionally, the CCP will “press forward with stricter scrutiny of foreign technology suppliers” to support its goals for national security and to build up its own industries.

“Beijing is not likely to back down on its push to have more rigorous oversight for foreign intellectual property,” Sacks said.

“These developments are leading to a fundamental shift in the business climate for U.S. companies in a range of technology sectors,” he said, “particularly for information technology but also in finance, next generation manufacturing, and energy efficiency.”

Even if some of the laws aren’t as harsh in their final forms, he said, “Beijing is pressing forward with a spate of formal and informal tools that taken together will allow the government to assert more control and increase security and regulatory scrutiny of US technology companies in the next one to two years.”

Follow Joshua on Twitter: @JoshJPhilipp