New Cybersecurity Rules Give Regime Control of Data Outside China

January 12, 2020 Updated: January 14, 2020
FONT BFONT SText size

WASHINGTON—The U.S. government is “very concerned” about China’s new cybersecurity measures that put American companies at risk of losing sensitive data.

Beijing enacted in October 2019 a cryptography law that came into effect on Jan. 1. The new legislation, combined with comprehensive cybersecurity measures China has been passing in the past several years, creates a suite of challenges for foreign companies operating in the country.

“We’re very concerned about laws like we’re seeing—like that one in China,” Robert Strayer, the deputy assistant secretary of state for cyber and international communications and information policy, said Jan 10 at a press briefing.

The companies will be required to turn over encryption keys, which are crucial to protect the confidentiality of information transmitted and stored on networks, making networks transparent to the Chinese communist regime.

The new rules should alarm telecom operators around the world, Strayer said, as the measures would allow Beijing to have “access to the data that’s residing on the networks that would be then in a third country, say in Europe or somewhere else.”

Chinese officials, once they gain access to the network of a foreign company in China, will be able to penetrate the networks of that company outside the country as well.

“That kind of extraterritorial ability for the Chinese government to reach out is certainly in the realm of the possible,” Strayer said.

He warned that companies wouldn’t have the ability to oppose the Chinese regime’s demand by going to an independent judiciary or appealing to rule-of-law institutions to stop that kind of extraterritorial reach.

China’s new cybersecurity rules are expected to have significant repercussions for foreign companies operating in China. The regime has been implementing policies to govern data, including data localization, which forces both foreign and Chinese entities to store their data locally. The new cryptography law is the latest effort to access companies’ sensitive data and communication.

Epoch Times Photo
Robert Strayer, the deputy assistant secretary of state for cyber and international communications and information policy, holds a press briefing at the Foreign Press Center in Washington on Jan. 10, 2020. (Emel Akan/Epoch Times)

Since foreign companies “will no longer be permitted to encrypt data end-to-end, they will almost certainly be considered as violating U.S. rules for tech stored on a network in China,” author and China expert Gordon Chang said in a report.

Some lawmakers have raised concerns about China’s new cybersecurity rules, even calling on U.S. businesses to stop working with China.

China’s 5G Threat

Cybersecurity and cyber policy issues have become one of the top foreign policy priorities of the U.S. State Department in recent years, Strayer said.

“There are four countries that we see as strategic competitors or adversaries in cyberspace, and those are China, Russia, North Korea, and Iran,” he added.

Strayer said one of the objectives of the U.S. State Department is to work closely with other countries, particularly in Europe, in building their security measures for fifth-generation wireless technology (5G) networks.

Washington has been trying to persuade its allies in Europe to ban the use of Huawei Technologies’ equipment in telecoms infrastructure, calling the Chinese vendor a threat to national security.

“So, at the end of the day, we know that each country will make its own decisions about the security measures that it wants to have in place for the deployment of 5G technology,” Strayer said.

The British government is expected to make a final decision on Huawei’s involvement in the UK’s 5G infrastructure later this month.

The State Department has been pressing UK officials by saying that intelligence sharing could be affected if Huawei equipment is used in the UK.

“As we talk to other countries, we’re cognizant of the very robust information-sharing relationships that we have with many of them,” Strayer said. “We don’t want to see that degraded by untrusted telecom vendors.”

U.S. Sen. Tom Cotton (R-Ark.) on Jan. 8 introduced a bill that would prevent the United States from sharing intelligence with countries that allow Huawei to operate their 5G networks.

“The United States shouldn’t be sharing valuable intelligence information with countries that allow an intelligence-gathering arm of the Chinese Communist Party to operate freely within their borders,” Cotton said in a press release. “I urge our allies around the world to carefully consider the consequences of dealing with Huawei to their national interests.”

Follow Emel on Twitter: @mlakan