WASHINGTON—U.S. lawmakers are increasingly concerned about China’s new cybersecurity rules that put U.S. companies at risk of losing sensitive data.
In October 2019, China passed a law that took effect on Jan. 1 to regulate cryptography in the country. The new legislation is the latest in a series of cybersecurity measures that Beijing has been rolling out in recent years to control data and communications within the country.
The new rules are potentially alarming, as foreign companies operating in China won’t be able to keep their data secret from the Chinese communist regime.
Sen. Rick Scott (R-Fla.) who is closely watching recent moves by Beijing, urged U.S. companies to stop working with the regime.
The new law is the latest instrument the Chinese regime is using “to steal U.S. technology, intellectual property, and personal data,” Scott’s office told The Epoch Times in an email.
“Senator Scott has been clear that American businesses, hospitals, and universities must be vigilant and proactive when it comes to the threat of Communist China, and should stop doing business with the regime.”
Companies use encryption technology to protect the confidentiality of information transmitted and stored on networks. No foreign company, however, will be able to encrypt its data or communication if China enforces the new rules.
Scott, who’s an outspoken critic of the Beijing regime, earlier warned that Communist China’s goal is “to control the entire world.”
“I think all of us have to understand if we give data to China, they can use it against us,” he told CNBC on Nov. 18, 2019.
“We have to be absolutely clear we are not going to do business with China and let them have our information,” he said, calling for a wider decoupling— loosening of trade and economic ties—of the United States and China.
According to author and China expert Gordon Chang, Beijing’s goal is to control all communications, data, and other information stored in electronic form that belong to foreign companies.
No information would be kept secret if China enforces the new rules, he said, as the companies would have to turn over encryption keys and might be prohibited from using virtual private networks (VPNs) to circumvent the rules.
In addition, the Chinese regime may freely share the trade secrets of those foreign companies with China’s state-controlled enterprises, he warned.
Chang believes that a bill introduced by Sen. Josh Hawley (R-Mo.) will help counter the new threat.
If Hawley’s bill becomes law, he said, it would mean that U.S. companies would effectively have to leave China.
In November 2019, the Missouri Republican introduced the measure, the National Security and Data Protection Act of 2019, which prevents U.S. firms from transferring user data or encryption keys to China. The proposed bill also prohibits U.S. companies from storing data in China.
Others who have signed on to the bill are Sens. Marco Rubio (R-Fla.) and Tom Cotton (R-Ark.).
“Current law makes it far too easy for hostile foreign governments like China to access Americans’ sensitive data,” Hawley said in a statement. “Chinese companies with vast amounts of personal data on Americans are required by Chinese law to provide that data to Chinese intelligence services.”
Hawley raised concerns about Beijing’s potential influence because of the popular Chinese-owned TikTok social media platform that allows users to share videos, and Apple’s decision regarding iCloud encryption keys in China, calling them national security threats.
To comply with new Chinese laws, Apple announced in 2018 that it would transfer management of its Chinese iCloud data to a local state-owned firm in China. The tech company also stated it would store iCloud encryption keys for Chinese users within China, raising concerns about government access.
“Chinese law allows the Communist Party to seize data from American companies operating in China whenever it wants, for whatever reason it wants,” Hawley stated. “This legislation takes crucial steps to stop Americans’ sensitive data from falling into the hands of hostile foreign governments.”
Beijing has been implementing policies to govern data, including data localization, which forces both foreign and Chinese entities to store their data locally. The latest encryption law now governs how the data can be accessed by the regime.
U.S. firms don’t know exactly how these laws will be implemented and enforced. If the rules are enforced to the maximum extent, it will have significant repercussions for companies operating in China, experts warned.