Why China’s New Cybersecurity Law Will Hurt the Tech Sector, and China Itself
China ratified a new cybersecurity law July 8 granting the communist regime an even tighter grip on the Internet and technology industries.
The law, which is wide-ranging and covers everything from politics to personal data, puts foreign tech companies at a disadvantage and could stifle innovation of its domestic technology sector.
The 68-article document seeks to “safeguard cyberspace sovereignty and national security.” In addition to bolstering security, China plans to increase control of information, censorship, and suppress free flow of information. Chief among the guidelines is the requirement for Internet service providers and other technology companies to store data physically in China.
Such requirements could make it easier for Beijing to track down dissidents, so-called state enemies, or anyone it deems to be a threat to its power. Currently, it’s unclear whether the law applies to data collected inside China as well as data collected from countries outside of China by Chinese firms.
Article 50, for example, gives authorities power to cut areawide Internet access to maintain order in the case of “sudden” incidents. In other words, there could be martial law in cyberspace.
Foreign Firms Disadvantaged
“The chief concern is that, as with many Chinese laws, the language is vague enough to make it unclear how the law will be enforced,” Joerg Wuttke, president of the European Union Chamber of Commerce in China, told Reuters.
Stuart Hargreaves, technology and Internet law professor at the Chinese University of Hong Kong, believes overseas companies doing business in China would be put at a disadvantage.
“This rule will benefit domestic manufacturers and programmers as their foreign counterparts are less likely to want to turn over their source code or design specifications to Chinese authorities, and in some cases may even be barred by their own governments from doing so,” Hargreaves told the South China Morning Post.
Foreign technology firms doing business in China will likely face increased business strategy and human rights-related questions from concerned shareholders and public stakeholders going forward.
China’s July 8 announcement is curious, given that the communist regime itself has long been suspected of sanctioning the hacking of foreign governments and corporations. Its most recent, and most egregious, example was the hacking of U.S. Office of Personnel Management in which millions of government personnel data was stolen in a series of cybersecurity breaches.
In retaliation to being accused of state-sponsored hacking, Beijing earlier this year removed Cisco Systems, Citrix Systems, and Apple from a list of approved Chinese government vendors. The Chinese fear the tech companies’ products contain spy software in retaliation by the United States.
Given this backdrop, foreign technology companies were already facing declining sales in China prior to the July 8 announcement of new cybersecurity laws.
In an earnings call with analysts in May, outgoing Cisco Systems CEO John Chambers said its China sales had declined 20 percent in the previous quarter. This comes after Cisco’s long relationship working with the Chinese regime, including making hardware compliant with Chinese censorship rules, and, allegedly, even sophisticated methods of tracking dissidents.
A Threat to Innovation
In the new law, there’s also language calling for a “secure and controllable” technology sector, which technology industry groups said could be used to force all companies operating in China to build so-called backdoors into the hardware.
Such actions will require firms to hand over encryption keys or even source codes, raising intellectual property concerns.
The requirement can be interpreted a few ways. On one hand, the proprietary source codes would enable the Chinese regime to fast track the growth of its domestic technology sector. Expanding its technology industry is a key source of revenue and job growth the Chinese regime is counting on to meet its GDP projections.
There is a precedent with the domestic automobile industry, where foreign car companies must form a joint venture with a local firm and transfer technology and know-how in order to access the Chinese market. While Chinese domestic automakers still trail Japanese and European automakers in sales figures, the forced knowledge transfer has saved the domestic industry decades of R&D.
But the true loss could come in stifling China’s own burgeoning domestic startup sector. Beijing’s heavy-handed approach regulating its technology sector runs counter to its recent efforts in promoting innovation and investments of Internet startups.
The annual audits and source-code approach process required in the new cybersecurity laws would increase red tape, slow down technology research, and jeopardize direct investments from foreign venture capital sources. It could also hurt Chinese startups’ ability to compete in the global marketplace due to security suspicions because of their necessary relationships with the Chinese government.
Similar to its recent heavy-handed manipulations of the stock market, Beijing’s reactionary approach to cybersecurity simply sets itself up for failure down the road.