China is defending its proposed cybersecurity laws as “beyond reproach” in the wake of harsh criticism from the US – criticism that the state -run Xinhua news agency called “arrogance and hypocrisy.”
In late 2014, China published draft legislation of rules for foreign companies wishing to do business in China. Those included handing over encryption keys, allowing for “backdoors” into company systems to allow Chinese counter-terrorism surveillance, and keeping company and user data on servers in China.
President Obama called these requirements “something they are going to have to change if they are to do business with the United States.” But China maintains that they are security practices similar to the US’ own — indeed perhaps more transparent — and a normal condition of doing business.
“All countries are paying attention to and taking measures to safeguard their own information security. This is beyond reproach,” China’s Foreign Ministry spokesman Hua Chunying said.
The new regulations “would essentially force all foreign companies, including US companies, to turn over to the Chinese government mechanisms where they can snoop and keep track of all the users of those services,” Obama told Reuters, expressing skepticism that any Silicon Valley companies would be willing to comply.
“The US Federal Bureau of Investigation (FBI) and the National Security Agency both have access to the equipment of major US technology firms,” Xinhua pointed out. “And with transparent procedures, China’s anti-terrorism campaign will be different from what the United States has done: letting the surveillance authorities run amok and turn counterterrorism into paranoid espionage and peeping on its civilians and allies.”
Some of the new rules and procedures China has proposed do appear to be a reaction to the discovery of NSA spying in the information leaked by Edward Snowden in 2013, some of which showed that the US had been spying on Chinese companies — like telecom giant Huawei. Indeed, in the end the US decided not to do business with Huawei — citing that it was too much of a potential cybersecurity threat due to alleged Chinese government connections.
Then in 2014, China announced they would implement a new “cyber security vetting system” for foreign IT products.
“For a long time, governments and enterprises of a few countries have gathered sensitive information on a large scale, taking advantage of their monopoly in the market and technological edge,” said Jiang Jun, spokesman for the State Internet Information Office, according to a Xinhua report in May.
Specifically citing alarm over US government surveillance and the Snowden leaks Jun continued, “It shows that without cyber security, there’s no national security.”
And the recent case of the Gemalto SIM cards, whose encryption keys were stolen by US and UK intelligence agencies, has been of particular concern to China, as it was revealed that nearly half of the SIM sales of Gemalto are in China.
“We are opposed to any country attempting to conduct intelligence gathering in cyberspace using its information technology superiority or IT products vulnerabilities,” Chinese Foreign Ministry spokesman Hong Lei said at a press briefing.
But there has been speculation that, though national security concerns are legitimate, the regulations could also be a protectionist measure to foster the growth of the Chinese IT sector.
Recent regulations for foreign banks wishing to do business in China were similar to the proposed IT rules, but not as broad in scope. Nevertheless they led to banks opting for domestic Chinese business options instead.