Aug 8th 2020

The Global Implications of China’s National and Cyber Security Laws

by Daniel Wagner

 

Daniel Wagner is CEO of Country Risk Solutions and author of the new book The Chinese Vortex: The Belt and Road Initiative and its Impact on the World.

 

The recent implementation of a new national security law in Hong Kong has brought to much of the world’s attention something that companies operating in  China have understood for years. The Chinese government’s 2015 National Security Law states that all information systems in China must be “secure and controllable”, which means that every company operating in China – whether domestic or foreign - is required to give the Chinese government their source code, encryption keys, and backdoor access to their computer networks in China. Hong Kong is just the tip of the iceberg. The Law has had profound implications for any Chinese company operating inside or outside of China, for their joint venture partners, and for foreign companies operating inside China.

In other words, businesses must hand the government the lifeblood of their companies and products, while also giving the CCP a free pass to spy on their networks. The Chinese government has arranged that, in order to do business in China, the information that Chinese agents once had to steal through cyberattacks are now automatically provided for the ‘privilege’ of doing business there. Incredibly, even the largest, best known, and most influential foreign companies that operate in China are doing just that.

A good example is IBM, which became the first major US tech company to agree to the new rules in 2015. IBM began delivering its technical knowledge to Chinese companies that had clearly stated their objective of replacing IBM’s markets in China. The company passed information about how to build its high-end servers and the software that runs the servers to Beijing-based Teamsun, which proudly declared its strategy to ‘absorb and then innovate’, enabling it to eliminate the capability gap between Chinese and American companies and create products that could replace those sold by companies in the US.[i]

That was not the first time IBM had done something similar. In 2014, the company sold its x86 server division to Chinese computer company Lenovo. The $2.1 billion sale included the x86 BladeCenter HT servers used in some critical US Navy systems, including its Aegis Combat System, which controlled the Navy‘s ballistic missile and air defense systems. When a business with products used in critical government and military networks reveals its code to another government, it becomes a national security issue.

The US Navy was subsequently forced to identify and purchase new servers, concerned that Chinese government agents could remotely access the systems by compromising routine maintenance. A vulnerability on Lenovo computers was subsequently discovered, which took advantage of the Lenovo System Update, leaving the door open for hackers. The servers were used by Navy assets, including its guided missile cruiser and destroyer fleets, and ballistic missile and anti-air defenses.[ii]

In 2015, Hewlett-Packard (HP) sold more than half of its networking and server operations to China, whose restrictions on foreign technology vendors pushed its banks, military, and major companies to stop buying foreign technology. HP gave up control of its then $4.5 billion business to remain in the Chinese market, selling 51% of its networking and server operations in the country to an arm of Beijing’s Tsinghua University.[iii] Presumably, the only reason HP was being allowed to remain at the time was because the Chinese government had not yet acquired what it perceived to be all of HP’s intellectual and material capital. That was 5 years ago. Multiply these examples exponentially and you begin to understand the implications of the National Security Law.

In 2017, China’s first Cybersecurity Law was enacted, which significantly increased compliance costs for multinationals, leaving them vulnerable to industrial espionage, and ultimately giving some Chinese companies an unfair advantage. While some aspects of the Law were welcomed as a milestone in much needed data privacy, it also had the effect of helping Beijing steal trade secrets and intellectual property from foreign companies. The Law is both extremely vague and exceptionally wide in scope, potentially putting companies at risk of regulatory enforcement that is not related to cybersecurity.

Among its key provisions are that:

 

·                All companies must undertake a security assessment before moving data out of China if it contains the personal information of more than half a million users or data is “likely to affect national security or social public interests”. That means that a ride sharing or food delivery service could therefore be labeled a national security risk;

 

·                “Critical infrastructure” companies must store “personal information and other important data” collected in China inside the country; and

 

·                “Important network products and services” must undergo a “national security review” before being sold in China (which is so vague that it could mean anything).

 

The Law is part of a drive by Beijing to shield Chinese data from the eyes of foreign governments. Under it, companies must introduce data protection measures—a novelty for many Chinese businesses—and data relating to the country’s citizens or national security must be held on Chinese servers. Companies must submit to a review by regulators before transferring large amounts of personal data abroad. “Critical” companies—whose designation encompasses sensitive entities such as power companies or banks, but also any company holding data that, if breached, could “harm people’s livelihoods”―must store all data collected in China within the country. These companies, and any services bought by them, must go through a “national security review” to ensure they and their data systems are “secure and controllable”.

The Law allows Beijing to demand access to computer program source code (usually known only by the software developer) and national security reviews may also permit China to delve even further into companies’ intellectual property.[iv] In conventional democracies, laws limit what companies may do with information and the extent to which governments can get their hands on it. China’s National Security and Cybersecurity Laws give the government unrestricted access to almost all personal and commercial data. The largest Chinese companies that hold data (such as Alibaba, Baidu, and Tencent) routinely obey government demands to access data.

The rest of the world’s companies and governments have to assume that any firm that is Chinese, operates in China, has access to Chinese citizens, whose information passes through China, or for which the Chinese government deems information relevant to national security is subject to these Laws, and that the government will do whatever is necessary to obtain the information they possess. That means that Huawei or any other firms that are owned or operated by Chinese private of public sector companies, or are otherwise answerable to Beijing, fall under the Laws’ guidelines from the government’s perspective.

It is time for the world’s governments and companies to wake up. Beijing’s reach is wide and deep. It is taking advantage of the West’s openness – and gaps and inconsistencies in our data protection protocols - to acquire information on all of us. The hacks on Anthem, Equifax, Marriott, and the US government are good examples of how they have already done so. American and Western companies need to take a hard look at the costs and benefits associated with operating in China and continuing to have Chinese partners. Those partners must comply with these Laws. American and Western companies that continue to operate with them may unwittingly well be aiding and abetting the Chinese government.

 

Daniel Wagner is CEO of Country Risk Solutions and author of the new book The Chinese Vortex: The Belt and Road Initiative and its Implications for the World.

This article first appeared in Diplomatic Courier.


[i] Philipp, Joshua, “CHINA SECURITY: IBM Shows Chinese Agents Its Source Code”, The Epoch Times, October 19, 2015, http://www.theepochtimes.com/n3/1881004-china-security-ibm-shows-chinese-agents-its-source-code/.

[ii] Philipp, Joshua, “US Navy Cruisers and Destroyers Look to Ditch Lenovo Servers”, The Epoch Times, May 7, 2015, http://www.theepochtimes.com/n3/1348839-us-navy-cruisers-and-destroyers-look-to-ditch-lenovo-servers/.

[iii] “HP Partners with Tsinghua to Create a Chinese Technology Powerhouse”, HP, May 21, 2015, http://www8.hp.com/us/en/hp-news/press-release.html?wireId=1950801#.WRxxM2jyvic.

[iv] Yuan Yang, “China’s Cyber Security Law Rattles Multinationals”, Financial Times, May 30, 2017, https://www.ft.com/content/b302269c-44ff-11e7-8519-9f94ee97d996.

 


This article is brought to you by the author who owns the copyright to the text.

Should you want to support the author’s creative work you can use the PayPal “Donate” button below.

Your donation is a transaction between you and the author. The proceeds go directly to the author’s PayPal account in full less PayPal’s commission.

Facts & Arts neither receives information about you, nor of your donation, nor does Facts & Arts receive a commission.

Facts & Arts does not pay the author, nor takes paid by the author, for the posting of the author's material on Facts & Arts. Facts & Arts finances its operations by selling advertising space.

 

 

Browse articles by author

More Current Affairs

Oct 27th 2021
EXTRACT: "performed strongly in last month’s parliamentary and regional elections. Officially, Communist Party candidates took 18.9% of the popular vote for the State Duma (parliament), compared to nearly 49.8% for the Kremlin’s United Russia party. But the Communists refused to recognize the results, insisting that the vote was rigged. And, indeed, some experts estimate that they should have gotten around 30% of the vote, with United Russia taking about 35%."
Oct 22nd 2021
EXTRACT: "Powell was charismatic in the true sense of the term. Nowadays, this description is too often used to indicate an ability to attract supporters or generate celebrity interest. Internet lists of those who are regarded as charismatic include characters as varied as Adolf Hitler, Bono, Donald Trump, George Clooney, and Rihanna. But the ancient Greeks and Saint Paul used “charisma” to describe values-based leadership infused with a charm capable of inspiring devotion. The Greeks believed that this quality was a gift of grace, while Christian theology regarded it as a power given by the Holy Spirit."
Oct 17th 2021
EXTRACTS: "But property-sector woes are not the only economic danger China faces in 2021-22. The Chinese government’s mounting crackdown on the country’s burgeoning tech sector may pose an even greater threat." ---- "According to a recent study by McKinsey & Company, the share of Chinese urban employment supported by private enterprises more than quadrupled between 1995 and 2018, from just 18% to 87%. The share of exports generated by the private sector more than doubled over the same period, from 34% to 88%. And private-sector fixed-asset investment jumped from 42% to 65% of the total. The message in the data is clear: clamping down on the private sector and threatening innovators is not the way to ensure sustained rapid growth. Chinese entrepreneurs can read the writing on the wall. They understand that their political and regulatory room to maneuver is shrinking, and that the balance has shifted in favor of state-owned firms and public officials. And they understand that this uneasy atmosphere is likely to persist."
Oct 16th 2021
EXTRACT: "We designed a programme that incorporated data from over 300 million buildings and analysed 130 million km² of land – almost the entire land surface area of the planet. This estimated how much energy could be produced from the 0.2 million km² of rooftops present on that land, an area roughly the same size as the UK."
Oct 6th 2021
EXTRACT: "Britain in the 1950s was wedded to the US, acting as a partner rather than leading the charge. Now, while the UK continues to support the US, the influence it has seems negligible. While it may bring comfort to the UK to feel it is a partner to a superpower, being its stooge or subordinate is an unpleasant place to be, no matter how much you tell yourself it values your opinion."
Oct 6th 2021
EXTRACT: "That was then. Now, the Chinese government has doubled down, with President Xi Jinping throwing the full force of his power into a “common prosperity” campaign aimed at addressing inequalities of income and wealth. Moreover, the regulatory net has been broadened, not just to ban cryptocurrencies, but also to become an instrument of social engineering, with the government adding e-cigarettes, business drinking, and celebrity fan culture to its ever-lengthening list of bad social habits. All this only compounds the concerns I raised two months ago. The new dual thrust of Chinese policy – redistribution plus re-regulation – strikes at the heart of the market-based “reform and opening up” that have underpinned China’s growth miracle since the days of Deng Xiaoping in the 1980s. It will subdue the entrepreneurial activity that has been so important in powering China’s dynamic private sector, with lasting consequences for the next, innovations-driven, phase of Chinese economic development. Without animal spirits, the case for indigenous innovation is in tatters."
Oct 5th 2021
EXTRACT: "Wartime nostalgia plays an important part in Britain’s instinctive fondness for the special relationship. Like former Prime Minister Tony Blair in the run-up to the invasion of Iraq in 2003, some British politicians might believe that the United Kingdom is the only European country with serious armed forces and the political will to use them. Prime Minister Boris Johnson, like Blair before him, seems to fancy himself a modern-day Churchill. Unfortunately (or not), Britain’s military power is insignificant compared to what Churchill could command in 1944. Wartime nostalgia has drawn Britain into several foolish American wars, which other European countries were wise to avoid."
Sep 24th 2021
EXTRACTS: "We have found that 47 million American adults – nearly 1 in 5 – agree with the statement that “the 2020 election was stolen from Donald Trump and Joe Biden is an illegitimate president.” Of those, 21 million also agree that “use of force is justified to restore Donald J. Trump to the presidency.” Our survey found that many of these 21 million people with insurrectionist sentiments have the capacity for violent mobilization. At least 7 million of them already own a gun, and at least 3 million have served in the U.S. military and so have lethal skills. Of those 21 million, 6 million said they supported right-wing militias and extremist groups, and 1 million said they are themselves or personally know a member of such a group, including the Oath Keepers and Proud Boys." ----- "..... the Jan. 6 insurrection represents a far more mainstream movement than earlier instances of right-wing extremism across the country. Those events, mostly limited to white supremacist and militia groups, saw more than 100 individuals arrested from 2015 to 2020. But just 14% of those arrested for their actions on Jan. 6 are members of those groups. More than half are business owners or middle-aged white-collar professionals, and only 7% are unemployed."
Sep 11th 2021
EXTRACT: "That long path, though, has from the start had within it one fundamental flaw. If we are to make sense of wider global trends in insecurity, we have to recognise that in all the analysis around the 9/11 anniversary there lies the belief that the main security concern must be with an extreme version of Islam. It may seem a reasonable mistake, given the impact of the wars, but it still misses the point. The war on terror is better seen as one part of a global trend which goes well beyond a single religious tradition – a slow but steady move towards revolts from the margins."
Sep 11th 2021
EXTRACTS: "Is it not extraordinary that in a country that claims to be as enlightened and advanced as ours, the combined wealth of three individuals – Amazon founder Jeff Bezos, Microsoft founder Bill Gates, and investor Warren Buffett – exceeds the total wealth of the bottom half of Americans? One has to return to the days of the pharaohs of Egypt to find a parallel to the extreme wealth inequality that we see in in America today." ...... "The top tax rate remained above 90 percent through the 1950s and did not dip below 70 percent until 1981. At no point during the decades that saw America’s greatest economic growth did the tax on the wealthy drop below 70 percent. Today it is somewhere around 37 percent. President Biden’s American Families Plan would increase the top tax rate to 39.6 percent – a fairly modest alteration, albeit in the right direction. It is true that there was a time when the top marginal tax was even lower than it is today: in the years leading up to the Great Depression it hovered around 25 percent."
Sep 7th 2021
EXTRACT: "But Biden can’t be blamed for the rise of the Taliban, or the fragile state of a country that has seen far too many wars and invasions. The US should not have been there in the first place, but that is a lesson that great powers never seem to learn."
Sep 4th 2021
EXTRACT: "The world is only starting to grapple with how profound the artificial-intelligence revolution will be. AI technologies will create waves of progress in critical infrastructure, commerce, transportation, health, education, financial markets, food production, and environmental sustainability. Successful adoption of AI will drive economies, reshape societies, and determine which countries set the rules for the coming century." ----- "AI will reorganize the world and change the course of human history. The democratic world must lead that process."
Sep 1st 2021
EXTRACT: "Although the Fed is considering tapering its quantitative easing (QE), it will likely remain dovish and behind the curve overall. Like most central banks, it has been lured into a “debt trap” by the surge in private and public liabilities (as a share of GDP) in recent years. Even if inflation stays higher than targeted, exiting QE too soon could cause bond, credit, and stock markets to crash. That would subject the economy to a hard landing, potentially forcing the Fed to reverse itself and resume QE." ---- "After all, that is what happened between the fourth quarter of 2018 and the first quarter of 2019, following the Fed’s previous attempt to raise rates and roll back QE."
Sep 1st 2021
EXTRACT: "Today’s economic challenges are certainly solvable, and there is no reason why inflation should have to spike."
Aug 27th 2021
EXTRACT: "To be sure, they have focused on their agenda, which is totally misguided—not by our own account but by the account of the majority of the American population, who view the Republican party as one that has lost its moral footing to the detriment of America’s future generations, who must now inherit the ugly consequences of a party that ran asunder."
Aug 21st 2021
EXTRACTS: "Now that so many sad truths about Afghanistan are being spoken aloud, even in the major media – let me add one more: The war, from start to finish, was about politics, not in Afghanistan but in the United States. Afghanistan was always a sideshow."--- "....the 2001 invasion was fast and apparently decisive. And so it rescued George W. Bush’s tainted presidency,..." --- "Bush’s approval shot up to 90% and then steadily declined,..."
Aug 17th 2021
EXTRACT: "The Taliban’s virtually uncontested takeover over Afghanistan raises obvious questions about the wisdom of US President Joe Biden’s decision to withdraw US and coalition forces from the country. Paradoxically, however, the rapidity and ease of the Taliban’s advance only reaffirms that Biden made the right decision – and that he should not reverse course. ...... The ineffectiveness and collapse of Afghanistan’s military and governing institutions largely substantiates Biden’s skepticism that US-led efforts to prop up the government in Kabul would ever enable it to stand on its own feet. The international community has spent nearly 20 years, many thousands of lives, and trillions of dollars to do good by Afghanistan – taking down al-Qaeda; beating back the Taliban; supporting, advising, training, and equipping the Afghan military; bolstering governing institutions; and investing in the country’s civil society. .... Significant progress was made, but not enough." ....... "That is because the mission was fatally flawed from the outset. It was a fool’s errand to try to turn Afghanistan into a centralized, unitary state. "
Aug 6th 2021
EXTRACT: "But even in the US, which is more lenient than most countries, the principle cannot be absolute. Inciting imminent violence is not permitted. Donald Trump’s speech on January 6, urging the mob to storm the US Capitol, certainly came close to overstepping this boundary. It was a clear demonstration that language can be dangerous. What the internet media has done is raise the stakes; “fighting words” are spread around much faster and more widely than ever before. This will require a great deal of vigilance, to protect our freedom to express ourselves, while observing the social and legal bounds that stop words from turning into actual fighting. "
Jul 27th 2021
EXTRACT: "When it comes to the Chinese economy, I have been a congenital optimist for over 25 years. But now I have serious doubts. The Chinese government has taken dead aim at its dynamic technology sector, the engine of China’s New Economy. Its recent actions are symptomatic of a deeper problem: the state’s efforts to control the energy of animal spirits." ---- "... the Chinese economy, no less than others, still requires a foundation of trust – trust in the consistency of leadership priorities, in transparent governance, and in wise regulatory oversight – to flourish. --- Modern China lacks this foundation of trust ."
Jul 25th 2021
EXTRACT: "It seems that they are, as the last 18 months have seen a remarkable expansion of the central banks’ fields of activity, largely driven by their own ambitions. So they have moved into the climate change arena, arguing that financial stability may be put at risk by rising temperatures, and that central banks, as bond purchasers and as banking supervisors, can and should be proactive in raising the cost of credit for corporations without a credible transition plan. That is a promising new line of business, which is likely to grow. ---- Central banks are also trying to move into social engineering, specifically the policy response to rising income and wealth inequality, another hot button topic with high political salience."