|Subject: [NYLXS - HANGOUT] Chinese Backdoors
* Tech Talk
China's New Rules Ask Tech Firms to Hand Over Source Code
By Jeremy Hsu
Posted 2 Feb 2015 | 17:00 GMT
China plans to unveil new cybersecurity rules that require
tech companies to hand over source code and build back doors in hardware
and software for government regulators. The rules only apply to
companies selling computer products to Chinese banks, but they have
already sparked anxiety on the part of Western tech companies about
being trapped between either giving up intellectual property or not
doing business in China.
The new rules—part of cybersecurity policies intended to protect China’s
critical industries—first appeared in a 22-page document at the end of
2014, according to a /New York Times/
report. Such rules have not been officially announced yet. But the U.S.
Chambers of Commerce joined a number of
other foreign business groups in sending a letter
to the Central Leading Group for Cyberspace Affairs, chaired by
President Xi Jinping, that called for “urgent discussions” about the
policies. Tech giants such as Microsoft, Cisco, and Qualcomm have also
independently voiced their concerns.
Under the bank rules, tech companies would have to hand over source
code, set up research and development centers in China, and build
hardware and software back doors that would permit Chinese officials to
monitor data within their computer systems.
The /New York Times/ also detailed a separate Chinese antiterrorism law
being drafted that would require companies to store all data about
Chinese users on servers physically located in China. The law would also
ask companies to hand over encryption keys and enable Chinese officials
to check content for terrorism-related activities.
China’s new policies come in the wake of revelations from former U.S.
National Security Agency contractor Edward Snowden, about the NSA’s
efforts to infiltrate Chinese tech giant Huawei
Documents leaked by Snowden include an NSA list of programs designed to
install back doors in Huawei’s software and hardware that the U.S. spy
agency could exploit for intelligence-gathering purposes.
Snowden’s revelations eventually prompted China to set up its Central
Leading Group for Cyberspace Affairs. Chinese officials have also set
the goal of reducing their reliance upon foreign tech firms and boosting
the presence of domestic tech firms.
U.S. tech companies fear that China’s new rules would force them to give
up intellectual property to Chinese state-supported companies and
possibly compromise the security of their own computer systems and
products. Companies also fear that if they don’t comply with the rules
and if the Chinese government expands such rules beyond the banking
sector, they could potentially be shut out of the Chinese market.
The letter to Xi puts their worries in the context of the Chinese market:
An overly broad, opaque, discriminatory approach to cybersecurity
policy that restricts global internet and ICT [information and
communications technolgy] products and services would ultimately
isolate Chinese ICT firms from the global marketplace and weaken
cybersecurity, thereby harming China's economic growth and
development and restricting customer choice.
The history of the United States-China cyber detente
makes it difficult for U.S. companies to trust Chinese officials with
their intellectual property and access to their computer systems. The
United States has long accused China’s government and military of
corporate espionage against U.S. companies and government agencies. Last
year, the U.S. Department of Justice charged five Chinese military
stealing a variety of trade secrets from U.S. businesses.