The "de-Americanisation of China's IT stack" has taken another major step forward with the introduction of the new Cybersecurity Law. It not only enshrines strict new rules for foreign companies in various industries trading in China, but will also further restrict the online freedoms of citizens inside one of the most surveillance-coated nations on earth. But while the reports talk of "dismay" and "rattled" foreign multi-nationals, did they really think it would be any other way?
What it says
The new law formalises several key requirements, namely:
- That a potentially wide range of companies censor 'banned' information, and demand real name registration of their users - that is, for services like instant messaging - in order to restrict online anonymity.
- "Critical information infrastructure operators" must store "personal information and other important business data" inside China. This need only be data related to Chinese operations, but the terms remain vague enough for them to apply to a wide range of data and companies. Those wanting to transfer data outside China need to pass an additional security assessment.
- Organisations monitor and report any "network security incidents" and provide "technical support" to help in investigations. This could mean providing the authorities with access to communications and so on.
- No individual can use the internet to endanger national security, promote terrorism, spread false information to disturb the economic order, incite separatism etc. - all of which gives the authorities a lot of rope to hang any dissenters with.
Many stakeholders have already complained. American Chamber of Commerce in China chairman James Zimmerman told the Wall Street Journal that restricting the flow of data internationally would "provide no security benefits but will create barriers to Chinese as well as foreign companies operating in industries where data needs to be shared internationally."
Others said foreign tech players in China believed Beijing is using cybersecurity as a cover for protectionism: that is, "abide by our rules or get out." At the very least, there's the assumption that the extra requirements will end up costing businesses operating in China dear - both financially and in terms of their corporate reputation. LinkedIn has already been on the sharp end of criticism after it was accused of pandering to the whims of China's censors.
China director of Human Rights Watch, Sophie Richardson argued the Communist Party had pushed ahead with the law despite widespread criticism from foreign companies and rights groups in the country.
"The already heavily censored internet in China needs more freedom, not less," she said. "If online speech and privacy are a bellwether of Beijing's attitude toward peaceful criticism, everyone - including netizens in China and major international corporations - is now at risk."
Sign up for Computerworld eNewsletters.