In January, I reported that new Chinese regulations requiring foreign companies supplying computer equipment to China to hand over source code, build backdoors into hardware and software, and submit to invasive audits had been widely condemned by trade groups in the West.
Beijing insisted the measures were necessary to combat cyber crime and terrorism, but business groups – including the US Chamber of Commerce – said the regulations amounted to protectionism and were a way of preventing their trading with the world’s second largest economy.
Last week, a second draft of China’s first anti-terrorism law – which also requires companies to keep servers and user data within China, supply communication records to law enforcement authorities, and censor Internet content related to terrorism – was read. The law is expected to be adopted in the coming weeks.
President Obama has now criticized China’s proposed measures, calling them “restrictive practices” that would, “ironically, hurt the Chinese economy over the long term”. He told Reuters Monday: “This is something that I’ve raised directly with President Xi… we have made it very clear to them that this is something they are going to have to change if they are to do business with the United States.”
In response, Beijing insisted that the powers were necessary to fight terrorism, and criticized US hypocrisy, citing Edward Snowden’s allegations that the NSA had hacked millions of cellphones via Gemalto SIM cards. Foreign Ministry spokesperson Hua Chunying said: “The legislation is China’s domestic affair, and we hope the US side can take a right, sober and objective view towards it.”
Xinhua, the Chinese government’s press service, was more forthright, saying: “US president Barack Obama’s criticism of the upcoming counterterrorism law of China is utterly groundless and another piece of evidence of arrogance and hypocrisy of the US foreign policy”. It also noted that “[the] US Federal Bureau of Investigation and the National Security Agency both have access to the equipment of major US technology firms. FBI director James Comey publicly warned companies like Apple and Google in 2014 against using encryption that the law enforcement authorities cannot break.”
On the subject of encryption, FREAK, a recently discovered SSL/TLS vulnerability affecting many Apple and Google devices, has been in the news this week. The vulnerability, which is said to have rendered some 14 million websites vulnerable to MITM (man-in-the-middle) attacks, exists solely because of US regulations on the export of cryptography.
For more on Chinese government cyber initiatives and a timely examination of the threat of state- sponsored cyberwarfare, read 21st Century Chinese Cyberwarfare.