China’s new draft anti-terror legislation has sent waves across the U.S. tech community. If there is a brewing tech war between U.S. and China over government surveillance backdoors and a preference for indigenous software, China’s new draft terror law makes it clear that Beijing is happy to give the United States a taste of its own medicine. The law has already drawn considerable criticism from international human rights groups, including Amnesty International and Human Rights Watch for its purported attempts to legitimize wanton human rights violations in the name of counter-terrorism. Additionally, China has opted to implement its own definition of terrorism, placing “any thought, speech, or activity that, by means of violence, sabotage, or threat, aims to generate social panic, influence national policy-making, create ethnic hatred, subvert state power, or split the state” under the umbrella of the overused T-word.
The problematic human rights issues aside, the draft anti-terror law will have important implications for foreign tech firms within China. According to Reuters’ reporting on the draft anti-terror law, counter-terrorism precautions by the Chinese government would essentially require foreign firms to “hand over encryption keys and install security ‘backdoors'” into their software. Additionally, these firms would have to store critical data — certainly data on Chinese citizens and residents — on Chinese soil. The onerous implications of this law could have lead to an immediate freeze to the activities of several Western tech companies in China, the world’s second largest economy and a booming emerging market for new technologies.
On the surface, the most troublesome implication of this law is that in order to comply with this law, Western firms, including non-technical ventures such as financial institutions and manufacturers, will be forced to give up a great deal of security. In essence, corporate secrets, financial data — all critical data — would be insecure and available for access by Chinese regulators. The new law would also prohibit the use of secure virtual private networks (VPNs) to get around these requirements.
The U.S. diplomatic response to Beijing’s new draft law is perhaps best captured in the fact that a whopping four cabinet members in the Obama administration, including Secretary of State John Kerry and U.S. Trade Representative Michael Froman, wrote the Chinese government expressing “serious concern.” China, for its part, seemed unfazed by U.S. concerns. Foreign Ministry spokesperson Hua Chunying told the press that she hoped the United States would view the new anti-terror precautions in “in a calm and objective way.” Indeed, following Edward Snowden’s revelations regarding the extent of the United States’ surveillance of private firms both within and outside the United States, Beijing likely views U.S. concerns as hypocritical. One U.S. industry source told Reuters that the new law was “the equivalent of the Patriot Act on really, really strong steroids.”
The draft anti-terror law fits into broader plans by the Chinese government to evacuate “key sectors” of foreign software. Chinese President Xi Jinping called for the government to use more domestic technology as early as a year ago, at the first meeting of the Internet security and informatization group. In Xi’s view, for China to become a more secure cyber power, it needs to know how its critical software was developed and minimize opportunities for foreign cyber infiltration. This means by 2020, China will look to entirely wean itself off Microsoft operating systems and IBM software solutions to homegrown alternatives (China released its “people’s OS” in August 2014).
The U.S. will likely not back down from its current position on this new law. The Obama administration, in its diplomacy with China, has ensured that it sends positive signals to the United States’ vibrant tech industry. For example, last year, when the U.S. Department of Justice indicted five PLA officers for cyber espionage, one explanation proffered for the indictment was that it would let U.S. companies know that the government would impose costs on Beijing for the alleged theft of private intellectual property.
Froman has already said that the new law “[isn’t] about security,” alleging instead that it is “about protectionism and favoring Chinese companies.” The United States will have a tough time convincing Beijing of the same. Given the confluence of cybersecurity and anti-terrorism issues in this law — two incredibly sensitive topics for China — negotiations will not be easy, if they are possible at all.