Earlier this year, I wrote about the troubling consequences China’s new anti-terror law (then under consideration by the country’s rubber-stamp legislation) would have on U.S. technology firms operating in the People’s Republic. Now, that issue has come back to the fore with reports that Beijing has reminded U.S. tech companies operating in China that their products and their servers in China need to be “secure and controllable,” a euphemistic turn of phrase that really means anything but what those two words imply (at least, for the firms in question).
Instead, what the Chinese authorities really mean is that these products must be “secure” to the extent that they can peer in, and “controllable” by the state. With days left before Xi’s arrival in the United States, amid murmurings that Washington will sponsor Chinese individuals and entities for cyber espionage, the Chinese government move emphasizes a careful game of tit-for-tat in the cyber realm.
The New York Times reports that the Chinese government’s Information Technology Security Evaluation Center, in a letter sent to U.S. firms earlier this summer, “asked the companies to promise they would not harm China’s national security and would store Chinese user data within the country.” Firms are being asked to sign a pledge that they will comply with these news policies under China’s new anti-terror law. According to the Times, the pledge includes the following language: “Our company agrees to strictly adhere to the two key principles,” namely “not harming national security and not harming consumer rights.”
The Chinese government’s proposition presents U.S. firms with a tough choice: comply with China’s overbearing laws, including possibly to the extent of granting Chinese authorities backdoor access to their services, or exit the lucrative and large Chinese market. Seen in the context of the broader U.S.-China bilateral relationship, Chinese authorities are leveraging their country’s economic heft to adversely impact U.S. firms.
For U.S. firms, there’s really no good way to approach the situation. What is most likely is that firms will do what they have to in the interest of avoiding penalties while continuing to apply pressure on the Obama administration to convey their concern and push back on the requirements at a diplomatic level. It’s unlikely that we’ll see firms exit the Chinese market altogether like Google did in 2010.
For the U.S. government, a convincing response will be necessary. The Obama administration has shown that when it comes to China, Silicon Valley is a major domestic constituency. Obama has met with senior business leaders from the U.S. tech industry and heard out their concerns about China’s censorship, cyber espionage, and other troubling practices in the information technology and Internet communications arena. Earlier this year, four cabinet officials, including Secretary of State John Kerry and U.S. Trade Representative Michael Froman, wrote to express their “serious concern” over the very anti-terrorism legislation that lead to this pledge in the first place.
I wouldn’t be surprised if this makes it to the bilateral agenda at the upcoming state visit, but with tensions high over cyber espionage and possible U.S. sanctions, this doesn’t seem to be an opportune moment for constructive exchange on the matter.