Aug 8th 2020

The Global Implications of China’s National and Cyber Security Laws

by Daniel Wagner

 

Daniel Wagner is CEO of Country Risk Solutions and author of the new book The Chinese Vortex: The Belt and Road Initiative and its Impact on the World.

 

The recent implementation of a new national security law in Hong Kong has brought to much of the world’s attention something that companies operating in  China have understood for years. The Chinese government’s 2015 National Security Law states that all information systems in China must be “secure and controllable”, which means that every company operating in China – whether domestic or foreign - is required to give the Chinese government their source code, encryption keys, and backdoor access to their computer networks in China. Hong Kong is just the tip of the iceberg. The Law has had profound implications for any Chinese company operating inside or outside of China, for their joint venture partners, and for foreign companies operating inside China.

In other words, businesses must hand the government the lifeblood of their companies and products, while also giving the CCP a free pass to spy on their networks. The Chinese government has arranged that, in order to do business in China, the information that Chinese agents once had to steal through cyberattacks are now automatically provided for the ‘privilege’ of doing business there. Incredibly, even the largest, best known, and most influential foreign companies that operate in China are doing just that.

A good example is IBM, which became the first major US tech company to agree to the new rules in 2015. IBM began delivering its technical knowledge to Chinese companies that had clearly stated their objective of replacing IBM’s markets in China. The company passed information about how to build its high-end servers and the software that runs the servers to Beijing-based Teamsun, which proudly declared its strategy to ‘absorb and then innovate’, enabling it to eliminate the capability gap between Chinese and American companies and create products that could replace those sold by companies in the US.[i]

That was not the first time IBM had done something similar. In 2014, the company sold its x86 server division to Chinese computer company Lenovo. The $2.1 billion sale included the x86 BladeCenter HT servers used in some critical US Navy systems, including its Aegis Combat System, which controlled the Navy‘s ballistic missile and air defense systems. When a business with products used in critical government and military networks reveals its code to another government, it becomes a national security issue.

The US Navy was subsequently forced to identify and purchase new servers, concerned that Chinese government agents could remotely access the systems by compromising routine maintenance. A vulnerability on Lenovo computers was subsequently discovered, which took advantage of the Lenovo System Update, leaving the door open for hackers. The servers were used by Navy assets, including its guided missile cruiser and destroyer fleets, and ballistic missile and anti-air defenses.[ii]

In 2015, Hewlett-Packard (HP) sold more than half of its networking and server operations to China, whose restrictions on foreign technology vendors pushed its banks, military, and major companies to stop buying foreign technology. HP gave up control of its then $4.5 billion business to remain in the Chinese market, selling 51% of its networking and server operations in the country to an arm of Beijing’s Tsinghua University.[iii] Presumably, the only reason HP was being allowed to remain at the time was because the Chinese government had not yet acquired what it perceived to be all of HP’s intellectual and material capital. That was 5 years ago. Multiply these examples exponentially and you begin to understand the implications of the National Security Law.

In 2017, China’s first Cybersecurity Law was enacted, which significantly increased compliance costs for multinationals, leaving them vulnerable to industrial espionage, and ultimately giving some Chinese companies an unfair advantage. While some aspects of the Law were welcomed as a milestone in much needed data privacy, it also had the effect of helping Beijing steal trade secrets and intellectual property from foreign companies. The Law is both extremely vague and exceptionally wide in scope, potentially putting companies at risk of regulatory enforcement that is not related to cybersecurity.

Among its key provisions are that:

 

·                All companies must undertake a security assessment before moving data out of China if it contains the personal information of more than half a million users or data is “likely to affect national security or social public interests”. That means that a ride sharing or food delivery service could therefore be labeled a national security risk;

 

·                “Critical infrastructure” companies must store “personal information and other important data” collected in China inside the country; and

 

·                “Important network products and services” must undergo a “national security review” before being sold in China (which is so vague that it could mean anything).

 

The Law is part of a drive by Beijing to shield Chinese data from the eyes of foreign governments. Under it, companies must introduce data protection measures—a novelty for many Chinese businesses—and data relating to the country’s citizens or national security must be held on Chinese servers. Companies must submit to a review by regulators before transferring large amounts of personal data abroad. “Critical” companies—whose designation encompasses sensitive entities such as power companies or banks, but also any company holding data that, if breached, could “harm people’s livelihoods”―must store all data collected in China within the country. These companies, and any services bought by them, must go through a “national security review” to ensure they and their data systems are “secure and controllable”.

The Law allows Beijing to demand access to computer program source code (usually known only by the software developer) and national security reviews may also permit China to delve even further into companies’ intellectual property.[iv] In conventional democracies, laws limit what companies may do with information and the extent to which governments can get their hands on it. China’s National Security and Cybersecurity Laws give the government unrestricted access to almost all personal and commercial data. The largest Chinese companies that hold data (such as Alibaba, Baidu, and Tencent) routinely obey government demands to access data.

The rest of the world’s companies and governments have to assume that any firm that is Chinese, operates in China, has access to Chinese citizens, whose information passes through China, or for which the Chinese government deems information relevant to national security is subject to these Laws, and that the government will do whatever is necessary to obtain the information they possess. That means that Huawei or any other firms that are owned or operated by Chinese private of public sector companies, or are otherwise answerable to Beijing, fall under the Laws’ guidelines from the government’s perspective.

It is time for the world’s governments and companies to wake up. Beijing’s reach is wide and deep. It is taking advantage of the West’s openness – and gaps and inconsistencies in our data protection protocols - to acquire information on all of us. The hacks on Anthem, Equifax, Marriott, and the US government are good examples of how they have already done so. American and Western companies need to take a hard look at the costs and benefits associated with operating in China and continuing to have Chinese partners. Those partners must comply with these Laws. American and Western companies that continue to operate with them may unwittingly well be aiding and abetting the Chinese government.

 

Daniel Wagner is CEO of Country Risk Solutions and author of the new book The Chinese Vortex: The Belt and Road Initiative and its Implications for the World.

This article first appeared in Diplomatic Courier.


[i] Philipp, Joshua, “CHINA SECURITY: IBM Shows Chinese Agents Its Source Code”, The Epoch Times, October 19, 2015, http://www.theepochtimes.com/n3/1881004-china-security-ibm-shows-chinese-agents-its-source-code/.

[ii] Philipp, Joshua, “US Navy Cruisers and Destroyers Look to Ditch Lenovo Servers”, The Epoch Times, May 7, 2015, http://www.theepochtimes.com/n3/1348839-us-navy-cruisers-and-destroyers-look-to-ditch-lenovo-servers/.

[iii] “HP Partners with Tsinghua to Create a Chinese Technology Powerhouse”, HP, May 21, 2015, http://www8.hp.com/us/en/hp-news/press-release.html?wireId=1950801#.WRxxM2jyvic.

[iv] Yuan Yang, “China’s Cyber Security Law Rattles Multinationals”, Financial Times, May 30, 2017, https://www.ft.com/content/b302269c-44ff-11e7-8519-9f94ee97d996.

 


This article is brought to you by the author who owns the copyright to the text.

Should you want to support the author’s creative work you can use the PayPal “Donate” button below.

Your donation is a transaction between you and the author. The proceeds go directly to the author’s PayPal account in full less PayPal’s commission.

Facts & Arts neither receives information about you, nor of your donation, nor does Facts & Arts receive a commission.

Facts & Arts does not pay the author, nor takes paid by the author, for the posting of the author's material on Facts & Arts. Facts & Arts finances its operations by selling advertising space.

 

 

Browse articles by author

More Current Affairs

Apr 17th 2021
EXTRACT: "The new report on 2020 by the International Renewable Energy Agency reveals that the world’s renewable energy generation capacity increased by an astonishing 10.3% in 2020 despite the global economic slowdown during the coronavirus pandemic." .... "In 2020, the global net increase in renewables was 261 gigawatts (GW). That is the nameplate capacity of some 300 nuclear power plants! There are actually only 440 nuclear power plants in the whole world, with a generation capacity of 390 gigwatts. So let’s just underline this point. The world put in 2/3s as much renewable energy in one year as is produced by all the existing nuclear plants!"
Apr 16th 2021
EXTRACT: "When we examined the development of nations worldwide since 1820, we found that among rich Western countries like the United States, the Netherlands and France, improvements in income, education, safety and health tracked or even outpaced rising gross domestic product for over a century. But in the 1950s, even as economic growth accelerated after World War II, well-being in these countries lagged.
Apr 11th 2021
EXTRACT: "Some presidents indulge in the “Mount Rushmore syndrome” making an obvious effort to achieve greatness. Normally soft-spoken and apparently modest Biden is making his own bid for immortality."
Apr 9th 2021
EXTRACT: "New ways of thinking about the role of government are as important as new priorities. Many commentators have framed Biden’s infrastructure plan as a return to big government. But the package is spread over eight years, will raise public spending by only one percentage point of GDP, and is projected to pay for itself eventually. A boost in public investment in infrastructure, the green transition, and job creation is long overdue."
Apr 7th 2021
EXTRACT: " One can, and perhaps should, take the optimistic view that moral panics in the US blow over; reason will once again prevail. It could be that the Biden era will take the sting out of Trumpism, and the tolerance for which American intellectual life has often been admired will be reinvigorated. This might even happen while the noxious effects of American influence still rage in other countries. For the sake of America and the world, one can only hope it happens soon.  "
Mar 28th 2021
EXTRACT: "By refusing (despite having some good reasons) to end electoral gerrymandering, Chief Justice John G. Roberts, Jr., has directly enabled the paralyzing hyper-partisanship that reached its nadir during Donald Trump’s presidency. By striking down all limits on corporate spending on political campaigns in the infamous 2010 Citizens United decision, he has helped to entrench dark money in US politics. And by gutting the 1965 Voting Rights Act in Shelby County v. Holder, Roberts has facilitated the racist voter-suppression tactics now being pursued in many Republican-controlled states."
Mar 24th 2021
EXTRACT: "the UK’s tough choices accumulate, and the problems lurking around the corner look menacing. Britain will have to make the best of Brexit. But it will be a long, hard struggle, all the more so with an evasive fabulist in charge."
Mar 15th 2021
EXTRACT: "Over the years, the approach of most American policymakers toward the Israeli-Palestinian conflict has been Israel-centric with near total disregard for the suffering endured by the Palestinian people. The architects of policy in successive US administrations have discussed the conflict as if the fate of only one party (Israel) really mattered. Israelis were treated as full human beings with hopes and fears, while Palestinians were reduced to a problem that needed to be solved so that Israelis could live in peace and security.  ..... It is not just that Israelis and Palestinians haven’t been viewed with an equal measure of concern. It’s worse than that. It appears that Palestinians were judged as less ​human than Israelis, and were, therefore, not entitled to make demands to have their rights recognized and protected."
Mar 8th 2021
EXTRACTS: "XThere’s a global shortage in semiconductors, and it’s becoming increasingly serious." ...... "The automotive sector has been worst affected by the drought, in an era where microchips now form the backbone of most cars. Ford is predicting a 20% slump in production and Tesla shut down its model 3 assembly line for two weeks. In the UK, Honda was forced to temporarily shut its plant as well." ..... " As much as 70% of the world’s semiconductors are manufactured by just two companies, Taiwan Semiconductor (TSMC) and Samsung."
Mar 5th 2021
EXTRACT: "Back in 1992, Lawrence H. Summers, then the chief economist at the World Bank, and I warned that pushing the US Federal Reserve’s annual inflation target down from 4% to 2% risked causing big problems. Not only was the 4% target not producing any discontent, but a 2% target would increase the risk of the Fed’s interest-rate policy hitting the zero lower bound. Our objections went unheeded. Fed Chair Alan Greenspan reduced the inflation target to 2%, and we have been paying for it ever since. I have long thought that many of our economic problems would go away if we could rejigger asset markets in such a way as to make a 5% federal funds rate consistent with full employment in the late stage of a business cycle."
Mar 2nd 2021
EXTRACT: "Under these conditions, the Fed is probably worried that markets will instantly crash if it takes away the punch bowl. And with the increase in public and private debt preventing the eventual monetary normalization, the likelihood of stagflation in the medium term – and a hard landing for asset markets and economies – continues to increase."
Mar 1st 2021
EXTRACT: "Massive fiscal and monetary stimulus programs in the United States and other advanced economies are fueling a raging debate about whether higher inflation could be just around the corner. Ten-year US Treasury yields and mortgage rates are already climbing in anticipation that the US Federal Reserve – the de facto global central bank – will be forced to hike rates, potentially bursting asset-price bubbles around the world. But while markets are probably overstating short-term inflation risks for 2021, they do not yet fully appreciate the longer-term dangers."
Feb 28th 2021
EXTRACT: "To be sure, calls to “build back better” from the pandemic imply some awareness of the need for systemic change. But the transformation we need extends beyond constructing modern infrastructure or unlocking private investment in any one country. We need to re-orient – indeed, re-invent – global politics, so that countries can cooperate far more effectively in creating a better world."
Feb 23rd 2021
EXTRACT: "So, notwithstanding the predictable release of pent-up demand for consumer durables, face-to-face services show clear evidence – in terms of both consumer demand and employment – of permanent scarring. Consequently, with the snapback of pent-up demand for durables nearing its point of exhaustion, the recovery of the post-pandemic US economy is likely to fall well short of vaccine development’s “warp speed.” "
Feb 20th 2021
EXTRACT: "Human rights abuses under Erdogan are beyond the pale of inhumanity and moral decadence. The list of Erdogan’s violations and cruelty is too long to numerate. The detention and horrifying torture of thousands of innocent people for months and at times for years, without being charged, is hard to fathom. Many prisoners are left languishing in dark cells, often in solitary confinement. The detention of tens of thousands of men and hundreds of women, many with their children, especially following the 2016 failed coup, has become common. It is calculated to inflict horrendous pain and suffering to bring the prisoners to the breaking point, so that they confess to crimes they have never committed."
Feb 20th 2021
Courtyard of the Amsterdam Stock Exchange, circa 1670, (Job Adriaenszoon Berckheyde).
Feb 12th 2021
EXTRACT: "Global regulators will no doubt be concerned about a potential volatility spillover from digital asset prices into traditional capital markets. They may not permit what could quickly amount to effective proxy approval by the back door for companies holding large proportions of a volatile asset on their balance sheets."
Feb 11th 2021
EXTRACT: "Since Russians began protesting opposition leader Alexei Navalny’s imprisonment, the security forces have apparently had carte blanche to arrest demonstrators – and they have done so by the thousands. If Russians so much as honk their car horns in solidarity with the protesters, they risk personal repercussions. The official response to the protests goes beyond the Kremlin’s past repression. It is war."
Feb 6th 2021
EXTRACT: ".......like Biden, Roosevelt was certainly no revolutionary. His task was to save American capitalism. He was a repairer, a fixer. The New Deal was achieved not because of Roosevelt’s genius or heroism, but because enough people trusted him to act in good faith. That is precisely what people are expecting from Biden, too. He must save US democracy from the ravages of a political crisis. To do so, he must reestablish trust in the system. He has promised to make his country less polarized, and to restore civility and truth to political discourse. In this endeavor, his lack of charisma may turn out to be his greatest strength. For all that he lacks in grandeur, he makes up for by exuding an air of decency."
Feb 2nd 2021
EXTRACT: "Europe must not lose sight of the long game, which inevitably will center on China, not Russia or relations with post-Brexit Britain. China is already establishing a presence in Iran, and demonstrating that it has the capital, know-how, and technology to project power and influence beyond its borders. Should it succeed in turning the Belt and Road Initiative into a line of geopolitical stepping-stones, it might soon emerge at Europe’s southeastern border in a form that no one in the EU foresaw."