Advertisement

SKIP ADVERTISEMENT

China’s Cybersecurity Efforts Could Pose New Challenge for Foreign Firms

A letter of intent by the Cyberspace Administration of China details some of the next steps in enhancing already strict controls on digital activity in the country.Credit...Aly Song/Reuters

HONG KONG — It has been a tough year in China for America’s technology companies.

Uber sold off its operations there. Beijing ordered some of Apple’s services shuttered. And Microsoft faced a new inquiry.

Now, in the final days of 2016, China’s internet regulator suggested the coming year may be even trickier. A report by the regulator on Tuesday suggested it would formalize a cybersecurity review system on tech products in the country.

That could mean another problematic step for foreign tech firms in what has already become a tough market. The report did not offer details about what the government checks would look for, but the language was similar to that described in an article in The New York Times in May about foreign companies quietly submitting to security checks targeting encryption and data storage.

Over the course of 2016 and part of 2015, a number of major foreign technology companies were subject to secretive Chinese security reviews. During the checks, Chinese officials would ask employees of the companies to answer questions about products in person. The reviews are run by a committee of engineers and experts with ties to the country’s military and security agencies.

The checks have already raised alarms among American tech companies, and if formalized, they could create a new standoff between China and the United States over internet policy.

The report, the first of its kind released by the regulator, the Cyberspace Administration of China, is part of a broader effort to streamline cybersecurity management in the country. More broadly, it outlined other details of efforts to enhance already unprecedented internet controls in China. For example, the report also doubles down on a cybersecurity law passed last month that raised concerns among human rights groups and foreign companies.

Beijing has struggled to balance its goal of fostering innovation with its desire to keep control over a communication medium it believes could be destabilizing. While it includes boilerplate references to opening up, the report makes clear that the government will continue to err on the side of control for now.

In a section subtitled “Peace,” the report said that Beijing would work to get ahead of a global cybersecurity arms race threatening international peace. In another part, the regulator said that China would use military means if necessary to protect its internet sovereignty. China has said in the past that the internet represents a new realm, akin to space, in which it must assert its rulership rights.

The new report is the clearest signal yet of the government’s intent to crystallize those checks into a formal policy.

The document includes a long list of economic sectors that could be deemed sensitive, which could mean that they would eventually be required to use only computing equipment approved by regulators. The sectors include energy, finance, traffic, education, research, industry, water management, manufacturing and health care, as well as communications systems and the internet.

To some degree, bringing the checks into the open would be welcome. Some people who were aware of the security checks on encryption and data storage complained that they were vaguely defined and treated as a secret. For foreign companies, that left open the possibility that the checks could be used to extract trade secrets or to find weaknesses in products for state hackers.

Still, if China were to be more public about the checks, it could lead to copycat policies from other countries, analysts have said.

Drafts of proposed Chinese laws are typically released to domestic and foreign companies for comment. In this case, the reviews were carried out without formal legislative process, meaning that companies had little room to push back.

Cao Li in Beijing contributed research.

A version of this article appears in print on  , Section B, Page 1 of the New York edition with the headline: China’s Tough Cybersecurity May Get Tougher. Order Reprints | Today’s Paper | Subscribe

Advertisement

SKIP ADVERTISEMENT