[Wall Street Journal] U.S. Presses China on Technology Rules
BEIJING—U.S. officials and business groups are objecting to a draft Chinese antiterrorism law that they say would enable Beijing to acquire proprietary information or nudge foreign technology companies out of the domestic market.
The proposed law is the latest challenge foreign tech companies face in China in the wake of disclosures about U.S. intelligence-gathering activities and heightened mistrust over cybersecurity between Washington and Beijing. However, the market offers rich rewards; research firm Gartner Inc. estimated in June that organizations in China would spend $140 billion on tech products and services in 2014.
The draft law requires both foreign and domestic telecommunications and Internet service providers to create backdoors in their systems to give Chinese authorities surveillance access, hand over copies of their encryption codes and assist government agencies with decryption when asked, among other provisions. Also, companies would be required to store Chinese users’ data on servers in the Chinese mainland; otherwise, they wouldn’t be allowed to operate in the country.
Business groups and industry insiders say they are worried about the draft law’s scope and whether they are able to carry out its requirements.
“U.S. tech companies will be faced with a very difficult choice because they will have to decide whether they want to stay in China and basically submit to surveillance,” said Robert Atkinson, who heads the Information Technology and Innovation Foundation, a Washington-based think tank.
U.S. officials called on their Chinese counterparts to address the issue in a letter sent earlier in February, according to a U.S. official. The letter was signed by U.S. Secretary of State John Kerry , Treasury Secretary Jacob Lew , Commerce Secretary Penny Pritzker and U.S. Trade Representative Michael Froman, the official said. Chinese officials didn’t respond to requests for comment on Friday.
A number of tech companies with major businesses in China, including Apple Inc. andMicrosoft Corp. , declined to comment. Others such as LinkedIn Inc. and Samsung Electronics Co. didn’t respond to requests for comment.
The law is being reviewed by the Standing Committee of the National People’s Congress, China’s legislature. The broader body is scheduled to convene on Thursday. The committee said on its website this past week that it had included provisions requiring authorities to get permission from Chinese officials before gaining access to citizens’ information through telecom and Internet companies.
The draft law is among a number of measures U.S. officials and business groups say could hurt them in the Chinese tech market. They are also protesting rules proposed for the Chinese banking industry that U.S. and European business groups say would require them to turn over proprietary technology and are overly intrusive. On Friday Mr. Froman, the U.S. trade representative, criticized the banking rules as violating China’s trade obligations. China’s banking regulator has said it would listen to all sides before enacting the rules.
Industry experts say broader worries about cybersecurity have hit companies ranging from Cisco Systems Inc. to International Business Machines Corp. They follow disclosures by former U.S. National Security Agency contractor Edward Snowden that U.S. intelligence officials have used U.S.-made gear for surveillance activities. China, which says it has been a victim of hacking, has pushed to develop domestic alternatives in areas ranging from servers to semiconductors.
Chinese authorities have been on high alert for terror threats after dozens were killed in a series of attacks last year, mostly related to a sporadically violent separatist movement based in China’s western region of Xinjiang. The draft legislation covers a wide range of areas the government says is necessary to strengthen the ability of its security apparatus to respond to and prevent attacks.
The tech industry faces similar scrutiny elsewhere, including in the U.S. The Obama administration has criticized U.S. tech firms for offering encrypting communications that can’t be unscrambled.
Tech firms hope Beijing might strike a better balance between national security demands and the need for an environment that is still conducive to business, said Erin Ennis, senior vice president of the US-China Business Council.
“Certainly, there are legitimate national security issues that any government should be protecting, but you can’t think that you’re acting in a vacuum where the measures that you do can solely focus on national security,” Ms. Ennis said. “People have to be able to trust that the products that they are using are secure.”
Industry insiders say requirements that companies store all data for Chinese users in China would be challenging to carry out given the amount of data. The requirement that companies hand over encryption keys also raises thorny questions for both companies and network security providers, they say.
China’s encryption source code demands raise the question of whether U.S. firms would be violating U.S. regulations on the exports of strong encryption, Mr. Atkinson said.
“It’s not just about human rights advocates in the U.S. decrying profit hungry U.S. technology companies. It’s whether U.S. law and regulations can even allow this,” he said.
Zunyou Zhou, a counterterrorism law expert at the Max Planck Institute in Germany, said China needs technological measures to combat terrorism more effectively, but they should be combined with strong oversight to prevent abuses.
—Eva Dou and Josh Chin contributed to this article.
Write to Carlos Tejada at firstname.lastname@example.org