nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

China cyber-security law will keep citizens' data within the Great Firewall

Foreign firms may suddenly find doing business there difficult

By John Leyden, 1 Jun 2017

China's new cyber-security laws, which come into effect on Thursday, may make it harder for foreign businesses to trade in the country.

Under the regulations, data on Chinese citizens – including personal information, salary details and more – can only be kept within China. The law would also prevent the transmission of any economic, scientific or technological data overseas on either national security or public interest grounds, as defined by the Chinese government.

The rules apply to any "network operator" – a term that encompasses social media companies and large internet firms – and mean that they need users' permission before transferring any data on them outside the country. The consequences for businesses that fail to comply with this new law are dire: a refused or revoked licence can never be reversed. This means if companies that fail to comply with the so-called Bei'an licence laws are liable to get blacklisted.

Bill Hagestad, a former US Marine Corps lieutenant colonel turned cyber conflict author and researcher, told El Reg that the new rules reflect heightened concern in Beijing about foreign influence mediated through the internet.

"The new Chinese internet security law is designed to protect the cyber borders of China against foreign negative influences," Hagestad said. "[It is] also designed to ensure the Communist Party ideals are not directly or indirectly challenged by impure thoughts.

"Given the release of the Shadow Brokers' NSA tools, the Chinese are now more certain than ever before that any foreign technology brought into the Middle Kingdom must be inspected and deemed pure/free from any vulnerabilities that could challenge China's internet security."

Alex Nam, EMEA managing director of content delivery network CDNetworks, warned that foreign internet companies will now find it harder to trade in China.

"The new cybersecurity law on 1 June will make it harder for non-Chinese businesses to trade in the country," Nam said. "All businesses that host websites and web content (such as applications) in China will be affected. Yet many don't know what impact the law has on them or whether their business is in jeopardy.

"Thousands of government officials, as well as intelligent algorithms, are currently investigating whether non-Chinese companies meet all of the requirements of the new legislation. The new law has a huge impact on network operators and critical information infrastructure operators because they host websites in China on behalf of other companies. As a result, checks are being carried out to determine whether hosting providers and content delivery network (CDN) providers have the necessary licences, and are being asked by government officials to make the necessary changes in the shortest possible time."

CDNetworks says it's seeing "uncertainty from companies as to whether they are affected by the legislation".

"Without support and guidance, UK businesses are putting themselves at risk," Nam added. "Especially the UK businesses operating in China, who are completely unaware that this new law even impacts them." ®

The Register - Independent news and views for the tech community. Part of Situation Publishing