China’s New Cybersecurity Rules Are Bad News For Everyone

As you may have already heard, China intends to implement a new set of cybersecurity rules which forbid foreign companies from encrypting data and allow Chinese officials to share whatever information they choose with state organizations. This is a very bad thing for both businesses and consumers.

In case you haven’t already heard the news, starting January 1, the Chinese government plans to adopt new cybersecurity legislation. Given that it’s known as the Cryptography Law, you might expect it to include stuff like required encryption strength and the responsibilities businesses have in securing their data. But you’d be wrong.

Instead, it is a bald-faced attempt by the Chinese government to seize control of data it has absolutely no right to. As reported by Gatesone Institute, under the Cryptography Law, no foreign company operating in China will be allowed to encrypt data that cannot be read by the Chinese central government and the Communist Party of China. Businesses will be required to turn over their encryption keys if they still want access to the Chinese economy.

That isn’t even the worst of it. Under this new legislation, Chinese officials will be able to share any data they seize with state organizations. In other words, if they so choose, they can use this legislation to gain an unfair competitive advantage.

“Beijing’s system, once implemented, will be so invasive that Chinese authorities will no longer need to ask foreign businesses to turn over data,” writes Gatestone Institute’s Gordan Chang. “Chinese officials will simply be able to take that data on their own…China’s new rules will almost certainly result in foreign companies losing trade secret protection around the world.” 

The seizure of trade secrets is far from the only reason this new legislation is concerning. As evidenced by what happened with China’s new facial recognition database, there’s also the question of whether or not the data seized by Chinese officials will even be kept secure. As you may recall, the company responsible for maintaining the database suffered a massive breach shortly after the system went live

If this is how a state-sponsored agency in China secures data which is presumably of import to the government, it raises the question of how it will treat corporate data captured as part of the new legislation. 

Not everyone is concerned by this legislation, mind you. China is already widely-known for being a surveillance state. In the current regulatory climate, Wired Magazine notes, there’s already precious little a company can do to stop the government from shutting down assets or seizing data.  The Cryptography Law is arguably just an acknowledgment of that fact. 

Regardless, this is still a troubling development. It’s clear that something needs to change in terms of China’s relationship with international businesses. Otherwise, more and more organizations are going to have to choose between their own trade secrets and customer data and growth in what is arguably one of the largest economies in the world.

And making the wrong choice could easily destroy a brand.