China’s new anti-terror law highlights tensions between national security and digital privacy

china-cpu-processor-335Unfortunately for the civilized world, terrorist groups were able to make their mark around the globe in a big way during 2016. Although most of the ire of radicalized criminal sects like ISIL and others are directed at Western world targets like America and France, Eastern powers have not been immune to the sting of irrational hatred. In recent years, many Chinese citizens working abroad have either been kidnapped or killed in terrorist attacks, most recently the four Chinese nationals that died during an Islamic militant raid on a hotel in Bamako, Mali. Regionally, China faces unique tensions from the Uighurs, a population of Muslims situated mainly in China’s Xinjiang province bordering Pakistan and Afghanistan. Clashes between Uighur factions, who allege that China has eroded its economic and cultural autonomy, and Chinese police have left a total of 200 dead on both sides in the second half of 2015.

It is against this backdrop that Chinese legislators have attempted to enact anti-terror legislation purportedly designed to protect Chinese citizens against terrorist threats. In late December, China passed a law requiring both telecommunications and Internet companies operating in the country to provide decryption, technical interfaces and other assistance to public and state security organizations to conduct investigations of potential terrorist activities. Under the law, telecom and Internet providers are responsible for implementing network security systems and content monitoring systems designed to prevent the dissemination of terrorist or extremist content.

The new law has already instigated some brushback from authorities in the United States and Europe. The European Chamber of Commerce in China has already criticized the language of the law as being too general, leaving concerns as to how European tech companies are supposed to adequately follow regulations. Elsewhere, tech companies in America are wary of handing over encryption keys and data protection passcodes to Chinese foreign officials.

For its part, China has been working to quell concerns from tech companies while arguing its ability as a sovereign nation to regulate Internet communications as it sees fit. Recent comments from Chinese foreign ministry spokesman Hong Lei indicated that the recent Chinese law was based upon existing regulations in other countries, including American wiretapping law. A statement made by Chinese President Xi Jinping in December accused the U.S. Department of State, who have criticized the anti-terror rules, and others for engaging in “cyber hegemony” in a way that undermines China’s national security.

Do tech companies have anything to fear from the new Chinese legislation? The new law has been adjusted since its first draft in response to criticisms, dropping provisions that would have required foreign tech companies to hand over encryption keys immediately and not in response to an investigation. But China’s recent history regarding how it treats foreign technology players in its domestic marketplace certainly hasn’t given anyone any reason to be incredibly trusting of that foreign regime.

[Varsity-2]

Last year, we took note of China’s domestic technology policy towards indigenous innovation, a blueprint that would see China become a global technology leader by the year 2050. That would be great if the Chinese government intended to become that leader through honest competition in research and development. However, as we’ve noted in coverage on Chinese joint venture rules, there are some legitimate concerns that the foreign government is trying to rig the technology sector to give China a leg up in domestic R&D. In order to be a player in the Chinese market, joint venture rules force a foreign company to operate in conjunction with a Chinese domestic firm. Often, that joint venture status comes with mandatory technology transfer requirements, meaning that a intellectual property owner will have to divulge that technology for production by a Chinese firm.

Compulsory tech transfer rules are problematic for a few reasons. First of all, they’re illegal under international law to which China is beholden. China is a member of the World Trade Organization (WTO), the agency which regulates trade among foreign entities. The WTO’s rules on intellectual property are reflected in the organization’s Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS). Article 28 of TRIPS states that, “Patent owners shall also have the right to assign, or transfer by succession, the patent and to conclude licensing contracts.” At first glance, it seems that TRIPS would ensure that a patent owner would have the final say in how patent rights are assigned, but China’s stance on compulsory tech transfer for joint ventures flies directly in the face of standing WTO law. Elsewhere, TRIPS mandates that technology should be transferred “to the mutual advantage of producers and users of technological knowledge.” Mandatory tech transfer doesn’t seem to be mutually beneficial at all when many patent owners would likely prefer to license a technology.

Within China, intellectual property rights are not enforced well at all. Take for example the “hoverboard” self-balancing scooters which were a hit with consumers during the 2015 holiday season. The product was about as popular as it was pirated. As we reported back in October, self-balancing scooters were first demonstrated by Chinese firm Chic Robotics. Copies soon became rampant and began drawing attention from American consumers during the 2015 Consumer Electronics Show as the IO Hawk. The infringement is so blatant that it’s nearly laughable, right down to the fact that the IO brand uses essentially the same logo as Chic Robotics, but rotated 90 degrees.

Given all this, it’s not surprising that the tech sector would have misgivings about Chinese regulations that would force the handing over of more sensitive data. Imagine a leak of encryption keys leading Chinese hackers to degrade performance of a foreign tech provider, all in the name of promoting indigenous innovation. That’s a pretty extreme scenario, but one that’s not completely unimaginable considering recent cybersecurity headlines. In October, Chinese police arrested multiple hackers at the request of the United States, but within a week there were reports published in The New York Times that more hacking incidents had been attempted from groups with ties to the Chinese government.

It would be wrong to accuse China of having ulterior motives in passing this legislation, which includes many other provisions pertaining to sending counter-terrorism forces abroad and international intelligence sharing, at least for neighboring countries. Security analysts, including those critical of broad cybersecurity enacted in American law, have pointed towards increasingly aggressive cybersecurity law as a kind of digital age arms race. And yet tough cybersecurity laws are very justifiable in response to intelligence that militant groups have used telecommunications technologies to carry out attacks. Striking the balance between addressing national security concerns and enabling economic opportunity has grown difficult at this point of the digital age.

Share

Warning & Disclaimer: The pages, articles and comments on IPWatchdog.com do not constitute legal advice, nor do they create any attorney-client relationship. The articles published express the personal opinion and views of the author as of the time of publication and should not be attributed to the author’s employer, clients or the sponsors of IPWatchdog.com.

Join the Discussion

No comments yet.