In the last few months, Chinese authorities have made a number of moves to restrict firms providing tech products and services in the PRC. A draft counterterrorism law recently reviewed by the National People’s Congress would require foreign firms operating in China to store all information on Chinese users in servers physically located in China and adopt protocols for monitoring content for “terrorist” activity. Chinese internet regulators recently issued new rules requiring tech firms providing products or services to Chinese banks to undergo a security review by state regulators; to pass review, firms may be required to reveal source code or encryption keys to regulators or create software “backdoors” so that regulators could monitor user data. Meanwhile, an increasing number of foreign tech products are being removed from PRC government procurement lists. The new restrictions on tech firms are part of a comprehensive “Cyber Security Review Regime” which China’s top decision-making body for cyber policy says will be implemented by the end of 2015.
These Chinese concerns over the security risks of foreign – particularly U.S. – technology have heightened in the wake of revelations by former NSA contractor Edward Snowden that the U.S. government conducts large-scale cyber surveillance of U.S. citizens, allies and others, through both personal computers and mobile devices. Those concerns have only escalated in recent weeks, after a report by Moscow-based information security firm Kaspersky Lab that a group of hackers, which Kaspersky labeled the “Equation Group,” has successfully infected hundreds of computers in at least 42 countries with incredibly sophisticated malware that has the ability rewrite the hard-drive firmware of infected computers, thus making it exceedingly difficult to detect or remove. While the Kaspersky report doesn’t directly equate the “Equation Group” with the NSA, it provides strong evidence that they are one and the same.
However, attempts to impose restrictions on foreign technology firms are nothing new for China, and seem to reflect a decades-long attempt by Zhongnanhai (the Chinese equivalent to the White House) to promote domestic development of strategic technological capabilities. Chinese government officials have even highlighted the importance of China’s closed internet regime for the successful development of domestic tech firms. This suggests that the new regulations are not just a response to the Snowden revelations, but part of a larger movement towards a protectionist policy on information technology.
At the very least, that seems to be the analysis of the U.S. government. In an interview with Reuters last week, President Barack Obama said he was concerned about the restrictive environment U.S. tech companies are facing in China. Obama said the regulations “have to change” if China wants to continue doing business with the U.S.
Of course, China is not alone in expecting foreign technology companies to comply with regulators’ wishes to be able to access domestic tech products. The U.S. government is in the midst of a dispute with Apple over encryption keys for the iPhone 6, which Apple says it is unable to turn over to the government. The phone encrypts data using an algorithm that creates a code unique to each device, making it impossible for Apple to comply with a potential court order to turn over data stored on the phone to law enforcement or intelligence agencies. And like China, the U.S. Congress has also restricted the access of Chinese firms such as Huawei Technologies and ZTE Inc. to the U.S. market on the basis of national security concerns.
While China may be the only one talking about “internet sovereignty,” it doesn’t seem as though it’s the only one practicing it. U.S. lawmakers have long been concerned about “dual-use” (commercial and military) technologies falling into the hands of the People’s Liberation Army and have sought to limit exports of such technologies, although these attempts have been stymied by failure to secure similar guarantees to not export to China from U.S. allies (pdf). As cyber capabilities grow in importance for espionage and warfare, policymakers will have to reevaluate the very concept of “dual-use.”
As the U.S. pursues a case against China at the WTO over protectionist policies and talks on eliminating tariffs for high-tech products break down, a new trade regime of closed systems seems to be shaping up in the information technology realm.
A future where U.S. and Chinese firms and government agencies purchase only domestically-sourced tech products and services does not seem so far off. And for consumers, the day may have already arrived where buying the newest device is not a matter of deciding which features you like best, but where the product was made and whether or not you’re comfortable with that country’s surveillance practices.
Image source: Council on Foreign Relations, The Great Hall of the People in Beijing on March 14, 2013, when Xi Jingping became China’s president. Xi leads the country’s Central Leading Group for Cyberspace Affairs, which sets China’s cyber policy