Why China Changed Its Tech Policy (And What It Means For Cybersecurity And Trade) – Part I

Late last year after the National People’s Congress, China made headlines by deciding to cut foreign-produced technology from all future government purchases. It also drafted its very first anti-terrorism law, which included stipulations requiring firms both domestic and foreign to provide the Chinese government with encryption keys, install “backdoors” in software for access by regulators, and localize servers and user data within Chinese borders. The proposed law would also make it impossible for firms to bypass the measures by using a Virtual Private Network (VPN). The new requirements, ostensibly aimed at facilitating anti-terror investigations, came with far-reaching implications for foreign firms in finance, manufacturing, and, most controversially, technology. U.S. firms were quick to protest that this would give the Chinese government (and, by extension, rival Chinese IT companies) the ability to take advantage of valuable code and potentially sensitive corporate and financial data. One industry source interviewed by Reuters called this “the equivalent of the Patriot Act on really, really strong steroids;” another said it would be “a disaster for anyone doing business in China.”

Tensions intensified in December, when the Chinese announced measures requiring tech firms to submit banking technology to similarly invasive scrutiny, including handing over precious source code to the Chinese government. Washington was less than pleased. Four Cabinet members immediately wrote their Chinese counterparts requesting “immediate suspension.” IT sector trade groups also wrote the PRC Cabinet, suggesting that the policies undermined China’s commitment to international trade law under the WTO. Criticism also came from U.S. Trade Representative Michael Froman, who argued that the proposed rules were less about security and more about “protectionism and favoring Chinese companies.” Even POTUS Obama himself got involved.

These were weighty accusations, but no one can say the stakes aren’t high. China is home to the third largest IT market in the world (behind the U.S. and Japan), which, at $465 billion, composes 20% of the global $2.3 trillion IT market. Moreover, while other sectors appear to be flagging, IT shows no signs of slowing down. It’s slated to outpace the overall Chinese economy in growth this year, and could account for a whopping 43% of growth in the global market. China’s Tencent Holdings Ltd., maker of the popular social networking application WeChat, hit a market cap of $200 billion last week, making it now officially more valuable than U.S. tech giants like Amazon, IBM, and Oracle. At $206 billion, it’s even closing in on Facebook’s $230 billion valuation.

It’s worth noting that wildly successful firms like Tencent owe their success to China’s “Great Firewall” of sophisticated cyber traffic filters. Foreign firms protest the Great Firewall, which they say raises the cost of doing business and limits market access. A survey by the European Chamber of Commerce in February found that 86% of firms doing business in China had “experienced negative business effects” as a result of China’s “Great Firewall” of stringent information controls; a similar survey by the American Chamber of Commerce found that 83% of 500 American firms responding felt the same. The Chinese government, on the other hand, credits itself with having provided a “good policy environment” for the incubation of domestic tech startups— earlier this year, an op-ed by the Global Times, a state mouthpiece, declared that, without the Great Firewall, “China would become the realm of Google China, Yahoo China and Facebook China.”

Faced with China’s proposed anti-terrorism law and banking regulation, the U.S. certainly found itself in a sticky position. American protests about foreign governments’ data protection and cybersecurity measures inevitably carry a hint of irony in our post-Snowden age. China could accuse it of hypocrisy— indeed, China has cited the Snowden incident as part of its motivation for its proposed intrusive security measures. China’s move to leave U.S. tech products out of government procurement lists would make market access for foreign firms in China much harder, but it could well be retaliation against the U.S. Congress recommendation in 2012 that did the same for products made by Chinese manufacturers Huawei and ZTE, citing security concerns. And Western governments, including the U.S., have also historically requested disclosure of security-related data, though the U.S. does not require firms to install backdoors in software and hardware. The U.S. has come up against similar post-Snowden credibility issues in trade battles with the EU over data privacy and free data flows, which promise to be a sticking point in negotiations for the Transatlantic Trade and Investment Partnership (TTIP).

After undergoing readings in October and February, the draft law was not submitted for a third round of discussion in March, without which it cannot be passed. So why did China back down (and has it really backed down)? 

Continued in part II. 

View More

One thought on “Why China Changed Its Tech Policy (And What It Means For Cybersecurity And Trade) – Part I

  1. This policy seems to be a very well thought after the ISIS attacks and going to affect global IT companies as china is largest manufacturing hub.

Comments are closed.

Interested in donating to BASC?

Donate Now