Chinese authorities can demand any data “related to cybersecurity” from internet companies
New regulation could allow China to request data from foreign companies with local servers, like Apple
Very soon, the Chinese government will have the legal power to walk into any internet service provider and take away a copy of any information deemed related to cybersecurity.
The new regulation will take effect on November 1, allowing police to inspect the offices and data centers of all internet companies. Authorities can read or take any data they deem relevant. They are also allowed to conduct remote surveillance of these businesses, although authorities didn’t elaborate on how it works in detail.
Even without the new rules, police are long known to have carried out similar investigations. But the creation of clear and detailed regulations, granting authorities explicit rights to access data, could send further chills among human rights advocates, as well as US companies worried about the safety of their intellectual property in China.
Under the new rules, police can probe whether companies are doing enough to stop the spread of “illegal information” -- a term that often covers online discussions critical of the government. Authorities can also check to ensure that companies are helping with criminal and terrorist investigations, practices that critics say are frequently used to target dissidents and religious minorities.
Amnesty International's William Nee told the South China Morning Post that the regulation is designed in part to “effectively implement China’s censorship directives and its surveillance state”.
China’s new rules clearly allow authorities to collect any data it considers relevant to cybersecurity. They can also examine how a company secures its network, and demand answers from staff on site. This could affect any foreign company that stores data in China, like Apple, which recently moved iCloud data for users in China to the country.
Critics have long feared that Apple could be forced into handing over user data, and this is only going to heighten those concerns. But Apple has stressed that all user data in iCloud is encrypted, and CEO Tim Cook recently reiterated that only Apple itself -- not Chinese authorities -- has the key. That would mean that even if the data was seized, they wouldn’t necessarily be able to access it.
Apple did not immediately respond to our request for comments.
All this comes as China also faces mounting allegations of stealing US tech secrets.
In a document released in March, the Trump administration outlined how it believes China has been taking sensitive information from US businesses. One example was using security reviews as a pretext to pressure companies into disclosing proprietary designs. Some experts also say that the Chinese government frequently use police raids to obtain carefully guarded knowledge.
China’s new cybersecurity regulation states that police officers are barred from sharing commercial secrets with third parties. And Beijing has repeatedly denied allegations of state-sanctioned technology theft.