Nobody Saw This Coming: Now China Too Wants Company Encryption Keys And Backdoors In Hardware And Software
from the zone-of-lawlessness dept
"We understand the value of encryption and the importance of security," she said. "But we're very concerned they not lead to the creation of what I would call a 'zone of lawlessness,' where there's evidence that we could have lawful access through a court order that we’re prohibited from getting because of a company’s technological choices."As Techdirt has noted before, this narrative plays right into the hands of repressive governments around the world, which can simply point to the West's argument, and say: "We agree." So it will not come as a huge surprise to readers of this site to learn that when it comes to demanding encryption keys and backdoors from computer companies, China now agrees:
She said that she hopes Apple and Google will consider building in back doors that will allow the companies to decrypt the phones if they are physically mailed back to the manufacturer.
The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars' worth of business in China.The New York Times article quoted above gives more details, drawing on a chart that lays out the new requirements for companies wishing to sell equipment to the Chinese banking sector:
For most computing and networking equipment, the chart says, source code must be turned over to Chinese officials. But many foreign companies would be unwilling to disclose code because of concerns about intellectual property, security and, in some cases, United States export law.Although there is a clear protectionist element to many of these, as well as a desire to take a look at Western source code, the boldest demands -- those for backdoors and encryption keys -- are identical to what the US and EU are implicitly calling for. And so, once again, there is no way for the West to claim the moral high ground here, which inevitably undermines any protestations it might make about China's decision to follow its example.
The chart also calls for companies that want to sell to banks to set up research and development centers in China, obtain permits for workers servicing technology equipment and build "ports" to allow Chinese officials to manage and monitor data processed by their hardware.
The draft antiterrorism law pushes even further, calling for companies to store all data related to Chinese users on servers in China, create methods for monitoring content for terror threats and provide keys to encryption to public security authorities.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+