New Regulations Appear To Authorize Chinese Law Enforcement To Hack Into Computers Anywhere In The World

from the everyone's-doing-it dept

A recurrent theme here on Techdirt has been the way in which the West has ceded the moral high ground in so many areas involving the tech world. For example, in 2010, we noted that the US had really lost the right to point fingers over Internet censorship. The moral high ground on surveillance went in 2013 for people, and in 2014 for economic espionage. Meanwhile, the UK has been shown to be as bad as the most disreputable police states in its long-running blanket surveillance of all its citizens.

The UK's most recent move to cast off any pretense that it is morally superior to other "lesser" nations is the Investigatory Powers Act, which formalizes all the powers its intelligence services have been secretly using for years. One of the most intrusive of those is the power to carry out what is quaintly termed "equipment interference" -- hacking -- anywhere in the world. That means it certainly won't be able to criticize some new rules in China, spotted by the Lawfare blog:

The regulations seem to authorize the unilateral extraction of data concerning anyone (or any company) being investigated under Chinese criminal law from servers and hard drives located outside of China.

Article 9 of the 2016 regulations provides that the police or prosecutors may extract digital data from original storage media (e.g., servers, hard drives) that are located outside of mainland China (i.e., including servers in Hong Kong, Macau, and Taiwan) "through the Internet" and may perform "remote network inspections" of such computer information systems. Remote network inspections are helpfully defined, in Article 29, as "investigation, discovery, and collection of electronic data from remote computer information systems related to crime through the Internet." The only caveat to this grant of authority is a requirement that investigations be subject to "strict standards." No guidance is provided as to what "strict" means.

On its face, the regulation indicates that Chinese officials have authorization to remotely search or extract data anywhere in the world, subject only to the limitations of [China's] domestic law.

If the idea of Chinese government agents hacking into your computer doesn't appeal, well, tough luck: the West is doing it too, so there's really nothing governments there can say that isn't deeply hypocritical. That won't stop them, of course, and it may lead to some nasty international name-calling that could escalate dangerously.

The fact that pretty much all the main players are hacking everyone else like crazy is yet another argument for not weakening encryption anywhere. However much certain politicians might want magic crypto systems that only let in the good guys and always keep out the bad guys -- perhaps by invoking the necessary hashtags -- they simply don't exist. Morever, the supposedly clear-cut distinction between good guys and bad guys has been blurred so completely by decades of the West losing the moral high ground here that it's not a very useful way of framing things anyway.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: china, hacking

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    PapaFox (profile), 4 Apr 2017 @ 7:14am

    Rubbish - get a good translation

    Sorry Glyn, you've got it wrong. I doubt you read Chinese or are versed in Chinese law, so you have fallen for Susan Hennessey and Christopher Mirasola's panicked response to a very technical Chinese court document. Your article is typical of the poor reporting on China - few reporters speak Mandarin, fewer understand the political debates going on in China. They hear some gossip and promptly write and article that has serious errors.

    A reasoned response "Sometimes a rule of evidence is just a rule of evidence" has been written by Jeremy Daum.

    The new regulations don't change or permit any new activities by Chinese law enforcement. Frankly, if a Chinese government whether it be at county, provincial or national level wants to hack you, then they are not going to be stopped by what is or is not admissible in a court of law.

    What the new regulations do is specify how such evidence has to be handled. Specifically, if a litigant wishes to enter evidence obtained by hacking they have to identify it as having been obtained through hacking. So now hacking will be far more public than it was before and probably less likely to occur. at least if a trial is likely.

    To understand what is going on, you need to understand the debate about the rule of law that is happening in China. In the west (be it the US, Britain, France, Germany etc), at least in principle, if the same case with the same evidence was heard by two different judges then approximately the same judgement should be rendered. Judges are constrained by the same legislation/civil code, the same precedents, the same interpretation rules. However in China this doesn't happen because while there is a common civil code (forked from the German civil code circa 1930), the interpretation and precedents aren't there. Chinese judges, like all judges, have the pick winners and losers. For these reasons (along with others) the general run of Chinese commercial justice is a bit of mess with with different outcomes depending on which court and which judge a case is heard before.

    Senior judges and lawyers want to rectify this, but there is a problem. The "rule of law" is a highly political topic in China, with the CPC (Communist Party of China) holding that it's evil and bad, while lawyers in general quietly approve of it. Because of the political nature of the debate, the legal system is moving in a somewhat crab-wise direction to towards implementing the infrastructure which will allow the rule of law. This regulation is part of that movement. Don't misunderstand me - the Chinese legal system has a very long way to go before it approaches the rule of law, but this a good step in the right direction.

    So, Glyn - you quoted a panicky analysis and haven't checked the original material. Go read Jeremy Daums' response (including the translation of the new regulation) and think again. What is actually happening is the opposite of what you are claiming.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.