International “tech” companies must watch out for the tough new rules that will go into force in June 2017. Under the guise of cyber security and national interest, China will have the right to inspect proprietary source code and IP to prove their products cannot be breached by hackers. This is among a raft of other rules to ensure that all “data” collected in China is stored in China under Chinese law and all users are identified by real, traceable names.
According to various reports, but best summarised in the Nasdaq, tech companies like Microsoft, IBM, and Intel are loath to comply, saying that opening source code and IP to what amounts to detailed engineering level inspection increases the risk of the code falling into the hands of rivals or malefactors.
The three companies will be filing objections to the Technical Committee 260, the national cyber security standards maker, as it released technical parameters of its omnibus cyber security law adopted on 7 November and to be implemented by June 2017. The standards include operating systems, microprocessors, office software, and other products.
“US firms are unlikely to leave China over the cyber security requirements because of the importance of the mammoth Chinese market,” said James Gong, a senior associate at law firm Herbert Smith Freehills who works with Western clients in navigating Chinese law. "I don't think they will pull out. I haven't heard of any company that has decided to leave."
But therein lies the conundrum – China does not really care if they pull out as there are a raft of Chinese companies ready to provide similar goods and services to its 1.4 billion inhabitants, the world’s largest market. India follows with 1.35 billion. The US, at 326 million, pales into insignificance, let alone Australia's 24 million.
The problem is that if the technology is copied it will be very difficult to prove in Chinese courts. Chinese law is very different according to Chinalawblog.
"When the foreign party points out that this is a breach of trust, the Chinese side will often reply with something like the following: 'In China, business is like warfare and contract like a treaty between nations. We will honour the treaty when it benefits us, and we will breach when it benefits us. Personal matters are not relevant. As soon as we see a benefit, we will take it. The situation is really all your fault. You should not have presented me with a situation where I had the opportunity to betray you. By leaving me an opening, you forced my hand, because the rule in China is that when an opportunity presents itself, the prudent businessperson must take advantage of the opportunity'."
China is also using the new cyber security laws to “help stop cyber attacks and help prevent acts of terrorism”, but others say it is just the erosion of further freedoms including mandatory security checks on companies in industries like finance and communications, and mandatory in-country data storage. This will make foreign operations more expensive or lock them out altogether. Individual users will have to register their real names to use messaging services in China.
Human Rights Watch said on Monday that it was concerned about several aspects of the law, including that it calls for real-name registration for users of Chinese instant messaging services. It wrote in a statement, "The already heavily censored Internet in China needs more freedom, not less. Despite widespread international concern from corporations and rights advocates for more than a year, Chinese authorities pressed ahead with this restrictive law without making meaningful changes."