This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2015/01/29/technology/in-china-new-cybersecurity-rules-perturb-western-tech-companies.html

The article has changed 3 times. There is an RSS feed of changes available.

Version 0 Version 1
New Rules in China Upset Western Tech Companies New Rules in China Upset Western Tech Companies
(about 3 hours later)
HONG KONG — The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China.HONG KONG — The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China.
The new rules, laid out in a 22-page document approved at the end of last year, are the first in a series of policies expected to be unveiled in the coming months that Beijing says are designed to strengthen cybersecurity in critical Chinese industries. As copies have spread in the past month, the regulations have heightened concern among foreign companies that the authorities are trying to force them out of one of the largest and fastest-growing markets in the world for technology products and services. The new rules, laid out in a 22-page document approved at the end of last year, are the first in a series of policies expected to be unveiled in the coming months that Beijing says are intended to strengthen cybersecurity in critical Chinese industries. As copies have spread in the past month, the regulations have heightened concern among foreign companies that the authorities are trying to force them out of one of the largest and fastest-growing markets.
In a letter sent Wednesday to a top-level Communist Party committee on cybersecurity led by President Xi Jinping, foreign business groups that represent major Western technology companies objected to the new policies and complained that they amounted to protectionism. In a letter sent Wednesday to a top-level Communist Party committee on cybersecurity, led by President Xi Jinping, foreign business groups objected to the new policies and complained that they amounted to protectionism.
The groups, which include the U.S. Chamber of Commerce, called for “urgent discussion and dialogue” about what they said was a “growing trend” toward policies that cite cybersecurity in requiring companies to use only technology products and services developed and controlled by Chinese firms. The groups, which include the U.S. Chamber of Commerce, called for “urgent discussion and dialogue” about what they said was a “growing trend” toward policies that cite cybersecurity in requiring companies to use only technology products and services that are developed and controlled by Chinese companies.
The letter is the latest salvo in an intensifying tit-for-tat between China and the United States, which have clashed over online security during the last two years in what has begun to resemble a technological Cold War. While the United States has accused Chinese military personnel of hacking and stealing from American companies, China has pointed to recent disclosures of United States snooping in foreign countries as a reason to get rid of American technology as quickly as possible. The letter is the latest salvo in an intensifying tit-for-tat between China and the United States over online security and technology policy. While the United States has accused Chinese military personnel of hacking and stealing from American companies, China has pointed to recent disclosures of United States snooping in foreign countries as a reason to get rid of American technology as quickly as possible.
With China’s Internet filters increasingly creating a world with two Internets, a Chinese one and a global one, new policies could further bifurcate the tech world, with national security considerations forcing hardware and software makers to sell to either China or the United States. Although it is unclear to what extent the new rules result from security concerns, and to what extent they are cover for building up the Chinese tech industry, the Chinese regulations go far beyond measures taken by most other countries, lending some credibility to industry claims that they are protectionist. Beijing also has long used the Internet to keep tabs on its citizens and ensure the Communist Party’s hold on power.
Chinese companies must also follow the new regulations, though they will find it easier since for most, their core customers are in China.
China’s Internet filters have increasingly created a world with two Internets, a Chinese one and a global one. The new policies could further split the tech world, forcing hardware and software makers to sell either to China or the United States, or to create significantly different products for the two countries.
Several Chinese hardware makers have run into problems in the United States after warnings from Congress about their ties to the Chinese government.Several Chinese hardware makers have run into problems in the United States after warnings from Congress about their ties to the Chinese government.
For multinationals, the Chinese market is simply too big to ignore. China is expected to spend $465 billion in 2015 on information and communications technology, according to the research firm IDC, which says the expansion of China’s tech market will account for 43 percent of worldwide tech-sector growth. For multinationals, the Chinese market is simply too big to ignore. China is expected to spend $465 billion in 2015 on information and communications technology, according to the research firm IDC, which says the expansion of China’s tech market will account for 43 percent of worldwide tech sector growth.
Analysts said new Chinese policies like the bank rules and an antiterror law that is still in draft form will make doing business increasingly difficult in China for foreign hardware and software companies. Analysts said new Chinese policies like the bank rules and an antiterrorism law that is still in draft form would make doing business increasingly difficult in China for foreign hardware and software companies.
“I think they’re obviously targeting foreign vendors that are operating in China,” said Matthew Cheung, a researcher at the analytics firm Gartner. “They are promoting the local technologies so that local providers who have the capabilities to provide systems to these enterprises can get more market share.”“I think they’re obviously targeting foreign vendors that are operating in China,” said Matthew Cheung, a researcher at the analytics firm Gartner. “They are promoting the local technologies so that local providers who have the capabilities to provide systems to these enterprises can get more market share.”
For instance, the bank rules say 75 percent of technology products used by Chinese institutions must be classified as “secure and controllable” by 2019.For instance, the bank rules say 75 percent of technology products used by Chinese institutions must be classified as “secure and controllable” by 2019.
Though analysts say “secure and controllable” — an emerging buzz phrase that peppers several new Chinese technology policies — may be open to interpretation, a chart attached to the banking regulations shows the troubles foreign companies could have winning that classification for their products. Though analysts say “secure and controllable” — a phrase that peppers several new Chinese technology policies — may be open to interpretation, a chart attached to the banking regulations shows the troubles foreign companies could have in winning that classification for their products.
For most computing and networking equipment, the chart says, source code must be turned over to Chinese officials. But many foreign companies would be unwilling to disclose code because of concerns about intellectual property, security and, in some cases, United States export law.For most computing and networking equipment, the chart says, source code must be turned over to Chinese officials. But many foreign companies would be unwilling to disclose code because of concerns about intellectual property, security and, in some cases, United States export law.
The chart also calls for companies that want to sell to banks to set up research and development centers in China, obtain permits for workers servicing technology equipment and build “ports” to allow Chinese officials to manage and monitor data processed by their hardware.The chart also calls for companies that want to sell to banks to set up research and development centers in China, obtain permits for workers servicing technology equipment and build “ports” to allow Chinese officials to manage and monitor data processed by their hardware.
The draft antiterror law pushes even further, calling for companies to store all data related to Chinese users on servers within the country, create methods for monitoring content for terror threats and provide keys to encryption to public security authorities. The draft antiterrorism law pushes even further, calling for companies to store all data related to Chinese users on servers in China, create methods for monitoring content for terror threats and provide keys to encryption to public security authorities.
Sophie Richardson, China director of Human Rights Watch, said in a news release that the law was “little more than a license to commit human rights abuses.”
The rules about encryption could prove problematic for Apple, which has used new encryption methods in the iPhone 6 that are based on a complicated mathematical algorithm tied to a code unique to each phone. Apple says it has no access to the codes, but under the proposed antiterror law, it would be required to provide a key so that the Chinese government could decrypt data stored on iPhones.
In the letter, the Western companies also voiced concerns about a broader “cybersecurity review regime” under which the Chinese government would assess the “security and controllability” of hardware, software and technology services sold in China, through audits and other checks. More details about the checks will be sent to the Central Leading Group for Cyberspace Affairs, the committee led by the Chinese president, in February, according to a recent report by Xinhua, the state-run news agency.
Prompted in part by the disclosures by Edward J. Snowden, the former United States intelligence contractor, the committee is leading the charge in consolidating and streamlining cybersecurity efforts in China, and analysts said it has most likely presided over or given tacit support to the new policies.
The leadership committee is also trying to wean the country from its reliance on foreign technology, a longstanding goal that has gained urgency after Mr. Snowden’s revelations.
“Banking is the first industry where we are aware a black-and-white regulatory document was issued,” said Jeffrey Yao, a vice president for enterprise research at IDC. “In some other industries, if you talk to the customers, many of them get the pressure to adopt the local brands, but in most of the cases they are via internal communications from the top officers.”“Banking is the first industry where we are aware a black-and-white regulatory document was issued,” said Jeffrey Yao, a vice president for enterprise research at IDC. “In some other industries, if you talk to the customers, many of them get the pressure to adopt the local brands, but in most of the cases they are via internal communications from the top officers.”
Some of America’s largest tech companies could be hurt by the rules, including Apple, which is making a big push into the country. Apple has used new encryption methods in the iPhone 6 that are based on a complicated mathematical algorithm tied to a code unique to each phone. Apple says it has no access to the codes, but under the proposed antiterrorism law, it would be required to provide a key so that the Chinese government could decrypt data stored on iPhones.
A growing number of American technology executives have complained about new barriers to access to the Chinese market. John T. Chambers, the chief executive of the network equipment maker Cisco Systems, has raised the issue, as have executives at the chip maker Qualcomm. This week, Microsoft’s chief executive, Satya Nadella, said his company was working through “geopolitical issues” regarding China.
In the letter, the Western companies voiced concerns about a broader “cybersecurity review regime” under which the Chinese government would assess the “security and controllability” of hardware, software and technology services sold in China, through audits and other checks. More details about the checks will be sent in February to the Central Leading Group for Cyberspace Affairs, the committee led by the Chinese president, according to a recent report by Xinhua, the state-run news agency.
The committee, which was created after the disclosures by Edward J. Snowden, the former United States intelligence contractor, is leading the charge in consolidating and streamlining online security efforts in China. Analysts said it had most likely presided over or given tacit support to the new policies.
The leadership committee is said to be also trying to wean the country from its reliance on foreign technology, a longstanding goal that has gained urgency after Mr. Snowden’s revelations.
Zuo Xiaodong, vice president of the China Information Security Research Institute, said the new policies and the broader push for indigenous innovation were not intended to eliminate foreign companies from the market.Zuo Xiaodong, vice president of the China Information Security Research Institute, said the new policies and the broader push for indigenous innovation were not intended to eliminate foreign companies from the market.
“In reality, it’s about the core elements of Chinese information technology. We don’t really control these. We’re under the yoke of others. If the others stop services, what do we do?” he said, noting that many Chinese companies and local governments had to scramble when Microsoft discontinued its support of Windows XP. “From a security perspective, that simply wasn’t acceptable. We’re breaking away from these types of circumstances.” “We’re under the yoke of others. If the others stop services, what do we do?” he said, noting that many Chinese companies and local governments had to scramble when Microsoft discontinued its support of Windows XP. “From a security perspective, that simply wasn’t acceptable. We’re breaking away from these types of circumstances."
But a growing number of American technology executives have complained about new barriers to access to the Chinese market. John Chambers, the chief of the network equipment maker Cisco, has raised the issue, as have executives at the chip maker Qualcomm. Earlier this week, Microsoft’s chief executive, Satya Nadella, said his company was working through “geopolitical issues.” Even if Beijing wants it to, the banking industry cannot immediately do away with all foreign hardware makers, Mr. Yao of IDC said. Banks purchase billions of dollars’ worth of hardware and software to manage transactions, and Chinese companies cannot yet produce some of the higher-end servers and mainframes they rely on.
Even if Beijing wants it to, the banking industry can’t yet do away with all foreign hardware makers, according to IDC’s Mr. Yao. Banks purchase billions in hardware and software to manage transactions, and Chinese companies can’t yet produce some of the higher-end servers and mainframes they rely on.
Mr. Yao said 90 percent of high-end servers and mainframes in China were still produced by multinationals. Still, Chinese companies are catching up at the lower end.Mr. Yao said 90 percent of high-end servers and mainframes in China were still produced by multinationals. Still, Chinese companies are catching up at the lower end.
“For all enterprise hardware, local brands represented 21.3 percent revenue share in 2010 in PRC market and we expect in 2014 that number will reach 43.1 percent. That’s a huge jump,” he said. “For all enterprise hardware, local brands represented 21.3 percent revenue share in 2010 in P.R.C. market and we expect in 2014 that number will reach 43.1 percent,” he said, using the abbreviation for the People’s Republic of China. “That’s a huge jump.”
Though Chinese companies stand to benefit, the letter from foreign business groups warned that China would hurt itself if it continued to follow its current policy trajectory.
“An overly broad, opaque, discriminatory approach to cybersecurity policy that restricts global Internet and I.C.T. products and services,” the letter said, referring to information and communications technology, “would ultimately isolate Chinese I.C.T. firms from the global marketplace and weaken cybersecurity, thereby harming China’s economic growth and development and restricting customer choice.”