A new report from The New York Times reveals that the Chinese Government is implementing new regulations that will require technology companies to comply with a stringent set of security disclosures and procedures in order to sell equipment to Chinese banks. The new rules are laid out in a 22-page document and are only the first in a new set of policies from the Chinese government which intend to strengthen cybersecurity in key Chinese industries. Requirements under the new terms would include turning over proprietary source code for operating systems and firmware, submitting to invasive audits, and including back doors in hardware and software that would allow the Chinese government to gain access to data stored on or transmitted from electronic devices.
Apple, for example, would be required to redesign the encryption system used on the iPhone to protect user data in order to provide keys that would allow the Chinese government to decrypt such data. It was revealed last week that Apple agreed to allow the Chinese government to conduct “security inspections” on its products, although it is unclear if this is directly related to the new regulations.
Critics of the new policies, including the U.S.
Chamber of Commerce, suggest that cybersecurity claims are really just covering for protectionism, and that the new rules are simply a means of bolstering the Chinese tech industry by requiring companies to use only domestically produced products and services. The new measures notably go far beyond those taken by most other countries, however they are also not atypical of the sort of technology policies seen in China – a country in which the government has routinely monitored and censored Internet traffic and services for decades. While the new policies only apply to companies doing business with Chinese banks, it’s generally anticipated that they will be expanded in the coming year to other industries which the Chinese government considers critical.