China demands backdoor into foreign software to "strengthen cybersecurity"

ChinaThe New York Times reports:

The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China.

The reason?

The new rules, laid out in a 22-page document approved at the end of last year, are the first in a series of policies expected to be unveiled in the coming months that Beijing says are intended to strengthen cybersecurity in critical Chinese industries. As copies have spread in the past month, the regulations have heightened concern among foreign companies that the authorities are trying to force them out of one of the largest and fastest-growing markets.

The draft antiterrorism law pushes even further, calling for companies to store all data related to Chinese users on servers in China, create methods for monitoring content for terror threats and provide keys to encryption to public security authorities.

In short: if you don't play ball, China is likely to take a dim view about allowing you to sell your technology into its country.

And before anyone reading this feels outraged that China would treat Western companies in this way, don't forget the challenges that network hardware producer Huawei has faced over the years, due to lingering concerns that the Chinese company was a threat to US national security.

China may claim that it needs to see the source code to determine if software is secretly spying on Chinese businesses, and it may argue that it needs a backdoor to snoop on private communications to fight its enemies, but the truth is that such steps lead to weaker not stronger security for everybody.

Because any time a weakness or backdoor is introduced into a system, it increases the chance for regular organised criminals to take advantage of it... as well as, of course, professional hackers working for a curious foreign state.

David CameronIronically, China's demands for surveillance backdoors seem eerily similar to those recently proposed by UK Prime Minister David Cameron, who wants to introduce something similar if he wins re-election in May.

So, congratulations Mr Cameron. You've found a country that seems to agree with your proposal, and is pushing ahead with something similar itself. Albeit not a country which has the cleanest record when it comes to human rights and liberty... but hey, you can't have everything right?

I wonder how technology companies will respond to the demands of the Chinese, and whether some will simply not find the regulations acceptable and choose to turn their back on the country instead? And I also wonder what banks will think...

Let's hope the same doesn't happen in the UK, eh?

Further reading:

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

6 Responses

  1. des

    February 3, 2015 at 4:15 am #

    Totally supported China reasoning and action. When US totally barred and threatened those who dare use Chinese technological products based on unproven security threats, we wondered when will China's technology reach the level to be not dependable on the West. Surprisingly it happened so fast. As a result of China growth, many Western technological products are already yesterday brands and with this current development many more will follow suit. All thanks to US hypocrisy, instead of condemning and suppressing China technological development, it works to China's benefit.

  2. Amanda Lay

    February 3, 2015 at 1:00 pm #

    My guess is tech companies will cave to Chinese demands because the lure of the almighty dollar is just too irresistible. And you are totally justified in comparing and contrasting what China wants to do to their populace with the UK (and the USA as well). It helps to extend the argument to its' logical conclusion, then see if it still makes sense. For example, why not place CCTV in public restrooms? After all, there is an awful lot of drug dealing that goes on there. And – (wait for it) – if you're not doing anything wrong, what do you have to worry about? Hmmm?

  3. Coyote

    February 3, 2015 at 3:18 pm #

    "And before anyone reading this feels outraged that China would treat Western companies in this way"

    Actually, my immediate reaction when seeing the title on the RSS feed was this: "Seems fair to me."

    "Ironically, China’s demands for surveillance backdoors seem eerily similar to those recently proposed by UK Prime Minister David Cameron, who wants to introduce something similar if he wins re-election in May."

    Indeed. I thought of this as well. Of course that is only one example country but that is besides the point. If UK why not China ? If China why not North Korea (I of course am deliberately playing the devil's advocate here (some might claim I'm a devil and I'll admit that there is probably truth to it) because if the west can provoke then, again, why not the other wary around ?). If North Korea then why not Russia ? Why not the US ? (Wait… perhaps too late) Why not the entire world ? Ah, there we go: if there is a backdoor in something then the backdoor is there for everyone! It isn't like the backdoor has some magical ability to determine that the person is authorised (authorised? backdoor? Authorised indeed) to use the door or not and then deny or grant entry.

    Of course, politicians ('dangerous cretins high on power, full of arrogance, selfishness and pure bred stupidity') will argue that China is the main actor in attacking other nations networks. Of course, that is only true if… you exclude the west. Never mind that in the past China actually executed people for computer crime…

    " Albeit not a country which has the cleanest record when it comes to human rights and liberty… but hey, you can’t have everything right?"

    Indeed. Then again… those are – especially the latter – are highly subjective if you think about it… what with spying to the extreme in the name of security… and ironically spying agencies can't keep secret they're spying. Says a lot about their abilities to keep the details of their victims (and that is the right word) private. And that is not only a risk to their personal (e.g. confidential) information, it is also a risk to them in other, more serious ways.

  4. Nigel

    February 3, 2015 at 3:36 pm #

    "…any time a weakness or backdoor is introduced into a system, it increases the chance for regular organised criminals to take advantage of it…"

    Right. And that includes the biggest gangs of organized criminals of all, political states—like the USA, UK, China, etc.

    Of course, in China's case, one expects it. Their track record for repression of those who resist communist brutality is well established. But it's no accident that, as Mr. Marx's philosophy becomes increasingly entrenched in the UK and the USA, those states increasingly advocate more Draconian "security" measures, and with the same result—less freedom for their citizens.

    "Terrorism", it seems, is the perfect boogeyman by which the ideological demand for security can be met with a political supply of tyranny.

  5. Jim

    February 3, 2015 at 8:23 pm #

    Nigel almost made sense in his comment, then his liberal prejudice against free nations like the US and the UK came forth. The backdoor can allow access to nefarious activities as he said. These backdoor connections have been used numerous times in the US to hack companies. The vast difference between the US and the UK utilizing backdoor access is for security reasons to protect its citizens. This is 100% justified. The Chinese on the other hand are known hackers and thieves with the prodding of the government. They will steal our better source code and hack into our systems. I have heard of bounties being paid by the Chinese government to the fastest hacking group to steal IP for profit. The Chinese are snakes and would be happy to walk on our dead Western bodies. The Chinese mandarin symbol for China literally means Center of the World i.e. the world rotates around China. The Chinese would be happy to make us their slaves. Defenseless bleeding heart liberals like Nigel will be the first slaves taken.

  6. Coyote

    February 4, 2015 at 1:24 am #

    "Nigel almost made sense in his comment, then his liberal prejudice against free nations like the US and the UK came forth.

    The vast difference between the US and the UK utilizing backdoor access is for security reasons to protect its citizens. This is 100% justified."

    Is ignoring reality and also ignoring what one of the US founders (the irony…) directly called out as being a huge risk: invasion of privacy (and otherwise giving up some liberty) for what again? Right. It won't offer safety and it won't offer security (nor anything else positive). Frankly I agree with him on the other parts and I do not at all think like Americans: those that are willing to give up their privacy, liberty, etc., for 'safety' don't deserve the supposed security they 'would' gain (they actually lose it and they deserve exactly that – privacy should not be abused at all but it is). They won't get it though; indeed, the fact the NSA can't keep their spying secrets secret means they can't keep YOUR secrets (that you didn't even authorise them to have) secret.

    I'll point out one more very ironic thing: the very suggestion that Nigel's idea (about privacy/backdoors/etc.) is somehow being against the west, the freedom of, whatever else, is really amusing. It is amusing when you consider that the west would have you believe you should be able to express those ideas without – here comes the pun – prejudice. Not only that, by allowing backdoors in the name of security (the two – backdoor and security – are opposing forces), you're actually taking away liberty… and indeed security.

Leave a Reply