For decades, it was a commonplace in western business that no one could afford to ignore China: whatever problems a CEO might have with China’s human rights record could never outweigh the profits to be had by targeting the growing Chinese middle-class.
Businesses tied themselves in knots trying to reconcile this. Exactly 15 years ago, I challenged the Chairman of Google’s Board at the Web 2.0 Conference over his company’s decision to censor its search-results to help the Chinese state suppress political dissidence (his excuse: censoring search results delivered a “superior user experience” because including sites blocked by the Great Firewall in search results would just frustrate Chinese users who tried to click on them). The real reason? Yahoo was in China, and in 2004, if you wanted to get Google to do something stupid, all you needed to do was get Yahoo to do it first.
Two years later, we learned that Yahoo had secured their commercial future in China by helping the Chinese state target dissidents’ Yahoo Mail inboxes, so that Yahoo’s users could be kidnapped and tortured for their political activities.
Five years after that, Google disclosed that Chinese spies had hacked Gmail in order to continue their surveillance of pro-democracy activists, and revealed that this was the reason the company had pulled out of China altogether. Google co-founder Sergey Brin, a Soviet refugee, could not stomach being a party to repressive state surveillance.
But since then, Google has embarked upon a secret project to re-introduce a censored/surveilling search tool to the Chinese market.
Google’s not alone. Apple is totally dependent on China, both for customers and for manufacturing, which is why it agreed to remove all functional VPNs from its App Store, leaving only those that had backdoors for Chinese spies.
Not just Apple, either: basketball fans have been disgusted to watch the NBA (also totally dependent on China for broadcasting fees and merch sales) censor its fans and owners who voiced support for Hong Kong’s pro-democracy movement.
All along, businesses have insisted that if only we were patient and allowed them to make billions from China, China would “westernize” and embrace an open and free political model that would justify all those petty and gross human rights abuses that western companies profited from.
The tacit quid-pro-quo for that support was that China would leave its western collaborators alone, at least outside of China. That’s what made the Gmail hacks so shocking, after all — breaking into Google’s servers was a violation of the unspoken deal between China and Google. Likewise the outrage over the NBA censoring American fans and owners — it’s one thing to sanitize your in-China offerings to appease the murdering autocrats of China, but another thing entirely to allow those war-criminals to reach into America and decide who may speak and what they may say.
But China was always going to embrace-and-extend its reach over western companies, and this is just the beginning.
The latest move is the long-threatened extension of Chinese spying powers over foreign companies, whose employees are to be prohibited from using working VPNs to communicate with their non-Chinese offices. These employees will now be left to use the same censored internet as Chinese citizens, and every trade secret and confidential communique they transmit to their home offices will be open to capture, inspection and use by Chinese authorities and the state industries they have long supported by funneling proprietary foreign corporate data to domestic competitors.
The Chinese “Cybersecurity Law” enables Chinese authorities to access any data on any server or personal computer, even those used by foreign firms. Moreover, a new Foreign Investment Law that takes effect in 2020 will eliminate any special dispensations currently enjoyed by foreign firms (for example, foreign firms are presently exempt from rules that allow the Chinese state to insert political appointees within the executive ranks of companies to monitor their operations — this will no longer be the case as of Jan 1).
As Steve Dickinson points out on the China Law Blog, the ability of Chinese firms to spy on all communications between Chinese and offshore offices of US firms compromises US companies’ ability to comply with US laws restricting the export of “sensitive technologies” — the fact that the Chinese state can simply plunder these technologies from US companies’ servers means that whether or not the US companies turn their trade secrets over, they can still be presumed to be in the hands of the Chinese state and military and the Chinese companies that are closely aligned with them.
Under the new Chinese system, trade secrets are not permitted. This means that U.S. and EU companies operating in China will now need to assume any “secret” they seek to maintain on a server or network in China will automatically become available to the Chinese government and then to all of their Chinese government controlled competitors in China, including the Chinese military. This includes phone calls, emails, WeChat messages and any other form of electronic communication. Since no company can reasonably assume its trade secrets will remain secret once transmitted into China over a Chinese controlled network, they are at great risk of having their trade secret protections outside China evaporating as well.
The U.S. or EU company may have an enforceable agreement with the Chinese recipient of its confidential information. So trade secrecy is protected with respect to that authorized recipient. But if the secret is easily available to the Chinese government, there is no real trade secret protection.
By giving the Chinese government and its cronies full access to its data, the U.S. or EU company may very well be deemed to have illegally exported technology to China and it could face millions of dollars in fines and even prison sentences for some of its officers and directors. There is an inherent conflict between foreign laws mandating a company not transfer its technology and China’s laws which effectively mandate that transfer.
China’s New Cybersecurity Program: NO Place to Hide [Steve Dickinson/China Law Blog]
(via Four Short Links)
A little over a year ago, Bloomberg stunned the world with a report that claimed that Chinese intelligence services had figured out how to put undetectable, rice-grain-sized hardware implants into servers headed for the biggest US cloud and enterprise IT firms, and that when some of the victims discovered this fact, they quietly ripped out […]
How can a single, ill-conceived law wreak havoc in so many ways? It prevents you from making remix videos. It blocks computer security research. It keeps those with print disabilities from reading ebooks. It makes it illegal to repair people’s cars. It makes it harder to compete with tech companies by designing interoperable products. It’s even been used […]
Early versions of the free/open Unix variant BSD came with password files that included hashed passwords for such Unix luminaries as Dennis Ritchie, Stephen R. Bourne, Eric Schmidt, Brian W. Kernighan and Stuart Feldman.
There are a lot of different language apps out there because nobody learns anything the same exact way – especially not something as complex as a new language. For some people, the best way is to dive in and start talking, but that’s easier said than done if you’re not around those natives you aspire […]
There’s movie merch and then there are artifacts – one-of-a-kind items for the true fans only. These 11 items definitely fall into the latter category. We’ve unearthed movie art, props and other fan touchstones from the major nerd franchises of the last 50 years. Gaze upon these Star Wars and Marvel collectibles and don’t worry. […]
No matter what kind of office you work at, there’s probably an Excel expert in it. And no wonder: Businesses are still discovering uses for one of Microsoft’s flagship software suites beyond just bare-bones spreadsheets. Make October the month you become invaluable at work by taking one of these boot camps in Excel and its […]