If you’re a tech company and want to do business in China, you’ll have to hand over the keys to your kingdom first.
Strict, new Chinese government rules will subject foreign companies to tailor their products for use within China — making them less secure.
Companies that provide back-end IT infrastructure, such as Cisco(CSCO, Tech30), would have to install back-doors into their hardware for Chinese authorities to access. If Microsoft(MSFT, Tech30) software runs on ATMs, it’ll have to expose its source code — the company’s secret sauce. If Chinese bank employees use Juniper(JNPR) software to log in from outside the office, the company will have to use Chinese-approved encryption.
It won’t affect these companies’ products outside China. But it makes the act of doing business in China a monumental pain.
This week, 18 major American business groups protested and asked Chinese communist party leaders to reconsider restrictions they called an “opaque, discriminatory approach to cybersecurity.”
The letter, addressed to a Chinese government council on “cyberspace affairs,” was signed by the U.S. Chamber of Commerce, National Association of Manufacturers, Consumer Electronics Association and others. All have major roles in U.S.-China trade.
The rules, as described in the American letter, fall right in line with China’s nationalist trend. They make it harder for foreigners to succeed in China.
By giving up source code to the Chinese government, companies like Apple(AAPL, Tech30) and Microsoft give up their highly guarded blueprints, revealing weaknesses that could give hackers a road map for breaking in.
That presents a major threat. Chinese government hacker spies already steal valuable intellectual property to give their state-run corporations a head start. Why hack an American firm to steal its source code if you can just force the company to give it up as a ticket to China?
The firm Websense makes software to spot data theft at banks. But Charles Renert, who oversees the firm’s source code, said he would be reluctant to give that up as a Chinese expansion quid pro quo.
“The bar is definitely higher for companies to do business in China,” Renert said. “My recommendation to my CEO would be to proceed cautiously — if at all.”
Another rule forces foreign companies to stop using proven encryption technology — which keeps communication private and secure — and instead use government-approved, Chinese-made encryption algorithms.
To any cybersecurity expert, this deal stinks. Cryptographers routinely say there are only two types of encryption: the kind that’s publicly reviewed and proven — and the suspicious stuff that nobody trusts and likely doesn’t work.
If an American company obliges to use some unknown government-mandated encryption, it loses the ability to promise its Chinese customers privacy. It becomes a tool of Chinese government surveillance.
Chinese officials, though, have been quick to point out that the U.S. government is doing the same thing to Chinese companies. NSA leaker Edward Snowden revealed that the U.S. government relies on American technology firms to spy on Chinese leaders. U.S.-China relations have been tense ever since. China state media has even called for its nation’s leaders to “punish severely” Cisco, Facebook(FB, Tech30), Microsoft and Yahoo(YHOO, Tech30) for being “pawns” of the U.S. government.
Meanwhile, the U.S. government has repeatedly blocked Chinese telecom Huawei, accusing it of spying for China.
These new Chinese rules on foreign firms are only the latest round of tension between China and the United States fueled by spying and technology.
MJ Lee contributed to this report.