China’s National People’s Congress has passed a “cryptography law” that regulates encryption in public and private sectors and gives guidelines for the use of cryptography to safeguard national security. An initial draft of the law passed today was published over two years ago by a government agency, State Cryptography Administration (SCA).
Following the passage of this law, China is expected to support commercial applications for cryptography, including for the development of blockchain technology and cryptocurrencies.
The law passed today will promote innovations to integrate cryptography with various sectors. The law makes it easier for foreign firms to provide commercial encryption services in China. It will create a lot of opportunities for domestic industries to create partnerships at both national and international levels for implementing cryptography applications.
Even before this law was passed, the SCA had termed, “cryptography is an important strategic resource,” and President Xi Jinping had called for faster adoption of blockchain technology.
Thus, it is clear that China views encryption as a major technology of the future and wants to position itself as a major player in this industry.
The new law divides encryption into three categories; two for the public sector and one for the private sector.
What has raised concern is that the law makes it clear that no cryptography projects either ongoing or in the future should adversely affect state security or the Chinese Communist Party. It even has provisions providing for punishment of those persons who violate this clause. Further, all cryptographic systems, even in the private sector, will first have to examined and authenticated by government agencies.
How can the Chinese government monitor commercial encryption services for threats to national security? The Chinese government can demand back door access to commercial encryption platforms or can demand to see the source code of any technology in the name of national security. There is no clause in the law that bars the government from decrypting encrypted messages. The decryption part seems to have been kept deliberately ambiguous in the law.
The row that erupted in America after it was found that the government was snooping on its citizen’s social media messages and pictures are fairly well-known. In China, the government has exposed itself to the same charges in the future by remaining silent on provisions regarding decryption. While decrypting messages suspected of relating to terrorism, money laundering, international crime, etc. can be permitted, but unlimited power to decrypt any message can always be misused. Such unfettered power can be used for monitoring of political opponents and common people whom government suspects are opposed to some of its policies. The data gleaned can be used to attack the individuals or institutions and run smear campaigns against them. Even personal details can be used to tie the hands of a political foe.
Another worrying feature of the law is that it seeks punishment for those who fail to report security risks to the state. Thus, a citizen can be arrested simply for not reporting someone else’s wrongdoing. Further, what exactly constitutes a threat to national security? Can routine talk about politics in Hong Kong in a Whatsapp Group be treated as a national security threat? As per the new law, if a person posts a politically incorrect message, will all the other members of the group be arrested if they do not report it? It will only gag public opinion, which is exactly opposite to what encrypted messaging services are supposed to do. Ensure the privacy of individuals by not allowing the government to spy on their private conversations. Instead, the Chinese version not only says nothing about backdoor monitoring of commercial encryption services but even wants citizens to spy on each other.
If foreign firms create encryption systems which fail to censor the exchange of messages to such an extent that it will satisfy the Chinese government, their firms may be banned or face punitive action. The same happened with Facebook, WhatsApp, and Twitter, which were banned after the Chinese government failed to stop the transmission of politically sensitive messages on these platforms.
The limitations mentioned above lead to the conclusion that China’s cryptography law is aimed more at safeguarding national security systems as well as commercial trade systems than at promoting freedom and privacy.