​China formalises existing restraints with new cybersecurity law

China's top legislative body this week passed a cybersecurity law that elevates the formally 'low-level regulations' applied across the nation in areas such as security, online speech, and citizen rights.
Written by Tas Bindi, Contributor

Chinese legislature, the National People's Congress Standing Committee, has passed a new cybersecurity law to protect the government's sovereignty on the internet, national security, and citizen rights, according to Chinese news agency Xinhua Insight.

After a coalition of 46 business groups from the United States, Europe, and Asia appealed to China to change proposed cybersecurity rules because of the their potential impact on international trade, the nation's government hasn't budged.

Under the new law, parties involved in criminal activities online will be punished, as will individuals and organisations that attempt to "overthrow the socialist system", "fabricate or spread false information to disturb economic order", "incite separatism or damage national unity", and "advocate terrorism or extremism".

Other forbidden activities under the new cybersecurity law include the incitement of ethnic hatred, discrimination, and the spread of violence and "obscene" information.

The State Council will be also able to authorise or take temporary control of network communications in response to incidents threatening public security. This provides a legal basis for large-scale network shutdowns.

Network operators are required to identify their clients under the new law, meaning that users will have to provide their real name and personal information to use services such as instant messaging apps.

Network operators are also obligated to cooperate with the government during investigations. This includes the reporting of "network security incidents" as well as the provision of "technical support" to security agencies.

Human Rights Watch (HRW) described the new cybersecurity law as "a regressive measure that strengthens censorship, surveillance, and other controls over the internet".

While the law states that network operators cannot leak, change, or damage the personal information they gather, or disseminate personal information without the consent of people involved, HRW noted that the law does not incorporate any privacy protections for users regarding how companies must safeguard their personal data or notify them of potential breaches or security vulnerabilities.

When it comes to security agencies monitoring networks, investigating cybercrime, and accessing data held by companies, HRW also noted that the law "fails to impose adequate protections for the right to privacy".

While many of these restrictions aren't new, they were previously informally applied or defined in lower-level regulation, according to HRW. Breaches are now more easily punishable by law.

The Chinese government has long controlled online speech through censorship, harsh punishments, and by banning numerous globally-popular websites in favour of more restrictive localised versions.

Third-party websites such as Google, Facebook, Twitter, and YouTube among others are blocked in the country, with a pilot free-trade zone active in Shanghai in the past that allows access to such content, although still heavily restricted. Services including Microsoft Outlook and Gmail have also been banned.

HRW believes internet control "has reached new heights" since Xi Jinping became China's president in March 2013, with the government criminalising the "spreading of rumors" about natural disasters and virtual private networks being described as "terrorist software", among other occurrences.

At the beginning of last year, China upgraded its Great Firewall and began to crack down on the use of VPNs within the Middle Kingdom.

China initially proposed the fresh wave of cybersecurity legislation in early 2015 to further tighten its grip on the county's information technology structure and further localise the use of tech products.

It was said previously by experts that the draft regulations, like many laws in China, could be interpreted broadly and, in extreme cases, could give authorities the power to shut off access to all websites that have not registered their web addresses in the country.

Business groups have complained over the past five years that Beijing is reducing market access for foreign companies as the government of President Xi Jinping tries to build up Chinese competitors.

That has fuelled trade tensions with the United States and Europe at a time of anemic global economic growth.

Restrictions on use of security technology in an earlier Chinese anti-terrorism law and rules for banks prompted a similar outcry from business groups that said they would prevent most use of foreign products.

It was reported previously that Xi believes countries should not interfere in the internal affairs of others and that internet sovereignty should be in the hands of each individual nation, saying that cyberspace must not become a "battlefield" between states, and called for greater cooperation on punishing cyber attacks and fighting terrorism.

"We should respect every country's own choice of their internet development path and management model, their internet public policy, and the right to participate in managing international cyberspace," Xi said in his speech.

"There should be no cyber-hegemony, no interfering in others' internal affairs, no engaging, supporting, or inciting cyber-activities that would harm the national security of other countries."

Editorial standards