China’s New Internet Security Regulations Raise Fears of Cyber-Espionage

On February 4th, 2015, U.S. technology firms sent a letter of protest to the White House regarding the new internet security regulations that China imposed on foreign businesses. These regulations state that all foreign companies must hand over their source codes to the Chinese government, as well as adopt Chinese encryption methods. In the most extreme case, such a development could effectively enable the Chinese government to gain access to sensitive corporate information. While the Chinese government have stressed that these measures are purely to protect the interests of both Chinese and foreign companies, this ongoing dispute illustrates the emerging challenge of private corporations being seen as possible espionage tools of states, especially in the realm of cybersecurity.

The letter raised concerns about the unfriendly business environment which the new regulations would create for American companies. Addressed to U.S. officials such as Secretary of State John Kerry and U.S. Trade Representative Michael Froman, the letter urged the U.S. government to overturn the regulations based on their “significant negative impact” on the U.S. information and communications technology (ICT) sector’s market opportunities in China, as well as hurting U.S. jobs domestically. The letter also encouraged constructive dialogue with the appropriate officials to find a diplomatic solution to the matter.

The negative impact on the U.S. ICT sector would manifest itself in a drop in investor confidence due to cybersecurity concerns. As the source codes of companies are specific commands that can create programs within a company’s operating system, handing these codes over to Chinese government officials is analogous to leaving a backdoor open for anyone to walk in. With such a threat to both the security and intellectual property of foreign firms, investors would be less incentivized to provide money for a firm whose market share could easily be taken by Chinese companies, who benefit from copying the innovations of others. The negative impact also extends to Chinese firms, as the letter stressed that “an overly broad, opaque, discriminatory policy …would ultimately isolate Chinese firms from the global marketplace… thereby harming China’s economic growth and development and restricting consumer choice.”

Nevertheless, Chinese officials quickly responded by insisting its regulations were designed to help foreign companies, in addition to pointing out the discrimination that Chinese firms also faced in the U.S. Using vague language, the foreign ministry spokesman Hong Lei emphasized that China will protect the legitimate interests of foreign firms as well as provide a “win-win” situation for both China and the U.S. by promoting technological and social growth throughout the country. Although his words may have been abstract, evidence from the NSA documents leaked by Edward Snowden in 2013 purport to show concrete evidence of how the U.S. also spied on Chinese companies, specifically telecommunication manufacturer Huawei Technologies. Not only were Huawei’s servers accessed by the U.S. to gain sensitive data, the company was also barred from entering the U.S. based on charges of supposed cyber-espionage.

This increasingly fierce competition between China and the U.S. in the realms of cybersecurity and private corporations demonstrates the evolution of the firm as a tool of international security. With the emergence of the technology sector as one of the drivers of economic growth, numerous companies have been eager to enter new markets in foreign countries, heralding concerns about possible espionage by governments through these firms. As the newest technological devices are collecting more and more personal data, which are sent to the firms’ headquarters to be analyzed, these data could very easily be accessed by governments wishing to obtain information about other states. The Edward Snowden leak already revealed that the U.S. is capable of and had undertaken projects to extensively monitor the phone records of both domestic citizens and the officials of foreign countries. Thus China is somewhat justified in its concern about American espionage and may have a right in demanding the source code of U.S. technological firms; not just for perhaps conducting its own cyber-espionage, but also as a possible deterrence against intrusions by the U.S. government.s

While the new cybersecurity regulations can pose a threat to the market share of U.S. firms and the secrets of the U.S. government, these regulations must be seen in the broader context of the evolution of international security through the employment of firms as possible tools of the government. Changes are taking place on both sides of the Pacific, with examples of American and Chinese institutions undertaking mutual attempts at gaining the upperhand in the realm of cybersecurity. The Chinese regulations stem from both a drive to access American corporate developments to improve their own firms’ prospects, as well as aiming to develop a kind of cyber deterrence from spying from the U.S. Although these regulations certainly exist in a gray area of international trade agreements, the past acts of cyber-espionage from the U.S. government detract from the legitimacy of the U.S. firms’ accusations that China is creating an unfair business environment.