China's legislature unanimously passed a controversial anti-terrorism law on Sunday despite months of objections from major tech firms and Washington alike. Among other requirements, the new rules state that telecom operators and internet service providers must "provide technical support and assistance, including decryption" to Chinese authorities to help prevent and investigate terrorist activities. The new law does not require that companies operating in China hand over encryption keys.
Like somewhat similar recent proposals from groups in the UK and US, Beijing claims such assistance is necessary to defend itself against terrorism. But many in the West are understandably concerned about providing such assistance to the Chinese government, considering its track record of censorship and repeated allegations of cyberespionage against US firms and government agencies.
Obama has personally shared concerns over law with China's president
Earlier this year, President Obama raised his concerns over draft regulations with China's President Xi Jinping, saying that the rules amounted to a dangerous backdoor to internet services. He added, "We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States," alluding to additional worries that the anti-terrorism law is designed to give a disadvantage to Western internet companies in China.
China is underplaying the doors — back or not — that have been opened by the law. Li Shouwei, a National People’s Congress official involved in the regulation, told reporters: "Relevant regulations in the anti-terrorism law will not affect the normal business operation of companies, and we do not use the law to set up 'backdoors' to violate the intellectual property rights of companies." He added, "The law will not damage people's freedom of speech or religion."
The law goes into effect on January 1st. Despite the requirements set out by the law, many tech firms, like Apple, do not hold the encryption keys to individual devices and would be unable to provide access to customers' data even if requested to do so by the government. The law could set the stage for a fight over privacy concerns and business, as losing access to the extremely lucrative Chinese market may not be an option for many companies. There's no indication yet that China would ban such companies from the country, however.
Correction: Reuters and others originally stated that the law "requires technology firms to hand over sensitive information such as encryption keys." However, that language was from a draft and did not make it into the final law passed Sunday. This article has been updated.