The August 2022 issue of IEEE Spectrum is here!

Close bar

China's New Rules Ask Tech Firms to Hand Over Source Code

Western tech firms protest Chinese rules that require disclosure of source codes and back doors in banking hardware and software

2 min read
China's New Rules Ask Tech Firms to Hand Over Source Code
Images: iStockphoto

China plans to unveil new cybersecurity rules that require tech companies to hand over source code and build back doors in hardware and software for government regulators. The rules only apply to companies selling computer products to Chinese banks, but they have already sparked anxiety on the part of Western tech companies about being trapped between either giving up intellectual property or not doing business in China.

The new rulespart of cybersecurity policies intended to protect China’s critical industriesfirst appeared in a 22-page document at the end of 2014, according to a New York Times report. Such rules have not been officially announced yet. But the U.S. Chambers of Commerce joined a number of other foreign business groups in sending a letter [pdf] to the Central Leading Group for Cyberspace Affairs, chaired by President Xi Jinping, that called for “urgent discussions” about the policies. Tech giants such as Microsoft, Cisco, and Qualcomm have also independently voiced their concerns.

Under the bank rules, tech companies would have to hand over source code, set up research and development centers in China, and build hardware and software back doors that would permit Chinese officials to monitor data within their computer systems.  

The New York Times also detailed a separate Chinese antiterrorism law being drafted that would require companies to store all data about Chinese users on servers physically located in China. The law would also ask companies to hand over encryption keys and enable Chinese officials to check content for terrorism-related activities.

China’s new policies come in the wake of revelations from former U.S. National Security Agency contractor Edward Snowden, about the NSA’s efforts to infiltrate Chinese tech giant Huawei. Documents leaked by Snowden include an NSA list of programs designed to install back doors in Huawei’s software and hardware that the U.S. spy agency could exploit for intelligence-gathering purposes.

Snowden’s revelations eventually prompted China to set up its Central Leading Group for Cyberspace Affairs. Chinese officials have also set the goal of reducing their reliance upon foreign tech firms and boosting the presence of domestic tech firms.

U.S. tech companies fear that China’s new rules would force them to give up intellectual property to Chinese state-supported companies and possibly compromise the security of their own computer systems and products. Companies also fear that if they don’t comply with the rules and if the Chinese government expands such rules beyond the banking sector, they could potentially be shut out of the Chinese market.

The letter to Xi puts their worries in the context of the Chinese market:

An overly broad, opaque, discriminatory approach to cybersecurity policy that restricts global internet and ICT [information and communications technolgy] products and services would ultimately isolate Chinese ICT firms from the global marketplace and weaken cybersecurity, thereby harming China's economic growth and development and restricting customer choice.

The history of the United States-China cyber detente also makes it difficult for U.S. companies to trust Chinese officials with their intellectual property and access to their computer systems. The United States has long accused China’s government and military of corporate espionage against U.S. companies and government agencies. Last year, the U.S. Department of Justice charged five Chinese military hackers with stealing a variety of trade secrets from U.S. businesses.

The Conversation (0)

How the FCC Settles Radio-Spectrum Turf Wars

Remember the 5G-airport controversy? Here’s how such disputes play out

11 min read
This photo shows a man in the basket of a cherry picker working on an antenna as an airliner passes overhead.

The airline and cellular-phone industries have been at loggerheads over the possibility that 5G transmissions from antennas such as this one, located at Los Angeles International Airport, could interfere with the radar altimeters used in aircraft.

Patrick T. Fallon/AFP/Getty Images
Blue

You’ve no doubt seen the scary headlines: Will 5G Cause Planes to Crash? They appeared late last year, after the U.S. Federal Aviation Administration warned that new 5G services from AT&T and Verizon might interfere with the radar altimeters that airplane pilots rely on to land safely. Not true, said AT&T and Verizon, with the backing of the U.S. Federal Communications Commission, which had authorized 5G. The altimeters are safe, they maintained. Air travelers didn’t know what to believe.

Another recent FCC decision had also created a controversy about public safety: okaying Wi-Fi devices in a 6-gigahertz frequency band long used by point-to-point microwave systems to carry safety-critical data. The microwave operators predicted that the Wi-Fi devices would disrupt their systems; the Wi-Fi interests insisted they would not. (As an attorney, I represented a microwave-industry group in the ensuing legal dispute.)

Keep Reading ↓Show less
{"imageShortcodeIds":["29845282"]}