China to Get Full Access to Foreign IP and Data

New law, effective Dec. 1, will make personal and corporate privacy impossible in China

Commentary

How much is it worth to do business in China? That’s a question that every company and government will have to answer very soon.

On Dec. 1, a new and comprehensive law in China, the Cybersecurity Multi-level Protection Scheme (“MLPS 2.0”), will come into effect. This new cybersecurity law has absolutely nothing to do with securing data, intellectual property or servers, but rather, the complete opposite.

The new law will establish new rules and processes to compel the full disclosure of all data and full access to all servers to Chinese authorities at all times. This new requirement will render foreign companies and individuals in China completely exposed to scrutiny and much more, from the state and the Chinese Communist Party (CCP).

Time to Rethink Operating in China

This new law should make companies doing business in China rethink every aspect of their supply-chain strategy.

Every person and company in China will have to comply with this new policy. Any and all platforms, apps, or other technology that could prevent access by the Ministry of Public Security will be outlawed. That means companies and individuals in China must abandon typical security protocols and technologies, such as VPN, encryption, and using private servers.

This opportunity cost means no industrial secret, marketing strategy, technology secrets, or intellectual property, not to mention personal identifying data and deeply personal information will be safe from the Chinese regime from knowing about it. Of course, it’s common knowledge that corporate espionage happens everywhere. Companies and people can be and often cheat and are dishonest. But with this new law, any pretense of operating safely in China is shattered.

ISPs, Telephone Companies Are Spy Vectors

But the transparency doesn’t just rely on individual’s and companies’ compliance to being “transparent.” The Ministry of Public Security can—and will—require full access, via back doors or other data capture techniques to be installed by China Telecom and all China ISPs, with no exceptions. The MLPS 2.0 law is comprehensively intrusive, utterly totalitarian, and perfectly Orwellian, but with “Chinese characteristics” of course. It is specifically designed to fulfill two purposes:

To block any outlawed or otherwise unapproved content and communication from either internal or external sources on China’s internet platform; Allow complete transparency and access of all data, intellectual property, trade secrets, etc. by China’s Ministry of Public Security and other government security organs as well as those within the CCP.

The law is quite complex in its protocols, technological requirements and legal enforcement. It involves not just onsite vision, but offsite data access, gathering and enforcement in the cloud. The larger plan is a system where all network activity is controlled and monitored, including mobile phones, social networks and domestic and international email. There will no place or means whereby any data or server in China will be protected or encrypted. The Ministry of Public Security will have the right to not only inspect and copy data, but to remove it as well.

To ensure compliance and effectiveness, all China-based or China operating companies and individuals must adhere to the following three standards:

GB/T 22239—2019 Information Security Technology—Baseline for Multi-level Protection Scheme; GB/T 25070—2019 Information Security Technology—Technical Requirements of Security Design for Multi-level Protection Scheme; GB/T 28448—2019 Information Security Technology—Evaluation Requirements for Multi-level Protection Scheme.

CCP Will Be in Control

This new system subjects all foreigners, not just Chinese citizens, to China’s “Big Brother” surveillance state. What’s more, the Ministry of Public Security is now a top-tier agency under the CCP’s control, superseding the prior authority of other Chinese agencies responsible for cybersecurity, such as MIIT (China Telecom), CAC, CNNIC, and others. That has additional ominous implications.

Under the CCP’s authority, the enforcement of the new MLPS 2.0 law will automatically fall on the police rather than to a local political office. In other words, violation of the law will be considered a potential criminal offense rather than a civil one. Unlike the internet in the West, China’s internet security and its pervasive new monitoring abilities are not designed to enhance commercial activities, but rather, are intended as technological instruments of control.

No Such Thing as ‘Confidentiality’

Even though the confidentiality of data is actually “guaranteed” in Article 5 of the Regulation on Internet Security Supervision and Inspection by Public Security Organs, it’s not really protected. That’s because the definition of “strictly kept confidential and shall not be disclosed, sold or illegally provided for others” is language that is in no way comprehensive in its meaning or application.

For example, nothing in China is confidential to the CCP; it has absolute authority over everything. The CCP will therefore have every right to access, record and even remove data from your phone, company server, email or other channel as it sees fit. What’s more, it will have the right to share the data with CCP-owned companies, or other entities under the authority of the CCP.

Any exclusive IP, secrets or technological advantages a company may possess on its server in China won’t remain so for very long. The CCP will own it. In fact, the Ministry of Public Security is actually required to share data it finds with other state organs and agencies.

Sinister Threat to Everyone

Needless to say, the long-term implications of this new law coming into force are far-reaching and even sinister. It would appear to be a domestic version of Huawei’s spyware abroad, leading to a deepening of control of all companies in China, by the CCP and the government. Indeed, CCP officials are now present in most if not all of China’s biggest companies, even the nominally non state-owned ones such as Tencent and Alibaba.

The law may be a response to the escalating trade war with the United States and the fact that China has been called out on its widespread habit of technology theft that the trade war threatens. Ultimately, it doesn’t matter. The key point is that operating in China will soon present an economic as well as a strategic threat to the United States and other nations around the world.

Who can afford that?

James Gorrie is a writer and speaker based in Southern California. He is the author of “The China Crisis.”

Views expressed in this article are the opinions of the author and do not necessarily reflect the views of The Epoch Times.