Technology companies in the United States might soon have no choice but to drastically rethink their business strategy in China or consider abandoning the world’s second-biggest market altogether. That’s thanks to a Chinese anti-terrorism law that will go into effect Friday, when U.S. vendors will be required to provide the Chinese government with sensitive corporate and user data as part of broad criminal investigations.
The controversial law, passed Sunday, requires technology companies to help investigators access otherwise encrypted information and prevent the spread of terrorism-related messages, among other provisions. It was passed despite objections from U.S. President Barack Obama and the U.S. technology industry, which has asserted the law is a thinly veiled attempt to stifle free speech and curb foreign competition.
U.S. companies will need to wait to see how the law is enforced before making any major decisions, experts say, but the language in the measure appears to take direct aim at Apple and other vendors whose products, including smartphones and tablets, feature end-to-end encryption. Also affected will be American hardware makers like IBM, Dell and Hewlett-Packard, as well as networking gear specialists like Cisco.
“It seems bad, not as bad as U.S. companies were expecting, but still bad,” said Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations and the author of the upcoming book “The Hacked World Order.” “How it’s going to be implemented is still vague, but it’s part of a trend going back 15 or 20 years where there’s a Chinese focus on keeping technology secure and controllable.”
Getting Off Lightly?
A draft version of the law, published in January, would have forced tech companies to build a backdoor into hardware and software products, which would have given the government unfettered surveillance power. That stipulation was abandoned in the final version, which requires internet and telecommunication companies to provide “technical interfaces, decryption and other technical support assistance to public security organs and state security organs conducting prevention and investigation of terrorist activities in accordance with the law,” as quoted by China Law Translate.
That might be enough to force encryption providers to reassess their goals in China, where billions of dollars are suddenly at risk. Apple, which uses an increasingly common method of protecting communication known as end-to-end encryption, reported $58.7 billion in revenues from China in the fiscal quarter ended Sept. 26, 2015. That’s up from the $31.9 billion reaped in the same period in 2014, and second only to the $93.9 billion Apple made in the U.S.
Apple CEO Tim Cook has been perhaps the most vocal encryption advocate, championing privacy and security in the face of increased pressure from U.S. lawmakers to make user data available to American law enforcement. Apple encrypts the contents of users' iMessages by scrambling the text of every sent message, only to unscramble it for the intended recipient. At no point in the process does Apple have access to the message, the company says, so even if police approached Apple with a search warrant there would be no way for the company to find the contents of an iMessage.
Two Sets of Products?
“The question for Apple will be if they have to provide two sets of products: one in the U.S. and one in China,” said Segal. “It seems unlikely that China will want to force a standoff with Apple but we're clearly moving down that road.”
Encryption is only one aspect of the debate. U.S. companies and lawmakers have long bemoaned the Chinese government’s apparent willingness to steal American intellectual property and provide it to China-based competitors.
“The more general language requiring telecom carriers and network service providers to carry out preventative measures, implement supervisory systems and prevent the dissemination of terrorist or extremist information still leaves concern about how companies will be expected to carry out this in practice,” the European Chamber of Commerce in China said in a statement to Bloomberg News Tuesday.
China says it is concerned about violence in its northwest province of Xinjiang, where Uighurs, a predominantly Muslim minority group of Turkish descent, have clashed with authorities and Chinese settlers. In September, an attack by Uighurs on Chinese coal miners in the region left up to 50 dead.
“Not only in China but also in many places internationally, growing numbers of terrorists are using the internet to promote and incite terrorism, and are using the internet to organize, plan and carry out terrorist acts,” a Chinese official said at a news conference Sunday in Beijing.
Apple, Dell, IBM and Cisco could not immediately be reached for comment.