China Security Law Vexes US Tech Firms: Sacrifice Secrets, Or Sales?

Strict new security laws on the books or under consideration in China are causing U.S. technology companies to rethink their approach to the country as they weigh the risks of compliance against the cost of foregoing sales in the world’s second largest market. Under the rules, Western tech vendors doing business in China may have to share source code – the secret sauce behind their products – with regulators and build in encryption back doors that would let authorities monitor the contents of their networks.

The situation has some companies mulling their future in a market that is expected to spend $136 billion on technology this year, according to research group Forrester. “We wouldn’t want to release our source code,” Manuel Rivelo, CEO of network computing company F5 Networks, said in an interview with International Business Times.

Tech companies typically spend billions of dollars on research and development, and sharing the fruits of that with a government that’s infamous for spying on Western companies is a nonstarter, Rivelo said. “We spend a lot of time and we’re very proud of the work we’ve done. Releasing that to someone without any assurances is a very dangerous value proposition.”

At issue is a set of new security laws and rules that the Chinese government promoted earlier this year. Collectively, they indicate the administration of President Xi Jinping wants more control over Western technology companies that compete with domestic players like Lenovo, Huawei and Xiaomi, which make both consumer and enterprise tech products from smartphones to servers for data centers.

“The government has made it clear they want to create globally competitive tech companies, and they’re going to get an advantage from these policies,” said Samm Sacks, a China analyst at the Eurasia Group.

Sweeping Security Law

Beijing in July adopted a sweeping security law that, among other things, mandates that all computer and communications networks be “secure and controllable.” Separately, Chinese regulators have published draft rules that require tech companies that sell to financial institutions to share their source code with authorities. The rules would also require vendors to build encryption-proof back doors into their equipment that would give regulators access to data on those systems. “There are a number of different laws and regulations that are moving forward at the same time that together are going to increase pressure on U.S. and foreign tech firms,” Sacks said.

Beijing officials have said the measures are partly in response to revelations by former National Security Agency employee Edward Snowden that the NSA was secretly putting spyware into equipment sold abroad by U.S. tech companies, including Cisco. But analysts point to other motivations. The government may be looking to use technology to increase its ability to crackdown on and monitor dissent, such as widespread protests in Hong Kong last year. At the same time, Beijing is looking to build up its own tech sector to help restore robust growth to an economy that has slowed considerably in recent months.

Regardless of motivations, the new policies have tech execs mulling their options. F5 Networks’ Rivelo said he would consider suspending operations in China rather than give up source code to the government. “When we get there we’ll have to make that call. But we’re more of the opinion that we want to protect the intellectual property that we’ve built rather than lose it,” he said.

F5 Networks, a $2 billion, publicly listed (NASD: FFIV) maker of hardware and software that helps applications travel across a network and run faster, does not break out its sales numbers for China. According to its annual report, about 14 percent of the company’s revenues derive from sales in the Asia Pacific region, not including Japan.

Analysts say more companies could follow suit if China’s security measures prove too Draconian. “If you send your IP out of your own organization, you never know where it could go. It could be a threat to the entire company,” Sami Badri, an analyst at Credit Suisse who tracks F5 and other infrastructure players, said.

Room For Compromise?

Others seem to be willing to compromise. IBM is allowing inspectors from China’s Ministry of Information and Technology to review source code for some products in a “secure room,” according to a report in the Wall Street Journal. A spokesman for the company, which saw revenue from China decline by 25 percent in the second quarter, declined to comment.

Some are partnering with Chinese counterparts. Cisco in September announced an alliance with China’s Inspur to sell cloud computing and networking products and services in the country. Eurasia Group’s Sacks said partnering can lessen the impact of the new security rules, which she said in many cases are “vague and open to interpretation.”

The situation appears to run counter to pledges made by Xi during a September visit to the U.S., during which he said China was committed to limiting the scope of national security reviews on foreign vendors and treating them on a non-discriminatory basis. “I’m skeptical of those commitments,” Sacks said.

In some ways, the debate echoes the current standoff in the U.S. between legislators who want to increase law enforcement’s ability to access data stored on devices or on networks in the wake of the terrorist attacks on Paris, and tech giants like Apple and Google, who are resisting such calls.

Chinese officials have said the new laws and rules are a response to legitimate security concerns. “From the inside we are dealing with the double pressure of maintaining political security and social stability,” Zheng Shuna, deputy director of the legislative affairs commission of the National People’s Congress, said during a July news conference.