From January 1st, there is yet another new law in Communist China government online security and privacy. And as you might expect, this is not good news for ordinary internet users or companies based in the world’s biggest totalitarian state.
Communist China’s new Encryption Law (in Simplified Mandarin) regulates the use of encryption across the country and places requirements for government inspections on all who use it.
How China’s new Encryption Law works
The new law separates the definition of encryption into two main types. Core and Common encryption is the term used to refer to the encryption of state secrets and other content related to national security. Commercial encryption is used to refer to all other types.
The new law requires that all encryption technology relevant to national security, people’s livelihoods, or matters of public interest should be inspected before it can be sold or made available. It is likely to impact anyone who imports encrypted technology into Communist China.
In addition, any products which claim to offer “added secrecy” can also be subjected to either import permits or export controls. This definition is deliberately both broad and vague.
While the law has already come into force, the enforcement mechanisms around it haven’t. The Office of State Commercial Cryptography Administration (OSCCA) will be the body tasked with carrying out these inspections.
They will have to set up a system to “test and authenticate” commercial encryption products to ensure they comply with all relevant Chinese law. This appears to mean they are tasked with ensuring that no encrypted products in China cannot be bypassed by the regime.
Details of exactly how this process will work, or the timeframe in which it will be implemented, have yet to be confirmed.
But rather chillingly, the law does state that the findings of the inspections will be linked to the Communist Party’s Orwellian social credit system, which is obviously a threat to those who break the law that they will suffer the consequences. Again, there is no explanation of how exactly this link will be made in practice.
“We encourage users of commercial encryption to willingly accept testing and authentication to improve market competitiveness,” the new law states. But quite how it makes any market more competitive is unclear. To most observers, this is little more than a rather unsubtle attempt for the regime to access encrypted content.
The Electronic Frontier Foundation (EFF) has used the example of recent US efforts to ban imported encrypted technology as an example. This, they say, proved futile because they reduced overall security of communication for many.
Danny O’Brien, the Director of Strategy for the EFF said restrictions on foreign technology like this could affect dozens of protocols and solutions that foreign companies may want to deploy.
He is not the only one to voice concerns. Several US Senators have also called on American tech companies to stop doing business with Communist China over fears that the new law could result in the regime being able to access corporate secrets both inside China and overseas.
Senator Rick Scott’s office told the Epoch Times the new law is the latest instrument the Chinese regime is using “to steal U.S. technology, intellectual property, and personal data.”
“Senator Scott has been clear that American businesses, hospitals, and universities must be vigilant and proactive when it comes to the threat of Communist China and should stop doing business with the regime.”
The likely impact on VPNs
It is likely that this new law will leave more international businesses feeling they have no choice but to withdraw from the Chinese market. They have to place a premium on corporate privacy and intellectual property but there is no respect for either of these in China.
Until recently, most of these businesses relied on VPNs to protect themselves. But China has now officially banned VPNs which makes it much harder for companies to openly use them. This has already had a profound impact on many.
Encrypted networks offered them a secure alternative but if the regime is going to be able to compromise these, there are few secure options remaining. China has invited investment to create its own VPNs but it goes without saying these will protect companies against everything but the regime itself, which is by far their greatest threat.
For VPNs that are used by individuals, little should change. They are already technically illegal in China, although many people still use them. The recent case of a graduate student being arrested for selling VPNs highlights the fact China is clamping down hard on them at the moment.
Few reputable VPNs operate physical servers in China. It would appear that these would be affected by the new law, but it seems unlike that any premium VPN will be affected.
So the cat and mouse game between public VPN providers and the Chinese Communist regime rages on. Plenty of VPNs remain accessible in China and they are still the best way to encrypt your data and keep it private from the world’s most intrusive regime.