17 November 2019

China’s New Encryption Law Highlights Cryptography as a Strategic Priority

NICOLE LINDSEY

More than two years after China’s State Cryptography Administration (SCA) published an initial draft of an encryption law, an updated version of that law has now been passed by China’s National People’s Congress. The so-called “cryptography law” will regulate the role of encryption in both the public and private sector, as well as set forth guidelines for how cryptography should be used to help safeguard national security. Now that this encryption law has been passed, look for greater Chinese state support of cryptography efforts within the commercial sector – including the development of blockchain technology and the creation of digital currencies, both of which rely on cryptography.

Commercial and economic purposes of the new encryption law

There are a variety of ways that one can view this new Chinese encryption law. First and most importantly, it can be seen as an unshackling of the private sector, spurring efforts by Chinese firms to develop innovative new industries based around cryptography. Experts also see the rollout of the new encryption law as a signal that China is open for foreign investment and partnership, since the law attempts to define the rights and responsibilities of foreign economic actors within China. China is officially “open for business” when it comes to commercial encryption. Products and services based around cryptography now have a legal basis.


According to China’s State Cryptography Administration (SCA), “cryptography is an important strategic resource.” This is particularly relevant in light of President Xi Jinping’s recent call for the acceleration of blockchain technology within China. Moreover, the Chinese government has also started to shift its stance on cryptocurrencies. At one time, the Chinese state was leery of these digital currencies, seeing them as a possible threat to the state’s control and oversight of the national economy. However, Facebook’s recent plans for its Libra cryptocurrency have changed the way China views digital currencies. Thus, it’s not overstating matters to say that the promotion of the encryption industry is also a clear signal that China views cryptography as a future driver of economic growth, and a potential source of imports and exports.

National security and trade secrets

Secondly, the new encryption law can be seen as further proof of the Chinese Communist Party’s obsession with national security. To that end, the new encryption law actually defines three different categories of encryption, two of them designed for the public sector, and one of them for the private sector. According to the encryption law, all state secrets relevant to China’s national security must be stored and transmitted using “core” and “common” encryption. “Core” encryption will be used to protect all state secrets classified as “secret,” “highly secret” and “top secret.” And “common” encryption will be used for all state secrets defined as “secret” and “highly secret.” Within the private sector, firms will be expected to protect trade secrets and commercial encryption products with “commercial” encryption. Thus, it can be expected that mobile telecommunications companies developing the next generation of 5G wireless networks will be using commercial-grade encryption for their intellectual property.

Before you continue reading, how about a follow on LinkedIn?

While the new encryption law can certainly be viewed as a stimulus for the encryption industry, there are limits as to what can be done. First and foremost, it should be noted that the organization that drafted the encryption bill in April 2017 and later put it up for public comment in July 2019 – the State Cryptography Administration – is an extension of the Chinese Communist Party. Thus, one implicit guiding principle of the new encryption law is that any future cryptography efforts must not cause harm to Chinese state security or the Chinese Communist Party. In short, national security must not be undermined by any application of encryption.

For example, while the new encryption law appears to be approving the commercial development and use of encryption, it specifically notes that the development, sale or use of cryptography “must not harm the state security and the public interest.” The encryption law even lays out “punishment” for the use of encryption that threatens the state. And no company can provide cryptographic systems for sale if they have not first been “examined and authenticated” by the Chinese state.

While the encryption law does not mention it directly, this legal clause certainly opens up the prospect that the Chinese government will eventually ask for an encryption back door to any new commercial encryption technology platform, simply on national security grounds. Presumably, the new encryption law means that the Chinese state would have also an opportunity to examine the underlying source code of any new technology. And, as some legal experts have pointed out, this is merely an “encryption law” – it does not cover decryption at all. Thus, the entire concept of encryption backdoors is not mentioned, as one might expect in Western cryptography laws and regulations.
The link between encryption and mass surveillance

Where things get complex, of course, is when one considers the link between encryption and mass surveillance. In the West, encrypted protection is seen as an enabler of greater personal privacy, and a way to have one’s personal communications safe from the prying eyes of the state. The reason why many people choose to use an end-to-end encrypted communications platform like WhatsApp is so that the only people who can read the message is the sender and receiver of the message. It is a way of protecting information. Thus, even if the U.S. government ordered Facebook (which owns WhatsApp) to show it the contents of certain message, it would not be able to do so, due to the very nature of end-to-end encryption.

China’s new #encryption law supports #cryptography in the development of #blockchain technology and the creation of digital currencies. #respectdataCLICK TO TWEET

However, that doesn’t appear to be the way that China is viewing cryptography. China appears to be viewing cryptography as a way to protect network and information assets, boost national security and encrypt commercial trade secrets from the prying eyes of Western rivals, and not as a vast enabler of democratic freedom of expression. The Chinese government certainly does not want its citizens trading encrypted messages about the protests in Hong Kong, or political dissidents discussing the liabilities of the Communist Party via Signal or Telegram. For that reason, the new encryption law specifically notes that there will be punishment for those who “fail to report security risks” to the state. Think about that for a moment – citizens face the risk of punishment not just for using encryption improperly, but also for not informing the state when others are doing so as well.
Will foreign tech firms embrace the Chinese crypto market?

For foreign firms thinking about doing business in China, the new encryption law could be tricky to navigate. On one hand, the new encryption law seems to offer them a guarantee that they will not be forced to transfer commercial cryptographic technology over to the state. However, on the other hand, if their commercial applications are deemed to harm state security, then they could face punishment from the government. If China is really ready to throw its support behind blockchain technology and cryptocurrencies, it will be a delicate balancing act for foreign firms looking to do business in China, similar to the way that the opening of the Chinese Internet sector created issues for companies like Google.

No comments: