China Antiterror Law Doesn’t Require Encryption Code Handovers

China Antiterror Law Doesn’t Require Encryption Code Handovers

BEIJING—China passed a new antiterrorism law that stepped back from previous language of concern to global technology firms, but which still raises questions about its scope and the potential impact on companies doing business there.

The law, passed Sunday by China’s rubber-stamp parliament, also authorized the armed forces and paramilitary police to take part in counterterrorism operations in foreign countries with the approval of those countries and Beijing’s military leadership.

Chinese authorities say the law is intended to help prevent terror attacks in China and better protect its citizens overseas, four of whom were killed by militants in Mali and Syria in November.

Beijing has blamed a series of recent attacks in China on jihadist separatists from the northwestern region of Xinjiang, where some of the mostly Muslim Uighur ethnic group have been resisting Chinese rule for decades.

The new law contains much of the language from a draft version released a year ago that U.S. officials, business groups and rights advocates criticized as having an overly broad definition of terrorism and onerous requirements for companies dealing with proprietary commercial information and private data in China.

The final version of the law requires telecom operators and Internet companies to help authorities with decryption of data and other counterterrorism efforts. Unlike the draft version, however, it leaves out some controversial language requiring tech companies to store their data locally and provide their encryption systems for review to be able to operate in China.

Still, the broad wording that tech companies must provide “technical means of support” to China’s government for counterterrorism has prompted concern among some U.S. tech firms, according to a person familiar with the matter.

“Telecommunications and Internet service providers should provide technical interfaces and technical support and assistance in terms of decryption and other techniques to the public and national security agencies in the lawful conduct of terrorism prevention and investigation,” says a final version of the law, published by the official Xinhua News Agency.

China’s law comes as data encryption has become a flash point globally between tech firms and law enforcement authorities. U.S. tech companies such as Apple Inc. and Google Inc. have been clashing with U.S. and European governments over new encryption technologies, which law-enforcement officials say hinder their ability to catch terrorists.

Apple criticized a U.K. proposal on Dec. 21 that would give national-security authorities more power to monitor communications. The proposal would require tech companies to retain “permanent interception capabilities” for communications, including “the ability to remove any encryption.”

U.S. President Barack Obama had spoken in support of the U.K. stance against encryption in January, but backed down from trying to change U.S. law in October.

U.S. Federal Bureau of Investigation Director James Comey said in November that the bureau had been stymied in tracking Islamic State’s recruiting efforts due to use of encrypted communication services.

Following Edward Snowden’s revelations that U.S. authorities inserted so-called backdoors in technology products to allow spying, U.S. tech companies have sought to distance themselves from government surveillance in order to regain the trust of consumers. Apple and Google have released software with encryption they say they are unable to unlock.

Chinese officials say they studied U.S. and European Union legislation while drawing up China’s counterterrorism law.

They have also stepped up efforts in recent months to persuade foreign governments that Uighurs resisting Chinese rule should be considered terrorists.

Beijing has long maintained that Uighur separatists have links to al Qaeda and Chinese officials have said in recent months that at least 300 ethnic Uighurs have joined Islamic State in Iraq and Syria.

Some recent attacks in China have borne the hallmarks of jihadist groups, but rights groups and Uighur activists say much of the violence is provoked by police abuses, excessive religious restrictions and a huge influx of non-Uighur migrants to Xinjiang.

The new law also restricts the right of media to report on details of terrorist attacks and the government’s response.

The counterterrorism law is part of a series of new pieces of legislation that many experts say are designed to tighten the Communist Party’s control over the economy and society, and promote a notion of rule of law that doesn’t undermine its monopoly on power.

President Obama has said he raised concerns about an early draft of the counterterrorism law directly with Chinese President Xi Jinping, saying technology companies would be unwilling to comply with its provisions.

U.S. officials and business groups have also expressed concern over a sweeping new national security law, passed in July, that the government says is needed to counter emerging threats but that critics say may be used to quash dissent and exclude foreign investment.

In May, China’s parliament also published a draft of a new law that seeks to tighten controls on foreign nongovernmental groups. Nearly four dozen U.S. business and professional groups signed a letter to the Chinese government in June urging it to modify that draft, which they said could hurt U.S.-China relations.


Top senator: Encryption bill may "do more harm than good"

Legislating encryption standards might “do more harm than good” in the fight against terrorism, Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) said on Thursday. In the wake of the terrorist attacks in Paris and San Bernardino, Calif., lawmakers have been debating whether to move a bill that would force U.S. companies to decrypt data ...

It is difficult for the FBI to crack most smartphone encryption

The FBI is struggling to decode private messages on phones and other mobile devices that could contain key criminal evidence, and the agency failed to access data more than half of the times it tried during the last fiscal year, FBI Director Christopher Wray told House lawmakers. Wray will testify at the House Judiciary Committee ...

Texas Church Shooting: More Calls for Encryption Backdoors

US Deputy Attorney General, Rod Rosenstein, has decided to use the recent mass shooting at a Texas church to reiterate calls for encryption backdoors to help law enforcers. The incident took place at the First Baptist Church in Sutherland Springs, killing at least 26 people. Deceased suspect Devin Kelley’s mobile phone is now in the ...

FBI couldn't retrieve data from nearly 7000 mobile phones due to encryption

The head of the FBI has reignited the debate about technology companies continuing to protect customer privacy despite law enforcement having a search warrant. The FBI says it hasn't been able to retrieve data from nearly 7000 mobile phones in less than one year, as the US agency turns up the heat on the ongoing ...