China today passed a controversial cybersecurity law that the nation says will counter growing threats such as hacking and terrorism.
Foreign business and rights groups expressed concerns that law will threaten to shut foreign technology companies out of various critical sectors and that it includes contentious requirements for security reviews and for data to be stored on servers in China, according to Reuters.
In August, more than 40 global business groups petitioned Chinese Premier Li Keqiang urging Beijing to amend what they viewed as controversial sections of the law but their actions were to no avail.
“China is an internet power, and as one of the countries that faces the greatest internet security risks, urgently needs to establish and perfect network security legal systems,” Yang Heqing, an official on the National People’s Congress standing committee told reporters at the close of a bimonthly legislative meeting, according to Reuters.
Some cybersecurity pros feel the new laws will make doing business in China more complex, Kunal Anand, co-founder and CTO of Prevoty, told SC Media.
“For multinational companies, this will involve potentially handing over their IP, which could include business logic such as applications, and possibly putting in administrative windows, aka, backdoors, into their technologies,” Anand said. “Businesses are going to have to be comfortable with giving up control, which will certainly result in further unintended consequences.”
Others feel the new legislation could have a positive impact on China and the world of cybersecurity.
China is in dire need of better cybersecurity to defend itself against outside threats and to defend the world from elements within its own country, president of Lieberman Software, Philip Lieberman, told SC Media via emailed comments.
“With a comprehensive legal framework coupled with technology, China can become a better world citizen and be able to respond authoritatively and decisively when criminal activity is launched from their shores,” Lieberman said. “If a U.S. company detects an attack or infiltration from China, and the attack is forwarded to law enforcement within the United States and on to China to put an end to it.”
He added that with the new framework in place, there being little argument about when it comes to the attribution of cyber attacks as it may allow for compensation of U.S. companies (and potentially jail time) for fraud and criminal activity by those in China that chose not to follow the law in both countries.
The legislation is set to take effect in June 2017, is an “objective need” of China as a major internet power, a parliament official told Reuters.