A controversial cybersecurity law comes into effect on June 1 in China. Recent global cyberattacks make it harder to criticize the measure, DW's Frank Sieren writes.
China has been seeking closer international economic cooperation, instead of isolation, for some time now. It has developed free trade zones, softened visa regulations and made trade deals. A summit to revive commerce along the former Silk Road just came to an end in Beijing. The idea is that China's neighbors and countries along the route to Europe and Africa should also benefit from China's investments in infrastructure and trade.
There is one area where China's government refuses to budge, however, and that's cyberspace. There have been no signs of liberalization in this area. On the contrary: The recent global cyberattacks make it easier for the government to go through with its plans to control the virtual space even more. Last November, the national congress drafted a cybersecurity law scheduled to come into effect on June 1.
Under the law, a committee will be created to evaluate and approve technical products made by foreign companies before their use in China. The companies will have to hand over a lot of valuable information, such as exact technical details and encrypted data. Originally, source codes were also supposed to be required but this was removed from the law after much criticism from abroad. Nonetheless, sensitive information will still be required and critics say that subjecting all foreign hardware and software to this process, but exempting Chinese products, gives Chinese companies an unfair advantage.
Fifty-four groups - including the US-China Business Council, BusinessEurope, the American Chamber of Commerce in China and its Japanese and German counterparts - have signed a letter asking for the law to be postponed. There has not yet been a response from Beijing.
A far-reaching measure
The new law focuses on security and protecting networks. The 79 articles define various areas of responsibility. It is a kind of guide or rulebook that defines who is responsible for websites or for securing data and lays out the consequences for violations. It describes procedures in case of system failures or cyberattacks. It makes sense for everyone to know where they stand and what the limits are.
The recent WannaCry ransomware attack, which also affected certain public IT structures in China, shows how necessary it is to update regulations. More than 30,000 targets in China are thought to have been affected, including the police and the government, but also schools and universities. The direct damage does not seem to have been terrible, but the attack makes clear how vulnerable systems are and how fast a virus can spread if allowed.
The problem, however, is that the law puts user neutrality at risk and gives an advantage to those who set the rules. The government has come under fire not only for giving preferential treatment to Chinese products, but also because internet users will come under even stricter control. Beijing not only wants to increase cybersecurity, but also wants to control content. This is nothing new, but the authorities will have greater freedom thanks to the new law.
Since the beginning of May, the government has extended its control over news portals and search engines. Anybody who works for a news site has to go through a qualification system developed by the state agency Xinhua. The official argument is that this will prevent fake news, rumors and dangerous information. Although this makes sense, it also keeps dissent and unwanted debate to a minimum.
The internet has always found a way of circumventing rules of this kind and will continue to do so in future. China's government should not forget the iron rule: There's always someone in cyberspace who is cleverer than those in control.