Foreign companies in China often use encryption technology to protect their data and communications.
But a part of the new law requires certain encryption products used by companies to be turned over to the Chinese authorities for testing and certification.
Critics say the law effectively gives the Chinese regime access to business secrets of foreign companies operating in China.
Article 26 of the new law says that “commercial cryptography products that involve issues including national security, national economy, and the people’s livelihood or the societal public interest should be included into the special product catalogs … and can only be sold or provided after passing testing and certification by qualified bodies.”
Despite the testing and certification mainly targeting products involving issues like national security, Fleming said it still puts most companies at risk, since the Chinese regime often uses “national security” as a cover for the political motive behind their activities.
“They have to turn over encryption keys,” cybersecurity expert Casey Fleming told NTD. “They cannot use VPNs any longer in China, they most likely cannot use their own servers in China, they must use Chinese servers.”
“So every bit of information and intellectual property research and development that companies run their companies on is now open for use by the Chinese Communist Party, for no cost,” he said.
Fleming said the law is one of the many methods the Chinese regime uses to steal intellectual property from the United States. He compares the strategy to a fight that won’t kill the adversary immediately, but gradually.
“It’s basically death by 1,000 cuts,” he said, “So you don’t really notice a cut here and a cut there. But, by the time 1,000 cuts have accumulated, then you’re close to death. That’s the way the Chinese Communist Party continues to philosophize and operate.”
The United States and the Chinese regime announced that they will sign “phase one” trade talks, which included the areas of intellectual property (IP) and forced technology transfer.
According to the fact sheet released by the Office of the U.S. Trade Representative, however, the initial trade deal has not properly addressed the new cybersecurity laws.