China's legislature passed sweeping legislation on Wednesday that
reinforces government controls over cyberspace, as the nation's leaders
try to address what they see as growing threats to Chinese networks and
national security.
The vaguely worded National Security Law is one of several new regulatory moves by China that worry privacy advocates and have foreign businesses concerned about potential harm to their operations inside the country.
The law calls for strengthened management over the web and tougher
measures against online attacks, theft of secrets, and the spread of
illegal or harmful information.
It said core information technology, critical infrastructure and
important systems and data must be "secure and controllable" in order to
protect China's sovereignty over its cyberspace.
The law offered no details on how China would achieve the goals,
although a vast government Internet monitoring system has been in place
for years.
China says it is a major target of hacking and other cyberattacks, and
the ruling Communist Party has expended vast efforts in blocking online
content it deems subversive or illegal.
China is also accused of running a state-sponsored effort to hack
computers and steal government and commercial secrets overseas, while
also spying on and harassing pro-democracy, Tibetan and human rights
groups based abroad.
Most recently, Beijing was suspected as being behind a massive hack into
a U.S. federal government computer server that resulted in the theft of
personnel and security clearance records of 14 million employees and
contractors. Chinese officials always deny engaging in such actions.
The National Security Law, passed overwhelmingly by the Standing
Committee of the National People's Congress, replaces a law that focused
more narrowly on counter-espionage.
In addition to cyberspace, the new legislation covers a wide range of
areas including the economy, social stability, territorial integrity,
the military, culture, finance, technology, the environment and food
safety.
Spokeswoman Zheng Shu'na said an overarching legislation was needed to deal with "ever-growing security challenges".
"Externally speaking, the country must defend its sovereignty, as well
as security and development interests, and ... it must also maintain
political security and social stability," Zheng was quoted as saying by
the official Xinhua News Agency.
The new law is an extension of the hard line on security and repeated
warnings against foreign ideological subversion issued by the government
of President Xi Jinping, who in 2013 established an overarching National Security Commission to coordinate such efforts with him as chairman.
A separate anti-terrorism proposal could require network operators and
service providers fighting for a share of China's $465 billion
technology market to build in "backdoors" for government surveillance,
hand over encryption keys to Chinese authorities and store user data
within China.
Companies worry that could undermine their ability to send encrypted
emails or operate the kind of private corporate networks commonly used
to secure communications.
Other new regulations already require Chinese banks to have 75 percent
of their IT infrastructure certified as "secure and controllable" by the
Chinese government by 2019.
