Latest in Gear

Image credit: abdoudz via Getty Images

China passes law regulating data encryption

But how much does it matter in a surveillance state?
366 Shares
Share
Tweet
Share
Save

Sponsored Links

abdoudz via Getty Images

China isn't known for respecting privacy, but it's readying legislation that will address it all the same. The country has passed a law that will regulate cryptography in the country for both government and private uses when it takes effect on January 1st, 2020. Officials didn't go into great detail about the law in the announcement, but they raise concerns that permissions could vary significantly depending on whether or not you're working for the ruling party.

The law requires that all state secrets be stored and transmitted using "core and common" encryption, and that institutions working on cryptography have to establish "management systems" that guarantee the security of that encryption. Those managers won't be allowed to ask private encryption developers to turn over "exclusive" info like source code, though, and any business secrets they do get will have to be kept confidential.

China's new measure will allow and encourage commercial development and uses of encryption. However, the development, sales and use of it "must not harm the state security and public interests." People who fail to report security risks they spot, or who offer cryptographic systems that "are not examined authenticated," will also be punished. The country's existing cybersecurity laws are already set to punish the use of encryption deemed to threaten the state, but there once again appears to be an asterisk next to the encryption endorsement -- you can't design something that might challenge the regime.

As it is, the law may offer only superficial protection in light of existing rules. China regularly conducts mass surveillance on digital conversations, and can force companies to both store data locally as well as turn it over on request. It likewise has the power to shut down services or entire products in response to security incidents. There's little to stop China from obtaining data that isn't completely encrypted, and it can block or otherwise retaliate against those services that do shield info from prying eyes.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
366 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Intel unveils its first chips built for AI in the cloud

Intel unveils its first chips built for AI in the cloud

View
Disney+ cuts off 'Simpsons' jokes with widescreen episodes

Disney+ cuts off 'Simpsons' jokes with widescreen episodes

View
Apple may reveal its 16-inch MacBook Pro tomorrow

Apple may reveal its 16-inch MacBook Pro tomorrow

View
Elon Musk: Berlin 'gigafactory' will build Teslas starting with the Model Y

Elon Musk: Berlin 'gigafactory' will build Teslas starting with the Model Y

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr