Latest in Gear

Image credit:

China passes law regulating data encryption

But how much does it matter in a surveillance state?
Jon Fingas, @jonfingas
October 27, 2019
211 Shares
Share
Tweet
Share

Sponsored Links

abdoudz via Getty Images

China isn't known for respecting privacy, but it's readying legislation that will address it all the same. The country has passed a law that will regulate cryptography in the country for both government and private uses when it takes effect on January 1st, 2020. Officials didn't go into great detail about the law in the announcement, but they raise concerns that permissions could vary significantly depending on whether or not you're working for the ruling party.

The law requires that all state secrets be stored and transmitted using "core and common" encryption, and that institutions working on cryptography have to establish "management systems" that guarantee the security of that encryption. Those managers won't be allowed to ask private encryption developers to turn over "exclusive" info like source code, though, and any business secrets they do get will have to be kept confidential.

China's new measure will allow and encourage commercial development and uses of encryption. However, the development, sales and use of it "must not harm the state security and public interests." People who fail to report security risks they spot, or who offer cryptographic systems that "are not examined authenticated," will also be punished. The country's existing cybersecurity laws are already set to punish the use of encryption deemed to threaten the state, but there once again appears to be an asterisk next to the encryption endorsement -- you can't design something that might challenge the regime.

As it is, the law may offer only superficial protection in light of existing rules. China regularly conducts mass surveillance on digital conversations, and can force companies to both store data locally as well as turn it over on request. It likewise has the power to shut down services or entire products in response to security incidents. There's little to stop China from obtaining data that isn't completely encrypted, and it can block or otherwise retaliate against those services that do shield info from prying eyes.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
211 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Puerto Rico’s Arecibo radio telescope suffers serious damage

Puerto Rico’s Arecibo radio telescope suffers serious damage

View
A 'GoldenEye 007' fan remake is dead after a cease and desist demand

A 'GoldenEye 007' fan remake is dead after a cease and desist demand

View
'Avatar: The Last Airbender' creators leave Netflix's live-action series

'Avatar: The Last Airbender' creators leave Netflix's live-action series

View
You can pre-order Microsoft's Surface Duo foldable phone today

You can pre-order Microsoft's Surface Duo foldable phone today

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr