Latest in Gear

Image credit: abdoudz via Getty Images

China passes law regulating data encryption

But how much does it matter in a surveillance state?
369 Shares
Share
Tweet
Share
Save

Sponsored Links

abdoudz via Getty Images

China isn't known for respecting privacy, but it's readying legislation that will address it all the same. The country has passed a law that will regulate cryptography in the country for both government and private uses when it takes effect on January 1st, 2020. Officials didn't go into great detail about the law in the announcement, but they raise concerns that permissions could vary significantly depending on whether or not you're working for the ruling party.

The law requires that all state secrets be stored and transmitted using "core and common" encryption, and that institutions working on cryptography have to establish "management systems" that guarantee the security of that encryption. Those managers won't be allowed to ask private encryption developers to turn over "exclusive" info like source code, though, and any business secrets they do get will have to be kept confidential.

China's new measure will allow and encourage commercial development and uses of encryption. However, the development, sales and use of it "must not harm the state security and public interests." People who fail to report security risks they spot, or who offer cryptographic systems that "are not examined authenticated," will also be punished. The country's existing cybersecurity laws are already set to punish the use of encryption deemed to threaten the state, but there once again appears to be an asterisk next to the encryption endorsement -- you can't design something that might challenge the regime.

As it is, the law may offer only superficial protection in light of existing rules. China regularly conducts mass surveillance on digital conversations, and can force companies to both store data locally as well as turn it over on request. It likewise has the power to shut down services or entire products in response to security incidents. There's little to stop China from obtaining data that isn't completely encrypted, and it can block or otherwise retaliate against those services that do shield info from prying eyes.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
369 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
NBC News: Zuckerberg had an undisclosed dinner with the president

NBC News: Zuckerberg had an undisclosed dinner with the president

View
Apple cancels planned festival premiere of its TV+ movie 'The Banker'

Apple cancels planned festival premiere of its TV+ movie 'The Banker'

View
Trump ‘opens’ Texas Apple plant that’s built Mac Pros since 2013

Trump ‘opens’ Texas Apple plant that’s built Mac Pros since 2013

View
Sonos buys an AI startup to improve voice control for its speakers

Sonos buys an AI startup to improve voice control for its speakers

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr