The Chinese government is at it again—this time it’s passing laws and taking names (literally).
Recently, in a reactionary and somewhat preemptive move to counter potential threats, the Chinese government passed a new cybersecurity law. Deemed "vague and ambiguous," by Sue-Lin Wong and Michael Martina of Reuters, China's new protocols have managed to upset both the international business community and garner negative attention from human rights groups at the same time.
The Chinese Parliament’s complete disregard for the concerns raised by the international community is the biggest point of contention. In fact, according to Wong and Martina, “more than 40 global business groups petitioned Chinese Premier Li Keqiang in August, urging Beijing to amend what they said were controversial sections.” The law has also paired overall uncertainty with unclear stipulations about criminalization and prosecution. Many feel the decision to implement the new protocols could create a toxic environment for tech companies attempting to operate in China—especially foreign-owned businesses.
Under the new law, both domestic and foreign companies working inside Chinese borders will now be subject to the following changes:
Mandatory Data Localization
Here’s the bottom line: data generated in China stays in China. The change has received extensive criticism from businesses inside the country and outside of its borders that fear this move will force them to comply with a broad interpretation of law. Many, like Wong and Martina, speculate that new regulations around data localization will require companies “to hand over intellectual property or open back doors within products,” and to comply with government demands. Seen as an extreme request, this is a move that could potentially shut down foreign tech operations in China.
Critical Information Infrastructure Operators
Under new regulations, all data stored in Chinese data centers will be subject to constant review by a governing body—in this case, the Critical Information Infrastructure Operators. This new entity essentially grants the Chinese government the power to force compliance. TechCrunch reports that the new law leaves no wiggle room and will open the door for swift prosecution of violators, which is something Human Rights Watch claims "will effectively put China's Internet companies, and hundreds of millions of Internet users, under greater state control."
China is already operating under what Wong and Martina call “the world’s most sophisticated online censorship mechanism, known outside China as ‘the Great Firewall’”— and these new regulations will only add to the current standard. Users will now be required to register for various services using their real names, to input personal information, and they will be subject to strict monitoring of “prohibited” content. In other words, anonymity just hit the (fire)wall.
So: what does China’s latest move mean for you as a managed services provider?
As of right now, nothing.
While there is fear that the new legislation will result in a reduction in the number of foreign technology companies operating in China, it’s not likely that you or your customers will be affected. While you’re probably looking at business as usual, you shouldn’t ignore the shift in dynamics. If the DDoS hack last month taught us anything, it’s that hackers are ready and waiting to attack. While China’s new protocols may be reactionary, if they ultimately influence the policies of other countries, MSPs worldwide will be dramatically affected.