Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
China Communications Encryption Government Privacy

China Passes Law Requiring Tech Firms To Hand Over Encryption Keys (betanews.com) 170

Mark Wilson writes: Apple may have said that it opposes the idea of weakening encryption and providing governments with backdoors into products, but things are rather different in China. The Chinese parliament has just passed a law that requires technology companies to comply with government requests for information, including handing over encryption keys.

Under the guise of counter-terrorism, the controversial law is the Chinese government's attempt to curtail the activities of militants and political activists. China already faces criticism from around the world not only for the infamous Great Firewall of China, but also the blatant online surveillance and censorship that takes place. This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so.

This discussion has been archived. No new comments can be posted.

China Passes Law Requiring Tech Firms To Hand Over Encryption Keys

Comments Filter:
  • by turkeydance ( 1266624 ) on Sunday December 27, 2015 @07:50PM (#51192251)
    China gets.
    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Sunday December 27, 2015 @08:00PM (#51192295)

      So tech companies will have at least 2 product lines.

      a. for everywhere EXCEPT China
      b. for no place BUT China

      What will happen to this law once Chinese tech is not accepted anywhere except inside China?

      And how many Chinese companies will be able to produce anything from category "a"? Remember, there is a LOT of tech that is manufactured in China but still belongs to non-Chinese corporations.

      • by rtb61 ( 674572 )

        To say it is China 'only', is really inaccurate, there are a whole bunch of countries with similarly repressive regimes. You can understand their need to do so though. You have hundreds of millions working in poverty, working extremely hard, for bloody little recompense, this cheered on by western corporations (the idiots are cheering their own demise, fools) and keeping a lid on that social injustice takes real effort but that lid is loosening all of the time and they simultaneously seem to be easing off w

        • China has to oppress/spy very hard to prevent the poor working class from starting a communist revolution, eh?

          • China has to oppress/spy very hard to prevent the poor working class from starting a communist revolution, eh?

            Actually, yes. There are a surprising number of "reactionary" communists in China, that want to go back to Maoism, despite the disastrous outcome of his policies. It is fairly common to see people with little Mao pins on their lapels, especially in inland areas, and some Hunan restaurants have little "Mao shrines" (Mao was from Hunan).

          • by rtb61 ( 674572 )

            I see you completely missed the bit where the Government of China switched from communism to fascism without changing the name (left wing, right wing, reach around far enough and they touch).

            • I see you completely missed the bit where the Government of China switched from communism to fascism without changing the name (left wing, right wing, reach around far enough and they touch).

              Was China ever really communist? The guys at the top have always had it much, much better than everyone else. I doubt perfect Communism is even possible without a computer running the show, but they didn't even come close.

        • by Agripa ( 139780 )

          To say it is China 'only', is really inaccurate, there are a whole bunch of countries with similarly repressive regimes.

          And while these smaller countries may not have the moxie to enforce key recovery on the manufacturers, they will not need to if the US (or China?) does it for them.

      • by AmiMoJo ( 196126 )

        This is already the law in many other countries, China is just catching up. Apple and everyone else will use the same privacy enhancing technique to avoid complying as they do everywhere - they won't have access to the keys. They will only be forced to turn over metadata, which is as bad or worse but hard to avoid.

      • So tech companies will have at least 2 product lines.

        No. You and everyone else here is WRONG! Let me tell you what will happen.

        China, India, the EU, America, etc, will come together on a treaty binding agreement by which each nation has access to their own citizens data without compromising the sovereignty and rights of others. Born out of this unholy alliance will be a "Government API" baked into the next iOS, OSX, Android, Windows, and other commercially available OSs**, and possibly at the hardware level

        • by KGIII ( 973947 )

          20 years ago, I'd have called you an idiot. Dunno what to make of that but, alas, that's how it was - at least on the surface.

      • by Agripa ( 139780 )

        So tech companies will have at least 2 product lines.

        a. for everywhere EXCEPT China
        b. for no place BUT China

        The difference could amount to no more than a change in firmware or configuration.

  • by Anonymous Coward

    It's kinda horrifying that we are so close to chinese draconian laws or even further advanced that we can't even complain about them. This is about to be implemented in the U.S. and in U.K. you get to stay in jail until you reveal your password.

  • China (Score:5, Insightful)

    by liqu1d ( 4349325 ) on Sunday December 27, 2015 @07:52PM (#51192259)
    Please stop being the UK govs role model...
  • If a key which is in the hands of a company (Apple, Huawei, ...) is your only line of defence WRT the security/privacy of content you supply or save, then you should regard this content to be public and open for preying eyes already. I think it is called "trusted" in that negative, military sense.
    Just like email sent to a @gmail.com account or company secrets in an office365 account. Your grandma and neighbour won't get there, police/law enforcement will have sever problems. But 3LetterAgencies of many gove

  • by giltwist ( 1313107 ) on Sunday December 27, 2015 @07:58PM (#51192287)
    Just like the USA distanced itself from eugenics (such as the mandatory sterilization of people with mental disabilities) when it got popular with the Nazis, maybe China demanding encryption keys will get some American politicians to back off of the idea.
    • by Anonymous Coward on Sunday December 27, 2015 @08:22PM (#51192385)

      Too late, they already passed CISA. America has already demanded the encryption keys as "information sharing."

    • by 93 Escort Wagon ( 326346 ) on Sunday December 27, 2015 @08:57PM (#51192529)

      Politicians in the U.S. and Europe will have no difficulty in, on the one hand, decrying this as an oppressive move by a non-democratic government while simultaneously, on the other hand, continuing to demand that THEY need exactly the same thing in order to combat terrorism.

    • by EvilSS ( 557649 )

      Just like the USA distanced itself from eugenics (such as the mandatory sterilization of people with mental disabilities) when it got popular with the Nazis, maybe China demanding encryption keys will get some American politicians to back off of the idea.

      Well china also has laws against murder and rape. Just because we don't see eye-to-eye doesn't mean that we can't ever agree on something if it makes sense and protects innocent people.

      That is what the politicians will say. Or some version of that anyway. Don't think for a minute that they won't find a way to argue around it.

    • by Anonymous Coward

      Just like the USA distanced itself from eugenics (such as the mandatory sterilization of people with mental disabilities) when it got popular with the Nazis...

      Perhaps I'm forgetting history, but IIRC the USA actually embraced eugenics with the rise in popularity of the Nazis and it was only AFTER the war and the holocaust that eventually the USA quietly back-peddled on support of such things--in private, there was still plenty of support as even today Social Darwinism and eugenics are still here.

      ...maybe Ch

    • I wish this were so but politicians will call for China to not have encryption keys and then turn around and demand that the US government have all the encryption keys without any sense of cognitive dissonance. Many of these politicians will continue on to rail against big government while still arguing that government should have back doors into all encryption.

  • Democrats (Score:3, Insightful)

    by AndyKron ( 937105 ) on Sunday December 27, 2015 @08:25PM (#51192409)
    Don't the Democrats want basically the same thing?
    • Both the Democans and Republicrats want to kill encryption, albeit for different ultimate purposes. (Amusingly, both you and AC just below had the same thought simultaneously.)

    • China can make a law such as this because they do not have to worry about any domestic protests or complaints. They do not have an adversarial forum to debate new laws. The only discussion in amongst the top Party leaders behind closed doors.

    • by amiga3D ( 567632 )

      It's actually a bipartisan issue. Almost any time the Repukes and Dumbcraps get together on something you know the American people are about to get reamed.

    • Most of the politicians do. They don't understand the math, or the economics, or any other of the concepts. What they do know is that they have to respond to accusations that they're being weak on fighting terrorists. There's no left or right ideology here other than to look like you're being useful to the voters.

      Law enforcement if left unchecked will assume more and more power, and the government is being lax in its duties by not saying "no" to those grabbing hands more often. If their only goal is to

    • It don't matter. Civil disobedience is still a thing, and if you're willing to spend some time in jail, not because you are guilty, but because you believe in something, then it doesn't matter what any political party wants.

      Gonna do like they did during the prohibition and drink anyway? Gonna do like they did when being black was a crime?

      Or you gonna post nihilistic garbage every time some other country does something that, due to the deep tradition in feudalism and monarchy, and willingness to disappear p

    • by Anonymous Coward

      Sanders voted against CISA while Clinton wants a "Manhattan Project" where Google, Apple, and MS give the government your keys "voluntarily".

      • She said no such thing. Read her comments again, she said she understands the danger of having keys like that from companies. Her Manhattan Project quote shows she wants to work with companies to try and come up with a solution, if there is one, nothing more. We all know there is no solution other than having better hackers than everyone else.

        People falling for headlines over the actual substance again.

    • Everyone is Washington DC that's pushing this will be Investing in BlackBerry (RIM) stock. Once the law goes into effect, stock will soar!!! And the best part? You won't do fuck-all to stop it! Democracy all a charade because the populous stopped giving a damn a long time ago.

  • by QuietLagoon ( 813062 ) on Sunday December 27, 2015 @08:37PM (#51192467)
    The answer to that question is the answer to the larger issue here.

    .
    If Apple wants to continue selling devices in China (which is a needed market for Apple, as the US market is becoming saturated), then Apple will comply with the laws of China.

    It's as simple as that.

    • by amiga3D ( 567632 )

      Seems simple enough. An iPhone 666.

    • What does a law passed by the Chinese Parliament have to do with Apple, particularly?

      • by EvilSS ( 557649 )

        What does a law passed by the Chinese Parliament have to do with Apple, particularly?

        Apple, in particular, has been fighting against pressure from the US Government to do exactly what this new Chinese law requires. Back in iOS 8 (Or was it 7?) Apple stopped storing the encryption keys for iOS devices on their systems, so they cannot comply with government orders to unlock or decrypt user data on phones. The US DOJ and the CIA have been throwing an fit ever since. Now it looks like if Apple wants to continue to sell phones in China, they will have to give in and then that will give the US

    • then Apple will comply with the laws of China.

      As most of us have found out when going for PCI compliance, the best way to protect data is often not to possess it. If the keys are generated by the consumer, than it is the consumer that needs to hand over the keys, and not Apple. My understanding is that Apple cannot decrypt customer data, even if they wanted to, as only the customers possess the key(s) to do so.

    • If Apple wants to continue selling devices in China (which is a needed market for Apple, as the US market is becoming saturated), then Apple will comply with the laws of China.

      Which is why it is better for all tech firms to not have access to encryption keys. End to end encryption needs to be the standard, so there are no keys to turn over.

    • by mark-t ( 151149 )
      How would Apple not be complying with China's laws if they had no keys to hand over? Or would they assume that Apple was simply lying?
    • This is a great opportunity for hackers to exploit back doors and move money from the Chinese economy to (say) the Russian economy.

      A government mandated back door is otherwise known as a zero-day exploit.

      Woohooo....

  • Apple's response will be that they have handed over all the keys they have.

    Unless China is mandating that devices can't negotiate their own keys without the involvement of Apple. But that would mean banning entire categories of apps.

  • by Dishwasha ( 125561 ) on Sunday December 27, 2015 @09:04PM (#51192565)

    Give Chinese consumers crippleware products so no company cares enough to protect its Chinese sold IP.

  • by swillden ( 191260 ) <shawn-ds@willden.org> on Sunday December 27, 2015 @09:28PM (#51192681) Homepage Journal

    Yet another reason for companies to make sure they don't have the keys to their users' data. You can't provide what you provably never had.

    Of course, if governments require vendors to escrow the keys that strategy won't work. But it doesn't appear that China has gone that far.

  • ...and removing all Chinese certs from my trusted certs list in 5....4....3...
  • A difficult choice for tech companies is coming. If they provide the Chinese with the backdoors they ask for, they can't very well deny any other governments who ask for the same thing now can they ? They'll have to build country compliant models to appease every little dictator on the planet :|

    Otoh, if they refuse to play ball, they'll be blocked from selling products in the country, depriving them of large amounts of revenue. Perhaps this is how China will force it's citizens onto China authorized pro

    • Well, that depends.

      Consider that Android is Open Source. Google can easily not include it on their phones sold in the US. I'm not sure how many Nexus phones Google sells in China but I can't imagine that it's that many. Google wouldn't take a huge hit in sales if they just didn't sell their Nexus phones in China and they'd probably make promotional hay out of it--"We'll forgo our sales in China to keep your data as safe as possible." As you say, there are plenty of Chinese companies who already sell And

    • Everything China does is for their own benefit. They only allow foreign corporations to do business in China so they can steal their technology and trade secrets. As soon as they have done that they set up home grown competition and block the foreign sales. Doing business in China is corporate suicide.
  • So how is this different from what the UK and the US and other governments want?

    http://it.slashdot.org/story/1... [slashdot.org]
    http://tech.slashdot.org/story... [slashdot.org]
    http://yro.slashdot.org/story/... [slashdot.org]
    http://yro.slashdot.org/story/... [slashdot.org]

    etc.

  • by QuietLagoon ( 813062 ) on Sunday December 27, 2015 @11:20PM (#51193105)
    China adopts first counter-terrorism law in history [xinhuanet.com]

    ...The law establishes basic principles for counter-terrorism work and strengthens measures of prevention, handling, punishment as well as international cooperation, he said.

    Under the new bill, telecom operators and internet service providers are required to provide technical support and assistance, including decryption, to police and national security authorities in prevention and investigation of terrorist activities.

    They should also prevent dissemination of information on terrorism and extremism.

    Li Shouwei of the National People's Congress (NPC) Standing Committee legislative affairs commission, said the rule accorded with the actual work needed to fight terrorism and was basically the same as other major countries.

    "The clause reflects lessons China has learned from other countries and is a result of wide solicitation of public opinion," he added.

    "(It) will not affect companies' normal business nor install backdoors to infringe intellectual property rights, or ... citizens freedom of speech on the internet and their religious freedom," Li said.

    China's national security law adopted in July also requires Internet and information technology, infrastructure, information systems and data in key sectors to be "secure and controllable"....

  • Always mind you wording in reporting of such things.

    If China does it, it's oppression of liberty. If we do it, it's the fight against crime an terrorism.

  • "But also the blatant online surveillance and censorship that takes place." Just like America... And Brazil....
  • Companies / service providers which maintain access to locked containers may be compelled to unlock them upon government request.
    In which country is this NOT true?

    Of course the state of encryption nowadays is that companies are using the same lock combination for ALL their containers. That is a problem that needs to be fixed (perfect forward secrecy).

    Another problem is that companies who carry information often do this by accepting a message from person A and then repackaging it for person B -- which makes

  • "Under the guise of counter-terrorism, the controversial law is the Chinese government's attempt to curtail the activities of militants and political activists."

    This is always the case, whether it's the Chinese government or any other. I wish more people in the general public understood that. At least I don't have to change my sig.

  • Now that IBM has sold of the last of their server systems to Lenovo, after following dumping all their PC operations to the same Chinese Lenovo a few years ago... The legacy of IBM is compromised crap.
  • China is here, Mr. Burton!

"It doesn't much signify whom one marries for one is sure to find out next morning it was someone else." -- Rogers

Working...