China Passes Cybersecurity Law to Tighten its Control over the Internet

China has long been known for its strict censorship policies, which has already made it difficult for foreign companies to do business in the world’s most populous country of more than 1.35 Billion people.

Now, the Chinese government has approved broad new controversial cybersecurity regulations that would further strengthen the country’s censorship regime, making it more difficult for technology companies to operate in the country.

Made public on Monday, the legislation, passed by China’s rubber-stamp parliament and set to go into effect in June 2017, aims at combating growing threats like hacking and terrorism, but actually comes with data localization, real-name requirements, and surveillance.

The Cybersecurity Law requires instant messaging services and other internet operators to force users to register with their real names and personal information, which restricts anonymity of a user online.

The proposed law also includes requirements for ‘Data Localization’ that would force “critical information infrastructure operators” to store its users’ data within the country’s borders – the same law Russian government imposed on foreign tech companies.

Chinese Human Rights Watch (HRW) is opposing the legislation, saying that the new law doesn’t include any precise definition of infrastructure operators, and will further extend government control over an already heavily monitored and censored media.

“The law will effectively put China’s Internet companies, and hundreds of millions of Internet users, under greater state control,” HRW’s China director Sophie Richardson said in a statement over the weekend.

“Despite widespread international concern from corporations and rights advocates for more than a year, Chinese authorities pressed ahead with this restrictive law without making meaningful changes.”

Moreover, the new legislation also covers some new requirements for cybersecurity, forcing companies to provide “technical support” to government agencies for investigations involving national security and crime and to censor contents that are “prohibited.”

Although this technical support is not clearly defined in the law, experts believe that authorities could ask companies for encryption backdoors or other surveillance assistance in the name of tech support.

Under this law, companies and network operators should report “security incidents” to the government and inform consumers of data breaches.

Acts that encourages “overthrowing the socialist system,” “fabricating or spreading false information to disturb economic order,” and inciting “separatism or damage national unity” are categorized as criminal acts under the new law.

Such requirements have raised serious concerns for the users and companies operating in China, where the Internet and online freedom have already heavily censored by the government.

__Culled from THN (The Hacker News)