I've been saying
for over a year
that I have not even
heard China admit
to having a problem
with IP (intellectual
property) theft.
Admitting to a problem
would be the first step
to solving the problem.
The second step
would be arresting
and punishing violators.
The third step would
be stricter laws
and punishments,
that are enforced.
The problem will not
be solved unless
China takes the lead.
In late November 2019,
the general offices of the
Communist Party of China
(CPC) Central Committee
and the State Council
published a new report
titled:
"The Guideline on
Strengthening
Intellectual Property
Rights Protection,"
which states
the government
will increase
fines on violations
of intellectual
property rights (IPR)
... to encourage the
US to sign Phase One'
US / China trade deal.
There were
limited details,
except to:
"Strive to achieve
effective containment
of infringement and
prostitution in 2022 ..."
These are just
official guidelines
at the moment,
not actions.
But it sounds like
a small step in the
right direction.
Unfortunately
there are
previously
planned actions
that will make
computer security
in China worse !
The new rules
are effective
January 1, 2020 !
Beijing already
required certain
foreign companies,
seeking to do
business in China,
to share their
intellectual property
with the Chinese.
IP acquired
that way is a
trade barrier
but is not theft.
US businesses
had a choice
whether or not
to do business
in China, knowing
those rules.
Tariffs imposed
on American
companies who buy
imports from China
is a poor remedy
for China’s IP
violations.
Here's what China
has done, as of
January 1, 2020, when
China's Cryptography
Law becomes effective.
Beijing wants complete
visibility into the computer
networks of all foreign
companies located
in China !
Beijing will soon
have access to
all communications,
data, and other
information stored
in electronic form
inside China, by all
foreign companies !
No foreign company
may encrypt data
so that they
can't be read
by the Chinese
government, and
Communist Party.
Businesses
will be required
to turn over
"encryption keys"
to the government.
Companies will
also be prohibited
from employing
virtual private networks
to keep their data secret,
and some believe they
will no longer be allowed
to use private servers.
Beijing's system
means that the
Chinese authorities
will no longer need
to ask foreign
businesses
to turn over data --
officials will be able to
take data on their own !
Once data cross
the Chinese border
on a network,
100% of the data
will be available
to the Chinese
government, and
Communist Party !
Chinese officials
will be permitted,
under Chinese law,
to share seized
information with
Chinese state
enterprises !
State enterprises
could use that
information
against foreign
competitors.
US businesses in China
had previously assumed
that technology covered
by U.S. export prohibitions
is not actually "exported"
to China if it is kept
on a Chinese network,
protected by
end-to-end encryption,
and not available to
Chinese authorities.
But those companies
will no longer be
permitted by China
to encrypt their data
end-to-end, meaning
they would become
violators of U.S. export
prohibitions concerning
technology stored
on a network in China.
Some people say
this is no big deal
because China
can already steal
all they want from
US companies
in China by using
their advanced
"APT" hacker
groups.
But if China's
cyber spies,
have US company
encryption keys,
hacking becomes
more dangerous.
Having access
to the inside China
network of
a foreign firm,
puts hackers
in a better position
to penetrate
networks of
that firm located
outside of China.
President Trump
could use his
emergency powers
to prohibit American
companies from
complying with
the new rules,
or from storing
data in China.
He has those powers
under the International
Emergency Economic
Powers Act of 1977.
An emergency order
would most likely force
American companies
out of China, but
that's the only way
to fight back.
If American companies
can't protect their data
inside China, they should
start leaving China !
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.