Blood Money

U.S. Firms Are Helping Build China’s Orwellian State
BY LINDSAY GORMAN, MATT SCHRADER
When a Dutch cybersecurity researcher disclosed last month that Chinese security contractor SenseNets left a massive facial recognition database tracking the movements of over 2.5 million people in China’s East Turkestan colony unsecured on the internet, it briefly shone a spotlight on the alarming scope of the Chinese surveillance state.
But SenseNets is a symptom of a much larger phenomenon: Tech firms in the United States are lending expertise, reputational credence, and technology to Chinese surveillance companies.
The SenseNets database logged exact GPS coordinates on a 24-hour basis and, using facial recognition, associated that data with sensitive personal information, including national ID numbers, home addresses, personal photographs, and places of employment. 
Nearly one-third of the individuals tracked were from the Uighur minority ethnic group.
In a bizarre juxtaposition of surveillance supremacy and security incompetence, SenseNets’ database was left open on the internet for six months before it was reported and, according to the researcher who discovered it, could have been “corrupted by a 12-year-old.”
The discovery suggests SenseNets is one of a number of Chinese companies participating in the construction of a technology-enabled totalitarian police state in East Turkestan, which has seen as many as 2 million Uighurs placed into “re-education camps” since early 2017. 
Eyewitness reports from inside the camps describe harsh living conditions, torture, and constant political indoctrination meant to strip Uighurs of any attachment to their Islamic faith. 
Facial recognition, artificial intelligence, and speech monitoring enable supercharge the Chinese Communist Party’s drive to “standardize” its Uighur population. 
Uighurs can be sent to "re-education" camps for a vast array of trivial offenses, many of which are benign expressions of faith.
The party monitors compliance through unrelenting electronic surveillance of online and physical activities. 
This modern-day panopticon requires enormous amounts of labor, but is serving as a testing ground for new technologies of surveillance that might render this process cheaper and more efficient for the state.
Toward this goal, the party is leveraging China’s vibrant tech ecosystem, inviting Chinese companies to participate through conventional government-procurement tools.
Companies built the "re-education" camps.
Companies supply the software that watches Uighurs online and the cameras that surveil their physical movements.
While based in China, many are deeply embedded in the international tech community, in ways that raise serious questions about the misuse of critical new technologies. 
Foreign firms, eager to access Chinese funding and data, have rushed into partnerships without heed to the ways the technologies they empower are being used in East Turkestan and elsewhere.
In February 2018, the Massachusetts Institute of Technology (MIT) announced a wide-ranging research partnership with Chinese artificial-intelligence giant and global facial-recognition leader SenseTime.
SenseTime then held a 49 percent stake in SenseNets, with robust cross-pollination of technical personnel. 
SenseNets’ parent company Netposa (also Chinese) has offices in Silicon Valley and Boston, received a strategic investment from Intel Capital in 2010, and has invested in U.S. robotics start-ups: Bito—led by researchers at Carnegie Mellon University—and Exyn, a drone software company competing in a Defense Advanced Research Projects Agency (DARPA) artificial-intelligence challenge.
This extensive enmeshing raises both moral and dual-use national-security questions.
Dual-use technology is tech that can be put to both civilian and military uses and as such is subject to tighter controls.
Nuclear power and GPS are classic examples, but new technologies such as facial recognition, augmented reality and virtual reality, 5G, and quantum computing are beginning to raise concerns about their dual applicability.
Beyond SenseNets, Chinese voice-recognition leader iFlytek is also supplying software to monitor electronic communications in East Turkestan.
A 2013 iFlytek patent identified by Human Rights Watch specifically touted its utility in “monitoring public opinion.” 
Nonetheless, like SenseTime, iFlytek recently established a multiyear research partnership with MIT. 
These partnerships lend reputational weight to activities that undermine freedom abroad.
Equally concerning is that the details of technical and research collaborations with Chinese companies can be opaque to international partners, concealing ethically objectionable activities.
When Yale University geneticist Kenneth Kidd shared DNA samples with a scientific colleague from the Chinese Ministry of Public Security’s Institute on Forensic Science, he had no idea they would be used to refine genetic surveillance techniques in East Turkestan.
Massachusetts-based company Thermo Fisher is also implicated: Until it was reported last month, the company sold DNA sequencers directly to authorities in East Turkestan for genetic mapping.
Western companies and institutions must be far more vigilant in scrutinizing how Chinese partners are using their products, especially emerging technologies.
Facial recognition is a good place to start.
The industry needs to establish global standards for appropriate applications—use that respects human rights and the rule of law. 
In the United States, Microsoft has been an industry leader in calling for regulation and has tapped employees, customers, public officials, academics, and civil society groups to develop a set of “principles for facial recognition,” which it plans to launch formally this month.
When it comes to building out regulation, the devil may be in the details.
But the principles—fairness, transparency, accountability, nondiscrimination, notice and consent, and lawful surveillance—are sound.
Surprisingly, SenseNets lists Microsoft itself as a partner on its website, along with American chip manufacturer AMD and high-performance computing provider Amax.
In the case of SenseNets, these partnerships could be false claims by a company looking to boost credibility, unwitting collaboration on the part of U.S. tech firms, or true business relationships.
“We have been able to find no evidence that Microsoft is involved in a partnership with SenseNets,” a spokesperson for Microsoft told the authors, “We will follow up with SenseNets to cease making inaccurate representations about our relationship.”
But if these partnerships are real, they would violate all six of Microsoft’s principles.
California-based Amax, which specializes in high-performance computing for deep-learning applications, touts a partnership with Chinese state-owned Hikvision, the world’s largest supplier of video surveillance products. 
AMD is also involved in a Chinese joint venture supplying proprietary x86 processor technology.
Despite a general awareness of the ways American companies and individuals are abetting surveillance in East Turkestan, U.S. Congress and government officials have yet to call for a review of the extent of U.S. investment and research partnership entanglements. 
The Commerce Department’s proposed rule-making on controls for certain emerging technologies is a start, but its scope remains unclear.
The international tech community can help guide the ethical application of its developments.
After employee protests, Google reportedly suspended plans to launch Dragonfly, a censored version of its search engine custom-built for China, although there are suspicions the project may not be entirely dead. 
Authoritarianism has proven it can use emerging technologies to undermine democratic norms and freedoms.
As such, U.S.-based research-and-development organizations should perform basic due diligence on partnerships to assess their connection to surveillance regimes.
International scientific exchange has yielded awe-inspiring achievements, from the discovery of the Higgs boson to the eradication of smallpox.
And cooperation is growing faster than ever.
But by taking basic steps to understand their partners, investors can mitigate some of the unintended risks of that cooperation.
If they fail to do so, they will end up owning some of the responsibility for human rights abuses in East Turkestan and elsewhere.

Tech Quisling and Moral Pygmy

Apple is kowtowing to China’s police state
Washington Post

CHINA AND Russia, among other places ruled by strongmen and their political cronies, are demanding that technology companies locate all their data on national soil.  

The titans of American digital innovation — Apple, Google, Facebook, Amazon, Microsoft and others — face a difficult choice. 

They can risk moving the data of millions of customers to a police state, or they can refuse and risk losing millions of customers.
This week, Apple is choosing option A: police state. 

Starting Wednesday, the data of its iCloud customers in China will be transferred to China, as required by a new law, to be housed in a center operated by a Chinese company. 

Apple will control the encryption keys but says it will respond to “valid legal requests” from Chinese authorities for the data of individuals. 

This applies only to the popular iCloud and what Chinese users decide to store there; data on an iPhone itself is encrypted, and users are the only ones who can unlock it.
Previously, a request for the cloud data would have come to the United States and would have been subject to the rigors of U.S. law and due process. 

China, however, is ruled by the Communist Party, which remains above the law. 

A vivid glimpse of how the mechanism works is China’s recent campaign to silence and punish human rights lawyers, jailing them for defending people who dared speak their minds openly. 

China is also rolling out a nationwide system to monitor the behavior of individuals, including their financial transactions, shopping habits, social media, traffic tickets and unpaid bills, and combining it with ubiquitous surveillance. 

This is the legal environment that will oversee the iCloud data of Chinese users.

Amazon and Microsoft have also established data centers in China. (The chief executive and founder of Amazon, Jeffrey P. Bezos, owns The Post.)
Two years ago, Tim Cook, Apple’s chief executive, refused to help the FBI crack open an iPhone used by one of the San Bernardino, Calif., terrorists. 

Cook insisted that it was vital to protect data encryption for privacy, that to give in to the FBI would “make hundreds of millions of customers vulnerable around the world, including in the U.S.” 

We understand that Cook was talking about the iPhone then, and not the cloud, but he was very passionate about the principle of resisting government snooping. 

“We need to stand tall and stand tall on principle,” Cook bombastically declared.

When it comes to China, however, Apple says that it decided to “remain engaged.” 

This cannot have been an easy decision for Apple or Cook. 

Other companies will confront it, too. 

Of course it would have been painful to Apple’s customers, and to its bottom line, to pull out of China. 

But obeying “local laws” can mean honoring the whims of mega-snoops and dictators who do not share the values of democracy and free expression. 

Apple should find that painful, too.

The Chinese Thief Crying about Theft

China, Addicted to Bootleg Software, Reels From Ransomware Attack
By PAUL MOZUR

A PetroChina pump in Beijing. The hacking caused electronic payment systems at gas stations run by the state oil giant to be cut off for much of the weekend. 

HONG KONG — China is home to the world’s largest group of internet users, a thriving online technology scene and rampant software piracy that encapsulates its determination to play by its own set of digital rules.
But as the country scrambles to recover from a global hacking assault that hit its companies, government agencies and universities especially hard, the risks of its dependence on pirated software are becoming clear.
Researchers believe large numbers of computers running unlicensed versions of Windows probably contributed to the reach of the so-called ransomware attack, according to the Finnish cybersecurity company F-Secure. 

Because pirated software usually is not registered with the developer, users often miss major security patches that could ward off assaults.
It is not clear whether every company or institution in China affected by the ransomware, which locked users out of their computers and demanded payment to allow them to return, was using pirated software. 

But universities, local governments and state-run companies have networks that depend on unlicensed copies of Windows.
Microsoft and other Western companies have complained for years about widespread use of pirated software in a number of countries that were hit particularly hard by the attack. 

A study last year by BSA, a trade association of software vendors, found that 70 percent of software installed on computers in China was not properly licensed in 2015. 

Russia, at 64 percent, and India, 58 percent, were close behind.
Zhu Huanjie, who is studying network engineering in Hangzhou, China, blamed a number of ills for the spread of the attack, including the lack of security on school networks. 

He said piracy was also a factor. 

Many users did not update their software to get the latest safety features because of a fear that their copies would be damaged or locked, while universities offered only older, pirated versions.
“Most of the schools are now all using pirate software, including operation system and professional software,” he said. 

“In China, the Windows that most people are using is still pirated. This is just the way it is.”

On Monday, some Chinese institutions were still cleaning computer systems jammed by the attack. Prestigious research institutions like Tsinghua University were affected, as were major companies like China Telecom and Hainan Airlines.
China’s securities regulator said it had taken down its network to try to protect it, and the country’s banking regulator warned lenders to be cautious when dealing with the malicious software.
Police stations and local security offices reported problems on social media, while university students reported being locked out of final thesis papers. 

Electronic payment systems at gas stations run by the state oil giant PetroChina were cut off for much of the weekend. 

Over all, according to the official state television broadcaster, about 40,000 institutions were hit. 

Separately, the Chinese security company Qihoo 360 reported that computers at more than 29,000 organizations had been infected.
At China Telecom, one of the country’s three main state-run telecommunications providers, a similar scramble occurred over the weekend, according to an employee who was not authorized to speak on the matter. 

When a company-provided software patch did not work, the employee was told to use one from Qihoo 360, which supports pirated and out-of-date versions of Windows, the person said. 

A spokesman for China Telecom did not immediately respond to a request for comment.
On Monday, the main internet regulator, the Cyberspace Administration of China, quoted an unidentified person in charge of internet security saying that the ransomware was still spreading but the speed of transmission had slowed. 

It said that regulators overseeing banks, schools, the police and other groups had given orders to stop the risk and that it had instructed users on how to avoid exposure.
Using copied software and other media has become embedded in China’s computing culture, said Thomas Parenty, founder of Archefact Group, which advises companies on cybersecurity. 

People are under the impression that using pirated goods in China is legal, while others are simply not used to paying for software, he said.
Mr. Parenty cited an instance when he was working at the Beijing office of an American client. 

“It turned out every single one of their computers, all the software, was bootlegged,” he said.
The twin problems of malware and the unwillingness to pay for software are so ingrained that they have led to an alternative type of security company in China. 

Qihoo 360 built its business by offering free security programs; it makes money from advertising.
The issue has led to political battles between Microsoft and the Chinese government.
In a bid to get more organizations in China to pay for their software, Microsoft, which is based in Redmond, Wash., has tried education and outreach. 

It has also stopped distributing Windows on discs, which are easy to copy.
One effort in 2014 put it at loggerheads with Beijing.
At that time, Microsoft cut off support for Windows XP, an operating system that was about 14 years old but that was still widely used by the government and by Chinese companies. 

Many in China complained that the move showed that the country still relied on decisions made by foreign companies. 

An article by the official news agency Xinhua said that such corporate behavior could be considered anticompetitive. 

Microsoft later agreed to offer free upgrades and reached a deal with a state-run company that often works for the military to develop a version that catered to China.
The Chinese government has been less focused on software piracy — and more on building local alternatives to Microsoft. 

After leaks by the former intelligence contractor Edward J. Snowden about American hacking attacks aimed at monitoring China’s military buildup, leaders in Beijing accelerated a push to develop Chinese-branded software and hardware that would be harder to breach.
For now, however, much of China relies on Windows. 

And for all of the impact of the weekend’s cyberattack, Mr. Parenty said he did not think that there would be a big effect on attitudes toward pirated software.
“The only way I see this changing things is if the central government decides there is a risk to critical infrastructure from this threat and force people to buy legitimate software,” he said. 

“But I don’t see that happening right now.”

Like rats abandoning a sinking ship

Why foreign companies are shutting shop in China
By Jane Li

A person walks past a Best Buy logo on February 22, 2011 in Shanghai, China. The U.S. consumer electronics retailer closed all of its stores in China in 2011.
U.S.-based Seagate, the world's biggest maker of hard disk drives, closed its factory in Suzhou near Shanghai last month with the loss of 2,000 jobs, in a move that justifies fears that China is becoming increasingly hostile towards foreign firms operating in the country.
A speech presented by Xi Jinping at the World Economic Forum meeting in Davos in early January had been hoped to address the issue, and "reassure" investors that China's remained open to foreign investment.
Xi defended globalization and "promised" improved market access for foreign companies.
Yet, Seagate joined a spate of foreign companies to shutter operations in China in recent years, for various reasons, but most have attributed the country's high tax regime, rising labor costs and fierce competition from domestic companies.
Panasonic, for instance, stopped all its manufacturing of televisions in the country in 2015 after 37 years of operating in China.
When it first opened in 1979, the Japanese home electronics corporation was the country's first foreign firm, tempted by generous benefits not offered to its Chinese competitors, including lower taxes and land prices and easier access to local governments.
But almost four decades down the road, this certainly isn't the case anymore.
In November last year, Japanese electronics conglomerate Sony sold all its shares in Sony Electronics Huanan, a Guangzhou factory that makes consumer electronics, and British high-street retailer Marks & Spencer announced it was closing all its China stores amid continuing China losses.
Add to that list Metro, Home Depot, Best Buy, Revlon, L'Oreal, Microsoft, and Sharp and we start to see more than a trend developing.
Once considered Beijing's most-welcomed guests, bringing with them the money, management skills, and technical knowledge that the country so badly needed, foreign companies now have fallen out of favor.
"China doesn't need foreign companies in terms of acquiring advanced technology and capital as in previous years," said Professor Chong Tai-Leung from the Chinese University of Hong Kong, "so of course, the government is gradually phasing out more of these preferential policies for foreign firms."
Echoing Chong's comments, Shen Danyang, a spokesperson for China's Ministry of Commerce accused foreign corporates last September of only wanting to make "quick money", had become too dependent on preferential government policies in China, and were starting to feel the pain of what he called a "deteriorating environment for business" in the country.
But for those who had "insight and courage", Shen insisted China is still a good place to invest.

Pedestrians walk past the Marks & Spencer flagship store on December 21, 2015 in Beijing, China. The retailer has since exited the Chinese market.

While it's still open to discussion whether those who have now retreated from China lacked "insight and courage", there are certainly some common factors emerging on why.
Keith Pogson, a senior partner at Ernst & Young who oversees financial services in Asia, said the major one is quite simply fierce competition from Chinese rivals.
"We are seeing more Chinese companies becoming champions in other countries, and of course that adds a lot of pressure on foreign corporates." he said, agreeing that the gradual phasing out of preferential policies for foreign firms was certainly in China's self-interest.
Chinese TV brands, for example, for the first time overtook their South Korean rivals last year, ranking first in global sales, with the market share of TCL – a household name in the domestic home electronics market – increasing more than 50 per cent in Northern American market in the past year.
With the rise of such home-grown firms, the Chinese authorities have been leaning towards their own "children", said Pogson, and this gradual phasing out of preferential policies for foreign companies is likely to continue.
Preferential treatment towards foreign firms goes back to 1994 when they were included under the country's general tax regulations.
Until 2007, firms that received foreign investment were subject to 15 per cent income tax while domestic companies paid 33 per cent tax.
But in recent years Beijing has stepped up its efforts to tighten such policies, with the new Enterprise Income Tax Law and Implementation Rules, effective since 2008 unifying the rate for domestic and foreign companies at 25 per cent.
Unclear laws and inconsistent interpretation of them have also been blamed for the flight of foreign firms.
A survey last year by consulting firm Bain & Company and the American Chamber of Commerce in China (AmCham-China) highlighted those were the two top factors hindering foreign firms' ability to invest and grow in China.
High labor costs and a lack of qualified employees were also among the top five challenges, the study showed.
An example of the type of regulation that is now hindering foreign progress is the new cyber security law, approved by parliament last November.
It sparked fears that foreign technology firms would be shut out and subjected to contentious requirements for security reviews, and for data to be stored on Chinese servers.
Despite more than 40 international business groups signing a petition to amend some sections of the law, the final draft approved by the parliament remained unchanged – a clear indication of Beijing's determination to toughen its stance against foreign firms.
A quarter of the AmCham-China's 532 member firms taking part in the survey said they had either moved or were planning to move operations out of China by the end of last year, with almost half moving to parts of "developing Asia".
"If more overseas companies want to develop in China at this stage," Chong said, "I would suggest they consider second- and third-tier cities."

Apple is the world leader in globalizing Chinese and Foxconn censorship

Apple blocks New York Times in China after paper probes Chinese subsidies given to iPhone maker’s partner Foxconn
By MATTHEW SHEFFIELD

Apple has officially blocked the New York Times from the Chinese edition of its mobile application market.

This move followed a Chinese government ruling that appears to have been sparked by the newspaper’s reporting on massive subsidies provided to Apple’s top manufacturing partner by the People’s Republic.
The ban went into effect on Dec. 23, when Apple formally removed the Times’ English- and Chinese-language programs from its app store for users in mainland China. 

It was not announced by the newspaper until this week, presumably because the Times sought to reverse the decision.
In a statement released to the Times, Apple spokesman Fred Sainz said that the paper had been banned from the app store because it had somehow run afoul of unspecified Chinese laws.
“For some time now the New York Times app has not been permitted to display content to most users in China and we have been informed that the app is in violation of local regulations,” Sainz said in the statement.
“As a result, the app must be taken down off the China App Store. When this situation changes, the App Store will once again offer the New York Times app for download in China.”
The newspaper’s website has been blocked by China’s infamous “Great Firewall” censorship regime since 2012, when it published several reports about the vast wealth of the family of Wen Jiabao, who was at the time the ostensibly Communist nation’s country’s prime minister.
Tom Grundy, editor-in-chief of the Hong Kong Free Press, condemned the move on Twitter, describing it as “Apple eagerly assisting Beijing’s blatant censorship.”
But Apple, the world’s most valuable company by market capitalization, is far from the only major technology firm willing to comply with Beijing’s demands in order to do business in China.
According to former Al Jazeera journalist Melissa Chan, “every single US tech company in China makes compromises in order to enter the market.”
She gave several examples in an essay for the Guardian, including social network LinkedIn, note-taking service Evernote and Microsoft. 
Google is one of the few American tech firms unwilling to comply, opting instead not to do business in China. 
It completely exited the country in 2010.
“But if anybody had hoped Google’s defection would launch an exodus, it never happened,” Chan wrote.
“Since then, Chinese censorship and attempts to control foreign companies have only become more odious, with no indication it will let up.”
According to Wikipedia, about 3,000 major websites are currently banned within China.
The Times apps were blocked by Beijing due to a story that reporter David Barboza was working on about the massive subsidies and other inducements that the Chinese government provides to Foxconn, a Taiwanese firm which is Apple’s manufacturing partner and the largest private employer in China.
According to the Times, Barboza contacted Apple on Dec. 23 for comment about his report. 
Within hours, the newspaper’s management was informed by the iPhone maker that its apps had been blocked for users with billing addresses within mainland China.

The Dirty Four

Apple is not the only tech company kowtowing to China’s despots.
There is rightly outrage at Apple removing the New York Times app from its Chinese store. 
Now let’s take a look at LinkedIn, Evernote and Microsoft.

By Melissa Chan

‘One online advocacy organization labelled Apple the “world leader in globalizing Chinese censorship”.’

News of Apple pulling the New York Times app from its store in China has been met with the expected outrage on social media.
One online advocacy organisation labelled Apple the “world leader in globalising Chinese censorship”. 
Tom Grundy of Hong Kong Free Press, an independent online news outlet, tweeted that Apple was now “eagerly assisting” in censorship. 
And the New York Times’s own correspondent, Chris Buckley, asked on Twitter whether Apple owed an explanation to the paper’s Chinese readers.
I have experience with Chinese censorship, as both target and witness of it.
As a reporter there for five years, I – along with the rest of the foreign press corps – often faced attempts at both the local and national level to interfere with and stop our coverage.
And as someone who happened to be in China when social media and cloud-based technology started taking off, I also wrote many stories on China’s moves to block Facebook, Twitter and Google. Here’s a list of major websites blocked in the country.
As much as I have spoken up against Chinese censorship, and as often as I berate Mark Zuckerberg’s blatant kowtowing in order to get Facebook back into China, I actually think we should hold some of our fire, or at least stop short of singling Apple out as the worst offender.
I say this as someone who has also covered Silicon Valley as a Bay Area-based correspondent.
In the United States, Apple has a strong track record as an industry leader against government attempts to access users’ data.
It has butted heads directly with the Obama administration over issues of privacy and security, calling it a fight for civil liberties.
It has taken unpopular positions, including refusing to cooperate with the FBI to help agents read the encrypted data from domestic terrorist Syed Farook’s iPhone.
This is a technology company that has appeared to have at least tried, at times, to do the right thing.
Of course, Apple has not manufactured iPhones in China without scandal.
From stories of factory workers being made ill by the chemicals used to make iPhone touch screens, to a spate of suicides at a manufacturer’s campuses, Apple’s record is checkered.
Apple only shoulders responsibility when it also happens to improve the company’s bottom line, or when it’s easy. 
In the United States, Apple has recourse to a functioning legal system to launch its battles.
In China, where the rule of law is weak, it means a much tougher environment and far fewer options when the company disagrees with government decisions.
The situation is complicated by the tremendous leverage the Chinese government has over Apple. 
Not only is the iPhone manufactured there, but sales of Apple products in China account for a quarter of its global revenue.
Apple has not explained its latest decision and which law the New York Times fallen foul to.
The newspaper has a Chinese-language edition of its paper.
In 2012, Beijing blocked both the Chinese and English-language websites, but readers could continue reading articles if they downloaded the apps to their iPhones.
Now, Apple has removed both English and Chinese-language apps from its store, making it impossible to read the New York Times unless users know how to employ circumvention tools.
Maybe the larger the company, the more scrutiny it should receive.
In that spirit, Apple’s decision to pull the apps deserves full moral fury.
But keep in mind that every single US tech company in China makes compromises in order to enter the market.
LinkedIn restricts its content. 
Evernote, like Apple, stores Chinese account holders’ data on Chinese servers so that authorities may access the information. 
Microsoft censors. 
None of this is right.

Tom Grundy of Hong Kong Free Press, an independent online news outlet, tweeted that Apple was now “eagerly assisting” in censorship.
Few foreign companies have taken the moral stand that Google did by exiting China. 
I remember when the company made that decision.
Supporters of a more open China dropped off flowers outside its Beijing offices, excited that it had made such a bold move.
But if anybody had hoped Google’s defection would launch an exodus, it never happened.
Since then, Chinese censorship and attempts to control foreign companies have only become more odious, with no indication it will let up. 
Apple’s problem today, is another foreign company’s conundrum tomorrow.
Its dependance on China serves as a case study for how the story will repeatedly, dismally play out. All this stops only when the financial incentives to do business in China, and with China, disappear.

Microsoft, Intel, IBM Push Back on China Cybersecurity Rules

Beijing wants foreign tech companies to hand over their source code.By EVA DOU

Visitors used a laptop behind a security guard at the Global Mobile Internet Conference in Beijing in April 2015. The Chinese government plans to implement new cybersecurity rules by next summer.

BEIJING—Tough new Chinese cybersecurity rules are providing a rare, behind-the-scenes look at a regulatory skirmish between U.S. technology companies and Beijing.
China is moving to require software companies, network-equipment makers and other technology suppliers to disclose their proprietary source code, the core intellectual property running their software, to prove their products can’t be compromised by hackers.
Tech companies are loath to offer up their source code, saying this will heighten the risk of their code falling into the hands of rivals or malefactors—and may not guarantee it is hack-proof.
Microsoft Corp., Intel Corp. and International Business Machines Corp. are among those filing objections.
“Sharing source code in itself can’t prove the capability to be secure and controllable,” Microsoft wrote in comments released by a government cybersecurity committee in November.
“It only proves there is source code.”
Intel said a rule forcing chip makers to disclose the details of their products “would hurt technological innovation and decrease the security level of products.”
------------
BEIJING’S ONLINE RULES
Some features of China’s new regulations to ensure information technology products are ‘secure and controllable.’

• IT suppliers must provide the software source code running the products, and design details, so authorities can check for security flaws or back doors.
• Product security will be graded on whether the system’s technology is transparent to authorities, how data is stored and processed, and the stability of the supply chain, to economic and political changes.
• IT buyers in China will be ranked into five security classifications that require different levels of IT equipment security.

-------------
The comments were made in a discussion log made public by Technical Committee 260, the national cybersecurity standards maker, as it released technical parameters of its omnibus cybersecurity law adopted Nov. 7.
The committee is rolling out standards for operating systems, microprocessors, office software and other products to comply with the regulations when they go into force in June 2017.
Chinese authorities have said these measures are necessary to guard against foreign espionage tools being embedded in software used here.
They frequently cite claims by former U.S. National Security Agency contractor Edward Snowden that such back doors were routinely built into U.S. technology products sold overseas.
Microsoft, Intel and IBM were the largest U.S. firms to respond to the draft regulations, joining dozens of Chinese companies, government agencies and security experts.
The three U.S. tech giants declined to comment beyond their written statements.
All three have multiple China ventures with local partners and are typically reluctant to publicly challenge Chinese policy.
As such, their written comments, made in Chinese, offer a rare glimpse into how they parry over regulations with Beijing authorities.
Among other things, tech companies are bristling at the level of detail they would be forced to disclose to have their proprietary technologies rated “secure and controllable.”
Microsoft wrote that it believed allowing visitors to view code at its new “Transparency Center” in Beijing should suffice, rather than having to “share source code.”
Technical Committee 260 staffers disagreed, maintaining the original wording and marking the comment “not accepted.”
Microsoft and Intel also raised questions over one security standard that gives a higher ranking to products whose development and delivery can’t be disrupted by “politics,” with Intel requesting clarification.
That complaint was marked “partially accepted,” although political consideration is still in the most recent draft.
IBM said that distinctions should be made between computing services for commercial use, versus services for government applications.
“Computing rooms used purely for commercial cloud computing purposes shouldn’t have to be located within China’s borders,” wrote IBM.
In a written response, Technical Committee 260 staffers said that many sectors touch upon social stability and the public interest.
“It’s not only a pure commercial question.”
Jeremie Waterman, senior director for Greater China at the U.S. Chamber of Commerce in Washington, said there is “deep concern about the IP disclosure requirements.”
But it isn’t clear what recourse U.S. tech companies might have.
Despite any objections, U.S. firms are unlikely to leave China over the cybersecurity requirements because of the importance of the mammoth Chinese market, said James Gong, a senior associate at law firm Herbert Smith Freehills LLP who works with western clients in navigating Chinese law.
“I don’t think they will pull out,” said Mr. Gong.
“I haven’t heard of any company that has decided to leave.”
China has long had cybersecurity standards that weren’t vigorously enforced—but that is likely to change when the nationwide cybersecurity law goes into effect next summer, he said.
Beijing maintains that its security rules apply to domestic and foreign companies equally.
When China passed the cybersecurity law last month, a spokesman for the internet regulator said foreigners who thought the law would favor domestic firms had a “misunderstanding, a biased view.”
But in Technical Committee 260’s discussions, certain government officials argued for the standards to be drafted to favor domestic companies.
“The big trend is called shifting to domestic production,” wrote Guo Qiquan, chief engineer at the China Ministry of Public Security’s Network Security Bureau, in a suggestion that the committee marked “approved.”
“But it can’t be written that way, so one calls it independent and controllable.”