China syndromeHere they go again: China demands access to Western computer security

Published 8 December 2008

Another crisis in U.S.-China trade relations looms, as China, again, is about to introduce rules which would allow Chinese companies to steal Western industrial secrets, and would allow the Chinese government more tightly to monitor what the Chinese people say and read

We have written several reports about China’s vast, well-coordinated, and sustained effort to steal Western industrial secrets and intellectual property in order to hasten China’s rise to a position of global economic hegemony (for the latest report, see 19 November 2008 HS Daily Wire). The history of the relations among states is the history of states spying on each other, and there is nothing new about the Chinese government’s efforts to acquire U.S. military secrets. As we wrote on 19 November, however,

the sheer scope and depth of the Chinese effort are unprecedented. Two characteristics make the Chinese espionage campaign different. First, there is an unprecedented synergy and coordination between Chinese military and intelligence organizations, on the one hand, and private Chinese companies, on the other hand. The Chinese government is using its vast intelligence resources to engage in industrial spying on behalf of Chinese companies, at the same time that Chinese companies and their representatives steal industrial and technological secrets from U.S. and European companies on behalf of the Chinese intelligence services (see 3 December 2007 HS Daily Wire story, in which we reported that the director-general of MI5 sent letters to 300 British companies warning them that their computer systems are under sustained attack from Chinese intelligence services; he warned these hi-tech companies that China engages in a systemic campaign to steal Western industrial secrets — and provide information to Chinese companies about Western companies with which these Chinese companies are doing business).

The second characteristic which benefits this broad Chinese espionage campaign is the large Chinese expatriate community.

Here is the latest example of the Chinese government’s brazen industrial theft campaign. AP reports that tensions between the United States and China are mounting as a result of the Chinese government’s plan to require foreign computer security technology to be submitted for government approval. The move might require suppliers to disclose business secrets.

The rules, which are due to take effect 1 May, require official certification of technology widely used to keep e-mail and company data networks secure. China has not yet detailed how many secrets companies must disclose about such sensitive matters as how data-encryption systems work, but the United States complains the requirement might hinder imports in a market dominated by U.S. companies, and is pressing Beijing to scrap it.

This is not the first attempt by China to mask the theft of Western industrial secrets: In 2006 China sought to force foreign companies to reveal how encryption systems work and has promoted its own standards for mobile phones and wireless encryption (that standard was called WAPI). China also conditioned the granting of permits to non-Chinese computer and communication companies on these companies signing-up Chinese companies as partners: The Chinese government provided a list of about two dozen Chinese companies from which non-Chinese companies had to chose, and to which they had to reveal the intellectual property (most of these Chinese companies were front organizations for the Chinese intelligence communities and the People’s Liberation Army). In 2001 Beijing tried to require computer and software suppliers to disclose how their encryption systems worked (both the 2001 and 2006 initiatives were scrapped after strenuous opposition by the United States and Western companies).

There is another reason, in addition to stealing secrets, why the Chinese government wants access to encryption and security codes. China has always been uncomfortable about allowing the Chinese public keep secrets, and forcing no-Chinese companies to reveal their coding and encryption schemes to the Chinese government would allow this government to eavesdrop on and ,ore tightly monitor what the Chinese people say and read.

AP reports that the new computer security rules cover thirteen types of hardware and software, including database and network security systems, secure routers, data backup and recovery systems, and anti-spam and anti-hacking software. Such technology is embedded in products sold by Microsoft, Cisco Systems, and other industry giants. “I think there’s both a national security goal and an industrial policy goal to this,” said Scott Kennedy, an Indiana University professor who studies government-business relations in China. “I’m sure before they came out with this, there was a discussion with industry and industry probably was giving them lots of requests about what should be included.”