BEIJING—Tough new Chinese cybersecurity rules are providing a
rare, behind-the-scenes look at a regulatory skirmish between U.S.
technology companies and Beijing.
China is moving to require software companies, network-equipment
makers and other technology suppliers to disclose their proprietary
source code, the core intellectual property running their software,
to prove their products can't be compromised by hackers.
Tech companies are loath to offer up their source code, saying
this will heighten the risk of their code falling into the hands of
rivals or malefactors—and may not guarantee it is hack-proof.
Microsoft Corp., Intel Corp. and International Business Machines
Corp. are among those filing objections.
"Sharing source code in itself can't prove the capability to be
secure and controllable," Microsoft wrote in comments released by a
government cybersecurity committee in November. "It only proves
there is source code."
Intel said a rule forcing chip makers to disclose the details of
their products "would hurt technological innovation and decrease
the security level of products."
The comments were made in a discussion log made public by
Technical Committee 260, the national cybersecurity standards
maker, as it released technical parameters of its omnibus
cybersecurity law adopted Nov. 7.
The committee is rolling out standards for operating systems,
microprocessors, office software and other products to comply with
the regulations when they go into force in June 2017.
Chinese authorities have said these measures are necessary to
guard against foreign espionage tools being embedded in software
used here. They frequently cite claims by former U.S. National
Security Agency contractor Edward Snowden that such back doors were
routinely built into U.S. technology products sold overseas.
Microsoft, Intel and IBM were the largest U.S. firms to respond
to the draft regulations, joining dozens of Chinese companies,
government agencies and security experts.
The three U.S. tech giants declined to comment beyond their
written statements. All three have multiple China ventures with
local partners and are typically reluctant to publicly challenge
Chinese policy. As such, their written comments, made in Chinese,
offer a rare glimpse into how they parry over regulations with
Beijing authorities.
Among other things, tech companies are bristling at the level of
detail they would be forced to disclose to have their proprietary
technologies rated "secure and controllable."
Microsoft wrote that it believed allowing visitors to view code
at its new "Transparency Center" in Beijing should suffice, rather
than having to "share source code." Technical Committee 260
staffers disagreed, maintaining the original wording and marking
the comment "not accepted."
Microsoft and Intel also raised questions over one security
standard that gives a higher ranking to products whose development
and delivery can't be disrupted by "politics," with Intel
requesting clarification.
That complaint was marked "partially accepted," although
political consideration is still in the most recent draft.
IBM said that distinctions should be made between computing
services for commercial use, versus services for government
applications.
"Computing rooms used purely for commercial cloud computing
purposes shouldn't have to be located within China's borders,"
wrote IBM.
In a written response, Technical Committee 260 staffers said
that many sectors touch upon social stability and the public
interest. "It's not only a pure commercial question."
Jeremie Waterman, senior director for Greater China at the U.S.
Chamber of Commerce in Washington, said there is "deep concern
about the IP disclosure requirements." But it isn't clear what
recourse U.S. tech companies might have.
Despite any objections, U.S. firms are unlikely to leave China
over the cybersecurity requirements because of the importance of
the mammoth Chinese market, said James Gong, a senior associate at
law firm Herbert Smith Freehills LLP who works with western clients
in navigating Chinese law.
"I don't think they will pull out," said Mr. Gong. "I haven't
heard of any company that has decided to leave."
China has long had cybersecurity standards that weren't
vigorously enforced—but that is likely to change when the
nationwide cybersecurity law goes into effect next summer, he
said.
Beijing maintains that its security rules apply to domestic and
foreign companies equally. When China passed the cybersecurity law
last month, a spokesman for the internet regulator said foreigners
who thought the law would favor domestic firms had a
"misunderstanding, a biased view."
But in Technical Committee 260's discussions, certain government
officials argued for the standards to be drafted to favor domestic
companies.
"The big trend is called shifting to domestic production," wrote
Guo Qiquan, chief engineer at the China Ministry of Public
Security's Network Security Bureau, in a suggestion that the
committee marked "approved." "But it can't be written that way, so
one calls it independent and controllable."
Yang Jie, Rachael King and Don Clark contributed to this
article.
Write to Eva Dou at eva.dou@wsj.com
(END) Dow Jones Newswires
December 01, 2016 05:55 ET (10:55 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Intel (NASDAQ:INTC)
Historical Stock Chart
From Aug 2024 to Sep 2024
Intel (NASDAQ:INTC)
Historical Stock Chart
From Sep 2023 to Sep 2024