WEB DESK: China has released a draft cybersecurity law that seeks to beef up Beijing’s ability to guard against cyberthreats and protect data on Chinese users, while also tightening controls over the Internet.
The draft cybersecurity law, released this week for comments, explicitly allows Chinese authorities to cut Internet access during public-security emergencies. Chinese authorities have periodically deployed such measures during unrest in Uighur and Tibetan ethnic-minority areas in China’s west.
The draft law also requires government agencies to set up cybersecurity monitoring and alert systems and emergency-response measures. Such rules underscore the government’s concern that Beijing lacked a coherent policy for responding to cybersecurity threats.
The draft law comes amid heightened tensions between China and the U.S. over cybersecurity. U.S. investigators believe China was the source of an attack on the U.S. government’s Office of Personnel Management that resulted in the theft of millions of personnel records and sensitive information. China has called such allegations irresponsible and said it opposes all forms of cyberattacks.
The draft law also requires providers of Internet products and services that gather personal data to first obtain approval from its users and notify users if data breaches have occurred. In recent years, some Chinese sites have leaked personal-user data, including the official railway ticket-sales website. In December, usernames, passwords and email addresses of train riders in China were stolen from the site and leaked online.
The draft law lists sectors such as energy, transportation, water supplies, and finance as requiring stronger safeguards. Also included are information systems that support electricity, gas, health care, social security and other public services. Procurement for products and services used in these areas must undergo official security reviews if they are deemed to potentially affect national security, the law says, without defining how such a threat would be measured.
Operators of “crucial” information infrastructure should store Chinese users’ personal information and other important data within Chinese territory, according to the draft law. Cases in which data must be stored overseas for business purposes should first undergo security reviews, it says.
Movements to tighten restrictions on data flows have previously raised concerns among foreign businesses, which worry it could crimp business activity and raise costs.
Already, some foreign companies have started storing Chinese users’ data on the mainland. Apple Inc. said in August it has been using state-controlled China Telecom’s Internet-based platform to store its Chinese users’ data, which Apple says is protected by encryption.
Source: Business Insider