HONG KONG — When a draft of China’s new national security law was made public in May, critics argued that it was too broad and left much open to interpretation.
In the final form of the law, which the government said Wednesday had been enacted, Beijing got more specific, but in a way that is sending ripples through the global technology industry.
New language calls for a “national security review” of the technology industry, including networking and other products and services, and foreign investment.
The law also calls for technology that supports crucial sectors to be “secure and controllable,” a catch phrase that multinationals and industry groups say could be used to force companies to build so-called back doors — which allow third-party access to systems — provide encryption keys, or even hand over source code.
As with many other Chinese laws, the language is vague enough to make it unclear how the law will be enforced, but it suggests a new front in the wider clash between China and the United States over online security and technology policy.
The United States has accused China of state-sponsored hacking attacks against US companies to gain a commercial advantage, and of creating policies meant to force the transfer of intellectual property to Chinese companies.
In turn, China maintains that the disclosures by Edward J. Snowden, a former US National Security Agency contractor, about US online espionage give it plenty of reason to wean itself from foreign technology that may have been tampered with by US intelligence agencies.
The most recent policy clash between the United States and China came in April, and it ended with Beijing’s saying that it would withdraw a law that restricted which technology products could be sold by foreign companies to Chinese banks. Groups that represent companies such as Apple, Google and Microsoft had pushed against that law.
At the time, the withdrawal was billed as a victory for foreign companies, but the recent additions to the Chinese national security law show that it might have been a brief reprieve. The changes to the law are also likely to increase lobbying pressure on the United States by multinationals aimed at a separate Chinese measure, a counterterrorism law that Beijing is expected to pass this year and that could include stronger restrictions on foreign technologies being sold into China.
“I think it’s a perfect storm: The cybersecurity concerns because of Snowden and the techno-nationalist perspective have really gained strength over the past few years,” said Adam Segal, a senior fellow at the Council on Foreign Relations in New York. “China is not particularly swayed by or sympathetic to arguments that the foreign companies have made, and they’re going to push forward on all these fronts.”
At a news conference Wednesday in Beijing, Zheng Shuna, deputy director of the legislative affairs commission of the National People’s Congress, China’s legislature, underscored those concerns.
“China’s cybersovereignty shall be respected and maintained,” she said, using the term Beijing has adopted to argue that countries should be allowed to enact whatever laws are necessary to manage the Internet and information technology within their borders.
“Raising the idea of ‘safeguarding national cybersovereignty’ in the National Security Law is a response to the needs of the development of the Chinese Internet,” Zheng added. “It provides the legal basis for managing cyberactivity on China’s soil and resisting activities which jeopardize China’s cybersecurity.”
The concept of a governmental body reviewing security concerns for issues such as foreign investment in the technology industry is not reserved for the Chinese. For instance, the Committee on Foreign Investment in the United States oversees and occasionally bars investment in sensitive industries by countries such as China.
Still, foreign companies argue that Beijing is likely to use such an oversight body to favor local firms and to push multinationals to do more to help Chinese companies develop advanced capabilities.
Segal pointed to one phrase in the new Chinese law that could be particularly problematic: “secure and controllable.”
“Since no one knows how you implement that phrase,” he said, “foreign companies are worried about what that’s going to mean.”