China is currently working on the revision of its first antiterrorism law to deal with the increasingly complicated antiterrorism situation, a major act that reflects rule of law in the fields of antiterrorism and internet security guarding. Even so, the clauses relevant to information security in the antiterrorism law have confronted with oppositions and concerns from some countries, U.S. in particular, which claimed that those new regulations of China concerning network security have directly harmed the benefits of some American enterprises. U.S. president Barack Obama openly declared that “If China wants to do business with U.S., it must change its relevant policies and regulations.” Marie Harf, the U.S. State Department spokeswoman, even held that “China should consult U.S. government and business circles first before drafting its antiterrorism law”. Such great concerns and opposing attitude held by America reflect not only the “double standard” it often adopts in matters of network security, but also its lack of understanding of the real demand of China for network security.

The reason for U.S.’ undue criticism of China’s antiterrorism law rests with its lack of understanding of the current antiterrorism situation in China, and particularly China’s defensiveness embodied in the related policies. Quite to the contrary, America cares only about what the antiterrorism law means to its enterprises benefits while overlooking the universal and fair applicability of the law.

China has been motivated by multiple factors to strengthen its cyber security, among which is its deteriorating antiterrorism situation. Terrorists have been found utilizing internet as a platform to spread terrorism information or to call for terrorist attacks which have caused hundreds of deaths in Xinjiang Autonomous Region and many other provinces in China. In the case of Bachu terrorist attack, 14 terrorists of the reported 25 violent criminals used internet as a tool to receive and disseminate terrorism information. With the biggest number of internet users in the world, China has become a victim which suffers most from foreign hacker attacks, personal information leakage, and financial assets risks on both personal and institutional levels. The PRISM incident makes the Chinese government more aware of the potential cyber security risks that China is facing, particularly when it comes to the fact that core technologies and key areas of IT industry are under the control of western countries and all the 13 DNS root servers are located in America, Europe, Japan and other developed countries. On January 21, 2014, internet users in China could not get access to websites for several hours. And it was proved by China security agent later that the incident was totally caused by foreign hackers’ attack. Furthermore, both soft and hard wares in Chinese governments, banks and research institutes are almost dominated by foreign IT companies. Therefore, China’s law making on cyber security is of passive and defensive character. What’s noticeable, China’ economy is getting more sensitive to cyber risks with the emergence of e-commerce and e-finance. And it has become a consensus among the Chinese people that risks in the financial system can lead to the collapse of China’s economy.

The real purpose for China to make the antiterrorism law is to safeguard its national security and people’s life security. The volume of online business transactions in China amounted to 13 trillion RMB last year, taking up approximately 20% of its total GDP. With the development of internet finance, China relies more and more on internet to conduct investment and financing transactions of capital. The monopoly of foreign technologies and products in China’s communication technologies market has further increased the risks and uncertainties China’s economy may encounter. When Microsoft stopped providing security support for Windows XP, governments at various levels, enterprises and research institutions in China were forced to choose between installing a new version of window system and facing security risks posed by loopholes of the old system. Such an act of Microsoft has actually constituted a security threat to nearly 200 million XP users in China. For this reason, understanding the real demand and concern of China in network security is the prerequisite for America and China to further cooperate in cyber security.

In fact, strict regulations in the form of laws could ensure that all investors are treated equally without any discrimination. For instance, Huawei and ZTE Corporation suffered a lot from barriers in the name of security concerns from the U.S. government when investing in America and were demanded to disclose their source codes and encryption keys by American government.

The excessive examination of investments from China by CFIUS has led to unfairness and discrimination against Chinese companies. The purpose, scope and related regulations of security review clarified in the form of legislation will help to carry out the principle of fair access of investors. Furthermore, China’s requirements of disclosing site of data storage, encryption keys and source codes involve only those enterprises and companies engaged in telecommunications and internet services, while any other American hi-tech companies are not affected at all. Regarding the possible information and technology leakage of the high-tech companies, Hua Chunying, the spokeswoman of Chinese Foreign Ministry, pointed out in a news conference that only the public security agencies or national security agencies are entitled to examine the related data in view of antiterrorism needs and by following very strict enforcement procedures.

Presently, the Chinese government and enterprises are fully aware of the worsening situation of foreign capital inflow caused by lack of IPR protection, and aware that IPR protection is vital to China’s long-term competitiveness and sustainable economic growth. Thus the Chinese government is determined to strengthen legislation and reform in IPR. Against this background, concerns of American enterprises do not agree with Chinese government’s drive for new round of economic reform and market opening. It also indicates a lack of understanding of the implications behind Chinese government action on the part of US government.

In fact, not only China, but many other countries in the world as well, have made laws or imposed strict political control in the field of network security. Reuter’s news shows that over the years governments of Western countries, including the U.S. and Britain have been requiring high-tech companies to reveal their source codes and encryption keys. Obama administration has been aggressively launching series of cyber security bills since he took office, such as "network security policy review", "cyber space international security strategy" and "network space action strategy". This year, president Obama is playing an even more active role in promoting cyber security legislation, and has signed an executive order calling for enterprises to share information with the government cyber security agency. British Prime Minister David Cameron has made it clear that he will strive for legislation requiring IT companies to release their source codes and encryption keys once he wins the re-election this May. In addition, affected by the incident of PRISM project, the German government is also considering a formal legislation to force IT companies to release software source codes. The Russian government is very cautious about its own security and is trying to force Apple Corp and SAP to open source code so as to ensure relevant products will not be used as tools in monitoring Russian national institutions. Furthermore, countries like Australia, Canada and many other European countries regard the ICT sector as Critical Infrastructure and implemented very strict review processes. As an information technology giant, India has laid out a very comprehensive strategy regarding cyber security as well. Early in 2012, two Chinese companies, Huawei and ZTE were forced by Indian Foreign Investment Promotion Board (FIPB) to reveal their source codes and encryption keys.

The U.S. government’s concern about its enterprise’s interests does not matter its so-called national interests. Actually, the national interests of America do not lie in those companies which claim that their interests are affected, but depend upon related enterprise’s discrepant attitudes towards the maintenance of immediate monopoly interests or the development of long-term competitiveness. There are news reports that Apple’s decision to open its source code to Chinese government is actually counteracting what Obama administration strives for. However, the media seems to neglect that Apple Inc. has long-period values and pursuits in maintaining product competitiveness by continuous sustainable innovation.

The Chinese government has fully recognized the costs caused by excessive protection of enterprises in the process of economic transition. Actually, the U.S. is no exception, either, though it boasts itself of a so-called market economy. It should leave corporate behaviors to the market, and allow investment of enterprises to be jointly decided by market mechanism and corporate strategy. Regarding the disputes in the cyber security, the U.S. should take into account China’s real situations and its defensive psychology as a disadvantaged party in cyber security issues. Let alone overlooking the policy tendencies of other countries in the world. Understanding this will be conducive to ensuring a substantial progress in Sino-US cooperation in network security.

Source of documents：chinausfocus.com