13 March 2000
Source: US newspaper, March 13, 2000
By Matt Forney
BEIJING -- China has reversed draconian rules on Internet privacy, a decision that should allow electronic messages a better chance of remaining secret.
A new regulation reverses a previous order that banned products containing foreign-designed encryption software. Encryption products can encode everything from e-mail messages to financial transactions, and shield the information from thieves or governments that would try to read it on the sly. The ban had threatened to escalate into a trade dispute between the U.S. and China, and raised fears that China's spy service would enjoy easier access to the secrets of companies, dissidents and underground religious groups.
The revision "is a very positive step forward," says Patrick Powers, director of China operations for the U.S.-China Business Council, which has lobbied on behalf of U.S. companies for just such a change. He added that "overall, we are pleased by the responsiveness of the relevant authorities so far."
A High-Tech Boon
The change is a boon to many of the world's best-known high-tech companies. If the old rules had been strictly enforced they would have barred Mierosoft Corp. from selling its newest operating system, Windows 2000, which is set to be launched in China on March 20. They also would have forced companies such as Cisco Systems Inc. to redesign parts of its Internet equipment so that Chinese companies could supply the encryption, and would have delayed the installation of new mobile-phone networks so that their encryption products could be redesigned.
But the change doesn't address a concern of foreign companies: whether they will have to register the type of encryption software they use, and later supply detailed information on what employees use it, their location and their phone numbers. All foreign companies in China were supposed to complete the first round of registration by Jan. 31, although few did.
The original regulations, as well as the revisions, were issued by a little-known organization called the State Encryption Management Commission. Officials at the commission acknowledge that they work in conjunction with China's spy service, the Ministry of State Security, and the body is thought to report also to the State Bureau of Secrecy, which couldn't be reached for comment.
In a four-point circular issued last week but dated only "March 2000," the encryption commission said that only a certain type of highly specialized encryption product, known as a "black box," must be designed in China. "Other things, including wireless telephones, Windows software, browser software and so on are not in cluded in the scope," reads the circular.
Ending the Third-Party Element
It also confirmed that China will not introduce a "key escrow" system in which encryption passwords must be stored with a third party, which could turn the codes over to the government. "Foreign businesses do not need to be worried about this point," it adds.
The commission seemed to acknowledge that foreign pressure, as well as China's effort to gain admission to the World Trade Organization, had led to the changes. The circular noted that "China's government, in accordance with WTO regulations and promises to foreign governments, has already begun to research and revise relevant laws and regulations," including the one regarding encryption products.