China to Require US Tech Companies to Submit Source Code for Inspection

Written by

China is planning to implement a set of cybersecurity policies that would restrict the cross-border flow of information by requiring US tech companies to turn over intellectual property and other sensitive material to the Chinese government for ‘inspections,’ according to US business groups.

In a letter to Chinese cybersecurity officials obtained by the Wall Street Journal, the US Chamber of Commerce, the American Chamber of Commerce in China, the Information Technology Industry Council and the Telecommunications Industry Association, among others, called on Beijing to negotiate a better solution.

China’s new rules would require companies to turn over source codes and submit software products to “intrusive security testing.” Also, the WSJ indicated that they would be required to use Chinese encryption algorithms.

Clearly, complying with the new rules would open up US IP to theft and espionage, so it is unlikely that companies would agree. This would limit markets and hamstring products that would be available to Chinese businesses. The letter called it “an overly broad, opaque, discriminatory approach to cybersecurity policy.”

The rules for now as proposed would apply to the Chinese banking sector, but the letter pointed out concern that they could be expanded to other verticals.

The US tech sector and China have never had good relations, and it has worsened of late. The news comes as Apple, Microsoft and others were recently called upon to revoke trust for China’s certificate authority CNNIC, after claiming that the authorities were responsible for a major Man in the Middle (MITM) attack on Outlook users earlier in the month. credits the attack on CNNIC’s ruling body, the Cyberspace Administration of China – whose head, Lu Wei, reports directly into president Xi Jinping.

“This attack comes within a month of the complete blocking of Gmail (which is still entirely inaccessible). Because of the similarity between this attack and recent MITM attacks in China (on Google, Yahoo and Apple), we once again suspect that Lu Wei and the Cyberspace Administration of China have orchestrated this attack or have willingly allowed the attack to happen,” explained.

What’s hot on Infosecurity Magazine?