U.S. business lobbies have called for “urgent discussions” with the Chinese government over new cybersecurity regulations that would force technology vendors to Chinese banks to hand over secret source code and adopt Chinese encryption algorithms.
Cybersecurity has been a significant irritant in U.S.-China ties, with both sides trading accusations of abuses.
In a letter to China’s top cybersecurity policy group dated Jan. 28, the American Chamber of Commerce in China and 17 other U.S. business lobbies urged Beijing to postpone the implementation of the new policies.
They said the new rules would require “intrusive” security testing and the disclosure of sensitive intellectual property.
U.S. tech vendors such as Cisco and Microsoft Corp are facing increased pressure from Chinese authorities to accept rigorous security checks before their products may be purchased by China’s sprawling, state-run financial institutions.
Beijing has considered its reliance on foreign technology a national security weakness, particularly following former National Security Agency contractor Edward Snowden’s revelations that U.S. spy agencies planted code in American-made software to snoop on overseas targets.
In the letter addressed to the Central Leading Small Group for Cyberspace Affairs – led personally by Chinese President Xi Jinping – the American business groups warned that an “overly broad, opaque, discriminatory approach to cybersecurity policy” would harm China’s economic growth.
“The domestic purchasing and related requirements proposed recently for China’s banking sector … would unnecessarily restrict the ability of Chinese entities to source the most reliable and secure technologies, which are developed in the global supply chain,” the letter said.
The cyberspace policy group approved a 22-page document in late 2014 that contained the heightened procurement rules for tech vendors, The New York Times reported on Thursday.
Source code – the usually tightly guarded commands that create programs – for most computing and networking equipment would have to be turned over to officials, according to the new regulations.
Firms planning to sell computer equipment to Chinese banks would have to set up research and development centers in the country, get permits for workers servicing technology equipment and build “ports” which enable Chinese officials to manage and monitor data processed by their hardware.