bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

paywallTypes

createdDate

publishedDate

sponsorType

urlAlias

moreOnThisArticles

commentCount

authorLocations

authors

corrections

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

articleSpeeches

socialHeadline

headline

images

flag

firstTopic

glossary

flattenTypeIds

image

relatedLinks

relatedNewsletters

__typename

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

Nectar Gan

China has issued a new regulation setting out wide-ranging police powers to inspect internet service providers and users, as the government tightens its grip on the country’s heavily restricted cyberspace.
Under the new rule, effective from November 1, central and local public security authorities can enter the premises of all companies and entities that provide internet services and look up and copy information considered relevant to cybersecurity.
The regulation was issued by the Ministry of Public Security last month and released on its website on Sunday. It comes more than a year after a controversial cybersecurity law was introduced that has caused widespread concern among foreign companies operating in China.
Despite its broad scope, the legislation gives few details about implementation, making it all the more difficult for companies trying to avoid its repercussions.
Foreigners in China WeChat group investigated after racial slurs, Nanking massacre references
Analysts said the new regulation sheds some light on how the law will be implemented.
“That’s obviously how Chinese laws go. First there is a big concept, then there is a sweeping law, and then implementing regulations will come in to flesh out the details,” said William Nee, a China expert with Amnesty International.
“What this regulation does is in one way … ensure that users aren’t going to become victims of hacking due to company negligence, but it’s also designed to more effectively implement China’s censorship directives and its surveillance state.”

Under the new regulation, police can enter the business sites, machine rooms and offices of internet service providers ranging from internet information providers and internet cafes to data centres.
Police can then require the managers to explain all items they inspect, to look up and copy all relevant information, and they can check how technical measures to safeguard network and information security are running.
Apart from on-site inspections, the police can now also conduct remote detection of any network security vulnerabilities in the companies, but they are required to give them advance notice and make sure it will not disrupt or damage the operations of their networks.
US should focus on China’s cybersecurity law, not its tech programme, says group representing Apple, Google and more
The regulation details what the police will be checking for, a list that includes: whether companies have kept a record of all user register information and their internet logs; if they have taken measures to prevent viruses and hacking; if they have taken precautionary measures against information that is banned from publication or transmission; and if they have provided technical support and assistance to the police in safeguarding national security, investigating terrorist activities or other crimes.
Police can also carry out special inspections during times of “major cybersecurity safeguard tasks”.

Wu Han, a partner at law firm King and Wood Mallesons in Beijing, said the regulation would add to concerns among foreign internet service businesses in China.
“For a business that has just entered a new country, knowing that the country’s police can carry out on-site inspections or remote surveillance on its cyber information – of course it is going to be concerned,” he said.
But Wu added there was not much new in the regulation. “The public security authorities have long conducted similar inspections on cybersecurity, and they have long had the authority to do so,” he said, citing a clause in the police law that says police have the duty to “supervise and manage security and protection work on computer information systems”.
He gave the example of China’s internet police commonly using remote detection to scan for security flaws during major international events.
This week, Nikkei Asian Review reported that the cybersecurity law had been a big challenge for Japanese companies since it came in. “There have been a number of cases where Japanese companies’ bases in Shanghai or Guangzhou have been raided by authorities,” Li Tianyi, vice-president of a Chinese unit of Internet Initiative Japan, told the newspaper.
How cybersecurity and data storage laws could pull the plug on Southeast Asia’s digital economy
Public security authorities are listed as one of the agencies responsible for safeguarding and supervising cybersecurity under the law. It also requires “network operators” to provide public security and state security authorities with technical support and assistance to protect national security, and for criminal investigations.
“But the cybersecurity law is ambiguous on whether such ‘support’ includes passing on user data to the authorities. So under the new regulation, there will be concerns regarding user data privacy,” Wu said. He added that although police can copy information related to cybersecurity during inspections, that does not mean they can take user data from a business site without a legitimate reason.
The regulation states that police officers and police internet security contractors cannot release any private or commercial data they collect to a third party.


Texas sues TP-Link, alleging Chinese government access to its devices

Xi’s new year message to military reveals PLA Cyberspace Force post in South China Sea

Hong Kong plans to revive privacy law requiring firms to report data breaches

South Korea’s Bithumb gives away over US$40 billion in a bit of a blunder

Cybersecurity

Chinese police get power to inspect internet service providers

The new rule comes more than a year after a controversial cybersecurity law was introduced in China. Photo: Shutterstock

***PAY PER USE. Please re-download from vendor website.*** CHENGDU, CHINA - JAN 28: An internet cafe in Chengdu china on Jan 28, 2011. China's online population rose to 457 million in 2010, 19% over the previous year, said the state-sanctioned CNNIC Photo: Shutterstock

William Nee, China Researcher of Amnesty International, poses for a picture in Wan Chai. 23OCT17 SCMP / Nora Tam

Chip hack a sign of Chinese cyberthreats to US, officials say

A map of China is seen through a magnifying glass on a computer screen showing binary digits. A report that malicious computer chips were inserted into servers by Chinese intelligence to hack into networks showed the risk of cyberespionage to US companies and the government, according to US lawmakers. Photo: Reuters

(181003) -- WASHINGTON, Oct. 3, 2018 (Xinhua) -- U.S. National Security Adviser John Bolton speaks at a press briefing at the White House in Washington D.C., the United States, on Oct. 3, 2018. John Bolton said here on Wednesday that the United States is withdrawing from the Optional Protocol to the Vienna Convention on dispute resolution. (Xinhua/Ting Shen)

All you need to know about Super Micro, the US computer firm allegedly compromised by Chinese spies

Screen grab of a company video from Supermicro, showing Charles Liang, co-founder, chief executive and chairman of the board. Source: YouTube

News

China

Politics

Tech

Authorities can enter premises of all companies and entities that provide internet services and look up and copy information relevant to cybersecurity


Chinese police get power to inspect internet service providers

.css-1c6uqr6{color:inherit;font-weight:inherit;font-size:inherit;font-family:inherit;line-height:inherit;overflow-wrap:break-word;}Authorities can enter premises of all companies and entities that provide internet services and look up and copy information relevant to cybersecurity

Authorities can enter premises of all companies and entities that provide internet services and look up and copy information relevant to cybersecurity