It's going to be entertaining to watch my Fortune 250 figure out how to work with this.
We make big, expensive, technical things that have a lot of very-closely-held software on them. One current, big, internal effort is to encrypt the code on the controller, so that people can't dump it, or at least not modify it. What's going to happen when the Chinese government demands to escrow the signing keys for any product sold in their country? I fully expect that they will be handed over. That's pretty much a given. But what if they go further and demand to escrow the source code? That would get really interesting, really fast, for many reasons.
Also, how will they continue to block Skype chat history in the US, based on dodgy interpretations of SOX and related laws, yet allow the Chinese government full access to all the logs? What happens when the CEO chats in China, or someone chats at him from China? I suppose it will be Microsoft to the rescue here, with a giant tick-box in the Skype FOR BUSINESS admin panel for "segregate retention policy based on CHINA," which is precisely the sort of thing that continues to make them the big bucks. All of these hosted infrastructure pieces, like Office365 and GSuite, are going to need huge exceptions built into them. (Maybe they already do, and I'm just ignorant.)
> One current, big, internal effort is to encrypt the code on the controller, so that people can't dump it, or at least not modify it.
Do you think you can do it? This is what the industry has abandoned more than a decade ago. DRM keys from efuses leak, credit card protected flash getting copied, "physically uncopyable" security elements have few POCs against them shown
No, I don't believe we have any special insight here. I expect any effort will eventually be circumvented, as all such things are. I mean, if Yahoo! can't protect their user database, and Apple can't categorically guard against iPhone cracks, who do we think we are? But I also must admit, with a heavy heart, that we must undertake the effort, in order to ameliorate our legal vulnerability against what a customer might do with a modified product.
You sound knowledgable about this field. Do you have any links to further reading on this?
> But I also must admit, with a heavy heart, that we must undertake the effort, in order to ameliorate our legal vulnerability against what a customer might do with a modified product.
Wait, wait? Is there actually precedence for this? Sure seems obvious to me that once the product has been modified by someone other than the manufacturer, it's no longer the same product. If the NOS in my car explodes when I'm racing Vin Diesel, I can't think a judge would hold Ford liable.
I've asked a well-placed internal person that very question, myself. I think it's clear that once you break the thing, you get to keep both pieces, no questions asked. But internal senior management groupthink is that there's enough weakness against such litigation that we're willing to further burden an already-straining engineering design & build process with this new requirement. Make of that what you will. I have not studied actual case law on the topic, because no one cares to hear a contrary opinion on this. Maybe that would be a good question to put to the CEO at one of the "town halls" he's so fond of holding...
The case law on that topic is against it, for what it's worth, but hard to find because it's such a silly argument no one really tries it. They probably think what they do as an excuse to implement DRM and maintain some control over their platform.
If you look at gun mods you might get somewhere. These do actually fail in ways that harm people as they're made to contain explosions. Has the user of a modified device ever been able to sue? No.
For all software the government itself uses, yes, but the article is detailing a law in China that gives them the ability to just take ALL data (and source code) unilaterally if it exists anywhere within the border.
So China is publicly announcing that it's deploying what the Five Eyes have deployed in democratic countries under the cover of darkness across the world (while lying to their citizens, who have a constitutional right to know)?
IllogicalLogic, these discussions have more value when we focus on the topic at hand, not devolve into whataboutism. Your comparison is both a mischaracterization and off-topic.
Not whataboutism, if the case can be made that 350 million people need protection then the case can more easily be made for 1.3 billion people.
Wikileaks also showed us that US agencies were engaged in industrial espionage, stealing German/French industrial technology using the Five Eyes tools and giving it to GE & friends ...
The problem is, my more "reality-based" framing destroys the "China is uniquely evil" narrative that western media/gov is pushing everywhere for primarily economic reasons.
We should simply persecute anyone finds issues with this software to the full extent of the law. A culture of fear around security research is the most effective culture.
Why? What's "good" about it? What if you don't want to? Should you be forced to, just because a government chose your software? On what grounds? Are there any bad things that could come out of this, aside from the obvious use of coercion and infringements of individual rights?
You just used the word "should". That implies the philosophical concept of morality. What makes you think that you're more qualified to set the rules above any individual they might affect? Let him who is without sin cast the first stone.
I don't see how any sizable foreign company could operate in China under rules like this. All sufficiently large companies are privy to certain trade secrets of partners, vendors, clients through agreements, technology, information sharing, etc, and will have legal arrangements in place for it. If the government gets carte blanche access to their data, no company could operate without violating those agreements.
I have been involved in companies that operate internationally and within China. What you can do is to have isolation modes. Separate email servers or providers for people who are going to be accessing emails from China. Mirror only the documents etcetera that will need to be accessed from China.
It's almost as if you have a spin off company that can request very limited access of information from the main one.
It's a bit more expensive but definitely worth it.
The politics and the motivations to do business with China is another issue.
However if somebody has to do business there, the point is that there are ways to minimize the damages to your company, partners or customers outside of the wall.
I get what you're saying, but the point is that no foreign company "has" to do business there. Companies are trying to walk the tightrope but they need to decide if complete capitulation is worth it.
Actually, they do. Considering how large China is and how powerful their economy is now, ignoring them will mean you are less competitive than the companies who don't. Even if you're a well meaning company, a competitor who doesn't mind China's policies will go there, make a lot more money than you, and buy you out.
The best way forward as a business that must operate in China to stay competitive is to hire lots of Chinese employees and send them to the company's "Western" country of origin in hopes that they'll learn our preference for freedom of expression and privacy and take it back home with them.
This is actually false and the type of dangerous logic that has brought us to where we are today. You are arguing the same tired logic that have been lost on most globalists today (whether out of ignorance or not):
1. Not entering the Chinese market during this time of growth is a lost opportunity.
2. Chinese citizens working and living in a free country will import these values back home (false)
#1 may be true in the short-term, if you are okay with selling out your users and giving up your IP but in the long term, you are essentially investing in the rise of a totalitarian state, which does not care about fairness and individual rights and freedoms. In the long term, investing in China today is effectively chipping away at democracy for our descendants.
#2 is false because it is derived from a western frame of thought. For the majority of Chinese citizens coming to the US to study or work, they do not care about knowledge, enlightenment, or the freedoms that the western civilization values so much. They are here for the thing that their society values most - $$$. Do not think for once that the Chinese care at all about western "freedoms".
> 2. Chinese citizens working and living in a free country will import these values back home (false)
> For the majority of Chinese citizens coming to the US to study or work, they do not care about knowledge, enlightenment, or the freedoms that the western civilization values so much. They are here for the thing that their society values most - $$$. Do not think for once that the Chinese care at all about western "freedoms".
The problem is that they've been deliberately kept ignorant about western freedoms (and fed a fair amount of propaganda to counter them), and that the West hasn't been trying hard enough to impart understanding and spread them. The false part of #2 is that merely working or living in a place does not lead to fast assimilation of its values.
When Chinese people actually learn about liberal values, they want them and fight for them:
I think you misunderstand my intent. My advice is not for governments or individuals, but rather corporations who are invested in their own survival. I don't think it's wise to disagree that a missed market opportunity can spell the end for a corporation. And in the wording I chose I am careful to limit my advice to "a business that must operate in China to stay competitive." I do not think you were careful enough to notice this, but hey I can see that your kneejerk reaction accidentally echoed my own opinion on what my country (the US) should be doing about China.
I mean, in the same breath of my aforementioned advice I could have added that "by the way, don't over-invest in China because the inevitable embargo of Chinese trade in the West might destroy your company."
But it's not dangerous to recommend that a business operate as a business. What is dangerous is to not have our governments intervene and to hogtie our politicians from making difficult choices when it comes to trade principles. For example, the US should have long ago forced China to recognize its patent laws. Additionally, China's human rights violations should be tried in international court regardless of its power and size (interestingly enough, so should the US's human rights violations.) I think it's all too obvious that the time has come for China to back down on its authoritarianism.
And that's what I vote for and that's what I support. But I don't think it's unreasonable to recommend a corporation act like a corporation. You seem smart enough to know this.
How are you sure of #2? Quite a few of my University classmates and colleagues who came from China have had their mindsets reasonably affected by what they have seen and what conversations they had. I agree that my reasoning is anecdotal; can you provide references for your argument?
This reasoning is anecdotal, but coincidentally it's my experience as well. Most of my Chinese friends have expressed the same change of mind as yours. If any of them are supporters of their government they've certainly kept it to themselves. As for everyone else, they're all frightened to return home.
This is actually false and the type of dangerous logic that has brought us to where we are today
#1 may be true in the short-term, if you are okay with selling out your users and giving up your IP but in the long term, you are essentially investing in the rise of a totalitarian state, which does not care about fairness and individual rights and freedoms. In the long term, investing in China today is effectively chipping away at democracy for our descendants
What does that have to do with the point that he brought up? Of course democracy is in peril - we're all climbing a local short-term maximum only to find that it will lead us all into a global long-term minimum. But what he said isn't false. It's true. Democracy will be in peril whether it's your company that sells out to China or whether its a competitor that sells out and then out-profits you, out-competes you, and then buys you out. Its an efficient market and not going to China will lead you to the local minimum.
What we need is firm government action on the part of the US, the EU, and Japan. We need to stop feeding this monstrosity that we've nourishing in Beijing and it isn't private industry that can do it.
I suggest a unified front against China in the form of tariffs and trade barriers. I believe it was a strategic blunder admitting China into the WTO. What is the historical precedent here?
Historical precedent: the Ming dynasty turned inwards and built the great wall of China. Just a few centuries later China was now a bit behind the west and was defeated in the opium wars.
> The Ming dynasty turned inwards and built the great wall of China. Just a few centuries later China was now a bit behind the west and was defeated in the opium wars.
Their problem wasn't that they built a wall, but rather they stopped looking past it because of beliefs in their own superiority.
The best way forward as a business that must operate in China to stay competitive is to hire lots of Chinese employees and send them to the company's "Western" country of origin in hopes that they'll learn our preference for freedom of expression and privacy and take it back home with them.
That's naive, totally not going to happen. I find many mainland Chinese people are proud of their country's political stance and return to the mainland proud of their allegiance to their country. From their perspective, I don't blame them. Foreigners and foreign nation states have not been good to China for what is literally called the Century of Humiliation in Chinese history. Hundred years of foreign states just trampling on China, dividing it up for themselves. They have a national PTSD regarding all of it.
So ANYTHING that resembles foreigners trying to influence China's future and meddle in China's affairs is met with a united anger. I know a lot of Chinese people who did masters degrees in the US. They are completely on the mainland government's side on every significant issue.
I've seen smart and successful mainlanders also be derisive of Chinese students who go overseas to study and then get "brainwashed" by foreign education systems.
I think the above link shows some really good examples that many mainlanders do not want to consider alternative views. They are firm in what their truth is, just as westerners are firm in what their truth is. It takes a very open and dispassionate mind to be able to understand both sides and figure out why the issues are so complicated. Unfortunately, I do not see many examples of such open minds on any particular side in this debate.
>That's naive, totally not going to happen. I find many mainland Chinese people are proud of their country's political stance and return to the mainland proud of their allegiance to their country.
Coincidentally, the opposite of my experience.
For the record, I think you've expanded my recommendation far beyond its scope. I don't think corporations are going to solve the problem in China no matter what they try. But this is my recommendation for how corporations "that must operate in China to stay competitive" should behave. It's limited to a certain audience and it's for their sole benefit.
I most certainly think China needs to be dealt with through international measures. But I also disagree that mainlanders are as willing to support China's government as you think. And like you, that's from my own personal experience. Take it as you will.
> Even if you're a well meaning company, a competitor who doesn't mind China's policies will go there, make a lot more money than you, and buy you out.
China is not turning out to be a land of milk and honey for western corporations. The best business decision for a Western business with regard to China may be to give up on it, because the PRC wants your local competitor to succeed, not you.
> The shift signals a possible end of an era. For years, it was customary for Western executives to tout their plans for dominating China—a market they felt they had to win as markets elsewhere matured. But foreign consumer brands now hold a smaller market share in the categories tracked by McKinsey & Co. than at any time since the global financial crisis, according to a Wall Street Journal analysis of research from the U.S. consulting firm, incorporating data from Euromonitor and IHS Markit. Market share losses were particularly evident in categories such as pet food, passenger cars, videogames, smartphones and appliances.
> ...
> Some Western companies, including Carrefour SA, Amazon Inc. and Uber Technologies Inc., have decided China is too complex or costly to win for some of their major businesses, and have closed or sold them off after facing powerful local rivals who were able to largely control the market. Ford Motor Co. , Apple Inc. and others remain committed, but are struggling to meet expectations. Amazon said it continues to serve Chinese consumers through its cross-border e-commerce business and remains committed to China. Uber didn’t respond to requests to comment. Ford didn’t comment. Carrefour provided no further comment beyond its press release detailing the transaction.
> China is not turning out to be a land of milk and honey for western corporations. The best business decision for a Western business with regard to China may be to give up on it, because the PRC wants your local competitor to succeed, not you.
Agreed. Which is why my advice is limited to companies who will lose to competitors if they fail to compete in Chinese markets. Any company seeking to strike out in China without a local competitor will fail because of the reasons mentioned in the article. That said, any western company trying to compete with Chinese companies will also fail.
Those recommendations also apply to human rights advocacy groups operating in China... not all economic activity in China is related to those evil atrocities and very little actively contributes to making the situation worse.
OP seemed to suggest that business should be conducted with ethical entities. My point was that the U.S. itself is not so and thus his point being null.
I think it is a matter of degree. There is a certain degree of shadiness that is acceptable (most of the world) and certain that should not be acceptable (China, saudi Arabia, etc). There is no moral equivalence between the US and China.
In terms of foreign policy, you're right, but not in the way you think. American foreign policy has been 100x as evil as Chinese foreign policy for a long time. The US government invaded Iraq based on a lie, causing the deaths of hundreds of thousands of people. That's just one of many truly evil things the US government has done abroad recently.
I understand what you're saying, though it's still whataboutism that tries to compare apples to pears. The USA essentially still cares about your privacy and individual rights. China doesn't. In the USA, where there are infractions on privacy (and sadly there are some), it can be openly criticised, discussed and possibly changed democratically. In China that's simply not the case.
This would be more convincing if Snowden has never spoken up. But my assumption nowadays is that the US government (and many others) are looking at essentially anyone of interest to them. We're living in a golden era of surveillance. It's never been so cheap to surveil so many people.
True that, but... You can do it too! :D I'm sure most people in here are acquainted with the graph database. Or with just about any tool to scrape the net for info. I'm just surprised more people aren't doing it. After all, it's a great way to keep tabs on your local politicians, investors and your neighbour's cat. Come on guys, let's party like it's DDR!
Are you trying to justify China putting a million Uighur people in concentration camps and the suppression of Hong Kong with the argument that other people have done it in the past?
No I am not. OP suggested that no one should deal with China because it is "evil". I'm saying the U.S. is also evil. I am not saying they're equally evil but still. Business is business.
Compare that with American documentaries about American atrocities.
Sure, people are mean and cruel. Under totalitarianism, they are also mean and cruel, they even get forced to be, but there's a whole lot more going on. Just like murder and compassion are not the same just because they both contain "non-zero amounts of suffering", and both end with the heat death of the universe.
> Many young people, it is true, do not seem to value freedom. But some of us still believe that, without freedom, human beings cannot become fully human and that freedom is therefore supremely valuable. Perhaps the forces that now menace freedom are too strong to be resisted for very long. It is still our duty to do whatever we can to resist them.
Physical suffering and murder are older than history. Even animals can be dicks to each other, on a much smaller scale of course. But the industrial mass extermination of people, as well as the totalitarian attempt to control reality by rewriting history, the bid to control the whole planet, that is new.
> We don't know a perfected totalitarian power structure, because it would require the control of the whole planet. But we know enough about the the still preliminary experiments of total organization to realize that the very well possible perfection of this apparatus would get rid of human agency in the sense as we know it. To act would turn out to be superfluous for people living together, when all people have become an example of their species, when all doing has become an acceleration of the movement mechanism of history or nature following a set pattern, and all deeds have become the execution of death sentences which history and nature have given anyway.
-- Hannah Arendt
Even though very few people seem to grok it, this is another category. This is about more than "just" millions of people murdered or in prison.
> The frightening coincidence of the modern population explosion with the discovery of technical devices that, through automation, will make large sections of the population 'superfluous' even in terms of labor, and that, through nuclear energy, make it possible to deal with this twofold threat by the use of instruments beside which Hitler's gassing installations look like an evil child's fumbling toys, should be enough to make us tremble.
-- Hannah Arendt
So saying "the US is evil" is about as useful as saying "China is evil". What matters is what deeds are evil, what thoughts are idiotic, what roads lead to hell -- and the responsibility of individuals to both judge these things and act and organize according to their judgements. Insofar our governments and the companies they enable are corrupt and evil, with us basically paying for both, one way or another, it's up to us to rectify that.
They can't. That's the reason why they have been leaving in droves, but it's very hush hush so far. A lot of microelectronics assembly has already moved out of the country. Samsung and Sony, for example, are closing all of their smartphone manufacturing operations in China.
Most foreign companies that chose to manufacture in China didn't make that decision to acquire access to the local market. Even if that turned out to be lagniappe. They chose it for cheap manufacturing and export.
Even among first tier brands, a lot of products/designs/parts come completely externally sourced.
Flagship, image making products like Apple Iphones are made with some level of in-house involvement, but even they were cookie cutter products based on Samsung reference design up until 3gs.
I myself once worked for a company doing sourcing for a company that did sourcing for Amazon when they were just started venturing into hardware with Kindel. Any such project is at least 50% external input, otherwise they simply don't have an ability to pull it out for the lack of hands on industry expertise.
> Find me the American that doesn't have a Chinese-made TV, a Chinese-made phone, a Chinese-made laptop...
American living in Europe here, and while I realize this is a bit of a curveball I'd like to point out that it is not difficult to avoid Chinese made products. My TV is a Samsung made in Hungary, my phone made in Taiwan (I do have an old Thinkpad made in China though).
I try to avoid Chinese made products. Not because of any nationalism, but because better quality alternatives exist at nearly the same price point.
For example I have a German made fridge and it's exceptional. It is difficult to get excited about a fridge but when I disassemble the shelves and bins to clean it I notice carefully finished edges beneath cosmetic covers that most customers would never see. The plastic parts haven't gone brittle and do not crack or chip. The glass shelves are thick and heavy and tempered. There are thoughtful touches that come from superior engineering and quality raw materials. It only cost a tiny bit more than similar Chinese models and I expect it will outlast them while retaining all of its original functionality.
As an American living in America, I find it fascinating that one of the few things I agree with Trump supporters in my area about is that we should avoid Chinese goods as much as possible.
Now it's for two different reasons - theirs is because of nationalism, mine is because of build quality.
But as an example, Pony woodworking clamps used to be made in Chicago, they shut down manufacturing 15 or so years ago, and recently started remaking clamps. Remaking them in China at the world's largest clamp manufacturer. The quality is not comparable. The older, Chicago made clamps, some of mine are from the 70's, are still good to use every day. I bought a handful of the new clamps to try them out, and the finish just isn't there. They're just shoddy compared to the older versions. I certainly don't see them lasting 40-50 years with constant use.
Samsung and Sony exports massively from their Chinese plants.
Also, the smartphone market in China is shrinking. That's the reason for the current scramble for marketshare outside China. The market has reached saturation and the major Chinese brands are growing only at the expense of the smaller ones disappearing.
Many of them can't just extricate themselves from the Chinese market before these changes hit. They will take huge losses if they disrupt communications or restrict access to trade secrets.
My guess is that many will try to ignore that law and just assume that the government isn't looking or that it is bound by local law not to give trade secrets to competitors and so on. Of course that's not worth a lot, but ...
If I was an employee or customer of a US/EU company that has a large percentage of (e.g., engineering) staff based in China, I'd be seriously concerned at this point. Large multinationals may be able to avoid/mitigate the restrictions somehow. But smaller companies that depend on a Chinese branch would surely try to "fly under the radar" and stick it out in the hopes of the law not being applied to the fullest extent.
From the sound of it, such small companies would not even know if the law was being applied or not. If the government needs the information, it will take it. It will not be necessary to ask permission, or even inform the affected company that such access took place.
There is one simple, proven tactic China could use to both have their law and still keep giant foreigner companies. App stores have been known to give api special access, and collect smaller fees from big apps. A VIP status, or exemption list will make such companies stay until China kicks em out.
The solution is to stop operating in a culture of secrecy, lying and back-stabbing as so many US companies seem to be obsessed with. Open source your code and designs and start selling services. It's sad that it takes a threat like this to prove that the system we have in place doesn't work and is prone to corruption.
The fundamental issue is that people have a right to privacy and information. Open sourcing the code and designs is cool, but what about personal customer information? Why should the Chinese government have that? The contents of the services, if you will. That's the scariest part.
The parent comment I was replying to was talking about trade secrets, not customer information. But on that topic, the US has its own data-gathering operation which presumably is already collecting the same information. There is an opportunity here for someone to step up and speak against this practice.
Blaming "people in general" is exactly the kind of cop-out that leads these governments to dig their heels in on these overreaching policies. We can do better.
The most prominent company doing this model now is Automattic. Most other SaaS companies run tons of open source... EXCEPT for the core product. I would like to stop this trend; self-hosting is not a problem but instead an opportunity to upsell. It's true though that YC founders in general do not seem to believe this and would rather build the same moat that everyone else is building. Even if it creates practical problems when going over to different markets, as seen in the article.
To the best of my knowledge, Automattic followed the success of the Wordpress open source project. It's an attempt to monetize an existing open source platform. The same goes for Docker, Elastic and others. The open source platform came first, then came the services.
Broadly speaking, I don't know why software is singled out in its economics. Creating software takes time of people. Time costs money, and much more of that when it comes to highly skilled engineers. The fact software has virtually no replication costs does not change the fact that its engineering is as expensive if not more so than engineering of other goods.
The open source project coming first and getting popular is the equivalent of finding product-market fit. I'm not singling this out, it's a potential alternate source of credit that can be combined with traditional investments although it doesn't have to be.
It's easy to sell external hosting when the product is a security nightmare, difficult to configure, and extremely resource intensive in its default state.
(As an unrelated aside, given the number of people on HN that mistakenly think GitLab is open source, I'd say that "open core" as a marketing tactic has a real chance of becoming widespread in the future.)
Why would we sell services? Maybe we only want to sell product and let partners implement?
What the fuck are you actually talking about anyway? I'm a FOSS guy too but there's no way we should force it on everyone. If I want to write some code and not make the source available, why should you be able to dictate otherwise?
There's probably thousands of edge cases to your over simplistic thinking.
If such policies are truly enforced, there seems to be little to stop China from stealing absolutely all the technical know-how of a foreign company installed there and supplant it with one of their own later on.
It really feels like they're pushing how much companies are willing to bear to get access to China's market and manufacturing capabilities to the limit.
And why would they not? The west for a very long time favoured the CEOs and share holders over general population when it comes to globalisation. China exploits that as much as they can.
It is quite amazing that you cannot voice anything on HN anymore without being downvoted, regardless if you literary quoting wikipedia or basic economics.
I am aware that China has had no qualms to rig the game in its favor so far.
Those measures would take it up on a whole new level though. I'm just not sure how many companies will be willing to abide by having almost all the data from their operations in China available to the government, unless they don't have other viable options, even though these might be a lot more expensive.
I’m not sure I agree that the “west” is a monolithic bloc re: the general population vs shareholders/CEOs. Especially not in the current wave of popularism.
Also, from the HN guidelines - “ Please don't comment about the voting on comments. It never does any good, and it makes boring reading.” (And I definitely agree when it is some anecdote like this)
The west is pretty much a monolithic bloc when it comes to foreign policy towards China, Middle-East & Africa. A great example of that is the current events in Syria.
You can also have a look at UN resolutions and try to see a pattern.
The irony here is that by advertising the fact that they have a massive amount of raw, unencrypted data, they're making themselves the biggest hacker target in the world.
I really hope this backfires on them so the rest of the world will be hesitant to follow their example.
Except even if there is a massive breach no one will know about it because it's not like the Chinese government is going to openly admit to it. Losing face and all.
China is clearly hostile and I think this a wrong strategy to do business with them.
If anything was ever close to the Big Brother society described in 1984 this is it.
I read the follow-up blog post with details[1] as well as the actual Chinese regulation text[2]. The blog post seems to omit a lot of details and some claims are dubious.
I don’t have time to translate everything, but here’s an example quote from the blog post:
> The inspectors can fully access the system and they are permitted to copy any data they find. See Article 15.
Whereas Article 15 reads (even if you can’t read Chinese, Google Translate will probably do a reasonable job)
> ... look up and/or copy information on matters related to the audit and inspection of Internet security. ...
So this is quite vague (not really surprising for any regulation), but at face value the law doesn’t seem to say “fully access” or “any data”. Does this cover any data that has nothing to do with security? Ostensibly not. Realistically I’m not sure. Either way, citing the law with an exaggerated translation doesn’t promote confidence in the blog post.
Edit: to be absolutely clear, I was only commenting on the part of the blog post with explicit citations. Most of the blog post speculates on intent and actual scope, but since those are speculative and don’t deal with the text of the law directly, the author is of course entitled to his own interpretations.
Okay, to be fair to the blog post, I overlooked this later in the article:
> Though Article 10 “restricts” access to matters involving national security, the definition of national security in China is so broad that there is no real limitation on what can be accessed, copied and removed.
Don't make the same mistake as others and get caught up in fine print and small details with China. This type of thinking is exclusive to the West. Chinese "law" is just a formality so you really need to just understand what their desire is as they will go to any lengths to achieve it. The fact that they even published text here shows that they have doubled-down on ensuring that you know that you play by their rules.
Article 15 seems specific to pen testing at least thats what I think they mean by "public security organs"
> Article 13 Public security organs conducting Internet security supervision and inspection may conduct on-site supervision and inspection or remote inspection.
That sounds to me like it's authorizing them to remotely "access" the computers and networks, and failing that they can perform an on-site inspection. So yeah pentests, not necessarily with the corporation's knowledge...
Article 16 says subjects must be notified of remote inspections, including the time and scope; or said inspections must be published ahead of time. Remote inspections must not disrupt normal functioning of the subject’s systems.
Again, I’m only talking about the written text of the law.
No more trade secrets, so companies like ASML that have a physical presence with their know-how in China are now also legally screwed? Any of their chip making device can now be legally reverse-engineered, starting January 1st? Any produced wafer, chip design, IC, whatever is currently in China, can now legally be taken from your company and used by your competitors? Sounds like a good time to move out of China, as otherwise you will have government-backed competitors with your tech in 1-2 years.
But lets do a thought experiment with it! Like an episode of Black Mirror. Imagine being an upper-class engineer in China in 10 years. You're sipping your morning coffee and checking your emails. Every day you get an email with all the trade-secrets collected across China the night before; curated and tailored just for you. Kinda like Recorded Future but instead of passively analyzing the internet these secrets were beamed straight from the source.
Their technology could advance rapidly as a result of this.
Question. Part of western awareness towards, paranoia, fear, and wherewithal to stand against certain government behaviors and the totalitarian state is obviously awoken from and influenced by fiction, including 1984, Brave New World, Fahrenheit 451, It Cant Happen Here, The Handmaid's Tale, A Clockwork Orange, Philip K. Dick, even We. This shared and collective "memory" of fables, many of which people havent even read but still discuss as if they had, give all a certain a framework, grammar, and shared understanding for talking about the future, and thusly what consequences may come from allowing said future to unfold unabated.
Does eastern fiction not have this foundation of fictional dystopia from 50-100 years ago woven into societies consciousness? Are people more accepting of certain encroachments towards that type of future, because their legend and myth dont as often scream about potential slippery slopes and repercussions? Is it a fictional fear instilled in our cultural fabric that makes us so averse to what maybe isnt and wont ever be as bad as our stories tell us it will be?
Has to stem from the rise of the individual. My sense is that in the east, the collective takes precedent. Individual liberty is not sacred in that world, so freedom isn’t either.
I lived in HK up until about 8th grade and I don't think there were similar readings there to 1984 in Chinese. I imagine in upper grades, 1984 itself and a few others may be English class reading, but certainly nothing similar in Chinese novels at least in school, or novels that were famous. Growing up, most famous Chinese novels were around the themes of ancient martial arts fictions (e.g. Jin Yong's series). You may find tangents on the topic of authoritarianism/dictatorships here and there, but not a whole book like 1984.
No, 1984 or Animal Farm is not really fiction. It is the personal experience of Orwell when traveling to Spain as anarchist to participate in the civil war and fighting against communism.
The communist faction in Catalunia received orders from Stalin and for anarchist they were even a bigger enemy than Franco .
In fact, the communist ordered the murder of Orwell, along lots of other people. Orwell saved the life because at the time he was nobody important. Orwell was warned and he ran away of the country.
Novels like War and Peace, they are powerful because they are written in times of war.
People like Albert Einstein, watch Genius in Amazon Prime...or "the life of others" they experienced real dystopia.
It is not fictional dystopia. It is reality dystopia.
It is only that their children that are raised in peace have never experience it, and tend to repeat it.
Most wars tend to follow a cycle of 80 years. When there is no people alive that remember the war, they tend to repeat it.
It's rare to see introspective questions around here. The fear is not all fictional, but the fictional part, the fear of the totalitarian Other, is definitely helpful in justifying the establishment status quo and maintaining consensus. The excesses in the status quo are instead projected onto the Other, disavowed.
The other part of the fear is just what is called ideology, the lens through which the world is understood. In this case the western ideology is universalism, the philosophy that certain ideas are to be applied universally and infinitely. The works you list here are really examples of how universalism (utopianism, technologism, capitalism, totalitarianism) as a historical process necessarily develops into its own failure, in a Hegelian sense. I don't see univeralism as predominant as particularism in eastern fiction or even philosophy. The "eastern" particularism means that no idea is to be blindly applied to the end, no law is absolute, and no principle is sacred if it doesn't "work" in practice. The Hegelian process shall be halted if it is going to evolve into dystopia. This is why there is no such fear in eastern fiction.
Thank you. I have no idea how accurate or complete this answer is but I like it and the idea of a duty towards particularism acting as a protective layer against encroachment of authority, instead of fear tactics concerning universalism. Sort of "rule of thumb vs a moral" way of looking at shaping the world.
> Is it a fictional fear instilled in our cultural fabric that makes us so averse to what maybe isnt and wont ever be as bad as our stories tell us it will be?
Was real life in China not this bad during the cultural revolution?
When I say fiction (narrative not based strictly on history or fact) I dont necessarily mean false.
Without storytelling, how do we pass along our experiences? Fiction is often a way to take real things and wrap them up in intrigue to make them more compelling, or more viral. Fiction is often a combination of experiences and dreams, taking a totally real experience and just tweaking one axiom or premise.
I think our stories often have a level of competence and efficiency that is lacking in reality. What we accept as systematic and powerful is actually a hodge podge of attempts and accidents. We are pattern matching machines in search of explanation and relationships within randomness. I dont disagree that that part you quoted is a loaded question. All I meant by it is that our imaginations can be more powerful than our experiences, or at least amplify them. Maybe the opposite is true, in that our atrocities are unimaginable until we see them occur.
> Does eastern fiction not have this foundation of fictional dystopia from 50-100 years ago woven into societies consciousness?
No.
One Internet personality in China, who is a contrarian thinker and regarded as one of the best expert on information security, once said (after a murder case became national news),
> If you believe the opinions expressed in A Clockwork Orange, Minority Reports, or such, are crucial and something we must defend. Then, under this framework of civilization, regardless of what countermeasures we take, the severity of violent crimes will not reduce to something we are willing to live with. We must accept it, and believe it's the necessary cost of civilization.
> This is why I always think, the only solution we can expect is "Skynet Rising".
I think his take is representative to a large group of people. It can be dangerous.
Also, I see some people have no problems with Clockwork Orange style psychological torture on criminals. If the technology exists, they will welcome its adoption.
As I commented on a previous HN submission, Universal Declaration of Human Rights,
> Recognized "universal" values only came to existence by pure coincidence. The beliefs that the system of representative democracy is just, universal and progressive is only an illusion created by a short period of technological and economic boom. Just like the lack of consciousness in the biosphere, the norm of the human history is empires and authoritarianism, returning back to that state is entirely possible if people stop to believe.
Also,
> Part of western awareness towards, paranoia, fear, and wherewithal to stand against certain government behaviors and the totalitarian state is obviously awoken from and influenced by fiction,
These fictions can only be written in a world when elements of a modern nation prevails, in the west, it's already roughly 100 years after the industry revolution, and we had things like the BBC World Service, a systematic bureaucratic system of state control, and maybe capitalism. These dystopian Western fictions, such as 1984 or Brave New World, are largely a product of a modern world. Others, such as Philip K. Dick's works, are written in a transitional period from modern to a postmodern world.
But in the east, 50-100 years ago, it's still an age of monarchy and colonialism. And in the early 1970s, many people in China just got their first TV, there is no way that Do Androids Dream of Electric Sheep? makes sense.
> what maybe isn't and wont ever be as bad as our stories tell us it will be?
In my opinion, later cyberpunk works in the 1970s is somewhat a counterpart to the classical dystopian works, it describes a postmodern world, not modern world.
My favorite is Ghost in the Shell (original work & TV animation), it's a world of post-WW3 genocide, a world of universal surveillance, a world where the government can hijack your brain and body - many warnings in those classical works came true, but in less brutal forms, and somehow life still goes on, thanks to the domination of mass media entertainment and digital technology, and can even be better for some people in limited cases.
Its author Masamune Shirow said,
> Science fiction can't always describe the burnout world at the end of the century. The future is better to be bright.
I mean, you should read Rainbows End (basically predicted this 15 years ago), this was going to happen, it's probably going to happen to the rest of the world at some point.
Engineers are increasingly not going to be upper class in china. There's that whole 996 thing, and the term for software engineer literally translates to "code peasant".
Unlike farm workers, these peasants have a pedigree and experience, plus in the West at least, they will bring in something like 5x their salary in revenue, each.
Farm working peasants had pedigree and experience (hell, the term pedigree is openly used for domesticated animals, which peasants were treated like). And yes they would bring in multiples of their cost each.
Perhaps there is an upshot. If the Chinese government have complete access to all traffic in China, they will be unable to deny knowledge of hacking originating from their own IP blocks. By the same token you would expect that all unlawful traffic originating in China to cease.
As explained by Guo Qiquan, the chief cheerleader for the plan, the main goal of the new system is to provide “full coverage”. As explained by Guo, “It will cover every district, every ministry, every business and other institution, basically covering the whole society.
I don’t think all of my emails and files get automatically decrypted and processed through Palantir, but of course I’d like to know if I’m mistaken about that.
> "No communication from or to China will be exempted. There will be no secrets. No VPNs. No private or encrypted messages. No anonymous online accounts. No trade secrets. No confidential data."
I would guess the companies with subcontractors/branches in China has been assuming everything they submit there is no-longer a trade secret or secret at all.
It remind me of ancient Chinese saying "普天之下,莫非王土,率土之滨,莫非王臣", that means "all land belong to the king in the kingdom, all men are servants of the king in the kingdom"
It also reminds me of 天高皇帝遠 (the sky is tall and the emperor is far), which has a somewhat contrary meaning: as you get further from the capital, rules are looser.
this estimate is far too short even assuming a sequence of unprecedented negative events.
A more tangible catalyst would be a power vacuum after the current leader dies filled by a very poor candidate. Even then it took lousy Roman Emperors hundreds of years to squander the legacy of Rome.
Ancient Romans didn't have instantaneous access to information and global markets. The whole world economy could collapse basically overnight in the modern era.
Yes, and it's calculated to do that. Look at North Korea, literally torturing their people. Families and neighbors must turn each other in for infractions. They murder three generations of a family if someone dissents or escapes. The people are literally eating dirt. It's well established that surveillance alters people's behavior.
Their will is so broken and opportunities so few, they will not revolt.
The oppressed didn't revolt under Mao, why should they revolt now?
As an opinionated non-expert, I have to ask: isn’t “” This means intra-company VPN systems will no longer be authorized in China by anyone, including foreign companies. This in turn means all company email and data transfer will be required to use Chinese operated communication systems that are fully open to the China’s Cybersecurity Bureau. All data servers that make any use of Chinese based communications networks will also be required to be open to the Cybersecurity Bureau’s surveillance and monitoring system.”” really the Chinese government shooting itself in the foot?
This reminds when a decade or two ago Senators Hillary Clinton and Frits Hollings tried to pass Disney written SSCA legislation that would require every Internet device like smart TVs, computers, etc. to have backdoors so companies like Disney and the government could check for copyright material.
In either the Clinton bill or what the Chinese are doing there is a huge risk of third party getting access to encryption keys and other form of access. Large scale organized crime would love this as would bad behaving state actors.
> This system will apply to foreign owned companies in China on the same basis as to all Chinese persons, entities or individuals. No information contained on any server located within China will be exempted from this full coverage program. No communication from or to China will be exempted. There will be no secrets.
Can the author provide a source for this? I couldn't find any reference to it from the articles linked by this blog.
I'm not quite clear what "this change" is or means.
As far as I know, VPNs had been illegal in China before, so maybe this could be mainly a toughening of the laws, and it still depends on the government's discretion to actually use the data, or to crack down on VPNs?
In such regimes it can be a huge problem to find out what laws to take seriously and which ones not. And it often isn't as easy as taking all the laws seriously, because then nothing works either...
Not really, it'll still be hard for foreign agents to exfil mass amounts of data without being noticed and data can still be encrypted in flight/at rest w/ root keys shared with chinese intelligence via some escrow system like how enterprise certs work right now.
Also, does anyone know how to access the Chinese text version of the standards? (I have friends who grok Chinese well, can pass to them for reading over)
The link from the article goes to a translation service which just wants to charge money for translation to English, with no way to access the original documents. Searching online so far just turns up similar translation services, without the original docs.
Edit: To clarify, I doubt any of it is. Still, having seen some seemingly unlikely events coming to pass over the past few years, it's natural to be curious and think through the scenario.
I was in mainland China (Shanghai and surroundings) in september for two weeks and HN was not accessible, probably because of the Great FW. So I doubt any HN instance is hosted there.
"By giving the Chinese government and its cronies full access to its data, the U.S. or EU company may very well be deemed to have illegally exported technology to China and it could face millions of dollars in fines and even prison sentences for some of its officers and directors. There is an inherent conflict between foreign laws mandating a company not transfer its technology and China’s laws which effectively mandate that transfer.
Under China’s new cybersecurity system, there will be no place to hide."
Very good. Put the Cooks and Pichais in jail. Only this will make them rethink doing business in China.
Would be much better to reverse it. Anything given to China is also put in the public domain. Keeps things a bit more fair and makes people think twice about giving something up.
I wonder if there’s any relation between this and “Made in China 2025” [1]. Seems like it would be a lot easier if there are no more trade secrets from the government, and the government has representatives in various Chinese companies [2].
"But Chinese law now requires complete government access to those secrets if those secrets cross the Chinese border for any reason."
So if a routing burp just happens to send some data to China that was supposed to go from New York to London, then "Oops! So sorry. We read all of your company's plans. But that's OK, we kept a copy on that file share that your Chinese competitor has access to."
If you send all of your company’s plan unencrypted from New York to London, you have a much larger problem. Any intelligence agency worth their salt should be gobbling up as much as traffic as possible.
Wwith access to all your files they'll also have your (software, GPG, etc) signing keys.
So, it's not just a matter of being able to read from any system in your network. They'll be able to impersonate people (including with valid signatures), sign new software releases, and more.
Sounds especially useful when disappearing people first, so there's no "Hey, I didn't send that!".
The blog itself is a law blog, not a political blog, so I understand that it is just putting out a very focused bit of information. (Which I will believe when I see reputable news source coverage.)
But I'm amazed no one here has remarked or supposed that this is a reaction to tariffs. This is China playing hardball in a way that we can't react with tit-for-tat.
It would be interesting to know how this affects Taiwan.
If the CPP regards Taiwan as part of greater China then does that mean they believe they have a right to all information held in Taiwan including that owned by foreign companies?
Is it possible this causes a lot of competition in the US as some companies bring work and manufacturing back home? Or will they just move to another country?
"the Cybersecurity Law and related laws and regulations are very clear that they apply to all individuals and entities in China without regard to ownership or nationality. There are no exceptions. More important, the new Foreign Investment Law that goes into effect on January 1, 2020 eliminates any special status associated with being a WFOE or other foreign invested enterprise. Foreign owned companies will be treated in exactly the same way as Chinese owned companies"
If true? Talk about screwing your own pooch. With the milspec PoochBuster 9000.
I wonder if this will create a market for software that's inscrutable to anyone other than the creator, so it can't easily be adapted or modified. "Of course, here is my unencrypted source code. It's written in a homotopy type theory DSL I implemented in the C preprocessor, and completely verified with dependent types so any change will cause a type error. I haven't got around to implementing compile-time type checking, however, or error messages, so type errors will cause it to coredump at runtime."
If you were an executive and the only other choices were either giving away all your IP or leaving China and billions of dollars of revenue behind, you might think differently.
"But I've already invested and sacrificed so much money, time & effort on this deal, relationship, person, place..."
This thought causes victim of scams to mortgage their houses and send the money to scammers - even in the face of overwhelming evidence. Causes victim of abusive relationships to remain even when their lives are in danger. It's also what will keep western companies in China - even as China slowly strangles them to death.
All your data in China collected at will to be shared with all entities of the Chinese government and potentially any private company it owns feels more like a really fast and aggressive ramp-up than a slow strangulation to me.
I would be very surprised if Chinese leadership isn't extremely cognizant of the necessarily short term thinking forced upon corporations (quarterly/annual earnings progression) and politicians (re-election) in Western democracies, and putting a massive amount of strategic thinking into how to best exploit this without attracting too much attention. Neither the corporations or politicians are going to be particularly motivated to draw attention to it, and public concerns on individual issues like this are typically ineffectual, I think they will be able to get an absolute massive amount of mileage out of this weakness.
Honestly, I think the West's best defense is young otherwise powerless people on the internet making memes mocking the irresponsible behavior of people in power.
>Honestly, I think the West's best defense is young otherwise powerless people on the internet making memes mocking the irresponsible behavior of people in power.
I honestly am going to need you to explain why this is your thought.
I see no other defense that would plausibly be undertaken in the current culture of the West. There are many options of course, I just don't see any that maintain current levels of corporate profitability and re-election likelihood. What little commentary on the matter I see from those who hold power seems motivated by the chance for political gain, or corporate perception management.
I always hear this line of thought, maybe it's even true, but why is that?
Chinese top leaders generally are only in power for ten years. I don't see why they have more motivations than leaders in democratic states to think about the long term.
I expect two major components are demographics and a lack of partisanship. What I mean by demographics is that the Chinese political system is a very tall hierarchy. Representatives from each level vote for the one above it going all the way down to villagers voting for their village representative, and all the way up to the elected elite at the top of the hierarchy electing their representative - the president of China. And so because of this you end up with a generally more informed demographic at each level going up. This system means those at the top are not directly accountable to those at the bottom, but that lack of accountability also frees them up to pursue big picture goals.
Longterm goals and progress are quite separate from the everyday life of most people. China recently completed the largest radio telescope in the world. Next year they begin work on what will be the largest particle collider in the world. And then there are their rapid advances in space. In appealing to the lowest common denominator of demographics, these achievements are easy to tear apart. "Spending billions to grow potatoes on the moon while people are starving back here on Earth!? WTF!?" That's an illogical but common argument. It implies you should not achieve greater things until you solve the fundamental ails of society. Problem being it's likely impossible to solve those ails in complete -- certainly without any technological advancement. The argument is tantamount to suggesting a freeze on progress for the sake of progress.
And the partisanship issue goes practically without saying. Our founding fathers wrote extensively on the dangers of parties, but were unable to solve the issue. China solved the issue, but at great cost - there is only one party. But for now at least they seem to be avoiding the issues we're facing. As for how this applies to longterm progress, in 1972 Nixon remarked “This may be the last time in this century that men will walk on the Moon.” [1] A significant part of the reason he decided to strip NASA down was because of a feud he had with JFK. He lost to Kennedy in an extremely close and contentious election in 1960. Apparently even Kennedy's assassination was insufficient to put that feud to rest. One president wanting to destroy things associated with another's legacy, because of a political feud? As always, what's new is old. Hard to achieve much when in a few years the next guy's going to try to destroy everything associated with you because of a feud driven by our partisan nonsense. And then the voting masses just get dragged along between the feuds. And as our political leaders become ever more effective at this game, it seems to be causing a greater and greater fragmentation within society which means things like big picture progress are going to be ever less likely.
Totally agree. This problem fascinates me, but how do we inspire lawmakers to design policy for the long term without the equally problematic extending of term limits?
I think the reason we adopt this mindset is because we are ambivalent. First you feel you wanna go, then you regret it because you are nervous about the rental car, then you wanna go again, then you regret it because there's a lot of stuff at work you want to deal with, then you wanna go, then you get scared of skin cancer from the strong sun etc etc
Booking and cancelling and booking and cancelling and... It would be terrible to change your mind so often. So you decide to just go with the option you picked first even though it temporarily seems suboptimal.
It's suboptimal to continually change your mind so rapidly too, not just 'terrible' mentally, because the real world around you imposes significant penalties for doing so.
Switching flights and hotels on a moment's notice is expensive. Arbitrary days off work are difficult for most. For some travel you're looking at visas, rental cars, etc as stated.
There's a lot of inertia in the boring and stable path.
Yeah, historically cracking down on a particular ethnic group and putting them in camps for "re-education" has gone so well and totally never caused any issues...
These aren't even remotely equivalent and you know it. Western governments don't place minders inside Western companies; they don't take stakes in all companies to exert control; they don't have social scores that are contingent upon your speech about the government; they don't ban encrypted communications; they don't have great firewalls; they can't easily detain you arbitrarily; they don't strip control of IP and transfer it to local competitors; there is a much higher degree of rule of law...
Just because the US et al aren't perfect (and they certainly aren't) doesn't mean the behavior in China is equivalent to what is going on in the west.
Western political culture feels like a softer, distributed version of the social credit score. How large of a distribution of opinions are you allowed to hold while keeping a job in the tech sector? We know from the examples of political firings that the range is not infinite. And people have gotten "cancelled" from private communications being made public on more than one occasion.
Because it's a volunteer, private process and not the government doing it, we still call it "freedom" but it really doesn't feel like an open society anymore. But I do acknowledge that we still have it way better in the West than they do in China (for now).
A vast majority of opinions are allowed. Religious, atheist. hate the govt, love the govt. In the 50 dev startup I was working in we had the conservative guy (vp of engr) who was a republican who kept trying to defend trump. We had another guy on the other side who didn't trust the govt and didn't want to go through security at the airport. And all varieties in between. What's not allowed? outright misogyny, outright expressed racism.
Russians and Chinese citizens in my company, along with us citizens, europeans. These aren't exactly outliers. The tech world has been this tolerant over my 30 years of working. It's only gotten more tolerant over time. There's a hell of a lot less acceptance of sexist crap though - hard to argue against that change.
What do you think about things such as room 641A [1]? In short it is one tiny part of the NSA - an NSA office inside of an AT&T building that only NSA "minders" have access to (funny how terminology has such powerful connotations isn't it?), and is used for hoovering up all information which is then processed and used as part of our surveillance state.
As for arbitrary detention, how about the National Defense Authorization Act (2012) Section 1021 [2]? The language is a mixture of strong and weak. What I mean is that it says, for instance, one can be detained for providing direct support of a specific terrorist group, but it also includes anybody engaging in a "belligerent act" against the United States as similarly sufficient grounds for arbitrary detention or transferal to the custody or control of any other nations. This remains one of the loopholes for 'we don't torture' - we just transfer to countries that do. When Obama signed this bill into law he openly acknowledged this, as well as the rather extreme constitutional conflicts, and simply claimed his administration would "interpret" the law in a way that would avoid a constitutional conflict. [3] Whether that was true or not is anybody's guess. In any case 'the law's still here, he's all gone' (in my best Springsteen impersonation.)
> AG Barr is actively trying to get rid of encrypted communications
One AG trying != it happened.
> and social scores are just as possible to implement in the US as in China
Not under the current laws, no.
> we already know that a form of such scoring has already been applied to those thought to perhaps be "terrorists".
No, there is no “terrorist” score that comes up based on posting tweets about how much you hate the US government when you go to apply for a job. In fact, it would probably be worse for your job prospects in the tech industry if you had public posts supporting the current admin.
I just wanted to point out that it is not just Barr. Various LEOs pine for a way to get a legal way to just 'press a button to decrypt'. Comey advocated for it. So did Holder. So yeah, it did not happen yet, but given the steady push, eventually, it will. It is only a matter of time.
As to the terrorist score, you are right. That would be too simple to target.
Instead, we have amalgam of various private entities collecting information and selling it to highest bidder. At best, the score is distributed.
> Would you prefer a government that is open and overt about their domestic surveillance or one that tries to keep the public in the dark about what is happening
Translation: would I prefer a government that is openly hostile to human rights, or one that has some laws.
In answer, I'd prefer my system not yours.
> which is why they're kept misinformed + uninformed
And out comes the usual claim that westerners are ignorant.
China is the biggest failure of the western nations in a post USSR world. The fact that the whole world let China become so huge and powerful while being so authoritarian is a travesty. They have now completed integrating the internet and big data into their despotic regime. This is the worst place imaginable for a free thinking brain. Even now the the western world is just following along to their dollar tunes.
maybe the Chinese internet will have a single point of failure, the government? I think they will have a massive problem with ransomware if all servers are accessible with the same backdoor.
I'm starting to think we should all just systematically boycott Chinese products and pressure companies not to work with them. China is more and more a real threat to world stability, to democracy and to the humaneness of our world
which is why I withdrew the idea to set up a branch there, the internet access and censorship combined are enough to kill any idea to run business in China.
Oh hey look another example of Rainbows End being spot on in predictions. At some point the U.S. will try something similar (hell under Trump there was already noise about it), and I think Rainbows End is necessary reading for what we will be up against.
That was such an interesting novel. Of course in that novel the justification for total surveillance and lockdown of components was the extreme vulnerability to terror enhanced by technology, AI, and automation...which was hard to argue against in Rainbows End.
That was what it was for the US and EU polities. I think there is a throwaway line about China just doing it because China. When this happens in US and EU it will be because of terrorism, linked with technologies like amazon's drones, or uber's cars, or some other thing.
TLDR: "This means intra-company VPN systems will no longer be authorized in China by anyone, including foreign companies. This in turn means all company email and data transfer will be required to use Chinese operated communication systems that are fully open to the China’s Cybersecurity Bureau. All data servers that make any use of Chinese based communications networks will also be required to be open to the Cybersecurity Bureau’s surveillance and monitoring system."
If VPNs will really be forbidden, I guess that lots of companies will really be forced to pull out of China.
What's even sadder is that a good portion of world's governments see this as an ideal they need to follow. China's online surveillance, censorship, "perfect citizen" scoring, and public facial recognition systems are seen as something they need to replicate, and the sooner the better, preferably.
The US government came up with the idea for "Total Information Awareness" almost 2 decades ago, and it's been trying to achieve that goal since then, even though it's been denying that the program exists, in public. The UK has also been trying to achieve the same with Snooper's Charter and the Great British Firewall.
If you've been paying attention over the past 6-8 years, you should've noticed that so-called democratic countries like the US, UK, Australia, and others, have also stopped trying to hold China accountable for "human rights abuses" in public. That's been a huge red flag for me that these governments aren't heading in a good, positive direction for humanity.
Only very recently the US has started mentioning China abuses superficially, but only in the context of trade war, and as another reason to get everyone to "hate China" - but I don't feel they mean it and are doing it because they actually think those abuses are bad. It's just another tactic to manipulate the masses to accomplish a larger objective.
This is very worrysome: it this simply accelerates the already ongoing exodus of foreign owned businesses from China. Yes, human right activists, opposition members and such, will simply continue using obfuscation as they do now, they are out of the legal space anyway and change of laws don't change anything for them. But businesses need to stay compliant. So they will leaving and with their money, share of government ownership, and thus government control of things, in China will keep creeping up. They are basically returning to Communism.
Good thing about it is that we know how it ends, Communism is not viable. Bad thing is that it leaves little hope for the current generation of Chinese...
That's absurdly optimistic. We've seen how much people care about being spied on and having all their data collected indiscriminately in the course of the Snowden leaks.
A large amount of the population does not use the internet the way you do. I don't have the exact numbers, but by figure of speech I would dare to say that 80% of the population do not care about data collection or being spied upon as long as they get what they want.
I disagree with that characterization of "the population". Internet use is mandatory, as government, banking and corporate services use more and more online-only application or submission processes. Lowers costs by eliminating paper, increasing speed and reducing the call center and paper processing jobs. For many thingsb the only choice is online forms, email and online display (anyone used bankbooks recently?)
It is interesting to play compare-and-contrast. The US government has a policy that is substantially similar in many respect - if I want to have a digital conversation without the US government getting a copy I'm not sure how I would go about it in practice. Certainly in a work setting, everything may as well get CC'd to the local government and US government offices.
The Chinese are upping the ante and this policy is going to be a social disaster for anyone involved in politics. But it is a good moment to reflect that the problem isn't the Communist Party of China specifically, it is a lack of private digital spaces. Spy agencies don't make us safe.
> The US government has a policy that is substantially similar in many respect
Not at all. The US legal tools that let the government demand data substantially limit what can be demanded. There is currently nothing in US law that prevents you from protecting your own systems. You might get a NSL, but you can fight it.
No doubt the US government collects a lot of data covertly, but you can fight that too. I'm not a big fan of giant US tech companies, but (based on well-placed friends I trust) I believe Google and others sincerely fight covert collection, and they're pretty competent.
I think a good choice for a private conversation would be a browser peer-to-peer WebRTC conversation on one of many hosts such as https://talky.io/ (for example). Good end-to-end encryption, perfect forward secrecy, open-source clients running on your platform of choice, many possible Web hosts which are unlikely to have been all backdoored by the government (and you can set up your own easily if you want). Obviously if you have been specifically targeted by a state-level agency, your client is probably already hacked and none of that matters, but those attacks are expensive and it seems unlikely that covers more than a small fraction of people.
It is counterproductive to take the position that all countries are similarly bad and there's nothing we can do about it.
Wait... You trust Google to keep our information secret? Don't they literally allow access to all our information for money through targeted ads? Didn't Google just admit to reading all of our emails for like a decade now?
Honestly, every sensible business tries to limit the data it has that cannot be monetized or inform business decisions. And in this respect, big companies are opposed to governmental covert collection since it limits the company's portfolio of clients, probably hurts their own security, and requires them to do shit that don't turn a profit.
Yeah, this seems like a huge overshoot. The US government does try to snoop on everybody's business but an E2E conversation on Wire or Telegram won't be traced. Could say the same for WhatsApp before they decided to go and comply with the UK's ridiculous request for data.
I do wonder how businesses deal with the snooping because I'm sure there are plenty of CEOs out there who wouldn't use a messenger to do deals or negotiations and many of them might be wary of an app they aren't familiar with. What happens then?
Western governments are covert about surveillance. China is overt about it, you continuously feel insecure and watched... and much like US's security theatre in airports that's the aim. So anyone who might wish harm to the communist party's agenda to feel threatened. How much are people willing to tolerate this sort of behavior? Hitler showed us all the way. In fact from a social development point of view China is going through what the world went through when it experimented with Fascism. So how does this end? Well, probably with some sort of war, likely a cold war of sorts.
It's also obvious that just like in WW2, American business will align itself with business interests even if those interests seem to be outright wrong. No matter, money is money. You would think we'd learned but we have learned nothing.
There does not seem to be any ban on companies VPNs. They don't need to and that would weaken protection against external attacks.
I think the aim, if I understand it as it is not very clear overall, is rather than government agencies may access the company's infrastructure (VPNs are irrelevant).
Look, their debt bubble is ready to pop as-is. The collapse was already inevitable. With the economy slowing down and the trade war, it's going to come fast.
This is how they contain the damage. Plus the party controls the (enormous) population even more closely during the rapid contraction.
This article reads as alarmism from an actor with interest in projecting FUD. China broadly has the same effective policy as most governments: requiring access to be given when legally demanded. This is already the case and has been the case for a long time. The theoretical legal requirement and the practical reality of enforcement differ, such that everyone is forced to operate in a grey area. Such a situation is normal and expected in China. Should the authorities want something, they come and tell you. Exactly the same as the west.
Meaning whenever the hell they feel like it. From the outside looking in, one problem seems to be a lack of a legitimate legal framework. Is there truly law in China? In the US at least, companies can throw out illegitimate requests for information. Can you tell the Chinese government, "no" for any reason? Citizens in western Democracies regularly sue their own government and win.
Yes, the article is not very well written, in that it blends factual statements about the new laws together with their own opinions,
e.g. 'For that reason, the Chinese Cybersecurity Bureau does not plan to politely make a formal request for the information. The fundamental premise of the new cybersecurity systems is that the government will use its control of communications to simply take the information without discussing the matter with the user.'
Does the author have some magical view into the Chinese Cybersecurity Bureau? Is he making this broad statement based upon something that the CSB has said? Or is it just his viewpoint?
Much more likely is, as you state, when the government wants something, they are going to come along and demand it. And if you want to keep doing business in China, you will have to provide that data.
This, while still a worrying state of affairs, is a far different scenario from 'all crypto is banned!' espoused by the writer.
Perhaps you could quote the relevant part that shows that this is more than just an opinion of the writer?
Given that it is a fundamental theme of the original article (encryption effectively banned), why doesn't the author provide this information in the very same article?
We make big, expensive, technical things that have a lot of very-closely-held software on them. One current, big, internal effort is to encrypt the code on the controller, so that people can't dump it, or at least not modify it. What's going to happen when the Chinese government demands to escrow the signing keys for any product sold in their country? I fully expect that they will be handed over. That's pretty much a given. But what if they go further and demand to escrow the source code? That would get really interesting, really fast, for many reasons.
Also, how will they continue to block Skype chat history in the US, based on dodgy interpretations of SOX and related laws, yet allow the Chinese government full access to all the logs? What happens when the CEO chats in China, or someone chats at him from China? I suppose it will be Microsoft to the rescue here, with a giant tick-box in the Skype FOR BUSINESS admin panel for "segregate retention policy based on CHINA," which is precisely the sort of thing that continues to make them the big bucks. All of these hosted infrastructure pieces, like Office365 and GSuite, are going to need huge exceptions built into them. (Maybe they already do, and I'm just ignorant.)