[Infowarrior] - China to Enforce New Encryption Rules

Richard Forno rforno at infowarrior.org
Thu Apr 29 01:40:44 UTC 2010


 
APRIL 28, 2010, 8:42 A.M. ET
China to Enforce New Encryption Rules

By LORETTA CHAO

http://online.wsj.com/article/SB10001424052748704423504575211842948430882.html

BEIJING—China is set to implement new rules that would require makers of certain electronic equipment to disclose key encryption information to be eligible for government procurement sales, creating a possible showdown with foreign companies that are unlikely to comply.

Beginning Saturday, makers of six categories of technology products, including smart cards, firewall technology and Internet routers, will have to disclose encryption codes to authorities for certification to participate in bidding for government purchases. Such encryption information is closely guarded by companies, and industry officials say foreign companies that fall under the new rules are unlikely to comply, which could mean they are cut off from government contracts for those products.

The product categories covered by the encryption rules account for tens of millions, or possibly hundreds of millions, of dollars a year in government sales, industry officials estimate. That's a small fraction of the many tens of billions a year China's government spends on procurement. Still, the dispute is the latest illustration of recent tension between Chinese authorities and foreign businesses over a range of regulatory policies.

Disclosing encryption information is "something companies cannot and will not do," said Jorg Wuttke, president of the European Union Chamber of Commerce in China at a briefing last week, because such codes are often kept secret by companies for both competitive and security reasons. Mr. Wuttke said this is one of the most important issues facing European companies from the chamber's perspective.

Two companies that are likely to be affected by the rules are Gemalto NV, a maker of smart cards and other digital security products, and Cisco Systems Inc., the U.S. network-equipment giant. Cisco declined to comment on the new  rules. Gemalto didn't immediately respond to a request for comment.

Industry observers who follow the issue say that the regulation appears to be part of a broader effort by Beijing to promote domestic enterprises. Foreign executives say such regulations make it increasingly difficult for foreign companies to compete fairly in one of the world's most important markets.

Chinese officials have said their policies aren't discriminatory, and have complained about alleged protectionist measures taken by the U.S. and other nations.

The encryption requirement has been scaled back significantly from when it was first proposed in 2008 by the General Administration of Quality Supervision, Inspection and Quarantine. At the time, authorities said that any uncertified security products wouldn't be permitted to be sold, imported or used in China.

But after protests from foreign industry groups, the officials narrowed the scale of the regulation to include only government procurement of certain products.

The General Administration of Quality Supervision, Inspection and Quarantine didn't respond to requests for comment on the rules. Nor did the Ministry of Finance, which funds government procurement.

Implementation of the regulation was delayed last year just days before it was to go into effect, and authorities could delay again. It's also unclear how the regulation will be enforced. People who follow the issue say the requirement could, for example, force the Ministry of Transportation to use only certified technology in the millions of transportation cards used in China's subway systems. If the scope of government procurement is interpreted to include state-owned companies as well, the requirement also could encompass bank cards.

As of Wednesday evening, a government list of companies certified under the rule listed only Chinese companies. Shenzhen-based telecom-equipment giant Huawei Technologies Co. and Internet security company Leadsec Technologies (Beijing) Co., a subsidiary of personal computer maker Lenovo Group Ltd., were among more than 20 companies listed.

—Gao Sen contributed to this article.

Write to Loretta Chao at loretta.chao at wsj.com


More information about the Infowarrior mailing list