What is cryptography?
Cryptography is the science of using codes to protect information. The information will be converted into a secure format that only the intended recipient will be able to access.
When plaintext is transformed into cyphertext, the process is called encryption – as opposed to decryption, which is the process of converting the encoded data back into the initial information.
What’s in the new cryptography law?
The aim of the law
According to the State news agency Xinhua, the law is aiming at “regulating the utilization and management of cryptography, facilitating the development of the cryptography business and ensuring the security of cyberspace and information”. To that end, this law is also meant to better protect intellectual property rights in cryptography.
Some analysts also believe that this law is intended to be the framework for digital finance and the upcoming launch of China’s national digital currency, also called Digital Currency Electronic Payment (DCEP).
The cryptography law establishes 3 encryption categories, two of which apply to the public sector and one to the private sector:
- Core encryption – protecting those state secrets that are considered “secret”, “highly secret”, and “top secret”;
- Common encryption – protecting “secret’ and “highly secret” state secrets;
- Commercial encryption – safeguarding trade secrets and other information of private organizations, companies, and individuals.
If a person is aware of risks concerning the protection of national secrets under core and common cryptography but doesn’t address or report them, he/she will face punitive actions.
Moreover, the new law welcomes foreign sellers and providers of commercial cryptography and supports scientific research and technological application of cryptography. However, these activities should neither threaten national security nor harm other people’s rights.
Additionally, the State has to examine or authenticate and approve beforehand sellers and providers of commercial encryption. Authorities will carry out fines and confiscations if these sellers and providers fail to meet the said requirements.
Consequences for businesses in China
First of all, the new law addresses cyberspace and cryptography issues which have long been ignored in China. It also aims to protect trade secrets in cyberspace.
According to this law, relevant departments of institutions working on cryptography are not allowed to request the disclosure of businesses’ cryptography information and have to protect and keep confidential any business secret they may get while on duty.
The law also calls for the implementation of strict supervision and security systems at relevant cryptography institutions to ensure compliance with the law and protection of business information. This may help businesses in China to better protect themselves online.
Although China has been wary of digital and cryptocurrencies in the past, the new cryptography law seems to be the first step towards a shift of stance and a controlled opening-up of this industry. According to the State Cryptography Administration (SCA), “cryptography is an important strategic resource”. One day before the law was passed, President Xi Jinping also called for greater blockchain adoption.
Increased blockchain innovation and research will create many opportunities for Chinese as well as foreign businesses and providers of commercial cryptography. Therefore, cryptography law may be a great stimulus for the encryption industry and China’s economic growth.
Critics & possible risks
Many legal experts note that the cryptography law only covers encryption-related matters without mentioning decryption. There is no provision as to how and by whom encrypted messages can be decrypted in China. Thus, it limits the relevance of the new cryptography law.
Furthermore, some observers have expressed their concerns regarding the level of privacy guaranteed by this law. According to some provisions, no cryptography project can be carried out without the government’s approval.
The law should also not harm state security or the Chinese Communist Party. But it does not define the scope of a national security threat. This has caused some specialists to fear a higher state involvement in commercial encryption than explicitly stated in the law.
Others have also pointed out the possibility of a backdoor to commercial cryptography platforms such as the State could demand “national security” reasons. In other words, the government could have access to all encrypted data, which would raise again the question of privacy protection.
Prepare your business adequately for 2020
As mentioned above, the new law on cryptography requires companies to safeguard their trade secrets with commercial encryption. Thus, especially companies in the telecommunication industry that are working on innovative 5G networks may have to protect their intellectual property through this specific type of encryption.
As for businesses working on cryptography, such as commercial cryptography providers, the law requires the establishment of management systems and supervision procedures of the staff to guarantee the security of the encrypted information. To avoid punitive actions, these businesses should plan the implementation of such systems early on.