China’s new cybersecurity law will ban Internet users from publishing information that damages “national honor”, “disturbs economic or social order” or is aimed at “overthrowing the socialist system”. It will codify previously scattered Internet regulations and practices of unique government agencies, and elevate the powers held by the country’s Cyberspace Administration, the leading government body making and enforcing policy for the Internet.
The law requires Internet companies to verify users’ identities and to store users’ “personal information and other important business data” in China, effectively making anonymity illegal. The legislation has drawn criticism for its infringement on users’ rights to freedom of expression, privacy and anonymity, and for placing stringent requirements on businesses operating in the country.
In what appears to be one example of the cybercrime law in action, security firm Kryptowire recently identified several models of Android mobile devices that have pre-installed permanent software (firmware) that collects sensitive personal data, including text messages, geolocations, contact lists, and call logs and transmits them to a third-party server in Shanghai, creating backdoor access to user data for law enforcement and other authorities.
Without users’ consent, the code can bypass Android’s permission model. This could allow anyone interested in a mobile user’s data — from government officials to malicious hackers — to execute remote commands with system privileges and even reprogram the devices.
In addition to the surveillance of private data as required by law, Chinese Android phone users regularly download Android apps from unofficial third party app markets since Google left China in 2010. These Android markets are flooded with apps containing malware that can steal and manipulate personal data.
The company that developed the firmware, ADUPS, said the software was designed to help phone manufacturers “identify junk texts” and “improve mobile phone experience”. The devices were sold by the US-based online retailers Amazon and BestBuy, among others.
Meanwhile, reports that Facebook has developed software allowing it to suppress posts from users’ feeds based on their geographic area also drew criticism this week. The company is reportedly developing the tool to hand over to a China-based third party in order to fulfill the necessary requirements to operate in the country. The New York Times said of the reports, “the project illustrates the extent to which Facebook may be willing to compromise one of its core mission statements, ‘to make the world more open and connected,’ to gain access to a market of 1.4 billion Chinese people. The implications of the cybersecurity law for Facebook’s existence in China remain to be seen.
Human rights advocate and website founder arrested in China
The founder of a Chinese citizen news site was detained after police searched his home. Huang Qi is the third well-known rights defender in China to disappear or be detained in a fortnight, after the disappearances of lawyer Jiang Tianyong and citizen journalist Liu Feiyue, who activists believe to be in police custody.
Police in Sichuan burst into the home of the 64 Tianwang founder, searching it and detaining Huang on Monday night, a local activist told US-backed Radio Free Asia (RFA). They had a search warrant, she said.
Tianwang is an independent news site that posts articles and information about human rights incidents in China, including detentions by police, forced demolitions, petitioner activism and demonstrations. It recently received the 2016 Reporters Without Borders Press Freedom Prize. Nine citizen journalists who have contributed to the site are currently detained, and five are on bail, according to Tianwang.