Last year, the Chinese government started laying out new rules for technology products used by government agencies and banks, in part as a response to revelations about the National Security Agency’s exploitation of Chinese networks. Now, new rules for selling products to China’s financial sector have drawn a protest from North American and European technology vendors because of how intrusive they are—including demands for back-doors into hardware and complete source code.
In May, China’s State Internet Information Office announced it would institute a “cyber security vetting process” for screening all IT products sold in China. (The Chinese government also banned the use of Windows 8 on government PCs, citing “energy consumption” issues). Late last year, the government approved the final rules for vetting technology sold to key industries in China.
The New York Times reports that the rules include a requirement for turning over the source code of all software and firmware for computing and network equipment to the Chinese government, and providing management ports for the government to use to observe and control the equipment. The rules for banking systems require that 75 percent of technology products used in the financial sector be “secure and controllable” by 2019. Additionally, a new anti-terror law being drafted by China would require all companies doing business with Chinese citizens to keep that data within the country on servers that could be monitored by the Chinese government.