China tells US tech companies to sign PRISM-like cyber-loyalty pact

Lu Wei, the head of the Cyberspace Administration of China, is having a summit with tech industry leaders in Seattle next week, where he's likely to press further for them to sign a pledge to comply with China's security policies—and open their systems up for "supervision",
Cyberspace Administration of China

As China’s President Xi Jingping prepares to visit the White House next week, the head of China's Cyberspace Administration, Lu Wei, is holding a summit with US technology companies in Seattle. There, he's expected to further press US technology companies operating in China to sign off on a pledge that they will comply with Chinese information security policies—potentially giving Chinese authorities direct access to user data. The terms of the pledge, which the New York Times reports requires companies to “promise they would not harm China’s national security and would store Chinese user data within the country,” are similar in ways to the PRISM agreement between technology companies and the US government revealed by former National Security Agency contractor Edward Snowden.

But the pledge also goes further, pressing for systems to be “secure and controllable”—suggesting that companies may have to provide direct backdoors to systems for surveillance and provide the Chinese government with source code to their applications.The pledge document begins, “Our company agrees to strictly adhere to two key principles of ‘not harming national security and not harming consumer rights.’”

Much of the pledge document is focused on user privacy rights, outlining policies that would give users the right to know where their data was stored, to control how much of their personal data was collected, to opt out of the collection of personal data, and to “choose to install, or uninstall non-essential components [and] to not restrict user selection of other products and services.” The pledge also asks companies to “guarantee product safety and trustworthiness” by taking measures to build security into products, rapidly patch vulnerabilities, and “not install any hidden functionalities or operations the user is unaware of in the product.”

Read 3 remaining paragraphs | Comments