The National People’s Congress (“NPC“) of the People’s Republic of China (“China” or “PRC“) issued a draft Anti-Terrorism Law (the “Draft Law“) for public comment on 3 November 2014. As of the end of February 2015, the Draft Law had moved into its second draft but the revised draft is not yet in the public domain[1]. As of the date of this writing, deliberations on the Draft Law are ongoing, notwithstanding media speculation that it had been dropped[2].
One of the points that is striking about the Draft Law is that at no point does it define “terrorism,” leaving the interpretation of this to the Chinese authorities (but the concept will no doubt encapsulate domestic as well as external threats).
The Draft Law, in its published first draft form, requires providers of telecommunications services (i.e., basic and value-added telecoms services providers) (电信业务经营者) (“Telecoms Service Providers“) and providers of Internet services “互联网服务提供者” (“Providers of Internet Services“) within China to actively cooperate with government authorities in their fight against terrorism. It mandates, among other things:
- Equipment such as servers and data for users in China deployed or held by Telecoms Service Providers and Providers of Internet Services to be kept onshore;
- Telecoms Service Providers and Providers of Internet Services to install technical portals accessible by the Chinese government (so-called “back doors”);
- Telecoms Service Providers and Providers of Internet Services to submit password/cryptographic schemes to the Chinese authorities for review;
- Pre-rollout security assessments for applications before online release;
- Operators of network and information systems to adopt monitoring, reporting, early detection, censorship, and emergency response measures; and
- Special protection measures for key targets identified by Chinese government departments, including important telecoms and Internet networks and systems.
For the full article, please click here.