China has passed a new cryptography law regulating how the technology will be used by the government, businesses and private citizens once it goes into effect on January 1st, 2020.
The new law classifies cryptography into three different types: core, common and commercial cryptography. Core and common cryptography, which will be managed by authorities in the subject, will be used to protect China's confidential information such as state secrets.
Under the law, confidential information of the state sent over wire and wireless communications as well as the information systems that store and dispose of this information must use core and common cryptography for their encrypted protection and security certification.
- US presidential candidates aren't using basic email security
- These are the best ways to share files securely
- Why encryption matters to your security and privacy
Commercial cryptography on the other hand, is for protecting information that is not confidential and this technology can be used by citizens, legal personnel and businesses in accordance with China's laws.
China's new law will also require that institutions working on cryptography will have to establish “management systems” in order to guarantee the security of their encryption. These managers won't be able to ask private encryption developers to turn over their source code or other proprietary information but any business secrets they do obtain, will have to be kept confidential.
By passing a cryptography law, China is both allowing and encouraging the commercial development and use of encryption. However, the development, sales and use of encryption “must not harm the state security and public interests”.
Those who fail to report security risks they encounter will be punished as well as anyone who provides cryptographic systems for sale which “are not examined authenticated”. China's existing cybersecurity laws already punish the use of encryption in any way that can threaten the state and its new law includes similar provisions.
In an age where businesses can have their sensitive information stolen by hackers in any number of ways, China's new cryptography law could end up helping Chinese businesses better protect themselves online.