The ramifications of a new cybersecurity law in China could spell trouble for countries that do business with it, on top of an already strained relationship with the United States.
The latest scuttlebutt in Washington is that the United States is considering leveling sanctions against China after a data hack in June exposed data belonging to millions of government workers. It is widely speculated that China was to blame for the hack.
Several anonymous government sources told the Washington Post that the final decision is likely coming soon, although the Obama administration has not yet publicly confirmed that it will impose sanctions or what those sanctions will entail.
The fallout over the hack comes not long after China drafted a new Network Security Law that includes creating a national standard for security, a standard that seems to be toeing the line between preserving national security and trampling on competition.
This new security law has critics worried that it will further limit China's already restrained online freedom by creating an economic environment that only promotes Chinese products, therefore barring foreign competition in the name of national security.
While the country's decision mainly presents problems for the United States in terms of limiting its ability to do business in China, what the new legislation illustrates is how tightening security laws could present problems for capitalistic countries that rely on economic competition.
Part of the new Chinese standard could mean that all security technology in that country would have to meet requirements established by the government, according to the National Law Review. Companies in other countries, including in the United States, may produce technology uncooperative with Chinese standards.
"China's current leadership has attached an unprecedented level of attention to network security, which it sees as a core aspect of national security," the law journal wrote in an Aug. 10 article. "It has been repeatedly reported that the Chinese government is working actively to wean government networks and financial systems off of IT products and services from foreign companies."
Besides limiting its economical prospects with other countries, China's possible cybersecurity legislation could further quash its own citizens' already minimal access to free speech.
"China's draft Cybersecurity Law is the latest in a series of pieces of legislation ostensibly designed to strengthen national security, Sophie Richardson, China director at Human Rights Watch, said in a July 10 article in Foreign Policy. "While the Chinese government has genuine security needs, these new laws conflate the security of the state with that of the party, and generally treat peaceful critical speech and activism as national security concerns."
The Global Cybersecurity Index is a project put together by the International Telecommunication Union. It is intended to help measure different countries' commitments to cybersecurity. The United States was determined to be the most committed, while China fell much lower on the scale.
The index shows the main differences between the Chinese and the American approaches to cybersecurity to be based in national benchmarking, or how each country decides how to configure security for operating systems and applications. The United States has set up a National Checklist Program, while China has yet to establish an official benchmarking program.
The cybersecurity issues between China and the United States are complex. Part of the problem is a lack of universal cybersecurity laws to which both countries could adhere: while some have been proposed, none have passed. Zha Daojiong, a professor of international political economy at the School of International Studies at Peking University, addressed this problem in a recent opinion piece for CNN:
"This [lack of an international cybersecurity law] leaves ample space for governments to compete in claiming the high ground, moral or legal and indeed both, in managing the flow of digital data across nation-state boundaries," Daojiong wrote. "If a country pursues the idea of absolute cybersecurity, it may as well consider isolating itself from the rest of the world."
The absence of a universal law is partly due to differing interpretations of security, Elaine Korzak of Stanford University's Center for International Security and Cooperation told the Washington Examiner last week.
"Russia's and China's conception of information security is broader than the Western approach of cybersecurity," Korzak said. "Western conceptions of cybersecurity generally focus on the malicious use of computer code ... Russia and China, in contrast, are concerned not only with the malicious use of computer code, but also with the potentially destabilizing effects of information.
Congress is struggling to pass its own cybersecurity legislation amid concerns that it may be too intrusive. Twenty-two amendments of the Cybersecurity Information Sharing Act will be on the table before Congress this month.
While there are no internationally standardized cybersecurity laws in place, a report from the United Nations released last week gave several suggestions on how individual nations should handle Internet usage. This includes calling on the U.N. itself to act as a medium for the ongoing cybersecurity conversation among countries.
It is not fair to judge different countries' approaches to cybersecurity based on others' benchmarks, although it is wise to look at the impact of each country's decisions on the rest of the world and assess it accordingly. The U.S. may not be directly affected by China's proposed new law, but it could see some trickle-down effects in its business relationship.
This article appears in the Sept. 8 edition of the Washington Examiner magazine.