The chief executive officer of embattled Chinese tech giant Huawei has been doing the media rounds recently in attempts to assuage concerns that the company’s technology can be used by Beijing for spying.
In interviews with Western media outlets the company’s founder Ren Zhengfei has repeatedly denied that the Chinese regime could have backdoor access to the Huawei’s technology to spy on people overseas. Li told CBS news on Feb. 19 that “there is no such law in China that mandates any company to install the ‘backdoor.’”
While there is no Chinese law that compels a company in China to install backdoors, there are several widely-termed security-related laws that of concern to Western governments and experts.
“It is public record that under Chinese cybersecurity law, Chinese companies like Huawei are required to provide, essentially, access upon demand with little to no process to challenge that,” FBI Director Christopher Wray said at a press conference announcing U.S. indictments against Huawei on Jan. 28.
National Security Law
In 2015, the CCP created a “national security law” that allowed it to selectively ban foreign imports to the benefit of its own companies. Bundled into that law was a requirement that all key network infrastructure and information systems held to Chinese law need to be “secure and controllable.”
The U.S.–China Economic and Security Review Commission released a report at the time, noting the new rule “would require any company operating in China to turn over to the government its computer code and encryption keys, as well as to provide a backdoor entry into commercial computer networks.”
National Intelligence Law
In 2017 the regime passed the National Intelligence Law, which requires all Chinese citizens and entities to supply intelligence information if requested.
Article 7 states that Chinese “organizations and citizens shall, in accordance with the law, support, cooperate with, and collaborate in national intelligence work.” It adds that the state will “protect” individuals and organizations that assist in such intelligence efforts.
Article 14 states: “The state intelligence department has the right to ask any (Chinese) government, organization, and citizen to supply the necessary support, assistance, and cooperation.”
China’s 2014 Counter-Espionage Law also requires “relevant organizations and individuals” to “truthfully provide” information to security agencies during counterintelligence investigations. The provision adds that the organization or individual “must not refuse” such a request from a security agency.
Implementing regulations released in 2017 clarified that any individual or organization that refuses to offer information will be deemed to be obstructing a counter-espionage work, and subject to criminal investigation.
China’s Anti-Terrorism Law, enacted in December 2015, explicitly requires telecommunication companies to assist authorities in counter-terrorism operations.
Article 18 of the law compels “telecommunications operators and internet service providers” to provide technical support and assistance to security agencies, “such as providing technical interfaces and decryption.”
‘No Rule of Law’
These laws have concerned governments and experts because they highlight the regime’s control over telecom companies, even without mandating firms to install backdoors.
“Chinese telecom operators and Chinese equipment companies must provide unfettered access to their networks and equipment to the state security services without prior notification for intercept,” James Mulvenon, Chinese cyber expert and general manager at SOS International, told a U.S.-China Economic and Security Review Commission hearing in March 2018.
In a November report, The Australian news outlet cited secret Australian intelligence reports that confirmed Huawei had turned over passwords and access details to China’s intelligence services to allow them access to a “foreign network,” although not an Australian one, a source said.
Beijing-based lawyer and rights activist Teng Biao told sister media NTD in March that the Chinese regime could force companies to hand over private data even if these laws were not in place.
This is because “China is not ruled by law, it is ruled by the CCP. The CCP has a say in everything,” Teng said.
He cited the case of U.S. internet company Yahoo who in 2007 admitted that it had provided email records of dissidents to Chinese authorities. Two of those dissidents were later detained and given 10-year prison sentences. The company said it had no choice but to cooperate with authorities.
“Even Yahoo, an American company, did not dare to reject the request from the Chinese government, let alone Chinese companies,” Teng said.