Skip to main content
banner image
venafi logo

China’s Encryption Law: The Gift That Keeps on Giving? [Encryption Digest 17]

China’s Encryption Law: The Gift That Keeps on Giving? [Encryption Digest 17]

graphic of China represented as a computer chip
October 31, 2019 | Katrina Dobieski

This week in encryption news; two main stories, oddly tied. First, China seeks to give the gift of encryption, but will it keep giving? And to whom? Then, as increasingly ironclad nations clamp down on freedom of information, one UK publication found a way to cut (code?) through the noise and to the screens of its secret readers. How encryption is increasingly the battle-axe for both sides in what is shaping up to be another round of the never-ending crypto journey.



Guess Who China’s Encryption Law Benefits? [Hint: It’s Not Hard]

What is the purpose of encryption? A lot of things, but namely that you are guaranteed the privacy of whatever’s inside—whatever's encrypted. And therein lies the rub. How do you define privacy?

How does the Chinese state define privacy? And after the realization of that definition, will encryption still live up to its promise?  

What’s the Story?

Starting the first day of 2020, the People’s Republic of China will put into effect a law passed to regulate encryption—an achievement in matter of principle. It delineates the multiple types of encryption, their uses and permissions, and the ramifications of breaching, tampering with or failing to protect said encryption.

Not surprisingly, the Chinese encryption law seems to serve first what most government laws serve—the state. Everything after that is irrelevant gravy.


Nuts and Bolts

What You Can Do

“the country encourages the research, academic exchanges, conversion of academic achievements and application of the technologies of commercial cryptography”

What You Can’t Do

“the scientific research, production, sales, service and import and export...must not harm the state security and public interests”

It also adds “or other people’s rights and interests”, but when they come into collision with that of the state, we can only speculate as to the efficacy of that statement.

Some Main Points

  • “Core and Common” encryption will be used for state secrets.
  • Encryption developers can’t be asked to turn over source code, and any business secrets turned in must be kept confidential
  • Vendors of commercial cryptography that is not “examined or authenticated” will receive punitive measures. “Examined or authenticated” means under the auspices and criteria of the Chinese government.


What Does It All Mean?

The news here is that there is no news. No leaps and bounds, nothing new for the tech industry. Just a caveat that says anyone spotting a weakness in the encryption of state secrets (“core and common”) and failing to notify authorities is held accountable by law. We’ll see how that plays out over the coming months.

Related Posts:

On the Bright Side: BBC News for Everyone (on Tor)

While certain entities might be cracking down, the BBC network is ramping up and just went underground. At least partially. Now available to anyone with the software savvy to use Tor, accessible world news without censorship.

Originally developed as military technology by the Navy, The Onion Router (Tor) uses a series of intermediate volunteer computers to encrypt host communication and throw off the scent of the original requesting computer. Not only can users be unidentifiable, they can also access special sites not available to lay-browsers.

For example, the Tor URL for the BBC [note the “.onion”]: https://www.bbcnewsv2vjtpsuy.onion/

Which Countries Will This Affect?

The following countries have, or have attempted to, block BBC content to their citizens.

  • Iran
  • Vietnam
  • China

Ironically, Tor is known to many for its seedy reputation; its anonymity provides the perfect dark alley down which all breeds of cyber-rats scurry. But, with any luck, a beacon in the form of free world news will make its way down the same dark alley and shine a light on those whose access to information has been violently blackened out.

Watch this step-by-step scenario of a certificate related outage. Don't let it happen to your enterprise, and check out Venafi's No Outages Guarantee. 





Related Posts:

Like this blog? We think you will love this.
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more