New Chinese Law Reinforces Government Control of Cyberspace
The vaguely worded National Security Law is one of several new regulatory moves by China that worry privacy advocates and have foreign businesses concerned about potential harm to their operations inside the country.
The law calls for strengthened management over the web and tougher measures against online attacks, theft of secrets, and the spread of illegal or harmful information.
It said core information technology, critical infrastructure and important systems and data must be "secure and controllable" in order to protect China's sovereignty over its cyberspace.
The law offered no details on how China would achieve the goals, although a vast government Internet monitoring system has been in place for years.
China says it is a major target of hacking and other cyberattacks, and the ruling Communist Party has expended vast efforts in blocking online content it deems subversive or illegal.
China is also accused of running a state-sponsored effort to hack computers and steal government and commercial secrets overseas, while also spying on and harassing pro-democracy, Tibetan and human rights groups based abroad.
Most recently, Beijing was suspected as being behind a massive hack into a U.S. federal government computer server that resulted in the theft of personnel and security clearance records of 14 million employees and contractors. Chinese officials always deny engaging in such actions.
The National Security Law, passed overwhelmingly by the Standing Committee of the National People's Congress, replaces a law that focused more narrowly on counter-espionage.
In addition to cyberspace, the new legislation covers a wide range of areas including the economy, social stability, territorial integrity, the military, culture, finance, technology, the environment and food safety.
Spokeswoman Zheng Shu'na said an overarching legislation was needed to deal with "ever-growing security challenges".
"Externally speaking, the country must defend its sovereignty, as well as security and development interests, and ... it must also maintain political security and social stability," Zheng was quoted as saying by the official Xinhua News Agency.
The new law is an extension of the hard line on security and repeated warnings against foreign ideological subversion issued by the government of President Xi Jinping, who in 2013 established an overarching National Security Commission to coordinate such efforts with him as chairman.
A separate anti-terrorism proposal could require network operators and service providers fighting for a share of China's $465 billion technology market to build in "backdoors" for government surveillance, hand over encryption keys to Chinese authorities and store user data within China.
Companies worry that could undermine their ability to send encrypted emails or operate the kind of private corporate networks commonly used to secure communications.
Other new regulations already require Chinese banks to have 75 percent of their IT infrastructure certified as "secure and controllable" by the Chinese government by 2019.