The New York Times
Monday, February 1, 2000
Few Comply as China Enacts Encryption Rules
By REUTERS
BEIJING, Jan 31 -- Confused by sweeping new restrictions on encryption technology in China, most foreign and Chinese companies simply ignored a Monday deadline for compliance.
Anybody using encryption technology, which protects electronic communication from eavesdropping, should have delivered by hand a registration form to a tiny government office in a Beijing alleyway by Monday afternoon.
All of China's estimated nine million Internet users were supposed to have turned up in person to comply -- if the letter of the new law had been followed.
The new rules threaten to complicate Beijing's efforts to join the World Trade Organisation (WTO) and U.S Trade Representative Charlene Barshefsky has vowed to take up the issue with Chinese officials.
But they are clearly unworkable, even though Yang Lingjun, the official in charge of the registration process, was handing out forms to visitors on Monday and insisting that "companies must comply with the rules."
"The faster you apply, the faster you can win approval," he said.
Asked how many officials were on hand to process the gargantuan registration task, he was evasive. "Lots and lots," he said.
Companies fear they will be required to reveal their encryption secrets in the name of Chinese national security. The sale of foreign encryption products in China will be banned altogether.
In theory, firms like Micrsoft and IBM will have to strip their software of their own encyption codes and replace them with Chinese-made products.
Foreign companies would have no secure way of sending corporate secrets over the Internet, or even their own internal communications networks.
But instead of a mad rush to meet the registration deadline, only a handful of people trickled into the dimly lit lobby of the State Encryption Management Commission (SEMC) on 13 Wenjin Street, near Beijing's leadership compound.
"We only found out about the rules on Friday," said one harried young woman who arrived clutching forms on behalf of her company, a Chinese maker of integrated circuit cards.
"The rules gave us a big shock," she said.
Encryption technology is embedded in everything from Internet servers and desktop software to cellular phones and cable television sytems.
Asked whether users of desktop software would be required to register, Yang said: "Yes."
After registering, companies will have to fill out approval forms which ask companies to list the names of every user of encryption products along with their telephone numbers, email addresses and the locations where the technology is used.
One industry analyst who met with SEMC officials was told all visitors to China would have to list the software on their laptops upon arriving.
Mobile telephones which use GSM technology would not be affected. But more advanced "Third Generation" mobile technology that will allow users to surf the Internet, would be, the analyst quoted an official as telling him.
"There will be no extension on the deadline," the analyst quoted SEMC officials as saying.
"But they're undecided over how they will deal with companies which don't meet the registration deadline," he said.
China is hoping to join the WTO this year, and is in the final stages of talks with the European Union after clinching a deal with the United States last November.
Some analysts said that within the WTO China could try to hide behind a clause exempting members from rules where national security is at stake.
"China tends to see it as an information security issue, not a trade issue," said Jay Hu, managing director of U.S. Information Technology Office, which represents American IT firms.
"They're concerned about hacker attacks or logic bombs planted in the information networks."
