China’s new anti-terror law: No backdoors, but decryption on demand

China has passed new anti-terrorism legislation that requires telecoms and Internet companies to provide "technical interfaces, decryption and other technical support assistance to public security organs and state security organs conducting prevention and investigation of terrorist activities in accordance with law" (Article 18). Chinese authorities must be able to carry out surveillance on all services, including encrypted communications. However, there is no explicit requirement to add backdoors to systems, as was proposed in an earlier draft version of the law published in January 2015.

Article 19 of the new law spells out the requirements in more detail: "Telecommunications operators and internet service providers shall, according to provisions of law and administrative regulations, put into practice network security systems and information content monitoring systems, technical prevention and safety measures, to avoid the dissemination of information with terrorist or extremist content."

In addition, where "information with terrorist or extremist content" is discovered, its dissemination must be halted, websites closed, records saved, and a report made to "public security organs." This also applies to information held outside China: "Departments for network communications shall adopt technical measures to interrupt transmission of information with terrorist or extremist content that crosses borders online."

Reuters quotes Li Shouwei, deputy head of the parliament's criminal law division under the legislative affairs committee, as saying: "This rule accords with the actual work need of fighting terrorism and is basically the same as what other major countries in the world do." For example, China can rightly point to the UK's proposed Investigatory Powers Bill as requiring Internet and telecom companies to provide similar "technical support," and "to take reasonable steps to respond to [warrants for access to encrypted communications] in an unencrypted form," as Ars has reported.

China's pointed reference to what "other major countries in the world do" underlines another reason why the current attacks on encryption by government officials in the West are not just wrong, but extremely counterproductive. After all, the US and EU nations can't criticise or challenge other countries for introducing intrusive surveillance laws that are almost indistinguishable from their own.