What's new

Don’t let the long arm of China reach to our critical infrastructure

can you quote a link that point chinese smartphone selling data to the "government"?

Not selling, but giving. That is the government order from the latest cybersecurity law in 2016

Article 38: At least once a year, critical information infrastructure operators shall conduct an inspection and assessment of their networks security and risks that might exists either personally, or through retaining a network security services establishment; and submit a network security report on the circumstances of the inspection and assessment as well as improvement measures, to be sent to the relevant department responsible for critical information infrastructure security protection efforts.

https://www.chinalawtranslate.com/cybersecuritylaw/?lang=en

Which mean each year, a company is to compile a report on data used both personally or retaining from a third party network security service and submit the report to the Chinese government for risk assessment.

Which basically mean the government have access to "personal", which is the keyword here, data and determine if that is the potential risk of the state. Exactly the same thing Snowden accuse of what NSA is doing.

Every Chinese company have to compiled to this law, which include telco like Huawei and ZTE or Lenovo.

But what more surprising is that while that law is to be used domestically, which is to monitor Chinese user, company like DJI and Huawei have been accused of sending overseas user data to the Chinese government.
 
.
Not selling, but giving. That is the government order from the latest cybersecurity law in 2016

Article 38: At least once a year, critical information infrastructure operators shall conduct an inspection and assessment of their networks security and risks that might exists either personally, or through retaining a network security services establishment; and submit a network security report on the circumstances of the inspection and assessment as well as improvement measures, to be sent to the relevant department responsible for critical information infrastructure security protection efforts.

https://www.chinalawtranslate.com/cybersecuritylaw/?lang=en

Which mean each year, a company is to compile a report on data used both personally or retaining from a third party network security service and submit the report to the Chinese government for risk assessment.

Which basically mean the government have access to "personal", which is the keyword here, data and determine if that is the potential risk of the state. Exactly the same thing Snowden accuse of what NSA is doing.

Every Chinese company have to compiled to this law, which include telco like Huawei and ZTE or Lenovo.

But what more surprising is that while that law is to be used domestically, which is to monitor Chinese user, company like DJI and Huawei have been accused of sending overseas user data to the Chinese government.

"at least once a year, critical information infrastructure operators shall conduct an inspection and assessment of their networks security and risks that might exists either personally, or through retaining a network security services establishment; and submit a network security report on the circumstances of the inspection and assessment as well as improvement measures, to be sent to the relevant department responsible for critical information infrastructure security protection efforts. "

this sounds like routine cyber security check, by saying conducting cyber security check is equivalent to sending personal information to the government is a gross extrapolation. My company as well as other company in my industry conduct similar cyber security check each year as well and need to send report to relevant agencies, and no, my company does not send any personal data to the government. You are making too much assumptions there based on article 38.
 
.
"at least once a year, critical information infrastructure operators shall conduct an inspection and assessment of their networks security and risks that might exists either personally, or through retaining a network security services establishment; and submit a network security report on the circumstances of the inspection and assessment as well as improvement measures, to be sent to the relevant department responsible for critical information infrastructure security protection efforts. "

this sounds like routine cyber security check, by saying conducting cyber security check is equivalent to sending personal information to the government is a gross extrapolation. My company as well as other company in my industry conduct similar cyber security check each year as well and need to send report to relevant agencies, and no, my company does not send any personal data to the government. You are making too much assumptions there based on article 38.

You cannot cherry pick which is "too much assumption" and which is not, if that is the case, then wasn't what the NSA did to the PRISM is also a routine cyber security check and you are making too much assumption the American Telco will give user detail to the government and spy on them willy-nilly?

And a report COMPLIED by personal data is still personal data. What if you found an anomalies? How would you identify the source if you did not include that personal data to the report? Or at least look for it on behalf of the government? That is the action and definition of spying.
 
.
You cannot cherry pick which is "too much assumption" and which is not, if that is the case, then wasn't what the NSA did to the PRISM is also a routine cyber security check and you are making too much assumption the American Telco will give user detail to the government and spy on them willy-nilly?

And a report COMPLIED by personal data is still personal data. What if you found an anomalies? How would you identify the source if you did not include that personal data to the report? Or at least look for it on behalf of the government? That is the action and definition of spying.

If it's standard procedure being used all over the world, then I don't see what China doing is more "threatening" than others. Australia clearly targets China specifically, and that's where I have problem with. The point here is, there hasn't been a single concrete evidence that Huawei/ZTE spied on anyone, anywhere in the world. What they are collecting currently is no different and neither more spy-worthy than what's being collected anywhere else in the world by other country's technologies.
 
.

Latest posts

Back
Top Bottom