What's new

Don’t let the long arm of China reach to our critical infrastructure

master_13 said:
can you quote a link that point chinese smartphone selling data to the "government"?
Click to expand...

Not selling, but giving. That is the government order from the latest cybersecurity law in 2016

Article 38: At least once a year, critical information infrastructure operators shall conduct an inspection and assessment of their networks security and risks that might exists either personally, or through retaining a network security services establishment; and submit a network security report on the circumstances of the inspection and assessment as well as improvement measures, to be sent to the relevant department responsible for critical information infrastructure security protection efforts.

https://www.chinalawtranslate.com/cybersecuritylaw/?lang=en

Which mean each year, a company is to compile a report on data used both personally or retaining from a third party network security service and submit the report to the Chinese government for risk assessment.

Which basically mean the government have access to "personal", which is the keyword here, data and determine if that is the potential risk of the state. Exactly the same thing Snowden accuse of what NSA is doing.

Every Chinese company have to compiled to this law, which include telco like Huawei and ZTE or Lenovo.

But what more surprising is that while that law is to be used domestically, which is to monitor Chinese user, company like DJI and Huawei have been accused of sending overseas user data to the Chinese government.
 
jhungary said:
Not selling, but giving. That is the government order from the latest cybersecurity law in 2016

Article 38: At least once a year, critical information infrastructure operators shall conduct an inspection and assessment of their networks security and risks that might exists either personally, or through retaining a network security services establishment; and submit a network security report on the circumstances of the inspection and assessment as well as improvement measures, to be sent to the relevant department responsible for critical information infrastructure security protection efforts.

https://www.chinalawtranslate.com/cybersecuritylaw/?lang=en

Which mean each year, a company is to compile a report on data used both personally or retaining from a third party network security service and submit the report to the Chinese government for risk assessment.

Which basically mean the government have access to "personal", which is the keyword here, data and determine if that is the potential risk of the state. Exactly the same thing Snowden accuse of what NSA is doing.

Every Chinese company have to compiled to this law, which include telco like Huawei and ZTE or Lenovo.

But what more surprising is that while that law is to be used domestically, which is to monitor Chinese user, company like DJI and Huawei have been accused of sending overseas user data to the Chinese government.
Click to expand...

"at least once a year, critical information infrastructure operators shall conduct an inspection and assessment of their networks security and risks that might exists either personally, or through retaining a network security services establishment; and submit a network security report on the circumstances of the inspection and assessment as well as improvement measures, to be sent to the relevant department responsible for critical information infrastructure security protection efforts. "

this sounds like routine cyber security check, by saying conducting cyber security check is equivalent to sending personal information to the government is a gross extrapolation. My company as well as other company in my industry conduct similar cyber security check each year as well and need to send report to relevant agencies, and no, my company does not send any personal data to the government. You are making too much assumptions there based on article 38.
 
master_13 said:
"at least once a year, critical information infrastructure operators shall conduct an inspection and assessment of their networks security and risks that might exists either personally, or through retaining a network security services establishment; and submit a network security report on the circumstances of the inspection and assessment as well as improvement measures, to be sent to the relevant department responsible for critical information infrastructure security protection efforts. "

this sounds like routine cyber security check, by saying conducting cyber security check is equivalent to sending personal information to the government is a gross extrapolation. My company as well as other company in my industry conduct similar cyber security check each year as well and need to send report to relevant agencies, and no, my company does not send any personal data to the government. You are making too much assumptions there based on article 38.
Click to expand...

You cannot cherry pick which is "too much assumption" and which is not, if that is the case, then wasn't what the NSA did to the PRISM is also a routine cyber security check and you are making too much assumption the American Telco will give user detail to the government and spy on them willy-nilly?

And a report COMPLIED by personal data is still personal data. What if you found an anomalies? How would you identify the source if you did not include that personal data to the report? Or at least look for it on behalf of the government? That is the action and definition of spying.
 
jhungary said:
You cannot cherry pick which is "too much assumption" and which is not, if that is the case, then wasn't what the NSA did to the PRISM is also a routine cyber security check and you are making too much assumption the American Telco will give user detail to the government and spy on them willy-nilly?

And a report COMPLIED by personal data is still personal data. What if you found an anomalies? How would you identify the source if you did not include that personal data to the report? Or at least look for it on behalf of the government? That is the action and definition of spying.
Click to expand...

If it's standard procedure being used all over the world, then I don't see what China doing is more "threatening" than others. Australia clearly targets China specifically, and that's where I have problem with. The point here is, there hasn't been a single concrete evidence that Huawei/ZTE spied on anyone, anywhere in the world. What they are collecting currently is no different and neither more spy-worthy than what's being collected anywhere else in the world by other country's technologies.
 

Similar threads

Nan Yang
Microsoft outage leaves China largely untouched as tech self-sufficiency campaign pays off
Replies
1
Views
455
Nan Yang
Nan Yang
beijingwalker
Who Connects The World's Networks? The Most Important Network Infrastructure Providers Worldwide
Replies
1
Views
274
beijingwalker
beijingwalker
Nan Yang
The high, high cost of sanctioning Huawei
Replies
0
Views
768
Nan Yang
Nan Yang
beijingwalker
Are US Tech Sanctions on China Backfiring? US hopes that China will simply accept second-class status are fading
Replies
0
Views
292
beijingwalker
beijingwalker
beijingwalker
New Huawei Mate 60 Pro raises worry China has found a way around U.S. tech limits
2 3
Replies
40
Views
3K
gambit
gambit

Latest posts

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Military Forum Latest Posts

Country Latest Posts

Back
Top Bottom