China draws up law that makes it perfectly legal to hack any internet-related company activating in its borders.
New provisions made to China’s Cybersecurity Law last November gives state agencies the legal authority to remotely conduct penetration testing on any internet-related business operating in China, and even copy and later share any data government officials find on inspected systems.
Any company that provides an internet-related service with more than five internet-connected computers is susceptible to these inspections.
The Chinese government agency tasked with carrying out these penetration tests is the Ministry of Public Security (MPS), the same agency which also maintains China’s Great Firewall and its nationwide facial recognition system and surveillance cameras network.
MSP officials received these new powers on November 1,2018, in the form of new provisions to China’s Cybersecurity Law, first adopted in 2017.
These new provisions, named “Regulations on Internet Security Supervision and Inspection by Public Security Organs” (公安机关互联网安全监督检查规定) give the MSP the following new powers:
The new provisions bolster an already intrusive Cybersecurity Law adopted in 2017, which gave Chinese authorities the right to analyze the source code of technologies used by foreign companies in China, all under the guise of identifying vulnerabilities during “national security reviews” to ensure national security.
