The new law will be a centralized regulation of data encryption, immediate effect on the 1st of January, 2020. The Lawmakers approved the law at the closing meeting of the last session of the Standing Committee of the National People’s Congress (NPC), after a second review. As the translation of the original article says:
This Law is enacted for the purpose of regulating password application and management, promoting password development, safeguarding network and information security, protecting the legitimate rights and interests of citizens, legal persons and other organizations, and safeguarding national security and social public interests.
As soon as the state regulates, passwords will be separated into three types: core passwords, ordinary passwords, and commercial passwords. The first two are meant to protect state secret information. The highest level is “core password” which is meant to protect top-secret information, the second one is ordinary which is meant to protect information on a secret level.
Commercial passwords are easier to manage, they are protecting information that does not belong to the state and not a state secret.
This law will require institutions and corporations working on cryptography that they have to make a “management system” in order to develop and guarantee the security of their systems. The regulatory framework is setting straight standards for cryptography and the management of passwords lead by the central cryptographic agency on the purpose of creating guidelines and requirements for the industry. These managers won’t be able to require the source code of encryption systems however they will be sued if their system is not passing the requirements of the lawmaker.
China was never on the top of the line in privacy but according to this new regulation it seems that the state will centralize and control the encryption methods used by all identities which makes the data access and use even more easier than before. Concerned? Tell us what you think in the comments!
Original article translation: secrss.com