China has passed new anti-terrorism legislation that requires telecoms and Internet companies to provide “technical interfaces, decryption and other technical support assistance to public security organs and state security organs conducting prevention and investigation of terrorist activities in accordance with law” (Article 18). Chinese authorities must be able to carry out surveillance on all services, including encrypted communications. However, there is no explicit requirement to add backdoors to systems, as was proposed in an earlier draft version of the law published in January 2015.
Article 19 of the new law spells out the requirements in more detail: “Telecommunications operators and internet service providers shall, according to provisions of law and administrative regulations, put into practice network security systems and information content monitoring systems, technical prevention and safety measures, to avoid the dissemination of information with terrorist or extremist content.”
In addition, where “information with terrorist or extremist content” is discovered, its dissemination must be halted, websites closed, records saved, and a report made to “public security organs.” This also applies to information held outside China: “Departments for network communications shall adopt technical measures to interrupt transmission of information with terrorist or extremist content that crosses borders online.”
Reuters quotes Li Shouwei,…