In recent months, a series of U.S. government reports have documented U.S. policymakers’ growing concerns over Chinese government policies and programs designed to advance China’s competitive edge in a range of technologies and industries. In turn, the findings of these reports are shaping U.S. economic and national security laws and policies, as illustrated by the recent Section 301 tariff actions, national security reviews of investment by Chinese firms under the Committee on Foreign Investment in the United States (CFIUS) process, and provisions of the recently-passed John McCain National Defense Authorization Act that restrict exports of “emerging and foundational technologies” and U.S. government use of certain Chinese-made telecommunications equipment. Against this background, a report released on October 26, 2018, is likely to further increase U.S. government scrutiny of China-manufactured devices with internet connectivity features – so-called “Internet of Things” or “IoT” devices.
Mobile phones are ubiquitous extensions of our personal and professional lives and few think deeply about the tangled webs of software and hardware providers that formulate components to mobile phone fabricators. However, the Federal Trade Commission’s recent settlement with BLU Products represents an important reminder of the importance of appropriate vendor oversight in all phases of the manufacturing and sales process.
On January 25, 2018, China released the final version of the Personal Information Security Specification, new voluntary standards on the protection of personal information. The standards anticipate and address the “issues faced in personal information security during the rapid development of IT technology; with the protection of personal information as their core” and is meant to “regulate all phases of big data operations and related conduct, such as the collection, storage, processing, use and disclosure of personal information.” The standards will go into effect on May 1, 2018.
The standards will apply to organizations using information systems to process personal information; specific departments that involve network security, third party assessment organizations; and other organizations that deal with the oversight, management, and assessment of personal information security. Generally, they lay out the following 8 basic principles of personal information security.
An international human rights organization is urging the Chinese government to stop building big data policing technologies that aggregate and analyze citizens’ personal information. Though governments collecting information about its citizens is not new, China has begun pursuing newer and ambitious technologies, such as big data analytics, facial recognition, and cloud computing, to better and more quickly aggregate, mine, and leverage personal information.
Continue reading “Human Rights Watch Denounces China’s Big Data Policing”