China's officials, once they have encryption keys and access to the China network of a foreign firm, will be in a good position to penetrate the networks of that firm outside China. (Image source: iStock)
There's something missing from the "Phase One" trade agreement with China, announced Friday. And it's something critically important. Yet, Larry Kudlow, President Trump's director of the National Economic Council, appeared not to know about it afterwards.
"We will see," said Kudlow in response to Maria Bartiromo on "Sunday Morning Futures," her Fox News Channel show, as she asked him about Beijing's new "cybersecurity" rules. "There's a large IP chapter in this deal and there's also a large forced technology transfer chapter in this deal. I don't think we know enough about these new Chinese rules and we'll have to look at that and by the way if they do violate them of course we will take action."
Bartiromo was referring to two sets of Chinese rules. On December 1, Beijing implemented the Multi-Level Protection Scheme 2.0, issued pursuant to the 2016 Cybersecurity Law. On January 1, China's Cryptography Law becomes effective.
These measures prohibit foreign companies from encrypting data so that it cannot be read by the Chinese central government and the Communist Party of China. Businesses will be required to turn over encryption keys. Companies will not be able to employ virtual private networks to keep data secret, and some believe they will no longer be allowed to use private servers.
Together, these measures allow Beijing to take all the data and communications of foreign companies.
Beijing's complete visibility into the networks of foreign companies will have extremely disadvantages consequences. For instance, Chinese officials will be permitted, under Chinese law, to share seized information with state enterprises. This sharing means the enterprises will weaponize the information against their foreign competitors.
Moreover, China's officials, once they have encryption keys and access to the China network of a foreign firm, will be in a good position to penetrate the networks of that firm outside China. Therefore, Beijing will soon steal data stored on foreign networks and put companies, like Nortel Networks, out of business or ruin them to the point where Chinese entities can buy them up at reduced prices. Do we really want the Fortune 500 to be owned by China?
The U.S. Trade Representative's skimpy Fact Sheet for the Phase One deal does not address the December 1 and January 1 rules. There is, of course, no point in including in the trade deal forced taking and intellectual property protections if they do not cover the cybersecurity rules.
Judging from Kudlow's nonspecific response to Bartiromo and his admission of not knowing much about "these new Chinese rules," the administration apparently has not considered the linkages between them and the trade deal. If that is indeed the case, the Phase One deal will be pointless. Anything — information, data, communications, trade secrets, or technology — protected under its terms will nonetheless be available to Chinese authorities pursuant to the December 1 and January 1 rules.
The remedy? President Trump can pull out of the Phase One deal — something he should do anyway — or use his considerable powers under the International Emergency Economic Powers Act of 1977 to prohibit American companies from complying with the new cybersecurity rules or from storing data in China. On August 23, Trump threatened to use the act to force companies out of that country.
Washington will have to do something fast to protect American businesses in China — and the American economy — because the Phase One deal is clearly inadequate. There is, after all, a big hole in the center of it.
Gordon G. Chang is the author of The Coming Collapse of China and a Gatestone Institute Distinguished Senior Fellow.