The Chinese government has enriched their 2017 cybersecurity law by adding provisions that allow state agencies to legally conduct penetration testing sessions to anyone online in the country. As the new provisions foresee, all companies and organizations that use more than five computers that are connected to the internet are now candidates for a pen-test by the Ministry of Public Security (MPS). These modifications and additions are supposedly introduced to increase the security of the people of China, ensure that databases are adequately protected and that no data leaks or other serious cybersecurity incidents occur.
However, and considering the overall function of the particular Ministry, the people’s security is probably just the official justification, while the main point is to render higher levels of intrusive interventions legal. The Chinese government wants to have full control of all online entities in the country, and why ask for their permission to perform inspections on their infrastructure when they can do so whenever they want, and without even having to inform them of the fact? The following list of provisions is indicative of what value the Chinese authorities give to people’s right to privacy.
What experts make of the above is that China wants to intensify their data collection practices, and so getting their hands into anyone’s database is a great way to achieve this. After all, the provision for the “copying any user information found during the inspections” is clearly showing their intentions. The vagueness that underpins these new provisions isn’t leaving much room for specific exclusions or limitations in any of them either. After this move, the people of China and every foreigner who lives in the People's Republic have woken up to an even cloudier day for their online rights.
Would you accept this enforced penetration tests, or would you take your company/organization away from China after the new provisions that were added in the relevant Cybersecurity law? Share your thoughts below, or on our socials, on Facebook and Twitter.