In recent years we have witnessed an intense communication campaign aimed at raising awareness about the interference of intelligence services of the People's Republic of China in telecommunications equipment manufacturers.
The starting point was the Opinion prepared in 2012 by the Special Intelligence Committee of the House of Representatives of the United States that directly denounced Huawei and ZTE by stating that "in accordance with Chinese laws, ZTE and Huawei they would be obliged to cooperate with any request of the Chinese government to make use of their systems or access them for malicious purposes under the pretext of state security. " Subsequent accusations, however, focused on China's National Intelligence Law of June 2017. The United States asserted that this rule allowed the Chinese government to require technology companies to give access to their information for malicious purposes, or even This legal instrument, according to these publications, provided coverage to carry out acts that could be considered espionage.
Despite all this, recently some countries such as Germany, the United Kingdom or Spain have decided to allow Huawei and ZTE to participate in the supply of 5G networks.
In this controversial scenario several doubts arise, what is behind these accusations? In addition to the fact that such violations have never been detected, is there any legal basis for the Chinese government to require Huawei or ZTE to implement spy devices in its telecommunications equipment? Or are these accusations just an attempt to turn Huawei into a currency and criminalize the adversary in the power struggle between two major technological powers?
From a legal perspective, the answer is simple and clear. Analyzing the entire Chinese regulatory framework that regulates and / or affects cybersecurity, it is not possible to find any provision that allows the Chinese government to order Chinese companies to implement backdoors or spyware on their telecommunications equipment or in any other way could allow espionage activities to be carried out in Europe and abroad. In fact, there is a general principle of Chinese law that does not allow the extraterritorial application of these norms that affect cybersecurity, a legal circumstance that is also guaranteed by a system of sanctions for those who carry out actions that fail to observe the aforementioned principle.
Thus, under the Chinese Cyber Security Law, article 28 requires that only network operators - but not telecommunications equipment manufacturers - provide assistance to the Chinese Government to support national security. Of course this does not imply per se any act of espionage.
Some say that the Chinese Intelligence Law is the critical norm, since some of its precepts (articles 7 and 14) force Chinese citizens to provide assistance in national intelligence work. However, these comments lack, once again, any legal basis, since the aforementioned standard does not contain provisions that allow or require that the implementation of backdoors or espionage devices in networks and infrastructures can be ordered by the Chinese authorities, not in China, much less, of course in Europe. This is because - as with the Cyber Security Law - this only applies to Chinese citizens in China and does not extend to European subsidiaries or their business activities. The extraterritorial effect of this Law is undoubtedly limited when it conflicts with the laws of other countries, regardless of whether the object of it does not prevent the execution of any act of espionage even in China by Chinese citizens or companies .
The picture is similar for the Counter-Espionage Law, the State Security Law and the Chinese Anti-Terror Law, none of which is applicable to the European subsidiaries of Chinese equipment manufacturers or their commercial activities. Nor, of course, does it support espionage actions in China, let alone abroad. Such conclusions have recently been corroborated by the Chinese Government itself. Thus, Mr. Yang Jiechi, Chinese State Counselor, publicly confirmed at the Munich Security Conference that none of the laws that make up the legal system in China require manufacturers of Chinese equipment to install spy devices.
On the other hand, there are countries that pass laws with markedly extraterritorial effects, as is the case with many US standards. The United States Foreign Intelligence Surveillance Act ("FISA"), which was amended in 2018 to allow the National Security Agency ("NSA") to collect data on digital communications of foreign natural and legal persons outside the United States without even previously submitting a court order.
Another example of extraterritorial application is the United States Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act), passed in October 2001, following the terrorist attacks of September 11, 2001, which restricted individual rights and freedoms and allowed US authorities to have access to numerous databases that contain confidential information about hundreds of thousands of US citizens and businesses.
Finally, the so-called US Cloud Act, approved last year by the administration of Donald Trump, and that allows US authorities to require technology companies to store relevant information stored in either the United States or other states. In fact, some EU member states expressed concern in this regard. According to Ulrich Kelber, the German responsible for data protection and freedom of information, US authorities could invoke the Cloud Law to demand access to data held by certain U.S. cloud service providers, which, without No doubt, it would create a risk for German government agencies that store data with them.
The published information on Chinese regulations is largely generating fear and distrust. Judging by the analysis and comparative study of laws that affect network security, it could be said that an unbalanced and unequal view has been provided regarding the different political actors currently in commercial conflict.
We are, without a doubt, in a moment where cyberspace security has become an issue of great relevance, due to the incessant growth of technological advances and the need to generate a legal framework that responds to the challenges that are emerging in All areas of society. In this sense, collaboration between all economic, social and legal actors is essential to continue implementing the corresponding security thresholds that contribute to maintaining consistent technological progress over time.
Javier Cremades , President Cremades & Calvo Sotelo Abogados Lawyer
According to the criteria of The Trust ProjectKnow more
EditorialUSA: cracks in its 'check and balance'
The noise of the street and Emiliano threw the inkwell