The government needs to set standards to limit online paranoia
This article is a live version of our trade secret newsletter.registered Here Send the newsletter directly to your inbox every Monday to Thursday
Hello from Beijing, we are about to end a month of record-breaking thunderstorms. Schools and outdoor venues are closed.Crowded indoors, the topic that fascinates us is called the car giant Didi Chuxing Supervise car accidents.
Didi’s crisis and its impact on China’s data-rich multinational companies will take months to fully manifest.Seven Chinese government departments, including the National Security Force, announced on Friday Resident staff Inside Didi’s office.
They were there to perform the cybersecurity review announced two weeks ago, just a few days after Didi’s $4.4 billion initial public offering in New York. The announcement and subsequent penalties caused Didi’s share price to fall by more than 10% from its IPO price.
US shareholders have filed a class action lawsuit claiming that Didi has not disclosed its regulatory risks. The reality may not be so direct, but it is even more worrying: the breadth and ambiguity of China’s data security legislation puts many companies at risk of inadvertent misunderstandings with regulators.
Concession waters See how the freight rates that affect American shippers continue to soar.
China’s data concerns may evolve into American paranoia
Although the China Cyberspace Administration did not specify the specific reasons for launching a cyber security inspection against Didi, it mentioned national security and Data security risksSince 2018, these two concepts have become inseparable for the Chinese government, which recently passed the Data Security Law.
“Data is a country’s basic strategic asset. Without data security, there is no national security,” the law went into effect on September 1.
Before the looming deadline and after the collapse of Didi, businessmen and lawyers Confused about how to comply There is a vague set of legal obligations. In China’s civil law, very broad laws are first passed, and then clarified through subsequent implementation guidelines and industry standards. However, these clarification measures are still missing. This puts companies in a situation where the data security law expands the scope of government approval for cross-border transfer of “important” data, but there is no clear procedure for obtaining approval.
The need to audit cross-border data flows has a huge impact on companies that do not consider themselves to be technology conglomerates. All multinational companies need to transfer data in and out of the country, starting with salary data. Medical insurance companies deal with more sensitive personal data. All of these may be subject to scrutiny.
In the absence of legal clarity, sources worry that they will be affected by tensions between the United States and China and opaque regulators. “This is not a cybersecurity compliance issue, but a government relationship issue,” a multinational executive complained.
I believe that when US President Donald Trump threatened to ban the app on national security grounds in August 2020, the staff of Bytedance, the parent company of the short video app TikTok, had the same idea. At the time, considering that the nature of TikTok meant that almost all data sent to the platform was publicly released, many of us were puzzled by the threat posed by Beijing’s exposure to the country’s latest dance boom.
The problem is that data paranoia is too easy to become a self-perpetuating meme. Within days, the companies that banned employees from using the app began to take Trump’s concerns seriously (although Amazon quickly turned around). Data paranoia can also become unfalsifiable. Once Trump issued an accusation to the world, everyone scrambled to figure out what it was based on—in other words, do the work of the US government for it.
We are in a similar situation to Didi. Didi’s mistakes have not been made public, and its executives may be as ignorant of the problem as the rest of us. In fact, the fact that Beijing is currently conducting a cyber security review shows that the government itself is not yet aware of this issue. It is concerned about the large amount of user itinerary and map data that the company has, and it tries to identify possible problems.
Although Didi’s failure exposed China’s lack of a clear regulatory framework to manage sensitive data, the US-China battle over the past few years has also highlighted how other governments are not clear about the nature of the cyber threats they face. This leads to trade policy based on political trust rather than technical standards.
However, interpersonal trust is not a good measure of network security. Political allies monitor each other, and technology companies located in unfriendly countries may provide safer services than less-skilled companies in allied countries.
This is not to say that Huawei or Didi have no security risks. But when deciding how to deal with these issues, the government initially seemed inclined to adopt a rough and maximal approach to regulation. In the end, they will find that the only feasible solution is to provide the company with detailed technical guidance to determine which data flow is OK and which cannot.
For a long time, the cyber security industry has been committed to creating processes that do not rely on interpersonal trust to ensure security. Trade secrets can’t help but wonder if more government leaders have technical literacy, whether they will consider technological solutions before the political big stick.
Yesterday’s trade secrets studied the arguments for and against the executive order of US President Joe Biden, aiming to Limit shipping costs. We know what drove this order-the sky-high price of transcontinental shipping. The surge started in the second half of last year, but as shown in the chart below, freight rates continued to soar, especially on the Northern Europe to the east coast of the United States. Claire Jones
how China’s zero Covid-19 strategy go with?Not good, according to this reportBeijing has promised that no cases will occur, which means that most of its citizens may be cut off from the outside world before the end of the year. This is not good news for a country that is so dependent on trade.There is more after the incident Suitable for 55 The package launched last week, this time from U.S. oil and gas exporterThey were warned that although energy was excluded from a series of climate proposals made in Brussels last week, they still face further tightening of European anti-pollution rules.
Imbalanced vaccine supply It is deepening around the world, and the surplus in the United States and Europe is in sharp contrast to the shortage in many countries in Asia. result: 150m dose not used (Nikkei, $, subscription required). India’s exports already Stagnant (Nikkei, $) After the deadly second wave of viruses in April and May ravaged this South Asian country with a population of more than 1.3 billion, it has been going on for three months so far-there is little chance of recovery in the short term. Claire Jones