from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: March 27, 2015

China US WTO Cyber Net Politics CFR

March 27, 2015

China US WTO Cyber Net Politics CFR
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

  • The United States filed a submission at the World Trade Organization that expresses its concern with China’s new cybersecurity regulations applicable to information technology (IT) in the Chinese banking sector. The United States, backed by domestic industry associations, the European Union and Japan have raised concerns with the new regulations, which require Chinese banks to only procure IT that is "secure and controllable" and that "indigenous" products be considered for purchase. The submission asks China to clarify what it means to have "controllable" IT, whether the regulations apply to foreign banks operating in China, and the criteria by which IT products will be considered "indigenous."
  • The European Court of Justice heard a case that challenges the validity of the U.S.-EU Safe Harbor agreement, which provides a framework for U.S. companies that operate in Europe to comply with European privacy law. Max Schrems, an Austrian privacy activist, alleges that information collected on European users by five U.S. companies--Apple, Facebook, Microsoft, Skype and Yahoo--violated the Safe Harbor agreement because the companies were required to provide data to the NSA as part of its PRISM program. Absent the Safe Harbor agreement, data on Europeans collected by U.S. companies would not be able to cross the Atlantic, requiring them to build dedicated infrastructure and services in the EU for their EU customers to comply with European privacy law.
  • The United Nations Human Rights Council created a special rapporteur on the right to privacy in the digital age. The rapporteur, who has yet to be appointed, is mandated to gather information on challenges to the right to privacy in the digital age, identify the obstacles to the right to privacy, report on alleged violations of the right to privacy as defined by article 17 of the International Covenant on Civil and Political Rights, and submit annual reports to the Human Rights Council and the UN General Assembly. Germany and Brazil sponsored the resolution creating the new position, which received unanimous support from other Council members, including the United States, Russia, and Cuba.
  • The Huawei Cybersecurity Evaluation Centre, which reviews the security of Huawei equipment used in the United Kingdom’s critical infrastructure, is effective in mitigating national security risks the Chinese company could pose to the UK according to the review board charged with overseeing the centre. The oversight board, chaired by a representative of GCHQ, was created after a UK parliamentary committee questioned whether the Centre was sufficiently independent from Huawei headquarters in Shenzhen, China. Government officials in the United States, Australia, UK, and Canada have previously raised concerns about the use of Huawei equipment in critical infrastructure networks could facilitate Chinese espionage given the company’s origins and founder, a former officer in the People’s Liberation Army.