China to demand source code access, backdoors in some tech products

article thumbnail

China's central government has introduced new procurement regulations that would force technology companies wishing to do business with the country's banks to submit source code for review and build government-accessible backdoors into their products, according to a Wednesday report.

Word of the changes, which the New York Times says have already prompted calls of protectionism from a number of western firms, comes on the heels of a report that Apple has already agreed to subject its own products to Chinese government audits. It is unclear whether those "inspections," as one official called them, would fall under the same umbrella as the new banking regulations.

Apple does not traditionally compete for the kinds of enterprise infrastructure projects that China's regulators are targeting, but the company has made significant moves in that direction of late. A recent tie-up with IBM has Big Blue pitching Apple's iOS devices to its enterprise customers, many of which are large banks that are the bread and butter of IBM's mainframe and services businesses.

During Apple's quarterly earnings call earlier this week, CEO Tim Cook said that the two firms had made "great progress" since the commencement of the partnership. Ten new mobile applications aimed at banking, retail, insurance, financial services, telecommunications, governments and airlines have been delivered to a dozen "foundational customers," with over 130 more companies kicking the tires.

If Apple were asked by the Chinese government to build backdoors into the iPhone or iPad, it would be an ironic twist.

The company has faced tight scrutiny in China after allegations that it participated in intelligence gathering initiatives run by the U.S. National Security Agency. Apple has repeatedly and emphatically denied involvement, and Cook reportedly sought to reassure top Chinese internet regulator Lu Wei of the company's commitment to user privacy during a meeting in Cupertino.

While there are "rumors of us keeping backdoors and providing data to third parties," Cook is said to have told Lu, the company has "never had any backdoors and never will."

Even if Apple elects not to bid for enterprise sales in China, it may not escape the government's control. A second set of still-unfinished policies, aimed at antiterrorism, would force companies that enable encrypted communications to provide the government with encryption keys and store all Chinese user data on Chinese servers.

The former could prove problematic for Apple, which has overhauled the encryption mechanism in iOS 8 in a manner that makes it impossible to comply with such a request. The company already stores at least some Chinese user information in datacenters run by China Telecom, but maintains that the state-owned telecom firm does not have access to that data.