Shadowing the standoff between the FBI and Apple over access to an encrypted iPhone used by one of the San Bernardino attackers is the question: What will China do? If Apple creates unique software that allows Washington access to the phone, does that open the door for Beijing to make similar demands on the company and all other foreign technology firms operating in China? As Sen. Ron Wyden of Oregon argued, “This move by the FBI could snowball around the world. Why in the world would our government want to give repressive regimes in Russia and China a blueprint for forcing American companies to create a backdoor?”
Certainly, China watches U.S. statements and policy very closely. An early draft of China’s counterterrorism law included provisions requiring the installation of backdoors and the reporting of encryption keys. In the face of criticism from the US government and foreign technology companies, Fu Ying, spokeswoman for the National People’s Congress, defended the provisions as in accordance with “international common practices,” adding that it was common for the Western countries, such as the United States and Britain, to request tech firms to disclose encryption methods. The final law, passed in December 2015, was much more ambiguous about what type of demands the government would make on technology companies, but it is clear that Chinese leaders are more than happy to exploit what is happening in the United States as rhetorical cover.
Yet we should be clear that what happens in the United States will have very little impact on what China ultimately decides to do. Beijing, like governments everywhere, wants to collect and analyze data for law enforcement and national intelligence reasons. The desire for data may only intensify under Xi Jinping’s leadership; the Chinese Communist Party appears increasingly worried about domestic stability and the spread of information within the country’s borders. For foreign companies, refusal to cooperate with the Chinese authorities will increasingly lead to a loss of market opportunities.
Faced with competing pressures across the many jurisdictions that they operate in, there are no easy options for the companies. Any resolution will be political, not technical. The ideal outcome is a multilateral agreement that embraces privacy and the strongest encryption possible, but also allows government access to data for legitimate purposes.
The most workable solution within the United States may in fact involve sidestepping the question about whether governments (or companies) should be able to break encryption. As a recent report from the Berkman Center for Internet & Society at Harvard University argues, there are now massive amounts of data generated through the Internet of Things (cars, thermostats, surveillance cameras and hundreds of devices other connected devices) and the metadata (time, location, address, but not content) produced by cell phones and Internet communications. This data can be made available to law enforcement through established legal procedures, while leaving the encryption that protects phones and other devices alone.
This approach could be standardized across the Atlantic. Governments would leave encryption alone, but share other measures to collect data. With Privacy Shield, the new agreement that regulates the transfer of data by companies between the U.S. and the EU, and reports that the U.S. and UK are negotiating a new treaty that would allow easier access for law enforcement to data, there are promising signs that it is possible to develop trans-Atlantic agreements about how information might be shared across national borders.
China, however, remains the hard case. There is no indication that Beijing would be willing to forgo access to encrypted data on a phone, and, given cultural and political differences, little hope for rules and standards shared across the European, Chinese, and American economies. China and Apple seem to have reached a temporary détente. Beijing has so far not made any further public demands on Apple, and the Chinese market is increasingly important to the company’s future, with revenues growing to $12.5 billion in 2015.
Yet Beijing has also made it clear that it expects foreign companies to follow its rules if they want to continue selling in the Chinese market. As China’s cyber czar Lu Wei said in December, “As long as you don’t harm China’s national interests or Chinese consumers’ interest, we welcome you and your growth in China.” Apple is likely to be pushed, unwillingly, into forking its products, creating separate, less secure products for Chinese users. While this will be a bitter pill for Tim Cook and Apple to swallow, given their promises to defend the privacy of all users, it is likely to be the price of continuing to do business in China.