China tightens control over cybersecurity in data crackdown
BEIJING — Tech experts in China who find a weakness in computer security would be required to tell the government and couldn’t sell that knowledge under rules further tightening the Communist Party’s control over information.
The rules would ban private sector experts who find “zero day,” or previously unknown security weaknesses, and sell the information to police, spy agencies or companies. Such vulnerabilities have been a feature of major hacking attacks including one this month blamed on a Russian-linked group that infected thousands of companies in at least 17 countries.
Beijing is increasingly sensitive about control over information about its people and economy. Companies are barred from storing data about Chinese customers outside China. Companies including ride-hailing service Didi Global Inc., which recently made its U.S. stock market debut, have been publicly warned to tighten data security.
Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than the product’s manufacturer.
