China’s Anti-Terrorism Law Released, Impacting Telecom and Online Business in China
Amid controversies, the Anti-Terrorism Law of the People’s Republic of China (“Anti-Terrorism Law”) was promulgated by the Standing Committee of the National People’s Congress of China (“SCNPC”) on Dec. 27, 2015, and will become effective on Jan. 1, 2016. Several clauses in this Anti-Terrorism Law will likely have significant impact on telecom service and online business in China.
Terrorism and Terrorist Activities
According to the Anti-Terrorism Law, “terrorism” refers to claims and acts that, through such methods as violence, destruction, or intimidation, etc., cause public fear, endanger public security, cause personal death or injury or property damage, or threaten government authorities or international organizations, to realize any political, ideological or other goals.
According to the Anti-Terrorism Law, “terrorist activities” refer to the following activities of the nature of terrorism:
- a.) organize, plan, attempt to implement, implement activities that cause or are intended to cause serious damages to the society, such as death or personal injury, material loss or dangers to property, damage to public facilities, disorder of society, etc.;
- b.) advocate terrorism, incite implementation of terrorist activities, or illegally possess items that advocate terrorism, force other people to wear clothes or logos that advocate terrorism in public places;
- c.) provide such support, assistance or convenience as information, funds, materials, labor, technologies, premises, etc.to terrorism organizations, terrorists, terrorist activities or the training of terrorist activities; and
- d.) other terrorist activities.
Key Clauses Relating to Telecom Services and Online Business
1. Technical Support and Assistance
Section 18 of the Anti-Terrorism Law states that telecom and Internet service providers (“Service Providers”) should provide technical support and assistance, including provision of technical interface and decryption, to the public security authorities for the prevention of or investigation into terrorist activities.
SCNPC released the draft Anti-Terrorism Law in November 2014 (“Draft Law”), which specified that the public security authorities, for the purpose of preventing or investigating terrorism activities, may use the technical interface of telecom networks or the Internet, or demand that related Service Providers or users provide decryption assistance. The Anti-Terrorism Law seems to enhance the obligations of Service Providers. According to the Draft Law, it seems Service Providers only need to provide support and assistance, when they are required by the government to do so. In the final version of the Anti-Terrorism Law, it appears that Service Providers may need to make the technical interface and decryption functions ready, and, once the government requires, they should provide such support and assistance immediately.
The Anti-Terrorism Law does not contain detailed provisions for such technical support and assistance. For example, it is unclear what exactly such “technical interface” refers to, and (ii) whether Service Providers need to hand over the decryption key to the government. In addition, it appears the Anti-Terrorism Law does not exhaust the technical support and assistance may be required by the government. It is unclear whether some sensitive business information, such as source codes, will be required to be submitted to the government, when it is deemed necessary.
2. Censorship of Content
According to Section 19 of the Anti-Terrorism Law, Service Providers are required to censor the content, and should prevent the spread of information containing terrorism or extremism. When they become aware of any such information, they should immediately stop the transmission of such information, keep relevant records, delete related information and report to the public security bureau or other related government agencies. In addition, the government may require the service providers to shut down related websites or stop related services.
It is noteworthy that the Draft Law did not include the term of “extremism”, which is new in the Anti-Terrorism Law. However, unlike “terrorism”, the term of “extremism” is not defined under the Anti-Terrorism Law. It is unclear (i) how the government will interpret “extremism”, and (ii) whether the inclusion of “extremism” in fact will broaden the scope of censorship.
3. Identity Verification
Section 21 of the Anti-Terrorism Law requires Service Providers to verify the identities of their respective users, and should not provide services to those without clear identities or those who refuse to cooperate in the identity verification process.
4. Liabilities for Violation
Section 84 of the Anti-Terrorism Law provides that, if the Service Providers fail to perform their obligations with respect to technical support and assistance as well as censorship of content, they may be subject to administrative fines of more than RMB 200,000 (without a cap), and the persons in charge may be subject to administrative fines of up to RMB 500,000 and administrative detention of 5 to 15 days.
Section 86 of the Anti-Terrorism Law also provides that the Service Providers that fail to perform their obligations relating to identity verification may be required to correct their failures. If they refuse to correct, then such Service Providers may be subject to administrative fines of more than RMB 200,000 (without a cap), and the persons in charge may be subject to administrative fines of up to RMB 500,000.
Possible Impact
As the Anti-Terrorism Law becomes effective on Jan. 1, 2016, Service Providers need to immediately implement the Anti-Terrorism Law. Without detailed implementation rules, there are questions surrounding this Anti-Terrorism Law for Service Providers. They may need to update their service terms to address anti-terrorism related issues. For example, they may need to include terms to notify users that their information will be disclosed to or monitored by the government for anti-terrorism purposes. Service Providers may also need to consult with the government for clarifications with respect to the technical interface and decryption assistance. For most Service Providers, especially international technology companies, the disclosure of source code or other sensitive business and technical information may trigger a change of their strategic business plans in China.