When e-commerce executives hear the word China, their mouths begin to water. Don DePalma, vice president of corporate strategy at Idiom, a web globalisation company, predicts that China will have 33 million Internet users and will produce $11.7 billion worth of e-transactions by 2003. With China almost certain to join the World Trade Organisation by the end of this year, the country presents a potentially lucrative marketplace for most e-businesses.
It's no wonder, then, that China's latest round of regulations regarding Internet activity is causing some consternation among many dotcoms. Late last month, China announced that Chinese Internet companies must receive approval from at least three state agencies before they issue any shares of stock. A week later, the government declared that users who post or discuss "state secrets," that is, any information of national interest that has not been officially released by the Chinese government, risk arrest or some other form of censure.
While these regulations reveal a government that is reluctant to embrace a free-market Internet economy, they are less troubling to e-commerce companies than a regulation issued in October with a compliance deadline of January 31. The regulation requires that any company doing Internet business in China must register its commercial encryption software-including the "key" that provides access to consumer information and transaction data-with the Chinese government.
"What we're talking about is proprietary information," says Michael Kurtz, Asian Strategist for Ideaglobal.com, an independent economic research and market forecasting firm. "A lot of Chinese companies are state run, so the line is blurry between the local security apparatus and your direct competitor. Just who is really getting access to your data?"
While the ramifications of refusing to comply with China's encryption policy may be severe-prohibition from doing business in a juicy young market-most major companies, the experts say, will take that risk. "China is walking a fine line between the desire to build its economy and the urge to control information," says DePalma. "Big US companies have the leverage here, because they're investing in the Chinese economy in a major way."
That doesn't mean all companies should simply blow off the encryption policy. Most experts are advising companies to weigh the pros and cons of registering. "China doesn't have the manpower broadly to enforce its policy, so you're probably going to get selective enforcement from Beijing," says Kurtz. "But do you want to be held up as the example? Installing new encryption technology six months from now is a whole lot better than running afoul of commercial law in China."
According to Becca Gould, vice president of public policy at the Business Software Alliance, "Many companies are registering publicly available information, like their encryption algorithms, but they're not handing over their keys." Because the regulations are somewhat vague, companies are trying to stay within the spirit, if not the letter, of the law.
As China's ministries vie for control of the Internet by issuing broad regulations, and as the Chinese government comes to grips with a future that flies in the face of its past, companies eager for a piece of the pie would be wise, the experts say, to proceed with caution into Chinese cyberspace.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.