New Search & App Rules as Cybersecurity Law Looms

China’s Cyberspace Administration (CAC), which saw the announcement of an unexpected leadership change this week, has unveiled a raft of new rules covering web search and mobile . Meanwhile, the second reading of a draft law signals the approach of higher-level regulation, while a CAC content removal request to the U.S.-based suggests a new tack in taking on sensitive content hosted overseas.

Bloomberg reports on new regulations, set to take effect in August, which will require Chinese search engines to report banned content, and also to verify the qualifications of advertisers who pay for priority result listing. These new rules come after a government investigation found search giant to have advertised misleading medical information which led to the death of a college student. Wei Zexi died in April after being led to an experimental cancer treatment in Baidu’s paid search results. The company was last month ordered to change its paid search result methods and to remove ads that violate regulations.

Under rules to take effect Aug. 1, operating in the country will be prohibited from providing banned information in various formats including links, summaries, cached pages, associative words, related searches and relevant recommendations, the said in a statement. They will also be required to report websites and applications that contain prohibited content when spotted, the regulator said.

[…] Baidu will comply fully with relevant laws and regulations as outlined by the Cyberspace Administration of China and work closely with government agencies, Internet users and the community to uphold a healthy Internet environment, the company said in an e-mailed statement. [Source]

Reuters’ Ben Blanchard has more on the rules’ stipulation that search engines’ paid-for advertisements be more tightly managed, a direct regulatory response to the public outrage sparked by Wei’s death:

China’s internet regulator said on Saturday that search engines should tighten management of paid-for ads in search results, making clear which results are paid-for and limiting their numbers.

[…] The Cyberspace Administration of China said search engines should investigate the “aptitude” of clients offering paid-for ads, set a clear upper limit on such ads and clearly distinguish which are paid-for ads and which come from “natural searches”.

“Internet search providers should earnestly accept corporate responsibility toward society, and strengthen their own management in accordance with the law and rules, to provide objective, fair and authoritative search results to users,” it said.

Users have been particularly concerned with medical ads, which are a threat to people’s health, the regulator added. [Source]

The new rules have been translated in full by Fei Chang Dao and China Law Translate. At The Wall Street Journal, Alyssa Abkowitz reports on the CAC’s explanation of the need for this new regulation:

An unnamed CAC official said the new rules came in response to internet users’ longtime complaints about the ambiguity between paid ads and “natural search results,” according to a Q&A posted on the regulator’s website.

“Some search results include illegal contents like rumors, obscenity, violence, homicide and terror; some search results lack objectivity and fairness, which violates the corporate moral standards, misleads and affects public judgment,” the official said.

At the South China Morning Post, He Huifeng and Nectar Gan report on an additional CAC regulation on mobile apps, also set to take effect on August 1. The new rules will universally require real-name registration and demand all app providers to keep details of their users’ activity for two months. While the CAC bills the new regulation as an effort to mitigate the spread of “illegal information” while also protecting users’ information security, some app providers see the record-keeping clause as a warning to China’s 700 million web users:

The new regulation applies to the provision of “information services through mobile internet apps as well as app store services on the Chinese mainland”. It is unclear if the new regulation would affect overseas users of Chinese apps.

[…] Under the new regulation, users will still be allowed to adopt a public alias but not before registering their real identities with the app providers. App providers must verify those identities by mobile phone numbers or other means.

Providers should issue warnings, restrict access, suspend updates or shut down accounts of users who publish “illegal information” and content.

App store operators, meanwhile, will be required to vet the apps’ security and compliance with the law.

App providers will also need the explicit consent of users to gain access to their geographic ­location and contact list, record video and audio through their mobile devices, or activate or bundle unnecessary functions with their services.

[…] A Guangzhou-based app operator, who refused to be named, said the rule on activity logs was a warning to “all internet users not to make improper comments on social or political issues because every word you type will be ­recorded and handed in to the authorities”. [Source]

The announcement of these new rules comes on the heels of the second reading of a draft , which was presented to the  National People’s Congress on Monday but has not yet been made law. The first draft of the law last year raised significant controversy for its vague language, potential to restrict online expression, and possibility to economically disadvantage foreign firms. At Reuters, Paul Carsten and Michael Martina report on the second reading of the draft, and on officials’ justification of internet restrictions as essential to protect national security:

The draft, presented before the standing committee of the National People’s Congress, requires network operators to comply with social morals and accept the supervision of the government and public, official news agency Xinhua said.

It also reiterated that Chinese citizens’ personal data, as well as “important business data” must be stored domestically, adding that those wishing to provide that information overseas faced a government security evaluation.

[…] Chinese officials say internet restrictions, including the blocking of popular foreign sites like Google and Facebook, are needed to ensure security against growing threats, such as terrorism. [Source]

As new tools have been developed to circumvent the Great Firewall and allow access to restricted sites, Chinese authorities have continuously updated their means of ensuring that forbidden foreign content remain inaccessible. Last year, authorities were suspected of orchestrating major DDoS attacks on code-sharing website GitHub’s mirror sites for the censored GreatFire.org and Chinese New York Times. The CAC has apparently now adopted a softer method for dealing with sensitive material on the U.S.-based repository host. GitHub recently received a letter for content removal from the Cyber Security Association of China, a branch of the CAC established just this March and headed by “Father of the Great Firewall” Fang Binxing. The content in question is a March 8 page created by user “programthink,” which claims Xi Jinping plotted the murder of his half-brother. Josh Horwitz reports for Quartz:

The letter is notable for two reasons. Firstly, it has drawn attention to a previously little-noticed 2,432-character essay alleging Xi ordered the military to murder his half-brother, Xi Zhengning, to cement his rise to power.

We surmise that Xi Jinping had probably hired somebody from the military to go to Hainan, including an army doctor. Xi Zhengning was an honest man who obeyed the rules, he was not on the defensive; his position wasn’t high either, so he didn’t have bodyguards. The murderers entered Xi Zhengning’s house and subdued him, after which they injected some sort of poison into his body and caused his heart to stop beating.

(There’s no evidence of any of these accusations, and they aren’t considered credible.)

And secondly it marks a huge turnaround for China’s often brutal internet monitoring agencies. In fact, just last year the Chinese government launched a DDoS (distributed denial of service) attack on GitHub, which effectively cut access to millions of programmers worldwide.

That attack marked the start of a new, aggressive push by China’s Communist Party to regulate the internet outside of its own borders, researchers argued. This relatively polite letter, on the other hand, is a sign they realize that attack backfired. [Source]

GitHub did not remove the page, but has blocked it in China. Users trying to access it from behind the Great Firewall will instead see an HTTP 451 error message.

The GitHub page is part of programthink’s “zhao” repository, a collection of materials on over 700 of China’s “princelings” aiming to “expose powerful families.” (Netizens call the politically and financially connected “Zhao family members,” after the landlord in Lu Xun’s novella “The True Story of Ah Q.”) The materials are primarily drawn from Wikipedia, the New York Times, and other publicly available sources. But the page in question includes a 2,000-character essay by “CMB-news,” linking only to the overseas news site Boxun—known for making “claims that are difficult to prove”—and a thread on a BBS forum.

Anne Henochowicz contributed to this post.