MOSCOW (Sputnik) — The so-called declaration of compliance was submitted to US companies last summer, according to the newspaper, which published the document on Wednesday. It was reportedly authored by the China Information Technology Security Evaluation Center.
It asks tech firms "not to transfer, store or process any sensitive user information collected within the China market outside China’s borders" and "to promise to accept supervision from all parts of society, to cooperate with third-party institutions for assessment and verification that products are secure and controllable."
The New York Times cited unnamed industry groups as saying that "controllable" was a catchphrase meaning companies could be asked to hand over encryption keys or even source code to Chinese regulators.
Beijing revised its cybersecurity policies in the wake of the 2013 US bulk data collection scandal, in which it was revealed that the US online spying agency, the National Security Agency (NSA), embedded "backdoor" surveillance codes in US software and hardware sold abroad
