Google has just announced it will cease accepting certificates issued by the State Chinese Internet Network Information Center (CNNIC) following a security breach after the regulator apparently sub-contracted certification issuance to a Cairo based firm. This business subsequently issued unauthorized security certificates that were vulnerable to a hacking mechanism that would permit communications to be intercepted between an individuals computer and the web server. Both the Cairo contractor and CNNIC have said the breach was an accident and down to human error. Google responded by stating it will no longer trust certificates issued by the CNNIC.
The implications of this decision by Google – which has unsurprisingly been heavily criticized by the CNNIC – are immediate. Google users visiting .cn websites will now be presented with a warning screen prior to being asked if they wish to proceed with the site visit and will be told the site may potentially be unsafe. However, a period of grace is being offered to significant website domains approved by the CNNIC, including Chinese banks and similar portals in order for them to obtain certification elsewhere. Google has also stated that CNNIC is “welcome to re-apply for trusted status once suitable technical and procedural controls are in place” – a move that CNNIC have greeted with some anger and is sure to preempt a head-on collision between Chinese and United States internet regulators.
Mozilla has followed Google’s lead, which means that on Chrome and Firefox browsers, users will be notified that the .cn domain is unsafe and not be to trusted. This has significant implications for businesses working with .cn domains, many of whom are foreign investors with substantial operations in the country. For example, .cn domains will not be trusted by international buyers concerning submission of credit card data and other personal information. Many multinationals run a version of their website through the CNNIC.
GoDaddy, the largest domain registration provider, stopped selling dot.cn domain names way back in 2010 after the Chinese government requested the company provided information on registrants. Christine Jones, their General Counsel, said at the time: “We just made a decision that we didn’t want to act as an agent for the Chinese Government”.
In remains to be seen how the CNNIC and the Chinese Government will react and whether they will yield to international pressure to sort themselves out and abide by security protocols. No-one knows quite how a domino effect will pan out if the Chinese decide to use this incident to further isolate their own .cn domains from the international community, or whether they wish to pull back from such a scenario.
In the interim period, foreign investors using .cn domains should be instructing their IT support to consider obtaining alternative domains and security clearance from other providers for their China platforms. For example, dot Asia domains are already available.
Even if this incident blows over, it remains a pearl of wisdom that in emerging markets such as China, it is best to have contingency plans in place. We will keep readers updated on this issue as it develops, and advice readers on compliance issues. Our practice, Dezan Shira & Associates provides ERP, CRM and web development services as part of our China compliance team and we will advice through these pages on measures to address should the situation deteriorate further.
Chris Devonshire-Ellis is the Founding Partner of Dezan Shira & Associates – a specialist foreign direct investment practice providing corporate establishment, business advisory, tax advisory and compliance, accounting, payroll, due diligence and financial review services to multinationals investing in emerging Asia. Since its establishment in 1992, the firm has grown into one of Asia’s most versatile full-service consultancies with operational offices across China, Hong Kong, India, Singapore and Vietnam, in addition to alliances in Indonesia, Malaysia, Philippines and Thailand, as well as liaison offices in Italy, Germany and the United States. For further information, please email firstname.lastname@example.org or visit www.dezshira.com.
Chris can be followed on Twitter at @CDE_Asia.
Stay up to date with the latest business and investment trends in Asia by subscribing to our complimentary update service featuring news, commentary and regulatory insight.
E-Commerce Across Asia: Trends and Developments 2014 In this issue of Asia Briefing Magazine, we provide a comprehensive overview of e-commerce trends across the Asia-Pacific region with a focus on developing markets in Southeast Asia. In addition to analyzing macro-level economic and development indicators that signal the potential for region-wide growth, we explore several rapidly growing markets in-depth while highlighting opportunities for investment in each.
E-Commerce in China
In this issue of China Briefing Magazine, we cover the current laws pertinent to the e-commerce industry in China, as well as introduce the steps involved in setting up an online shop in the country in order to help provide foreign investors with an overview of the e-commerce landscape in China.