Firewalla vs The Great Firewall of China

Comments

7 comments

  • Avatar
    Ryan Hopkins

    Can @Firewalla please provide a comment on the recent political changes and how they will affect Firewalla internal operations?

    Scope of the Law

    The Cybersecurity Law is applicable to network operators and businesses in critical sectors. Network operators are defined as network owners, managers, and providers; a network is defined as any system comprised of computers and related equipment that gathers, stores, transmits, exchanges, or processes information. These definitions mean the law is applicable to almost all businesses in China that manage their own email or other data networks. “Critical sectors” encompasses businesses involved in communications, information services, energy, transport, water, financial services, public services, and electronic government services. Law firm Baker McKenzie has also publicly warned that any company that is a supplier or partner with firms in these sectors could also be subject to the law.

    The law requires network operators to cooperate with Chinese crime or security investigators and allow full access to data and unspecified “technical support” to the authorities upon request. The law also imposes mandatory testing and certification of computer equipment for critical sector network operators. These tests and certifications mainly relate to Article 21 of the law, requiring network operators to formulate internal security management systems and implement network security protections; adopt technological measures to prevent viruses or unspecified forms of cyber attacks; adopt technological measures to monitor and record the safety of a network; and undertake data classification, back-ups of important data, and encryption. These security measures are fairly standard, and form part of best practice recommendations for firms that gather and store important company and client data.

     

    https://web.archive.org/web/20181212184441/https://thediplomat.com/2017/06/chinas-cybersecurity-law-what-you-need-to-know/ 

     

     

    0
    Comment actions Permalink
  • Avatar
    Andy brown

    But they are not based in China or am I missing something...

    1
    Comment actions Permalink
  • Avatar
    Ryan Hopkins

    Their main office is in Santa Clara, and the device was designed in the US, but the shipping invoice came from Hong Kong and is produced in China. Prior to the annexation of HK, the worry was limited but now that situation has changed drastically. This is a security device we're talking about, so there is merit to the question.

    0
    Comment actions Permalink
  • Avatar
    Joel Zimmerle

    After looking into this, this does seem to be a legitimate question. The take over of Hong Kong by the CCP is so recent though, I wonder if they (Firewalla) even know themselves what the implications are? Also, they are based out of San Jose California so I assume they wouldn't be considered a "network operator" in China even if the hardware was produced in China, although I could be wrong. IF it did consider them a "network operator" the law would require them to store data within China and have it open to spot checks whenever requested. Wow, what a disaster that would be! I think this would be such a long shot but it would be great for them to chime in here and at least let us know whether they think they would be forced to comply with this so called "Cyber Security Law", or whether it's completely irrelevant to them since they are indeed based in the US. Like you said though, this is a dpi network security device, and if somehow it became a way for the CCP to spy on us that would be a security and privacy nightmare, and especially ironic for us IT folks buying this to do the exact opposite!

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    We are in the same boat as many other technology companies in the US that rely on China as a place to manufacture.   Remember, China is where all (or most) iPhones, Ipads, Android phones ... network routers, servers ... etc ... are manufactured.   

    As of the new laws in HK, we are following very closely on that.  It is highly possible, in the near future we will stop shipping units to Hong Kong.   (Currently, we do not ship to Mainland China)

    1
    Comment actions Permalink
  • Avatar
    Joel Zimmerle

    This is true, most hardware is produced there. Glad y'all are keeping an eye on this. So definitely not a network operator in China. Sad to see what's happening in HK though. 

    1
    Comment actions Permalink
  • Avatar
    Ryan Hopkins

    Thank you to @Firewalla for the honest reply, and thank you @Joel for understanding the implications of the political changes and taking my question seriously. Firewalla has immense value and if we all stay vigilant we can keep each other as safe as possible. 

    0
    Comment actions Permalink

Please sign in to leave a comment.