Identifier
Created
Classification
Origin
08TOKYO1430
2008-05-23 07:19:00
CONFIDENTIAL
Embassy Tokyo
Cable title:  

METI VOICES CONCERN OVER CHINA,S PROPOSED IT

Tags:  ASEC ECON ETRD TINT 
pdf how-to read a cable
VZCZCXRO1563
RR RUEHCN RUEHGH
DE RUEHKO #1430 1440719
ZNY CCCCC ZZH
R 230719Z MAY 08
FM AMEMBASSY TOKYO
TO RUEHBJ/AMEMBASSY BEIJING 3531
RUEHC/SECSTATE WASHDC 4514
INFO RUEHUL/AMEMBASSY SEOUL 9530
RUEHCN/AMCONSUL CHENGDU 0155
RUEHGZ/AMCONSUL GUANGZHOU 1377
RUEHGH/AMCONSUL SHANGHAI 0425
RUEHSH/AMCONSUL SHENYANG 0640
RUEHBS/USEU BRUSSELS
RUEHGV/USMISSION GENEVA 3340
C O N F I D E N T I A L TOKYO 001430 

SIPDIS

STATE PASS USTR FOR WINELAND

E.O. 12958: DECL: 05/21/2018
TAGS: ASEC ECON ETRD TINT
SUBJECT: METI VOICES CONCERN OVER CHINA,S PROPOSED IT
SECURITY CERTIFICATION SCHEME

Classified By: Ambassador J. Thomas Schieffer, for reasons 1.4(B) and (
D).

C O N F I D E N T I A L TOKYO 001430

SIPDIS

STATE PASS USTR FOR WINELAND

E.O. 12958: DECL: 05/21/2018
TAGS: ASEC ECON ETRD TINT
SUBJECT: METI VOICES CONCERN OVER CHINA,S PROPOSED IT
SECURITY CERTIFICATION SCHEME

Classified By: Ambassador J. Thomas Schieffer, for reasons 1.4(B) and (
D).


1. (C) Summary: Recently announced Chinese plans to
implement a new IT security certification regime have set off
alarms with Japanese government and industry, according to
Ministry of Economy, Trade, and Industry (METI) officials.
METI has both trade and national security concerns with the
proposed regulations and plans to engage with the Chinese at
a working level. End Summary.


2. (C) Deputy Assistant U.S. Trade Representative for China
Tim Wineland and emboffs met May 16 with METI IT Security
Policy Division Director Ikuo Misumi to share information and
concerns with China,s intention to introduce new IT security
standards. Multilateral Trade System Department Deputy
Director, Kenichi Kobayashi, Technical Regulations and
Standards Policy Unit Deputy Director Masa Sugano, and
Americas Division Deputy Director Shinichi Kihara also
attended. The meeting, requested by METI, was the first
U.S.-Japan consultation on the topic since a March WTO
Technical Barriers to Trade Committee session, where the
issue was discussed.


3. (C) Misumi elaborated on Japan's anticipated trade-related
concerns even though detailed information on the scheme is
not available. These included the costs of translation and
of acquiring certifications and using marks, as well as
likely enforcement or compliance costs. Disclosure
requirements may also cause conflicts when covering licensed
technologies or information on third-party components widely
used in IT systems. Industry is also concerned about delays
in the deployment of products with a fairly short market
life, Mismui stated.


4. (C) Observing that many cyber attacks originate in China,
METI officials then cited national security concerns
surrounding the Chinese proposal. Misumi pointed to concerns
about the certification process and the confidentiality of
submitted information along with the lack of information and
transparency about the labs involved, their affiliations and
their personnel. The technical documentation involved in
obtaining certification could be useful for identifying and
exploiting security vulnerabilities in private or government
systems as well as for anyone trying to reverse engineer
affected products. Sugino added related to these concerns is
the fact, while Western labs are typically independent,
private firms, labs in China blur the lines between
government and industry. He stressed the list of
laboratories that would perform the proposed certification
were "not the usual suspects," which exacerbated Japanese
concerns. Finally, the METI officials emphasized the
unfortunate precedent China sets if it implements a unique
national scheme, and the importance of encouraging use of
international standards, whether Common Criteria standards or
FIPS.


5. (C) Wineland reported the USG view, as expressed to the
Chinese government during meetings in Beijing May 6 to May
14, is while China's regulations remain in draft form,
working level consultations and dialogue are the preferred
means of engaging China on the issue and ensuring regulations
in this area achieve China's legitimate objectives in a
manner consistent with international norms and practices.
However, should China publish the final regulations with a
date-certain implementation deadline, this will necessarily
elevate the issue in the United States to a political level,
given serious substantive concerns about the regulations as
well as past precedent in the area of Chinese encryption and
information security rules. Misumi indicated he hoped to
travel to China in the near future to discuss this issue with
the relevant authorities and indicated agreement with the USG
stance to keep discussions at the working level at present.


6. (U) DAUSTR Wineland has cleared this message.
SCHIEFFER