Wednesday, March 29, 2017
Yesterday I posted about an article on the excellent Lawfare blog that discussed the significance of some Chinese regulations on digital evidence collection. I now think that the Lawfare blog post's interpretation, which seemed plausible to me when I read it, is not correct. This change of view is prompted by an excellent analysis by Jeremy Daum of the China Law Translate site. I recommend it highly.
Note that he is not saying that China does not hack into foreign servers without the host country's permission. (As I noted in my blog post, "[I]f I had given the matter any thought before this, I would have assumed that Chinese investigative authorities were already doing this whenever they wanted to.") He's just saying that this is not the rule whereby the authorities authorize themselves to do so. Instead, it's just a rule about evidence.