China Cybersecurity law
China’s new Cybersecurity Law becomes effective on June 1
China’s new Cybersecurity Law will become effective on June 1, 2017. In addition to focusing on cybersecurity, the law also details how companies are to handle personal information and data. In determining what is allowed and not allowed for handling personal information in China, it is important to examine The Decision on Strengthening Information Protection on Networks (2012), The Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems (2013), and The Provisions on Protecting the Personal Information of Telecommunications and InternetUsers (2013). There are also many industry-specific rules, including such rules for banking and credit information services. China’s new Cybersecurity Law adopts and modifies existing regulations and codifies them.

Under the new Cybersecurity Law, collecting any user’s personal information requires the user’s consent and network operators must keep collected information strictly confidential. Personal information is defined as information that can be used on its own or with other information to determine the identity of a natural person, including the person’s name, date of birth, ID card number, biological identification information (e.g. fingerprints and irises), address, and telephone number. Once such information has been de-identified, it is no longer subject to the requirement for personal information under the law.

According to the new Cybersecurity Law, network operators are subject to the following requirements when collecting and using personal information:

  • Collection and use of personal information must be legal, proper and necessary.
  • Network operators must clearly state the purpose, method, and scope of collection and use, and obtain consent from the person whose personal information is to be collected; personal information irrelevant to the service provided shall not be collected.
  • Network operators shall not disclose, alter, or destroy collected personal information; without the consent of the person from whom the information was gathered, such information shall not be provided to others.
  • In the event of a data breach or a likely data breach, network operators must take remedial actions, promptly inform users, and report to the competent government agencies according to relevant regulations.
  • In case of an illegal or unauthorized collection and use of personal information, a person is entitled to ask a network operator to delete such personal information; when information collected is wrong, an individual can request correction.

Who are the network operators to which the new law will apply? Owners of networks, administrators of networks, and network service providers. Telecom and Internet service providers, clearly, but “network” is broad enough to go well beyond that.

Networks are systems consisting of computers or other data terminal equipment and relevant devices that collect, store, transmit, exchange, and process information according to certain rules and procedures (Article 76 of the new Cybersecurity Law). If you have a couple of computers at home that can share files, and perhaps a printer connected to them, you technically have a network. The law is not likely to go that far, but the generic definitions of network and network operators leave a lot of room for interpretation, which is exactly how the Chinese government wants it.

The new Cybersecurity Law also requires critical information infrastructure operators (CIIOs) store within China personal information and important data gathered and generated within China and conduct annual security risk assessments regarding their data. Though the definition of CIIO is yet to be clarified, we already know China’s yet to be finalized Measures for Security Assessment of Personal Information and Important Data Leaving the Country will likely require foreign companies doing business in China make big changes in how they handle data. The Cyberspace Administration of China (CAC) published a draft of Measures for Security Assessment of Personal Information and Important Data Leaving the Country back in April, raising many concerns for foreign businesses operating in China.

These Measures for Security Assessment would expand the data localization requirement to all network operators. This would mean that pretty much all personal information and important data collected by network operators within the PRC must be stored within China and not leave China, other than for “genuine business need” and after a security assessment. And if you think you may be a network operator, you probably are.

Since the new Cybersecurity Law does not differentiate between internal and external networks, it is broad enough to include any company that owns an internal network. Will your China WFOE be able to transmit employee information back to its overseas headquarters? In China’s Cybersecurity Law and Employee Personal Information, we set out best practices for doing this, but that was written before publication of the Draft Measures. Should the Draft Measures become effective — as expected — our views on data transfers will almost certainly toughen. Foreign companies are already setting up data centers in China so as to be able to keep data local and many of our clients are looking at doing the same.

We have been reluctant to write much about data and privacy protection in China because existing laws are both unclear and in a massive state of flux. But because this is so important and because this reluctance cannot extend to a client who needs to know what it must do now with specific data, we plan to write more often about these topics in the weeks and months ahead.

Please stay tuned.

Editor’s Note: Sara Xia is an experienced lawyer with law degrees from Shanghai University of Finance and Economics and the University of Washington. Sara practiced law in China from 2010 to 2013 and then in 2015 she became licensed to practice law in California and 2016 in Washington. Sara recently joined Harris Bricken to assist our clients with their cyberlaw and corporate matters, mostly while working out of Seattle, Beijing and San Francisco.

China LawyersWe created a China Law Blog Group on LinkedIn to provide a spam-free forum for China networking, information and discussion. We are nearing 11,500 members and the number and — most importantly — the quality of our discussions continues to increase as well.

We have had some great discussions, as evidenced by their numbers (discussions occasionally get more than one hundred comments) and their substance. Our discussions range from the practical (“how do I open a China bank account” or ”what do I need to do to comply with China’s new work visa policies for foreigners” or “what are you hearing about China’s crackdown on xyz?”) to the ethereal (“when will China surpass the West in innovation?”)

The group’s diversity is its greatest strength. We have a large contingent of members who live and work in China and many who operate businesses there. Our LinkedIn Group also has many members who do business with China from the United States, Australia, Canada, Europe, Africa, the Middle East and from other countries within Asia. Many of our group members are China lawyers (both inside and outside China and both in-house and with private law firms) but the overwhelming majority are not. We have senior personnel from large and small companies and a whole host of junior personnel as well, again, both within China and outside China. We have professors and we have students of all levels. This mix helps inform, elevate and enlighten the discussions.

Perhaps of most importance is how we block anything and everything that resembles spam. We have become so proficient at this that virtually nobody even tries any more to inject spam into any of our discussions. Many of our members have commented on how much they appreciate our vigorous no-spam policy. I assure you that will never change or even moderate.

If you want to learn more about doing business in China or with China, if you want to discuss China law or business, or if you want to network with others doing China law or business, I urge you to check out our China Law Blog Group on LinkedIn and join up. The more people who do join our China Law Blog LinkedIn group, the better our discussions. Don’t be shy; click here and join us!

And if you are a Facebook person, we can accommodate you there as well and I urge you to check out our rapidly growing China Law Blog Facebook page. Our focus there is on anything and everything that is China relevant. Our goals with our Facebook page are to entertain and to educate and to highlight issues that for various reasons we cannot discuss elsewhere; our Facebook page most certainly does not shy away from controversy. It also most emphatically covers more than just China law and China business. We post on China politics and diplomacy, China culture and history, China travel and tourism, China food and fashion. We post on pretty much anything we find interesting that day. And we give a lot of rope to the comments and that means we sometimes (like just this morning) get complaints about them from our readers. But we are of the view that you are big kids and recognize that it is not our role to protect you from what others might say. We are rapidly approaching 17,000 “likes” of that page (and growing at approximately 1,000 a month) so so we must be doing something right. Anyway, please check out our Facebook page too, by clicking here.

And last and least, after a three year hiatus, I went back on Twitter and I even every so often post on there as well. Click here for that.

China cybersecurity lawsThe PRC government promulgated its Cybersecurity Law on November 7, 2016, with an effective date of June 1, 2017. To say that foreign tech firms are concerned about the impact of this new law on their business in China would be an understatement. In addition to tech firms, our China lawyers have received a steady stream of questions from clients with China WFOEs who are concerned about an entirely different set of issues. Article 35 of the law states that “personal information and other important data gathered or produced by critical information infrastructure network operators during operations within the mainland territory of the People’s Republic of China, shall store it within mainland China.” Our clients keep asking what this will mean for them.

The surprising answer is not much.

Any company that operates a WFOE in China collects personal information about its employees. China’s new cybersecurity law defines personal information as “all kinds of information, recorded electronically or through other means, that taken alone or together with other information, is sufficient to identify a natural person’s identity, including, but not limited to, natural persons’ full names, birth dates, identification numbers, personal biometric information, addresses, telephone numbers, and so forth.” Certainly, the standard information any company maintains on its employees will qualify as personal information under China’s new cybersecurity law.

In the EU and various other jurisdictions, such personal information must be maintained within the jurisdiction and there should be no transfer of such information across borders. This causes many problems for companies that seek to manage an international workforce through a central location.

So what clients keep asking our China attorneys is whether China’s new cybersecurity laws will establish the same sort of protective system within China? The simple answer is that it will not. China does not have a comprehensive law or regulations relating to the collection, processing or transfer of employee data gathered by a WFOE or other business entity in the normal course of its China business operations and China’s new cybersecurity law does not change that situation.

The cybersecurity law specifically provides that its personal data maintenance and collection rules apply only to critical infrastructure network operators. Network operator is defined as “network owners, managers and network service providers.” In more general terms, this means telecom operators and Internet ISPs. The requirements do not apply to the China business operations of normal private businesses with respect to their normal record keeping requirements for their employees.

Even though nothing has legally changed in China, it is still best practice for foreign companies employers in China to follow the basic rules the PRC government imposes more generally in the consumer context on the collection and maintenance of personal information, including the following:

1. Be sure the disclosing party (your employee) is aware that the company maintains personal information. The company should have a written policy (in Chinese and in English) on how long that information is maintained and that policy should be revealed to the employee.

2. You should not collect more personal information than necessary.

3. You should maintain the confidentiality of the personal information you collect and maintain. That means you should limit internal access to that information and you should take proper security measures to prevent a data breach of the company’s online systems.

4. You should not sell or otherwise transfer the personal information to any third party. Stated more bluntly, do not sell employee personal information to marketers or spammers.

China IP webinar for China lawyersOn October 18, I will be putting on a webinar, Doing Business in China: Structuring Your Deal and Protecting Intellectual Property. This webinar is aimed mostly at lawyers and it is eligible for CLE credits.

It is being put on by Commercial Law Advisors and they describe it as follows:

Who Should Attend? Corporate counsel, in-house counsel, attorneys advising companies or organizations, intellectual property attorneys.

Companies often cannot afford not to do business in China. Whether producing goods there or selling to the Chinese market, companies that engage in business with Chinese partners need up-to-date legal advice on how to protect their technology and other intellectual property (IP) interests from being counterfeited, pirated, or otherwise misappropriated. As IP theft is one of the top issues facing businesses operating in China, there are substantial risks companies must identify and address proactively to protect their valuable IP assets. Deals made in China can threaten IP rights not just in China, but in markets around the world. Understanding the Chinese IP landscape and how to manage the pertinent issues can go a long way to safeguarding your client’s valuable IP interests.

Please join Dan Harris as he explores the nuts and bolts of constructing a good business deal with a Chinese partner, what your agreements should include, and how to manage the Chinese IP rights framework to minimize your client’s IP-related risks.

WHAT YOU WILL LEARN
This webinar will cover:

How to choose a good Chinese partner
Identifying the IP assets that need protection
How to structure your deal
Drafting your deal papers
Drafting China employee contracts to protect your IP
IP registrations: What you should know about trademarks, patents, copyrights, and licensing agreements

China Law Blog readers who use promo code cw16dbc will receive $35 off. Go here to register.

I hope to “see” you there.

China SaaSCountless foreign software companies wish to deliver their software as a service (SaaS) to China. But since China requires commercial ICP licenses for commercial Internet services within China and generally forbids foreign enterprises from obtaining such licenses, directly providing SaaS through a server in China is typically not possible for foreign software companies.

So what can be done? How can a foreign software company get its software to China’s consumers via SaaS? Two methods for providing foreign SaaS in China have been developed. These methods depend on whether the server will be located outside of China or within China. If the server is located outside of China, we use the reseller model. If the server is located within China, we use the license model.

Many foreign software companies waste a lot of time and money in searching for or trying to develop a third model. Many Chinese companies — out of either ignorance or greed — encourage such searching and trying.

In the reseller model, the foreign SaaS provider brings on one or more resellers in China. At a minimum, the reseller locates customers for the foreign company’s SaaS product. The reseller provides the ultimate customer with a user name and password that allows the customer to connect to the foreign server hosting the SaaS product. The reseller collects the fee from the customer and deducts and pays applicable Chinese business and income taxes and then remits the remaining amount to the foreign software provider.

Though very common, this SaaS reseller system does not strictly comply with Chinese law, since the Chinese Government has never reviewed or approved the software content. However, to date, the Chinese government has permitted the reseller model to be used. This reseller model is permitted because it includes the following safeguards that protect the interests of the Chinese government:

  • Access to the offshore server can easily be blocked by using China’s Great Firewall. If the SaaS content is not acceptable to the PRC government or if the SaaS is used for an unacceptable purpose, the connection to the offshore  server can and will be blocked with no prior notice. This happens regularly in China, often to SaaS/cloud products that seem innocent on the surface. The risk of being blocked is therefore the most significant risk in using the reseller model. Some SaaS is at much higher/lower risk of being blocked than others and part of our role as China lawyers is to help our clients analyze this risk.
  • The reseller is liable under Chinese law for the content of the SaaS product. The reseller is not treated as a neutral, ISP type entity; the reseller is treated as though it is the developer of the SaaS product. This is true even where completely independent third parties are the source of content on the SaaS platform. More important, the reseller is liable for quality as well as content. Consider the potential liability here: some SaaS platforms are used for off site medical diagnosis. What happens if the diagnosis is wrong and the patient is injured or dies? The reseller is potentially liable.
  • All applicable taxes are withheld and paid. Through the reseller approach, the PRC government is able to impose double taxation. Taxation first on the income of the reseller and then taxation on the income remitted to the foreign software company. This access to tax revenue results in a more accommodating regulatory response from the Chinese government, but also in lower income for the foreign software provider.

There are several reasons foreign SaaS providers decide they must locate their server in China. Many do so for the generally faster service speed and connection reliability. Others do so to lower their risk of having their software blocked. Some simply cannot find reliable resellers willing to take on the substantial work and risk. Foreign software companies that use a Chinese server do so via a licensee model.

Under the licensee model, the foreign software company does not directly offer its SaaS product in China nor does it directly control the China server. It instead licenses its software platform to a Chinese entity. that obtains the commercial ICP license that allows for offering the SaaS service to Chinese customers through a Chinese server.

The minimum terms of this sort of SaaS Licensing Agreement are as follows:

  • The Chinese licensee owns the ICP license. Acquiring a commercial ICP license is expensive, and the licensee must pay all the costs. Because of the considerable expense, it is difficult to find Chinese companies willing to take on the financial burden of acting as a licensee.
  • The licensee owns the URL that provides access to the server.
  • The licensee holds a license for the entire content of the SaaS platform software. As with resellers, the licensee is liable for the content and performance of the software.
  • If the SaaS platform is hosted on a cloud server, the licensee has the the contractual relationship with the cloud service provider.
  • The licensee has direct contact with and collects the income from the customers The licensee pays a license fee to the foreign software provider under normal license royalty rules.
  • Since the server is located within China, the Chinese government has the right to access the content of the server at any time.

As the above discussion makes clear, neither the reseller model nor the licensee model are ideal solutions for companies wanting to provide SaaS to China. Most of our foreign SaaS developer clients have used the reseller model successfully. However, the licensee model has been the only solution for some of our clients. For example, for SaaS software that will be used by a Chinese government institution such as a hospital or university research center, Chinese government regulation normally requires the SaaS software be housed on a server located in China. The same rules typically apply for SaaS software used by PRC banks and other financial institutions. Since these situations require a server located in China, the licensee model is the only choice available.

Bottom Line: If you are a software company looking to sell your SaaS software in China, you can do so using either the reseller or licensee model.

China LawyersWe started a China Law Blog Group on Linkedin to create a spam-free forum for China networking, information and discussion. We have more than 11,000 members and the number and quality of our discussions continues to increase as well.

We have had some great discussions, as evidenced both by the numbers (discussions sometimes get 50-100 comments) and on their substance. Our discussions range from the practical (“how do I open a China bank account” or ”what do I need to do to comply with China’s work visa policies) to the ethereal (“when will we know China is taking innovation seriously”).

The group’s diversity is its greatest strength. We have a large contingent of members who live and work and do business in China and a large contingent of members who do business with China from the United States, Australia, Canada, Europe, Africa, the Middle East and other countries in Asia. Some of our members are China lawyers, but the overwhelming majority are not. We have senior personnel (both China attorneys and executives) from large and small companies and a whole host of junior personnel as well. We have professors and we have students. All of these mixes help elevate and enlighten the discussions.

I am, however, proudest of how we block anything that even resembles spam from ever showing up on our site. We have become so proficient at this that virtually nobody even tries to inject spam into any of our discussions. Many of our members have commented on how much they appreciate this.

If you want to learn more about doing business in China or with China, if you want to discuss China law or business, or if you want to network with others doing China law or business, I urge you to check out our China Law Blog Group on Linkedin and join up. The more people in our group, the better the discussions.

We will see you there. Click here and join us.

And if Facebook is your thing, please check out our rapidly growing China Law Blog Facebook page, where we post anything and everything that is China relevant. Our focus there is to educate and to entertain and that means we post about more than just China law and China business. We post on China politics and diplomacy, China culture and history, China travel and tourism, China food and fashion; really on just about anything we find interesting that day. More than 12,000 people “like” us there so we must be doing something right, so please check out our Facebook page too, by clicking here.

And last and least, after a three year hiatus, I went back on Twitter and I even occasionally post there as well. Click here for that.

China stock optionsThe China lawyers at my firm have been experiencing a big uptick in the number of companies and individuals contacting us after having been offered stock in a Chinese company as an alternative to payment in cash. This swapping of stock for pay is a relatively new phenomenon, so I want to explain how it works and, most importantly, why it cannot work for foreigners.

This is how this stock scam typically goes down. The Chinese company — usually in the tech sector — is in desperate need of the expensive skills or knowledge of a foreign person or entity. The Chinese company states: “we need your services, but we are a start up.” So, instead of paying hard cash, the Chinese company offers founders’ stock or employee stock options in their Chinese entity. Just as is the case with Silicon Valley founders stock/stock options, the idea here is that the Chinese entity will go public (“do an IPO”) and the stock it is giving will then provide a windfall benefit to the foreigners to whom they have given the founders stock or the stock options.

Unfortunately, this is all an illusion for the simple reason that no foreign person can own stock in a Chinese domestic company not already listed on a stock market. So any such option or stock transfer is void from the start. Foreigners are not permitted to be shareholders of Chinese domestic companies, nor does China recognize the concept of nominee shareholders.

Even though the offering of stock in Chinese companies is a fraud, we are still seeing many foreign individuals and companies taken in by such offers, most commonly in the fintech sector. Whatever the sector though, the Chinese company will use the “standard” Silicon Valley approach of offering a stock option package as a key benefit in the employment package. By offering stock options, the Chinese company can pay less and secure greater loyalty, while still exploiting the skills/extracting the knowledge of foreign individuals in developing an innovative software or other high tech product.

This exploitation/extraction period typically lasts one to three years, at which point the Chinese company tells the foreign individual, “sorry, the Chinese government has now informed us that we cannot issue stock options to you.” Sometimes, to better hide the scheme, the Chinese company will propose a series of fantasy work arounds, such as elaborate nominee schemes illegal under Chinese law. These proposals often convince the foreign person to waste another year or two with the Chinese company. But, in the end, the result is always the same. The Chinese company defaults on its promise to provide the foreign individual with stock in the company and the foreign individual is left high and dry. Since the founders stock/stock option scheme was void from the start, there is nothing the foreigners can do to enforce their rights in China, since they never had any such rights.

A similar scam is often perpetrated on foreign entities. The foreign entity has a technical service of great value to the Chinese company. The Chinese company then says: “We really need your services, but we are growing so fast these days that we simply do not have the free cash to pay you in cash for that. However, since we are growing so fast, it is certain we will soon do an IPO on the Shanghai stock exchange. So, instead of our paying you in cash, we will agree to pay in you in stock options. Our stock will provide you with far more monetary value than the paltry fee we would pay you for your services and by working with us, you will gain entry into the lucrative Chinese market and highly profitable work for Chinese companies will follow.”

This scam results in the same sad result as the employee stock option scam. First, as with employee stock options, a foreigner cannot own stock in the Chinese entity, so the option is void from the start. Second, the private Chinese entity never does an IPO on the Shanghai market, so the whole concept was an illusion. Third, the only thing the foreign entity achieved was to identify itself as an easy mark, which means there was no future profitable work available in China. Finally, the foreign company does not figure out the scam until after it has already transferred its service or valuable information to the Chinese entity.

There are a couple of elegant variants Chinese entities use to implement the Chinese stock scam. In the rare case where a private Chinese company actually completes an IPO, the listing is on a foreign exchange: usually either Hong Kong or the United States or London, where due to Chinese law requirements the actual listing entity is not the Chinese company for which stock options or stock were purportedly given. Instead, the listing entity is some form of subsidiary or other affiliate of the Chinese company, so that when the IPO takes place, the holder of the scam option or stock in the Chinese company can be told: “your stock option (or stock) is with the Chinese parent; you do not have an option with the affiliate actually listed. Sorry.”

Private companies in China are effectively locked out of China’s domestic IPO market. On the other hand, such companies have become attractive targets for private equity financing. But the story here is the same. The private equity financing occurs in China, resulting in a big payout to existing shareholders of the Chinese entity. The foreign stock option holder looks for an equivalent benefit. The Chinese entity then responds: this was a private equity deal, not an IPO. You did not own any stock at the time of the private financing, so you are not entitled to any benefit.

Bottom Line: Foreign individuals and companies should not accept promises of stock options or stock in a Chinese company in place of employment compensation or payment for services. Any Chinese company that makes the offer of payment in stock is either ignorant of the requirements of Chinese law or intentionally committing fraud. Either way, foreign individuals and companies should refuse to work with any Chinese company that makes this kind of stock offer. We have seen many of these deals. None have ever worked out well, and it will not work out well for you.

China AttorneysWe write about this particular China bank scam every six months or so because it just keeps happening, and in ever greater numbers. The Wall Street Journal did a story on it today, entitled, New Techniques Used to Target Business Email and in the last month alone, our China lawyers have received emails from at least three companies (Two U.S. and one from Spain) that were bilked out of between $46,000 and $270,000.

According to the Wall Street Journal (and this jibes with most of what our China attorneys have seen as well), criminals breaking into email accounts and changing bank-account information to capture payments intended for suppliers:

The increasing prevalence of the schemes has drawn the attention of law enforcement. Attackers who once pretended to be executives directing subordinates to transfer money are using new techniques, including malicious software to break into email systems and redirect the payments, said Rick Alwine, a supervisory special agent with the Federal Bureau of Investigation’s Cyber Division.

“We’re seeing an evolution of business email compromises that started around 2013,” he said.

The number of these bank account email scams is increasing, but what remains the same is that most of these wire-transfer requests are for China and Hong Kong:

In an analysis of 44 recent fraudulent transfers, 84% of the transfers went to accounts in China and Hong Kong where it is more difficult for victims to recover their money, the FBI alert said. The FBI says it has logged nearly 18,000 reports of business email scams since 2013 accounting for $2.3 billion in losses, and complaints about these scams more than tripled last year, compared with 2014.

The Wall Street Journal article does a good job explaining the nature of these scams, but it mostly throws up its hands on how to prevent them and does not discuss at all what its victims can do to try to secure at least some recovery:

SecureWorks says such scams are known in Nigeria as “wire-wire” and are openly discussed in songs and online discussions. A Facebook group calling itself “Wire wire zone” offers to connect scammers with money mules who will transfer funds. “It’s an open bazaar for money laundering,” said Joe Stewart, a director of malware research with SecureWorks.

 

*    *    *    *

When the buyer sends an order, the scammers step in, ultimately intercepting the seller’s invoice and changing payment instructions before sending it back to the buyer. With the modified invoice, funds are sent to the criminals instead of the seller.

In the U.S., companies are becoming more aware of the risks of email fraud, but Mr. Stewart worries that most businesses aren’t protecting themselves against this newer variation. “True business email compromise is almost invisible to both victim companies involved in the transaction,” he said. “It’s going to take a lot more effort to stop it than a simple reminder to phone the CEO before wiring money on his behalf.

 

What can you do to prevent it from this scam happening to you? We recommend you do the following:

  1. Get to know your suppliers who speak English (if you don’t speak Chinese) and get your supplier’s landline phone numbers as that cannot be hacked. Call if you have any concerns.
  2. Get your supplier’s bank account information in advance and ask them to refer to “bank account information document” on their invoices, rather than listing out full bank details every time.
  3. Check your bank account every day, maybe even twice a day. If you catch a wire early enough you can sometimes stop it.
  4. Do a first small wire to confirm the account.
  5. Note that paying a Chinese company in mainland China is generally safer for you than paying them overseas, be it Hong Kong, Taiwan or anywhere else.
  6. Have a special procedure for confirming bank account changes with your suppliers.
  7. Have an internal procedure for confirming all payments over a certain amount.
  8. Get an insurance policy that covers computer hacking or fraud.

 

I have said it before and I will say it again, but this time with the Wall Street Journal to back me up: the bank switch scam is the most common, most pernicious and most difficult to detect international scam of which I am aware, and it just unrelentingly keeps happening. And even though the business relationship is often between a Chinese company and a Western company (though we have dealt with this issue on multiple occasions where there was never a Chinese company involved), the perpetrator of the scam oftentimes is in Nigeria or in some country other than China.

This scam usually involves your regular Chinese supplier asking you to make a payment or payments to a new bank account, though it sometimes can involve your very first payment to a new Chinese supplier. Then even after you make the payment or payments, your China supplier insists you still owe it the full amount (oftentimes with added fees) because it never received your payment. When you explain to your China supplier that you in fact did pay it, your supplier points out that the bank account to which you sent the funds is not theirs and that you still owe the money.

This all happened because your Chinese supplier got hacked, either by someone outside or within the company and you indeed have yet to pay it. Or maybe it was you who got hacked.

What can you do if you have already been victimized? We do the following when retained by a company that has been victimized by this fraud:

1. We determine whether there are any insurance claims to be made. This is usually your best chance of recovering all that you have lost, but do not expect your insurance company (as is often true) to pay without a fight. We help by explaining to the insurance company how these scams happen and why you are entitled to coverage under your policy and we get the Chinese supplier to help as well.

2. We try to get some monetary contribution from your Chinese supplier by letting it know that it was (or might have been) their computer system that the scammer hacked and therefore it should pay at least some of our client’s loss. Much depends on our client’s relationship with its Chinese supplier and on what the Chinese supplier perceives its future relationship with our client will be.

3. We try to determine if there is any chance in recovering anything from the perpetrator. This is a very expensive and time-consuming process and there usually has to be a lot of money involved for it to make much sense. Nonetheless, we find that our at least having run this option to ground helps immensely in dealing with both the Chinese supplier and with our client’s insurance company, neither of whom want to pay anything until they are convinced that we have done all that we can to try to recover from the crooks themselves.

Please, please, please, be careful out there.

 

Internet of Things IoT
Internet of Things = Shenzhen

A little more than a year ago, I did a post, entitled, Shenzhen As China’s Most Competitive City. It Just Might Be…. I wrote that post in response to the Chinese Academy of Social Sciences having just named Shenzhen as “China’s most competitive city.” I talked of how our China lawyers were seeing a shift to Shenzhen among our clients:

Five years ago, my law firm’s clients would nearly always set up their China operations in either Shanghai or Beijing. Beijing if they were in media or entertainment or software and Shanghai if they were in consumer goods or finance or pretty much everything else. Though we would occasionally get strays who would set up in Qingdao or Dalian because they were in the fishing or shipping industry or Xiamen or Xi’an because they liked those cities or knew someone there, or Shenzhen because they knew the city from having gone there so many times to oversee their product manufacturing outsourcing, certainly our bigger and more sophisticated clients were choosing Beijing or Shanghai.

But in the last few years, many of our China WFOE formation clients are requesting we set them up in Shenzhen.

I noted that our clients were giving us the following reasons for choosing Shenzhen:

1. It’s close to Hong Kong but cheaper.

2. It’s become the electronics hardware center for China, and not just for manufacturing, but for design and engineering.

3. It may not be as exciting as Shanghai or Beijing, but it’s the best place for business.

4. It is a nice place with a number of good international schools.

5. It is a lot less expensive than Shanghai or Beijing.

In just the last year since I wrote the above, Shenzhen (despite getting considerably more expensive) has almost taken over our China practice. Not so much with WFOE formations (though those for Shenzhen have increased) but with anything having to do with hardware and with the Internet of Things (IoT). At least half of our new clients in the last year are involved with Shenzhen. Some are seeking to go into Shenzhen via WFOEs, but most are working with the electronics manufacturers there and with them they are looking to manufacture, do joint ventures or technology licensing deals. If we were to subtract out our China media and entertainment work (virtually all of which takes place in Beijing) Shenzhen is without a doubt the most important city for our law practice right now.

As part of that, Steve Dickinson and I will be going to Shenzhen in late September to speak on the legal issues related to hardware and the Internet of Things. We have spoken countless times in Beijing and in Shanghai (and even in Qingdao and Dalian) but until about a year ago, never in Shenzhen, and yet we will be speaking at least twice there in September.

Of course it is not just lawyers who are taking note of Shenzhen’s increasing importance. Renaud Anjoran, on his Quality Inspection Blog, recently did a post entitled Shenzhen, the Best City in China for Manufacturing? Renaud started his post by talking of how views of Shenzhen vis–à–vis (I’m using French here as a nod to Renaud) Hong Kong have so radically changed:

Many Hong Kong people still shriver when they hear “Shenzhen”. It used to be a very poor patch of land along their border with the mainland. Unsurprisingly, Hong Kong people were seen as an easy target for some Shenzhen criminals. But things have changed a lot.

Nowadays, most Shenzhen residents are happy with their lives. When they visit Hong Kong, they wonder how people can survive in such a tiny, cramped environment, where the basic necessities of life are so expensive.

Renaud then writes about how so many tech companies are located in Shenzhen:

Recently a bunch of glowing articles about Shenzhen appeared in the Western press. They tend to focus on the long list of tech companies headquartered in Shenzhen: Huawei and ZTE (telecom equipment, phones…), Tencent (the only other internet company at Alibaba’s scale in China), DJI (drones), OnePlus (mobile phones)…

MakerBot, the famous 3D printing company, was a big advocate of “Made in USA”… until they moved production to Shenzhen!

Renaud then puts forth the following proposition: “Quite simply, the North of Shenzhen might be the best location in China, and even in Asia, for a manufacturer of complex products.”

I will raise Renaud one by saying that for most hardware and for virtually all IoT products, Shenzhen seems to have become just about the ONLY place for manufacturing in China, and, to a large extent, in the world.I cannot even think of even one of our IoT clients not tied in with Shenzhen. It’s possible such a client exists, but every single one that springs to mind is linked to Shenzhen.

As IoT continues to boom, Shenzhen no doubt will as well.

What are you seeing out there?

For more on China and the Internet of Things, check out the following:

 

China copyright takedownsThis is the fifth in our series about online copyright takedowns in China. In Copyright Takedowns in China, we provided a general summary of the regulations that establish the takedown procedures. These regulations enable enforcement of the “right of communication through an information network” as it applies to sound recordings and audiovisual recordings. In Copyright Takedowns in China Part II: Searching, Linking or Storing? we looked at how providers of storage space face more liabilities than those merely providing searching or linking services. In Copyright Takedowns in China Part III — Audiovisual and Sound Recordings in the Cloud, we discussed how China’s takedown regulations apply to cloud service providers. In Copyright Takedowns in China, Part IV: Whatever you do, Register your Copyrights First, we made clear that “if you ever expect to have infringing content taken down the single most important thing you should do is register your copyright in China in advance.”

In this post we discuss your options after you have succeeded in taking down copyright material.

One of the problems with China’s notice and takedown system is that, after the material has been taken down, a copyright owner’s further recourse against an infringer is uncertain. This is because it’s hard to identify an infringer who has allowed material to be taken down in response to a notice. Infringers are only required to identify themselves to the copyright owner if the infringers object to the takedown. Without the identity of the perpetrator it’s hard, though not impossible, to initiate copyright infringement proceedings in China. The infringer tends to remain anonymous.

Solutions and practices are only slowly emerging in response to this problem in China and elsewhere.

One possible solution is a “notice and trackdown” procedure. With such a procedure in place rights owners can identify infringers and hunt them down. The implementation of something like this would require a balancing of the rights of copyright owners with rights of privacy. It would require an exploration of whether there should be an expectation of anonymity in cyberspace.

Some time ago, Frederick Mostert and Martin Schwimmer provided an excellent discussion of the issues in “Notice and Trackdown,” a paper published in Intellectual Property Magazine.

The issue is one of several covered recently in “Notice and Takedown in Everyday Practice“, a report by Jennifer M. Urban and Brianna L. Schofield, both of UC-Berkeley School of Law, and Joe Karaganis, of Columbia University. Part of the “Takedown Project“, the report considers the effectiveness of the notice and takedown process since The Digital Millennium Copyright Act was passed by Congress in 1998. In their findings, the authors conclude that, “Analyzing the effectiveness of [the] procedures in responding to infringing materials on specific sites, balancing copyrights and speech rights … is severely limited by the law’s lack of requirements for publicly disclosing information on notices sent and [online service provider] responses.”

Will we see the balance tip away from online anonymity in China? It would certainly suit copyright owners but it will be hard to say where anonymity should end and accountability should begin.