Soon-to-be-enacted legislation in Vietnam is likely to weaken rather than strengthen the nation’s security posture, according to Privacy International’s Lucy Purdon

UPDATE (November 11) Vietnam’s Ministry of Public Security has published a draft decree to collect feedback on the new cybersecurity legislation. If passed, the law will take effect on January 1, 2019. Tech firms will have one year to comply.

Vietnam has passed a sweeping new cybersecurity law that has been condemned by human rights groups for restricting freedom of speech.

The law requires foreign companies such as Google and Facebook to set up data centers and offices within the country, on the grounds that this protects user data.

However, it also requires them to remove offending content within 24 hours – and that content includes any ‘incorrect’ material that is deemed to cause confusion, damage the economy, or ‘create difficulties’ for government officials.

As a result, human rights organizations are up in arms.

“The goal of Vietnam’s proposed cybersecurity law appears as much to protect the party’s monopoly on power as to protect network security,” says Brad Adams, Asia director at Human Rights Watch.

“This bill, which squarely targets free expression and access to information, will provide yet one more weapon for the government against dissenting voices. It is no coincidence that it was drafted by the country’s Ministry of Public Security, notorious for human rights violations.”

In particular, the bill describes bypassing a firewall – for example by using a virtual private network (VPN) – as ‘network espionage’ and requires online platforms to ‘store relevant traces’ to be handed over to a specialist task force. It also requires internet companies to verify information when users register their digital accounts.

Other than the requirement to keep user data within the country, in fact, the law has little to do with cybersecurity, as such.

“Good cybersecurity recognizes that computer systems contain vulnerabilities and prioritizes the identification and fixing of those vulnerabilities,” Lucy Purdon, policy officer at Privacy International, tells The Daily Swig.

“Addressing the problem of insecure systems helps prevent people falling victim to crimes such as online fraud, identity theft, and other crimes.”

Purdon added: “When a government instead prioritizes policing online behavior, surveillance of content, or censorship as cybersecurity issues, as has happened in Vietnam, it is likely to weaken rather than strengthen security and ultimately will not keep people safe.”

And, quite apart from the human rights issues, critics are warning that the bill could damage the Vietnamese economy.

The US Embassy in Hanoi has issued a statement saying that it “may present serious obstacles to Vietnam’s cybersecurity and digital innovation future, and may not be consistent with Vietnam’s international trade commitments”.

Indeed, the Vietnam Digital Communications Association has estimated that the move could reduce GDP growth by 1.7% and cut foreign investment by 3.1%.

“Such a pressure on international companies, coupled with the possibility of censorship, will do the opposite of what Vietnam’s government claims it will,” Marty Kamden, CMO at VPN provider NordVPN, tells The Daily Swig.

“The new law will also affect the investment climate, discouraging foreign companies from investing in Vietnam, and interrupt Vietnam’s digital innovation potential.”

The law is set to come into force next year.