Over the past year, Beijing has become ever more assertive in promoting “Internet sovereignty”—its right to control the Internet within China’s borders, fitting “brakes” to ensure that it “becomes Ali Baba’s treasure cave for humankind, and not Pandora’s box.” Since the start of 2015, authorities have pushed even harder to realize this vision at every level from international norms and Internet traffic down to software and the hardware it runs on.
At the Council on Foreign Relations, Alex Grigsby noted the submission to the U.N. earlier this month of a proposed International Code of Conduct on Information Security by China, Russia, Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan. The document is an updated version of one previously submitted in 2011.
Overall, the new text seems to simply update the 2011 code to take into account developments that have occurred since then. The new code references the 2012-2013 report of the group of governmental experts (GGE) on developments in the field of information and telecommunications in the context of international security and the UN Human Rights Council’s Internet freedom resolution. Not surprisingly, Moscow and Beijing have altered or selectively quoted the text to promote their longstanding positions on cyber issues, such as the need for new international law for cyberspace and the concept of “cyber sovereignty.” For example, the code references a line in paragraph sixteen of the GGE report that says that “additional norms could be developed over time” without mentioning the same GGE report stresses that “international law, and in particular the Charter, is applicable and essential” to promoting peace and security in cyberspace. The same thing happens in article seven of the code, which begins by referring to the Human Rights Council’s affirmation that “the same rights people have offline must also be protected online,” but then concludes on how those rights may be restricted to protect national security, public order, health or morals.
[…] It’s unlikely that the Russians and Chinese updated the code to make it more palatable to Western countries. There are no changes that could be deemed an olive branch, such as an affirmation of the applicability of existing international law, to get the United States and its allies to the bargaining table. In fact, the United States may interpret it as a step backwards since it came out of the 2012-2013 GGE meeting trumpeting China and Russia’s agreement that the UN Charter and international law apply in cyberspace. It much more likely that the amendments are designed to appeal to developing and middle-income countries that recognize the power of an open Internet for economic development but fear its cybersecurity risks and disruptive power. China and Russia’s message, which failed to gain traction in 2011, may be more attractive to these middle-ground countries in light of the Snowden revelations and the likely delay of the Internet Assigned Numbers Authority transition process. [Source]
Also this month, China has abruptly tightened its grip on Internet traffic across its borders by targeting the encrypted tunnels widely used to evade its controls. The New York Times’ Andrew Jacobs reports on the latest crackdown and its implications:
By interfering with Astrill and several other popular virtual private networks, or V.P.N.s, the government has complicated the lives of Chinese astronomers seeking the latest scientific data from abroad, graphic designers shopping for clip art on Shutterstock and students submitting online applications to American universities.
[…] “I need to stay tuned into the rest of the world,” said Henry Yang, 25, the international news editor of a state-owned media company who uses Facebook to follow American broadcasters. “I feel like we’re like frogs being slowly boiled in a pot.”
[…] “This is just a further, logical step,” said the co-founder [of Greatfire.org], who requested anonymity to avoid government scrutiny. “The authorities are hellbent on establishing cybersovereignty in China. If you look at what has taken place since last summer it is quite astounding.”
[…] The vast majority of Chinese Internet users, especially those not fluent in English and other foreign languages, have little interest in vaulting the digital firewall. But those who require access to an unfiltered Internet are the very people Beijing has been counting on to transform the nation’s low-end manufacturing economy into one fueled by entrepreneurial innovation. [Source]
Back in the good old days of the porous Great Firewall, Chinese authorities also practiced what I thought of as a principle of “minimum surplus repression.” They would strike without compunction against any person or group they considered threatening but otherwise seemed inclined to let the normal ferment of life churn on. Now we’re seeing surplus, gratuitous repression as well. I have no idea where this trend ends, but at the moment it doesn’t seem to lead anyplace promising.
[…] I’d like to find a bright side in this news, but I can’t. [Source]
Also at The Times, Paul Mozur reported on strict new security requirements for technology vendors to China’s banking sector, which would grant Chinese authorities unprecedented access to the guts of foreign firms’ software, and have prompted swift protest from U.S. businesses.
The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China.
The new rules, laid out in a 22-page document approved at the end of last year, are the first in a series of policies expected to be unveiled in the coming months that Beijing says are intended to strengthen cybersecurity in critical Chinese industries. As copies have spread in the past month, the regulations have heightened concern among foreign companies that the authorities are trying to force them out of one of the largest and fastest-growing markets.
[…] While the Obama administration will almost certainly complain that the new rules are protectionist in nature, the Chinese will be able to make a case that they differ only in degree from Washington’s own requirements.
The United States has made it virtually impossible for Huawei, a major Chinese maker of computer servers and cellphones, to sell its products in the United States, arguing that its equipment could have “back doors” for the Chinese government. [Source]
The implications of surrendering source code were discussed last week after state media announced that Apple had agreed to submit to security checks. From Heather Timmons at Quartz:
“Handing over source code [would] mean that the Chinese government will know exactly how an Apple software works,” said Percy Alpha, a pseudonymous founder of the anti-censorship group GreatFire.org.
Inside knowledge would make it much easier for the Chinese government to find bugs and vulnerabilities in Apple’s products, he said, and “the government can then exploit such vulnerabilities to hack iPhone or MacBooks.” […]
[…] Most alarmingly, Alpha added, an agreement would mean that “Apple users world-wide are much more vulnerable to spying from the Chinese government.”
[…] Other analysts agreed Apple had probably promised to turn over its source code to China’s government, but disagreed about the consequences. [Source]
That Apple may already have been asked to comply with such requirements highlights fears that their scope will expand beyond the banking sector. Human Rights Watch noted, for example, that similar but broader rules are present in China’s draft anti-terror law:
All telecommunication and Internet service providers would be required to provide the government with “backdoors” and a copy of the encryption systems they use, and assist with decryption (arts. 15-16, 94). Requiring companies to do so could actually undermine security because these services would be more vulnerable to hacking. All telecommunication and online service providers would be required to store user data within China’s borders (arts. 15, 93). Providers that do not comply will not be allowed to operate in China (art. 15). This information will be networked with the new national counterterrorism intelligence center (arts. 41-52). [Source]
The organization warned of the corrosive effects of electronic surveillance in a supplement to its 2015 World Report this week. Read more on the HRW report and its counterpart from Freedom House via CDT.
Meanwhile, The Wall Street Journal’s Eva Dou and Don Clark reported that China is cultivating its domestic chip industry, partly in order to avoid foreign snooping at the component level (while potentially enabling its own).
Cybersecurity concerns are helping to shape a new wave of technological development in China, adding another impetus to a well-financed government campaign to reduce the country’s dependence on foreign components. Semiconductors have emerged as a focus, both because of their economic importance and in controlling key functions of smartphones, televisions, computers, networking equipment and other products.
[…] The push dovetails with China’s growing aspirations to move beyond the factory floor and foster homegrown innovation. Though the country has become a dominant maker of smartphones and other products, the vast majority of chips inside them come from foreign suppliers including Qualcomm Inc.
[…] The U.S. government has long operated programs to make sure that chips used in military systems are produced in Pentagon-monitored domestic factories. It is also helping to fund research in ensuring that chips made in foreign factories for other kinds of devices haven’t been improperly modified, though there is little evidence such tampering has occurred. [Source]
The dovetailing of security concerns with commercial interests that Dou and Clark note also occurs elsewhere. While China’s Internet filtering has obvious political dimensions, for example, it is also said to have provided a sheltered nursery for homegrown companies, allowing some to grow into giants. (Xinhua wondered on Friday whether some might have grown too big.) From Te-Ping Chen at China Real Time:
In a press conference this week, Ministry of Industry and Information official Wen Ku declared that China’s Internet companies owe their successes to the “good policy environment” created by the Chinese government.
It’s a message that was promptly recirculated, notably on Wednesday, in a Global Times piece that said the “Great Firewall,” as the country’s sophisticated Internet filtering system is commonly known, was in fact misunderstood.
[…] The column repeated an argument often made by tech analysts: that the success of China’s biggest Internet giants — Baidu, Alibaba and Tencent, the so-called “BAT” of the country, with billions of dollars in market value – could be credited to the firewall. Conventional wisdom in China tech circles holds that blocking of sites like YouTube, Twitter and Google has provided Chinese Internet giants with the space they needed to grow.
Without the firewall, Global Times said, “China would become the realm of Google China, Yahoo China and Facebook China.” [Source]
Bill Bishop, editor of the influential Sinocism newsletter, said the “gilded cage” constructed around the Chinese Internet has proved enormously profitable. At the same time, attempts to organize protests through social media have been crushed, and the faintest echo of the Arab Spring silenced.
“From this perspective, where is the problem with the policy?” Bishop asked. [Source]
The problems, others have argued, may soon materialize. George Chen suggested at South China Morning Post that digital isolationism will become a serious drain on China’s economic vitality:
The Qing dynasty’s “closed-door” policy paid a huge price for the future of China. It missed a rare opportunity to quicken the pace to reform itself into one of the leading powers in Asia. Instead, it was eventually forced by foreign invaders to “open the door” of the country.
[…] The price Beijing will pay for its “closed-internet” policy will be huge. Many mainland scholars are now limited to do their research as they can rely mostly on domestic search engines and online research tools where English-language information is limited. Students also find it difficult to stay in touch with foreign universities or employers after the blocking of Google’s email service.
Ironically, as Beijing stepped up its push to block VPN services last week, Vice-President Li Yuanchao made a rare comment that he believed he was a victim of “overseas online rumours”. Indeed, Li has been widely reported overseas for the past few weeks as the next potential target in President Xi Jinping’s anti-graft probe.
For Li, does that mean the “closed-internet” policy can save his reputation? We know a Chinese proverb ” yan er dao ling”, which means “to plug one’s ears while stealing a bell”. If Beijing thinks shutting down the internet will make everything look good, it may sound too simple and too naive. [Source]
Tom Lowenthal, Staff Technologist at the Committee to Protect Journalists, argued similarly:
Whatever the Ministry’s reasons for the latest change, it’s clear that China’s censorship regime is counter-productive at best, and likely very disruptive to the economy. Because “successful” censorship requires blocking everything that could possibly be used to sneak around the restrictions, Chinese companies are denied access to some of the world’s most useful secure online collaboration tools and critical enabling technologies.
Many pieces of free and open source software; all of Google’s online collaboration tools; numerous secure communication and remote-management tools–all are unavailable in mainland China. These technologies allow small, distributed, and high-tech business to grow and work faster and more reliably than ever before. Entrepreneurs and small businesses from Silicon Valley to Berlin rely on them. But they simply aren’t accessible in China.
Beyond the fact that China’s censorship is an unethical infringement on a free press and a free society, it’s a drain on China’s global economic competitiveness. [Source]
[… T]his push for greater control could cost China dearly. The country’s businesses and professionals say it has become increasingly difficult for them to communicate with customers and suppliers abroad or to obtain scientific data and research from the rest of the world. Executives at Chinese banks are reportedly worried that they will have to rely on substandard domestic computer equipment that could make their systems more vulnerable to hacking by criminals, foreign rivals and others.
Foreign businesses and governments are rightly saying these new policies amount to protectionism. The changes also seem to make a joke of China’s commitment to abide by global trading rules established by the World Trade Organization and of its stated desire to deepen trade and investment ties with the United States and other countries. Officials from China and the United States are negotiating a bilateral investment treaty that is supposed to make it easier for companies from each country to do business in the other nation. American officials should use those talks to put China on notice that its latest security policies are wrongheaded and unacceptable. [Source]
Tim Berners-Lee, the inventor of the World Wide Web, suggested in 2013 that China’s own self-interest would ultimately lead to a relaxation of control: “The agility of a country which allows full access to the web is just greater; it will be a stronger country economically as well.” Amid this week’s gloom, a similar prediction came from Zhu Chengming of China’s State Council Information Office in a China.org.cn article by Zhang Rui on China’s weak social media diplomacy:
[” …O]ur organizations and enterprises don’t do enough on Weibo or other social media platforms,” he said, “and we can’t log on to Twitter and Facebook when we are in China because it is a double-edged sword: If the Internet blocks were to be removed, we could export information to others, and they could send theirs back to us. For now, this is not easy to control, so the status quo will stay in place for a while. China is still a developing country, and we need time to strengthen it and have more confidence in ourselves. But I believe in the future, China will be more open to embracing the world, and then we can free our minds.” [Source]
The article, like others on the site, closes with encouragement to “Follow China.org.cn on Twitter and Facebook to join the conversation.” Leading a ChinaFile Conversation on the recent tightening—which also includes contributions from Greatfire.org’s “Charlie Smith,” Thomson Reuters China’s former chairman David Schlesinger, and CDT founder Xiao Qiang—SCMP’s George Chen highlighted this irony:
Ironically, Beijing has adopted a double standard where global social media are concerned. In recent months, state-owned media organizations such as the official Xinhua News Agency and China Central Television launched official and verified Facebook and Twitter accounts. On the one hand, Beijing tries to tell 1.3 billion citizens they can’t get on Facebook and Twitter inside China. On the other hand, Beijing allows and most likely encourages state media to occupy foreign social media platforms to better tell the China story now that the nation is firmly in the spotlight as the world’s No.1 economy. Beijing’s double standard Internet policy will cause embarrassment. The young generation of Chinese is not stupid or naïve. Naturally, some smart kids will doubt such a double standard.
Beijing may continue to push more propaganda via Facebook and Twitter to improve its image, but the recent series of Internet policy tightenings forbidding the leak of any kind of bad news about the government and its leaders will only fuel domestic doubts about the government’s level of self-confidence. [Source]