Beijing Wants to Rewrite the Rules of the Internet

Sacks, The Atlantic, Jun 18, 2018 
Jinping wants to wrest control of global cyber governance from the market
economies of the west.
Aly Song
/ Reuters

never been a worse time to be a Chinese telecom company in America. This
evening, the Senate is set to vote
on whether to restore a ban on U.S. company sales to prominent Chinese telecom
player ZTE, a penalty for its illegal shipments to Iran and North Korea. The
bill also includes a measure that would ban U.S. government agencies from
buying equipment and services made by ZTE and Huawei, one of its competitors,
to tackle cyber threats to U.S. supply chains. Meanwhile, a revelation that
Huawei was among the companies with whom Facebook had data-sharing agreements,
which allowed device makers to access user data and that of their friends,
sparked fears that the Chinese government now possesses a treasure trove of
sensitive data on U.S. citizens.

ZTE and
Huawei have become flashpoints in the Trump administration’s confrontation with
Beijing over cybersecurity, investment, trade, and technological leadership.
All this comes as the administration slapped tariffs on $50 billion in Chinese
goods last Friday. But amid the hysteria surrounding these two companies, we
may be missing a less obvious but potentially more impactful challenge: China’s
ambitions to radically overhaul the internet.
In late
April, just days after the Commerce Department announced the denial order
against ZTE, Xi Jinping, the president of China, gave a major speech
laying out his vision to turn his country into a “cyber
.” His speech, along with other statements and policies he
has made since assuming power, outlines his government’s ambition not just for
independence from foreign technology, but its mission to write the rules for
global cyber governance—rules that look very different from those of market
economies of the West. This alternative would include technical standards
requiring foreign companies to build versions of their products compliant with
Chinese standards, and pressure to comply with government surveillance
policies. It would require data to be stored on servers in-country and restrict
transfer of data outside China without government permission. It would also
permit government agencies and critical infrastructure systems to source only from
local suppliers.
China, in
other words, appears to be floating the first competitive alternative to the
open internet—a model that it is steadily proliferating around the world. As
that model spreads, whether through Beijing’s own efforts or through the model’s
inherent appeal for certain developing countries with more similarities to
China than the West, we cannot take for granted that the internet will remain a
place of free expression where open markets can flourish.
China has
been open about its intentions to change
how the world addresses development. As part of that vision, for over a decade,
it has advocated
for something its leaders call “cyberspace sovereignty” as a rebuke to
established actors in internet governance like the United States, Europe, and
Japan. To advance this model, Xi created a powerful
government body to centralize
cyber policy. In addition to passing a
major cybersecurity law, China has pushed through dozens of regulations and
technical standards that, in conjunction, bolster the government’s control of
and visibility into the entire internet ecosystem, from the infrastructure that
undergirds the internet, to the flow of data, to the dissemination of
information online, to the make-up of the software and hardware that form the
basis of everything from e-commerce to industrial control systems. In a 2016
speech, Xi called for core internet
deemed critical to national and economic security to be
“secure and controllable”—meaning that the government would have broad discretion,
even without specific written regulations, to decide how it protects
information networks, devices, and data.
cyber governance plan appears to have three objectives. One is a legitimate
desire to address substantial cybersecurity
, like defending against cyber attacks and keeping stolen
personal data off the black market. A second is the impulse to support domestic
industry, in order to wean the government off its dependence on foreign
technology components for certain IT products deemed essential to economic and
national security. (In effect, these requirements exclude foreign
participation, or make foreign participation only possible on Beijing’s terms.)
The third goal is to expand Beijing’s power to surveil and control the
dissemination of economic,
social, and political information online
achieve these objectives, Beijing has instituted standards that force foreign
companies to build China-only versions of their products, and to comply with
government surveillance policies. Government security audits allow Beijing to
open up these companies’ products and review their source code, putting their
intellectual property at risk, which was documented comprehensively for the
first time last March in a report
by the Office of the United States Trade Representative. Article 37 of the
cybersecurity law also increases government control over the sort of data that
can be transferred out of the country, while unwritten
reward companies that store data on local servers.
Many of
these elements serve a dual purpose: supporting domestic industry while further
closing off the internet. Freedom House
ranks China as “the worst abuser of internet freedom,” noting that its
government affiliates “employ hundreds of thousands or even millions of people
to monitor, censor, and manipulate online content.” Such policies also
effectively exclude foreign content, leaving Chinese providers with uncontested
market openings.
Beijing wants not only to prevent the United States from interfering with its
domestic cyber policies: It also wants to set the tone
for how the rest of the world governs the internet. To exert influence on its
partners, it uses direct outreach to foreign governments, as well as massive
investments in internet technologies through the Belt and Road Initiative,
extensive military-to-military cooperation, and growing participation in international
In 2015,
for instance, China selected Tanzania (China is Tanzania’s largest trade
partner) as a pilot country
for China–Africa capacity-building, giving Beijing substantial influence over
Tanzania’s government. China used that influence to foster collaboration around
cyberspace governance. Since 2015, Tanzania has passed a cyber-crime law and subsequent
on internet content and blogging activity that parallel
China’s content controls. Both have been informed by technical assistance from
the Chinese government. At a roundtable in Dar es Salaam sponsored by Beijing,
Edwin Ngonyani, Tanzania’s deputy minister for transport and communications, explained, “Our Chinese
friends have managed to block such media in their country and replaced them
with their homegrown sites that are safe, constructive, and popular.” Among
other countries where China invests heavily, Nigeria
has adopted measures requiring that consumer data be hosted in Nigeria, while
Egypt has pending legislation that would mandate ride-sharing companies to
store data in-country while also making it more accessible to authorities.
Chinese partners like Ethiopia, Sudan, and Egypt engage in aggressive online
content control
countries, meanwhile, have adopted only parts of China’s law. Independent of
Beijing, Russia has forged a model akin to China’s, embracing an intrusive
government role in cyberspace including the most expansive data localization
and surveillance regime in the world. Last week Vietnam adopted a cybersecurity
law that mirrors
China’s. India has imposed some indigenous
technical standards
, and is considering legislation to enact domestic-sourcing
for cybersecurity technologies.
model appeals to these countries because it provides them with tools to take
control of an open internet. Online platforms used for terrorism and political
dissent threaten national stability. The Edward Snowden revelations and
crippling cyber attacks like WannaCry and Mirai create a sense of vulnerability
that China’s model promises to fix.   
The most
alluring feature of the China model appears to be content control, as a broad
range of China’s neighbors and partners engage in blocking, filtering, and
manipulating internet content. Also alluring: its rules for storing data on
servers in-country, which can help law enforcement and intelligence officials
get access to user information.
problem with China’s model is that it crashes headlong into the foundational
principles of the internet in market-based democracies: online freedom,
privacy, free international markets, and broad international cooperation. China’s
model may also not even be effective in delivering on its promises. For
example, government-imposed content-control measures have proven to be poor
tools in fighting online extremism. Filtering or removing online content has
been compared to a game of “whack-a-mole,”
making it ineffective and cost-prohibitive. Such controls also suppress
countervailing discourse from key anti-extremism influencers, which have proven
to be effective
in offering compelling alternative narratives and discrediting extremist ideas.
implications for the strength and resilience of the global internet ecosystem
are troubling. China’s control-driven model defies international openness,
interoperability, and collaboration, the foundations of global internet
governance and, ultimately, of the internet itself. The 21st Century will see a
battle of whether it is the China model or the more inclusive, transparent,
collaborative principles that underpinned the internet’s rise that come to
dominate global cybersecurity governance.