Is China’s Cybersecurity Law Visionary?

Jan 05 , 2017
It is a myth that the Chinese language contains the curse “may you live in interesting times.” However, si non e vero, e ben trovato (as Giordano Bruno said, “If it is not true it is very well invented”). Certainly, current times in cyberspace seem to be getting very interesting very rapidly, indeed.
One major event was the recent promulgation of China’s Cybersecurity Law, in November 2016. With its provisions mandating real-name registration systems, localization of particular data, open-ended corporate cooperation with government inquiries, and more stringent security checks and licensing procedures for ICT products, this law has, predictably, elicited rather negative responses from foreign businesses, governments and NGOs.
The arguments they bring to bear are based on the post-Cold War consensus of openness and globalization: borders should not stand in the way of trade, capital and ideas. Businesses should be able to reconstruct themselves as efficiently as possible, utilizing the comparative advantages that different countries can bring to a value chain. Ideas should flow freely because (or so it is often naïvely held) only in that way can societies emancipate themselves and democratize.
These arguments are particularly salient when discussing the Internet, because more than any other human artefact, it is emblematic of those heady ideas from the optimistic Nineties. The Internet would be the technology that would bring progress, liberation and development everywhere in the world, while eradicating poverty and dictatorship from the face of the earth.
These ideas are now rapidly disappearing from view. While scepticism about the techno-utopian approach had already been growing in expert circles, a number of major events in recent years have shattered the belief that the Internet is only, or even largely, benign. The Snowden revelations starkly revealed the ability of sophisticated state actors to carry out large-scale monitoring at a global level. Attacks against critical infrastructure are growing in intensity and sophistication—just ask the national grid in Ukraine or the Central Bank of Bangladesh. The Mirai botnet, which appeared in several successive attacks, has demonstrated the potentially enormous security threat emanating from Internet of Things gadgets that aren’t properly made safe. As security expert Bruce Schneier recently told the U.S. Congress: “It might be that the internet era of fun and games is over, because the internet is now dangerous.”
Moreover, that danger is not limited to classical technical approaches of cybersecurity, it has also upended the assertion that broader Internet adoption would lead to citizen empowerment and social progress. ICT technology has made it easier for everyone to interact, communicate and organise regardless of the moral quality of their purposes, from the masses on the streets of the Arab Spring to ISIS. Empowerment to generate online comment also led to the sort of disinformation tactics seen in the run-up to the UK’s referendum vote to leave the European Union, as well as the Breitbart-type insurgent politics in the United States. But the most egregious and controversial example is the Russian campaign to intervene in the U.S. electoral process. Perhaps ironically, the U.S. thus seems to have fallen victim to what Beijing has long feared would happen to them: ideological infiltration by a geostrategic adversary aimed at upsetting the political system. Moreover, Russia now seems to have targeted Germany, where an electoral defeat for Angela Merkel would result in a watershed for Western politics.
While China is not invulnerable to utopian tendencies of its own, in this light, one is almost driven to conclude that, with its new cybersecurity law, it has assessed the threats that might emerge from cyberspace quite soberly. The key element in its response is its assertion of cyber sovereignty. The element most discussed of this concept is the notion that China attempts to draw borders in cyberspace as they exist in real life. In other words, it attempts to separate domestic and foreign spaces, in order to ensure controllability of the former. A less prominent, but equally important meaning of cyber sovereignty, is the supremacy of the state over non-state stakeholders. In other words, while it is acceptable for businesses to thrive online, and civil society to organize, it is the state that has the final responsibility and authority to maintain peace and stability. As part of this, the business interest in global markets is secondary to the state’s importance in ensuring technical security, which in the Chinese political mind-set currently also includes technological self-sufficiency.
One can rightly wonder to what extent the cybersecurity law will be able to achieve its goals. Paradoxically, a considerable proportion of the insecurity China faces in cyberspace, is due to government measures for control: instances include cases where the use of (inferior) domestic technology is mandated, or where confidential information or data is sold by corrupt officials somewhere in the bureaucracy. Yet at the same time, one cannot help but notice to what extent foreign stakeholders are now starting to make arguments that have been part and parcel for Beijing’s jargon for years. One can easily imagine Beijing censors chuckling at the newfound outrage about fake news on U.S. social media, or about Angel Merkel’s calling into question the internal kitchen of search engines. In short, it may well be that a storm is coming in cyberspace, and that China was the first to batten down the hatches.
You might also like