Image Courtesy: The Diplomat
Ranjani Srinivasan, Demystifying Chinese Cyber Sovereignty (KW Publishers)
C3S Occasional Paper by Ranjani Srinivasan, ‘Demystifying Chinese Cyber Sovereignty’ is a comprehensive analysis of China’s call for cyber sovereignty and its aim to expand its global power to the realm of Information and Communication Technology (ICT). Ranjani explores the implications of China’s push for cyber sovereignty for several significant domains like security, the Chinese digital economy and relations with other nations and international bodies. Ranjani supports her theoretical analysis with the case study of the American MNC Apple’s compliance with Chinese security measures and the “whip-cracking attitude of the Chinese government.”
China’s Push for a Multilateral Governance System
The Author presents a clear picture cyber security climate in China, drawing on their efforts in the three World Internet Conferences between 2014-2016. In these conferences, China intended to further global cooperation in cyberspace governance based on ‘cyber sovereignty’, which affirms each country’s right to control its internet infrastructure and content flows. Ranjani presents a comprehensive and technically well-detailed background of the governance of the existing global Internet order. She details that the United States of America (USA) has maintained a tight grip on Internet governance by striking a deal with the Internet Cooperation for Assigned Names and Numbers (ICANN). This granted the USA critical administrative capacities - with the allocation of numbering resources and DNS root zone. The contract expired in 2016, opening the management and coordination of the internet’s unique identifiers to the private sector using a multi-stakeholder model. The multi-stakeholder model makes Internet governance significantly more democratic and includes different business, technical, academic and civil perspectives to maintain a free, open and accessible Internet. Although the trajectory of Internet governance systems and the merits and demerits of the different models of governance based on World Bank data is well presented, the efficacy of each system, their failings and challenges in the practical international arena are not highlighted with the same clarity. Deciphering how these systems play out in the global arena is crucial to understanding better the trajectory of internet governance.
The World Internet Conferences revealed Xi Jinping’s preference for a multilateral strategy for internet governance that priorities protecting nations' cyber security and the socioeconomic development of its citizens. The multilateral approach puts governments in charge of crucial internet resources, allowing them to regulate privacy, expression, and surveillance according to national cultures and interests. The paper takes a nuanced perspective on the Chinese call for cyber sovereignty and locates China’s discontent as a complex response to myriad challenges. First, the Chinese notion of cybersecurity is distinct from the Western idea, emphasising the danger of ideological threats over technical ones. Xi’s conference singled out Western counterparts for violating international internet laws and held that the USA’s internet control was undemocratic and dangerous. Ranjani touches on these four significant challenges within cybersecurity: encryption, intellectual property rights, hacking, and data localisation.
Strengthening Chinese cyber sovereignty: Tackling Challenges in Cyber Security
Foreign companies were required to report their encryption keys as part of a series of Chinese counter-terrorism efforts. This move was harshly received by then-President Obama, who claimed that these new laws would allow China to ‘snoop and keep track of those services’. China has responded firmly to these allegations, claiming that both the USA and the United Kingdom follow similar practices as China. Moreover, they claim that the new counter-terrorism law draft complies with standard industry practices. Here the paper does not delve into the veracity of these allegations or compare the corresponding policies in the country. Instead, it engages with the merits of the US and UK arguments. For instance, China has banned several services under the guise of ‘national security’, reducing payments to foreign patents and promoting Chinese producers. In the case that Chinese cyber sovereignty is achieved, China may have complete and uncontested control over encryption policies with weak jurisdiction awarded to authorities.
Second, intellectual property rights form a significant bone of contention between the US and China, an essential discussion in the backdrop of expanding manufacturing in China, the largest producer and consumer of counterfeit goods. Since the publication of this brief, there have been significant changes in China’s approach to IPR, possibly propelled by the international scrutiny it has come under for the issue. Between 2019 and 2020, China increased the maximum damages liable for copyright law infringement and tripled the number of lawsuits in courts. However, a country’s track record in being able to enforce IPR depends significantly not just on the legal system but also on the public perception of the importance of IPR and the rule of law in the country.
Another significant attempt to reinforce sovereignty was the cyber security law of 2017, which imposed rules and regulations on the data flowing in and out of the mainland. Ranjani touches on other measures in the same year that subject network operators to the assessment of data transfer. In addition, hacking and other untraceable cyber-attacks cause significant problems. Different modes of control complement these legislative measures that enhance domestic cybersecurity. For instance, the censorship of academic scholarship and journalism threatens China’s integration with the liberal order. Ranjani details the case of Apple’s rise in China as the first foreign company to agree to the rules of cyber security in China, making more concessions in China than within the USA. Although Apple is subject to audits by state authorities and its local user data is moved to China Telecom, a state-owned and controlled enterprise, Apple holds China in a place of importance as it is the location of several manufacturing services. Here, the paper does not trace the responses of other companies. However, it may be helpful to understand the variations in the responses of Chinese and foreign companies to the new cyber security measures.
The Road Ahead: Political and Economic Implications of Chinese Cyber Sovereignty
The implications for the Chinese call for cyber sovereignty stretch far and wide. It heavily influences the One Belt One Road (OBOR) initiative and the Digital Silk Road, which seeks to enhance international digital connectivity. This initiative is crucial in discussing the Chinese cyber sovereignty climate, which improves China’s participation in the governance norms body. It also facilitates exporting demand-based cyber security technology like face recognition software to emerging markets. Here, it may also be relevant to explore the prognosis of how other countries, particularly democratic countries that are ideologically opposed to the CCP, will respond to China’s claims of cyber sovereignty and their stakes in the situation. The variations in their rhetoric and its sources and implications form an important agenda for future research. Post-pandemic challenges and the fear of surveillance have limited the growth of Chinese tech firms abroad, worsened by their nationalistic rhetoric. Cyber sovereignty would allow countries to manage their security according to their requirements. A question that emerges from this issue is to what extent China will be able to adhere to its vision of cyber sovereignty. According to the author, the propagation of the BeiDou network over the American Global Positioning System could pose a security risk, compromising other countries' cyber security and sovereignty.
Currently, Pakistan and Russia are major hubs of the BeiDou network. China continues to persuade its South Asian allies that have signed onto the BRI initiative, like Sri Lanka, Nepal, and Bangladesh, to adopt the system. In addition to economic realms, China’s major moves in cyber security have dovetailed with its political ambitions in the Spratley and Paracel Islands in the South China Sea. In response to competing claims over the islands, China has launched attacks on over 68 Philippine websites and Vietnam’s national airlines and airports hacked by a Chinese hacking group, with similar instances in the conflict over the Diaoyu Islands. Again, this section reveals China’s double standards in its call for cyber sovereignty.
Ranjani’s conceptual base for the occasional paper is highly relevant in the current scenario where China is emphasising its unique Party-to-Party relations between nations in the international arena regarding economic, social, and political concerns. Having secured stable allies, both Chinese diplomacy and the reach of its technology firms are the two significant sources of Beijing’s influence. Despite being at the top of the game in AI development, the rise of generative AI, like the recently developed ChatGPT that can provide and amalgamate disparate information regarding various topics, could threaten Chinese cybersecurity and iron-fisted control of free speech. China has hastened to make regulatory moves over the power of AI software to question the legitimacy of the CCP, challenge the core values of socialism or undermine its national unity. At this juncture, these technological developments and the public perception of cyber sovereignty may influence the form it takes since the conception is at its nascent stages.
The emphasis on free speech, a democratic and unregulated internet and the general public's sentiment towards the unregulated internet and AI may be crucial to maintaining the balance of power in cybersecurity.