Search for

No matches. Check your spelling and try again, or try altering your search terms for better results.

assessments

Nov 8, 2016 | 09:00 GMT

9 mins read

What the Great Firewall of China Can't Keep out

What the Great Firewall of China Can't Keep out
(Stratfor)
Forecast Highlights

  • China's new cybersecurity law will strengthen the Communist Party of China's control over the country's internal network by boosting the number of requirements operators must follow.
  • Monitoring and directing the flow of information will remain key to the Party's survival, though doing so will become more difficult as the Chinese economy grows more reliant on digital information and goods.
  • To meet its political goals without stifling growth, Beijing will continue to pull China's most powerful technology companies into its orbit, giving them a vested interest in supporting the status quo and the Communist Party's rule. 

China has finally passed a long-awaited cybersecurity law that will usher in a new era of regulation in the country's digital and technology sector. Previous versions of the bill, which just completed its third and final round of review, make it clear that the state intends to tighten its already firm grip on the industry. Now that the new law is passed, one thing is certain: The Communist Party of China is eager to protect its position in power by controlling the flow of information in China.

That said, closely guarding the exchange of data runs counter to the idea of maintaining a vibrant technology sector, an important part of China's plan to move its economy toward higher-end products. Its allure, however, is unlikely to outweigh Party leaders' concerns about safeguarding cohesion and social stability — the things that guarantee their political futures. Instead, President Xi Jinping will do what he has always done, cutting off avenues of dissent by taking China's cybersecurity policy into his own hands.

Controlling the Spread of Information

The changes in China's telecommunications industry over the past decade have been staggering. Ten years ago, only 10 percent of Chinese citizens had access to the internet, and even then, access was largely limited to offices, universities and internet cafes. Today, the figure has risen to 50 percent, though it is even higher among young adults and educated communities, and people often browse the internet on personal devices. (Some 40 percent of Chinese adults now own smartphones, which were not commercially available in 2006.)

The explosion of connectivity among China's population has created some serious headaches for its leaders. China's greatest geopolitical imperative has long been to unite its economically and geographically diverse Han core, a difficult task that requires careful management from Beijing. The country's deepening economic problems and growing inequality have only added to its challenges, and the rise of social media and the internet — tools that were critical in the organization and spread of the Arab Spring — has given Chinese officials pause. Younger, wealthier and more educated citizens now have more ways to communicate with a wider audience, and Beijing is deeply concerned about its ability to prevent and respond to the outbreak of protests. After all, students took to Tiananmen Square to demonstrate against the government less than three decades ago, and the memory of the violent crackdowns that ensued is still fresh in the minds of many Chinese authorities and citizens.

So, though most observers equate Beijing's cybersecurity policy with its outward-facing capabilities in espionage and cyberwarfare, its actual strategy has as much to do with cyberspace at home as abroad. Smartphones and mobile communication are particularly worrisome for Beijing because they decentralize the dissemination of information. Prior to the inception of mobile devices, traditional media outlets — the majority of which are still owned and heavily censored by the state — and internet cafes were largely responsible for transmitting information among China's different regions and populations. And as known, stationary entities, they were easier to shut down whenever the threat of social unrest or political dissent reared its head. As means of communication have proliferated and dispersed, however, controlling data and cracking down on budding popular movements have become much harder. The Chinese government still has more influence than most over the sharing of information within its borders, but maintaining it in the face of technological progress is becoming more difficult by the day.

Aware of the growing risks to his monopoly on power, Xi has personally led the push to overhaul China's cyber strategy by ordering the groups crafting it to report directly to him. For the president, the propagation of communication is just as big a political threat as the rise of alternative ideologies and bases of influence. Though the Great Firewall of China has blocked much of the information flowing into the country, it cannot be easily replicated within China's own protected network — especially as that network continues to expand.

To make matters more complicated for Beijing, tamping down communication also conflicts with one of its biggest policy goals: taking advantage of digital information, software and hardware to spur economic growth. The very thing that China seeks to control is now a tool its economic prospects depend on. (By comparison, the country's traditional media never overlapped with low-end manufacturing, making them easier to wield for political ends in the 1990s.) Balancing the needs of fostering development and stemming the flow of information that could undermine Beijing's rule will be no easy feat, but it will be paramount to the Communist Party's success in the years ahead.

Sovereignty in Cyberspace

China's new cybersecurity law reflects Xi's attempt to strike that balance. When its first iteration appeared in July 2015, just days after China enacted several other strict national security measures, it immediately provoked backlash from the international community. Foreign investors in particular criticized the stringent constraints the bill put on international companies while protecting Chinese firms and encouraging the acquisition of foreign technology. Though their response was neither unexpected nor desired, Beijing could not assuage their concerns by ceding its digital sovereignty. It therefore came as little surprise when, after a year of debate with Western companies, China introduced a second draft in July that was much the same as the first. Though the details of and adjustments to the latest version of the bill are still emerging, the third version no doubt looks very similar to its predecessors.

One of the cybersecurity law's key features is its data localization requirement. Under the new bill, companies that run China's critical information infrastructure (a nebulous term Beijing has yet to define) will be required to store information on physical databases inside the country. That data will not be permitted to cross China's borders unless it is necessary to business operations and subjected to security risk compliance tests. If implemented, the regulations would enable Beijing to monitor and seize information at will. They could also, if interpreted broadly enough, require foreign companies storing information about Chinese citizens — most of which are U.S. firms — to house their data in China instead of their home countries, where intelligence agencies are often better able to access them. In the wake of recent revelations about the U.S. National Security Agency's global surveillance activities, China has become all the more eager to carve out a measure of sovereignty in the digital realm with tools such as data localization laws.

The new legislation also stipulates that companies must comply with and aid any investigations Beijing conducts. A similar issue was raised in the United States earlier this year when the FBI tried to force Apple Inc. to break into its iPhone operating system to help law enforcement decrypt the cellphone of San Bernardino shooter Syed Farook. The extent to which Apple and other major corporations would be required to cooperate with officials under Chinese law has been up for debate for some time; in fact, even the level of firms' existing compliance is not widely known.

Finally, the cybersecurity law will take steps to remove the anonymity of the internet by mandating the maintenance of a robust database of personal information and activity logs. People hoping to access online services will first have to register basic details about themselves, and companies will be required to track at least six months of their network activity.

Balancing Politics and Progress

Along with adding a layer of complexity to doing business in China, the country's new cybersecurity bill will add to the costs as well. By limiting opportunities for Chinese and foreign companies alike, it will pile more challenges on top of those already facing the country's fledgling technology sector. According to China's economic strategy, the information technology and science industry — which includes hardware production, software development and digital services — will someday serve as the cornerstone of an economy that is no longer based on manufacturing exports. But the freedom of information within and beyond China's borders is vital to that sector by its very design. Should China raise new barriers to investing in its technology industry, some foreign firms may choose to avoid it altogether, giving their Chinese competitors a chance to flourish but slowing the country's acquisition of technology and know-how in the process.

Of course, legislation is by no means the only way that China is trying to squeeze the flow of data. Chinese technology companies are also becoming more intimately linked to the country's governing institutions. Over the past two years, Beijing has made an effort to more deeply ingrain such firms into policymaking, for instance by requiring company figures to play a role in reaching strategic decisions. In October, powerful tech entrepreneur Jack Ma gave a high-profile speech in which he called on technology and big data companies to try to solve Chinese cybercrimes before they happen. Rather than attempting to control these firms, the CPC is hoping to give them a reason to protect its standing in Chinese politics.

And that is the key to wedding Beijing's seemingly contradictory goals. By granting private technology firms the flexibility to conduct business independently while ensuring that they have every incentive to uphold — rather than challenge — the existing political order, the CPC can safeguard both its economic vision and its political prospects. But the line between maintaining order and flexibility is razor thin. If the Chinese government leans too far in either direction, it could upset the status quo it has worked so hard to protect.

Connected Content

Regions & Countries

Topics Search

Copyright © Stratfor Enterprises, LLC. All rights reserved.

Stratfor Worldview

OUR COMMITMENT

To empower members to confidently understand and navigate a continuously changing and complex global environment.

GET THE MOBILE APPApp Store
Google Play