China’s Vision for the Internet
Part One of State Perspectives on Cybersecurity
China, the world’s second largest economy, is a rising star on the global stage. Increasingly involved in international affairs, cross-border agreements, and trade partnerships, the country is largely following the economic and political paths experts predicted several decades ago.
Many assumed that as China became more strongly linked to the world beyond her borders, so she would move towards a more liberal political agenda, ultimately embracing democracy. Not only has this failed, but it appears that China’s exposure to Western democratic systems has driven greater Party dominance — reinforced through strict internet monitoring and controls. With the bombing of the Chinese embassy of Belgrade by the United States in 1999, and the reports that the US had used electronic attacks as part of the plan, China’s leaders came to realise that its national security could be threatened digitally.
Since then, the “Chinese Firewall” (a name often given to the strict set of legislation and regulations controlling internet-use in Mainland China) has become highly sophisticated and China has come to operate what is essentially a nation-wide intranet system.[1]
1995: The Year the Internet Came to China
The many and various political upheavals China experienced during the twentieth century meant that she remained digitally unsophisticated for a relatively long time. Not so today.
Now, a little over twenty years after the general public first gained access to the internet, China has the world’s biggest population of netizens, it is the world’s biggest producer of desktop computers, and it has some of the world’s biggest telecommunication equipment providers. The country, its population and leadership, have become an ‘Information Society’ embracing the ‘Information Age’[2] — a national policy goal explicitly embraced by the Chinese government in 2000.
China’s embrace of the ‘Information Society’ was closely followed by a similar global embrace. And, in 2002 and 2003, the United Nations (UN) hosted the World Summit on the Information Society (WSIS). Since 2000, China has fast moved from being a digitally unsophisticated nation to being one of the frontrunners in digital development and control. Participant nations in the WSIS envisioned the transformation of society through the development of a ‘knowledge economy’, an idea summarised by the UN as a society “where everyone can create, access, utilise, and share information and knowledge … [to] achieve their full potential … [in] improving their quality of life” (UN Docs WSIS-03/GENEVA/DOC/4-E 12 December 2003). Both China and the wider international community, digital technologies were understood to have the potential to vastly alter society. The ‘Information Society’ was the newest incarnation of the ‘Industrial Society’.
In Chinese, ‘Information Society’ is most often translated as xinxi shehui (信息社会); a common substitute is xinxihua (信息化)which can be translated back into English as ‘informatisation’.
In Chinese sources, xinxihua (informatisation) is often used in contrast with industrialisation (chanyehua or gongyehua) as a period in the country’s social and economic history.
As such, informatisation has been defined by the Chinese government as
“the historical process, during which information technology is fully used, information resources are developed and utilised, the exchange of information and knowledge sharing are promoted, the quality of economic growth is improved, and the transformation of economic and social development is promoted” (Central Committee and State Council 2006).
The Chinese government aims to become a true and complete ‘Information Society’, the expression of its citizens’ ideas heavily monitored and controlled.
As China’s economy has developed, the internet has become more widely accessible and more heavily used by Chinese citizens. Likewise, the government’s ‘Informatisation Policy’ has become more ambitious and comprehensive.
In 2000, the year China embraced ‘informatisation’, Jiang Zemin (former General Secretary of the Communist Party) outlined the Party’s general digital vision in at least four major speeches in Beijing.[3]
China’s leaders saw ‘informatisation’ as “the main power driving the country’s overall economic and social development” (Qu 2010), but also maintained state security as a high priority in the building of an information infrastructure.
A more detailed presentation of the Party’s approach to ‘informatisation’ came in the National Informatization Plan (NIP) 2006–2020 (Central Committee and State Council 2006) which covered a broad range of policy measures aimed at realising a societal transformation through the promotion of an informational society.
Later state publications have continued along this vein and have outlined highly ambitious plans to be at the frontiers of social and economic organisation within the digital sphere by 2050.
China plans to dominate cyberspace. Its most recent laws prove no exception to this and demonstrate exactly how the Party plans to use ‘informatisation’ to reinforce its political power and will.
China’s New Cybersecurity Law
Given China’s recent history, it is perhaps surprising that the country’s first cybersecurity law was only promulgated in November 2016 (it will come into effect in June of this year).
The People’s Republic of China Cybersecurity Law (中华人民共和国网络安全法) was passed by the Chinese parliament after only its third draft, and ostensibly aims to strengthen domestic networks to combat hackers.
In reality, like much of the legislation and policy pursued by the current General Secretary, Xi Jinping, the new law is an act of protectionism that seeks to reinforce state censorship and internet control.
By Western standards, China’s current levels of censorship and control are extreme: some websites, such as the BBC, Google and Youtube, are permanently blocked, others are selectively filtered; popular Western social media platforms like Facebook and Twitter are not only blocked but have their own Chinese equivalents, Sina Weibo and Wechat; and virtual proxy networks (VPNs) have been progressively restricted.
In terms of content, the Act requires the use of a “network real name system”: users’ must not use usernames different from that in their passport or official documentation, and they must not sign an agreement or confirm the provision of services under an alias.
- If they are found to have done so, network operators cannot provide related services
- personal information and data should be stored in China
- network operators should assist with inspection by relevant departments
- during major emergencies, the state can take “network communication control”.
- Any individual or organization using the Internet must follow existing laws, and must not endanger the ‘security of the network’, infringe national sovereignty or territorial integrity.
The bill requires network operators to: provide services such as network access, domain name registration, fixed-line telephone and mobile phone network access.
Under the Act, an operator of a critical information infrastructure who purchases networked products and services that may affect national security will be subject to a national security review organized by the National Network Information Department and the relevant departments of the State Council.
Personal information and important data collected and generated by operators of key information infrastructures within China shall be stored in-country. The bill also requires that network operators should provide technical support and assistance to public security organs and state security organs in their efforts to safeguard national security and detect crimes.
The Chinese government states that the new law provides for the maintenance of national security and social order, in times of serious emergency and national security needs. Guangdong resident Mr. Li commented:
China’s new “Network Security Law” provides that individuals or organizations outside the country engaged in attacks, intrusion, interference, destruction and other activities against China’s critical information infrastructure, will suffer serious consequences, in accordance with the law; the State Council public security departments and relevant departments may decide to freeze the perpetrators’ assets or use, other necessary sanctions against the individual or organization.
-Blowback-
In August 2016, the American Chamber of Commerce and other 46 national business groups wrote an open-letter to the Chinese Prime Minister, Li Keqiang, calling for the amendment of the draft law. Their view was that the security review of the Chinese authorities would weaken the security of data, and violate WTO rules regarding the use of trade barriers. James Zimmerman, chairman of the China Chamber of Commerce in China, said that some of the rules in China’s new law are too vague and open subjective interpretation.
There have also been called that that law is a further restriction of freedom of speech.
Imprecise language is a common feature of Chinese legislation. Laws are often written in broad, sweeping terms with their enforcement determined by guize (implementing rules) drawn up by relevant ministries.
That said, the implementation of Chinese law is variable at best. To understand the true effect of this legislation it must first be operational; written law and its implementation often have a wide gulf between them in China.
The country’s legal system, completely obliterated in Mao’s era, developed as more of a patchwork and has a long way to go before being a truly effective modern legal system.
In terms of cybersecurity, the new law offers the first legal definition of cyber criminality, despite the state having been strongly focussed on cyber control for decades and codified many well-established practices. For example, Article 50 stipulates that all Internet companies must stop the dissemination of illegal content and comply with regulations concerning online information control, but companies have for years been obliged to do this in order to retain their business licences.
The true effect of the legislation remains to be seen. Much of the new law is a codification of existing surveillance measures and business practices.
This, combined with the fact that there is often a wide gap between Chinese written law and Chinese practice, means that in reality there may be little change.
The law could simply act more as a warning to foreign businesses operating on the Mainland. That said, if the law is applied, it has the potential to stifle not only ‘threatening’ foreign ideas and businesses, but it may also quash domestic innovation and growth in the tech field by placing undue burden on small business enterprises.
What can be said for certain is that the new cybersecurity law is the most recent effort of the Chinese government to cement the regime and its power through the development of Chinese society in the era of ‘informatisation’ and through the increased monitoring of its citizens.
@Emma is a Masters student at the London School of Economics & Political Science. She holds a B.A. in Chinese & Law from SOAS, University of London.
[1] The ‘Chinese Firewall’, as it has become known, is the result of the ‘Golden Shield’ project which uses IP blocking, DNS filtering, URL filtering, packet filtering and SSL attacks to prevent unwanted content from entering China. It was introduced in two phases (1998–2006, 2006–2008) under the direction of Fang Binxing, president of Beijing University of Posts and Telecommunications and a member of the Chinese Academy of Engineering.
[2] The economist, Fritz Machlup (1962), was the first to estimate the financial value of knowledge production in the United States, and its effect on the wider economy. This was an extension of an earlier idea of an “information economy” (sometimes called a “knowledge economy”) and, with various expansions and elaborations from commentaries, proposed that the growth and development of the “information economy” would be as disruptive in social, economic, and political terms as the industrial revolution (see Wiener (1964), for a discussion of the ‘information revolution’; and Masuda (1981) for insight into the rise of the ‘e-democracy’ and the coming of the “computopia”).
[3] The National People’s Congress (NPC), the Chinese People’s Political Consultative Conference (CPPCC) on 3 March, the 16th World Computer Congress on 21 August, and a meeting of the Central Military Commission (CMC) on 11 December.
