New America
Cybersecurity Initiative

DigiChina Digest – April 2019

Blog Post
By 

Katharin Tai

 and 

Graham Webster

April 19, 2019

The DigiChina Digest includes exclusive new content and news tracking from Chinese-language sources on digital policy in China, as well as the latest from our collaborative translation and analysis work. The Digest is produced in partnership with our colleagues at the Leiden Asia Centre. This edition was compiled by Katharin Tai and Graham Webster.

Please encourage anyone interested to subscribe at DigiChina's main page.

RECENTLY FROM DIGICHINA

Three Chinese Digital Economy Policies at Stake in the U.S.–China Talks

Chinese negotiators long reportedly sought to keep key digital economy issues off the table in U.S.–China talks. As the negotiations move toward a likely conclusion, however, some of those issues have made it onto the agenda. DigiChina outlines three policy areas now at issue—how China defines "critical information infrastructure" in the Cybersecurity Law regime, how data flows across borders will be regulated, and market access and rules in the cloud services sector. In each case, elements of China's regulatory regime remain uncertain, providing room for maneuver. [Read more.]

Chinese Regulators Launch 6-Month 'Special Action' Against Personal Information Violations (Translation)

The State Administration for Market Regulation (SAMR) announced a six-month enforcement "special action" targeting personal information practices in industries ranging from real estate to mobile apps. SAMR's notice directs local authorities at different levels of government to formulate plans, conduct investigations, and report enforcement actions pursuant to the Consumer Rights Protection Law, the E-Commerce Law, and the Cybersecurity Law, among other authorities. [Read the translated notice.]

DIGICHINA DIGEST EXCLUSIVE

'A Discussion of Chinese Core Technology Breakthroughs in Light of U.S. Containment of Chinese Technology'

Zhang Shu, a researcher at the China Information Technology Security Evaluation Center (CNITSEC), writing in China Information Security, lays out an analysis of U.S. “containment” strategies in technology. Zhang accuses the U.S. government of using national security as an excuse to cause “friction in the China–U.S. technology relationship,” for example by blocking Chinese companies from the U.S. market, expanding national security reviews through the Committee on Foreign Investment in the United States (CFIUS), placing all Chinese students and researchers under suspicion, and pressuring allies across the world to take a side.

One of the main motivations for this strategy, Zhang writes, is that the United States “sees core technologies as an optimal barrier for obstructing China’s rise.” What makes China so vulnerable to this strategy, according to Zhang, is the country’s dependence on high-tech imports of core technologies, a fact that is “difficult to change in the short-term.”

China needs to address this weakness unless it wants to remain at constant risk of ending up in a U.S. “stranglehold,” where the U.S. government can paralyze the Chinese technology sector by leveraging its influence over the supply chain of strategic core technologies such as computer chips. (DigiChina covered a related view a year ago when Chinese leader Xi Jinping emphasized "indigenous innovation" in core technologies amidst the possibility that the IT company ZTE would lose access to U.S. components.)

To address this challenge, Zhang suggests preparing for a “long-term competition,” promoting openness, and implementing extensive domestic reforms in “policy, use, production, education and research” (“政用产学研”). [Read the full article in Chinese.]

Foreign Ministry Criticizes Australian 'Backdoor' Law in Language Resonant With China's Own Challenges

Foreign Ministry spokesperson Lu Kang took on Australian cybersecurity legislation passed in December that "requires that companies provide a way to get at encrypted communications and data via a warrant process," according to Ars Technica.

Lu said: "Forcing companies to install 'backdoors' through legislation means protecting one's own security and interests at the expense of other countries' security and their people's privacy. … It is baffling how the country concerned could whip up 'security threats' posed by other countries or companies with trumped-up charges under the facade of cyber security while engaging in acts that endanger cybersecurity themselves. … China again urges relevant countries to provide a fair, just, and non-discriminatory business environment for companies of all countries, including China."

Lu's criticism is strikingly similar to concerns many governments and companies have about Chinese cybersecurity governance. Indeed, Peking University scholar Hong Yanqing published a detailed analysis of the Australian law, concluding that "what worries the Australian tech industry the most is that passage of [the law] will lead other countries to worry about their products and services, causing them troubles similar to Huawei's and preventing entry into the international market."

BRIEFLY NOTED

Foreign Ministry Criticizes Australian 'Backdoor' Law in Language Resonant With China's Own Challenges

  • The Cyberspace Administration of China published a list of 197 "Domestic Blockchain Information Services" providers that registered pursuant to a new requirement. The list included Alibaba-linked Ant Financial, JD.com, and a number of other prominent firms.
  • Echoing the themes in Zhang Shu's article discussed above, Chinese Academy of Engineering Academician Li Jiancheng argued that "Critical and core technology cannot be bought. Only through self-reliance can we stand on solid ground, posting achievements one step at a time." Li emphasized the need for secure and controllable semiconductors and core software. [People's Daily]
  • The cybersecurity company Qihoo 360 released a report on security challenges related to next-generation 5G wireless. A summary of the report begins by laying out potential security advances of 5G, such as increased privacy and consumer protection, lower risk of fraud, increased security for connections between operators, and better ability of Internet of Things applications to withstand denial of service attacks. The authors list six challenges: 1) Since current 5G tests still use existing 4G networks, 5G-specific security features are purely theoretical for the near future; 2) ultra-reliable low-latency services, which might be used for self-driving cars or remote medicine, create new vectors of attack; 3) the prospective use of 5G networks in important areas such as core infrastructure will make them a high-value target for hackers; 4) network slicing technology creates new security challenges; 5) the problem of fake base stations remains unresolved; and 6) 5G will come with higher requirements for consumer privacy protection. [More from Qin An Strategy on WeChat]

About DigiChina

The DigiChina project is a collaborative effort to understand China’s digital policy developments, primarily through translating and analyzing Chinese-language sources. DigiChina is supported through a partnership with the Ethics and Governance of Artificial Intelligence Initiative of the MIT Media Lab and Harvard's Berkman Klein Center.

About New America

New America is dedicated to renewing America by continuing the quest to realize our nation's highest ideals, honestly confronting the challenges caused by rapid technological and social change, and seizing the opportunities those changes create.