China has proposed its own global data security initiative that focusses on the handling of personal user data, surveillance by foreign actors or states among a slew of other issues. Announced by Chinese Foreign Minister Wang Yi on September 8 in Beijing, the initiative comes as a retort against the United States’ similarly-focussed “Clean Network” initiative that calls on other nations to ringfence their internet infrastructure from Chinese influence.
The initiative proposed 8 principles for nations to follow:
- Don’t engage in activities that undermine other countries’ sovereignty: “States should stand against ICT activities that impair or steal important data of other States’ critical infrastructure, or use the data to conduct activities that undermine other States’ national security and public interests.”
- Oppose mass surveillance against other countries: “States should take actions to prevent and put an end to activities that jeopardize personal information through the use of ICTs, and oppose mass surveillance against other States and unauthorized collection of personal information of other States with ICTs as a tool.”
- Data generated by companies should be stored in the country where it is collected: “States should encourage companies to abide by laws and regulations of the State where they operate. States should not request domestic companies to store data generated and obtained overseas in their own territory.”
- Don’t hack into data located in other countries: “States should respect the sovereignty, jurisdiction and governance of data of other States, and shall not obtain data located in other States through companies or individuals without other States’ permission.”
- Cross-border access to data for law enforcement purposes should be given on the basis of bilateral/multilateral treaties that does not affect the security of a third state: “Should States need to obtain overseas data out of law enforcement requirement such as combating crimes, they should do it through judicial assistance or other relevant multilateral and bilateral agreements. Any bilateral data access agreement between two States should not infringe upon the judicial sovereignty and data security of a third State.”
- Companies must not install backdoors in their products: “ICT products and services providers should not install backdoors in their products and services to illegally obtain users’ data, control or manipulate users’ systems and devices.” The phrasing of this particular principle suggests that if a law allows companies to install backdoors, it may be permitted.
- Planned obsolescence should be discouraged and companies should disclose security vulnerabilities to users: “ICT companies should not seek illegitimate interests by taking advantage of users’ dependence on their products, nor force users to upgrade their systems and devices. Products providers should make a commitment to notifying their cooperation partners and users of serious vulnerabilities in their products in a timely fashion and offering remedies.”
- Countries should maintain open and secure supply chain of ICT products and services: “States should handle data security in a comprehensive, objective and evidence-based manner, and maintain an open, secure and stable supply chain of global ICT products and services.“
Some of these principals are tinged with irony given the nation that has proposed them. For instance, China and its military personnel have been directly and indirectly accused of carrying out cyberattacks against multiple countries and their critical infrastructure including Australia, and USA (for hacking into Equifax, multiple American companies, etc.).
Sceptre of USA looms large on the announcement
“Bent on unilateral acts, a certain country keeps making groundless accusations against others in the name of ‘clean’ network and used security as a pretext to prey on enterprises of other countries who have a competitive edge. Such blatant acts of bullying must be opposed and rejected,” Wang said in a thinly-veiled reference to American government’s criticism of Chinese-owned TikTok, subsequent effective ban on the app through two executive orders by US President Donald Trump, and change in undersea cable plans that were intended to connect the US and Hong Kong.
This reference to the “cleanliness” of networks comes from the Trump administration’s Clean Network program that wants to protect USA’s “most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party”. The aim of the program is to purge American telecommunications and ICT infrastructures of any Chinese hardware and software. “Untrusted IT vendors will have no access to US State Department systems. We will follow the letter of the law to ensure that we have a clean path for all 5G network traffic coming into all of our facilities. Period. We will keep doing all we can to keep our critical data and our networks safe from the Chinese Communist Party,” US Secretary of State Mike Pompeo had said. India’s Jio is recognised as a 5G Clean Telecommunications Company under this program.
That wasn’t the only time USA was alluded to. Wang also said, “Protection of digital security should be based on facts and the law. Politicization of security issues, double standards and slandering others violate the basic norms governing international relations, and seriously disrupt and hamper global digital cooperation and development.”
And USA is not the only nation that is wary of compromised infrastructures caused by Chinese interference. The EU, United Kingdom and India have, in varying degrees, also put or contemplated putting restrictions on use of technology from Chinese companies such as Huawei and ZTE in their 5G plans.
China decries economic ‘protectionism’ in the digital domain
In an ironic statement, Wang said that while it is important for countries to have the “right to protect data security according to law” for growth of their digital economy, they are also “duty-bound to provide an open, fair and non-discriminatory environment for all businesses” since “protectionism in the digital domain runs counter to the laws of economic development and the trend of globalization”. “Protectionist practices undermine the right of global consumers to equally access digital services and will eventually hold back the country’s own development,” he said.
China strictly controls access to the internet within its territory through what is colloquially called the Great Firewall of China, a set of technological, legal and law enforcement practices that disable access to a number of websites that the Chinese government has deemed unfit for its residents. Blocked websites include Google search, Facebook, Twitter, Wikipedia, and websites of a number of non-Chinese media organisations.
It recently blocked all web traffic in the country that uses TLS 1.3 to encrypt web traffic so that it could continue to monitor who accessed what and what kind of content was shared across its own internet.