Cybersecurity with (Dominant) Chinese Characteristics
China’s newly enacted Cybersecurity Law covers a broad range of industries that are occasionally outside of the internet or information security industry. The data and information subject to regulatory control are also wide-ranging. Moreover, concerns have been raised that the government may use the law and the notion of cybersecurity to conduct surveillance, to acquire confidential information held by the private sector, or block market access. Therefore, the law seems to have extended beyond the aim of ensuring cybersecurity.
One may argue that the Chinese government actually intends to use the new law to fulfill its political agenda rather than protect its cybersecurity. However, the far-reaching scope of the Cybersecurity Law can also be explained by understanding how China’s conception of cybersecurity differs from that of the western world. The western idea of cybersecurity places a greater emphasis on technical threats, whereas the Chinese notion of cybersecurity prioritizes ideological threats. In addition to the security of networks and information systems, China’s cybersecurity policy also covers censorship and “properly guiding internet opinion.” The inclusive view of cybersecurity is essential to understanding China’s approach to relevant legislation and policy. The country’s unique regulatory mindset explains why President Xi Jinping has associated cybersecurity with a healthy internet culture. In a white paper published by China’s State Council Information Office in 2010, the government asserted that part of its policy goals to protect cybersecurity—or internet information security—is to eliminate all online content that can be described as,
being against the cardinal principles set forth in the Constitution; endangering state security, divulging state secrets, subverting state power and jeopardizing national unification; damaging state honor and interests; instigating ethnic hatred or discrimination and jeopardizing ethnic unity; jeopardizing state religious policy, propagating heretical or superstitious ideas; spreading rumors, disrupting social order and stability; disseminating obscenity, pornography, gambling, violence, brutality and terror or abetting crime; humiliating or slandering others, trespassing on the lawful rights and interests of others; and other contents forbidden by laws and administrative regulations.
This statement clearly reflects China’s perspective on cybersecurity, which concerns the maintenance of social stability, state power, and national unification.
The unique Chinese approach to cybersecurity can also be found in the International Code of Conduct for Information Security proposed by China, Russia, Tajikistan, and Uzbekistan at the United Nations General Assembly in September 2011. In order to maintain global information security, the code asked countries to collaborate to combat “criminal and terrorist activities” which include “curbing dissemination of information which incites terrorism, secessionism, and extremism or undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment.” Although the proposed code was rejected by the US, the wording used in the code clearly reflected China’s perception of cybersecurity as encompassing content control and supporting an ideology that maintains social stability.
Some similar requirements in the Cybersecurity Law include the network operators’ real-name registration obligation through which the government has connected cybersecurity to a healthy internet environment in which rumors, vulgarity, and other unhealthy information should be eliminated. The Cybersecurity Law also comprises a child-safety protection clause that has rarely been seen in cybersecurity legislation in other countries. Moreover, the prohibited behaviors threatening cybersecurity in the law include,
using the network to engage in activities endangering national security, national honor and interests, inciting subversion of national sovereignty, the overturn of the socialist system, inciting separatism, undermining national unity, advocating terrorism or extremism, inciting ethnic hatred and ethnic discrimination, disseminating violent, obscene or sexual information, creating or disseminating false information to disrupt the economic or social order, as well as infringing on the reputation, privacy, intellectual property or other lawful rights and interests of others, and other such acts.
Since the law came into effect, much attention has focused on its provisions governing content control and newly released regulations, such as the Internet News Service Management Regulations and Regulations for Internet Content Management Administration Law Enforcement Procedures. China’s attempt to purify online content through its Cybersecurity Law is evidenced by the Cyberspace Administration of China (CAC) recently imposing huge fines on the country’s three major internet companies—Tencent, Baidu, and Sina. The three internet giants were held to violate the Cybersecurity Law because they failed to properly manage their social media platforms as some users “spread information of violence and terror, false rumors, pornography, and other information that jeopardizes national security, public safety, and social order.” In sum, the excessively broad range of behaviors regulated by the Cybersecurity Law definitely extends far beyond the scope of what is perceived as constituting cybersecurity in most other countries.
Therefore, any online behavior or information that may endanger social or political stability will be viewed as a threat to cybersecurity, and the concept of cybersecurity in China consequently is much broader than that in the western world. With its ties to ideology and social stability, the Cybersecurity Law should be understood alongside other internet regulations and the Great Firewall in China. For the Chinese authorities, both restricting the free flow of information and protecting cybersecurity help to maintain social and political stability, which helps strengthen the Chinese Communist Party’s ongoing control of the state.
Jyh-An Lee, Hong Kong