China is quickly becoming one of the most important drivers of technology around the world—their huge market for products as well as their immense purchasing power keep them near the top of the list of countries that are able influence tech companies. China flexed its bargaining muscles recently by distributing a “pledge of compliance” to a number of large American tech firms, and the terms of that pledge are worrying.
“Secure and Controllable”
The pledge contained a number of points, but there are two that analysts have focused on. The first point requires that all data collected in China must stay in China—it will be housed on servers within the country, and won’t be stored out of the country without the permission of the user and relevant authorities. That puts a lot of data a lot closer to the Chinese government.
The second, more notable, point is this; companies will be required:
to cooperate with third-party institutions for assessment and verification that products are secure and controllable and that user information is protected etc. to prove actual compliance with these commitments.
The phrase “secure and controllable” has people worried. Will companies who take this pledge essentially be agreeing to insert backdoors or other security measures that would allow government agencies to collect user data, spy on citizens, or engage in other nefarious activities?
Of course, there’s no guarantee that this is what China has in mind. “Secure and controllable” could just mean that they want to make sure that software can’t be used for illegal purposes and that it could be shut down if it’s used for perpetrating crimes. There’s just no way to know at the moment. Both Chinese government agencies and companies who received the pledge have been tight-lipped about the whole thing.
A History of Control
This new move to exert more control over foreign tech companies isn’t really a surprise; China has long tried to take advantage of its bargaining power to bend tech giants to their will. According to the Harvard Business Review, China has been known to:
limit investment by foreign companies as well as their access to China’s markets, stipulate a high degree of local content in equipment produced in the country, and force the transfer of proprietary technologies from foreign companies to their joint ventures with China’s state-owned enterprises . . . put[ting] CEOs in a terrible bind: They can either comply with the rules and share their technologies with Chinese competitors—or refuse and miss out on the world’s fastest-growing market.
The amount of cooperation between American companies and (mostly state-owned) Chinese companies grows all the time—Dell just announced significant partnerships with Kingsoft and China Electronics Corporation, a government-owned company. Dell already spent close to $20 billion annually over the past few years in China, and plans on spending another $125 billion over the next five years.
The Wall Street Journal reports that Dell has been working with another state-owned Chinese company to develop high-performance servers, that it’s switched 40% of the computers that it sells in the country to a Chinese operating system co-developed by the ministry of defense, and that it’s been assisting another public company that creates tech for the government.
There are other examples that indicate China might be trying to enlist foreign companies in its surveillance and censorship efforts. Earlier this year, the Chinese government started requiring that companies selling computer equipment to banks meet strict requirements that include submitting source code, being audited, and installing security backdoors. Legislation proposed earlier this year would have forced foreign companies to sell controlling stakes to Chinese nationals, bringing more technical know-how and industry-leading tech under the purview of the government.
A Rock and a Hard Place
Unfortunately, China seems to be at least relatively successful in its efforts to exert control over the global technology market and use it to tighten its grip on the “Chinese internet.” In its quest to be a driver of innovation—and get more of its own products into the hands of consumers in China and around the world—the Chinese government has taken many bold steps that, according to some US government officials, amount to protectionism, a policy that clashes with the capitalistic ideal of free trade.
But there are 1.3 billion people in China, and US tech companies need to make money. What are they going to do? They’re stuck between a rock and a hard place. Become complicit in Chinese surveillance, hand over trade secrets due to new legislation, or lose a significant portion of the world’s population as potential customers. Capitalism strongly encourages the former.
And why not? Many of these companies have been dealing with the US government for years, and we now know that many of them handed over data when asked. PRISM, Xkeyscore, and other domestic surveillance programs rely on, if not the cooperation of corporations, at least the general ambivalence. Of course, the US doesn’t have the history of human rights abuses that China does, but it’s easy for companies to deny their role in any of those goings-on.
What You Should Know
It’s important to keep a close eye on how American tech firms react to the proposed pledge of compliance from Beijing. If they agree, and keep doing billions of dollars of business in China, they could become complicit in the state-sponsored domestic espionage and censorship that China is known for. If they refuse, they could face sanctions that could put a big damper on their profits, possibly affecting how they do business in the future.
If companies do hand over the keys to the security in their software and hardware, it may set a precedent that’s very hard to rescind. And because it would be very costly to develop multiple sets of security—one for China’s surveillance-happy government and another for everyone else—cooperating with Beijing could make a lot of people nervous about the security of their equipment going forward. It’s bad enough that US companies have been complicit in US spying, but if they begin to deal with China in the way that’s proposed in the aforementioned pledge, we may have to worry about additional security loopholes.
The actions that US companies take in response to this push by the Chinese government should be very enlightening about where their priorities lie and how they respond to their stakeholders, as people with vested interests are likely to have an opinion about how this situation should be dealt with. It’s going to be an interesting few months while this is under discussion.
What do you think US companies should do? Would you be worried about your own security if they assisted the Chinese government in spying on their own citizens? Share your thoughts below!
Explore more about: Online Security.