A guest post by Scott Livingston.
It has been a difficult few weeks for global technology companies operating in China.
Chinese officials strengthened the Internet firewall by blocking the use of virtual private networks (VPNs), reasserted demands that web users register their real names, and issued a new regulation requiring enhanced scrutiny of imported IT products in the financial industry. In response, a consortium of 17 trade groups wrote U.S. trade officials urging them to resist China’s new cybersecurity policies.
But while U.S. tech firms are right to be concerned about their present treatment in China, they should understand that China’s maneuverings are rooted in its new embrace of “cyber-sovereignty,” a principle that holds that national governments should have the right to supervise, regulate, and censor all electronic content transmitted within their borders. China’s push to practice this principle at home and abroad brings with it the promise of substantial new opportunities for global tech firms operating in China, even as it challenges long-held Western assumptions about a free and democratic Internet.
Cyber-Sovereignty and Global Internet Governance
Cyber-sovereignty (“wangluo zhuquan” or “internet sovereignty,” as it is sometimes translated) emerged as a foundational policy following an administrative realignment that occurred in the wake of Edward Snowden’s revelations that the U.S. had been snooping into Chinese cyber networks for years, often through third-party technology.
In response to these revelations, China reacted to the new threat by centralizing Internet policy in two high-level organs: a Communist Party “Central Leading Group for Cyberspace Affairs” chaired by President Xi Jinping and tasked with drafting “national strategies, development plans, and major policies”; and a State Internet Information Office (SIIO), led by Lu Wei, and apparently tasked with promulgating these policies to lower-ranking ministries. (In addition to his position as Director of SIIO, Lu is also the Director of the General Office of the Central Leading Group for Cyberspace Affairs, and thus clearly has the ear of President Xi.)
The concept of cyber-sovereignty began to appear in China’s political discourse shortly following this administrative reshuffling. Since last summer, it has become a near-ubiquitous component of Chinese comments delivered to overseas audiences on the subject of Internet management.
To date, the most high-profile political benediction for this principle has come from President Xi in official comments made at two international forums. At a speech to Brazil’s National Congress in July 2014, Xi asserted that “Internet technologies must not be used to violate cyber-sovereignty.” In November, at the inaugural China-hosted World Internet Congress, Xi wrote a welcoming letter to attendees stressing that China was willing to work with other countries to build an Internet founded on “respect for cyber- sovereignty and the upholding of cyber-security.”
These remarks have since been synthesized by Chinese media, with the online arm of China Radio International noting that President Xi’s conception of cyber-sovereignty “has two levels of significance: an internal component where each government has the right to develop, regulate, and manage its domestic Internet in line with its national independent autonomy; and an external component involving the right to defend its Internet from foreign intrusion and attack.”
The importance of cyber-sovereignty as a guiding principle for China’s leaders was further demonstrated by an incident at the close of the aforementioned World Internet Congress. There, conference attendees, including representatives of the world’s leading technology companies, received a last-minute nine-point “draft declaration” placed under their hotel room doors at midnight, with comments due back by 8 a.m. The communiqué included a commitment to respect “the Internet sovereignty of all countries.” After conference attendees refused to accept China’s last-minute gambit, the issue was quietly tabled. However, word of this refusal must not have reached the editors of China Daily, whose headline proclaimed “Key Internet Leaders Agree on Cyber Sovereignty, Security” in a story posted online the next day. The article’s claims that conference attendees had agreed at the closing ceremony “to respect Internet sovereignty” was sharply disputed by The Wall Street Journal, whose own account of the proceedings reported “[cyber-sovereignty] was left unmentioned in the final speeches.”
Of course, given that China is the country with the world’s largest Internet population (649 million Chinese were online at last official count in February), we should not be surprised it insists on a seat at the table of global Internet governance. Indeed, the world should welcome China’s desire to engage. But China’s conception of cyber-sovereignty is nothing less than a sharp realignment of the traditional conception of the Internet promoted in the developed world, from an open platform regulated by a diverse array of stakeholders, to one fragmented by national boundaries and regulated piecemeal by national governments. Under the Chinese conception of “cyber-sovereignty” all forms of national censorship are equivalent. Whether a German ban on hate speech or a Chinese ban on any content “disrupting social stability,” each prohibition stems from specific national and cultural conditions—as determined by their governments—and therefore is equally valid.
Though there are certainly merits to this idea, China has yet to argue convincingly how such a multilateral approach improves upon the current multi-stakeholder model. Unsurprisingly, it also hasn’t addressed the risk such a scheme poses for citizens of non-democratic governments. Nevertheless, China’s emphasis on the principle of cyber-sovereignty appears to have become a central part of its international engagement—one we will likely see more of in the coming years. Ultimately, this will pose a challenge to the democratic Internet as a platform for many of the values Westerners long have viewed as universal.
What Cyber-Sovereignty Means for Global Technology
While China’s cyber-sovereignty push poses challenges for global Internet governance, it also may conceal something of a silver lining for global technology firms wishing to operate in China. The consolidation of Internet rulemaking in bodies such as the Central Leading Group for Cyberspace Affairs and the SIIO, represents a fundamental change from China’s previous patchwork online governance, suggesting that Internet regulations soon will be developed in a more coordinated manner. Further, the positioning of these organs near the apex of China’s leadership hierarchy means China’s top leaders will be able to pursue fundamental reform of national Internet regulations in line with those principles that they view as most essential to China’s future development.
Recent activity indicates that top officials are comfortable with furthering market openings provided they meet the two conditions of cyber-sovereignty. First, imported investment or products must not pose a threat to China’s cybersecurity (hence the recent regulation requiring security checks on IT products delivered to Chinese banks); and, second, global technology companies must adhere strictly to Chinese laws and regulations. They may not, for instance, employ VPNs that weaken the the firewall.
Several recent legislative developments suggest that Chinese leaders are in the process of opening the domestic market:
Chinese officials already loosened certain Internet restrictions in the newly-established Shanghai Free Trade Zone, which now allows wholly foreign-owned enterprises to operate nationwide e-commerce businesses from within the zone. To date, Amazon has been the most high-profile foreign technology firm to set up operations there. As the Shanghai Free Trade Zone is intended as a testing ground for national reforms, its relatively relaxed treatment of foreign investment in general, and ecommerce in particular, suggests further national liberalization.
In November 2014, China’s National Development and Reform Commission solicited public opinion on a draft revision of China’s Catalogue of Industries for Foreign Investment, the list that says where overseas money will be welcomed and where it will be rebuffed. Replicating the aforementioned reforms of the Shanghai Free Trade Zone, the draft would, if promulgated in its present form, remove the present 50% cap on foreign ownership of e-commerce businesses nationwide. The drafted revisions to the Catalogue also place venture capital on its “encouraged industries” list.
In late January 2015, the Ministry of Commerce issued a draft Foreign Investment Law that would likely stop future use of the Variable Interest Entity (VIE) structure under which many overseas and domestic investors long have skirted China’s traditional restrictions on non-Chinese ownership of online businesses (VIEs presently in existence would be grandfathered in). Such a move seems at first to be a further crackdown on foreign market entry, but, seen in the context of China’s cyber-sovereignty push, it could also signal that China is preparing to liberalize its licensing of joint-venture Internet companies—companies operating online businesses that require a local partner—by ensuring that no loopholes exist for overseas technology firms to work around existing equity and control requirements.
In addition to these regulatory developments, comments from China’s officials and state media indicate that they already may view overseas investment into China’s Internet market as inevitable. In an op-ed published in the Huffington Post, entitled “Cyber Sovereignty Must Rule Global Internet” China’s cyberspace czar Lu Wei alluded to the core conception of cyber-sovereignty in comments suggesting that overseas firms would be permitted to do business in China provided they obeyed Chinese law:
U.S. companies operating in China show that those who respect the Chinese law can seize the opportunity of China’s Internet innovation and create immense value, while those who chose opposition will be isolated by themselves and finally abandoned by the Chinese market.
This theme was picked up in a recent op-ed in the government-run newspaper Global Times: “… we can be sure that US Internet giants such as Google will not stay away from the Chinese market forever. We think the Firewall is a stopgap arrangement, whose function will diminish as Chinese cyberspace becomes more developed.”
These comments, directed at an international audience, support China’s fundamental principle of cyber-sovereignty and hint at a wider opening to foreign tech firms once China has perfected its legal framework for Internet business ownership. The ability of companies such as Amazon, LinkedIn, and Evernote to do business in China provides further support for the idea that global technology firms can serve Chinese consumers provided they operate in strict compliance with Chinese laws and regulations. Officials in Beijing certainly are not blind to the benefits such companies can bring China’s citizens.
To be sure, any further openings to foreign technology firms will not immediately end the challenges global firms face in China. Following the Snowden revelations, we can expect China to continue to exercise increased scrutiny over products from the world’s largest technology companies, in particularly those providers of backbone network hardware. Foreign companies must also cope with the persisting vagueness of China’s still-developing rule of law and the substantial discretion afforded administrative authorities to interpret that law in an ad hoc manner. But with China’s own technology capability growing at a phenomenal rate, we can take comfort that China has a shared interest in ensuring open communication and trade in the sector, and it seems likely that smaller technology firms in the U.S. and elsewhere may be willing to follow China’s cyber-sovereignty principles and design content and services that adhere to Chinese law, potentially heralding a new era of foreign investment in China’s Internet. Silver linings in dark clouds often disappear, but global technology firms able to wait out the stormy formation of China’s new Internet policy may, in the end, see some rain.