In late April, just days after the Commerce Department announced the denial order against ZTE, Xi Jinping, the president of China, gave a major speech laying out his vision to turn his country into a “cyber superpower.” His speech, along with other statements and policies he has made since assuming power, outlines his government’s ambition not just for independence from foreign technology, but its mission to write the rules for global cyber governance—rules that look very different from those of market economies of the West. This alternative would include technical standards requiring foreign companies to build versions of their products compliant with Chinese standards, and pressure to comply with government surveillance policies. It would require data to be stored on servers in-country and restrict transfer of data outside China without government permission. It would also permit government agencies and critical infrastructure systems to source only from local suppliers.
China, in other words, appears to be floating the first competitive alternative to the open internet—a model that it is steadily proliferating around the world. As that model spreads, whether through Beijing’s own efforts or through the model’s inherent appeal for certain developing countries with more similarities to China than the West, we cannot take for granted that the internet will remain a place of free expression where open markets can flourish.
China has been open about its intentions to change how the world addresses development. As part of that vision, for over a decade, it has advocated for something its leaders call “cyberspace sovereignty” as a rebuke to established actors in internet governance like the United States, Europe, and Japan. To advance this model, Xi created a powerful government body to centralize cyber policy. In addition to passing a major cybersecurity law, China has pushed through dozens of regulations and technical standards that, in conjunction, bolster the government’s control of and visibility into the entire internet ecosystem, from the infrastructure that undergirds the internet, to the flow of data, to the dissemination of information online, to the make-up of the software and hardware that form the basis of everything from e-commerce to industrial control systems. In a 2016 speech, Xi called for core internet technologies deemed critical to national and economic security to be “secure and controllable”—meaning that the government would have broad discretion, even without specific written regulations, to decide how it protects information networks, devices, and data.
China’s cyber governance plan appears to have three objectives. One is a legitimate desire to address substantial cybersecurity challenges, like defending against cyber attacks and keeping stolen personal data off the black market. A second is the impulse to support domestic industry, in order to wean the government off its dependence on foreign technology components for certain IT products deemed essential to economic and national security. (In effect, these requirements exclude foreign participation, or make foreign participation only possible on Beijing’s terms.) The third goal is to expand Beijing’s power to surveil and control the dissemination of economic, social, and political information online.