The showdown between China and the United States over telecommunications technology is about much more than just security.
- By Adam Segal<p> Adam Segal, the Ira A. Lipman Senior Fellow at the Council on Foreign Relations, writes for the Asia Unbound blog. Follow him on Twitter @adschina. </p>
On Oct. 8, the House Select Intelligence Committee released a report on the cybersecurity threat posed by China’s Huawei and ZTE, the world’s second- and fourth-largest telecommunications suppliers. The report, which described the companies as potential espionage risks and asked the U.S. government and U.S. firms to refrain from doing business with them, drew an angry response from Chinese media: Xinhua, China’s state news agency, called its conclusions "totally groundless" and arising out of "protectionism"; the nationalistic tabloid Global Times said the United States is becoming an "unreasonable country"; and the state-run English language newspaper China Daily labeled the accusations "unreasonable and unjustifiable." But the fear of vulnerability from foreign technology, whether reasonable or not, is as present in China as it is in the United States — now more than ever.
The threats China sees from dependence on foreign telecommunications, software, and hardware suppliers echo many of the concerns raised in the House report: both countries fear that dependence on foreign technology makes them vulnerable to spying and threatens network security and economic development. According to an April 2012 article in Outlook Weekly, a Xinhua publication, 90 percent of China’s microchips, components, network equipment, communications standards and protocols, as well as 65 percent of firewalls, encryption technology, and 10 other types of information security products rely on imported technology. Foreign producers also dominate the market for programmable logic controllers, devices used to control manufacturing and other industrial processes. As a result, "all core technologies are basically in the hands of U.S. companies, and this provides perfect conditions for the U.S. military to carry out cyber warfare and cyber deterrence," according to a January article in the military newspaper China Defense.
Beijing has long strived to limit the use of foreign technology and develop indigenous alternatives. The "Regulations for the Administration of Commercial Encryption," implemented in 1999, require government approval for the manufacturing, sale, use, import or export of any product containing encryption, restricting the use of foreign encryption technology within China. Introduced in 2007 by the Ministry of Public Security, the "Multi-Level Protection Scheme" prohibits non-Chinese companies from supplying the core products used by the government and banking, transportation, and other critical infrastructure companies. And the May 2010 Chinese "Compulsory Certification for Information Security Scheme" forces foreign companies wishing to sell to the Chinese government to disclose their intellectual property for security products.
But it’s China’s over-reliance on pirated goods that makes it extra-susceptible to security breaches. Chinese software companies have been unable to develop competitive products, and as a result Chinese users pirate software from foreign companies. Because stolen software is not updated automatically by the producer, and users rarely patch on their own, it’s easier to hack. In October 2008, when Chinese users with pirated copies of Windows on their computers downloaded a new Windows upgrade, their screens went black. The blackout screen could be turned off but returned every hour with a reminder to buy legitimate products. Chinese netizens were enraged at the intrusion, and many Chinese policymakers were suddenly presented with the unpleasant truth that a U.S. company was controlling computers inside their country. As Tang Lan, an expert in information security at the China Institute of Contemporary International Relations, wrote in a February 2012 article in China Daily about the incident, "It’s right to attack piracy, but the incident also exposed China’s online vulnerability to high-tech intrusion from overseas."
Beijing has been working to reduce the use of pirated software, especially in government offices. As part of a 2012 national anti-piracy campaign, the government spent $156.9 million on legitimate operating system licenses, office software, anti-virus, and other special-purpose software. Overall, the proportion of China’s personal computers with pirated software installed fell from 92 percent in 2003 to 77 percent in 2011. Government ministries and state-owned industries, however, are still not immune to the lure of pirated software: In September 2012, Microsoft asked the Chinese government to stop the country’s largest energy company, China National Petroleum Corporation, and three other state-owned enterprises from using pirated software.
Chinese analysts also worry that as the People’s Liberation Army becomes increasingly dependent on computer and communication networks, it will become more vulnerable to cyberattacks. As evidence of the threat, Science and Technology Daily, the official newspaper of China’s Ministry of Science and Technology, claimed in an Oct 14 article that the United States sold virus-laden computers to Iraq via France prior to the Gulf War in order to paralyze its air defense system (an allegation that has never been confirmed). The article says the result was a "soft knife without spilling blood" — meaning an attack that causes undetectable harm, and implies that the United States could perform a similar attack against China. The Stuxnet virus, which the United States and Israel reportedly used to attack the Iranian nuclear program, has reinforced the Chinese perception of vulnerability and of the United States’ willingness to use cyber weapons.
Foreign attacks on China’s networks could also threaten domestic stability, the maintenance of which is Beijing’s top priority. China must have its "own discourse on cyberspace," wrote Liu Zengliang of Beijing’s National Defense University in an August 2011 cover story in the state-owned People’s Tribune, and so must master the "integrated trio of video, voice, and data" and fully exploit technology like cellphones, blogs, podcasts, and microblogs to disseminate its message and restrict foreigners from influencing public opinion within China. A December 2011 article on the military website China Military Online argues that "online games, online shopping, and online movies, etc., which represent new online industry models, are also influencing people’s lifestyles and systems of values, and are becoming important components in seizing strategic high ground for the dissemination of information online." The goal is not only to block Twitter, Google, and other foreign social-networking sites, but to ensure that the hardware and software that enables their Chinese competitors is also secure.
Keeping out foreign companies and growing domestic ones also helps China avoid a technology trap, where Chinese producers dominate at the labor-intensive, low-value end of production while paying expensive royalties to Japanese, European, and U.S. patent owners.
The House report will likely reinforce the existing policy dynamic of distrust and protectionism, instead of a cooperative and transparent inspection process for information technology that would be beneficial for both countries. Chinese entrepreneur and activist Fang Xingdong argues in an October article in the technology journal Communications Weekly, that China’s response to the House report should be to "study the United States and establish an even more open, fair, and impartial security investigation mechanism so that we can use their standards to protect the interests of Chinese companies."
The Chinese government is unlikely to follow Fang’s advice and the House report dismisses suggestions for a global, transparent inspection system as insufficient and overly complicated. The result: a wave of protectionism that harms both sides.