Written by Niels Nagelhus Schia and Lars Gjesvik.

This continues from part 1.

International responses to China’s use of the concept of cyber sovereignty.

The international responses to China’s attempts to apply the cyber sovereignty concept in practice have been overshadowed in the west by Chinese industrial espionage and hacking, even though the former might have far greater importance in the future. However, the concept has drawn more attention over the last year, with the U.S. expressing concerns that China uses its policies as a cover for censorship, protectionism, and espionage. A statement noted the concerns, claiming that “In June 2015, China passed the National Security Law with the stated purpose of safeguarding China’s security, but it included sweeping provisions addressing economic and industrial policy. China also drafted laws relating to counterterrorism and cybersecurity in 2015 which, if finalized in their current form, would also impose far-reaching and onerous trade restrictions on imported ICT products and services in China.”

The introduction of legislation that allows the government enhanced control over the Internet is not, however, exclusive to China or other authoritarian regimes. While the usual suspects, such as Russia, Iran and Saudi-Arabia have taken steps in that direction, European countries such as Poland, Hungary and the UK have as well, indicating that the clear democracy-dictatorship divide might not be as prevalent as it seemed just a few years ago. The approach is also popular with developing countries, who see themselves at a digital disadvantage and vulnerable to globalization. This is not to say there isn’t still a distinct line between the countries that seek an open Internet and the ones that want it under stricter control, but the gap might in some areas be closing. Some issues, such as companies aiding the government when requested, are high on the agenda in the US as well. An example of this is the FBI-apple case, where the agency wants the company to aid in hacking the phone of an arrested terrorist. American companies have also increasingly turned to the government to protect them from foreign intrusion into their networks.

The reaction to the Chinese concept has been met with strong scepticism by some NGOs. Before the 2015 World Internet Conference, Amnesty International called on companies to make a stand and denounce the Chinese position, stating that talks about sovereignty were an “all-out assault on internet freedoms.” Freedom House has consistently ranked China as one of the worst, and sometimes the worst, with regards to internet freedom. The strategy of pursuing cyber sovereignty, and the ways it is applied, has been credited as the main factor for why China is considered worst in class.

The scope and size of the Internet makes it impossible for one actor to manage, and the result is a multitude of interests, actors and ideologies that are frequently colliding. The result can potentially be one of mutually beneficial competition, or the friction can turn into damaging conflict. Going into 2019 the main issue might be which force proves the strongest: the mistrust and conflict between the US and China, or their interconnectedness and mutual dependence.

The use of cyber sovereignty in diplomacy, and how China utilizes it to escape from western cyber dominance.

The Chinese position in international diplomacy has changed from a more passive and reactive approach in the past to the current which is largely proactive and seeks to use its influence to shape the global agenda. The Chinese tactics for furthering their aims can be summarized as leveraging their large user community to gain concessions, build and support domestic companies, advocate the concept of cyber sovereignty in international fora and construct information networks in the developing world. Another important, and unorthodox, tool has been a swarming of the agenda. The prime example of this tactic is the 2015 meeting of the Internet Engineering Task Force, where China sent 40 representatives and most western countries one or two.

The final part of this strategy involves building coalitions and partnerships to counter the US perceived dominance in the field. Traditionally the concept of cyber sovereignty was linked to the more repressive of the middle eastern regimes, and as such, it did not have a great standing in the wider world. China adopting the agenda was a landmark as it marked the first time a major power supported the idea. Other leading authoritarian countries, such as Russia, have in the past taken a somewhat incoherent and at times liberal stance towards internet autonomy, but in recent years they have moved towards the Chinese position. The Snowden revelations in 2013 provided a boost for the cyber sovereignty movement, as it showed how user data could be, and were, utilized for espionage purposes. Some of the goals of the cyber sovereignty movement, such as storing user data within each country, was pushed for by non-authoritarian countries such as Brazil and Germany. This has also allowed China and its allies to frame the counter-arguments against the cyber sovereignty movement as a smokescreen for the real goal: allowing the NSA access to user data.

China has pushed its agenda in various diplomatic settings, trying to establish a broad coalition of states agreeing on the principle. The 2016 BRICS-summit in Goa underlined the primacy of states in developing the agenda, while also admitting that other stakeholders deserved a say and a voice in the process. Another arena where China has pushed its agenda is the Shanghai Cooperation Organization (SCO), which consists of China, Russia, and several Central Asian countries. The main position taken by these countries is the primacy of the nnationstate and its applicability in the cyber realm as well. Framing the issue on potential U.S. interference is both a strategy and a real concern. One of the major fears is for the west, and the US particularly, to advocate their interests through the evidently “neutral” internet. Per this logic NGO’s and western media are participating in undermining governments, not to the West’s liking. Such thinking is in part based on recent history, one example is Colin Powell infamously telling NGO’s they were a “force multiplier” during the Iraq war. Statements like this have stoked the fears of authoritarian regimes that western civil society is in fact little more than an extended propaganda arm. The American government is also keen on American companies contributing to America’s national interest when this is deemed necessary, reinforcing the idea that the Internet is partly an American tool.

Fang Binxing, credited as the creator of China’s famous Great Firewall, exposed the view in his remarks to the China-Russia forum on Internet sovereignty in 2016. He claimed that the fact that much of the Internet infrastructure was located in America meant that Internet governance today was under American control. The point is therefore not to add the concept of government control to the Internet of today, but to force America to share the control it already has. By framing the issue in this matter China seeks to establish a narrative wherein state-power already exists in the cyber realm, but America is a hegemon. Establishing national sovereignty would therefore not be about the issue of censorship of the Internet, but the inclusion of more actors than the US in its governance. This argument is in line with the broader trends in Chinese foreign policy calling for a “democratization of international relations”. This idea is a move away from a perceived western dominance of international affairs towards a more inclusive order with greater respect for autonomy and the internal affairs of states.

The American dominance of the Internet does reflect some basic facts, but the influence is subtle and done with a “light touch”. The various actors involved in its governance collaborate through their own perceived self-interest to spread a way of governing that is inherently Western. Even more so the idea of a globalized integrated world is (or at least was) in America’s interest. The diplomatic strategy utilized by China has already secured some minor victories. The Obama administration’s decision to move the regulatory Internet Assigned Name Authority out of the chamber of commerce and to the international community has by some been credited to the effective diplomacy of China and Russia.

An issue to watch is the potential for a turf-war between the multi-stakeholder approach of the ICANN and the intergovernmental approach of the ICU, which is a sub-body of the UN. There has been a tentative agreement on the sharing of responsibilities since 2014, but 2016 saw some developments that might hint towards a more uncertain future. Another pressing issue, with uncertain consequences, is the ongoing debate about the alleged hacking of the US election and how this will influence the perception of information sovereignty in the west.

Things to watch

• Whether China continues to open up space for non-state actors in its governance agenda. 2016 saw the inclusion of multilateralism in Chinese rhetoric, whether China moves towards greater openness or more control will be important.
• Whether the big hacks of 2016 and most importantly the US election, will change the western position. Information warfare and the campaigns to influence democratic processes will probably continue.
• Whether more powers will be moved from current institutions to intergovernmental ones.

Dr Niels Nagelhus Schiais Senior Research Fellow, Norwegian Institute of International Affairs [NUPI] and Programme Manager, Cyber Security Centre/Editor, Internasjonal Politikk. Lars Gjesvik is a research assistant in the Research group for Security and Defence, working mainly on cybersecurity. Image Credit: CC by Anssi Koskinen/Flickr.