DigiChina Digest – October 2018

Controls online, blockchain security, CAICT is not just a think tank
Blog Post
Oct. 17, 2018

DigiChina's upgraded Digest is now in its second month. It includes exclusive new content and news tracking from Chinese-language sources on digital policy in China, as well as the latest from our collaborative work. The Digest is produced in partnership with our colleagues at the Leiden Asia Centre. This edition was compiled by Katharin Tai and Graham Webster.

Please encourage anyone interested to subscribe at DigiChina's main page.


Translation: China’s new top Internet official lays out agenda for Party control online

Zhuang Rongwen's first major statement as the new head of the Cyberspace Administration of China (CAC) came in the form of an essay in the top party theoretical journal, Qiushi. DigiChina has translated it in full. Emphasizing the propaganda portion of his new portfolio at CAC, the essay exhorts a unified, centralized, top-down, and bottom-up effort to further facilitate the Party’s exercise of control over online information dissemination:

"To grasp leadership authority in online ideological work, we must not only give full rein to the main force role of Party members, cadres, and mainstream media editors, pushing the main forces onto the main battlefield; we must also give full rein to the dominant role of the majority of Internet users, and fight a people’s war for the governance of the online environment."[link]

Profile: China Academy of Information and Communications Technology (CAICT)

CAICT is one of the most important policy and technical voices in China on digital development and regulation. It is at once a think tank under the Ministry of Industry and Information Technology (MIIT) and the locus of some technically demanding government functions. It is thus an ideal first subject for a DigiChina profile. CAICT is crucial in Chinese efforts in such areas as next-generation 5G mobile technology, AI development and application, and the cybersecurity review regime called for in the Cybersecurity Law. [link]

  • DigiChina is currently publishing a series of translated CAICT white papers. The first was a full translation of the Big Data Security White Paper published in July. The latest is below ↓, and at least two more are in the pipeline.

CAICT researchers take on blockchain security

CAICT and the MIIT-linked China Communication Standardization Association published a conceptually and technically intricate Blockchain Security White Paper. In the excerpt translated by DigiChina, it reproduces the above diagram of concerns in blockchain security according to MIIT; it lays out already existing regional regulatory efforts in Beijing, Shenzhen, Guiyang, Nanjing, and Shanghai; and it describes which specific Chinese standards-setting bodies are responsible for blockchain security work. [link]

Translation: New red tape for Chinese cybersecurity competitors, especially internationally

The Chinese government promotes cybersecurity competitions as a means to develop a stronger industry, but, in new rules released by cyberspace and public security authorities, it also seeks to control how competitions and competitors comport themselves. The rules target the role of money in competitions and follow a regulatory trend of clamping down on Chinese disclosures of cybersecurity knowledge to foreign entities. [link]


Fudan Prof. Shen Yi: New vision needed for U.S.–China strategic stability in cyberspace

The prominent Fudan University professor Shen Yi argued that, while both China and the United States want strategic stability in cyberspace, their visions differ. For the United States, he argued, strategic stability entails maintaining hegemony: While the United States might allow China to get stronger, it would only do so as long as a power differential between the two countries is maintained. Instead, Shen wrote, China’s goal should be a different kind of strategic stability:

“China needs strategic stability that is an ‘equal status and fully flexible compound stability’: Equal status means that all actors have the same obligations, and standards of conduct are negotiated between equals. … ‘Full flexibility’ means that it can absorb changes in the distribution of power. And ‘compound stability’ means that China needs to pay attention to the real [non-cyber] world as well.”

Alibaba big data standard enters ISO process that may lead to international use

The Global Times reported on October 12 that the International Standards Organization (ISO) had accepted Alibaba’s proposal for a standard on “Big Data Security and Privacy Process.” The paper celebrated the acceptance as a Chinese success and sign of recognition by the international community:

“‘China's data security standards have gradually entered the international arena and have gained recognition, indicating that we have sufficient credibility in the field of data security and will gradually play a role in international data security standard-setting,’ said Zhu Hongru, general manager of Alibaba’s standards department.”

While Alibaba’s standard may have weight in China, it has only begun the ISO process, meaning two important caveats remain: Being accepted into the process doesn't guarantee publication; and being published doesn't guarantee adoption. (Just ask the people behind the ultimately China-only TD-SCDMA wireless standard.)

Survey: Netizens not satisfied with personal information protection

How satisfied are Chinese Internet users with their country’s personal information protection situation? A survey (summary, full text) sponsored by 85 national and local Internet associations on “netizen cybersecurity satisfaction” found that less than 20 percent of respondents said personal information protection online was better than “average.” Thirty-one percent said the situation was “average,” and 49 percent said personal information protection was either “very bad” or “bad.” Among the top applications where respondents had concerns were online shopping (54 percent), social media chat (53 percent), mobile phone apps in general (43 percent), search information (37 percent), cloud storage (37 percent), and online finance (35 percent).

Reality check: The survey appeared to take no measures to achieve a representative sample or simulate representativeness through weighting. Still, the the reported results are meaningful in the Chinese context, if only because they represent messages that numerous officially-sanctioned associations were willing to disseminate.

After Bloomberg’s contested report on Chinese hardware hacking, official media responds

The past few weeks saw President Donald Trump accusing China of “meddl[ing]” in the U.S. midterms, Bloomberg reporting that Chinese security services infiltrated major U.S. companies with a hardware hack (a widely disputed story), and Vice President Mike Pence doubling down on Trump’s allegations, announcing a hard line on China.

After the Bloomberg story, an unnamed Xinhua commentator accused the United States of “fanning the flames of fearing China online with ulterior motives”:

“Firstly, they intend to divert attention from U.S. cyber attacks and surveillance. … Promoting the ‘foreign cyber threat theory’ also provides an excuse to expand their military cyber capabilities. … Secondly, they intend to stigmatize Chinese network technology, equipment, and companies; coerce other countries into anti-Chinese policies; and prevent Chinese companies from participating in the construction of relevant national network infrastructure.”

Tsinghua releases 'China AI Development Report'

The China Institute for Science and Technology Policy at Tsinghua University released its "China AI Development Report 2018," including in English edition (executive summary, full text), assessing China's talent, commercial investment, application, and policy development in AI-related fields.

Rules finalized for public security authorities conducting cybersecurity inspections

China Law Translate (CLT) provides a translation of finalized "Provisions on Public Security Organs' Internet Security Oversight and Inspections," which outline Chinese police procedures and responsibilities to enforce several provisions of the Cybersecurity Law and other laws. An April draft version of the rules raised eyebrows for authorizing "remote testing" for system security in Article 16. The final version of that article adds language requiring public security officials to inform targets of remote testing or announce tests publicly. CLT's Jeremy Daum noted in April that these rules detail authorities' responsibilities or authorization to examine security even outside an investigation.

About DigiChina

The DigiChina project is a collaborative effort to understand China’s digital policy developments, primarily through translating and analyzing Chinese-language sources. DigiChina is supported through a partnership with the Ethics and Governance of Artificial Intelligence Initiative of the MIT Media Lab and Harvard's Berkman Klein Center.

About New America

New America is dedicated to renewing America by continuing the quest to realize our nation's highest ideals, honestly confronting the challenges caused by rapid technological and social change, and seizing the opportunities those changes create. Read the rest of our story, or see what we've been doing recently in our latest Annual Report.