Opinion: Is China curtailing freedom in the name of cybersecurity?

Delhi, IndiaWritten By: Gauri AgarwalUpdated: Mar 01, 2018, 01:28 PM IST

Internet freedom around the world declined in 2016 for the sixth consecutive year and China was listed last. Photograph:(AFP)

In today’s time, blogs, forums and the likes are the breakthroughs in citizen development. Social media platforms through the access of the Internet has become a way for people to engage in issues they wish to express their opinion on, influence the government and maintain their anonymity as well.

But not all is well with the governments supporting this citizen development. People are facing penalties and getting arrested for sharing and publishing content in the name of cybersecurity or as the critics call it cyber sovereignty. According to a report from freedom house, a pro-democracy think tank, Internet freedom around the world declined in 2016 for the sixth consecutive year. It listed China dead last out of all nations surveyed.

The Great Firewall of China, not a physical barrier but a virtual one, prevents harmful information from entering the country. Apparently, it seems it was not enough as China’s cyber administration has recently released a new cybersecurity law to tighten control and strengthen the oversight mechanism over Internet discussion. 

These regulations demand that all social media users register accounts only with proper identification; a prior censorship for all Internet comments in the form of first approve then post system; Internet companies to assist public security organisations in protecting national security, and allowing the state to establish undefined systems for cybersecurity monitoring.

In addition to the above mentioned monitoring requirements, the law mandates that personal information and other important data collected in China must be stored on servers physically located within mainland China. The law also requires firms that operate critical information infrastructure to comply with all other obligations created by law or administrative regulation. 

Moreover, local and overseas firms are required to submit to security checks and their business licenses can be revoked for serious violations.

The sad part about these restrictions is the lack of definitional detail present in them. There is no precise enumeration of which sectors constitute critical information infrastructure that requires enhanced cybersecurity measures. The guidelines mentioned in the law are written in vague terminology and absent official guidance, increasing the scope of state authority in an ambiguous manner.

The requirement for the companies to verify an individual’s real identity before providing Internet services nullifies the blessing of being anonymous to users. The extensive terms and conditions of the law also present huge problems for foreign corporations attempting to comply with it. International law firms are worried that companies could be asked to provide source code, encryption, or other crucial information for review by the authorities, increasing the risk of this information being lost, passed on to local competitors, or used by the authorities themselves. 

Moreover, these companies now face at least four separate security audits by different Chinese government agencies with unclear jurisdictions. This new cybersecurity law is not only curbing freedom of expression but can also be used for political purposes to delay or block market access. It can damage global trade in services and disrupt cross-border transfers of information that are routine in the ordinary course of business. The law has also raised concerns among foreign companies over greater data controls as well as increased risks of intellectual property theft.

Government-backed Internet commentators can flood the web in China with pro-regime propaganda. It can also threaten to shut down foreign technology companies out of various sectors considered critical. The Economist has warned that the new law could well constitute ‘a Trojan horse designed to promote China’s aggressive policy of indigenous innovation.  Also, the substantial investment by Chinese technology firms in recent years to establish domestic data centres is believed to bolster the domestic Chinese data management and telecommunications industry against global competitors.

Moreover, China’s refusal to accede to the Budapest Convention on Cyber Crime reflects its developing state-centric approach to international agreements on cyberspace. The Convention is a multilateral agreement that serves as a framework for international cooperation on cybercrime and a guide for the development of national cybercrime legislation

The proponents of this law have called it an information security policy. It is linked with Xi Jinping’s dictum that without cyber security there is no national security. It can be used to counter threats of hacking, terrorism and other cyber crimes. Though, the reality for the critics is far from the objective. China hopes to reap the economic benefits of cyber-development while actively shaping and constraining the ideas available to the country’s citizens. It is moving its model of Internet sovereignty for the world by making it a legal reality at home.

Internet censorship in this information age is hard to gulp in seeing the overwhelming presence of real-time news and data availability. Cyber powers all around the world need to talk about in practical technological and human terms. If China calls its cybersecurity policy as an information security policy, then international information security and the peace in cyberspace is highly questioned. For the people of China, living in a society where speech and expression can be freely exchanged is becoming a distant reality.

(Disclaimer: The opinions expressed above are the personal views of the author and do not reflect the views of ZMCL)