China Could Control the Global Internet After Oct. 1
In November 2014, Li Yuxiao, a research fellow at the Chinese Academy of Cyberspace, stated, according to the state-run China Daily: “Now is the time for China to realize its responsibilities. If the United States is willing to give up its running of the internet sphere, the question comes as to who will take the baton and how it would be run.
“We have to first set our goal in cyberspace, and then think about the strategy to take, before moving on to refining our laws,” he said.
Li is now the head of a department designed to enforce the Chinese regime’s laws on technology companies. His comments are tied to a process announced by the United States in 2014 to relinquish control of the internet by ending the contract between the U.S. Department of Commerce and the Internet Corporation for Assigned Names and Numbers (ICANN).
This process is now nearing its completion, with a deadline of Oct. 1.
The handover is technically of the Internet Assigned Numbers Authority (IANA), which is a department of ICANN. It regulates domain name registrations for websites, handles the Domain Name System (DNS) Root Zone to ensure internet users are directed to the websites they intend to visit, and also handles internet protocols.
The integrity of DNS, in particular, is critical, since it can be used for cyberattacks that send people to fake, infected websites. It’s also one of the primary systems manipulated for state censorship that can block access to specific websites.
The United States plans for the internet to be run by a multistakeholder model without government oversight, and relinquishing control of ICANN will be the last step in this process. Yet the new model does not mean ICANN, or the broader internet, will remain free from government influence. Rather, the United States is simply stepping back from this role.
According to Chris Mattmann, who helped develop how email systems work under IANA and who also helped develop several Apache systems that are at the heart of the internet, the handover of ICANN is a concerning move.
With this shift, Mattmann said, the process of determining which website is shown to you when you enter a web address “will no longer be driven by the U.S. Department of Commerce,” and this could be manipulated by foreign powers for anything from censorship to cyberattacks.
For instance, if the Chinese regime were to object to a website that publishes information about its human rights record, the ability to influence IANA would allow the regime to make that website virtually invisible on the web.
Mattmann, who currently works at the NASA Jet Propulsion Laboratory, said he believes processes under ICANN need to be heavily vetted, noting that “even when the internet is itself distributed and decentralized,” the open system begins to break down without an authority to ensure it stays open.
Already, the Chinese regime is moving to fill the void left by the U.S. handover—and its new system for governing the internet goes far beyond the responsibilities held by ICANN.
Over the last two years, Chinese leaders have drafted an authoritarian set of laws that governs every facet of the internet. The Chinese regime has formed domestic institutions or gained control over international bodies to press these new laws for the internet through the United Nations; through domestic enforcement including on foreign companies inside China; and through organizations formed to work directly with major technology companies abroad and more generally with internet stakeholders.
A Tool for Foreign Engagement
In the two years since Li gave his speech at the 2014 World Internet Conference, the Chinese regime has gained ground on Li’s goal to govern the global internet. The three-day conference in Wuzhen, themed “An Interconnected World Shared and Governed by All,” brought together more than 1,000 internet companies from over 100 countries and regions.
Li is now the secretary-general of the Cyber Security Association of China, which is chaired by Fang Binxing, the creator of China’s Great Firewall, which censors and monitors the country’s internet. The association, formed on March 25, gives the Chinese Communist Party (CCP) a vehicle for spreading its systems and laws for governing the internet abroad, while giving its efforts a benign facade under the label of “cybersecurity.”
The association can start discussions abroad at “more senior levels” with “international industry, academic, and research associations” that constitute the global system that controls the internet under the multistakeholder model, according to a report from the Center for Strategic & International Studies.
The association is registered as a national nonprofit organization, but according to the report, it answers directly to the Leading Small Group for Network Security and Information—which is chaired by CCP leader Xi Jinping—and is “responsible for shaping and implementing information security and internet policies and laws.”
According to the report, the Cyber Security Association of China, among other tasks, focuses on “public opinion supervision to help in information control and propaganda” and “protecting core Chinese interests under globalization, and promoting globally competitive Chinese IT companies.”
According to Xia Yiyang, senior director of research and policy at the Human Rights Law Foundation, there is more to the statement, “protecting core Chinese interests under globalization,” than meets the eye.
“In the CCP’s language, it’s a way to keep the CCP in power by any means,” he said, adding, “They have a very clear definition of ‘core interests.'”
In an interview published on the World Internet Conference website, Li stated that since China has the largest number of netizens in the world, it should have the right to “make the international rules of cyberspace governance.”
“The establishment of rules is just a start,” he said.
Influence Over Foreign Companies
The Chinese regime has begun bringing major U.S. tech firms—including Microsoft Corp., Intel Corp., Cisco Systems Inc., and International Business Machines Corp. (IBM)—into its newly formed committee, the Technical Committee 260.
The committee is already working with foreign companies to enforce the CCP’s laws. According to the Wall Street Journal, it is inviting companies to help Chinese authorities draft rules for issues including encryption, big data, and cybersecurity, and with determining which technologies should be “secure and controllable” by the CCP.
The phrase “secure and controllable” was included in the Chinese regime’s sweeping National Security Law, passed on July 1, 2015. The Washington-based think tank Information Technology and Innovation Foundation described the law’s requirements as being “part of a strategic effort” intended to “ultimately supplant foreign technology companies both in China and in markets around the world.”
According to the BBC, the law authorizes the CCP to take “all necessary” steps to protect itself. The BBC report also noted that many foreign technology firms operating in China “fear that under the new law they will be forced to hand over sensitive information to the authorities.”
For instance, China has repeatedly tried to force foreign tech companies to hand over the source code for their software—in 2015, Apple said no, but IBM said yes—and has also demanded foreign tech companies’ encryption keys.
The technology news website TechDirt speculated the CCP could use this law to renew its attempts to require foreign companies to install back doors in their technology products.
If companies give in to these demands, they compromise their own and their users’ security in and outside of China. Failure to give in to these demands may bar companies from the Chinese market.
Influence Through the United Nations
The United Nations branch responsible for telecommunications issues, the International Telecommunications Union (ITU) technically only governs radio communications, but at a meeting in 2012 many nations agreed to ITU assuming a role in governing the Internet. Meanwhile, China has been working hard to assume control of the ITU.
The ITU gained international attention in 2012, when it held the closed-door World Conference on International Telecommunications in Dubai to rewrite rules that govern the global internet.
Despite the closed-door policy, many documents from the meetings were leaked online, and the contents of these documents drew heavy criticism from tech-focused groups and news outlets. One law the ITU passed “could give governments and companies the ability to sift through all of an internet user’s traffic—including emails, banking transactions, and voice calls—without adequate privacy safeguards,” according to the Center for Democracy and Technology, which exposed the ITU program known as Y.2770.
The United States walked out of the 2012 meeting, and other countries—including the United Kingdom, Canada, Denmark, Finland, Australia, and others—refused to sign its controversial treaty. Yet the treaty was passed regardless, giving the ITU a level of governance over the internet it had not had before.
Nations that refused to sign the treaty are not included in it. Instead, they retain agreements under the 1988 ITU treaty, which did not include any elements on ITU governing the internet.
Nonetheless, the ITU declared the new treaty a success, as its remaining members did recognize its new role. It released a statement on Dec. 14, 2012, saying “delegates from around the world have agreed [to] a new global treaty that will help pave the way to a hyper-connected world.”
In October 2014, the ITU elected China’s Houlin Zhao as its secretary-general.
Zhao had stated previously that censorship is subjective. According to The New American in October 2014, when Zhao was asked about “the Communist Chinese dictatorship’s massive censorship regime targeting dissent, dissidents, and ideas it disagrees with,” he replied, “Some kind of censorship may not be strange to other countries.”
A Contentious Move
Sen. Ted Cruz (R-Texas) has spearheaded a push to prevent the handover of ICANN, and many U.S. government officials, organizations, and experts have sounded an alarm over concerns that a foreign authoritarian power may attempt to do precisely what the Chinese regime has already set into motion.
During a Senate subcommittee hearing on Sept. 14 on the issue, Sen. Chuck Grassley (R-Iowa) said, according to a prepared statement, that many important questions on the transition remain unanswered. These include whether it will “yield an unconstitutional transfer of United States government property, how the transfer will affect human rights and free speech issues, if U.S.-controlled top-level domains such as .gov and .mil could be compromised.”
“If this internet giveaway goes forward, there’s no reason to believe that authoritarian states would stop trying to exert greater control and we don’t know how things will play out long term,” Grassley said.
On June 8, Cruz and Rep. Sean Duffy (R-Wis.) introduced the Protecting Internet Freedom Act, which seeks to prevent the U.S. handover of ICANN, and to ensure the United States retains sole ownership of .gov and .mil top-level domains.
Similar concerns were shared by Philip Zimmermann, creator of the PGP encryption standard and chief scientist and co-founder of Silent Circle, a company specializing in secure communications.
Zimmerman said he believes the United States needs to maintain some authority over the internet, lest “we give in to control by an international body that can be easily influenced by member states that are oppressive societies.”
“The internet is supposed to make the weak have a voice, you know. If China controls their own domains within their country, it’s going to be easy to suppress opposition,” he said.
According to Barney Warf, a geography professor at the University of Kansas who has published research on global internet freedom and governance, China has a “brutal, fascist, oppressive regime that has gone out of its way to suppress human rights.”
Warf said even the possibility that the CCP could enforce its laws over the global internet is a frightening thought.
He said the United States’ informal governing of the internet did not place any firm control over it, and this allowed innovation to flourish. He said the lack of strict governance gave people room to “experiment and make mistakes,” and added, “I think the internet has thrived because there is no central power over it.”
Laws for the Internet
After the U.S. relinquishes control of ICANN, it will technically retain some level of oversight, but this oversight will be bundled together with that of the 171 other members and 35 observers in the Governmental Advisory Committee.
Among those members is ITU, along with “all the UN agencies with a direct interest in global Internet governance,” according to the committee’s website.
The Committee advises ICANN on government concerns “related to laws and international agreements based on consensus,” according to Jonathan Zuck, president of ACT | The App Association, in a statement presented to the Senate Judiciary Committee on Sept. 14. In the event the 171 member committee does make a consensus-based recommendation to ICANN, Zuck testified that ICANN can reject it with a 60 percent majority vote of its governing board.
While the U.N.’s legal structure will for all practical purposes eliminate the U.S. ability to affect ICANN’s policy, Chinese officials have been very candid about their intentions to push CCP law onto the internet. The coming out party for this effort was the 2014 World Internet Conference, which followed upon the U.S. announcement that it would step back from internet governance.
“Experts said China is using the platform to sell its own strategy and rules to the world, a mission that the world’s largest cyberpower with the most internet users has deemed significant and urgent,” the state-run China Daily reported at the time.
“China has the capability now to set up international rules for cyberspace and use our strategy and our rules to influence the world,” said Shen Yi, an associate professor specializing in cybersecurity at Fudan University, according to China Daily.
“China is considering setting up its own rules in cyberspace,” CCP Premier Li Keqiang said, in comments summarized by China Daily. He added the CCP wants to create a “common code of rules” for the internet.
In July 2015, the CCP passed the National Security Law mentioned earlier, with its requirement that certain technologies should be “secure and controllable.”
That same month, the CCP introduced the draft of its Cybersecurity Law. Reuters reported that the law requires network operators to “accept the supervision of the government and public,” and that it reiterates requirements that all personal data on Chinese citizens and “important business data” needs to be stored domestically—an element that further exposes the data to government surveillance.
Reuters noted the law was controversial in the United States and Europe, since it affects foreign firms. It also noted it increased the CCP’s power to “access and block dissemination of private information records that Chinese law deems illegal,” and that this has caused concern among governments, multinational companies, and rights activists, since the CCP may be able to “interpret the law as it sees fit.”
In December 2015, the CCP passed the Counterterrorism Law, which allows Chinese authorities to decrypt information to prevent “terrorism,” and to monitor systems with the excuse of preventing the spread of information that can be used for the CCP’s definitions of terrorism or “extremism.”
There is a long list of similar laws and regulations. In February 2016, the CCP issued rules for online publishing. In March 2016, it drafted rules for domain name registration. It has issued state procurement lists that restrict foreign suppliers and has pending laws on encryption regulations.
With its new institutions, laws, and regulations, the Chinese regime is ready through its Cyber Security Association to influence the operation of ICANN and other systems in the multistakeholder model; or it is ready to see the U.N. gain influence over ICANN through the ITU—with China at its helm.
Tech companies operating in China are now required to turn over proprietary technology, endangering their businesses and destroying their customers’ expectation of confidentiality. Meanwhile, through the Technical Committee 260, major tech companies are lobbying for the world to adopt the Chinese regime’s internet law and regulations. And the China-led ITU wants to grant nations the right to search all internet traffic.
Thus, China is seeking to make good on Liu Yuxiao’s promise that China will “realize its responsibilities” in the absence of U.S. control.
CORRECTION: A previous version of this article incorrectly stated the domains mentioned in the Protecting Internet Freedom Act. The act seeks to ensure U.S. ownership of .gov and .mil top-level domains. The article also incorrectly stated the date of Houlin Zhao’s election. He was elected secretary-general of the ITU on Oct. 23, 2014 and took office on Jan. 1, 2015. Epoch Times regrets the errors.