The TechCrunch Global Affairs project examines the increasingly intertwined relationship between the tech industry and global politics.
Recent significant data breach incidents, such as data breaches Office of Personnel Management, airplane passenger lists and hotel guest the data clearly showed how vulnerable public and private systems remain to espionage and cybercrime. What is less obvious is how an adversary or foreign competitor might target data that is less clearly relevant from a national security or espionage perspective. Today, public opinion data, such as the types of data used by advertisers to analyze consumer preferences, has become as strategically valuable as data on traditional military targets. As the definition of what has strategic value becomes increasingly blurred, the ability to identify and protect strategic data will be an increasingly complex and vital national security task.
This is especially true of state actors like China, which seeks access to strategic data and seeks to use it to develop a toolbox against its adversaries. Last month MI6 chief Richard Moore describes the threat of China’s “data trap”: “If you allow another country to access really critical data about your company,” Moore argued, “over time it will erode your sovereignty, you won’t will have more control over this data ”. And most governments are just beginning to grasp this threat.
In his testimony to Congress last month, I supported that to defend democracy now, we need to better understand how particular datasets are collected and used by foreign adversaries, especially China. And if we’re going to properly defend business-critical data (and define and prioritize which datasets to protect) in the future, we need to be creative in imagining how adversaries might use it.
The Chinese state’s use of technology to strengthen its authoritarian control is a topic that has received considerable attention in recent years. The targeting of the Uyghur people in Xinjiang, aided by an invasive and highly coercive use of surveillance technology, was at the center of this discussion. So, naturally, when most people think about the risks of China’s “technological authoritarianism” going global, they think about how equally invasive surveillance can become global. But the real problem is much bigger and much less detectable due to the nature of the digital and data-driven technologies involved.
The Chinese state-party apparatus is already using big data collection to support its efforts to shape, manage and control its global operating environment. He understands that data that seems insignificant on its own can have enormous strategic value when aggregated. Advertisers can use public opinion data to sell us things we didn’t know we needed. An antagonistic actor, on the other hand, could use this data to inform propaganda efforts that subvert democratic discourse on digital platforms.
The United States and other countries have rightly focused on the risk of malicious cyber intrusions, such as the aforementioned. OPM, Marriott and United airlines incidents that have been attributed to actors based in China – but access to the data does not need to be derived from a malicious intrusion or tampering with the digital supply chain. An adversary like the Chinese state simply needs to exploit normal and legal business relationships that result in downstream data sharing. These avenues are already developing, most noticeably thanks to mechanisms such as the recently enacted Data Security Law and other state security practices in China.
Creating legal frameworks for accessing data is just one of the ways China is working to ensure its access to national and global datasets. Another way is to own the market. In a recent report, my co-authors and I found that for the technological areas examined, China had the highest number of patent applications filed compared to other countries, but did not have such a high impact factor.
However, that did not mean that Chinese companies lacked leadership. In China, the R&D incentive structure drives researchers to develop applications that have specific policy goals – companies can own the market and refine their products later. Chinese leaders are keenly aware that their efforts to dominate the global market and set global technology standards will also make it easier to access more data abroad and its eventual integration on disparate platforms.
China is working on ways to marry otherwise mundane data to produce results that, overall, can be quite revealing. After all, all data can be processed to generate value if it’s placed in the right hands. For example, in my 2019 report, “Global Engineering Consent, “I described the problem through a case study of Global Tone Communications Technology (GTCOM), a company controlled by the Propaganda Department that provides machine translation services. According to its public relations, GTCOM also incorporates products in the supply chains of companies like Huawei and AliCloud. But GTCOM doesn’t just provide translation services. According to a company official, the data it collects in the course of its business activity ” provide[s] technical support and assistance to state security.
In addition, the Chinese government, assuming better technical capacity in the future, collects data that is apparently not even useful. The same technologies that help solve everyday problems and provide standard services can simultaneously strengthen the political control of the Chinese party-state at home and abroad.
To respond to this growing problem, it will be necessary to think differently about the “technological race” with China. The problem is not just developing competing capabilities, but the ability to imagine future use cases to know which datasets are even worth protecting. States and organizations need to develop ways to assess the value of their data and the value that the data may have for potential parties who may access it now or in the future.
We have already underestimated this threat by assuming that authoritarian regimes like China weaken as the world becomes increasingly digitally interconnected. Democracies are not going to self-correct in response to problems created by authoritarian applications of technology. We need to re-assess the risks in a way that stays up to date with the current threat landscape. If we don’t, we risk falling into China’s “data trap”.