Focus on China
China's State Council Information Office released a white paper on the rule of law in cyberspace today, March 16. The document, entitled "China's Law-Based Cyberspace Governance in the New Era," contains six chapters, including maintaining the rule of law in cyberspace, consolidating the legal system, defending fairness and justice in cyberspace, and 'increasing international exchanges and cooperation in the rule-based governance of cyberspace.
"The publication of the white paper comes at a time when China's law-based governance of cyberspace has reached a milestone, in which a comprehensive legal system has been formed in this field in the past three decades," said Zhu Wei, deputy director of the Communication Law Research Center at the Chinese University of Political Science and Law.
According to the white paper, China has promulgated more than 140 cyberspace laws, "forming a cyber legislative framework with the Constitution as the foundation, supported by laws, administrative regulations, departmental regulations, local regulations and local administrative rules, approved by traditional legislation and backed by specialized computer laws governing online content and management, computer security, information technology, and other elements."
In detail, China puts forward the idea of building a community with a shared future in cyberspace and hopes to jointly promote the rule of law in the global governance of cyberspace to make the fruits of digital civilization more beneficial to people of all countries, observed Zhu.
The hidden truth
China's national cyber governance system has been defined as a set of overlapping and interconnected strategies, laws, measures, regulations and standards, focused on critical infrastructure, data storage, security reviews and personal data protection, designed to achieve four objectives:
maintain strict control over the flow of information to ensure internal stability, regime legitimacy and CCP policies;
reduce security vulnerabilities in critical networks and defend the country against a variety of cyber operations, including espionage and destructive and disruptive attacks;
ensure China's technological autonomy, decrease dependence on foreign suppliers, and help domestic companies dominate emerging technology markets;
expand Beijing's influence in cyberspace and limit the room for maneuver for the US and its partners.
China's latest relevant regulations - the "Data Security Law" (DSL) and the "Personal Information Protection Law" (PIPL) - came into effect at the end of 2021. Based on the 2017 Cyber Security Law , include new data management guidelines, updated enforcement measures, further restrictions on the transfer of data outside of China, and the requirement for data handlers to "cooperate" with Chinese public security forces. The DSL applies to all domestic and foreign organizations handling data in China, and broadly extends the liability to overseas data processing activities that cause “harm to national security, public interest or legitimate rights”. and interests of Chinese individuals or organizations, which are not otherwise specified. Many provisions reinforce those of the 2017 Cybersecurity and Intelligence Acts.
The latter law, in article 7, requires all organizations and all citizens to "support, assist and collaborate with the work of national intelligence".
These tools enable Beijing to build one of the most sophisticated data-gathering operations in the world. Voice recording data and real-time locations of foreign nationals are acquired through both legal and illegal channels.
And this information is used for strategic purposes, including identifying targets for political influence and obtaining intellectual property. From this point of view, today's China represents a serious problem for liberal democracies, so much so that its growing multi-domain threat has been indicated by the US Department of Defense as the number one priority in the recent National Defense Strategy for 2022 .