As U.S.-China tensions worsen, their disputes in the high-tech sector have gained prominence. What started with stepped up U.S. accusations of economic espionage by Chinese government agents has escalated into a so-called tech war. The Trump administration adopted a full-court press against Chinese telecommunications firm Huawei, alleging the company could conduct espionage on Beijing’s behalf. Even the popular social media app TikTok, owned by a Chinese company, has come under fire. At its heart, the clash is over which country will get to set the standards for the fourth industrial revolution, including emerging technologies like artificial intelligence and big data.
Below, Graham Webster (@gwbstr), the editor-in-chief of DigiChina at the Stanford Cyber Policy Center and a China digital economy fellow with New America, discusses the recent debates over TikTok and Huawei and the implications for the global internet.
Last month, India banned TikTok, along with 58 other Chinese apps, over national security and data protection concerns. That seemed to give momentum to calls for the U.S. to follow suit. What is the logic behind banning TikTok? Do you personally support that idea?
National security and data protection were indeed among the justifications for India’s action against Chinese apps, but the broader context of the India-China border clash influenced the timing. Indian tech thinkers had long discussed the downsides of reliance on foreign-owned internet platforms, including both U.S. and Chinese giants. The painful history of British colonialism has, helpfully I would argue, made many Indian thinkers sensitive to foreign entities profiting from or influencing domestic events. But action came when it was time to make a point against China more broadly.
The U.S. debate is parallel in many ways. Although U.S. tech discourse generally lacks explicit post-colonial sensitivities, and although many had long dismissed Chinese concerns about “cyber sovereignty” as simple authoritarian excuses, questions around Chinese government power and the growth of Chinese companies around the world have triggered a heightened awareness of who controls platforms and how they collect, store, or share data.
The combination of TikTok’s status as the most prominent Chinese-owned app in the United States and the macro concern over trust in platform explain the company’s dilemma today more than any of the specific risks it poses. So far, the idea that TikTok is a national security threat is pretty speculative, but there are real privacy and censorship concerns that in my view should be addressed.
In both cases I tend to oppose bans on apps that are not based on principled policies around platform governance. The United States, for its part, lacks anything like a comprehensive data governance regime to defend personal privacy and autonomy, proprietary information, and national security. The concerns around TikTok (and the U.S. Congressional hearing with U.S. tech CEOs this week) should underline the urgency of a smart data governance regime that considers risks including but going well beyond which country the parent company is based in.
It may very well be that under a careful rubric, TikTok would not be able to do business in the United States. I would be fine with that if the same requirements were applied across the board. But it may also be that smart rules and credible auditing could give people the confidence they need to enjoy an app made in an untrusted legal environment while nonetheless trusting that a strong regime ensures the security of the app.
TikTok is a particularly interesting case because it has tried hard to differentiate itself from its Chinese parent company, ByteDance, and the Chinese version of the video app, Douyin. In the current climate, do you think it’s possible for a Chinese tech company to “prove its innocence” in the fact of national security concerns linked to China’s expansive cybersecurity law?
The underlying problem here is frankly not China-specific. It is very hard for any platform to gain the trust of people who are not inclined to trust it. The China-specific elements just make the challenge more stark. ByteDance could theoretically separate operations so thoroughly that no one subject to the Chinese legal system is in a position to hand over data or implement orders to influence discourse abroad, but I suspect this will not be possible without the establishment of trusted, independent auditors examining companies based on well-formed standards for data security and other matters of concern. It’s worth noting that establishing that kind of regime would be costly for U.S. companies and take away some of their maneuvering room in trying to squeeze profit out of user data, so they’re not likely to lobby for this outcome!
Huawei is the most famous example of a Chinese company — in this case, a telecoms giant — coming under suspicion for national security reasons, including fears that the equipment could be used to facilitate Chinese government espionage. Many Chinese analysts, however, say the U.S. is simply running scared of a successful technological competitor. What’s your take on the Huawei debate?
There is no doubt that using network infrastructure made by a company based in China requires careful risk analysis for the United States. The company could be legally or extralegally compelled to help the Chinese government with intelligence gathering or other matters. Even if the Chinese company resists in normal times, if U.S.-China relations really go south, one imagines their resistance would erode.
Where I part ways from those who would ban Huawei completely in U.S. infrastructure is on their absolutism. Cybersecurity is an exercise in risk analysis and mitigation. At one extreme, imagine the risk of a breach in nuclear command and control systems. Keeping suspect vendors 100 percent out of those hyper-critical systems is a no-brainer. At the other extreme, imagine a grandparent in Pennsylvania who likes the camera available on a Huawei smartphone. It’s hard to make a credible argument for a national security risk there. The people arguing to ban Huawei, or indeed to effectively kill the company, would be a lot more credible as security advocates if they advanced an impartial way to estimate and mitigate risks in infrastructure.
How is the U.S. ban on technology sales to Huawei — or third parties vendors doing business with Huawei — likely to impact the company in the long run?
I’m not an expert in Huawei’s supply chains, but it is clear that there is at least some medium-term trouble for the company if it is enduringly cut off from key U.S. suppliers. At the same time, the U.S. government willingness to use tools like the Entity List against Huawei has only strengthened Chinese government resolve to chart an independent technology ecosystem. Huawei is a major player there and will naturally have a strong domestic market, in addition to public support whether direct or in spillovers from a massive government-backed R&D push.
Perhaps the bigger question for Huawei is the extent to which the U.S. government drive to cut it off from customers and suppliers around the world bears fruit. Will U.S. efforts seriously reduce revenue on hardware sales, or potential 5G technology licensing, down the line? Will they be stuck with only Chinese-made and -designed semiconductors? The implications of these unsettled questions are huge.
Of course China is unhappy about its apps and tech companies facing bans, but is it possible this is an indirect win for Beijing? China has long pushed for “cyber sovereignty,” meaning each country has the right to control its domestic internet as it sees fit. Has the world, including the United States, come around to practicing cyber sovereignty — thus validating Beijing’s argument in favor of internet censorship?
From the beginning of the popular diffusion of internet use in China, the government there has been sensitive to both the benefits and risks the technology brings to the Communist Party-led political system. Even before internet use became widespread, some Chinese experts had pushed for the development of an indigenous Chinese operating system to displace Microsoft Windows.
When connectivity began its rapid spread in the late 90s, the government implemented measures to maintain various types of social control. That effort, especially the “Great Firewall” system of cross-border internet blocks, drew international criticism for violating of the human right of freedom of expression, and later for cutting foreign companies out of China’s market.
The idea of “cyber sovereignty” or “network sovereignty” came to prominence at a time when China’s government under Xi Jinping sought to centralize and rationalize a broad array of issues in digital governance. I don’t think the bans on apps or actions against hardware companies so much empower the “cyber sovereignty” argument, which was really a comparatively banal claim that governments had the sovereign authority to regulate technology use within their borders. Nor do I think it really helps out the people in China who want to control domestic Chinese online life—an objective that has been quite thoroughly accomplished. It does probably help the people who want to further exclude foreign vendors from Chinese systems and develop a thoroughly independent tech ecosystem.
One thing that has all but disappeared? U.S. advocacy for a free, open, and truly global internet, a hallmark of the Clinton State Department and of U.S. advocacy on global internet governance since the early days. It was always an elusive ideal, but it was one that directly conflicted with the exercise of sovereignty inconsistent with universal human rights. On that front, the U.S. government at present no longer seems all that interested.