Belt and Router: China Aims for Tighter Internet Controls with Digital Silk Road

Coauthored with Ashley Feng, research associate in the international institutions and global governance program at the Council on Foreign Relations.

Given the hype surrounding China’s Belt and Road Initiative (BRI), one feature of the massive global infrastructure project has garnered less attention. Beijing aims to create a “digital Silk Road” that will allow it to shape the future of the global internet—and reinforce the Chinese Communist Party leadership at home for decades to come. Under the guise of BRI, China is seeking to export its policy of authoritarian cyber controls, giving countries the right to regulate and censor their own internet. China has already tightened control over its domestic internet, including through the Great Firewall and its Cybersecurity Law. It is now seeking to globalize that approach, while also inserting backdoor mechanisms that could increase its intelligence and propaganda operations in BRI partner countries. China’s plans—running directly counter to U.S. aspirations for a free and open global internet—should be deeply alarming to the United States.

In March 2015, China’s National Development and Reform Commission (NDRC), Ministry of Foreign Affairs, and Ministry of Commerce jointly released the Belt and Road white paper, calling not only for improving infrastructure construction and technical standard systems, but also for “jointly improving the transparency of technical trade measures” and creating an “Information Silk Road,” or a digital Silk Road.

As part of this initiative, the Chinese government calls for constructing cross-border optical cables and communications trunk line networks, planning transcontinental submarine optical cable projects, and improving spatial and satellite information passageways to expand information exchanges and cooperation.

While the development of a digital Silk Road may seem innocuous, it raises critical human rights, commercial, security, and governance concerns.

The idea of stricter internet controls is attractive to authoritarian-leaning governments, as the internet and social media have been essential in popular uprisings, such as the Arab Spring. Egypt, a regular violator of human rights, has drastically increased its use of internet censorship since 2011, shifting from selective filtering to pervasive blocking. Wary of dissenting opinions being expressed on the internet, China has sought to eliminate virtual private networks (VPNs), which allow its citizens to access websites blocked by the Great Firewall. Russia, another country that favors tighter internet controls, has been coordinating with China to incorporate the Great Firewall into the Red Web.

China has also begun to implement its Cybersecurity Law, raising human rights and economic concerns. Under the law, companies must censor all prohibited information, restrict online anonymity, store users’ personal information in China, monitor and report on network security incidents, and provide technical support to security agencies in investigations, which could mean increased surveillance. The law also gives the Chinese government a legal basis for large-scale network shutdowns in response to “major public security incidents,” a category left intentionally vague and thus a recipe for abuse.

Since the Cybersecurity Law went into effect in June 2017, censorship activity has reportedly increased by over 40 percent from the previous year. In August 2017, the Cyberspace Administration of China (CAC), the administrative and enforcement agency for the internet in China, sent a powerful message by issuing a notice saying that three of China’s largest technology companies—Tencent, Baidu, and Sina—had violated the law, allowing users to spread messages that “endanger national security, public security, and social order.” Individuals have also been arrested for private text messages on WeChat for “picking quarrels and provoking trouble,” a charge often used for those who have insulted the government. There have also been reports of China censoring WeChat outside of the country, demonstrating China’s ambitions to export its censorship regime internationally.

Besides its human rights implications, the law also demands that data collected by critical infrastructure operators be stored within China’s borders (otherwise known as data localization), allows only government-approved encryption technologies, and requires companies to reveal source code for IT products sold to critical infrastructure operators. Data localization is not just costly for multinational corporations, forcing them to contract with local cloud service providers or to build their own data centers, but it also endangers individual privacy. Trade associations have also speculated that China is pushing data localization to secure “expansive access to private information, trade secrets, intellectual property, or internal business communications.” Data stored on domestic Chinese rather than foreign servers could also be much easier for the Chinese government to access. Vietnam has begun to learn from its northern neighbor, proposing a piece of legislation that has elements of China’s Cybersecurity Law.

China’s drive for data localization is part and parcel of its broader ambition to dominate high-value technology, especially information and communications technology (ICT). As part of this campaign, China has developed unique national standards that it hopes to compel others to adopt globally, by leveraging its own large domestic market.

In its quest to avoid the middle income trap, China also aims to integrate internet technologies with its manufacturing sector, through initiatives such as Internet Plus, which has been tied to BRI. Between 2010 and 2014, China contributed almost $2 billion to creating ICT infrastructure, outspending UN agencies, the World Bank, EU institutions, South Korea, and Germany. China is now seeking to export its own national digital standards to BRI partners, urging internet-based companies to join BRI through increasing investments in network infrastructure, which would “speed up the construction of a ‘digital Silk Road.’”

Finally, China’s ambitions raise important security concerns for the United States. At the fourth World Internet Conference held in December 2017, Chinese state media outlets announced that Saudi Arabia, Egypt, Turkey, Thailand, Laos, Serbia, and the United Arab Emirates had “agreed to cooperate with China in the digital economy to build an interconnected digital Silk Road.” This seemingly benign initiative carries geopolitical implications.

Fiber optic cables transfer an unimaginable amount of data that includes personal, financial, and medical records, as well as sensitive government information. There are multiple ways to tap a fiber optic cable, but physical access and breaking encryption codes are the two easiest methods. Once an intruder has gained physical access to the cable, tapping information is relatively easy. Moreover, those who lay the physical fiber cable can also bend or clamp the fibers so as to create micro-bends or ripples, which allows data to leak out and be transferred, if a receiver is installed.

Prior actions taken by the Chinese government, such as installing backdoors in encryption technology, suggest that it will take similar actions when laying down fiber optic cables in other countries. State-owned enterprises such as China Mobile, China Telecom, and China Unicom, have all been expanding network layouts in BRI countries when installing such cables. Private Chinese technology companies that are suspected [PDF] of having close ties to the Chinese government and intelligence services, such as Huawei and ZTE, are also signing deals with countries as scattered as Belize, Ecuador, Guinea, and the Solomon Islands to lay fiber optic cables.

China has evolved from wanting to control information to wanting to control the algorithms that affect the distribution of information, through standard setting in international organizations. This includes dominating the development of 5G networks, which are scheduled to be completed in 2020. The global technical standards for 5G networks are currently being debated within a multilateral UN body, the International Telecommunications Union (ITU). The ITU’s Working Party 5D (WP5D), where these deliberations are occurring, is relying on inputs from the Third Generation Project (3GPP), an industry-based, multinational technical organization composed of telecommunications organizations from the U.S., Europe, China, Japan, Korea, and India. Beyond investing heavily in the 3GPP deliberations, China is also preparing its own specifications for a proposal to submit to WP5D by 2020, based on its own domestic standards.

As China continues to exalt the success of BRI and champion the idea of a community of common destiny, potential stakeholders—as well as the United States—should take a closer look at the implications of contributing to a digital Silk Road and decide whether the economic, social, and security costs are worth the benefits.