Dr. Samantha Hoffman is a Senior Analyst at the International Cyber Policy Center of the Australian Strategic Policy Institute and an independent consultant.
the TechCrunch Global Affairs project explores the increasingly intertwined relationship between the technology sector and world politics.
Recent known data breach incidents, such as the Office for Personnel Management, Passenger Lists and Hotel guest Data has shown how vulnerable both public and private systems remain to espionage and cybercrime. Less obvious is the way a foreign adversary or competitor might target data that is less relevant from a national security or espionage perspective. Today, public sentiment data, such as the type of data advertisers use to analyze consumer preferences, is more strategic than data on traditional military targets. As the definition of what is strategically valuable becomes increasingly blurred, the ability to identify and protect strategic data becomes an increasingly complex and vital task of national security.
This applies in particular to nation-state actors such as China who are looking for access to strategic data and want to use them to develop instruments against their opponents. Last month, MI6 boss Richard Moore described the threat of China’s “data trap”: “If you allow another country to gain access to really critical data about your society,” argued Moore, “that will in time undermine your sovereignty, you will no longer have control over that data.” most governments are only just beginning to understand this threat.
In a testimony to Congress last month, I argued that in order to defend democracy now, we need to better understand how certain data sets are collected and used by foreign opponents, especially China. And if we want to properly defend strategic data in the future (and want to precisely define and prioritize which data sets should be protected), we have to creatively imagine how opponents could use them.
The use of technology by the Chinese state to strengthen its authoritarian control is an issue that respectable attention in the past few years. The focus of this discussion was the targeted fight against the Uighur people in Xinjiang, supported by the invasive and extremely violent use of surveillance technology. Understandably, when most people think of the dangers of China’s “technological authoritarianism” they think of the world as to how similarly invasive surveillance can be global. However, the real problem is far more significant and less apparent due to the nature of the digital and data-driven technologies involved.
The Chinese party-state apparatus is already using the collection of large amounts of data to support its efforts to design, manage and control its global operating environment. It understands that data that seems insignificant on its own can have tremendous strategic value when aggregated. Advertisers can use public opinion data to sell us things we didn’t know we needed. A hostile actor, on the other hand, could use this data to underpin propaganda efforts that undermine democratic discourse on digital platforms.
The US and other countries have rightly focused on the risk of malicious cyberattacks – like the ones mentioned above OPM, Marriott and United Airlines Incidents attributed to actors located in China – however, the data access does not have to result from a malicious intrusion or a change in the digital supply chain. It only requires an adversary like the Chinese state to exploit normal and legal business relationships that lead to a downstream data exchange. These avenues are already developing, most visibly through mechanisms such as the recently enacted Data Protection Act and other state security practices in China.
Creating a legal framework for accessing data is just one way China is working to ensure its access to national and global datasets. Another option is to own the market. In one recently report, my co-authors and I found that China had the most patent applications for the examined technology areas compared to other countries, but did not have a correspondingly high impact factor.
However, that did not mean that Chinese companies failed at the top. In China, the R&D incentive structure leads researchers to develop applications with specific policy objectives – companies can own the market and later refine their products. Chinese leaders are very aware that their efforts to gain global market dominance and set global technology standards will also facilitate access to more data overseas and its later integration across different platforms.
China is working on ways to combine otherwise unremarkable data to produce results that, overall, can be quite revealing. After all, all data can be processed to add value if it is put into the right hands. For example, in my 2019 report “Global engineering approval“I described the problem through a case study from Global Tone Communications Technology (GTCOM), a propaganda-controlled company that provides translation services through machine translation. GTCOM also embeds products in the supply chains of companies like Huawei and AliCloud, according to its PR. However, GTCOM does not only offer translation services. According to a company representative, the data it collects in the course of its business operations “provide”[s] technical support and assistance for the state security. “
In addition, assuming better technology in the future, the Chinese government will collect data that is not even apparently useful. The same technologies that contribute to everyday problem solving and standard service can simultaneously improve the political control of the Chinese party state at home and abroad.
To respond to this growing problem, you need to be aware of the “Tech Race” with China different. It’s not just about developing competing skills, it’s about the ability to imagine future use cases in order to know which data sets are worth protecting in the first place. States and organizations need to develop methods of assessing the value of their data and the value that data can have for potential parties who can access it now or in the future.
We have already underestimated this threat by assuming that authoritarian regimes like China would weaken as the world became increasingly digitally connected. Democracies will not correct themselves in response to the problems posed by authoritarian applications of technology. We need to reassess risks to keep up with the current threat landscape. If we do not do this, we risk falling into China’s “data trap”.