As China prepares to transition to new leadership this week, the outgoing regime has been tightening its grip on internet surveillance and electronic communications. As the New York Times reports, China has deployed some familiar tactics in controlling the flow of information within its borders, ramping up censorship efforts on social networks and search engines, and reportedly hacking into the email accounts of activists and foreign journalists. But recent months have seen a shift in the government's tactics, with authorities enlisting private sector companies to assist, as well — including some joint ventures with American corporations.
Earlier this year, the government began issuing directives to China-based companies, ordering them to install hardware that would allow them to monitor internet activity, block websites, and connect directly with police servers. Businesses refusing to cooperate faced fines or suspension of internet service, according to local executives and government documents obtained by the Times. The orders were of particular concern to US and other foreign businesses, many of which use circumvention software to bypass China's internet controls. Executives were also wary of exposing their corporate networks to Chinese surveillance.
Putting foreign industries at risk
CNN reported on this phenomenon in August, after the Quality Brands Protection Committee (QBPC), a foreign industry association, sent an email to its 216 members informing them that Chinese police were ordering local businesses to install web monitoring devices. The QBPC would not specify which businesses were targeted, though a spokesperson told CNN that they were all in different industries. The QPBC's membership covers a wide swath of sectors and companies, including Apple, Nokia, and Time Warner. Executives recently confirmed to the Times that Japanese and Korean companies have been targeted, as well.
Experts say these espionage devices could pose security risks to foreign companies in addition to logistical burdens. Thomas Parenty, a security specialist formerly of the US National Security Agency, told the Times that such hardware could make it easier for the Chinese government to spy on international corporations, noting that the boxes "would be able to intercept all network communications from the China operations back to headquarters," potentially exposing intellectual property or sensitive corporate information. A QPBC spokesman, however, said the efforts may be more symbolic than substantive — a reminder to foreign industries that even amidst regime change, the government remains omnipotent.
"the most threatening actor in cyberspace."
This week's report comes at a time of heightening concerns in the US over Chinese espionage. On Wednesday, the US-China Economic and Security Review Commission (USCC), will publish an annual report in which it recommends that Congress take a closer look at China's cyber-industrial practices. Calling the country "the most threatening actor in cyberspace," the bi-partisan commission says China has used "increasingly creative and resourceful targeting" to monitor companies and agencies, including increased efforts to circumvent two-step authentication protocols.
The commission also advised Congress to enforce harsher penalties on companies that benefit from China's corporate espionage, and urged lawmakers to consider more stringent screening policies for Chinese companies investing in the US. This echoes concerns raised in a report the USCC released earlier this month, when it described Chinese investment in the US as a "potential trojan horse," arguing that the success of US-based Chinese companies could help further China's national agenda at the expense of American interests. Last month, a US Congressional report said both Huawei and ZTE posed national security risks, citing each company's ties to China's Communist Party.