ArchiveOODA Original

What’s the China-Arab State Data Security Pact Really Mean?

In late March 2021, China and the League of Arab States signed a data security agreement to  strengthen cooperation in communications and information technology. While details have yet been published, the document focuses on ensuring the integrity of data and production chains that drive the digital economy. This is not the first time that China and the Arab nations have collaborated, having engaged one another in emerging technologies like 5G and artificial intelligence.  However, it is noteworthy as this partnership makes the Middle East the first region to have engaged in a data security initiative with China, according to China’s Foreign Minister.

This is important for two reasons.  First, Beijing’s overture in getting Middle East support serves as a critical counterbalance to the increasing tensions straining China’s relations with the European Union and the United States. The agreement comes on the heels of a contentious summit between the United States and China in early March 2021, as well as U.S. and the European Union imposing sanctions against China for alleged human rights abuses against Muslim minorities in Xinjiang. Second, Beijing needs to continue to soften its image as a pervasive cyber espionage actor and quell misgivings about companies like Huawei and ZTE being instruments of the state. Recently, Huawei became a member of the Organization of Islamic Cooperation’s Computer Emergency Response Team, an organization that helps member states build their own cyber capabilities. This move coupled with Middle East support for China’s data security plan for international partners gives Beijing at least the appearance of trusted legitimacy.

For the past several years, China has been trying to gain recognition as a cyber leader by promoting its vision of state cyber sovereignty, state norms of behavior, and working its way into setting standards for emerging technologies.  As part of its tireless effort to muscle in on the global stage, Beijing introduced its “Global Initiative on Data Security” in September 2020.  The proposal called on all states to put “equal emphasis on development and security” in order to achieve a balanced approach on technological advancement, continued economic growth, and the safeguarding of national security and public interests. As many cyber-related efforts led by Beijing, the Initiative is an alternative and in direct response to the U.S. advocated Clean Network Program, a comprehensive approach to protecting citizen privacy and companies’ sensitive information from adversaries (e.g., China).  Since thirty nations have joined the U.S.’ Clean Network Program, Beijing has reached out to Southeast Asian states to support the Initiative, and thereby help Beijing assuage global concerns about its tech companies.  Beijing has even pledged it will not request Chinese companies to “transfer overseas data to the Chinese government” and that companies should not install backdoors in technology to steal user data.

The cleverness of China’s Initiative is that on the surface it promotes areas that many states could support. Condemning the installation of backdoors by tech companies, mandating that law enforcement establish bilateral agreements to obtain data, and states agreeing not to engage in harmful acts against critical infrastructure are common concerns expressed by most governments. However, upon closer scrutinization, the Initiative aligns with other Beijing-led efforts such as its 2011 and 2015 resolutions to the United Nations where China, as well as Russia and other members of the Shanghai Cooperation Organization, lobbied for the rights of governments to control their information spaces. Neither proposal gained significant traction largely because many governments like the United States did not agree that establishing norms required a treaty, preferring established international law sufficient for law enforcement entities to collaborate.  Additionally, the U.S. did not agree with the broad terminology captured in the resolutions that would ultimately be left up to states’ interpretations on how to implement them.  In this capacity, the Initiative bears striking similarity to the aforementioned UN resolutions as the equally broad tenets are left up to the perception and application of a government. Viewed from this perspective, the Initiative can be considered “cyber security and data security with Chinese characteristics” as they promote China’s position of how states should engage one another on these data security issues.

Beijing’s bold moves come at a time when it has noticeably moved away from its “peaceful rise” strategy to adopting a more confrontational approach on the world stage, particularly against the United States on cyber and data security issues (see:C-Suite Considerations Regarding Current Geopolitical Tensions).  Recent overtures with the Middle East (including a recent Comprehensive Strategic Partnership pact with Iran) and Southeast Asia reveal a China that seeks to shore up support from regions more prone to being favorable to its interests in direct opposition to the United States that continues to garner backing from traditional allies and friendly governments. In this way, the two adversaries appear to have abandoned, at least for the present, the idea that consensus can be obtained in international organizations on these issues in favor of moving forward on their own.

Beijing and Washington acknowledge that cyber security and national security are inherently linked.  Both are serious players in cyberspace where they have demonstrated their prowess in offensive cyber operations.  However, they know that true influence in the digital domain will not be obtained by sheer capability of force, but by getting like-minded states onboard with their positions on important issues as next generation technology standards, rules of state behavior, and international responsibility for data transfers.  The government able to achieve that end goal (an effort that will likely require horse-trading on other non-cyber related economic and diplomatic issues) and build alliances will be recognized as the leader and find itself in the position to influence and shape how states will operate in cyberspace in the years to come.

C-Suite Considerations Regarding Current Geopolitical Tensions

 

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.