The following is a summary of the Hoover Institution report titled China’s Grand Strategy For Global Data Dominance. It is based on extensive research into China’s statements on intentions in using data, including using data to further foreign policy and economic objectives.
Executive Summary: The United States and China are currently competing to shape the distribution and control of data in the global economy and governance system. While US officials recognize the importance of data in this competition, the Biden administration has yet to establish clear laws and policies to protect Americans’ data from China. In contrast, China’s Communist Party has built a large institutional architecture to draw the world’s data resources towards China. Based on the CCP’s own documents, the Hoover Institution has produced a report that shows how the party has created a policy and regulatory architecture to exploit data as the fundamental resource of the future global economy and governance system. This report also explains how Chinese technology companies are increasingly integrated with the party’s data storage and processing systems, potentially exposing a large portion of the world’s population to data accumulation, espionage, and manipulation.
China has created a centralized national data infrastructure controlled by the Party. The Party’s interlocking data-security laws and surveillance systems mean that all customer data held by China-controlled companies will be accessible to China’s security services. China uses data requisitioning from commercial handlers to build databases, manipulate online information, mine telecommunications networks, and target journalists. The report recommends restructuring the Commerce Department’s ICTS process, updating FIRRMA to restrict China-linked companies, joining multilateral frameworks for strengthening data protections, and pressuring Beijing to agree to reciprocity.
The Accumulation-Espionage Ecosystem: Xi Jinping’s data strategy emphasizes national security and preventing political instability through top-down surveillance. He sees data as a factor of production and wants to control it to control development. China has implemented a social credit system and national big data infrastructure to enhance government supervision and control. Xi wants to move China’s data-control regime into the global domain and sees struggle, internal purges, and international confrontation, as a guiding principle of the revised Party Charter. The Chinese Communist Party, under Xi Jinping’s leadership, is hardening to take on the outside world and control all China-related data. Xi’s drive to control data is reflected in new regulatory structures, new policy and political campaigns, and a matrix of new laws. The interlocking data-security laws and the ubiquitous nature of China’s surveillance systems mean that all customer data held by China-controlled companies will be potentially visible and accessible to China’s security services. Therefore, policymakers need to come to terms with the scale of China’s big data capabilities. China’s ambitious drive to dominate the global data ecosystem poses a significant threat to international security and human freedom. Beijing is building a new technological ecosystem to accumulate and extract data on a global scale, motivated by the ambition to exploit data as the fundamental resource of the future global economy and governance system. The ecosystem is designed to achieve several purposes, including supercharging China’s processing infrastructure, leveraging data absorption for economic and surveillance advantage, harnessing the private sector and global innovation, eliminating barriers to military information acquisition, and ensuring that China’s data stays in China. The CCP’s bid for making China into a “network great power” poses long-term consequences for international security and human freedom.
Corporations and Data Harms: BGI Group is a Chinese biotech company that provides genomic sequencing and proteomic services. Its establishment of the China National GeneBank in Shenzhen in 2016, which is owned by the state and run by BGI, has given BGI an advantage in data-storage infrastructure and the advantage of scale for its diagnostics business. BGI’s partnership with international companies, such as the Children’s Hospital of Philadelphia and NRGene, has enabled it to develop larger data sets. BGI’s data is at risk of being accessed by the Chinese government as genetic resources are national strategic resources and the foundation upon which China will compete in the future bioeconomy. BGI has been accused of facilitating human rights abuses in China, and its subsidiaries have their own system of Party cells.
The article discusses the various connections and collaborations between WuXi Biologics, a Chinese pharmaceutical manufacturing and research-services company, and other entities in China, including the Chinese Communist Party, state organs, military organizations, and state-owned enterprises. WuXi Biologics is a major player in the pharmaceutical industry, with a combined market cap of $80 billion, and has been compared to Huawei for its dominance in the sector. The company has established partnerships with Huawei to advance precision medicine initiatives, as well as with China Electronics Data Service Co. (CECD) to form CW Data Technologies, a joint venture focused on healthcare analytics and big data. Some of these entities have been placed on the US blacklist of firms tied to China’s military and surveillance state.
The paragraph discusses concerns around the Chinese company ByteDance and its video-sharing apps TikTok and Douyin. The company has been accused of being closely linked to the Chinese government, with party officials holding key positions in the company. There are reports that ByteDance’s software and data are accessible to Chinese state organs, raising concerns around data privacy and national security. US officials have intensified warnings about TikTok as a potential national security threat, and negotiations for a national security agreement between the Biden administration and TikTok are ongoing. The RESTRICT Act has also been endorsed to potentially ban technologies from China and other US adversaries.
The global drone market is projected to grow from $30.6 billion in 2022 to $55.8 billion by 2030, with Chinese companies dominating the industry. DJI, which controls over half of the industry, rose to prominence through American venture capital and Chinese government funding. While DJI’s market share decreased by 15% in 2021, it still accounted for 54% of the global commercial drone market. Autel Robotics is another Chinese company that has grown to account for roughly 7% of the global commercial market share. However, Chinese drones present a unique security threat due to their potential for data harvesting and sharing with the Chinese government.
The Architecture of the System: The Cybersecurity Administration of China (CAC) plays a pivotal role in Beijing’s attempts to transform the country’s technological infrastructure and bring it under the Chinese Communist Party’s control for national security reasons. It is responsible for managing China’s digital network and controlling which entities participate in China’s digital ecosystem, what information they possess, and how that information circulates throughout China and abroad. Data is at the heart of CAC’s portfolio, reflecting Xi Jinping’s focus on its role as a strategic and economic resource. Many of its activities indicate a broader mandate to keep data out of foreign hands and prevent its monopoly by the private sector. Additionally, it is now a key agency responsible for regulating overseas listings, including in Hong Kong, to protect personal and nationally sensitive data against inadvertent foreign leaks. CAC’s probe of Didi and its review of all data-rich Chinese companies listed overseas provided foreign investors with a glimpse of the organization’s power.
China’s strategy for global data dominance involves expanding the cross-border activities of China’s digitally proficient corporations, envisaging a vast data-absorption network that can revolutionize industries and strengthen China militarily. Xi Jinping’s speech to the Politburo in October 2021 laid out his plan to transform China into a “network great power” and positioned China’s economy at the center of global data flows. This lecture was the culmination of years of building the policy-making apparatus, regulatory system, and legal regime needed to exploit the opportunities and counter the vulnerabilities brought about by the digital revolution. The Circular from the CAC and the National Development and Reform Commission announcing the release of the 14th Five-Year Plan Electronic Commerce Development Plan is an extension and enabler of the Party’s design for routing more data from the world’s economic activity back to China for processing.
Xi Jinping has emphasized the importance of data since coming to power in China in 2013. During a speech at the first meeting of the Party’s Central Cybersecurity and Informatization Leading Small Group in 2014, Xi spoke about how network information flows across borders and leads technology flow, capital flow, and talent flow. This speech also marked Xi’s first foray into shaping China’s cyber policy. Since then, the Party has combined Xi’s vision of China as a “network great power” with an economic agenda that seeks to integrate foreign technology, Party-controlled network infrastructure and open sharing of data through trade. This was revealed in speeches in 2016 in which Xi addressed the global dimensions of the Party’s big data strategy, including the role to be played by corporations. Xi’s recent commercial data plan has capped years of internal policy guidance directing the Party to utilize corporations in China’s data-focused economic strategy.
The Chinese Communist Party’s emphasis on data as a vital production factor has led to an overhaul of its traditional economic growth approach. President Xi Jinping sees data as the fundamental building block of a new industrial society, emphasizing big data’s importance as a “basic resource” that represents a “new stage of informatization development.” In the lead-up to China’s 14th Five-Year Plan, the Party emphasized using big data to “facilitate deep fusion” with China’s strategic emerging industries. The plan also calls for the creation of a national integrated big data system and a government cloud platform and data system for future data migration. Furthermore, the Party plans to strengthen “orderly sharing of data” and optimize databases for economic governance. The Fourth Plenum Resolution enshrined this perspective by listing data alongside labor, capital, land, technology, and management as “important factors” for production.
China has adopted a mercantilist approach to cross-border data governance, relying on open access to foreign data while denying foreigners access to Chinese data. China has initiated a new phase in its national data accumulation effort, relying on cross-border trade and e-commerce agreements to accelerate data flows and improve accessibility abroad. China’s Global Data Security Initiative (GDSI), a governance mechanism, and its application to join the Digital Economy Partnership Agreement (DEPA) aim to support its vision of innovation and data without borders. The GDSI was launched in September 2020 and seeks to maintain an open, fair, and nondiscriminatory business environment while advocating for data-sovereignty measures. The initiative was arguably a response to the US Department of State’s Clean Network proposal to counter data security threats created by China-manufactured technology. While the uptake of the GDSI has not been widespread, it has not been negligible. In March 2021, China and the League of Arab States signed a joint data-security agreement incorporating seven of the GDSI’s eight proposals.
The ecosystem: Obligations, Infrastructure, and Emerging Platforms: The Chinese Communist Party (CCP) has a three-part approach to data and data technology: control, accumulate, and indigenize. The party is using corporate structures to support their data strategy as they are less detectable as vectors of Party-state activity, and they are already integrated into ongoing efforts to create innovative capacity at the level of national industrial competition. At its Fourth Plenum, the Party Central Committee resolved to “perfect science and technology innovation institutional mechanisms” by building a new national system for making breakthroughs in key core technologies, with enterprises as the main body of this system. The CCP has also emphasized the role of enterprises as leaders of innovation in the 14th Five-Year Plan and the 2035 development goals. All these policies are being reinforced by top-down controls and a thickening mesh of legal and institutional controls.
China is pursuing a strategy to dominate global data through extensive infrastructure, networks, and national clusters. The National Development and Reform Commission oversees the national big data strategy and is involved in developing security technologies for intelligence and surveillance. The “Eastern Data, Western Computing” project aims to integrate cloud computing and big data capabilities while servicing China’s east through data centers in its west. New policies and regulations reinforce the obligations of industry and corporations to support Party-defined science and security aims. The system exploits open societies’ free flows of information and trade, drawing commercial data into an ecosystem that facilitates espionage, IP theft, and interference.
Policy Recommendations: China’s grand strategy for global data dominance poses a significant threat to the US and other democracies. China has no effective barriers to sequester personal data from state espionage and security services, unlike the United States. China’s data-control drive cuts across all elements of society, and the United States and other democracies need a targeted response to this threat. The US must absorb data through cross-border flows and block commercial operations that threaten the security of critical and personal data. Finally, the US must scrutinize the behavior of corporate entities linked to political actors whose goals run explicitly counter to US interests.
The text in the Hoover Institution report proposes solutions to restrict China-linked companies’ ability to operate in critical supply chain areas and to establish common frameworks for coordinating and strengthening data protections. The Committee on Foreign Investment in the United States (CFIUS) needs to be revamped to simplify the approve/reject model for covered transactions and define specific critical technology areas where new foreign adversary-controlled investment will be reviewed based on presumed denial. The CFIUS should also review the activities of China-linked companies for signs of data transfer and misuse.
The Foreign Investment Risk Review Modernization Act (FIRRMA) can be enhanced to define specific critical infrastructure and technology areas in or around each of the supply chains, where new foreign adversary-controlled investment will be reviewed based on presumed denial. Lawmakers should also consider imposing a parallel review, monitoring, and enforcement system for cross-border research partnerships involving foreign adversary-linked institutions. Finally, the text suggests establishing common frameworks for coordinating and strengthening data protections and scrutinizing and opposing China’s efforts to hollow emerging digital trade standards through multilateral organizations. The United States and democratic allies should limit data flows to China while continuing to promote secure data sharing among themselves.
Conclusion: The report highlights how China’s digital grand strategy poses a significant threat to the US by expanding its power into critical sectors of the American economy, making them vulnerable to data appropriation by the Chinese Communist Party (CCP). The lack of a coherent US counterstrategy means that robust mechanisms need to be developed to curtail the behavior of private entities shaped by political directives from foreign-adversary governments through extralegal and clandestine methods. The report proposes policy remedies that rely on the US government’s ability to access information surrounded by barriers of language, political system, and ideological framing. The US policy response needs to move beyond sporadic review to a better-resourced, more institutionally coordinated posture to ensure that US supply chains are free of risk from foreign-adversary threats, data-related or otherwise, and Americans’ personal data is not being unknowingly exposed to foreign-adversary collection and analysis.
Read the full report: https://www.hoover.org/research/chinas-grand-strategy-global-data-dominance