China’s Intelligence Law and Zhong Lun declaration

Layered policy regime

For China, research & development in surveillance technologies supports the state’s ambitions to be a global leader in tech innovation while also enhancing its capacity for domestic social control. Thus, AI technology and its applications are used as a part of China’s economic competitiveness strategy and data-driven governance plan. The New Generation Artificial Intelligence Development Plan is the chief policy instrument that lays out China’s AI policy goals through 2030. The plan operates in conjunction with a series of interrelated policies, like the 14^th Five-Year Plan on National Informatization, Military-Civil Fusion strategy, Made in China 2025, and the Strategic Emerging Industries lists, that explicate Beijing’s aims to leverage AI technology for economic and security purposes. 

Intelligence law

The state employs surveillance technologies and practices that rely on cyber researchers’ support and the expansive use of digital tools to shore up its cyber power. Accordingly, China’s cybersecurity industry operates under an increasingly more rigid political and legal environment. For instance, the Intelligence Law of 2017 demands that organizations and citizens support and cooperate with state intelligence work. Furthermore, they are asked to guard and promote the secrecy of any national intelligence work. This suggests that tech firms must support and participate in intelligence work when asked by Beijing. But they are also required to preserve the secrets of the state when demanded. Legal requirements establish obligations for companies to work with the state and hand over data to authorities in matters of national or public security. 

It appears that these constraining developments and requirements to work with the government are occurring without any robust legal procedures to object or appeal unwarranted government requests. 

Zhong Lun declaration

As mentioned above, the common understanding is that the new Intelligence Law requires domestic tech firms to offer access to data and participate in intelligence work. However, this interpretation of the law is disputed by two recent legal statements. The first was offered by the Zhong Lun law firm, a firm based in Beijing. This document was later submitted to the U.S. Federal Communications Commission. The Zhong Lun declaration explores statutory laws passed by the National People’s Congress and its Standing Committee, concluding that tech firms can reject the government’s cooperation requests. The document is usually referred to as an opinion. But I shy away from calling it an opinion since the declaration in question does not explicitly hold the view of the two attorneys, Jihong Chen and Jianwei Fang, that wrote it. Secondly, it is also not a declaration in the legal sense because it is not a sworn statement made by a witness in an official proceeding, which would result in a charge of perjury if a falsehood were unearthed. 

The second statement was made by the British law firm, Clifford Chance, that was employed by Huawei to issue a review of the Zhong Lun statement to demonstrate its legal soundness. More precisely, the purpose of the statement was to support Huawei’s assertion that Chinese law does not categorically obligate Chinese companies to cooperate with Beijing or to offer backdoor access to data for state purposes. 

However, scholars, like Donald Clarke, show that this is a misleading conclusion that does not meaningfully lessen U.S. national security concerns. He explains that the current Cybersecurity Law, National Intelligence Law, and anti-Terrorism Law do not necessarily require tech firms to cooperate with Beijing, but that the focus on these particular laws in the statement is an obfuscating and myopic exercise. The statement discusses a limited subset of mandatory rules as a way to neglect a vast series of other rules that do ask for cooperation with Beijing. 

Crucially, it appears that companies are still required to cooperate with government requests in practice even if the individual laws listed in the statement do not explicitly force them to.

Judicial checks

The Zhong Lun statement suggests that tech firms can reject Chinese government requests for cooperation. In fact, it goes on to say that firms and citizens who believe that their legal rights have been violated can pursue remedy via the court system and administrative review. This conception implies corresponding judicial checks to state actions, which does not hold up to current realities. Presently, there are no cases that illustrate that parties have received remedy because of harms committed by state security agents. For this reason, it is hard to believe that the Chinese Communist Party is convincingly and substantially constrained by law at the moment. Essentially, even if the analysis and conclusion in the Zhong Lun statement is sound, it does not change the practical reality that firms have little choice in cooperating with government requests.

Cybersecurity vulnerabilities 

Researchers point out that the backdoors utilized for domestic surveillance and data collection practices upon government request may also be exported abroad unless the tech firms offer a more secure series of products for overseas customers. For example, studies have discovered multiple cybersecurity vulnerabilities in Hikvision surveillance cameras. While this example does not necessarily hold for all Chinese suppliers of surveillance technologies and parts, it illustrates a critical and escalating cyber vulnerability. In addition, there is no empirical evidence from fieldwork which establishes systematic coordination between the Chinese state and Hikvision or an intention to purposefully use backdoors to steal data. While this is a salient fact that should guide future studies, it does not mitigate the need to ensure supply chain integrity given the ubiquitous potential for implanting trapdoors, backdoors, and surveillance mechanisms in hardware or software. 

We can imagine additional risks from the procurement and spread of Chinese surveillance tools in Africa, which governments claim contributes both to security and economic development, but also results in the rise of targeting political opposition and ethnic minorities. These developments demand locally engendered checks and balances and empirical studies that explore the particularities of how African state actors integrate and utilize these technologies for local ambitions.

AUTHOR

Bulelani Jili is a Ph.D. candidate at Harvard University, where he is a Meta Research Ph.D. Fellow. He is also a Visiting Fellow at Yale Law School, a Cybersecurity Fellow at the Harvard Kennedy School, a Fellow at the Atlantic Council, Research Associate at Oxford University, and Scholar-in-residence at the Electronic Privacy Information Center. He will be writing a series of blogs on Chinese surveillance tools in Africa.