Under China’s Eager Eagle Eye

Lesen Sie die deutsche Version hier.

The internet was expected to help democratise China. Following the invention and popularisation of the internet in the 1990s, it was almost a maxim of international relations that a freer flow of information would bring greater civil freedoms with it. But international society missed the key fact: the internet would always be seen as a threat to the one-party State, due to the ability of the net to spread information and organise people.

A few decades have passed. Not only has China moved further away from democracy, but it has weaponised the internet to conduct surveillance and implement country-wide censorship. Now, China is focusing on keeping its citizens compliant, including ethnic Chinese living abroad. What’s more, it is trying to extend its influence to other countries. It is no longer an issue that is irrelevant to you. Surveillance is taking place on your doorstep.

The Chinese Censorship and Surveillance System

The Chinese surveillance and censorship system is commonly known as the «Great Firewall». But in reality, it consists of two layers. The first layer is the Great Firewall that controls the traffic between China’s internet and online service providers to prevent people from organising themselves online. The second layer is the «Golden Shield Project» that started in 1998.

The Golden Shield project, officially known as the «National Public Security Information Project», is made up of three aspects. The first aspect involves creating an electronic population database. This database will contain detailed personal information. The second part is the adoption of offline identity tracking which involves installing surveillance devices in public spaces, including hotels, public transport, and cafes. The goal is to enable public authorities to promptly track down targeted individuals. The third aspect is the implementation of internet censorship, actively monitoring websites, forums, and social media. The goal is to report «unstable factors» to the authorities in a timely manner and take down content deemed inappropriate. This can also be used to control public opinion. This third aspect is popularly known as the «Great Fire Wall».

The population databases and identity tracking system in turn also facilitate offline monitoring of internet users by the government. Chinese online and internet services are built in the context of the government’s need to collect information, track individuals, and highlight problematic behaviours. These online services must fulfil surveillance requirements, such as tracking user information, flagging suspicious activities, and removing undesirable information, all while directing public discourse to prevent potential online organisation. Yet, they also need to be user-friendly and provide a quality service to keep users engaged, ensuring they do not try to bypass the «Great Fire Wall».

Contrary to popular belief, the Great Firewall is not being fully and directly controlled by the government, but also by online service providers and internet service providers, the former providing service online, the latter access to the internet for ordinary users. Other than facilitating surveillance, internet and service providers play another vital role serving the purpose of the Great Firewall, which is to hide information from the Chinese people. They are all required to register themselves to the government and are held accountable for whatever content is hosted on the platforms or networks. Hence all of these providers, especially social media or user-generated content platforms, hire hundreds or even thousands of content moderators to monitor everything that is going on through their platforms – principally to mitigate their own liability.

The invention of this all-encompassing surveillance network is not to maintain law and order, as Beijing claims, but to monitor and prevent dissent. There is no endgame for Beijing to keep everyone under surveillance. Government procurement documents show that surveillance camera systems are still being upgraded. For example, in 2019, the Beijing Municipal Public Security Bureau’s Tiananmen Subbureau spent 10,37 million Renminbi (1,27 million Swiss franc) on 335 state-of-the-art high-definition surveillance cameras and ancillary equipment. In total, it spent approximately 1.38 trillion Renminbi on public security in 2021. As Chinese companies enter foreign markets, they also bring with them their background of assisting the government’s surveillance efforts.

China Is Watching You

Today, we use online and internet services provided by other countries, including China. As the internet of things and smart homes become more and more popular, we have been exposed to more and more products. This has implications for our privacy and what can happen to our data. There is more and more evidence showing that the operations of Chinese companies abroad are serving Beijing’s interest in collecting data, flagging suspicious activities and initiating responses to facilitate Beijing’s political agenda. China, through the hands of companies that have close ties to it, is replicating the tactics it uses on its people abroad.

«China, through the hands of companies that have close ties to it,

is replicating the tactics it uses on its people abroad.»

If you have a security camera at home, chances are that it is made by either Hikvision or Dahua, both of which dominate the business of video surveillance. In 2021, they made up over one third of a global market worth around 31 billion Swiss franc. Hikvision produces a quarter of the world’s surveillance cameras, selling to more than 150 countries. At the same time there are 4,8 billion internet users worldwide and 20,83 per cent use video sharing services from ByteDance, the parent company of TikTok. TikTok has been downloaded at least 3 billion times. The Chinese robot vacuum company market share in 2020 is 17 per cent. Hikvision cameras at home have video footage of you. TikTok, if you have granted it full access to your phone, has access to your photo albums, contact list, location data etc. Your robot vacuum from Evoc might have mapped your flat. Your Huawei phone stores almost everything.

You might argue that a lot of companies collect huge amounts of data, so why reserve special criticism for the Chinese ones? Yes, Meta, Google, Amazon all do that. But the fundamental difference lies in who is behind them. Meta, Google and Amazon are private entities. And yes, their data harvesting approach is worrying. But Hikvision, Dahua, ByteDance and many other companies coming from China that are present in foreign markets are closely connected with the Chinese Communist Party. That is the norm in the business world in China – companies have to be compliant with the authorities. Hikvision’s biggest shareholder is the China Electronic Technology Group Corporation which is 100 per cent owned by the Chinese government. Huawei’s founder is closely linked to the Chinese army. Over the past decade, Huawei has collaborated with the People’s Liberation Army on at least 10 research projects, including artificial intelligence and radio communications. Hundreds of TikTok and ByteDance employees previously worked for Chinese state media.

Chinese companies are driven to serve the Chinese government’s agenda. Unfortunately, this latter claim has been proven beyond doubt to be more than the fearmongering some alleged it to be. Huawei has built network infrastructure across the globe and it can and has put people under surveillance. An internal report of KPN, a Dutch network provider, points out that the staff of Huawei in the Netherlands and China can put anyone using KPN’s network under surveillance – including the Prime Minister of the country –, as Huawei had provided some of the infrastructure to the country. Le Monde revealed in 2018 that data being stored in the African Union’s headquarters were being secretly sent to China every night because it was a beneficiary of China’s aid scheme. There are many similar projects in Europe – for example, in the name of helping Germany’s Gelsenkirchen to build a «smart city», Huawei consequently has access to a lot of related data. ByteDance has been accused of allowing Beijing to access the data of Hong Kong civil rights activists and protesters. The BBC recently revealed that TikTok was monitoring a personal account created by Financial Times reporter Cristina Criddle for her cat. This included tracking the location of her mobile phone without her consent. Following this, The Wall Street Journal reported a story about a departing TikTok employee who claimed the company maintained lists of users viewing gay and lesbian content.

Huawei und ByteDance in Switzerland

People are not vigilant enough about this issue – also in Switzerland. Back in 2019, the Paul Scherrer Institute wanted to introduce Huawei network infrastructure worth 17 million Swiss franc. Sunrise and Swisscom, the two network providers in Switzerland, rely on Huawei to provide them with mobile network equipment, UPC and Salt are also using Huawei components in their networks. Figures published in ByteDance’s advertising resources stated that TikTok had at least 1,72 million users in Switzerland.

The laws in Switzerland cannot provide protection for your personal data despite having one of the most advanced data protection regulations in the world. Under the Federal Data Protection Act (FADP), data transfers to China are perfectly legal as long as the entities use the Standard Contractual Clauses (SCCs) or Binding Corporate Rules to govern the transfer. The two mechanisms allow companies to transfer data to third countries or within a corporate group provided an adequate level of protection can be guaranteed. However, given the PRC’s legal obligations imposed on Chinese firms to hand over data when asked, it is not possible for any Chinese entities to guarantee this protection. It means that it is impossible for the protection guaranteed in the FADP to be implemented.

The Chinese Cyber Security Law and the Personal Information Protection Law requires operators of «critical information infrastructure» to store personal information and important business data within China, to provide «technical support» (Article 23) to security agencies, and to pass national security checks. It allows the Chinese government to have access to personal data that is being collected and transferred. Even though Chinese companies can claim that it will be addressing the problem by storing user data within the EEA region, the physical location of where data is stored does not stop the data being accessed by the Chinese government in most cases. The concern remains that user data will still end up in China because of TikTok and ByteDance’s legal obligations under the Chinese Cyber Security Law.

Data transfer investigations

The revelations of China’s all-encompassing surveillance network, its attempts to extend its long arm to other jurisdictions, and the lack of tools to address these threats, should serve as a stark wake-up call for Switzerland and other liberty-loving nations. As we witness the erosion of privacy and the potential threats to personal freedoms, it is imperative for us to take proactive measures to safeguard our data and protect our fundamental rights.

One crucial step Switzerland can take is to empower its data protection authorities to launch investigations into data transfers from Chinese companies to China. Investigations on whether or not data being transferred to China is afforded the necessary level of protection are crucial. If China is proven to be unable to comply with the standards set by FADP, the data protection authorities should bar any data transfer to China. By closely scrutinising the practices of these companies, we can assess whether adequate protection measures are in place to safeguard the privacy of Swiss citizens and residents. Should these investigations reveal any lapses in data protection or the potential for misuse, immediate action, such as suspending data transfers, should be considered.

Initiating such investigations and taking necessary action will send a strong message to Chinese companies and the international community that Switzerland takes data privacy seriously and stands firm in defending its citizens› rights. Additionally, this will serve as a precedent for other nations to follow suit in countering Chinese surveillance and protecting their own sovereignty.

«As a nation that cherishes its democratic values and individual liberties, Switzerland must take proactive steps to address the ever-growing threat of Chinese surveillance.»

As a nation that cherishes its democratic values and individual liberties, Switzerland must take proactive steps to address the ever-growing threat of Chinese surveillance. By starting with comprehensive investigations into data transfers, as the UK and the Netherlands have, we can pave the way towards a safer and more secure digital landscape, where privacy rights are respected and protected, and the ideals of freedom and autonomy continue to flourish.