Emily de La Bruyère
More posts from Emily de La Bruyère
SpaceX has banned use of Zoom for remote operations. So have Google, Apple, NASA, and New York City schools. Earlier this week, the FBI warned about Zoom teleconferences and live classrooms being hacked by trolls; security experts warn that holes in the technology make user data vulnerable to exploitation. Zoom’s CEO, Eric Yuan, has this week publicly admitted that he “messed up” on privacy and security.
But we are missing a larger question as we grapple with these security flaws. Zoom today is a publicly-traded American company listed on NASDAQ, but the company’s mainline app is developed by China-based subsidiaries. Its servers in China also appear to have transmitted the company’s AES-128 encryption keys earlier this year, including, as a Citizen Labs report documents, some keys used for meetings among North American participants (the company posted a response to that report here, noting that a geofencing error due to the heavy traffic from the outbreak of COVID-19 might have led some meetings “under extremely limited circumstances” to be routed through China, and it has corrected the error). Beijing’s intelligence laws obligate Zoom and other companies with nexus in China to share data held on the mainland with Chinese government authorities upon request.
(Editor’s note: Zoom has published a 90-day plan to improve its privacy and security initiatives, and recently hired ex-Facebook CISO Alex Stamos as an outside consultant. The company notes in its privacy policy that it only responds to requests for user data when there is a “valid legal process, including jurisdiction.” In its statement to the Citizen Lab post, the company wrote that “Zoom has layered safeguards, robust cybersecurity protection, and internal controls in place to prevent unauthorized access to data, including by Zoom employees — regardless of how and where the data gets routed.”)
These are precisely the kind of tools that Beijing values. The Chinese Communist Party (CCP) pursues a decades-long grand strategy to develop and capture global networks and platforms – with them to define global standards. Hold over standards promises enduring control of international resources, exchange, and information; a global geopolitical operating system with coercive might. Beijing has officially endorsed this ambition since its 2001 accession to the World Trade Organization, when it launched the National Standardization Strategy.
Now, the CCP is putting that intent into action. Beijing is about to launch China Standards 2035, an industrial plan to write international rules. China Standards 2035 is the successor to Made in China 2025; an even bolder plan for the subsequent decade premised not on governing where global goods are made, but on setting the standards that define production, exchange, and consumption.
Beijing completed two years of planning for China Standards 2035 at the beginning of March. The final strategy document is projected to be issued this year. While the specifics of China Standards 2035 have yet to be published, the intent – and focus areas – are already evident. The National Standardization Committee has released its preliminary report for the year ahead, the “Main Points of National Standardization Work in 2020.”
Our firm, Horizon Advisory, has translated and analyzed that report – and the past two years of planning that informed it. We find in it instructions to “seize the opportunity” that COVID-19 creates by proliferating China’s authoritarian information regime; to co-opt global industry by capturing the industrial Internet of Things; to define the next generation of information technology and biotechnology infrastructures; to export the social credit system – and Beijing’s larger litany of incentive-shaping platforms. We find an explicit global ambition that weaponizes commerce, capital, and cooperation.
As Beijing sees it, the world is on the verge of transformation. “Industry, technology, and innovation are developing rapidly,” explained Dai Hong, Director of the Second Department of Industrial Standards of China’s National Standardization Management Committee in 2018. “Global technical standards are still being formed. This grants China’s industry and standards the opportunity to surpass the world’s.”
Dai was speaking at the inauguration of China Standards 2035’s planning phase. He said that the plan would focus on “integrated circuits, virtual reality, smart health and retirement, 5G key components, the Internet of Things, information technology equipment interconnection, and solar photovoltaics.” Throughout, the emphasis would be on “internationalization” of Chinese standards.
Two years later, China Standards 2035’s initial research results reveal the concrete implications of those buzzwords. China Standards 2035 is to focus on setting standards in emerging industries: high-end equipment manufacturing, unmanned vehicles, additive manufacturing, new materials, the industrial internet, cyber security, new energy, the ecological industry. These align with the focus areas of the Strategic Emerging Industries initiative — also of Made in China 2025. Having secured its foothold in targeted physical spheres, Beijing is ready to define their rules.
DJI has a near monopoly over commercial drone systems. The National Standardization Administration is now intent on “formulating the international standards for ‘Classification of Civil Unmanned Aircraft Systems’ to help the domestic drone industry occupy the technical commanding heights.’”
Second, China Standards 2035 will accelerate Beijing’s proliferation of the virtual systems underlying, and connecting, those industries: the social credit system, the State-controlled National Transportation Logistics Platform (known as LOGINK), and medical and consumer good standards.
The plan’s third prong is internationalization. The Main Points outline the intent to “give full play to the organizational and coordinating roles of the Chinese National Committees of the International Standards Organization (ISO) and International Electrotechnical Commission (IEC).” Reports from the National Standardization Committee explain that giving “full play” means shaping “strategies, policies, and rules.” Beijing is to bolster internationalization through bilateral and regional standards-based partnerships – partnerships like China and Nepal’s standardization cooperation agreement, ASEAN’s standards docking, and nascent efforts with Germany, the United Kingdom, and Canada, among others.
China’s standards plan stems from a clear, deliberate strategic progression. Beijing has spent the past two decades establishing influential footholds in multilateral bodies and targeted industrial areas. Now, it is using those footholds to set their rules – with them, to define the infrastructure of the future world. According to China’s strategic planning, this is what power means in a globalized era: “The strategic game among big powers is no longer limited to market scale competition or that for technological superiority. It is more about competition over system design and rule-making.”
But no one appears to be noticing China’s strategic positioning. Not much pops up when you Google China Standards 2035. That was a serious deficit before COVID-19’s global disaster. The stakes are higher now. Global shutdown has created what the CCP calls an opportunity to accelerate its strategic offensive. Our lock-down induced reliance on virtual connections has offered Beijing an unprecedented angle in.
As we grapple with the COVID-19 disaster, we need also to resist Beijing’s exploitation of it. We need to recognize the role of standards and the manner in which the CCP weaponizes them. We need to compete for alternative, safe, norm-based ones – and protect them from Beijing’s influence. Or we need to get used to security, privacy, ownership, freedom concerns far more serious than trolls at Zoom happy hour.
Update April 12: Added an editor’s note linking to Zoom’s responses to its security flaws. Updated the second paragraph to emphasize the specific challenge around data sovereignty and data flows into and out of China.
Comment