A Cyber Security Façade

The Great Firewall isn’t impenetrable, just burdensome to business

By Bob Fonow

The starting point for any discussion about China’s elaborate Internet regulatory and management infrastructure is to acknowledge that China has legitimate cyber security interests. It’s the only realistic premise for a conversation about the blocked websites, slow Internet speeds and interrupted VPNs that make living and working here difficult.

The Chinese government, like all governments, regards many of the discussions that take place online as dangerous. Cyberspace isn’t always just a neutral platform for the congenial sharing of ideas, or a nice place for cheap Skype calls. Banks and businesses are defrauded, people are stalked and killed, and other complex criminal plans are hatched every day on the Internet. Nations will react to this according to their history – because that’s what they know.

The US, for example, tries to control the negative aspects of the Internet through semi-open discussions, legislation and asking high-tech corporations to limit encryption for the sake of US security interests. But as a Chinese official in Shanghai once said to me, as an American, “You have a good piece of land,” meaning that historically the geography of the US has kept Americans secure. Many countries are less fortunate, including China, which has always had potential enemies on its borders. This fundamental reality of China’s national security unsurprisingly translates into “cyber sovereignty” and tighter controls over information coming in.

But national security can be measured in many ways. In cyber terms, China today is wrestling with a puzzle – how can the country continue to develop as an international power while protecting its security and political system? The puzzle is exemplified by the fact that China’s citizens can’t get on Facebook, but they are permitted to fly off to destinations across the globe to shop, study and meet people. Presumably, during these journeys they can access whatever information they please, download whatever they want, see whomever they like and return un-accosted at the airport to continue life in China. The system isn’t a closed loop. It is still being refined.

AmCham China’s goal in addressing cybersecurity should be to explore what parts of the Internet could be more open than they are, find ways to give its members more space to communicate internationally, and ameliorate the most onerous aspects of policy on business communications. How do we do this?

First, we should try to distinguish between business communications and political or military concerns. A starting point could be to cooperate with China’s multinationals and government agencies focusing on international development to determine where security sensitivities are less concerning, and concentrate negotiation efforts there.

To do this, we should understand China’s cyber bureaucracy, and identify where commerce and politics intersect. All nations have competing commercial and social goals. How well do we know the Chinese government’s decision-making process when it comes to cyber issues?

Second, AmCham China should offer specific ideas for administrative and technical controls to convince senior officials that open international business communications are beneficial to China, not a threat. This may mean a certification regime for foreign companies to assure Chinese authorities that communications, web research and access to external social networking sites are used only for business purposes.

Third, we should deploy the sales and negotiating techniques used in the world’s most successful companies. It mystifies me why we are unable to sell China on projects that would be both good for foreign bussinesses and for China. Is it that we don’t know our customer well enough? Have we been negligent, as any experienced salesperson will understand, in failing to “cover the bases”?