Hello, and happy Thursday! On this date in 1961, astronaut Alan B. Shepard Jr. made a 15-minute suborbital flight, becoming America’s first space traveler. And now, 61 years later, a civilian company will be returning three astronauts to Earth tomorrow.
Today’s newsletter has two related stories. The first discusses a possible ramping up of U.S. sanctions against a Chinese surveillance company and the second explains how Iran is following the Chinese model of internet surveillance. Taken together, these stories try to explain why aggressive action is critical if Washington wants to blunt Beijing’s development and export of techno-totalitarianism. I hope it’s helpful.
Biden Administration Zooming In on Hikvision
The Biden administration is considering adding China’s Hangzhou Hikvision Digital Technology Co. to the U.S. Specially Designated Nationals (SDN) and Blocked Persons List, according to multiple news sources. The company specializes in surveillance technologies and is being targeted for supporting massive human rights violations against ethnic and religious minorities in China. A final decision on the sanctions isn’t expected until next month, but Bloomberg reports the company’s stock has already dropped 10 percent.
Hikvision was blocked from operating in the United States in 2019, and the Biden administration issued an executive order last year prohibiting American investments in the company. If added to the SDN, so-called “secondary sanctions” could punish anyone around the world who continues to do business with the company. This would be an unprecedented action against a large Chinese technology company.
Hikvision is the world’s largest maker of surveillance equipment, and its cameras and other offerings are deeply embedded across Asia and Europe—crippling this company will have broad and expensive implications for many of America’s friends. So, if the company is already banned from the United States and cannot receive American investment, why take this action and risk further tensions with China and our partners and allies?
Here’s what I’m thinking.
While the company’s support to the Chinese Communist Party (CCP) in oppressing Uyghurs in China’s Xinjiang region is the notional justification for these sanctions, Hikvision’s monitoring services are at the core of China’s broader surveillance society, and it is one of the nation’s artificial intelligence champions. Hikvision began as a Chinese state entity and its largest shareholder is the Chinese Electronics Technology Group (CETC), a state-owned military conglomerate. Using Hikvision technology, the CETC has deployed military-style surveillance and command networks across China that include a facial recognition system capable of automatically identifying, ethnically profiling, and tracking almost every person who walks in front of one of these cameras. “Our goal,” said CETC’s chair in 2017, “is to lead the development of China’s electronics industry and build the cornerstone of national security.”
It makes perfect sense, then, for the United States to place Hikvision on the SDN list. This company’s technologies and practices are a clear threat to American national security and are the beating heart of China’s system of human rights violations and oppression. Crippling Hikvision, over the long term, could seriously hamper Beijing’s ability to monitor its people domestically and to spy overseas.
Adding secondary sanctions is also the quickest way to get our partners and allies onboard. Hikvision cameras are deployed across London and the United Kingdom’s 20 next-largest cities. As of 2020, the company was thought to have 38 percent of the global surveillance market and many of our friends are likely to drag their feet when it comes to removing Hikvision products because of the undeniably high costs of ripping and replacing this tech. The best choice, then, is to make not removing these products even more expensive. Call it “tough love.”
Finally, while the United States eventually found religion on Hikvision, we got there late and we’re making the same mistake with other Chinese companies. Before being banned, Hikvision had 12 percent of the North American market with more than 750,000 devices in cities like New York, Los Angeles, Philadelphia, Memphis, Tennessee, and Lawrence, Massachusetts. The company was even supplying cameras to Peterson Air Force Base, in Colorado and to the U.S. Embassies in Kabul, Afghanistan, and Kyiv, Ukraine. But what about DJI drones and Tuya “internet of things” (IoT) devices?
China’s DJI drones are little more than flying Hikvision cameras and are regularly used by the CCP to spy on Uyghurs, and yet they’re still the No. 1 selling drone in the United States and are even being used by state and federal law enforcement. Similarly, internet-connected devices made and managed by Tuya, a Chinese company backed by Beijing-government crony Tencent, are proliferating in the United States and across the world. Tuya’s hardware, software, and cloud services power more than 100 million “smart” devices in 1,100 product categories in 220 countries—including consumer products, surveillance equipment, and manufacturing and supply chain applications. In fact, more than 600 of the world’s leading brands use the company to power their own IoT devices sold at Walmart, Nordstrom, Amazon, Target, and elsewhere.
A recent investigation by cybersecurity firm Dark Cubed found that Tuya-powered devices “had at least one network connection to servers based in China … failed basic security checks … provided complete visibility into private images to anyone in the network … [and] are woefully insecure and sending data to China.” In other words, Tuya may well be funneling the information picked up on home security cameras and connected health devices—just to name two examples—back to Beijing. You can see this article for more.
Considering all of this, I hope the Biden administration doesn’t blink and they will deserve a great deal of credit if they follow through on adding Hikvision to the SDN. They should take similar actions against other Chinese technology companies. As disruptive as such actions can be, China’s actions can no longer be ignored, and American policy must address the very real security concerns and market distortions they create.
Iran Wants to Go Full China
Iran is poised to pass the “Cyberspace Users’ Rights Protection Bill,” an Orwellian piece of legislation that will formalize Tehran’s total control over the country’s internet. The bill’s ostensible purpose is to protect Iranians from hostile outside influences in times of political unrest by—among other things—giving the government permission to cut off users from popular Western internet services like Facebook, Google search and services, Instagram, Telegram, Twitter, and WhatsApp. The law also requires these companies to establish offices in Iran and to register with regulators. Failure to comply will result in a company no longer being allowed to operate in Iran. Finally, the bill grants the government expanded online surveillance powers and criminalizes the production, sale, and distribution of virtual private networks (VPNs), which many Iranians use to circumvent government censors.
Iran comes second only to China when it comes to a lack of internet freedom, according to the latest Freedom on the Net report. So why, you may ask, is Iran passing these changes? I can think of three key reasons.
First, Tehran is closing a collection gap. As of January, mobile connections in Iran equaled 140 percent of the total population, with more than 47 million active social media users (about half of the total population)—the vast majority of whom use their phones to access social media. While Iranian surveillance is far-reaching, the government likely struggles to spy on mobile phone-based social media apps so long as users have access to VPNs and the companies themselves are operating beyond the nation’s borders. This law addresses these limitations and would provide essential insights for a regime terrified of its population using online services to foster and to organize rebellion.
Relatedly, second, Tehran wants to control the internet companies. By forcing tech companies to establish offices in Iran and to register with the government, the mullahs gain data access and political leverage. Once a company has an office in Iran, authorities can use Iranian law to compel the collection, retention, and sharing of user data and other information. That’s why the government is formalizing the authorities it already practically exercises—to lay the groundwork for such legal action. The requirement for physical offices in Iran is also aimed at giving the government physical access to these companies’ Iranian systems and the ability to coerce them by threatening legal or other actions against their employees.
Finally, third, Iran wants what China has. Information is power and autocratic regimes aren’t big on sharing power. That’s why Beijing has erected its Great Firewall—a collection of technologies and laws that regulate China’s internet, strictly censors all online content, and checks the digital activities of nearly 1 billion people. This techno-totalitarianism is at the heart of a new form of governance the CCP is pioneering; one where technology enables economic strength and regime stability. Even more, Xi Jinping and his cronies are more than happy to export this model to other would-be digital authoritarians by building the necessary networking and surveillance infrastructure while even supplying the predatory loans needed for deployment. And that’s just what’s happening in Iran.
Tehran and Beijing are negotiating a 25-year agreement where China will help Iran to build its own “national internet system.” This new system will be separate from the World Wide Web and will include only content expressly approved by the government. An unverified draft of the agreement also says the two nations “will expand and strengthen their scientific, technical, legal, and economic cooperation in different areas of cyberspace.” The goal, apparently, would be to systematically transition Iranian users off the global internet and onto the new national internet (what I’d call a “filternet”) as it comes online.
Ok so what does all this mean? It means the splinternet is here and will likely grow over the medium- to long-term.
Many have thought about the internet as a borderless, transnational environment where information runs free and where individuals can go anywhere and do anything in digital space. But, having been sufficiently alarmed by how the early internet undermined state sovereignty by allowing citizens to (gasp!) explore and learn outside of government-controlled channels, authoritarian leaders have remembered that the internet exists on servers and that these servers are placed within borders that governments control. Now measures like those discussed above are being implemented and will eventually result in a splintering of the internet—with parts of cyberspace separating from one another and being governed by different norms and rules. Sure, democratic and a smattering of other nations will use a generally free and open internet, but there will be plenty of other governments that will gladly adopt the Chinese model in hopes of gaining the wealth and security Beijing says it can supply. I have serious doubts about how well this will work, but very few doubts that it will earnestly be tried.
It also means tech companies will face a shrinking global marketplace. Those owned and operating in techno-totalitarian states (like Hikvision discussed above) will not be allowed in the free digital world because of their legal obligations to steal and to share data with bad guy governments, and most tech companies in the free world will be unwilling to acquiesce to authoritarian demands. Even if they were open to these requirements, the United States is already considering laws that would prohibit or punish such acquiescence. Companies are going to have to choose a flag.
In the final analysis, Iran won’t be unique in its desire to copy China’s techno-totalitarianism, it’s just an early adopter and an example of what’s to come.
That’s it for this edition of The Current. Be sure to comment on this post and to share this newsletter with your family, friends, and followers. You can also follow me on Twitter (@KlonKitchen). Thanks for taking the time and I’ll see you next week!
Please note that we at The Dispatch hold ourselves, our work, and our commenters to a higher standard than other places on the internet. We welcome comments that foster genuine debate or discussion—including comments critical of us or our work—but responses that include ad hominem attacks on fellow Dispatch members or are intended to stoke fear and anger may be moderated.
You are currently using a limited time guest pass and do not have access to commenting. Consider subscribing to join the conversation.
With your membership, you only have the ability to comment on The Morning Dispatch articles. Consider upgrading to join the conversation everywhere.