Link

The Lawfare Dimension of Asymetrical Conflict

The past week has seen a logjam begin to clear in Canadian-Chinese-American international relations. After agreeing to the underlying facts associated with her (and Huawei’s) violation of American sanctions that have been placed on Iran, Meng Wanzhou was permitted to return to China after having been detained in Canada for several years. Simultaneously, two Canadian nationals who had been charged with national security crimes were themselves permitted to return to Canada on health-related grounds. The backstory is that these Canadians were seized shortly following the detainment of Huawei’s CFO, with the Chinese government repeatedly making clear that the Canadians were being held hostage and would only be released when the CFO was repatriated to China.

A huge amount of writing has taken place following the swap. But what I’ve found to be particular interesting in terms of offering a novel contribution to the discussions was an article by Julian Ku in Lawfare. In his article, “China’s Successful Foray Into Asymmetric Lawfare,” Ku argues that:

Although Canadians are relieved that their countrymen have returned home, the Chinese government’s use of its own weak legal system to carry out “hostage diplomacy,” combined with Meng’s exploitation of the procedural protections of the strong and independent Canadian and U.S. legal systems, may herald a new “asymmetric lawfare” strategy to counter the U.S. This strategy may prove an effective counter to the U.S. government’s efforts to use its own legal system to enforce economic sanctions, root out Chinese espionage, indict Chinese hackers, or otherwise counter the more assertive and threatening Chinese government.

I remain uncertain that this baseline premise, which undergirds the rest of his argument, holds true. In particular, his angle of analysis seems to set to the side, or not fully engage with, the following:

  1. China’s hostage taking has further weakened the trust that foreign companies will have in the Chinese government. They must now acknowledge, and build into their risk models, the possibility that their executives or employees could be seized should the Chinese government get into a diplomatic, political, or economic dispute with the country from which they operate.
  2. China’s blatant hostage taking impairs its world standing and has led to significant parts of the world shifting their attitudes towards the Chinese government. The results of these shifts are yet to be fully seen, but to date there have been doubts about entering into trade agreements with China, an increased solidarity amongst middle powers to resist what is seen as bad behaviour by China, and a push away from China and into the embrace of liberal democratic governments. This last point, in particular, runs counter to China’s long-term efforts to showcase its own style of governance as a genuine alternative to American and European models of democracy.
  3. Despite what has been written, I think that relying on hostage diplomacy associated with its weak rule of law showcases China’s comparatively weak hand. Relying on low rule of law to undertake lawfare endangers its international strategic interests, which rely on building international markets and being treated as a respectable and reputable partner on the world stage. Resorting to kidnapping impairs the government’s ability to demonstrate compliance with international agreements and fora so as to build out its international policies.

Of course, none of the above discounts the fact that the Chinese government did, in fact, exploit this ‘law asymmetry’ between its laws and those of high rule of law countries. And the Canadian government did act under duress as a result of their nationals having been taken hostage, including becoming a quiet advocate for Chinese interests insofar as Canadian diplomats sought a way for the US government to reach a compromise with Huawei/Meng so that Canada’s nationals could be returned home. And certainly the focus on relying on high rule of law systems can delay investigations into espionage or other illicit foreign activities and operations that are launched by the Chinese government. Nevertheless, neither the Canadian or American legal systems actually buckled under the foreign and domestic pressure to set aside the rule of law in favour of quick political ‘fixes.’

While there will almost certainly be many years of critique in Canada and the United States about how this whole affair was managed the fact will remain that both countries demonstrated that their justice systems would remain independent from the political matters of the day. And they did so despite tremendous pressure: from Trump, during his time as the president, and despite the Canadian government being subjected to considerable pressure campaigns by numerous former government officials who were supportive, for one reason or another, of the Chinese government’s position to return Huawei’s CFO.

While it remains to be written what the actual, ultimate, effect of this swap of Huawei’s CFO for two inappropriately detained Canadians will be, some lasting legacies may include diminished political capital for the Chinese government while, at the same time, a reinforcing of the trust that can be put in the American and Canadian (and, by extension, Western democratic) systems of justice. Should these legacies hold then China’s gambit will almost certainly prove to have backfired.

Link

Operation Fox Hunt

(Photo by Erik Mclean on Pexels.com)

ProPublica’s Sebastian Rotella and Kirsten Berg have an outstanding piece on the Chinese government’s efforts to compel individuals to return to China to face often trumped up charges. Efforts include secretly sending Chinese officials into the United States to surveil, harass, intimidate, and stalk residents of the United States, and also imprisoning or otherwise threatening residents’ family member who have remained in China.

Many of the details in the article are the result of court records, interviews, and assessments of Chinese media. It remains to be seen whether Chinese agents’ abilities to conduct ‘fox hunts’ will be impeded now that the US government is more aware of these operations. Given the attention and suspicion now cast towards citizens of China, however, there is also a risk that FBI agents may become overzealous in their investigations to the detriment of law-abiding Chinese-Americans or visitors from China.

In an ideal world there would be equivalent analyses or publications on the extent to which these operations are also undertaken in Canada. To date, however, there is no equivalent to ProPublica’s piece in the Canadian media landscape and given the Canadian media’s contraction we can’t realistically expect anything, anytime soon. However, even a short piece which assessed whether individuals from China who’ve run operations in the United States, and who are now barred from entering the US or would face charges upon crossing the US border, are similarly barred or under an extradition order in Canada would be a positive addition to what we know of how the Canadian government is responding to these kinds of Chinese operations.

Link

Alarmist Takes On Chinese Influence Operations Must Be Set Aside

Lotus Ruan and Gabrielle Lim have a terrific piece in Just Security ‌which strongly makes the case that, “fears of Chinese disinformation are often exaggerated by overblown assessments of the effects of China’s propaganda campaigns and casually drawn attributions.”

The two make clear that there are serious issues with how some Western policy analysts and politicians are suggesting that their governments respond to foreign influence operations that are associated with Chinese public and private parties. To begin, the very efficacy of influence operations remains mired in questions. While this is an area that is seeing more research of late, academics and policy analysts alike cannot assert with significant accuracy whether foreign influence operations have any real impact on domestic opinions or feelings. This should call for conservatism in the policies which are advanced but, instead, we often see calls for Western nations to adopt the internet ‘sovereignty’ positions championed by Russia and China themselves. These analysts and politicians are, in other words, asserting that they only way to be safe from China (and Russia) is to adopt those countries’ own policies.

Even were such (bad) policies adopted, it’s unclear that they would resolve the worst challenges facing countries such as the United States today. Anti-vaxxers, pro-coup supporters, and Big Lie advocates have all been affected by domestic influence operations that were (and are) championed by legitimately elected politicians, celebrities, and major media personalities. Building a sovereign internet ecosystem will do nothing to protect from the threats that are inside the continental United States and which are clearly having a deleterious effect on American society.

What I think I most appreciated in the piece by Ruan and Lim is that they frankly and directly called out many of the so-called solutions to disinformation and influence operations as racist. As just one example, there are those who call for ‘clean’ technologies that juxtapose Western against non-Western technologies. These kinds of arguments often directly perpetuate racist policies; they will not only do nothing to mitigate the spread of misinformation but will simultaneously cast suspicion and violence towards non-Caucasian members of society. Such proposals must be resisted and the authors are to be congratulated for directly and forcefully calling out the policies for what they are instead of carefully critiquing the proposals without actually calling them as racist as they are.

Two Thoughts on China’s Draft Privacy Law

Alexa Lee, Samm Sacks, Rogier Creemers, Mingli Shi, and Graham Webster have collectively written a helpful summary of the new Chinese Data Privacy Law over at Stanford’s DigiChina.

There were a pair of features that most jump out to me.

First, that the proposed legislation will compel Chinese companies “to police the personal data practices across their platforms” as part of Article 57. As noted by the team at Stanford,

“the three responsibilities identified for big platform companies here resonate with the “gatekeeper” concept for online intermediaries in Europe, and a requirement for public social responsibility reports echoes the DMA/DSA mandate to provide access to platform data by academic researchers and others. The new groups could also be compared with Facebook’s nominally independent Oversight Board, which the company established to review content moderation decisions.”

I’ll be particularly curious to see the kinds of transparency reporting that emerges out of these companies. I doubt the reports will parallel those in the West, which tend to focus on the processes and number of disclosures from private companies to government and, instead, the Chinese companies’ reports will focus on how companies are being ‘socially responsible’ with how they collect, process, and disclose data to other Chinese businesses. Still, if we see this more consumer-focused approach it will demonstrate yet another transparency report tradition that will be useful to assess in academic and public policy writing.

Second, the Stanford team notes that,

“new drafts of both the PIPL and the DSL added language toughening requirements for Chinese government approval before data holders in China cooperate with foreign judicial or law enforcement requests for data, making failure to gain permission a clear violation punishable by financial penalties up to 1 million RMB.”

While not surprising, this kind of restriction will continue to raise data sovereignty borders around personal information held in China. The effect? Western states will still need to push for Mutual Legal Assistant Treaty (MLAT) reform to successfully extract information from Chinese companies (and, perhaps in all likelihood, fail to conclude these reforms).1

It’s perhaps noteworthy that while China is moving to build up walls there is a simultaneous attempt by the Council of Europe to address issues of law enforcement access to information held by cloud providers (amongst other things). The United States passed the CLOUD Act in 2018 to begin to try and alleviate the issue of states gaining access to information held by cloud providers operating in foreign jurisdictions (though did not address human rights concerns which were mitigated through traditional MLAT processes). Based on the proposed Chinese law, it’s unlikely that the CLOUD Act will gain substantial traction with the Chinese government, though admittedly this wasn’t the aim of the CLOUD Act or an expected outcome of its passage.

Nevertheless, as competing legal frameworks are established that place the West on one side, and China and Russia on the other, the effect will be further entrenching the legal cultures of the Internet between different economic and political (and security) regimes. At the same time, data will be easily stored anywhere in the world including out of reach of relevant law enforcement agencies by criminal actors that routinely behave with technical and legal savvy.

Ultimately, the raising of regional and national digital borders is a topic to watch, both to keep an eye on what the forthcoming legal regimes will look like and, also, to assess the extents to which we see languages of ‘strong sovereignty’ or nationalism creep functionally into legislation around the world.


  1. For more on MLAT reform, see these pieces from Lawfare ↩︎
Link

Links for December 14-18, 2020

Links for December 14-18, 2020

  • The coming war on the hidden algorithms that trap people in poverty || “A family member lost work because of the pandemic and was denied unemployment benefits because of an automated system failure. The family then fell behind on rent payments, which led their landlord to sue them for eviction. While the eviction won’t be legal because of the CDC’s moratorium, the lawsuit will still be logged in public records. Those records could then feed into tenant-screening algorithms, which could make it harder for the family to find stable housing in the future. Their failure to pay rent and utilities could also be a ding on their credit score, which once again has repercussions.” // The harms done by automated decision making are deeply under appreciated, and routinely harm those whom society has set aside as ‘appropriate’ test subjects for these inequitable technologies. It’s abhorrent, unethical, and unjust.
  • Understanding 5g, and why it’s the future (not present) for mobile communications – tidbits // This is the most accessible, and helpful, primer for 5G that I think I’ve come across this year.
  • How Russia wins the climate crisis || “…agriculture offers the key to one of the greatest resources of the new climate era — food — and in recent years Russia has already shown a new understanding of how to leverage its increasingly strong hand in agricultural exports. In 2010, when wildfires and drought conspired to ruin Russia’s grain harvests, Putin banned the exporting of wheat in order to protect his own people, then watched as global wheat prices tripled. The world reeled in response. From Pakistan to Indonesia, poverty increased. High prices rocked delicate political balances in Syria, Morocco and Egypt, where about 40 percent of daily caloric intake is from bread. The shortages poured fuel on Arab Spring uprisings, which eventually pushed millions of migrants toward Europe, with destabilizing effect — a bonus for Russian interests. And much of this turmoil began with wheat. As Michael Werz, a senior fellow for climate migration and security at the Center for American Progress, says, “There’s a reason people demonstrated with baguettes in Cairo.”” // Bread will, once more, be a functional weapon of war as climate change devastates currently fertile land and enables authoritarian countries to express their will—and encourage chaos—by withholding the nutrients required for life itself. One can only hope that countervailing democracies in the Nordic nations and Canada can acts as sufficient counterbalances to withstand potential Russian malfeasance.
  • The outbreak that invented intensive care || “Comparisons are being made to the 1918 influenza pandemic — eerily, just over a century ago — which had a mortality that might turn out similar. But that outbreak occurred without a ventilator in sight. Is this new disease, in fact, more deadly? Thanks to what my predecessors learnt in Copenhagen almost 70 years ago, we can, in some parts of the world, offset the havoc of COVID-19 with mechanical ventilation and sophisticated intensive care that was not available in 1918. But it is as COVID-19 continues to spread in areas that do not have ICU beds — or not nearly enough of them — that we will, sadly, learn the true natural course of this new virus.” // It’s incredible that, until 1952, we didn’t have modern ventilators, and worrying that the ‘true’ mortality of the current pandemic may only be apparent after studies are conducted of countries where contemporary medical technologies are often unavailable.
  • How infectious disease defined the American bathroom || “When architects designed homes in the wake of the 1918 flu pandemic and World War I, they typically took one of two approaches to the recent traumas. The first was to start at the ground-up and rethink everything, like Modernists and the Bauhaus did in the 1920s. The second — and far more common — tactic was to try to forget about the trauma and make ourselves comfortable, which bolstered the popularity of Art Deco design, according to Dianne Pierce, adjunct professorial lecturer in decorative arts and design history at the George Washington University.” // The links between human perceptions of health and safety, and the design and configuration of where we live, are fascinating. The extent(s) to which there will be substantial changes in how we build out homes and living areas will similarly be curious: will design change as a result of the current pandemic or, instead, will we see an active effort to not change or to ignore the events of the past (and coming) year?
Link

Russia, China, the USA and the Geopolitical and National Security Implications of Climate Change

Lustgarden, writing for the New York Times, has probably the best piece on the national security and geopolitical implications of climate change that I’ve recently come across. The assessment for the USA is not good:

… in the long term, agriculture presents perhaps the most significant illustration of how a warming world might erode America’s position. Right now the U.S. agricultural industry serves as a significant, if low-key, instrument of leverage in America’s own foreign affairs. The U.S. provides roughly a third of soy traded globally, nearly 40 percent of corn and 13 percent of wheat. By recent count, American staple crops are shipped to 174 countries, and democratic influence and power comes with them, all by design. And yet climate data analyzed for this project suggest that the U.S. farming industry is in danger. Crop yields from Texas north to Nebraska could fall by up to 90 percent by as soon as 2040 as the ideal growing region slips toward the Dakotas and the Canadian border. And unlike in Russia or Canada, that border hinders the U.S.’s ability to shift north along with the optimal conditions.

Now, the advantages faced by Canada might be eroded by a militant America, and those of Russia similarly threatened by a belligerent and desperate China (and desperate Southeast Asia more generally). Regardless, food and arable land are generally likely to determine which countries take the longest to most suffer from climate change. Though, in the end, it’s almost a forgone conclusion that we are all ultimately going to suffer horribly for the errors of our ways.

Link

Links for December 7-11, 2020

Links for December 7-11, 2020

  • Frustrating the state: Surveillance, public health, and the role of civil society || “…surveillance in times of crisis poses another threat. By granting states unfettered power through emergency orders, data collected through digital surveillance could be shared across agencies and used for purposes beyond the original intention of fighting COVID-19. In states where democratic backsliding has been underway, surveillance could be used to deter dissent and silence government critics. According to Verisk Maplecroft, a risk consultancy firm, Asia is now the highest risk region in both their “Right to Privacy” and “Freedom of Opinion and Expression” indices as “strongmen” in Asia capitalize on the pandemic.” // Surveillance is, almost by its nature, inequitable and the potential harms linked with pandemic surveillance are neither novel nor unforeseeable.
  • Rebecca Solnit: On not meeting nazis halfway || “… the truth is not some compromise halfway between the truth and the lie, the fact and the delusion, the scientists and the propagandists. And the ethical is not halfway between white supremacists and human rights activists, rapists and feminists, synagogue massacrists and Jews, xenophobes and immigrants, delusional transphobes and trans people. Who the hell wants unity with Nazis until and unless they stop being Nazis?”
  • Instagram’s latest middle finger || “…Instagram is now nearly completely unrecognizable from the app that I fell in love with. The feed of images is still key, but with posting now shoved into a corner, how long until that feed becomes a secondary part of the service?” // Cannot agree more.
  • The Epicenter // The storytelling for this piece on the experiences of the Covid-19 outbreak is poorer areas of New York by the NYT is simultaneously beautiful and heartbreaking.
  • Poor security at online proctoring company may have put student data at risk || “Kumar, CEO of Proctortrack’s parent company Verificient, says students have “valid concerns” and that he sympathizes with their discomfort. Proctoring software is “intrusive by nature” he says, but “if there’s no proctoring solution, institutions will have to totally change how they provide exams. Often you can’t do that given the time and limitations we have.”” // Justifying producing a gross product on the basis that if you didn’t other organizations would have to behave more ethically is a very curious, and weird, way of defending your company’s very existence.
  • China rethinking its role || “China’s use of war memory to shape its international position has been much less effective overseas than it has at home. However, the significance of its efforts is real, and may become more effective over time. China wants to create a global narrative around itself which shares a common understanding of the modern world – the idea that 1945 is the beginning of the current order – but places China at the heart of the creation and management of that order. The narrative had more power during an era when the US, anomalously, had a leader who cared little for the order shaped by America in Asia since 1945. Now that a president with a more long-range view of the role of the United States is about to take office, we may see something different again: two differing versions of what 1945 meant in Asia, as defined by Beijing and Washington – and the competition for moral standing that comes from the embrace of that legacy.” // This is a fascinating recounting of how China is re-interpreting activities undertaken by Nationalist forces during World War Two, today, to justify its efforts to be more assertive in the international order today. Like so much in China, understanding how narratives are built and their domestic and foreign rationales and perceived utility is critical to appreciate the country’s foreign policy ambitions, and those ambitions’ potentials and limitations.
Link

To What Extent is China’s Control of Information a Cyber Weakness?

Lawfare has a good piece on How China’s control of information is a cyber weakness:

“Policymakers need to be aware that successful competition in cyberspace depends on having intrinsic knowledge of the consequences a democratic or authoritarian mode of government has for a country’s cyber defense. Western leaders have for a long time prioritized security of physical infrastructure. This might translate into better cyber defense capabilities, but it leaves those governments open to information operations. At the same time, more authoritarian-leaning countries may have comparative advantages when it comes to defending against information operations but at the cost of perhaps being more vulnerable to cyber network attack and exploitation. Authoritarian governments may tolerate this compromise on security due to their prioritization of surveillance and censorship practices.

I have faith that professionals in the intelligence community have previously assessed this divide between what democracies have developed defences against versus what countries like China have prepared against. Nonetheless this is a helpful summary of the two sides of the coin.

I’m less certain of a subsequent argument made in the same piece:

These diverging emphases on different aspects of cybersecurity by democratic and authoritarian governments are not new. However, Western governments have put too much emphasis on the vulnerability of democracies to information operations, and not enough attention has been dedicated to the vulnerability of authoritarian regimes in their cyber defenses. It is crucial for democratic governments to assess the impact of information controls and regime security considerations in authoritarian-leaning countries for their day-to-day cyber operations.”

I really don’t think that intelligence community members in the West are ignorant of the vulnerabilities that may be present in China or other authoritarian jurisdictions. While the stories in Western media emphasize how effective foreign operators are extracting data from Western companies and organizations, intelligence agencies in the Five Eyes are also deeply invested in penetrating strategically and tactically valuable digital resources abroad. One of the top-line critiques against the Five Eyes is that they have invested heavily on offence over defence, and the article from Lawfare doesn’t really ever take that up. Instead, and inaccurately to my mind, it suggests that cyber defence is something done with a truly serious degree of resourcing in the Five Eyes. I have yet to find someone in the intelligence community that would seriously assert a similar proposition.

One thing that isn’t assessed in the article, and which would have been interesting to see considered, is the extent(s) to which the relative dearth of encryption in China better enables their defenders to identify and terminate exfiltration of data from their networks. Does broader visibility into data networks enhance Chinese defenders’ operations? I have some doubts, but it would be curious to see the arguments for and against that position.

Link

Unintentionally Supporting Bad Policy

A way forward for U.S. Policy on TikTok:

“Hu Xijin, the editor of the Chinese state media outlet the Global Times, weighed in recently on the most recent merger proposal. “The US restructuring of TikTok’s stake and actual control should be used as a model and promoted globally,” remarked Hu on Twitter. “Overseas operation of companies such as Google, Facebook shall all undergo such restructure and be under actual control of local companies for security concerns.”

It’s not exactly a good sign for Chinese state media to tout a U.S. play designed to be “tough on China” as a model for global behavior. The United States may be bumbling its way into a precedent the consequences of which it has yet to anticipate. “

This was exactly the concern that was raised by experts in North America the second after the Trump administration proposed its bumblingly-stupid approach to TikTok. With the American policy in place it’s going to be that much harder for Western companies operating in China to have convincing arguments that they shouldn’t need to partner with Chinese organizations tans engage in manufacturing, technology, or intellectual property disclosures as a condition of doing business in China. And the issue won’t end in China: American (and other countries’) businesses are almost certain to have (now) US-framed arguments thrown at them when operating all around the world whenever there is even a marginal ‘national security’ concern linked to the foreign company’s operations.

Link

Links for November 2-6, 2020

  • An (app-agnostic) iOS shortcut for link-blogging. // I’ve been trying this and, on the whole, I’m pretty happy with it so far. It took me a bit to realize that I had to copy text I wanted to automatically include in the text from the article the shortcut can paste, but beyond that has been working really well!
  • Woman ordered to stop smoking at home in ontario ruling. “If you smoke and you live in a condominium in Ontario, a little-noticed ruling may have stubbed out your ability to light up inside your own home. At the very least, it has given new legal heft to a condominium corporation’s ability to ban all smoking indoors if it so chooses … In what is seen as a first in Ontario, Justice Jana Steele ruled in the Ontario Superior Court of Justice on Oct. 15 against Ms. Linhart and ordered her to stop smoking in her own home.” // Not going to lie: as someone who lives in a shared building this is pretty exciting news, though also reveals just how much power condo rules have over how individuals can enjoy the space they rent or own.
  • To report on tech, journalists must also learn to report on china. “Two years ago, Sean McDonald, cofounder of Digital Public, and I described a global internet landscape fractured by what we called digitalpolitik, or the political, regulatory, military, and commercial strategies employed by governments to project influence in global markets. Now technology stories are just as much about policy, diplomacy, and power as they are about society, engineering, and business.” // This is definitely one of the most succinct, and well sourced, pieces I’ve come across recently that warns of how China needs to be covered by technology journalists. I would just hasten to affirm that similar warnings should apply to scholars and policy makers as well.
  • Chinese-style censorship is no fix for the covid-19 infodemic. “Rather than creating an efficient information curation model, regulator and company wars against ‘rumours’ and ‘harmful content’ have allowed misinformation and extreme content to thrive on the Chinese internet.”
  • The Huawei war. “Whatever happens to Huawei in the near future, China, Russia and other countries have received the message loud and clear: achieving technological sovereignty is imperative. China had grasped the importance of this even before Trump launched his attack, which only strengthened the sense of urgency. It would be ironic if the ultimate effect of the US’s war on Huawei was a much more technologically advanced and independent China, with a completely different supply chain that included no American companies.” // Definitely one of the better summations of where things are with Huawei as it stands today.