Recent high-profile data breaches, such as those involving the Office of Personnel Management, airline passenger records, and hotel guest information, have demonstrated how vulnerable public and private networks are to espionage and theft. What is less evident is how a foreign opponent or competitor may target material that is not immediately important in terms of national security or espionage.
Data on public moods, such as that used by advertisers to gauge consumer preferences, has now become as strategically useful as data on conventional military targets. The capacity to identify and preserve crucial data will become an increasingly complicated and important national security endeavor as the definition of what is strategically valuable blurs.
This is especially true in the case of nation-state entities such as China, which desires access to critical data in order to construct a toolbox to counter its opponents. MI6 head Richard Moore outlined the threat posed by China’s “data trap” last month: “Allowing another country access to truly vital data about your society will weaken your sovereignty over time, and you will no longer have control over that data,” Moore claimed. In addition, most countries are only now seeing the danger.
In testimony to Congress last month, I emphasized that in order to preserve democracy now, we need better understand how foreign enemies, particularly China, gather and exploit certain datasets. Moreover, if we are going to adequately safeguard strategic data in the future (and identify and prioritize which datasets should be protected), we will have to think outside the box about how enemies can utilize it.
The use of technology by the Chinese government to strengthen its authoritarian control has gotten a lot of attention in recent years. This debate has focused on the targeting of Uyghurs in Xinjiang, which has been supported by invasive and highly coercive monitoring technologies. Therefore, unsurprisingly, when most people consider the dangers of China’s “tech authoritarianism” spreading across the world, they also consider the dangers of invasive monitoring spreading around the world.
However, because of the nature of the digital and data-driven technologies in question, the true problem is significantly more serious and difficult to discover. Big data gathering is already used by the Chinese party-state apparatus to support its attempts to define, manage, and control its worldwide operational environment. It recognizes that data that appears inconsequential on its own may be strategic when combined. Advertisers may utilize public opinion data to offer us products we did not realize we needed. On the other side, an antagonistic actor may utilize this information to fuel propaganda activities aimed at undermining democratic dialogue on digital platforms.
The United States and other countries have rightly focused on the threat of malicious cyber intrusions — such as the aforementioned OPM, Marriott, and United Airlines incidents attributed to China-based actors — but data access does not have to come from a malicious intrusion or a change in the digital supply chain. It just takes an enemy like the Chinese government to take advantage of typical and legal commercial partnerships that lead to data exchange down the line.
These channels are already taking shape, as seen by measures such as China’s newly implemented Data Security Law and other state security policies. China is attempting to safeguard its access to domestic and global datasets in a variety of ways, including developing legislative frameworks for data access. Another option is to purchase the market. In a recent analysis, my co-authors and I discovered that, compared to other nations, China had the largest number of patent applications submitted, but not a correspondingly high impact factor.
