In an impassioned speech at the White House’s February 2015 cybersecurity summit, Apple’s chief executive Tim Cook argued that in a world where “too many people do not feel free to practice their religion or express their opinion or love who they chose,” privacy can “make a difference between life and death.” In the two years since Edward Snowden’s first revelations about the National Security Agency’s surveillance excesses, Silicon Valley companies such as Apple, Google, Facebook, Microsoft and Cisco have used their influence in meetings with President Obama and concerted lobbying efforts to rein in mass surveillance in the United States.
To date, these efforts have found Silicon Valley allied with its users. But with companies under mounting pressure in places like Russia and China to aid abusive government surveillance, the industry must decide whether to stand up for their most vulnerable users—those in countries where peaceful dissent can lead to serious reprisals—even if that may affect its business opportunities.
This month’s state visit by Chinese President Xi Jinping is a major test. Xi’s visit opened with US tech executives in Seattle. Chinese officials like Internet czar Lu Wei will also join companies at the US-China Internet Industry Forum, an annual meeting organized by Microsoft and the Internet Society of China. Media reports indicate that executives from Apple, Facebook, Google, Uber and Cisco are invited.
These meetings come at a time when China is considering a raft of new laws—ostensibly about security and counter-terrorism—that would expand digital surveillance and censorship. These draft laws would force Internet companies to store user data locally, making it more accessible to the government. Companies may also be pressed to turn over encryption keys, submit to security audits, and install “backdoors” in their software to enable surveillance. The laws would also expand requirements for the private sector to censor speech and register real names, chilling online expression. Beijing already began this summer by pressuring tech companies to sign a “voluntary” pledge that their products are “secure and controllable”—code words for the same ends.
Until now, Chinese netizens have made remarkable use of the modicum of free space available on the Internet to hold officials to account, publicize injustices, share information and mobilize public opinion. That is why the Chinese government is now so determined to restrict these conversations. The restrictions are consistent with President Xi’s intense crackdown on activism and independent civil society on a scale unseen for a decade. The Chinese government is without peer in the number of journalists and bloggers it jails, with at least 44 known cases in 2014. Xi has said he considers control of the Internet a matter of “life and death” for the Party. Now he wants to enlist the private sector in this surveillance and censorship.
Many US Internet companies have lobbied against China’s new security rules, but Apple has already acquiesced to demands that it store Chinese iPhone user data in China and permit undefined security inspections of its products. Similarly, media reports indicate that Google is seeking to introduce a government-approved Chinese version of its Google Play Android mobile app store, which may also entail storing user data locally.
This is a dangerous path. Once companies store user data in China, they will inevitably be asked to give security officials data on Chinese activists. And as more and more data is stored on line, one can imagine the requests for it only multiplying. Yahoo learned the consequences of such demands when it provided email account information to authorities in 2005, leading to the ten-year imprisonment of Chinese journalist and democracy advocate Shi Tao. Tempting as China’s vast market is, Internet companies should never accept such complicity in China’s repression as the price of admission.
It’s not only China that is at stake. If tech companies succumb to Beijing’s demands, other governments will note the precedent and seek similar concessions. The trust of American and global consumers that tech companies have worked so hard to regain in the post-Snowden world will be further undermined.
Instead, US technology companies should be using every lever they have to resist China’s quest for a controlled Internet. Beginning at their meetings this month with President Xi, Lu Wei, and other officials, they should publicly insist on the importance of privacy, oppose the draft cybersecurity and counter-terrorism laws and refuse to comply with any similar informal demands. So that it’s not only the Chinese-market aspirants standing on principle, those already operating in China should also renegotiate terms of market access to maximize the privacy and security afforded their Chinese users.
As Tim Cook himself urged in his speech at the White House summit, “If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life.”
Chinese users deserve no less from Silicon Valley than American users do.