China's plan to protect the world's data got off to an unfortunate start this week when the Twitter accounts of two of its leading advocates were hacked.
UK Ambassador Liu Xiaoming demanded an inquiry into how his official account came to "like" two videos, one pornographic and the other showing persecution of Uyghur Muslims.
In a similar incident, the account of foreign affairs spokesperson Zhang Lijian followed two adult film stars.
How effective can China's brand new "global data security initiative" (GDSI) be if it cannot protect the data of its own officials?
OK, it's not unusual for Twitter to be hacked. And it is more likely the result of Twitter's own vulnerabilities rather than "anti-China elements," as the ambassador wants us to believe.
Yet it is hard to miss the sense of entitlement of a powerful official, using a platform denied to fellow citizens, insisting on holding the service provider to account. Not even the former US president responded that way after his account was breached.
What we know about GDSI
In the same vein, the global data security initiative also appears to be a contrivance to suit the needs of Beijing officials.
So far, China has shared only vague details, much of it diplomatic boilerplate: "A set of international rules on data security that reflect the will and respect the interests of all countries," according to foreign minister Wang Yi.
Further, states should "respect the sovereignty, jurisdiction and governance of data of other states" and should oppose "the use of data to conduct activities that undermine other states' national security and public interests."
The GDSI is also opposed to "mass surveillance against other states" – presumably in contrast to mass surveillance of a state's own citizens.
In the absence of any specific proposals, let's take a look at how foreign businesses experience data security in China.
In its annual position paper, released Thursday, the EU Chamber of Commerce in China had this to say about the three-year-old Cybersecurity Law:
"The lack of clear and consistent implementing regulations, as well as divergence from common approaches under international standards, has generated a lot of uncertainty within the business community."
The chamber called for Internet security rules that "do not create discriminatory market access barriers" and "create a regulatory environment that is conducive to digital business development."
The paper noted that certain Chinese regulations call for local operation and limits on data flows that disadvantage foreign companies.
"In addition to posing strong operational burdens, these requirements can be turned into essentially market access barriers for international companies in China due to [foreign-invested companies'] high frequency of cross-border data."
China has a long way to go in providing a fair and equitable domestic cybersecurity environment. There's no reason to believe it can do any better on a global scale.
- China draws up its own rules on cyber sovereignty
- Time for some actual rules on China tech trade
- China extends the Great Firewall to Hong Kong
— Robert Clark, contributing editor, special to Light Reading