The head of the UK’s intelligence services this week warned of China’s “debt traps and data traps.”
Richard Moore, the MI6 chief, explained the idea as follows:“If you allow another country to gain access to really critical data about your society, over time that will erode your sovereignty, you no longer have control over that data.”
To Samantha Hoffman, a senior analyst at the Australian Strategic Policy Institute who has researched China’s tech-enhanced authoritarianism extensively, the term “data traps” neatly describes the complex set of problems she has long been studying.
“It’s a useful way of encapsulating the problem—which in my view is that we, in democracies, aren’t aware that data is strategically valuable, and what that means,” she said, adding that this is the first time she has come across the phrase “data traps.”
While mainstream discussion of data threats posed by China tend to focus on specific apps (like TikTok and WeChat), suppliers (like Huawei), or behaviors (like surveillance and espionage), Hoffman argues that seemingly innocuous technologies and data can pose significant security risks.
“Data sets, when aggregated, can have incredible value, and when that’s in the hands of a adversarial actor or at least a strategic competitor, then that can be a problem down the line,” she said. Failing to recognize this is in itself a trap.
How Beijing thinks about data
Almost every introductory economics textbook lists out the four factors of production—basic resources used to produce goods and services: land, labor, capital, and entrepreneurship.
To that list of four, Beijing has added a fifth: data, which the State Council and the party’s central committee officially designated as new factor of production in April 2020.
“In the era of agricultural technology, land is the most important factor of production,” while capital was the most important factor of production during the first, second, and third industrial revolutions, argued Chen Wenhui, a trained economist and vice chairman of China’s National Social Security Fund Council, in an essay (link in Chinese) last July. “Now entering the era of artificial intelligence, data is becoming a major factor of production.”
In its 14th Five Year Plan on the big data industry published this week, the Chinese government made clear how important data is to its ambitious economic and geopolitical strategies. Data, the plan declared (link in Chinese), is a “fundamental strategic resource,” and China must make strategic choices “to seize the new opportunity of industrial transformation in the new era.”
China has also taken drastic moves to cement state control over data collected by businesses—both out of fear of critical types of data being used by overseas actors, as shown by the investigation into ride-hailing giant Didi, and to reinforce the party’s grip on the economy by erecting a new legal architecture to ensure sweeping control over this data.
How “data traps” pose digital supply chain risks
Hoffman argues that to date, the governments of liberal democracies have not clearly articulated an understanding of the strategic value of data, even as China has put data at the heart of its economic policies. This can create critical vulnerabilities for the West, because governments decide to use China-made security cameras and drones thinking security risks can be carefully managed, when in fact “it’s very hard to control the digital supply chain,” she said.
Another example, as detailed by Hoffman in a 2019 research report, is a Chinese company called Global Tone Communications Technology Co. Ltd (GTCOM), which bills itself as a “cross-language big data businesss” and has Chinese government links. GTCOM offers services including conference interpreting for governments and major events like the Olympics, machine translation, and image and video analysis, and speech recognition. It also collects bulk data globally in dozens of languages—data that GTCOM then feeds to Chinese state agencies for military intelligence gathering, identifying national security risks, and driving propaganda to shape global discourse. GTCOM didn’t reply to a request for comment.
“Not all methods used to acquire data need to be intrusive, subversive, covert or even illegal—they can be part of normal business data exchanges,” Hoffman said during a US Congressional testimony last month (pdf). “…The data-sharing relationships that bring commercial advantages are also the same ones that could compromise an organization.”
What Moore was getting at with the phrase “data traps,” Hoffman thinks, is that “we need to have an imagination of what the risk is that goes beyond the traditional thinking.”