August 11th, 2015

Putting China’s Cyberpolice in Context

By: David Bandurski     Source: China Media Project    Date: 11/8/2015

In our rapidly evolving global news space, content is still king. But I confess at least equal devotion to the sovereign’s hoary (and so often ignored) envoy: context.

As media reported last week, following a Public Security Bureau “work conference” in Beijing, that China would now “embed internet police in tech firms” and priority websites — underscoring yet again the deteriorating information climate under President Xi Jinping — context cowered in the shadows of the court. Everyone, as a result, got the story wrong.

In every report I could find, in either English or Chinese, these so-called “cybersecurity police units,” or wang’an jingwushi (网安警务室), were presented as new and shocking developments.

jingwushi[ABOVE: This image posted in September 2014 to 3603.com shows the websites own cybersecurity police unit along with an introduction to its on-site officer.]

On August 5, the Wall Street Journal reported that China’s government “plans to embed cybersecurity police units at major Internet companies and websites.” TechSpot followed suit by warning that China’s already overbearing internet restrictions were “set to become even more extreme, as the country’s Ministry of Public Security has announced that cybersecurity police will be placed into the offices of major internet companies.”

TechSpot’s source link, which I included in the quote above, was Reuters, which referred to the wang’an jingwushi as “network security offices,” and suggested these were new things the government was “planning to set up.” As in every other report, the context was “tightening control”:

The government published a draft cybersecurity law last month consolidating its control over data, with significant potential consequences for Internet service providers and multinational firms doing business in the country.

Foreign Policy rebuked China’s government in “Sorry China, the Internet You’re Looking for Does Not Exist.”

On Aug. 4, China’s Ministry of Public Security announced that it would embed law enforcement officers at major Internet companies, which appear to include China Mobile, U.S.-listed Alibaba, and Tencent, which owns WeChat, the country’s largest social network. The online press release did not specify a time frame, but emphasized that creating rooms for “web police” in each company’s offices would aid the timely discovery and prevention of evils like terrorism, fraud, the theft of personal information, and, of course, “rumors,” meaning whatever the government decides is a speech crime.

In fact, there is a very good reason why China’s top police official, Chen Zhimin (陈智敏), did not specify a time frame, and context might have supplied the answer had everyone — including the English-language side of China News Service — not relied on a single Xinhua News Agency release.

The bottom line: one need not specify a time frame for something that is already happening.

The context is coming. But first, let’s look at how the language came across on the Ministry of Public Security website:

Chen Zhimin demanded that public security organs serve as the main force in [preserving] online social security, cooperating closely with internet management agencies, and actively innovate internet security management, mutually promoting the building of rule of law in online society. [We] must fully promote website information security and other protective work, raising prevention of illegal and damaging website intrusions, and protection of the personal information of web users. [We] must fully put into effect online public inspection and law enforcement by net police . . . . actively discovering and restricting various illegal activities. [We] must deeply advance the building of “cybersecurity police units” (网安警务室) at priority websites and internet enterprises, building “cybersecurity police units,” grasping illegal offenses online at the earliest opportunity, serving and guiding websites in raising their security management and prevention capacities.

What I have translated here as “deeply advance the building of” should be properly understood as calling for the expansion and/or improvement of an existing project — though admittedly that would have sucked the wind right out of those news ledes. (No one wants the headline context would suggest: “Police Official Urges Expansion of Website Police Unit Network in Place for Years Already.”)

From the outset, respect for the most generic context might have invited more scepticism about the significance of Chen Zhimin’s remarks. Anyone with a middling knowledge of information controls in China should know that the Public Security Bureau has always played a central role in internet control. Sources abound. Try Anne-Marie Brady’s Marketing Dictatorship, or trudge through the richness of other books, papers and primers.

The obvious question arising from that context: Given the PSB’s historic involvement in information controls in China, how are these “cybersecurity police units” actually new?

And once we’ve asked that question, the answer comes back simply enough, without even the need to get insiders on the telephone. They aren’t new at all. We can find close to 50 articles on these so-called wang’an jingwushi in China’s own media over the past four years.

As far as I can ascertain from Chinese-language news databases, the first instance of “cybersecurity police units” appeared in Jinan, the capital of Shandong province, on December 31, 2010 — nearly a full two years, incidentally, before Xi Jinping became general secretary.

Jinan’s local Party mouthpiece, Jinan Daily, reported that the city’s first cybersecurity police unit had been established in the provincial headquarters of China Unicom:

From this day forward, police will be stationed at the Unicom cybersecurity police unit, engaging in onsite direction of the installation of cybersecurity technologies . . . carrying out criminal investigations and handling emergency actions to deal with computer virus transmission and other sudden-breaking issues.

jinan daily[ABOVE: Page 10 of the December 31, 2010, edition of Jinan Daily carries a small article on the establishment of the city’s first “cybersecurity police unit,” inside the local telecom provider.]

The article, just to the right of the main image on page 10 of the newspaper, makes plain just how involved local police in Jinan will be in coordinating information control procedures in the city through the local telecoms provider. They will be present on the ground, directing the installation of hardware as well as dealing with “sudden-breaking issues.”

Can we suppose, then, that the installation of these cybersecurity police units began in 2010?

In the world of daily news, 2010 may be ancient history. But if it’s context that interests us, 2010 is an important year for the internet in China. Remember Google’s high-profile exit from China? Yeah, that was 2010. And China made the point in 2010 more emphatically than ever before that internet companies were welcome to do business in China, on condition that they operate “according to the law,” opening up their services to government and police scrutiny.

Crucially, it was also in April 2010 that China revised its Law on the Guarding of State Secrets, establishing must stricter standards for internet companies and telecom firms in abetting censorship and surveillance. In the context of that revision, the establishment of a cybersecurity police unit inside the Jinan operations of China Unicom makes perfectly devilish sense. We can also safely suppose Jinan was an isolated case of media reporting, not an isolated case of application of these “units.”

Nanfang Daily[ABOVE: A report, bottom-left of the page, in the official Nanfang Daily newspaper in Guangdong details Public Security Bureau involvement in the policing of the internet.]

On October 13, 2011, a report from Guangdong’s official Party mouthpiece, Nanfang Daily, offered a picture of the online enforcement activities of police in another major city, Guangzhou:

Recently, in the ‘virtual world’ of the internet, there are also ‘virtual police,’ and ‘virtual [police] kiosks’ . . . . According to statistical data, since Guangzhou’s ‘virtual police’ were established, they have responded to more than 8,600 cases, and have handled more than 3,000 instances of criminal activity online. Aside from this, ‘cybersecurity police units’ have been set up at a number of priority portal sites, directing information security personnel at these sites in handling harmful online information, carrying out information security prevention and treatment programs, and strengthening the practical management of the virtual online space.

This nearly three year-old passage from Nanfang Daily paints quite a vivid picture of the sort of direct police involvement on internet and information policy that the spate of news reports last week warned us to anticipate.

Fast forward to August 28, 2013. The official China News Service reports that authorities in Hebei province are making progress in “cleansing the online environment.” They have shut down 9 websites for “illegalities and violations,” have issued warnings to 75 websites, and have removed 14,435 items of “illegal information.” The news item makes special note of the establishment of cybersecurity police units:

Hebei province’s “cleansing the online environment” campaign has operated in concert with the Public Security Bureau’s special campaign of “concentrated strike and purge of online criminality” . . . with interactive and e-commerce websites as the focus . . . employing methods of self-cleansing and self-investigation, with police working 24 hours a day to conduct inspections . . . establishing cybersecurity police units at internet service providers and data centers, and building emergency management mechanisms at priority websites. . .

Fast forward again to September 28, 2013. Jiangnan Metropolis Daily, a major commercial newspaper in China’s southern Jiangxi province, reports plans by local authorities to establish cybersecurity police units in “priority internet service providers and priority websites, striking out in accord with the law against such illegal criminal activities as [spreading] online rumors, online fraud, online direct selling, online pornography, online gambling and infringement on the personal information of citizens.”

I could go on like this, fast-forwarding through 20 or so other articles. Until, for example, we reached the January 21, 2014, edition of the official Ningxia Daily, which noted the establishment of a cybersecurity police unit inside a middle school as part of its push for a “peaceful Ningxia.” Or to the July 11, 2015, edition of Guangxi Daily, the official Party mouthpiece of the Guangxi provincial leadership, which announced the establishment of a cybersecurity police unit in Pingnan County (surely not an isolated example) in order to “create a harmonious and secure internet environment in Pingnan.”

The upshot — aside from the editorial point that we should expect better context (which isn’t difficult or expensive) from our reporters — is that we need not wait for a “time frame” on China’s cybersecurity police units. They are already here, they have been for some time, and they are far more ubiquitous and intrusive than last week’s Xinhua report would have led anyone to imagine.

While it doesn’t quite have the newsy new-thing pop of reporting a fresh abuse, we can probably also suppose that the high-level mention of these “units” from Chen Zhimin signals that police are serious about using and expanding them — and that, of course, is not good news.