Published daily by the Lowy Institute

Beijing's Great Cannon exposes vulnerable Chinese tech firms

Beijing's Great Cannon exposes vulnerable Chinese tech firms

News last month of the Chinese Government's Great Cannon cyber warfare tool should ring warning bells for Chinese technology companies abroad already compromised by their association with the Chinese state.

Jack Ma, CEO of Alibaba and British Prime Minister David Cameron in Shanghai, 3 December 2013. (Flickr/British Embassy Beijing.)

The University of Toronto's Citizen Lab has found that the tool allows the Chinese Government to harness internet traffic and direct it against websites it considers dangerous, overloading them in an attempt to shut them down. The Citizen Lab report shows that the tool was most recently used to target, a website hosting material censored inside China, and Github, used by GreatFire to host similar material.

This capacity and willingness to conduct powerful attacks on sensitive material outside the Great Firewall demonstrates the extent of the Chinese Government's ability to control political discourse outside China's borders. As a display of cyberpower it is roughly equivalent to the NSA's QUANTUM program

This intent and capacity comes as little surprise to analysts who follow the Chinese Government's increasingly strong hold on an already strangled domestic online political discourse. However, the fact that it operates outside Chinese borders raises new questions about the extent to which the Chinese Government seeks to control politically sensitive material beyond the Great Firewall.

These questions have particular resonance for Chinese internet technology companies, which are increasingly successful in the global market. [fold]

China's three biggest internet companies, TenCent, Alibaba and Baidu, are all publicly listed and all have had highly successful IPOs. Tencent and Baidu now operate in over 20 countries between them and Alibaba also has emerging global ambitions. Importantly, the Great Cannon tool operates in part by inserting malicious code into connections to Baidu, which the company says occurred without its knowledge. 

At least two of the biggest Chinese internet companies have come under fire for allegedly promoting the interests of the Chinese state through information control outside China's borders, just as they – and all companies who wish to access the lucrative Chinese market – must do within China's territory. Tencent has been accused of censoring users of its WeChat app outside China, while Baidu has been accused of installing spyware on users' computers in both Japan and Vietnam. Baidu has similarly been accused of censoring certain sensitive keyword searches in its new search engine in Brazil.

It should be noted that these allegations have yet to be proven in any systematic way. Indeed, these are publicly listed companies that operate without obvious support from the state. Unlike other technology companies such as Huawei or ZTE, for example, they are undertaking international expansion without obvious state financial support in the form of soft loans or lines of credit.

However, if companies want to maintain access to the Chinese market, why wouldn't they err on the safe side and avoid offending Chinese officialdom even when operating outside China? Even Western technology companies such as Microsoft, Apple and Linkedin have been accused of censoring their products within China to maintain their access. Bing, Microsoft's search engine, was even alleged to censor search results for users accessing its products outside China. 

Chinese internet companies, then, have every reason to cooperate with the state's demands outside China in order to maintain access to the market inside China. Internet companies have been praised as 'national champions' in China, and their international success is an important element of Beijing's soft power abroad – witness President Xi's opening of Baidu's offices in Brazil in 2014.

However, the soft power of China's internet technology companies is likely limited precisely because of the links between these companies and the state, and of China's sometimes toxic geopolitics. Recent research suggests a consumer backlash against Baidu in Vietnam forced that company out on the basis of unproven and unlikely allegations that the company censored discussions of sensitive South China Sea topics. Even non-internet companies such as Xiaomi have been subject to suspicion of overly-close links with the Chinese state.

Technology companies strongly associated with state identities are increasingly a proxy for broader geopolitical conflicts at the state level, linking the commercial and securitised realms of cyberspace in ever more complicated webs. The recent standoff between China and the US on US technology companies operating in China is just one example. Earlier this year, the Snowden revelations gave the Chinese Government all the rhetorical ammunition it needed to remove several US companies from an approved procurement list – companies including Cisco, Apple, and McAfee. Chinese telecommunications firms Huawei and ZTE were similarly banned in 2012 from bidding for government contracts in the US (and Australia) because of security concerns.

You may also be interested in