Efforts to Preserve China’s Cyber Ideological Security
Last updated on: 12 September 2024
4. Efforts to Preserve China’s Cyber Ideological Security
Last updated on: 12 September 2024
Since the beginning of the “post-centralization” period, which began with Xi Jinping’s major reforms of China’s cyber institutions in 2014, the CCP has vastly expanded its censorship apparatus in an effort to exert control over China’s domestic internet.1 Vectors range from app store-level censorship and rectification campaigns, to tightened content moderation.2 Below, we detail the ideological and legislative development of online identifiability through RNR requirements and explain how these policies are strategically developed to monitor domestic debate and exclude foreign users.
China’s RNR system is the most critical feature of social surveillance3 and a core element of the CCP’s effort to attain its most important strategic goal: ensuring “domestic stability” (维稳) — an ongoing campaign to suppress internal opposition4 and prevent civil unrest of the kind that led to the Color Revolutions or the Arab Spring.5
In a 2013 speech at the National Propaganda and Ideological Work Conference, Xi Jinping addressed the challenges posed by global internet to China’s regime stability.6 In doing so, he conceptualized domestic ideological cohesion and global public opinion in three zones (三个地带): a red one, a black one, and a grey one. Per Xi, China itself represents the inner “red zone,” which needs to be controlled by mainstream media and the state propaganda apparatus. Outside this red zone exists a “black zone” filled with hostile narratives and subversive ideas, such as “universal values.” In between the inner (red) and the outer (black) zones liesa “grey zone” which acts as battlefield (战场). According to Xi, the internet should be treated as the “biggest variable” (最大变量) in this grey zone, as “hostile forces” (敌对势力) will continuously use it to try to shape andm anipulate “threats from within” (心头之患) to topple China.7
The red zone must be consolidated and expanded, so that its social influence broadens incessantly. We must dare to enter the black zone, we must dig into the belly of the Iron Fan Princess to fight, and progressively push it to change colour. In the grey zone, we must launch large-scale work, to accelerate its transformation into a red zone and prevent it decaying into a black zone.
Xi Jinping, 20138
The party state has since operationalized this Tri-Zone internet framework. As a result, China’s domestic online discourse (i.e., the inner red zone) is continuously transformed into what the CCP refers to as “a healthy and orderly online ecology” (健康有序发展), or “a clean and healthy cyberspace” (风清气正的网络空间).9 Achieving this entails purging China’s internet of regime critique and liberal or progressive political concepts, such as “press freedom,” “universal human rights,” or “constitutional democracy.”10 Content that could “undermine national unity” (破坏国家统一), “damage national honor” (国家荣誉), or advocate “separatism” (分裂思想) must also be actively excluded. Accordingly, it is now a priority for the CAC (China’s powerful cyber regulator) to “maintain control in the online information space and prevent organized opposition [regarding] public opinion properties and social mobilization capability.”11
As China’s domestic control and censorship apparatus has grown, the need to monitor and throttle the exchange of information (information penetration “信息渗透风险”) with the rest of the online world has intensified. Online nationalists and the broader propaganda apparatus increasingly warn about the grey zone, through which “Western stories” (西方故事) and “anti-China content” (反华内容)12 can infiltrate China and blur the vision of public intellectuals,13 or even that of party members14 and military leaders.15
In this ongoing battle, the private tech sector is the first line of defense for China. It is this sector’s responsibility to “guide and direct netizens’ cognition of things” and ensure “discourse security” (话语安全). Non-traditional security actors, such as operators of social media apps and internet companies, protect the grey zone as a form of “cyber ideological security.”16 In turn, party intellectuals often refer to these actors as the “national cybersecurity barrier” (国家网络安全屏障)17 or “ideological security firewall” (意识形态安全防火墙) that prevents the spread of false and harmful content within China.18
The ability to monitor and control the grey zone — and prevent any political discourse that could poison China’s inner red zone — is therefore invariably connected to the question of who can access and engage with Chinese social media.
To reinforce China’s ideological security firewall, the party-state seeks to reliably and consistently tie online actions to offline identities. Therefore, domestic internet companies must require identifiability as a condition to access their services. User phone numbers, as well as face and identification card (ID) scans, are commonly used to ensure RNR compliance. Comprehensive provisions released in March 2021 and September 2022 clarify that identification information must be collected for virtually all services related to internet access, including DNS resolution and the provision of messenger services (see Appendix 2). With the exception of using search engines, RNR turned into a general access condition for the internet in China.19 This is the culmination of over a decade of iterative regulatory processes building upon three important benchmarks from 2010, 2015, and 2017.
First, RNR has been mandatory for the acquisition of mobile phone numbers in China since 2010. Per a decision by the National People’s Congress, China’s three state-owned telecom providers must verify identities whenever a SIM card is sold.20 The goal of this regulation was to link phone numbers to IDs as well as real-time geolocation data.21 In practice, however, RNR practices were still being debated amongst intellectuals and party members at the time of the decision22 and implementation of its requirements initially stalled,23 with various regulatory updates to follow.24 For example, since 2019, users have been required to submit facial recognition scans upon purchase.25 See Appendix 2 for a more comprehensive legislative overview.
Second, the CAC introduced the online account management principle referred to as “front-end anonymity/back-end identification” (“后台实名、前台自愿") in 2015. According to this principle, any internet information service provider (互联网信息服务提供者) must ensure the verification of users, while users retain the ability to engage anonymously on the platform.26
Finally, the Cyber Security Law (CSL) of June 2017 implemented identifiability across most parts of the Chinese internet. Article 24 of the CSL stipulates all network operators (网络运营者) must require users to providereal identity information.27 Throughout 2017 and into 2018, the party-state also considerably increased its pressure on internet companies to enforce RNR policies and protect national security interests (see Appendix 2). The policies were explicitly mandated to ensure regime stability, increase self-censorship, and enforce the ideological firewall.28
Registering user phone numbers is one way for internet information service providers to comply with the “back-end identification” requirement, as the party-state can ensure identification through its access to the data at the three telecom providers. As a result, in 2016, a spokesperson from the Ministry of Industry and Information Technology claimed that 92% of SIM cards in China had been successfully linked to identification information.29 This high identification rate of phone numbers allows internet service providers to use phone numbers as a proxy for the identification requirements while handling very little private information.30 In China’s internet economy, which runs largely on mobile devices, phone numbers (+86) remain aubiquitous and low-tech quasi-identifier for account registration (see Figure 2).
Figure 2: The Mobile Mandate
Account creation on most Chinese apps is tied to mobile phone numbers
Source: App walkthrough on WeChat, February 2024.
However, because China’s RNR systems relied on a complicated handover of data between service providers and telcos, the CAC initiated a national authentication service in 2024 in an attempt to streamline and nationalize China’s identification system.31 Under this new service, users will be provided with national internet IDs (issued by the CAC) and that internet service providers are required to accept as authentication data.32
At the core of this national service lies a centralized database of “trusted identities,” which the Ministry of Public Security first experimented with in 2014 to provide a technical backbone for RNR-related communication between public and private entities (see Figure 3).
Figure 3: A centralized database allows identification across all services
Concept pyramid of the Cyber Trust Identity platform, CTID (互联网+可信身份认证平台)
The Cyber Trust Identity (CTID) platform allows Chinese apps and internet service providers to verify phone numbers against registered IDs. As of 2020, the three-layered platform conducts about 15 million authentications every day. It contains a central database, including identification documents of various administrative agencies and phone numbers, verified by national telecommunication carriers (Layer 1). This allows third-party authentication service providers(Layer 2) to verify users on commercial online services, such as WeChat and Alipay33 (Layer 3).
CTID operators claim the platform grew from 26 institutional clients in 2020 to clients from 50 industries and 350 institutions by 2022,34 gathering an astonishing 5 billion pieces of identification information along the way, including ID cards, passports, and data from residents in Hong Kong, Macao, and Taiwan.35 The CTID has also been developed to facilitate biometric recognition, including facial, fingerprint, voice, and gait recognition — with the goal of eventually replacing IDs and passports.36
Level 3: Commercial authentication layer
Level 2: Third-party verification
Level 1: Legal and trust layer
Source: OIDAA, “CCTID Platform: Strategic Practice of China’s Network Trusted Identity with Chinese Characteristics” [CTID平台:中国特色网络可信身份战略实践], June 19, 2020.
Background: The idea of a national “network trust system” (网络信任体系) was first conceptualized in August 2008 by the Ministry of Human Resources and Social Security (MOHRSS). At that time, the ministry also suggested users should only be permitted to access the internet once their identity had been verified.
In 2014, the Ministry of Public Security (MPS) was mandated to build a “network trust system with Chinese characteristics” (中国特色的网络可信体系) to digitalize and unify all identification processes on China’s domestic internet.
Building on efforts by MOHRSS, the MPS in 2017 officially started working on the CTID, previously referred to as the “internet + trusted identity authentication platform” (互联网+可信 身份认证平台) or the “national network identity authentication public service platform” (国家 网络身份认证公共服务平台).37
In 2024, the MPS and the CAC proposed a national internet ID system to centralize and nationalize user verification and the handling of personal data.
The “post-centralization” period in Chinese cybersecurity governance refers to the phase following the establishment of centralized control by the Central Cyberspace Affairs Commission, marked by a strategic emphasis on integrating Internet governance with national security and development policies, leading to a more top-down, government-led approach. See Jinhe Liu, “Rethinking Chinese multistakeholder governance of cybersecurity,” in Ian Johnston, et al. (Ed.), “Building an International Cybersecurity Regime,” Elgar Online, 2023. ↩︎
Rongbin Han, “Contesting Cyberspace in China - Online Expression and Authoritarian Resilience,” Columbia University Press, 2018, Chapter 2: Harmonizing the internet. ↩︎
Deng Kai, David Demes, and Chih-Jou Jay Chen, “Xi Jinping’s Surveillance State-Merging Digital Technology and Grassroots Organizations,” in Ashley Esarey and Rongbin Han (Eds.), “The Xi Jinping Effect,” University of Washington Press, 2024, pages 153-180. ↩︎
Kai Yang, “Demobilizing Veterans: Campaign-Style Stability Maintenance in China,” Modern China, 50 (4), 2023; Katja Drinhausen and Helena Legarda, “Confident Paranoia,” MERICS, September 2022. ↩︎
These political movements resulted in regime changes in various post-Soviet states during the Color Revolutions and in the Middle East and North Africa during the Arab Spring. They also inspired regime critics in China to call for their own Jasmine Revolution, which, as CCP outlets and political scientists in the West have pointed out, caused China’s party-state to double down on internet controls. See Kan Daoyuan [阚道远], “Improving Political Discrimination Ability in the Internet Age” [提高网络时代的政治鉴别力], Red FlagManuscript [红旗文稿], January 16, 2016; Rongbin Han, “Contesting Cyberspace in China - Online Expression and Authoritarian Resilience,” Columbia University Press, 2018, Chapter 1: Introduction; Elizabeth Economy, “The Third Revolution,” Oxford University Press, 2018, Chapter 3: Chinanet. ↩︎
This quote comes from the 2013 speech titled “The Internet has become the main battlefield in the struggle for public opinion” [互联网已经成为舆论斗争的主战场]. See China Digital Times, “Full Text of Xi Jinping’s August 19 Speech: Be Boldin Grasping, Managing, and Wielding the Swordin Speech” 网传习近平8•19讲话全文:言论方面要敢抓敢管敢于亮剑,” China Digital Times [中国数字时代], April 11, 2013. Note that the speech has been frequently cited or referred to in Chinese state media. See Lin Hui [林晖] et al., “Building aStrong Cyber Nation to Aid National Rejuvenation” [建设网络强国 助力民族复兴], People’s Daily [人民日报], July 14, 2023. ↩︎
Ibid. ↩︎
ChinaCopyrightMedia, “Xi Jinping’s 19 August speech revealed? (Translation),” November 12, 2013. ↩︎
General Office of the Central Committee of the Communist Party of China and General Office of the State Council [中共中央办公厅 国务院办公厅], “Opinions on Promoting the Healthy and Orderly Development of the Mobile Internet” [《关于促进 移动互联网健康有序发展的意见》], Xinhua News Agency [新华社], January 15, 2017; Li Zhiqiang [李志强], “Creating a Clean and Healthy Cyberspace” [南方时论:营造一个风 清气正的网络空间], Southcn.com, April 21, 2016, http://news.xinhuanet.com/ ↩︎
Sang Linfeng [桑林峰], “Military Report: Hostile Forces’ Network Strategic Offensive, Lack of Responsibility Among a Few Military Leaders” [敌对势力网络战略进攻 军队少数领导缺担当], PLA News, May 20, 2015. ↩︎
Rogier Creemers, “Cybersecurity Law and Regulation in China: Securing the Smart State,” China Law and Society Review, 6 (2), 2023. ↩︎
Stella Chen, “‘Hostile Forces’ in the Digital Age,” China Media Project, November 11, 2021. ↩︎
San Yi Shenghuo [三易生活], “Public Intellectuals Sing a Different Tune Again, But Real-Name Registration for Mobile Phones is Not a Disaster” [公知又唱反调 但手机实名制并不是洪水 猛兽], Sohu, October 11, 2016. ↩︎
As mentioned in the lead article in of a PLA newspaper. See Jie Yiping [解一平], “Front Page of Military Newspaper: The Internet May Become a ‘Heart Disease’ for Contemporary China” [军 报头版:互联网或成当代中国”心头之患”], China National Defense News [中国国防], January 15, 2016. ↩︎
Sang Linfeng [桑林峰], “Military Report: Hostile Forces’ Network Strategic Offensive, Lack of Responsibility Among a Few Military Leaders” [敌对势力网络战略进攻 军队少数领导缺担当], PLA News, May 20, 2015. ↩︎
Cheng Guilong and Xie Jun [程桂龙 谢俊], “Cyber Ideological Security Governance from the Perspective of Non-Traditional Security” [非 传统安全视阈下网络意识形态安全治理], Network Ideological and Political Education Research [网络思政研究], March 10, 2023. ↩︎
Zhang Li [张立], “Strengthening the National Cybersecurity Barrier” [筑牢国家网络安全屏障], Red Flag Manuscript [红旗文稿], January 29, 2024. ↩︎
Daniel Crain, “America’s Cognitive Warfare Against China,” Sinification, January 25, 2024. ↩︎
BBC, “Is There Privacy After Comprehensive Real-Name Registration? — Chinese Netizens View on ‘Internet Real-Name System’” [全面实名后还有 隐私吗——中国网民看“网络实名制”], June 1, 2017. ↩︎
Xue Song [薛松], “Buying a Mobile SIM Card at a Business Hall Requires an ID Card Starting Today” [营业厅买手机卡今起须持身份证], Guangzhou Daily [广州日报], September 1, 2010. ↩︎
“Unfettered access to SIM card location data through state-run carriers und rules requiring every SIM card location to be linked to the user’s government ID meant the government could uncover the location of any mobile user in the country at any time.” See Josh Chin and Liza Lin, “Surveillance State: Inside China’s Quest to Launch a New Era of Social Control,” St. Martin’s Press, 2022, page 235. ↩︎
Liu Gang [刘刚], “The Origin, Debate, and Possible Solutions of China’s Real-Name Registration System” [我国网络实名制的缘起、争论及可能出路], Journal of University of Electronic Science and Technology of China (Social Sciences Edition) [电子科技大学学报社科版], 17(4), 2015, pages 55-59; LiXiguang [李希光], “Talking About News Reform: Should the People’s Congress Legislate to Prohibit Anyone from Posting Anonymously Online?” [谈新闻改革:人大应该立法禁止任何人匿名在网上发表东西?], Blogchina.com [博客中国], May 26, 2003. ↩︎
Sophie Wu, “Real-name registration required for China mobile users,” Internet Governance Project, September 7, 2010. ↩︎
Ye Pan [叶攀], “Black Market Mobile SIM Cards Still Openly Sold Online: These Details Must Be Guarded Against” [手机“黑卡”仍在网 上公开兜售 这些细节不得不防], CCTV News [央 视新闻客户端], February 16, 2019 http://www.chinanews.com/cj/2019/02-16/8756076.shtml; Cao Yin, “IM Rules Are Tightened to Stem Rumors, Pornography,” China Daily USA, August 8, 2014. ↩︎
Lily Kuo, “China Brings in Mandatory Facial Recognition for Mobile Phone Users,” The Guardian, December 2, 2019. ↩︎
The principle was adopted by China’s seminal Cybersecurity Law, which was followed by a host of regulations in 2016 and 2017, clarifying specific requirements for various internet sectors, such as app wallets, mobile apps, online news providers, comment functions, and online forums. See also CAC, “Internet User Account Name Management Regulations” [互联网用户账号名称管理规定], February 4, 2015; Charles Custer, “China’s Wallet Apps Require Real-Name Registration by July 1 – Or Else,” Tech in Asia, May 30, 2016. ↩︎
The CSL put into law what the National People’s Congress had already introduced in 2012. To bolster “network information security” (网络信息保护), a decision mandated that “network service providers” (网络服务提供者) must verify users’ identities using IDs or other legal documents before granting access to internet services and social media platforms. While the obligation for real-name registration (RNR) for internet access therefore predates Xi Jinping’s concept of the tri-zone internet, the legislative justification for it has gradually shifted. According to the original 2012 decision, RNR was intended to prevent the spread of pornographic content, combat fraud, and protect minors. ↩︎
A legal expert at the Beijing University of Posts and Telecommunications explains that RNR, as defined in Article 24 of the Cybersecurity Law, serves one main purpose: to support the establishment of a purified internet environment(净化网络环境) and to psychologically deter netizens who attempt to commit crimes, such as anonymously spreading rumors. See Xie Yongjiang[谢永江], “Backend Real-Name System Has Become a Global Reality, Strengthening Personal Information Protection is Key” [【专家谈】后台实名制已成全球性现实 强化个人信息保护成为关键], People’s Daily [人民日报], September 11, 2017 http://opinion.people.com.cn/n1/2017/0911/c1003-29527979.html. Similarly, according to Tian Li, Associate Professor at Peking University’s New Media Research Institute, RNR turns the internal moral constraints of netizens into external legal constraints, for which the “SevenBase Lines” should provide guiding principles, as defined by Lu Wei, formerly head of the CAC and deputy head of the Propaganda Department. See Dong Siyu [董丝雨] and Jiang Qiguang [蒋齐光], “Three Questions on Internet Real-Name System: Information Protection, Technological Supervision, and Freedom of Speech” [三问网络实名制:信息保护、技术监管、言论自由], People’s Daily [人民日报],June 1, 2017. ↩︎
Xu Hongzhou [许红洲], “The Strictest Mobile Real-Name Registration System Has Arrived!” [最严 手机实名制来了!], Economic Daily [经济日报], May 25, 2016. ↩︎
Gao Yaping Team [高亚平团队], “How App ‘Real-Name Authentication’ Follows the ‘Minimum Necessary Principle’” [新经济与法|App“实名认 证”如何遵循“最小必要原则”], The Paper [澎 湃], January 6, 2022 https://www.thepaper.cn/newsDetail_forward_16165104. ↩︎
Central Cyberspace Affairs Commission [ 中央网络安全和信息化委员会], “Ministry of Public Security and the Cyberspace Administration of China on the ‘National Network Identity Authentication Public Service Management Measures (Draft for Comments)’ Public Solicitation of Comments” [公安部 国家互联网信息办公室关于 《国家网络身份认证公共服务管理办法(征求意见 稿)》公开征求意见的公告], July 26, 2024. ↩︎
Meaghan Tobin and John Liu, “China Wants to Start a National Internet ID System,” New York Times, July 31, 2024. ↩︎
WeChat, developed by Tencent, is a multifunctional social media app that integrates messaging, social networking, and payment functionalities, widely adopted across China. It is integral to daily digital interaction and commerce in the country. Alipay, created by Alibaba’s affiliate Ant Group, functions primarily as a digital wallet and payment platform, playing a pivotal role in facilitating online and mobile transactions in China. ↩︎
Available for download in iOS: https://archive.is/t33of. ↩︎
OIDAA, “CTID Platform: Strategic Practice of China’s Network Trusted Identity with Chinese Characteristics” [CTID平台:中国特色网络可信身份 战略实践], June 19, 2020 https://www.oidaa.org.cn/news/newsinfo/68.html. ↩︎
Information Security Research [信息安全研究], “Exploration and Prospects of the Development Path of China’s Network Trusted Identity” [我国网络可信身份发展路径探索与展望],December 20, 2022 https://www.secrss.com/articles/50211; ANICERT [中盾安信], “Managing Trusted Identity Based on Legal Documents to Create a Clear and Bright Cyberspace Environment” [基于法律证件开展可信身份管理 共同营造风朗气清的网络空间环境], Police TechnologySpecial Issue [警察技术专刊], June 4, 2020 https://www.anicert.cn/industry/industryinfo/87.html. ↩︎
OIDAA, “Technical Architecture and Standards of the ‘Internet + Trusted Identity Authentication Platform’” [“互联网 +可信身份认证平台”技术架构与标准], May 29, 2020 https://www.oidaa.org.cn/news/newsinfo/65.html. ↩︎