How to avoid falling into China’s ‘data trap’
By Dr. Samantha Hoffman
26 December 2021
The Chinese party-state apparatus is already using big data collection to support its efforts to shape, manage and control its global operating environment. It understands that data that seems insignificant on their own can carry enormous strategic value when aggregated. Advertisers may use data on public sentiment to sell us things we didn’t know we needed. An adversarial actor, on the other hand, might use this data to inform propaganda efforts that subvert democratic discourse on digital platforms.
The U.S. and other countries have rightly focused on the risk of malicious cyber intrusions — such as the aforementioned OPM, Marriott and United Airlines incidents that have been attributed to China-based actors — but data access needn’t be derived from a malicious intrusion or alteration in the digital supply chain. It simply requires an adversary like the Chinese state to exploit normal and legal business relationships that result in data-sharing downstream. These pathways are already developing, most visibly through mechanisms like the recently enacted Data Security Law and other state security practices in China.