China Media Bulletin Issue No. 109: October 2015

HEADLINES OCTOBER 2015

• Feature: Obama-Xi Agreement Will Not Resolve China Cybersecurity Threat
• During Xi’s U.S. visit, state media boost leader’s image, downplay bilateral tensions
• Censors swiftly restrict news and internet posts of deadly blasts in Guangxi
• Recent government concessions mask ongoing repression
• Hong Kong: Liberal legal scholar’s blocked promotion raises fears for academic freedom
• Beyond China: UN intimidation, Thailand firewall, Myanmar arrest
• What to Watch For

FEATURE: Obama-Xi Agreement Will Not Resolve China Cybersecurity Threat 

By Sarah Cook, Senior Research Analyst for East Asia and China Media Bulletin Director 

One of the most touted takeaways from Chinese president Xi Jinping’s visit to the United States last month was an agreement by the two leaders on the contentious issue of cyberattacks—and especially cyberespionage—against American targets. Particular attention has been given to a commitment Xi and U.S. president Barack Obama made to avoid engaging in or knowingly supporting acts of cybertheft for economic gain.

But while the commitment signals bilateral goodwill, there are a number of reasons to doubt its effectiveness in curbing commercial espionage and the broader problem of intrusive, destructive cyberattacks against a range of U.S. targets by entities tied to the Chinese government:

Absence of clear standards or verification mechanisms: Security experts analyzing the agreement noted its vague wording and lack of definitions for what constitutes acceptable or unacceptable activity, meaning further negotiation would be required to render the agreement effective. Similarly, no objective metrics were identified for determining whether one side or the other has followed through on its commitments. These challenges, along with the near impossibility of tracing who is responsible for most cyberattacks, will make enforcement difficult.

Omission of politically motivated attacks: More problematic from the perspective of privacy and freedom of expression was the cybertheft agreement’s focus on the economic realm. By framing the pact in this way, Obama and Xi ignored the increasingly aggressive, sophisticated, and widespread cyberattacks apparently committed by Chinese state actors against American media companies, human rights groups, individual activists, and government bodies. Thus, even if an agreement like this one had been in place for the past five years, it arguably would not have prevented attacks on Google in 2010 (which hacked rights defenders’ accounts, among other targets), media outlets like the New York Times in 2012 (seeking information on the sources for the paper’s investigation of former premier Wen Jiabao’s family wealth), or a massive denial-of-service attack against the code-sharing platform GitHub in March of this year. Nor would it have helped stem routine phishing attacks that target overseas Chinese, Tibetan, and Uighur activists and, increasingly, U.S. government personnel. 

Failure to address vulnerabilities created by China’s Great Firewall: More indirectly, any agreement that depoliticizes the Chinese government’s internet policies is overlooking the general security problems created by the Great Firewall (GFW)—Beijng’s system for monitoring and filtering internet communications between China and the outside world.

Over the past month, this issue was highlighted by two incidents in which malware infected applications on Apple’s mobile operating system. On September 17, some of China’s most popular apps—including Tencent’s WeChat and NetEase—were found to be carrying malware, affecting hundreds of millions of smartphones and marking the largest such incident to date in Apple’s history.

The apps were susceptible to intrusions because they used an alternative to Apple’s standard XCode. Analyzing why app developers might have used a less secure code, Oiwan Lam of Global Voices points out that due to the slow international internet connections in China (a direct result of the GFW’s real-time filtering), downloading XCode takes a very long time. Some programmers have consequently turned to alternatives that are more accessible from within the firewall, but also more vulnerable to malware. 

In the second incident, a malicious program targeting Apple devices was reported on October 4 by researchers at Palo Alto Networks. This time, a Chinese marketing company took advantage of internet users’ desire to circumvent censorship to convince them to download an infected application. The malware essentially allowed the marketers to take control of users’ phones and execute certain actions, such as opening their Safari web browser to a page showing clients’ products or advertisements. 

Both of the above incidents were resolved quickly without long-term harm to consumers, but future attacks that exploit the same incentives may not prove as innocuous. Moreover, security analysts have found that the March 2015 attack on GitHub was carried out with a tool they labeled the “Great Cannon.” This weapon, which is co-located with the GFW, worked by redirecting large volumes of bystander traffic—mostly from Hong Kong and Taiwan—that was headed for search engine Baidu’s China servers and using it to swamp and paralyze the U.S.-based code-sharing website.

Ultimately, actions will speak louder than words. Over the next six months, security experts will closely track and investigate reports of cyber intrusions from China against American companies and other targets, hopefully providing evidence on whether the pace of attacks has slowed, if not ceased.

Meanwhile, the Obama administration will have two avenues—a bilateral dialogue and an ongoing response system—through which to press the Chinese government for answers and prosecutions of those found responsible for violations. The United States will also continue to consider imposing sanctions on Chinese companies found to have benefited from cyberespionage. The threat of sanctions appears to have had at least a short-term impact: On October 12, the Washington Post reported that Chinese officials had for the first time arrested hackers identified by U.S. officials.

A White House fact sheet states that these new communication channels could address “malicious cyberactivities” generally. This leaves space for U.S. officials to expand the scope of inquiries beyond commercial espionage. American and Chinese internet users, civil society, and media outlets would be well served if politically driven attacks were covered, beginning with the first bilateral dialogue expected before the end of this calendar year.

In the meantime, though, security experts who have analyzed the Obama-Xi agreement appear to agree that they will not be out of work anytime soon. On September 29, security firm KnowBe4 offered a stark warning to those seeking protection from detrimental cyber intrusions originating in China: “You are still mostly on your own.” 

PRINT / BROADCAST: During Xi’s U.S. visit, state media boost leader’s image, downplay bilateral tensions

The Chinese state media produced voluminous but selective coverage of President Xi Jinping’s visit to the United States from September 22 to 28, aiming to bolster Xi’s image. The reporting portrayed him as a statesman who was welcomed on the international stage and represented a China that was on par with the United States as a global power. Censors, journalists, and propaganda authorities went to great lengths to provide an overwhelmingly positive spin on the visit, which U.S. media presented as fraught with bilateral tensions and overshadowed by Pope Francis’s simultaneous visit and the sudden resignation of U.S. House Speaker John Boehner.

Chinese state media coverage closely followed the honors offered to Xi at different points on his itinerary, from a children’s choir serenade in Washington to a 21-gun salute at the White House. The nationalistic Global Times noted that his addresses were met with “waves of applause.” Online news sites touted President Barack Obama’s “Ni Hao” welcome. Primetime news bulletins highlighted Xi’s menu and his wife’s attire, alongside enthusiastic welcomes for the couple. Unsurprisingly, the reporting omitted the street protests by democracy activists, Falun Gong practitioners, Uighurs, and Tibetans over human rights abuses that also greeted Xi. Coverage frequently referred to Beijing’s concept of “a new type of great power relations” to demonstrate parity between the United States and China, without acknowledging that Washington has yet to embrace the idea, given its implied subordination of smaller countries’ interests, among other concerns.

Online, the hashtag #FollowUncleXitotheUS was the highest-trending topic for a week on the Sina Weibo microblogging platform, and related posts reportedly gained over 500 million views. Nevertheless, online chatter was heavily monitored, and critical remarks were censored. The Cyberspace Administration of China helped guide the tone of online public opinion with a September 22 directive instructing the mobile applications of Chinese news organizations to limit notifications of “negative news” about events in China to only three during the period of Xi’s U.S. visit, lest they distract from the positive impact of the trip. Those violating the order risked having their notification function disabled for 10 days.

A detailed analysis by Merridan Varral at the Lowy Institute notes that Xi’s visit “provided an ideal opportunity to reinforce his domestic legitimacy” after his reputation took a hit this summer from the fatal chemical explosions in Tianjin, a plunge in the stock market, and a slowing economy. For international audiences, the Chinese state media’s efforts to set an overwhelmingly positive tone were less successful. On Twitter, which is blocked in China, Chinese human rights attorney Gao Zhisheng’s new revelations about his torture in custody trended above the #XiJinping hashtag on September 23. And a People’s Dailyvideo of foreigners praising the Chinese leader “Xi Dada” as “cute” and like a “big brother” met with more ridicule than awe.

PRINT / NEW MEDIA: Censors swiftly restrict news and internet posts of deadly blasts in Guangxi

On September 30 and October 1, a series of 17 explosions in Liuzhou, Guangxi Province, killed at least 10 people and injured some 50 others. The blasts struck government offices, a shopping mall, a hospital, and residential areas, and coincided with the beginning of Golden Week, a national holiday and politically sensitive period surrounding the October 1 anniversary of the Communist Party’s rise to power in 1949. An initial series of photographs that circulated online showed rubble-covered streets, partially collapsed buildings, and palls of smoke and dust. Sina and other popular web portals soon launched live feeds and special online feature pages.

Within hours, however, the party’s Central Propaganda Department and other censorship bodies moved into action, according to leaked directives published by China Digital Times. The instructions restricted journalists’ on-site reporting, limited other independent newsgathering, banned special topic features, and ordered the deletion of close-range photos. News outlets and online platforms were instructed to take their cues from reports by the official Xinhua News Agency. Such instructions are not unusual. A 2014 Freedom House analysis of censorship directives found that news related to public safety, including violent attacks, was the third most commonly censored topic.

Internet police in Liuzhou directly contacted users, asking them to delete Sina Weibo microblog posts about the bombings. Early web features were reportedly taken down, and terms related to Liuzhou became some of the most censored on Weibo, according to Free Weibo, a site that tracks microblog deletions.

Subsequent state media reports asserted that a 33-year-old quarry owner named Wei Yinyong was responsible for the blasts, and that he had been killed in one of the explosions. Wei reportedly used parcel services, remote-control devices, and a series of unaware carriers to deliver and detonate his homemade bombs. According to local police, Wei’s acts were “criminal” rather than “terrorism,” motivated in part by his frustration with the government’s response to villager complaints about work at the family-owned quarry.

Some internet users expressed skepticism that this was the full story, given the substantial censorship. Other observers contrasted the muted coverage of the blasts in Guangxi with Chinese media’s high-profile reporting and special web features on an October 1 mass shooting at a college in the U.S. state of Oregon.

PRINT / NEW MEDIA: Recent government concessions mask ongoing repression

The past month’s developments in cases involving prominent journalists and online activists indicate that while the Chinese authorities sometimes ease restrictions at strategic moments, the moves often conceal new or continued efforts to maintain control over information and dissent.

• Unexpected concessions ahead of Xi’s U.S. visit: In the days leading up to President Xi Jinping’s visit to the United States, two positive decisions by officials appeared to signal goodwill toward Washington. Chris Buckley, a New York Times correspondent, received permission to return to China on September 21. He had been forced to leave the country in December 2012 after authorities refused to renew his press accreditation. Separately, on September 15, Guo Yushan, a scholar who had helped blind activist Chen Guangcheng escape his extralegal house arrest and reach the U.S. embassy in 2012, was released from custody. Guo, who led a research and social advocacy organization, had been detained in January 2015 and accused of illegally printing books; the charges remain in place despite his release on bail. Amnesty International’s William Nee told media that Guo’s release, while positive, “just fits into the usual pattern that we’ve seen over the decades of a token release of one dissident or two ahead of a major ceremonial occasion at the international level.”
   
• Businessman blogger detained: On September 9, news belatedly emerged in overseas Chinese and international media of the August 22 detention of microblogger and entrepreneur Xin Lijian. Xin, who runs the largest private education business in southern China, was accused of accounting irregularities, but his supporters and friends said he was being targeted for providing financial support to liberal scholars and exile journalists. His arrest fits a trend noted in Freedom House’s 2015 report The Politburo’s Predicament of increased repression against civic-minded businessmen.
   
• Pervasive surveillance of artist’s studio, streets of capital: After returning to China from his first trip abroad since his 80-day extralegal detention in 2011, Ai Weiwei reported on October 5 that he had discovered hidden surveillance equipment in his studio during renovations. The well-known artist and dissident posted photos on Twitter and Instagram showing the equipment, which is believed to have been in place for several years. The same day, Communist Party mouthpiece the People’s Daily declared that “Beijing Police have covered every corner of the capital with a video surveillance system,” after a 29 percent increase in the number of cameras in the city over the past year.

Map of Beijing showing the locations of video surveillance cameras throughout the city. Credit: People's Daily.

HONG KONG: Liberal legal scholar’s blocked promotion raises fears for academic freedom

On September 29, the governing council of Hong Kong University, one of the territory’s most prestigious institutions of higher learning, voted 12 to 8 to reject the appointment of law professor Johannes Chan to the position of pro-vice-chancellor. Chan had been selected by an expert committee and put forth as the only qualified candidate suitable for the position, which has significant influence over staffing and budgeting decisions. The rare overturning of a selection committee’s nomination and the unusual delay in holding the vote, combined with an assault on Chan’s experience and character in pro-Beijing media, have fueled concerns that the decision was politically motivated and could have a negative impact on academic freedom.

According to Reuters, over 300 articles published in pro-Beijing Hong Kong media outlets spoke ill of Chan and alleged that he was a key force behind last year’s Occupy Central prodemocracy demonstrations. Although Chan’s colleagues—including HKU law professor Benny Tai—played prominent roles in the movement, Chan has said he was open to working within the electoral framework proposed by Beijing’s National People’s Congress, which the Occupy Central movement firmly rejected. That Chan would become a target for defamation and punishment despite his more moderate, conciliatory stance has led observers to interpret the rejection of his promotion as a signal to others in academia to refrain from supporting democracy advocates.

Hong Kong students and scholars, as well as their international counterparts, have voiced strong objections to Chan’s treatment. Jerome Cohen, a prominent Chinese legal expert at New York University, called the council vote “a scandal.” HKU students held a candlelight vigil on the evening of the vote, and 7,800 members of the HKU alumni association expressed their support for Chan. On October 5, several days after the council’s decision, HKU’s own law department spoke up in the professor’s defense, insisting on his strong qualifications after leaks from the council meeting indicated that some members justified their vote against him by saying he had advanced simply because he was a “nice guy.”

Meanwhile, the fact that the e-mails of HKU vice-chancellor Peter Mathieson, who supported Chan’s candidacy, were hacked and published by pro-Beijing media outlets raised a host of other concerns about the threat to academic freedom presented by surveillance and possible collusion between central government hackers and Hong Kong media.

BEYOND CHINA:  UN intimidation, Thailand firewall, Myanmar arrest

The Chinese Communist Party’s information controls and political sensitivities often have an impact far beyond China’s borders. The following are a few incidents reported over the past month that illustrate this phenomenon:

• China critics at United Nations face intimidation: On October 6, Reuters published an investigation of the various tactics employed by Chinese diplomats and at least 34 GONGOs (government-organized nongovernmental organizations) at the UN Human Rights Council to stifle criticism of China’s human rights record. These tactics include photographing torture victims who come to testify, in violation of the council’s rules; pressuring the United Nations to deny accreditation to high-profile activists; interrupting victims’ testimonies; and filling meeting halls and discussion sessions with GONGOs to drown out accusations of rights abuses.
   
• Thailand junta exploring China-like internet firewall: On September 23, Telecom Asia reported that a Thai netizen had discovered an edict by Thailand’s military rulers to centralize the flow of internet traffic in and out of the country, facilitating a more robust form of internet censorship, similar to China’s. The cabinet directive instructs the police and government ministries to “set up a single internet gateway in order to control inappropriate websites and to control the flow of information into the country from overseas via the internet,” according to the article. Thailand is rated Not Free in Freedom House’s Freedom on the Net index, as authorities already block large numbers of websites and prosecute users for posting critical content.
   
• Rights lawyer’s teenage son abducted in Myanmar: On October 6, Bao Zhuoxuan, the 16-year-old son of detained Chinese human rights lawyer Wang Yu, was taken away by police while staying with two other activists at a guesthouse in Myanmar near the border with China. He was reportedly attempting to flee China and reach the United States. This was the second time in three months that Bao had been taken into custody. On July 9, he was arrested at Beijing airport; though he was released two days later, authorities kept his passport. His mother’s arrest elsewhere that same day set off one of the worst crackdowns on Chinese human rights attorneys in recent memory, and she has also been the subject of vilifying state-run media coverage (see CMB No. 107). As of October 12, Bao was believed to be under house arrest in China.
   
• PlayStation 4 sales hurt by censorship regime: Andrew House, the chief executive of Sony Computer Entertainment, told reporters at the Tokyo Game Show in September that sales of the company’s PlayStation 4 in China have not been as strong as expected. The device was launched in the country in March after Chinese regulators lifted a 14-year ban on gaming consoles last year. However, competing options like computer- and mobile-based games had already built up a strong presence in the market during the ban, and broad, vague censorship rules—combined with a slow approval process by the Shanghai government’s culture department—may have also hurt PlayStation sales. Nevertheless, House reiterated his optimism about China’s “tremendous potential for gaming as an entertainment medium.”
   
• China’s objection to Japanese actor delayed Hollywood film for seven years: As the thriller Shanghai was preparing to open in theaters October 2, producer Harvey Weinstein told the Hollywood Reporter that its release had been delayed by seven years due to Chinese government opposition to the use of a Japanese actor. Weinstein said that in 2008, after the movie’s script had already been approved and filming begun, regulators asked Weinstein to remove Japanese actor Ken Watanabe and recast an American in his role due to Chinese-Japanese tensions. The producer refused, and the authorities revoked the film’s previously issued permit to shoot in Shanghai. The studio then had to change filming venues, double the budget, raise additional funding, and ultimately extend the production timeline by several years.

WHAT TO WATCH FOR

U.S.-China cybersecurity: Watch for concrete evidence indicating any reduction in the Chinese government’s direct or indirect support of cyberespionage for economic purposes, and whether U.S. officials raise politically motivated cyberattacks against U.S. targets as part of a bilateral dialogue session later this year.

Blanket Beijing video surveillance: Watch for new reports of activists, Falun Gong practitioners, or petitioners being identified and detained more easily for meeting informally in public places, handing out leaflets, or otherwise engaging in grassroots human rights awareness activities.

Wanda purchase of British cinema chain: Watch for confirmation of a recent report that Dalian Wanda, a conglomerate owned by Chinese billionaire Wang Jianli, is looking to purchase Britain’s Odeon cinema chain. Such a deal, alongside Wanda’s previous acquisitions of large theater chains in the United States and Australia, would give the company control over thousands of cinemas outside China. In the years ahead, watch for any effects on the types of films being shown and produced—either an absence of movies that are critical of China or the presence of films with a pro-Beijing slant.