Bob Seely is a member of the Foreign Affairs Select Committee, and is MP for the Isle of Wight.
When it comes to cyber threats, our political debate is dangerously behind the curve. I’m aware that some have criticised Gavin Williamson’s tenure at the Ministry of Defence, but to his credit he is at least asking questions that more of us need to be thinking about. Last week, he asked whether we should be using Chinese telecoms giant Huawei’s technology within the UK’s critical infrastructure. The simple answer is: no, we shouldn’t – because it makes us vulnerable to the Chinese state.
This issue of cyber security is not primarily about what would happen in case of war with China. In case of a dramatically worsening international situation, China could potentially use its cyber access to our infrastructure to damage our energy system, for example, or the ability of the NHS to operate. Russia could do the same and has been hacking into our systems too. In military terms, these operations prior to conventional conflict are known as “shaping operations” and are an important part of conflict preparation.
However, this scenario is extremely unlikely. The greater threat is how nations are engaging in battles for influence and power using new forms of technology to shape our world, and specifically Artificial Intelligence and big data, aligned with some old forms of espionage, as well as information operations.
It’s important to note that China may soon become the world’s largest economy and has bought millions of its own people out of poverty. We should strive for good relations and to trade and understand each other, building alliances with China where we can. However, we should also have few illusions about the nature of Chinese state power and the subservient and supportive role of Chinese tech firms in it.
China is a one-party state engaged in hoovering up information; on its people, on our people, and on our infrastructure to help shape the future, possibly at our expense.
To provide some evidence, let me give you a few examples to add to the Defence Secretary’s comments.
First, China is introducing a social credit system which monitors its citizens. The best that can be said is that it may reward socially beneficial behavior. However, China’s monitoring of its people probably has more to do with the Chinese Communist Party’s desire to prevent threats to its power. This is a state in which people still disappear and where thousands are oppressed or sent to re-education camps. Big data will make an Orwellian world more likely. If behaviour control was the opium of twentieth century dictators, the twenty-first promises a breath-taking expansion based on levels of data points – information – the East Germany Stasi or the Soviet KGB could have only dreamed about.
Second, earlier this year a Chinese company recently bought Grindr, the gay dating app. The Chinese state very likely now has access to highly sensitive sexual information relating to the 3.1 million peop;e who date on it daily. Only you, your sexual partner(s) and the Chinese security services will ever know who and what turns you on. Grindr assures its users (for the record, I’m not one of them) that privacy is paramount, but is there privacy in a one-party state in which the rule of law is under the rule of the party?
If you are gay restauranteur from Bristol, Brisbane or Boston, do you have much to fear? Almost certainly not – however bad your crème brulee. But if you are a defence software engineer, or you’re a diplomat about to be posted to a sensitive role, or an ambitious politician, political adviser or journalist, or you work in tech, your most sensitive and personal information is valuable. This isn’t just about crude, old-school blackmail, but about recruitment and influence. Sexual profiles, via dating apps, personal messages and other content, will soon be used by adversarial security agencies and even corporate investigators – if they are not already – as tools to help understand, influence and manipulate their targets. This is the brave new world we live in and the Chinese – and the Russians – are diving into it.
Third, in 2014 and 2015 Chinese hackers broke into the US Office of Personal Management (OPM) and stole the details of 21.5 million federal US employees. Why? Because the OPM stored 18 million copies of Standard Form 86, a 127-page federal security clearance form that includes questions on personal finance, substance abuse, sexual behavior and mental health. It is the US version of the Developed Vetting process that some members of the UK military and others in sensitive UK roles undergo. The hack obtained a treasure trove of highly personal information on those who help run the US.
Huawei may not be involved in any of the above. But as a major Chinese technology corporation, it is involved in the China’s broader agenda. That’s why Australia and New Zealand have blocked Huawei from supplying equipment for its 5G network; that’s why the head of MI6, Alex Younger, says there are questions to be answered about how much Chinese-owned tech we want in the UK, and that’s why the FBI’s director, Christopher Wray, warned American citizens against using products and services from Huawei and another Chinese company, ZTE.
Our own agencies are getting smarter, but their capabilities are modest compared to the 100,000 plus employees of China’s cyber-espionage division. However, this is more than just a question of resources or technical understanding. This is a political issue, because so many of us are ignorant of how quickly the world is changing.
As part of our response, I’d suggest two initiatives.
First, we need a small, permanent multi-agency group whose role, working with Government agencies, would be to identify foreign subversive activities against the UK. The detailed work would be done by other Government agencies, but the group would be a public-facing body helping to explain threats to our democratic system which do not fall under the umbrella of conventional conflict. The UK is doing this on an ad hoc basis (i.e. the excellent National Cyber Security Centre) ,but better a single organisation and a structured programme to undertake multi-faceted work stretching from cyber, to finance, to espionage and PR campaigns.
Second, we have seen how divisive disputed elections are. We need to understand the potential threats and influences to our electoral and political system created by algorithms designed both by firms like Facebook, which actively helps to create division, and by cyber infiltration from states such as China and Russia. We need to debate the ethics of algorithms and our vulnerability to cyberattack. I would suggest either a Royal Commission or a cross-party investigation into strengthening our electoral system whilst preserving free speech. Perhaps this work could be done with US, Canadian, Australian and New Zealand partners?
One of the threats facing open societies is how authoritarian states use our freedoms to damage our freedoms. A national and international debate in the UK and through Europe and the English-speaking world would help us understand not only why some foreign states are taking an unhealthy interest in our national and personal information, but also what we should do about it. So Williamson – and Younger – were right: we need to talk about Huawei – and China.