Interview with Dr. Rogier Creemers: AI + Social Credit + Algorithmic Governance + Cybersecurity + VPNs

It’s 2017. The world is increasingly looking eastwards for the latest technology and policy developments emerging out of Asia. When it comes to China, news of advances in AI and mobile payment systems battles for attention with thought pieces about social credit rating and circumvention tools. In July, a roadmap for AI development targeted China becoming “the world’s primary AI innovation center” by 2030. In June, its Cybersecurity Law of 2016 formally went into effect. One person who’s been closely following these trends for a lot longer than most is Dr. Rogier Creemers. Editor of China Copyright and Media, a reputed database for translations of Chinese policy and regulatory documents in his field of interest, Dr. Creemers studies the interaction between law, governance and information technology in China.

We had a chance to sit down (virtually) with Dr. Creemers and riff on everything from AI to cross-border data flows to cybersecurity. Highlights of our free-ranging chat about the significance and impact of recent developments are condensed here: the long-form version of the interview will be posted on our website very soon.

Digital Asia Hub (DAH): The Chinese State Council unveiled its “Next Generation AI Plan” to become the global AI innovation hub and leader by 2030. What is your take on the plan?

Dr. Rogier Creemers (RC):

If you read the the AI plan (translation available here), you will see it is actually a really disparate plan, almost like a Christmas tree: there is something in it for every part of the administration. To have a plan like this you need administration buy-in, and the way you do this is by creating a little bit for everyone. 

The plan follows the pattern of how China looks to technology to solve some of its development and governance issues, which in turn creates new problems that need to be solved with more technology. The [potential] of AI is that you can use it to deal with these issues [of cybersecurity, whistleblowing, and abuse], to more efficiently move large amounts of data, effectively identify and deal with threats to information security, and more effectively manage social and economic processes. The plan has an omnibus build that identifies the problems that China’s leadership thinks that the country faces, and sees AI as a magic bullet to solve them.

(Read Dr. Rogier Creemers’s article on the AI plan here)

DAH: What about another government plan also linked to creating and managing data, the Social Credit Rating system that China is attempting to build by 2020. What have we seen of this so far?

RC: There are bits of it that already work. There is one bit of the social credit system, which is more a black list system: If you have been convicted of breaches of certain laws and regulations, and you refuse to carry out the verdict, pay the fine or execute the injunction, then you get on a blacklist.  As long as you are on it, you cannot do certain things, like travel on airplanes, or stay in luxury hotels. The reason for this is that the Chinese government has had a hard time enforcing court judgments, so the thinking is that resorting to such disproportional measures creates compliance. But this doesn’t involve measurement. It is a binary system, you are either in or out, and it is very clear how you can get on or off the system.

Another bit in the making is the creation of the national unique identification system for citizens and businesses. This is very much about nation building. It makes it possible for the government to look at society and identify people. China has never had a unique identification system – certainly not for business- so in many ways, it is there to make administrative process more efficient and effective, but also to create transparency. This make it possible to say this business is following that process. Obviously there is social control, but it is a bit more than that.

[For background on the social credit system, here is an explainer from The Citizen Lab]

DAH: On the creation and deployment of technology for governance, be it AI or big data systems, questions are being raised around fairness and ethics of algorithmic decision-making in Western countries. How is Chinese society approaching AI?

RC: There is going to be a question asked about algorithms in China, but it is not going to be the same [one].

From a liberal democratic perspective, the first thing you would want to know is: does it or does it not violate my rights as citizen? When we talk about fairness and ethics, what we are talking about is a liberal, rights-based citizenship where ethics become a restatement of capacities belonging to governments or businesses, whether or not they violate the lawful rights of individuals. Particularly in terms of inclusiveness on the grounds of identity categories: gender, religion, ethnicity; but also class-based inclusiveness and equality. 

China does not share those concerns because its “OS”* is not built on the State as the facilitator of the individual good, which lies at the heart of the liberal democratic idea of the State and citizenship. In China, the State is there to facilitate the collective good, and therefore the idea is that it should not be limited, but instead should be empowered. So the question about algorithms in China is very likely not going to be about whether they violate anyone’s specific individual rights or not, but rather, whether or not they contribute to the solution of the identified socio-economic problems. This is where the question of fairness might get a look in: not from an identity or class-based perspective, but more from a classically Leninist approach.

In short, the thinking is that the end trumps the means, and so the means can be excused as long as the end has been reached. So the question is whether or not it has.

[* OS = operating system]

DAH: Moving onto cybersecurity. You raised the issue of poor data practises and the risks that arise from creating such systems. China’s Cybersecurity Law went into effect on June 1st. What is your assessment of the law?

RC: I’m going to give a typically lawyerly answer: it depends on what you want to see in it.

The Cybersecurity Law is the first high-water mark in that the government is getting serious about actually doing something about it.

What it [China] is rapidly discovering is that it is one thing to say, and another thing to actually create, the regulatory approaches. For instance, dealing with the question of cross-border data transfer: Which data should be situated in China? Is it actually safer in China? What does that mean for Chinese business and for foreign businesses? On what hardware should that be stored? This is where the big disputes and questions within China are.

Some parts of the bureaucracy – the more technically minded parts, like Committee 260, which is the technical committee in charge of cybersecurity standards- are quite open to the participation of foreign businesses. You then have others, like MPS, which are way more aggressive on this angle, and want to keep out foreign participation in large swathes of the domestic market, particularly where critical information or national infrastructure is involved.

[* MPS = Ministry of Public Security]

DAH: What about companies like Baidu, Alibaba, and Tencent moving abroad and operating across borders. Are you seeing a clash of interests between the State and companies on issues like cross-border data transfers and how they will be implemented?

RC: I think these companies are going to be very careful about explicitly calling out the Chinese State on some of these issues. We should never forget that the Chinese market is their home market, their dominant market, and [they] don’t want to get in trouble with the central leadership. That being said, there are ways those companies can send signals, certainly: they have very close lines of communication with the Central government. There is also a very strong awareness within the central leadership that these are national champions, so they wield considerable influence, but they won’t always get their way.

You can argue that there has been a mantra of openness that led us to believe that Internet businesses should be treated differently from other businesses without any justification. Whereas it is clear to see the utility of having regulatory harmonisation, I fail to understand why it should be such an article of faith that there should be no regulatory barriers to Internet businesses. And so what all of that also means is that the Chinese companies, for instance, Alibaba, because of the way that it has to do business, they have data companies all around the world. This is in order to not store their data in China – which for a lot of people would be a bit of a turnoff- but also to be in compliance with any sort of future data localisation [requirements]. In other words, these companies are already better trained, and operating, in an environment where national borders in cyberspace are mounting.

DAH: July was a particularly eventful month for VPN access in China. Bloomberg reported a blanket ban from February 2018 which was then denied by MIIT*. They clarified that VPN providers not in compliance with a new order (from January 2017) will be shut down, implying that access would remain via a new group of party-approved VPNs. How do you expect the government will manage the VPN access issue going forward?

RC: The Chinese leadership is deeply allergic to any process that might imperil its exclusive authority on goings-on in China. The Chinese leadership understand it is necessary for there to be VPNs for business, to transit secure business communication, for foreigners to log into their websites, etc. But it also sees risks: that VPN technology could also be an enabling factor for allowing dissidents to communicate, access and exchange information, and for sensitive Chinese data to be leaked. On top of that, we are starting to enter silly season in the run up to the 19th Party Congress, where all of these departments will want to be the “best student in the classroom” in protecting the nation.

[* MIIT = Ministry of Industry and Information Technology]

About Dr. Rogier Creemers:
Dr. Creemers is a postdoctoral scholar in the Law and Governance of China, working for both the Van Vollenhoven Institute and the Leiden Institute for Area Studies. His main research interests are the interaction between law, governance and information technology in China, and Chinese political-legal ideology. His work has been published in, amongst others, The China Journal and the Journal of Contemporary China. He has regularly contributed to reports in the media such as the New York Times and the Financial Times, and has provided input into policy processes such as the Sino-EU Cyber Dialogue. He also edits China Copyright and Media, a reputed database for translations of Chinese policy and regulatory documents in his field.

Dev Lewis