China’s Grand Strategy For Global Data Dominance: A CGSP Report

>> Glenn Tiffert: Welcome and thank you for joining us today in this special event in the Hoover Institution's project on China's global Sharp Power speaker series. As many of you know who join us from time to time. In addition to regular speakers on topics of urgent interest with regard to China, the CGSP project also publishes a series of reports on issues of the day.

Today we're rolling out one of those reports, a really vital contribution from Matt Johnson, who is a visiting fellow here at the Hoover Institution on China's data strategy. Many of us are aware that there's a large national conversation in the United States regarding TikTok and whether it should be free to do business in the United States or there should be restrictions on TikTok's ability to do business and collect data on Americans.

But that is only the beginning of the conversation and the tip of the iceberg, as Matt is about to tell us, TikTok is part of a much larger strategy that's been put together at the highest reaches of the chinese government with regard to controlling the world's data using its commercial platforms.

This is much more than just TikTok and social media. This is about the collection of data for economic intelligence, for contributions to generative AI models, for weather forecasting that will help with military planning, for weather forecasting that will help with forecasting atmospheric conditions for hypersonic missiles. I want to refer you all to Hoover's and CGSP's website.

That's www.hoover.org cgsp, where you can download a free copy of today's report. But without further ado, let me introduce Matt Johnson, who will describe it to you. Matt Johnson is a visiting fellow at the Hoover Institution and research director at Garnaut Global. His expertise covers China's contemporary elite politics, strategic thinking and political control over the financial sector and private economy.

He was previously a lecture in the history and politics of modern China at the University of Oxford, and his academic publications have focused on propaganda, chinese communist party ideology, cultural security, state society relations, and the Cold War. Of interest to us is he participated in a Hoover working group on digital currencies and electronic payments and in the report that Hoover issued on digital currencies last year.

And most recently, he's the co author of a study on TikTok that was submitted to the australian parliament. Matt, over to you.

>> Matthew Johnson: Thank you, Glenn, for that warm introduction and very succinct overview of the report that we've just published today on China's grand strategy for global data dominance.

Thank you everyone for coming today and those who are listening. Your attention is much appreciated. I wanted to say thank you in particular to Larry diamond, head of the China's Global Sharp power project, among his many roles, to Glenn Tiffert, also with the same program, and also for new colleague Francis Hisgin, who is also at CGSP.

And the three of them together have edited this report since its conception, basically, and I'm incredibly grateful to them for their support and thoughtful review. And then finally, I want to thank the Hoover institution itself, the Hoover press, and folks who do publicity for Hoover, who have really, again, helped to roll this out in an engaging way.

So the report is long, it's fairly detailed, has a lot of footnotes. I'm a historian by background, read a lot. I like sources. I've tried to immerse myself in as many sources that seem relevant to this question as I possibly could, and I've tried to put them together in a way that connects as clearly as possible what Glenn just described, which is elite policymaking within the upper echelons of the party, starting with Xi Jinping, and then how that policy making has cascaded downward through China's party state and then moved outward from China into the world through commercial actors companies for the most part, and how all of this fits together to form not an entirely coherent whole, but a fairly, I think, powerful and active network for data absorption that policymakers in the United States and other countries are really just beginning to catch up to in terms of its breadth and ambition.

So that's my starting point, because the report is long and fairly detailed. What I want to do with this event, which has a good seminar feel to it, which I also appreciate, is two things, essentially, for those whose time and attention spans are limited, I want to give an overview of the main argument and supporting takeaways, including key policy recommendations, which basically summarizes the report but won't get too deeply into the weeds.

And then for those who are still around after that, I want to give a more methodological overview of what I think are some of the key issues that arise in the course of this kind of research. Because one of the main points that I want to make today isn't just about data, but it's actually that the party state, and the Chinese Communist Party in particular, has a long history, is a unique organization, is unlike other nation state actors, and requires, I think, a very different kind of research methodology in order to fully capture the breadth and intricacy of its organization.

And then for the third part, we have a QL do questions, obviously, starting with Glenn, who's an old friend, also from the history days. So the top line of this report, which is basically given away by the title, is that China has a grand strategy for global data dominance.

That's a fact. I think it's an empirically verifiable fact, but the implications of that fact require some spelling out. And so I thought, actually one way to get into that might be just to break down the words in the title itself so that we understand what we're talking about here and the terminology involved.

So when we talk about China, we're talking basically, you know, we're starting with China's leaders, the very top of the Chinese Communist Party, who see their country, and this is part of what the report proves, starting with current supreme leader Xi Jinping as engaged in a global contest for control of digital information, that is, data, and that Xi, for example, foreshadowed this competition explicitly himself in 2013, right after coming to power, when he told the Chinese Academy of Sciences, the vast ocean of data, just like oil resources during industrialization, contains immense productive power and opportunities.

Whoever controls big data technologies will control the resources and initiative for development. So this is Xi at the very start of his now lengthy tenure as general secretary of the Chinese Communist Party, comparing. Data to oil as a vital resource that China basically needs to control and absorb in order to achieve its, and really the party's strategic objectives.

And as the report shows, Xi has personally led this policy of data control through the creation of what I've called the party's accumulation espionage system, which in simplest terms is a network of internal storage and processing facilities, some of which have been created and controlled by China's own security, by the party's own security forces, and how these are coupled with policies in areas ranging from big data to civil military fusion to e commerce, that leverage civilian institutions and commercial actors to act as siphons abroad, feeding into military, commercial and other technology and surveillance development projects back in China, or which may potentially be shared with other like minded actors around the world, for example, Iran or Russia.

So China here is a political actor, that is the Chinese Communist Party, of 96 million members, plus a military, plus others who knowingly or unknowingly support these agendas and who are engaged in the competitive accumulation of data at a global scale. The second element in the title grand strategy, which basically means here that winning the global contest, as China's leaders envision it, is to use all available tools of statecraft in pursuit of this big data agenda.

One of the central claims that the report makes and proves is that in China's leninist party state, these tools include private companies, which are under the party's organizational control, even if they appear to be privately held, and which are obliged to uphold party policies, including as these relate to data.

Finally, what is meant by global data dominance? This is Beijing's non reciprocal approach to data, which means that its companies and domestic data processing systems exploit the openness of other countries, including via multilateral trade agreements, to accumulate as much data about other societies as possible, while maintaining barriers around access to China's own data.

And I would add that while leaders like Xi Jinping have been vague about what they intend to do with this data and the infrastructure being built to process it, some indication of the potential of this project can be gleaned from two kinds of sources, which this report documents fully.

The first is authoritative party state official text. So, like I said, there's a lot of reading behind the research, including directives from top leaders and instructions on implementation, and actually the law itself, which isn't independent of the party, but basically shifts in accordance with party goals and priorities.

What these say, which the report spells out, is that Beijing is building a nationally integrated big data system. They say that data which is created and absorbed from other countries will be used for China's economic and military advantage. They say that data is viewed as a means of constant and omnipresent surveillance, both for state security purposes at home and for military and military adjacent actors abroad.

And they say that all data gathered via PRC entities, whether corporations or individuals, is subject to the collection and review of party state authorities. The second type of sources that the report covers pretty much at the front. Larry's urging to bring some of the points about relevance home, which I think was a wise move, are actual harms already being conducted by PRC commercial data handlers abroad?

So, in other words, we're not talking about hypotheticals. We're talking about actual evidence of ways in which data is being used. These include building databases of human genomes without consent. They include mapping sensitive areas of other countries economic activity, borders. They include mining telecommunications networks for commercial secrets and intelligence.

They include the manipulation of online information environments. They include the profiling of foreign citizens through social media. And they include targeting journalists and those engaged in activities which are critical of China and of PRC companies, including reports like this one. I also want to highlight a further point about data itself, which is to say that data is not simply personal information.

So I've recently been reading dismissals, even among those who are kind of vaguely critical of party state behavior and other areas, saying there's too much attention being paid to TikTok. What really is the strategic advantage of information gleaned via TikTok, which I think somewhat minimizes the problem. In response, I would say that data can include personal information, which ultimately is hardly trivial, including because it may be used in the future in ways that are difficult to envision in the present, whether for micro targeting of online messaging, digital messaging, or other forms of leverage.

But the data can also mean information about environments and patterns of activity, which are collected through sensing technology like Lidar. On most autonomous vehicles that you see, especially in a technology rich area like this one, it can refer to control signals transmitted through networked smart systems to autonomous vehicles, industrial equipment, power grids, and other deep infrastructure underpinning our economy.

It can refer to entire environments of information, for example, social media, content platform algorithms, and potentially generative AI created knowledge ecosystems. And finally, it can refer to more traditional forms of information stored in digital form, like blueprints, confidential documents, state secrets, institutional and individual records, et cetera, all of which are targets of traditional espionage only now digitized.

This is why, as the report shows, the challenges posed to the United States and other countries. Democracies, certainly, but any country with a long term vision of national security, which is to say, most are all countries. The challenges posed to all of these countries by China's digital dominance strategy are not simply confined to protecting the data of individuals from commercial data risk, but should be, but should include the protection of networks, the protection of institutions, and, in particular, the protection of critical sectors of the economy from integration with PRC commercial data operators.

And so the examples that the report draws on, though far from complete, cover a wide range of areas, including drones and autonomous vehicles, including biotech and genomics social media. I've done other work, as Glenn mentioned, on financial technology, including cryptocurrencies. All of these have the potential to play outsized roles in impacting national security, especially when influenced by a.

Foreign adversary, which, from a strategic perspective, is how the United States government views China, which is a point that I'll come back to later. So the policy recommendations that the report makes are broad, because the challenge is broad here. One is to review and strategically decouple. So at the top of this list is strengthening and expanding the US Department of Commerce's Information and Communications technology and services process, also known as the ICTS process, to restrict data-related transactions which pose undue or unacceptable risks to us national security.

The report goes into how the ICTS panel is first conceived under the Trump administration and then further clarified under US President Joe Biden has broad discretion to begin investigating and unwinding threats across six sectors. Including critical infrastructure, network infrastructure, data hosting, surveillance and monitoring technology, communications software, and emerging technology.

So not just social media apps, which are a relatively recent addition. Through the ICTS process, commerce has already begun reviewing transactions, but it has not visibly enacted its authority beyond the review level. Nonetheless, it does represent a powerful tool for confronting foreign adversary threats to data across society and represents the potential basis for comprehensive protection of information and infrastructure.

However, as critics, or at least commentators, have noted, as a commerce led process, it has been assessed lack the resources and clarity of scope to begin systematically reducing risk across the economy. A second potential solution is to restrict investment to basically start with creating a list of which parts of the economy are most in need of being secured and which commercial data operators represent the clearest threats.

And from that point, the challenge of China's data dominance strategy can be met by streamlining the process through which foreign investment in critical data technology and infrastructure sectors is reviewed. The report therefore recommends a clearer approve or reject model for covered transactions by the Committee on Foreign Investment in the United States, or CFIUS, and clearer restrictions on foreign adversary controlled investment in critical technology and supply chain areas.

A third recommendation is to strengthen the international ecosystem for data security, by joining multilateral frameworks such as Japan's data free flow with trust proposal, which I think is worth careful study. There's the possibility to strengthen data protection between allied and partner countries, so that security shortcomings affecting the sale and transfer of data abroad, including the integrity of data communication systems, and including data shared via non commercial transactions such as international research partnerships, are addressed.

And then finally, although I have to say that in the current environment, this is, I wouldn't say absurd, but sort of in the category of wishful thinking, although I think it is a world that we all should wish for. There's the option of trying to impose terms of reciprocity and engagement on the government in Beijing.

Which would mean that making access to America's company's investment and market conditional on a more reciprocal attitude toward data and transparency that goes beyond superficial cybersecurity pledges, which sort of represent the current state of US-China discussion in this area. And would require actual proof of commitment in order for PRC companies to continue operating in the United States and to continue receiving investment from the United States.

So to conclude this part of the presentation, I think that we, in the United States of America and democratic partners, need to begin to close the gap between understanding that China's party state army, there's always that third term, is a foreign adversary that seeks to compete with and displacement the United States and democratic systems as principal stakeholders in the international system through conflict if necessary.

If you've watched China's recent sort of quasi war mobilization policies and operations closely, we need to close the gap between that reality and policies that give almost unfettered access to sensitive domestic information and systems to companies that are controlled by that foreign adversary. So that's the gap. It's that simple, to defend our principles and institutions and competitiveness, this gap, the report argues, needs to be addressed immediately.

So if you're staying just for the top lines and the main takeaways, we've basically concluded that part of the presentation, and I would thank you for your attention. But for others, those in the room, and particularly fellow researchers and analysts, I just wanted to dive a little deeper, using the time remaining to talk about some of the methodological features of the report.

Now, this part is less scripted. Really, I just wanna make my own assumptions clear, because there's a real debate about how we can study the party state and other China-linked actors, like companies or think tanks, or overseas united front groups or illegal police stations in New York City.

And how we should go about mapping out the ways in which all these parts of the party connect with one another. So I just wanna make a couple of methodological points that hopefully will spark some further discussion. One is that open source is important and you have to read a lot of open source material and you have to know how to get online and search for it, and you have to know how to collect and analyze.

And I think as for those researching and analyzing the party or its policies and activities in specific areas, there's a sense in which we can't really over specialize. I mean, I haven't spent my whole career studying China's data policy, but I think as a start for understanding that policy, we need to read what's available and begin to put it together in ways that tell the story from the perspective of the actors using actors categories.

Second point I would make is that what leaders say is important. So when we talk about China, we talk about China's policies. I would say even when we talk about Beijing, what Beijing thinks, really we have to focus a little, in a more granular fashion, on the people who are the leaders of the Chinese Communist Party, because their speeches in China's system essentially have the authority of law, right?

When Xi says something, it cascades down through the party state system, which is a Leninist system in terms of its organizational DNA. And it means that every time she speaks, we should probably pay attention, because It's a fast-moving system. It's not just a slow-moving kind of ossified bureaucracy.

A third point, which I've sort of foreshadowed here, is that China's political system is Leninist and increasingly centralized. This means that policies move from top to bottom. This means that society is increasingly integrated into the state. And while the party's control over society is not perfect, all of the available evidence says that the goal is control and coordination, that the vision is of a single political organism that moves in a perfectly coordinated manner.

You don't have to take my word for it, because these are all the things that Xi Jinping says about top level planning, and the big chessboard, and everybody having one will and one sense of purpose. That's what political discourse in China sounds like today. The other, also somewhat foreshadowed here, is that China's political language is not transparent.

It has to be understood better. The terms and phrases that are awkward to translate can't just be dismissed as ideological and empty out of hand because we don't necessarily understand what they mean. We have to bring specialist knowledge to bear on these sort of opaque and esoteric documents in order to understand what the purpose behind them actually is.

 

>> Matthew Johnson: Also, and this is focused on, I think, one of the central claims of the report concerning corporations, that because of the unique features of the party as an organization, control at the corporate level doesn't actually just mean ownership. And controllers may be hard to identify because of the party's own norms of secrecy.

You don't know where in a company the real sort of nodes of party control lie, they get moved around. Sometimes in the human resources department, sometimes in other parts of corporate structures. And that also requires actually a fairly forensic approach in order to understand and draw out. All party controlled organizations are by definition non transparent.

And so we need to get better at identifying the points of contact that make lines of control visible. Two more points, and then I'll wrap up. One is that for those whose work focuses on the forensic reconstruction of the strategic policy and organizational landscapes, as I've described them above, behavior also matters.

I think there's a bit of a gap, and in some ways I can see it at times in my own work, between what the words say and what the behavior on the ground looks like. So in other words, building threat images requires some actual proof of threat. And so in this report, I've actually relied fairly heavily on the work of credible investigative journalists who pay attention to what companies do versus just what the party says and their work and their conclusions and the work of the media and the investigative media are extremely important for this kind of effort.

Finally, the party's roots as an underground organization, which is what it was, have fundamentally shaped the kind of organization that it is today. And whether we acknowledge it or not, we are locked into a competition between open democratic societies and status totalitarian societies at a global level. It is impossible after years of reading the ideology coming out of Beijing, out of states like Russia.

That to avoid the conclusion that leaders in those countries see the current global situation as one of direct confrontation and struggle, which basically threatens to escalate with every passing day.

>> Matthew Johnson: The Chinese Communist Party has been purpose built and refined to exploit openness by moving in ways that exploit laws around privacy, reputation, ownership, and individual rights and liberties to achieve political ends by undermining other nations' sovereignty.

So when we talk about lawfare, we're not just talking about salami slicing in the South China Sea. Xi Jinping convenes the party's political legal commission once a year to talk about how to negotiate other countries laws and how to use their laws to achieve China's broader international goals.

I'm happy to share research that I've done on this topic as well, it's interesting.

>> Matthew Johnson: And this is why the party's history as an underground organization, and then it's kind of coming into full view during the war with Japan, China's civil war. And then how that process spilled into perceived victories against the United States and Korea in the early 1950s.

Is a kind of process that Xi Jinping is constantly bringing party members attention back to in terms of the party's internal ideology and doctrine.

>> Matthew Johnson: So this complex challenge requires a revival to conclude of specialized research. Of course, the researchers always say that, and analysis techniques to defend national security, and principles of democracy, and openness in a competition that has already started.

And in this sense, study of data and China's grand strategy for data is a case study. I don't think it's the last word, but it's a case study which highlights the current gap that exists between the complexity of the challenge and the current response. Thank you.

>> Glenn Tiffert: Thank you very much, Matt.

I want to invite those of you in the in person audience, but also on the Zoom audience to field questions. And while you do that, please those of you in the Zoom audience, click the Q&A button at the bottom of your screens. While you do that, I have a couple of comments, reflections, and then I'll prime the pump with a question, and then we can build up a queue.

In many ways, I think this report is a model of the kind of research and methodology that Matt just described. For those of you who have not seen it yet, and it is downloadable, it begins with sort of the top level findings that he just articulated to you.

But then in phenomenal granular detail, it describes exactly the picture that he just painted. So that it becomes almost undeniable, really, that there is a much larger play going on here than many people have traditionally appreciated. Not almost. Not almost, very well. So this, I think, is a model for how the work can be done.

A comment about something that I think really bounces off of what Matt said. In many ways, I think China's data strategy is a modernization of something that's extremely old in marxist parties. Many of you will know that there was the fantasy back in the soviet period of creating the perfectly rational economy that soviet state planners.

Could predict and direct every small widget that went into soviet production where it needed to go, when it needed to go. And, of course, this was a tremendous disaster, even though they had tens of thousands of people trying to do it. Xi Jinping's approach to this and cybernetics has been an ongoing interest of marxist parties around the world.

Xi Jinping really believes that big data can solve this problem, and it's breathed new life into that old idea that you can create the perfectly rational society and perfectly managed society that the party sits on top of and controls. And underneath that idea, that revitalized idea, sits this enormous apparatus of data centers and big data collection that's truly global in its scope.

And that is what's informing a great deal of this strategy. This is just my perspective. I'm curious to hear Matt's reflections on that. And then let me pose a question to Matt. I'm really glad to hear that Matt mentions the multilateral piece of this, particularly building trusted networks with allies and partners, coordinating with Japan and our European allies, because I think that's critical.

The solutions that one formulates in a bilateral context may look very different than the solutions that we come up with in a multilateral context. And in particular, Matt, I want to ask you. One of the big frustrations in this area dealing with global data and technology has been that our european partners have tended actually to hold american firms to much higher standards of enforcement than they've held chinese firms.

And I wonder, how do we tackle that problem? Why is Europe actually seeing the United States as more of a threat than it's seeing China? So let me pose that.

>> Matthew Johnson: Well, I mean, I would have a hard time speaking for Europe broadly. I guess I can relay odd pieces of anecdotal evidence that may help answer this question.

I think the fact that the United States is so powerful still as a technological innovator seems, from an economic and development perspective, to be, oddly enough, the more serious economic threat when comparing the US and China and the discussion on the national security side of the threat is definitely moving forward.

But it's been years, if not a good decade plus, of China making inroads into sensitive systems through procurement, through commercial transactions, through fairly low level activity. It's not like PRC companies like Huawei are showing up and saying, we have a master plan to absorb all your data. And I think that would be putting it somewhat strongly anyway.

But at the same time, I think that it's two conversations, really. One is about the US as an economic competitor and then China as a potential national security threat. But also, and I've spent a little time talking to people in various European countries about this, a more distant national security threat.

Like, they're so far away, we don't trade with them as much as we trade with the United States. They're not as big, they're not as important. As big as they are, they're not as important a country for us. But nonetheless, the areas in which the trade is taking place might nonetheless be very, very critical.

But I think those conversations are starting. The US government is talking to allies and I think trying to raise some of those security concerns in ways that aren't sensational. But really just highlight the risks involved with procuring your strategically or from a national security perspective, sensitive sensing technology, for example, from chinese providers.

 

>> Glenn Tiffert: Larry?

>> Larry Diamond: Well, I'll just preface my question by saying in the digital age, it doesn't matter if you're next door or 10,000 miles away, geography has been turned upside down. I think it would be helpful to people here and people listening to have you elaborate on the risk side of things and maybe even in some fairly granular detail.

A lot of people, particularly a lot of young people, but I think users of digital systems, social media and so on, of every age group, have just become frankly resigned and apathetic to the fact that their data is available. Well, there's no immediate evidence that their lives have changed as a result of it.

Everybody has it. I frequently hear, well, why should we worry, particularly at TikTok, Facebook has my data as well. Why should we worry that the chinese government has my data? The us government can probably get it from Facebook as well. So China has my genetic data. So what can you give us some more granular and graphic insights into why people should worry at various levels about China getting and being able to amass and analyze and aggregate and store forever their personal data?

And then can you also say something about how all of this relates to the race to take potentially a permanent lead in artificial intelligence?

>> Matthew Johnson: Yes, and let me start by moving to the personal data question, sort of second, and I think starting with some of the bigger political and economic issues that might seem at least somewhat distant to people who are younger and just sort of like finding their footing in society, et cetera, but that could potentially have long term ramifications.

One which we really focused on in the TikTok report was not so much personal data, although it's clear that the app may be able to access permissions across your device that are not necessarily confined just to your behavior within the TikTok app. So that's one issue. Is it really just TikTok, the app, and I only need to be worried about what I do or say via that app?

Or is it more like a kind of Trojan horse that might be able to access other features of my personal device in direct ways that I don't want it to? And there are some interesting questions now being raised about fast fashion companies, shine or Shein and Temu for their basically asking young people to trade their data.

From other apps for discounts, et cetera, which I think actually says a lot about the agenda there and that kind of app behavior. In other words, the app is not just the app. And I think that's an important point to make. And while I think that young people are obviously facile with technology and to two kids, and they are much quicker than me, pretty much everything.

But the truth also is that unless you really are a technologist and unless you do a forensic study of the behavior of these applications, there's probably a lot that you don't know about them, no matter how adept you are at using technology. And so it's good that we study these things, and it's good that we put that information out there.

But on the political and economic points that I mentioned, one which we found in the TikTok report was that in addition to the leveling up of privileges like inside of your phone, there's also app behavior in terms of search results, in terms of the perspectives that are privileged concerning specific sensitive issues.

For example, our study focused mainly on issues that are sensitive from the perspective of China's government in Beijing and found that the results skewed way toward views that were much more in line with official policies than not. And if you're a young person in this country, I think you need to ask yourself what an app like that does to your understanding of the world, your ability to consume information in more or less, you know, freeways that you want to consume it in.

And, you know, finally, what kind of impact that may have on the political system of the country that you live in. You know, given that we are in a pretty contentious, to put it mildly, time as a nation, and, you know, how then information shapes viewpoints, shapes behavior, et cetera, in the context of the political process is significant.

And so to have a foreign adversary control an app that is increasingly used by younger people for news information in the context of a democratic election seems dangerous. It just seems dangerous. And it doesn't seem like it's going to help the national conversation much at all, because it's clear.

It's been clear for, as it's been clear for Russia also, that internal division in the United States suits China's foreign policy objectives just fine because it, in a sense, limits unity and potentially action to respond to specific threats, both internal and external. So that's the political side, I think, economically also, this is probably hard for Americans to digest based on history, but there is no guarantee of unlimited future economic growth.

And I think the economic threat that China and other countries pose to the United States through espionage. It's not through fair competition, but through espionage through data harvesting that is non reciprocal. The attempt to develop emerging technologies on the back of american economic activity. Those trends do not lead to an economic future that favors the United States.

And so your own personal circumstances, economically, professionally, et cetera, those of people who come after you are all affected by these sorts of decisions that we make in the present to just be apathetic or ignore. And so that's how I would begin answering that very complex question, Larry, on AI, I'm not an AI expert.

I've done a little bit of computing. One of the great laws of computing is garbage in, garbage out. So it's not necessarily that all raw data automatically leads to great strides in AIH, but certainly the ability to train machines on large datasets improves their performance, along with other kinds of ways of improving the technology.

We're in the midst of a global conversation right now about chat, GPT, and the ramifications of godlike artificial intelligence that may be throwing forward a bit too far, but at the same time, yeah, absolutely. I mean, I don't think that we should treat this as an unserious problem.

 

>> Glenn Tiffert: David.

>> David Fedor: Matt, thank you. Just a general question. You mentioned some arguments that maybe there's too much attention being paid to things like TikTok. It's consumer facing. Of course, it's an obvious example. Might you draw out a couple of examples from your report of other data streams where you think it's sort of off people's radar, or the policy conversation has not yet gotten around to it?

There's a lot of buzz these days on ports and logistics, for example. Curious what you found.

>> Matthew Johnson: Right, right. So that's a great question. I mean, ports and other critical infrastructure that increasingly play a role in the lifeblood of the economy. I think drones, autonomous vehicles, so not yet stuff that's widely used.

All of these are areas where China linked or chinese companies have made pretty considerable inroads. And so the report focuses on drones, and it focuses on two companies, DJI and Autel. And I think based on the research that I've done, based on speaking to people in those industries, the way that AV works, the way that sensing technology works, has a range of national security implications, from controllability, the ability to use the equipment in regular and predictable ways if it can be controlled externally, which, given software, given the network nature of equipment, is a real threat to just the amount of economically important and strategically important information that could be gleaned through AV vehicles.

Essentially like mapping us national infrastructure and activity on that infrastructure. In other words, it's basically two things, really. It's basically, and potentially a giant intelligence collection tool, networks of autonomous vehicles, whether drones or cars or trucks. And it is also, in a sense, a risk in terms of the software and the processing and the potential for those features of our infrastructure to be linked in ways that are not fully understood to entities.

Outside of the United States. So there's a control issue and there's a sort of information collection issue that I think those are important streams, so to speak, to focus on. Larry mentioned genomics also, that's in the report. I think there's been a lot of non-consensual collection of genetic and other information that's come to light.

Again, not through my research, but through the reporting of people who focus closely on these things. And in healthcare also there, I think, the risks are somewhat commercial. The development of new pharmaceuticals that companies around the world are striving to develop right now to cure cancer, to cure genetic illness.

So that's more the commercial argument. But if we wanna continue to be a competitor in those spaces, I think, it's worth thinking about where the data in those kinda partnerships and in the use of those products actually goes. Again, I've again been told by people in the biotech space that genetically sort of targeted weapons are not likely in the near future.

And so I know that one gets thrown out a lot, and there may not be as much credibility to it, just as the commercial threat of data that supports innovation not being shared in ways that are obvious or transparent.

>> Glenn Tiffert: Please speaking to the mic.

>> Terry Anderson: Okay, data are converted into information about the conditional outcomes of the events of the future by way of a model of a physical system, the physical system that one wants to establish control over.

And I happen to know that our country is extremely bad at doing that. This is essentially what I do research on. It's so bad that in the case of climate change, the climate models by which the United States attempts to regulate the outcomes of events for Earth's climate system conveys no information about the outcomes of those events to the government.

Therefore, the government cannot really regulate that system. Well, if you extrapolate that to foreign affairs, it's very worrisome to me, and I have some evidence, the fact that we are very poor at doing that kind of model building, and so is the Chinese Communist Party. So you've got two organizations, both armed with thermonuclear weapons, threatening each other with their nuclear weapons, who are using models and making policy decisions that convey no information to them.

I really worry about that. So if I could brief you in detail, and my knowledge of that, I would be delighted to help you.

>> Matthew Johnson: I'd be very grateful. I mean, it's true, there are scenarios that we have to contemplate now that weren't necessarily on the radar even five years ago.

 

>> Terry Anderson: The process by which an information theoretically optimal model can be created by the construction of a model, which I have done many times, I know all about.

>> Matthew Johnson: I'd love to have that conversation.

>> Terry Anderson: Good.

>> Glenn Tiffert: Thank you, Nick, please.

>> Nick: And Matt, thanks for a great presentation.

I think a very timely piece of work. I just thought I'd make a comment and then ask you a question, speaking as a european, and there are some Brits that still declare themselves to be Europeans, amazingly. I think, if I may say so, holding a mirror up to the United States, I think sometimes you make the mistake of thinking that Europe is a homogenous entity.

And certainly, the remarks that a certain president has made in the course of the last week in France perhaps might be conceived to be a European comment. They're not really, I don't think. I mean, Eastern Europe takes a very different perspective. And indeed, the prime minister of Estonia has just written a really good article in the Economist, having given a speech in Australia about cyber and protecting our data and everything associated with it, because Estonia has a lot of experience in all of this.

I think part of it, though, is European naivety, and that's why I think your report should be very timely and I hope it gets widely read throughout European countries. Not least, as I was reading the other day, that the German cyber command is using WowWee technology inside its own databases, which is pretty extraordinary.

But my question is, do you recommend in the report that the US should have a grand strategy to deal with this? Because your policy recommendations seem to be extraordinarily sound, but I wonder whether they should also be nested in a grand strategy, which we can all get behind.

 

>> Matthew Johnson: That's a fantastic observation. I think that it should, and I have to say that in the kind of quest to ground the conclusions in the ways that would appeal to policymakers, the grand strategy part probably dropped out a bit, but it's something I would have to give more thought to.

I think, as a fundamental principle, as painful as it sounds, it seems that the almost logical conclusion is accelerating, decoupling in strategically important areas. A sort of broader version of rip and replace, where the threat to critical infrastructure, it seems now, and not just critical infrastructure in a sort of more narrow national security sense, but the systems that are required to sustain societies and to sustain economic growth.

Are you vulnerable in ways that I'm not sure that policy has caught up to yet, and that hopefully comes through from the report. But you're absolutely right about the need for something like a grant strategy and that not being in the report. And your point on the heterogeneity, so to speak, of Europe definitely well taken.

I mean, my conversations have been primarily in the Estonia, actually. And I would agree completely with your assessment that there's a kind of heightened awareness there that is not uniform everywhere else.

>> Glenn Tiffert: It sounds like the infrastructure of cyber intelligence would be critical infrastructure.

>> Larry Diamond: You'd imagine.

>> Glenn Tiffert: With rip and replace, too, we need appropriations to pay for the replacement.

Here we are several years after rip and replace in local telecom providers, and they've not been able to replace the equipment. So the Chinese equipment is still there, because they need to maintain service. And so this is a very expensive proposition that needs to be attended to, Orville.

I propose of your question, you should know that his report is sort of a prelude to a larger project, which we do anticipate

>> Speaker 7: Assembling a group of people, possibly even in Washington, to consider the conclusions and the data that Matt has offered up and to try to come to some conclusions about what does this mean for us and what we should do.

And I want to ask you, Matt, apropos of that. You know, I think that during the reckless, sort of very naive period of globalization, when it was always win win and nobody cared who owned what, it was just one great big comment. We had a version of that in trade.

We had a version of that in research. We had a version of that in just about everything. So I look at data through that period. It's kind of like the atmosphere. I mean, we share it. It doesn't have any boundaries. It doesn't have any sovereignty, or at least we didn't look at it in that way.

Now, what your report is suggesting is that we need to segregate it into some sort of sovereign territories and there's some no fly zones for different countries. How are we gonna do that? That is a massive challenge.

>> Matthew Johnson: I mean, look, I try to be self reflexive as much as possible, and I realize that there is a kind of strange lovian quality to this topic because, as you say, there's a sense in which data is everywhere, and the idea of protecting it in some way seems very difficult indeed.

But I think that's probably in a way where the answer has to begin is that we have to begin disaggregating this idea of data so that it has less or at least fewer of these ethereal qualities to it, and we have a better sense of what we're talking about and where the priorities lie.

I tried to do that somewhat in the beginning of the presentation. I've had to say several times during this presentation what I'm not, because I know that there are, especially at a university like Stanford, there are people with deep technical expertise. That's not my background. But it does strike me that digital information, so to speak, has many applications.

It's not just there for consumption. Again, it relates to issues of controllability across systems. It relates, you know, sort of just generally to information that people consume and use. It, you know, relates to more broadly the environments in which people consume information. So when we're talking about data, really what we're talking about is, like, specific ecosystems.

And so I think that's, for younger people in the audience that's maybe one helpful place to begin from a regulatory perspective. I haven't done as much of that in this work. But that was sort of vaguely in the recommendations in terms of like, let's start with a list of where we think the priorities lie.

We can't treat data as a single issue. And the pragmatism of the recommendations was ideally grounded in a sense that there are some areas that are more sensitive than others, and there are some kinds of information that are more sensitive than others. So that's where I would start.

But I agree with and I love your characterization, this is like the hangover after globalization, but from an American perspective, because not all countries experience globalization as win-win. And other countries, to the extent that they grew through globalization as well, want to continue growing. I mean, that's a sort of basic law of international relations, I would think.

And that sort of sense of a great power competition does not seem to be fully in our strategy or in our institutions yet.

>> Speaker 7: It's a little like the dollar that we see the resovereignization of currency so that we don't have one universal currency of the realm, the dollar.

People are trying to make Brazil and China and Russia and China. So I think we're heading into this kind of strange world where we have to resovereignize an awful lot of things, and data is probably one of the most difficult ones to do that with.

>> Matthew Johnson: Yep, I can only agree.

That's right.

>> Glenn Tiffert: I want to draw on a question from the online audience in which the questioner, like, I think many Americans, is not sufficiently convinced that they have more to fear from the chinese government than they do from american firms or from their own government with regard to data collection.

And so with that observation, is not some of the solution here to have a national data regime? The United States, I think, has been fairly unique in being a very laissez faire with regard to the collection of data. And that's had tremendous benefit in that. Well, american firms have done extremely well and grown very quickly in this area.

But of course, the costs are well known to us also. And I wonder to what extent, focusing on the end user, that is, say, China versus the United States, that's got to be part of the solution, but is not part of the problem. Also, in just the initial collection of this data, should we not be attacking it from that end of the problem?

Because once the data itself is collected, it can be sold on markets, it can be bought through third parties and acquired. So even if we shut China, if we decouple China from our market, the data can be sold 2nd, 3rd, 4th hand to chinese firms and is being.

That's correct. And it can be hacked as well, instantaneously. So simply collecting the data that is dangerous is itself something we should be thinking about. So how do we sort of balance those competing concerns, Matt?

>> Matthew Johnson: Yeah, no, great. And thank you to the audience member who raised that one, especially speaking at an institution like Hoover.

I would be hesitant to jump into an argument that we need to immediately start regulating some of our most valuable industries. So I would sidestep that solution, at least for the time being, you know, as it's not that that's not an important conversation, but I feel like the domestic conversation and the foreign policy conversation are not the same conversation, and we shouldn't treat them like the same conversation.

And I think actually, TikTok's lobbyists have really tried to pursue this line of approach that what we don't need is a TikTok solution. What we really need is a solution for everybody 1520 years in the future when that finally gets worked out. In the meantime, what happens? From my perspective, yes, let's think about rules that protect people.

I think that's what our government does anyway. I haven't lost hope or. Or optimism in that sense. But I'm more focused on the foreign policy aspect of the threat. Which is how, as you mentioned at the end of that question, Glenn, how data moves across borders, feeds into the designs of foreign adversaries, etcetera.

That to me, is a present enough threat that it should not be subordinated to a broader conversation around what to do about Facebook.

>> Larry Diamond: Can I just ask briefly, when I raised this recently, someone suggested, why not just ban the export of data from american data companies to China?

We have export controls in other realms. Do you have any thoughts on that?

>> Matthew Johnson: Yeah, fair. I mean, that sounds like a great starting point. That's the basis of negotiations between the US government and TikTok have been over this idea, the so called Texas Project. Where all TikTok data would be stored by Oracle in servers, they're located within the United States, and whose activity can be monitored and controlled.

I think that is an important starting point.

>> Glenn Tiffert: I want to pull on that thread with another question from the online audience, and that is to get a little bit of Sunzi on this. Is there a weakness that we can exploit in China's data strategy? Is there a way into which we can turn this to our advantage, like Sunza?

 

>> Matthew Johnson: That's deep, I think. Look, I mean, this report was very much written in the how can we protect Americans mode. Not as much in the how can we disrupt China's systems mode to the extent that it makes a recommendation in that latter area. The main recommendation isn't for exploitation, so to speak, but it is a recommendation that we researchers, analysts, others who care about these issues get serious about the research.

You know, everyone I talk to who wants to solve these problems goes right to the point that there is a lack of capacity. Whether it's capacity to sort of map the landscape, to compact capacity to enforce the laws and various actions in between. So, I think a starting point to that question is simply somewhat to Orville's point about sovereignty, having a serious discussion about how to protect sovereignty and protect citizens.

Because the exploitation of openness, as I said, at the end, there is something, it's not just that the party does it well because they were an underground organization in Shanghai in the 1930s or that kind of thing. It's because the party now studies how to exploit openness in other societies, as I was saying, to pursue its own ends.

Whether it's legally, whether it's through setting up groups in civil society that actually turn into tools of the repression of dissidents living abroad, it's exploitation of openness. So getting serious about protecting openness in ways that at the same time make this kind of activity that seems to run like totally counter to democratic values, that would be one starting point.

Stop giving it all away for free.

>> Glenn Tiffert: So.

>> Terry Anderson: Excuse me. Terry. Could you address that, what you just said? There is a book out called the Psychology of Totalitarianism. It's written by an academic psychologist and one of his findings is that totalitarianism is associated with the use of models by governments that produce little or no information.

So that's one way perhaps we can get out of the bind that we're in.

>> Matthew Johnson: Sure. And I happen to believe that democracies perform better in the senses that you're describing because there's a much clearer flow of information.

>> Terry Anderson: Miserable failure, which is indicative of the models that the Marxists use, provide them with little or no information.

 

>> Larry Diamond: That's right.

>> Matthew Johnson: And there's a school of thought that I've encountered recently. It's the sort of like, we did it once, we'll do it again, school of thought. But it's not focused on World War two, is that we did it once. It's the collapse of the Soviet Union as we did it once, in the sense that really avoiding war with China, which is a scenario complex and grave to contemplate, is a priority.

And the alternative, but still one that protects us national security over the long term, is to try to contain China and China's growth in ways that would ultimately put stress on China's society from within.

>> Glenn Tiffert: David, next question.

>> David Fedor: Matt, both you and Glenn touched on working with allies and partners.

We mentioned that some countries in Europe might be behind the US on waking up to this risk. Are there us allies, partners, or friends who are ahead of us on this? I mean, Estonia was brought up. What are they doing that maybe you think the US should be doing?

Taiwan is another example in my mind of, of a partner who I think is attuned to this risk and has a lot of experience.

>> Matthew Johnson: Sure. So, that's great. I think on this idea of data free flow with trust, that's Japan. And so Japan, in terms of the kind of multilateral dimensions of the topic is a country to look to as having proposed under the Abe government, a sort of serious idea in response to this threat.

I think domestically, you know, Australia obviously has pursued an agenda of counter foreign interference that's not applied to China only, which is, I think, an important point to make as well. But that has a kind of framework for identifying what malign activity looks like and then attempting to resolve those issues through law enforcement among others.

So those are two that come to mind. And Estonia, I have had some really important to me conversations with colleagues there. And I don't know that the model is coming into view yet, but what I find striking is we have. In the world, countries whose populations have living memory and experience of dealing with large authoritarian or totalitarian neighbors.

And how they've then taken measures to decouple or detach are probably worth exploring for sure.

>> Glenn Tiffert: Laura, the final question.

>> Laura Tyson: Thank you, Matthew, for your presentation. I want to continue on this topic about third countries. Some of the recommendations, like strategic decoupling and working with this group of friends might work very well for the group of friends.

But as you said, that foreign policy is something that you are an expert in. What have you thought about further in terms that making that group of friends and creating sovereignty in terms of american Internet might increase block forming in the world, and how do third countries have to deal with that?

 

>> Matthew Johnson: Yeah, it's a great question. Where China's been successful is in providing a lot of third countries at various sort of economic stages, so to speak, with critical infrastructure that they and their populations need to modernize. And I think that that fact shouldn't be overlooked. I think it's probably incumbent on the United States and like minded countries to propose real, concrete solutions that go beyond just like don't use this or don't do this.

And I don't think that that side of the policy has been fully worked out yet, to put it mildly. But I definitely see that as a concern, and I definitely see that as an issue that requires response. That's a great question.

>> Glenn Tiffert: So I think that brings our event to a close.

I want to thank you all for some excellent questions, great discussion, and in particular thank Matt for what really is an extremely important, substantively rich intervention in this topic. As Orville suggested, this is the opening round, I think, in a much larger push that we're going to build around the set of topics and set of questions involving Matt as we really try to move the needle on the discussion.

I want to alert those of you in the audience that on April 26 at noon Pacific, we're going to have another CGSP speaker event. Richard Carney will be speaking to us about his new manuscript, China's Chance to Lead, Acquiring Global Influence Via Infrastructure Development and Digitalization. I hope you can join us for that.

And thank you for coming today.