Trigger warning. The CCP’s coordinated information effort to discredit the BBC

Chinese Communist Party (CCP) diplomatic accounts, Chinese state media, pro-CCP influencers and patriotic trolls are targeting the UK public broadcaster, the BBC, in a coordinated information operation. Recent BBC reports, including the allegations of systematic sexual assault in Xinjiang’s internment camps, were among a number of triggers provoking the CCP’s propaganda apparatus to discredit the BBC, distract international attention and recapture control of the narrative.

In ASPI ICPC’s new report, Albert Zhang and Dr Jacob Wallis provide a snapshot of the CCP’s ongoing coordinated response targeting the BBC, which leveraged YouTube, Twitter and Facebook and was broadly framed around three prominent narratives:

  1. That the BBC spreads disinformation and is biased against China
  2. That the BBC’s domestic audiences think that it’s biased and not to be trusted
  3. That the BBC’s reporting on China is instigated by foreign actors and intelligence agencies.

In addition, the report analyses some of the secondary effects of this propaganda effort by exploring the mobilisation of a pro-CCP Twitter network that has previously amplified the Covid-19 disinformation content being pushed by China’s Ministry of Foreign Affairs, and whose negative online engagement with the BBC peaks on the same days as that of the party-state’s diplomats and state media. 

To contest and blunt criticism of the CCP’s systematic surveillance and control of minority ethnic groups, the party will continue to aggressively deploy its propaganda and disinformation apparatus. Domestic control remains fundamental to its political power and legitimacy, and internationally narrative control is fundamental to the pursuit of its foreign policy interests.

Devolved data centre decisions: Opportunities for reform?

Data has been referred to as the ‘new oil’ or ‘new gold’, but it’s more than that. Most organisations can’t function without it. That applies equally to government.

Government data creation, collection, storage and analysis has grown and continues to grow, as does government reliance on it. With continued government policy directions promoting increased outsourcing of data storage, processing and cloud storage, the value and protection that disaggregation and diversification generate may be lost in the absence of appropriate oversight.

In this report, ASPI’s Gill Savage and Anne Lyons provide an overview of the current state, the implications of the panel arrangements and the resulting challenges. They review the unintended consequences of the Australian Government’s data centre procurement arrangements, first introduced over a decade ago, and suggest areas for reform. The aim is to shape a better conversation on issues, challenges and factors to consider relating to arrangements for the provision of outsourced data centres.

The influence environment

A survey of Chinese-language media in Australia

What’s the problem?

In the past two decades, Australia’s Chinese-language media landscape has undergone fundamental changes that have come at a cost to quality, freedom of speech, privacy and community representation. The diversity of Australia’s Chinese communities, which often trace their roots to Hong Kong, Southeast Asia and Taiwan as well as the People’s Republic of China, isn’t well reflected in the media sector.

Persistent efforts by the Chinese Communist Party (CCP) to engage with and influence Chinese language media in Australia far outmatch the Australian Government’s work in the same space. A handful of outlets generally offer high-quality coverage of a range of issues. However, CCP influence affects all media. It targets individual outlets while also manipulating market incentives through advertising, coercion and WeChat. Four of the 24 Australian media companies studied in this report show evidence of CCP ownership or financial support.

WeChat, a Chinese social media app created by Tencent, may be driving the most substantial and harmful changes ever observed in Australia’s Chinese-language media sector. On the one hand, the app is particularly important to Chinese Australians and helps people stay connected to friends and family in China. It’s used by as many as 3 million users in Australia for a range of purposes including instant messaging.1 It’s also the most popular platform used by Chinese Australians to access news.2 However, WeChat raises concerns because of its record of censorship, information control and surveillance, which align with Beijing’s objectives. Media outlets on WeChat face tight restrictions that facilitate CCP influence by pushing the vast majority of news accounts targeting Australian audiences to register in China. Networks and information sharing within the app are opaque, contributing to the spread of disinformation.

Australian regulations are still evolving to meet the challenges identified in this report, which often mirror problems in the media industry more generally. They haven’t introduced sufficient transparency to the Chinese-language media sector and influence from the CCP. Few Australian Government policies effectively support Chinese-language media and balance or restrict CCP influence in it.

What’s the solution?

The Australian Government should protect Chinese-language media from foreign interference while introducing measures to support the growth of an independent and professional media sector. WeChat is a serious challenge to the health of the sector and to free and open public discourse in Chinese communities, and addressing it must be a core part of the solution.

The government should encourage the establishment and growth of independent media. It should consider expanding Chinese-language services through the ABC and SBS, while also reviewing conflicts of interest and foreign interference risks in each. Greater funding should be allocated to multicultural media, including for the creation of scholarships and training programs for Chinese-language journalists and editors. The government should subsidise syndication from professional, non-CCPcontrolled media outlets.

On WeChat, the government should hold all social media companies to the same set of rules, standards and norms, regardless of their country of origin or ownership. As it does with platforms such as Facebook and Twitter, the government should increase engagement with WeChat through relevant bodies such as the Department of Home Affairs, the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, the Australian Communications and Media Authority, the eSafety Commissioner, the Australian Electoral Commission and the Department of Infrastructure, Transport, Regional Development and Communications. The aim should be to ensure that WeChat is taking clear and measurable steps in 2021 to address concerns and meet the same sets of rules, standards and norms that US social media platforms are held to. This effort should be done in tandem with outreach to like-minded countries. If companies refuse to meet those standards, they shouldn’t be allowed to operate in Australia.3

The government should explore ways to amend or improve the enforcement of legislation such as the Broadcasting Services Act 1995 and the Foreign Influence Transparency Scheme Act 2018 to increase the transparency of foreign ownership of media in any language, regardless of platform.

Introduction

Australia’s Chinese‑language media sector is an important part of our democracy, yet its contours and its challenges are poorly understood.4 Australia is home to large and diverse Chinese communities. According to the 2016 Census, nearly 600,000 Australians spoke Mandarin at home, and more than 280,000 spoke Cantonese.5 Only a minority of Australians with Chinese heritage were born in mainland China—many were born in Australia, Taiwan, Hong Kong or Southeast Asia.6 However, individuals born in mainland China are probably the largest group of WeChat users. Migration from mainland China is likely to remain high, and Australia has been home to large numbers of visiting Chinese students and businesspeople.

It’s been claimed that most Chinese‑language media in Australia are controlled or influenced by Beijing.7 While that’s broadly accurate, past research hasn’t systematically examined the extent and mechanisms of CCP influence over Australian media.8 In particular, the pervasive effects of WeChat on the Chinese media sector haven’t been widely appreciated. Our research identified no significant influence in Australian Chinese‑language media from governments other than China’s.

Growing concerns about the lack of Chinese‑Australian representation in Australian politics, CCP interference in Australia and Australia–China relations highlight the need for policymakers to understand the Chinese‑language media environment. For example, Australian politicians and scholars have questioned WeChat’s role in elections, called out disinformation on the app and complained about the past absence of relevant security advice from the government.9 Marginal seats such as Chisholm and Reid have large Chinese communities, among which Chinese‑language media, particularly through WeChat, have been an important factor in some elections.10

Download full document

The full document “The influence environment” is available for downloaded here.


Acknowledgements

The authors would like to thank John Fitzgerald, Danielle Cave, Louisa Lim, Michael Shoebridge, Peter Jennings and several anonymous peer reviewers who offered their feedback and insights. Audrey Fritz contributed research on media regulation and censorship.

Funding: The Department of Home Affairs provided ASPI with $230k in funding, which was used towards this report.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non-partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our annual report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber, emerging and critical technologies, issues related to information and foreign interference and focuses on the impact these issues have on broader strategic policy. The centre has a growing mixture of expertise and skills with teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building, satellite analysis, surveillance and China-related issues.

The ICPC informs public debate in the Indo-Pacific region and supports public policy development by producing original, empirical, data-driven research. The ICPC enriches regional debates by collaborating with research institutes from around the world and by bringing leading global experts to Australia, including through fellowships. To develop capability in Australia and across the Indo-Pacific region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises for the public and private sectors.

We would like to thank all of those who support and contribute to the ICPC with their time, intellect and passion for the topics we work on. If you would like to support the work of the centre please contact: icpc@aspi.org.au

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published December 2020.

ISSN 2209-9689 (online),
ISSN 2209-9670 (print)

#WhatsHappeningInThailand: The power dynamics of Thailand’s digital activism

Thailand’s political discourse throughout the past decade has increasingly been shaped and amplified by social media and digital activism. The most recent wave of political activism this year saw the emergence of a countrywide youth-led democracy movement against the military-dominated coalition, as well as a nationalist counter-protest movement in support of the establishment.

The steady evolution of tactics on the part of the government, the military and protesters reflects an increasingly sophisticated new battleground for democracy, both on the streets and the screens. Understanding these complex dynamics is crucial for any broader analysis of the Thai protest movement and its implications.

In this report, we analyse samples of Twitter data relating to the online manifestation of contemporary political protests in Thailand. We explore two key aspects in which the online manifestation of the protests differs from its offline counterpart. That includes (1) the power dynamics between institutional actors and protesters and (2) the participation and engagement of international actors surrounding the protests.

After Covid-19 Volume 3: Voices from federal parliament

For this volume of ASPI’s After Covid-19 series, we asked Australia’s federal parliamentarians to consider the world after the crisis and discuss policy and solutions that could drive Australian prosperity through one of the most difficult periods in living memory. The 49 contributions in this volume are the authentic voices of our elected representatives.

For policymakers, this volume offers a window into thinking from all sides of the House of Representatives and Senate, providing insights to inform their work in creating further policy in service of the Australian public. For the broader public, this is an opportunity to see policy fleshed out by politicians on their own terms and engage with policy thinking that isn’t often seen on the front pages of major news outlets.

Cyber-enabled foreign interference in elections and referendums

What’s the problem?

Over the past decade, state actors have taken advantage of the digitisation of election systems, election administration and election campaigns to interfere in foreign elections and referendums.1 Their activity can be divided into two attack vectors. First, they’ve used various cyber operations, such as denial of service (DoS) attacks and phishing attacks, to disrupt voting infrastructure and target electronic and online voting, including vote tabulation. Second, they’ve used online information operations to exploit the digital presence of election campaigns, politicians, journalists and voters.

Together, these two attack vectors (referred to collectively as ‘cyber-enabled foreign interference’ in this report because both are mediated through cyberspace) have been used to seek to influence voters and their turnout at elections, manipulate the information environment and diminish public trust in democratic processes.

This research identified 41 elections and seven referendums between January 2010 and October 2020 where cyber-enabled foreign interference was reported, and it finds that there’s been a significant uptick in such activity since 2017. This data collection shows that Russia is the most prolific state actor engaging in online interference, followed by China, whose cyber-enabled foreign interference activity has increased significantly over the past two years. As well as these two dominant actors, Iran and North Korea have also tried to influence foreign elections in 2019 and 2020. All four states have sought to interfere in the 2020 US presidential elections using differing cyber-enabled foreign interference tactics.

In many cases, these four actors use a combination of cyber operations and online information operations to reinforce their activities. There’s also often a clear geopolitical link between the interfering state and its target: these actors are targeting states they see as adversaries or useful to their geopolitical interests.

Democratic societies are yet to develop clear thresholds for responding to cyber-enabled interference, particularly when it’s combined with other levers of state power or layered with a veil of plausible deniability.2 Even when they’re able to detect it, often with the help of social media platforms, research institutes and the media, most states are failing to effectively deter such activity. The principles inherent in democratic societies—openness, freedom of speech and the free flow of ideas—have made them particularly vulnerable to online interference.

What’s the solution?

This research finds that not all states are being targeted by serious external threats to their electoral processes, so governments should consider scaled responses to specific challenges. However, the level of threat to all states will change over time, so there’s little room for complacency. For all stakeholders—in government, industry and civil society—learning from the experience of others will help nations minimise the chance of their own election vulnerabilities being exploited in the future.3

The integrity of elections and referendums is key to societal resilience. Therefore, these events must be better protected through greater international collaboration and stronger engagement between government, the private sector and civil society.

Policymakers must respond to these challenges without adopting undue regulatory measures that would undermine their political systems and create ‘the kind of rigidly controlled environment autocrats seek’.4 Those countries facing meaningful cyber-enabled interference need to adopt a multi-stakeholder approach that carefully balances democratic principles and involves governments, parliaments, internet platforms, cybersecurity companies, media, NGOs and research institutes. This report recommends that governments identify vulnerabilities and threats as a basis for developing an effective risk-mitigation framework for resisting cyber-enabled foreign interference.

The rapid adoption of social media and its integration into the fabric of political discourse has created an attack surface for malign actors to exploit. Global online platforms must take responsibility for taking appropriate action against actors attempting to manipulate their users, yet these companies are commercial entities whose interests aren’t always aligned with those of governments. They aren’t intelligence agencies so are sometimes limited in their capacity to attribute malign activities directly. To mitigate risk during election cycles, social media companies’ security teams should work closely with governments and civil society groups to ensure that there’s a shared understanding of the threat actors and of their tactics in order to ensure an effectively calibrated and collaborative security posture.

Policymakers must implement appropriate whole-of-government mechanisms which continuously engage key stakeholders in the private sector and civil society. Greater investments in capacity building must be made by both governments and businesses in the detection and deterrence of these. It’s vital that civil society groups are supported to build up capability that stimulates and informs international public discourse and policymaking. Threats to election integrity are persistent, and the number of actors willing to deploy these tactics is growing.

Background

Foreign states’ efforts to interfere in the elections and referendums of other states, and more broadly to undermine other political systems, are an enduring practice of statecraft.5 Yet the scale and methods through which such interference occurs has changed, with old and new techniques adapting to suit the cyber domain and the opportunities presented by a 24/7, always connected information environment.6

When much of the world moved online, political targets became more vulnerable to foreign interference, and millions of voters were suddenly exposed, ‘in a new, “neutral” medium, to the very old arts of persuasion or agitation’.7 The adoption of electronic and online voting, voter tabulation and voter registration,8 as well as the growth of online information sharing and communication, has made interference in elections easier, cheaper and more covert.9 This has lowered the entry costs for states seeking to engage in election interference.10

Elections and referendums are targeted by foreign adversaries because they are opportunities when significant political and policy change occurs and they are also the means through which elected governments derive their legitimacy.11 By targeting electoral events, foreign actors can attempt to influence political decisions and policymaking, shift political agendas, encourage social polarisation and undermine democracies. This enables them to achieve long-term strategic goals, such as strengthening their relative national and regional influence, subverting undesired candidates, and compromising international alliances that ‘pose a threat’ to their interests.12

Elections and referendums also involve diverse actors, such as politicians, campaign staffers, voters and social media platforms, all of which can be targeted to knowingly or unknowingly participate in, or assist with, interference orchestrated by a foreign state.13 There are also a number of cases where journalists and media outlets have unwittingly shared, amplified, and contributed to the online information operations of foreign state actors.14 The use of unknowing participants has proved to be a key feature of cyber-enabled foreign election interference.

This is a dangerous place for liberal democracies to be in. This report highlights that the same foreign state actors continue to pursue this type of interference, so much so that it is now becoming a global norm that’s an expected part of some countries’ election processes. On its own, this perceived threat has the potential to undermine the integrity of elections and referendums and trust in public and democratic institutions.

Methodology and definitions

This research is an extension and expansion of the International Cyber Policy Centre’s Hacking democracies: cataloguing cyber-enabled attacks on elections, which was published in May 2019. That project developed a database of reported cases of cyber-enabled foreign interference in national elections held between November 2016 and April 2019.15 This new research extends the scope of Hacking democracies by examining cases of cyber-enabled foreign interference between January 2010 and October 2020. This time frame was selected because information on the use of cyber-enabled techniques as a means of foreign interference started to emerge only in the early 2010s.16

This reports appendix includes a dataset that provides an inventory of case studies where foreign state actors have reportedly used cyber-enabled techniques to interfere in elections and referendums.

The cases have been categorised by:

  • target
  • type of political process
  • year
  • attack vector (method of interference)
  • alleged foreign state actor.

Also accompanying this report is an interactive online map which geo-codes and illustrates our dataset, allowing users to apply filters to search through the above categories.

This research relied on open-source information, predominantly in English, including media reports from local, national, and international outlets, policy papers, academic research, and public databases. It was desktop based and consisted of case selection, case categorisation and mixed-methods analysis.17 The research also benefited from a series of roundtable discussions and consultations with experts in the field,18 as well as a lengthy internal and external peer review process.

The accompanying dataset only includes cases where attribution was publicly reported by credible researchers, cybersecurity firms or journalists. The role of non-state actors and the use of cyber-enabled techniques by domestic governments and political parties to shape political discourse and public attitudes within their own societies weren’t considered as part of this research.19

This methodology has limitations. For example, the research is limited by the covert and ongoing nature of cyber-enabled foreign interference, which is not limited to the period of an election cycle or campaign. Case selection for the new dataset, in particular, was impeded by the lack of publicly available information and uncertainty about intent and attribution, which are common problems in work concerning cyber-enabled or other online activity. It likely results in the underreporting of cases and a skewing towards English-language and mainstream media sources. The inability to accurately assess the impact of interference campaigns also results in a dataset that doesn’t distinguish between major and minor campaigns and their outcomes. The methodology omitted cyber-enabled foreign interference that occurred outside the context of elections or referendums.20

In the context of this policy brief, the term ‘attack vector’ refers to the means by which foreign state actors carry out cyber-enabled interference. Accordingly, the dataset contains cases of interference that can broadly be divided into two categories:

• Cyber operations: covert activities carried out via digital infrastructure to gain access to a server or system in order to compromise its service, identify or introduce vulnerabilities, manipulate information or perform espionage21
• Online information operations: information operations carried out in the online information environment to covertly distort, confuse, mislead and manipulate targets through deceptive or inaccurate information.22

Cyber operations and online information operations are carried out via an ‘attack surface’, which is to be understood as the ‘environment where an attacker can try to enter, cause an effect on, or extract data from’.23
 

Key findings

ASPI’s International Cyber Policy Centre has identified 41 elections and seven referendums between January 2010 and October 2020 (Figure 1) that have been subject to cyber-enabled foreign interference in the form of cyber operations, online information operations or a combination of the two.24

Figure 1: Cases of cyber-enabled foreign interference, by year and type of political process

Figure 1 shows that reports of the use of cyber-enabled techniques to interfere in foreign elections and referendums has increased significantly over the past five years. Thirty-eight of the 41 elections in which foreign interference was identified, and six of the referendums, occurred between 2015 and 2020 (Figure 1). These figures are significant when we consider that elections take place only every couple of years and that referendums are typically held on an ad hoc basis, meaning that foreign state actors have limited opportunities to carry out this type of interference.

As a key feature of cyber-enabled interference is deniability, there are likely many more cases that remain publicly undetected or unattributed. Moreover, what might be perceived as a drop in recorded cases in 2020 can be attributed to a number of factors, including election delays caused by Covid-19 and that election interference is often identified and reported on only after an election period is over.

Figure 2: Targets of cyber-enabled foreign interference in an election or referendum

Note: The numbers in the map represent the number of reported cases of cyber-enabled foreign interference in an election or referendum. Access this interactive map here. Source: Maptive, map data © 2020 Google.

Figure 3: Number of political processes targeted (1–4), by state or region

Cyber-enabled interference occurred on six continents (Africa, Asia, Europe, North America, Australia and South America).The research identified 33 states that have experienced cyber-enabled foreign interference in at least one election cycle or referendum, the overwhelming majority of which are democracies.25 The EU has also been a target: several member states were targeted in the lead-up to the 2019 European Parliament election.26

Significantly, this research identified 11 states that were targeted in more than one election cycle or referendum (Figure 3). The repeated targeting of certain states is indicative of their (perceived) strategic value, the existence of candidates that are aligned with the foreign state actors’ interests,27 insufficient deterrence efforts, or past efforts that have delivered results.28 This research also identified five cases in which multiple foreign state actors targeted the same election or referendum (the 2014 Scottish independence referendum, the 2016 UK referendum on EU membership, the 2018 Macedonian referendum, the 2019 Indonesian general election and the 2020 US presidential election). Rather than suggesting coordinated action, the targeting of a single election or referendum by multiple foreign state actors more likely reflects the strategic importance of the outcome to multiple states.

The attack vectors

The attack vectors are cyber operations and online information operations.29 Of the 48 political processes targeted, 26 were subjected to cyber operations and 34 were subjected to online information operations. Twelve were subjected to a combination of both (Figure 4).

Figure 4: Attacks on political processes, by attack vector

Cyber operations

This research identified 25 elections and one referendum over the past decade in which cyber operations were used for interference purposes. In the context of election interference, cyber operations fell into two broad classes: operations to directly disrupt (such as DoS attacks) or operations to gain unauthorised access (such as phishing). Unauthorised access could be used to enable subsequent disruption or to gather intelligence that could then enable online information operations, such as a hack-and-leak campaign.

Phishing attacks were the main technique used to gain unauthorised access to the personal online accounts and computer systems of individuals and organisations involved in managing and running election campaigns or infrastructure. They were used in 17 of the 25 elections, as well as the referendum, with political campaigns on the receiving end in most of the reported instances. Phishing involves misleading a target into downloading malware or disclosing personal information, such as login credentials, by sending a malicious link or file in an otherwise seemingly innocuous email or message (Figure 5).30 For example, Google revealed in 2020 that Chinese state-sponsored threat actors pretended to be from antivirus software firm McAfee in order to target US election campaigns and staffers with a phishing attack.31

Figure 5: The email Russian hackers used to compromise state voting systems ahead of the 2016 US presidential election

Source: Sam Biddle, ‘Here’s the email Russian hackers used to try to break into state voting systems’, The Intercept, 2 June 2018, online.

When threat actors gain unauthorised access to election infrastructure, they could potentially disrupt or even alter vote counts, as well as use information gathered from their access to distract public discourse and sow doubt about the validity and integrity of the process.

Then there are DoS attacks, in which a computer or online server is overwhelmed by connection requests, leaving it unable to provide service.32 In elections, they’re often used to compromise government and election-related websites, including those used for voter registration and vote tallying.

DoS attacks were used in six of the 25 elections, and one referendum, targeting vote-tallying websites, national electoral commissions and the websites of political campaigns and candidates. For example, in 2019, the website of Ukrainian presidential candidate Volodymyr Zelenskiy was subjected to a distributed DoS attack the day after he announced his intention to run for office. The website received 5 million requests within minutes of its launch and was quickly taken offline, preventing people from registering as supporters.33

Online information operations

This research identified 28 elections and six referendums over the past decade in which online information operations were used for interference purposes. In the context of election interference, online information operations should be understood as the actions taken online by foreign state actors to distort political sentiment in an election to achieve a strategic or geopolitical outcome.34

They can be difficult to distinguish from everyday online interactions and often seek to exploit existing divisions and tensions within the targeted society.35

Online information operations combine social media manipulation (‘inauthentic coordinated behaviour’), for example partisan media coverage and disinformation to distort political sentiment during an election and, more broadly, to alter the information environment. The operations are designed to target voters directly and often make use of social media and networking platforms to interact in real time and assimilate more readily with their targets.36

Online information operations tend to attract and include domestic actors.37 There have been several examples in which Russian operatives have successfully infiltrated and influenced legitimate activist groups in the US.38 This becomes even more prominent as foreign state actors align their online information operations with domestic disinformation and extremist campaigns, amplifying rather than creating disinformation.39 The strategic use of domestic disinformation means that governments and regulators may find it difficult to target them without also taking a stand against domestic misinformers and groups.

It is important to acknowledge the synergy of the two attack vectors, and also how they can converge and reinforce one another.40 This research identified three elections where cyber operations were used to compromise a system and obtain sensitive material, such as emails or documents, which were then strategically disclosed online and amplified.41 For example, according to Reuters, classified documents titled ‘UK-US Trade & Investment Working Group Full Readout’ were distributed online before the 2019 British general election as part of a Russian-backed strategic disclosure campaign.42

The main concern with the strategic use of both attack vectors is that it further complicates the target’s ability to detect, attribute and respond. This means that any meaningful response will need to consider both potential attack vectors when securing vulnerabilities.

State actors and targets

Cyber-enabled foreign interference in elections and referendums between 2010 and 2020 has been publicly attributed to only a small number of states: Russia, China, Iran and North Korea. In most cases, a clear geopolitical link between the source of interference and the target can be identified; Russia, China, Iran and North Korea mainly target states in their respective regions, or states they regard as adversaries— such as the US.43

The increasing cohesion among foreign state actors, notably China and Iran learning and adopting various techniques from Russia, has made it increasingly difficult to distinguish between the different foreign state actors.44 This has been further complicated by the adoption of Russian tactics and techniques by domestic groups, in particular groups aligned with the far-right for example.45

Russia

Russia is the most prolific foreign actor in this space. This research identified 31 elections and seven referendums involving 26 states over the past decade in which Russia allegedly used cyber-enabled foreign interference tactics. Unlike the actions of many of the other state actors profiled here, Russia’s approach has been global and wide-ranging. Many of Russia’s efforts remain focused on Europe, where Moscow allegedly used cyber-enabled means to interfere in 20 elections, including the 2019 European Parliament election and seven referendums. Of the 16 European states affected, 12 are members of the EU and 13 are members of NATO.46 Another focus for Russia has been the US and while the actual impact on voters remains debatable, Russian interference has become an expected part of US elections.47 Moscow has also sought to interfere in the elections of several countries in South America and Africa, possibly in an attempt to undermine democratisation efforts and influence their foreign policy orientations.48

Russia appears to be motivated by the intent to signal its capacity to respond to perceived foreign interference in its internal affairs and anti-Russian sentiment.49 It also seeks to strengthen its regional power by weakening alliances that pose a threat. For instance, Russia used cyber operations and online information operations to interfere in both the 2016 Montenegrin parliamentary election and the 2018 Macedonian referendum. This campaign was part of its broader political strategy to block the two states from joining NATO and prevent the expansion of Western influence into the Balkan peninsula.50

Figure 6: States targeted by Russia between 2010 and 2020

Source: Maptive, map data © 2020 Google.

China

Over the past decade, it’s been reported that China has targeted 10 elections in seven states and regions. Taiwan, specifically Taiwanese President Tsai Ing-wen and her Democratic Progressive Party, has been the main target of China’s cyber-enabled election interference.51 Over the past three years, however, the Chinese state has expanded its efforts across the Indo-Pacific region.52 Beijing has also been linked to activity during the 2020 US presidential election. As reported by the New York Times and confirmed by both Google and Microsoft, state-backed hackers from China allegedly conducted unsuccessful spear-phishing attacks to gain access to the personal email accounts of campaign staff members working for the Democratic Party candidate Joseph Biden.53

China’s interference in foreign elections is part of its broader strategy to defend its ‘core’ national interests, both domestically and regionally, and apply pressure to political figures who challenge those interests. Those core interests, as defined by the Chinese Communist Party, include the preservation of domestic stability, economic development, territorial integrity and the advancement of China’s great-power status.54 Previously, China’s approach could be contrasted with Russia’s in that China attempted to deflect negativity and shape foreign perceptions to bolster its legitimacy, whereas Russia sought to destabilise the information environment, disrupt societies and weaken the target.55 More recently, however, China has adopted methods associated with Russian interference, such as blatantly destabilising the general information environment in targeted countries with obvious mistruths and conspiracy theories.56

Figure 7: States and regions targeted by China between 2010 and 2020

Source: Maptive, map data © 2020 Google.

Iran

This dataset shows that Iran engaged in alleged interference in two elections and two referendums in three states.57 Iranian interference in foreign elections appears to be similar to Russian interference in that it’s a defensive action against the target for meddling in Iran’s internal affairs and a reaction to perceived anti-Iran sentiment. A pertinent and current example of this is Iran’s recent efforts to interfere in the 2020 US presidential election by targeting President Trump’s campaign.58 As reported by the Washington Post, Microsoft discovered that the Iranian-backed hacker group Phosphorus had used phishing emails to target 241 email accounts belonging to government officials, journalists, prominent Iranian citizens and staff associated with Trump’s election campaign and successfully compromised four of those accounts.59

Figure 8: States targeted by Iran between 2010 and 2020

Source: Maptive, map data © 2020 Google.

North Korea

North Korea has been identified as a foreign threat actor behind activity targeting both the 2020 South Korean legislative election and the 2020 US presidential election.60 Somewhat similarly to China’s approach, North Korea’s interference appears to focus on silencing critics and discrediting narratives that undermine its national interests. For example, North Korea targeted North Korean citizens running in South Korea’s 2020 legislative election, including Thae Yong-ho, the former North Korean Deputy Ambassador to the UK and one of the highest-ranking North Korean officials to ever defect.61

Figure 9: States targeted by North Korea between 2010 and 2020

Source: Maptive, map data © 2020 Google.

Detection and attribution

Detection and attribution requires considerable time and resources, as those tasks require the technical ability to analyse and reverse engineer a cyber operation or online information operation.

Beyond attribution, understanding the strategic and geopolitical aims of each event is challenging and time-consuming.62 The covert and online nature of cyber-enabled interference, whether carried out as a cyber operation or an online information operation, inevitably complicates the detection and identification of interference. For example, a DoS attack can be difficult to distinguish from a legitimate rise in online traffic. Moreover, the nature of the digital infrastructure and the online information environment used to carry out interference enables foreign state actors to conceal or falsify their identities, locations, time zones and languages.

As detection and attribution capabilities improve, the tactics and techniques used by foreign states will adapt accordingly, further complicating efforts to detect and attribute interference promptly.63

There are already examples of foreign state actors adapting their techniques, such as using closed groups and encrypted communication platforms (such as WhatsApp, Telegram and LINE) to spread disinformation64 or using artificial intelligence to generate false content.65 It can also be difficult to determine whether an individual or group is acting on its own or on behalf of a state.66 This is further complicated by the use of non-state actors, such as hackers-for-hire, consultancy firms and unwitting individuals, as proxies. Ahead of the 2017 Catalan independence referendum, for example, the Russian-backed media outlets RT and Sputnik used Venezuelan and Chavista-linked social media accounts as part of an amplification campaign. The hashtag #VenezuelaSalutesCatalonia was amplified by the accounts to give the impression that Venezuela supported Catalonian independence.67 More recently, Russia outsourced part of its 2020 US presidential disinformation campaign to Ghanaian and Nigerian nationals who were employed to generate content and disseminate it on social media.68

The ‘bigger picture’

States vary in their vulnerability to cyber-enabled foreign interference in elections and referendums.

In particular, ‘highly polarised or divided’ democracies tend to be more vulnerable to such interference.69 The effectiveness of cyber-enabled interference in the lead-up to an election is overwhelmingly determined by the robustness and integrity of the information environment and the extent to which the electoral process has been digitised.70 Academics from the School of Politics and International Relations at the Australian National University found that local factors, such as the length of the election cycle and the target’s preparedness and response, also play a significant role. For example, Emmanuel Macron’s En Marche! campaign prepared for Russian interference by implementing strategies to respond to both cyber operations (specifically, phishing attacks) and online information operations. In the event that a phishing attack was detected, Macron’s IT team was instructed to ‘flood’ phishing emails with multiple login credentials to disrupt and distract the would-be attacker. To deal with online information operations, Macron’s team planted fake emails and documents that could be identified in the event of a strategic disclosure and undermine the adversary’s effort.71

Electronic and online voting, vote tabulation and voter registration systems are often presented as the main targets of cyber-enabled interference. It is important to recognise that the level of trust the public has in the integrity of electoral systems, democratic processes and the information environment is at stake. In Europe, a 2018 Eurobarometer survey on democracy and elections found that 68% of respondents were concerned about the potential for fraud or cyberattack in electronic voting, and 61% were concerned about ‘elections being manipulated through cyberattacks’.72 

That figure matched the result of a similar survey conducted by the Pew Research Center in the US, which found that 61% of respondents believed it was likely that cyberattacks would be used in the future to interfere in their country’s elections.73

However, not all states are equally vulnerable to this type of interference. Some, for example, opt to limit or restrict the use of information and communication technologies in the electoral process.74 The Netherlands even reverted to using paper ballots to minimise its vulnerability to a cyber operation, ensuring that there wouldn’t be doubts about the electoral outcome.75 Authoritarian states that control, suppress and censor their information environments are also less vulnerable to cyber-enabled foreign interference.76

The proliferation of actors involved in elections and the digitisation of election functions has dramatically widened the attack surface available to foreign state actors. This has in large part been facilitated by the pervasive and persistent growth of social media and networking platforms, which has made targeted populations more accessible than ever to foreign state actors. For example, Russian operatives at the Internet Research Agency were able to pose convincingly as Americans online to form groups and mobilise political rallies and protests.77 The scale of this operation wouldn’t have been possible without social media and networking platforms.

Figure 10: Number of people using social media platforms, July 2020 (million)

Source: ‘Most popular social networks worldwide as of July 2020, ranked by number of active users’, Statista, 2020, online.

While these platforms play an increasingly significant role in how people communicate about current affairs, politics and other social issues, they continue to be misused and exploited by foreign state actors.78 Moreover, they have fundamentally changed the way information is created, accessed and consumed, resulting in an online information environment ‘characterised by high volumes of information and limited levels of user attention’.79

In responding to accusations of election interference, foreign actors tend to deny their involvement and then deflect by indicating that the accusations are politically motivated. In 2017, following the release of the United States’ declassified assessment of Russian election interference,80 Russian Presidential Spokesperson Dmitry Peskov compared the allegations of interference to a ‘witch-hunt’ and stated that they were unfounded and unsubstantiated, and that Russia was ‘growing rather tired’ of the accusations.81 Russian President Vladimir Putin even suggested that it could be Russian hackers with ‘patriotic leanings’ that have carried out cyber-enabled election interference rather than state-sponsored hackers.82

Plausible deniability is often cited in response to accusations of interference, with China’s Foreign Ministry noting that the ‘internet was full of theories that were hard to trace’.83 China has attempted to deter future allegations by threatening diplomatic relations, responding to the allegations that it was behind the sophisticated cyber attack on Australia’s parliament by issuing a warning that the ‘irresponsible’ and ‘baseless’ allegations could negatively impact China’s relationship with Australia.84

Recommendations

The threats posed by cyber-enabled foreign interference in elections and referendums will persist, and the range of state actors willing to deploy these tactics will continue to grow. Responding to the accelerating challenges in this space requires a multi-stakeholder approach that doesn’t impose an undue regulatory burden that could undermine democratic rights and freedoms. Responses should be calibrated according to the identified risks and vulnerabilities of each state. This report proposes recommendations categorised under four broad themes: identify, protect, detect and respond.

1. Identify

Identify vulnerabilities and threats as a basis for developing an effective risk-mitigation framework

  • Governments should develop and implement risk-mitigation frameworks for cyber-enabled foreign interference that incorporate comprehensive threat and vulnerability assessments. Each framework should include a component that is available to the public, provide an assessment of cybersecurity vulnerabilities in election infrastructure, explain efforts to detect foreign interference, raise public awareness, outline engagement with key stakeholders, and provide a clearer threshold for response.85
  • The security of election infrastructure needs to be continuously assessed and audited, during and in between elections.
  • Key political players, including political campaigns, political parties and governments, should engage experts to develop and facilitate tabletop exercises to identify and develop mitigation strategies that consider the different potential attack vectors, threats and vulnerabilities.86

2. Protect

Improve societal resilience by raising public awareness

  • Governments need to develop communication and response plans for talking to the public about cyber-enabled foreign interference, particularly when it involves attempts to interfere in elections and referendums.
  • Government leaders should help to improve societal resilience and situational awareness by making clear and timely public statements about cyber-enabled foreign interference in political processes. This would help to eliminate ambiguity and restore community trust. Such statements should be backed by robust public reporting mechanisms from relevant public service agencies.
  • Governments should require that all major social media and internet companies regularly report on how they detect and respond to cyber-enabled foreign interference. Such reports, which should include positions on political advertising and further transparency on how algorithms amplify and suppress content, would be extremely useful in informing public discourse and also in shaping policy recommendations.

Facilitate cybersecurity training to limit the effect of cyber-enabled foreign interference

  • Cybersecurity, cyber hygiene and disinformation training sessions and briefings should be provided regularly for all politicians, political parties, campaign staff and electoral commission staff to reduce the possibility of a successful cyber operation, such as a phishing attack, that can be exploited by foreign state actors.87 This could include both technical guides and induction guides for new staff, focused on detecting phishing emails and responding to DoS attacks.

Establish clear and context-specific reporting guidelines to minimise the effect of online information operations

  • As possible targets of online information operations, researchers and reporters covering elections and referendums should adopt ‘responsible’ reporting guidelines to minimise the effect of online information operations and ensure that they don’t act as conduits.88 The guidelines should highlight the importance of context when covering possible strategic disclosures, social media manipulation and disinformation campaigns.89 Stanford University’s Cyber Policy Center has developed a set of guidelines that provide a useful reference point for reporters and researchers covering elections and referendums.90

3. Detect

Improve cyber-enabled foreign interference detection capabilities

  • The computer systems of parliaments, governments and electoral agencies should be upgraded and regularly tested for vulnerabilities, particularly in the lead-up to elections and referendums.
  • Greater investments by both governments and the private sector must be made in the detection of interference activities through funding data-driven investigative journalism and research institutes so that key local and regional civil society groups can build capability that stimulates and informs public discourse and policymaking.
  • Governments and the private sector must invest in long-term research into how emerging technologies, such as ‘deep fake’ technologies,91 could be exploited by those engaging in foreign interference. Such research would also assist those involved in detecting and deterring that activity.

4. Respond

Assign a counter-foreign-interference taskforce to lead a whole-of-government approach

  • Global online platforms must take responsibility for enforcement actions against actors attempting to manipulate their online audiences. Their security teams should work closely with governments and civil society groups to ensure that there’s a shared understanding of the threat actors and their tactics in order to create an effectively calibrated and collaborative security posture.
  • Governments should look to build counter-foreign-interference taskforces that would help to coordinate national efforts to deal with many of the challenges discussed in this report. Australia’s National Counter Foreign Interference Coordinator and the US’s Foreign Influence Task Force provide different templates that could prove useful. Such taskforces, involving policy, electoral, intelligence and law enforcement agencies, should engage globally and will need to regularly engage with industry and civil society. They should also carry out formal investigations into major electoral interference activities and publish the findings of such investigations in a timely and transparent manner.

Signal a willingness to impose costs on adversaries

  • As this research demonstrates that a small number of foreign state actors persistently carry out cyber-enabled election interference, governments should establish clear prevention and deterrence postures based on their most likely adversaries. For example, pre-emptive legislation that automatically imposes sanctions or other punishments if interference is detected has been proposed in the US Senate.92
  • Democratic governments should work more closely together to form coalitions that develop a collective and publicly defined deterrence posture. Clearly communicated costs could change the aggressor’s cost–benefit calculus.

Download full report

Readers are urged to download the full report to access the appendix and citations.


Acknowledgements

The authors would like to thank Danielle Cave, Dr Samantha Hoffman, Tom Uren and Dr Jacob Wallis for all of their work on this project. We would also like to thank Michael Shoebridge, anonymous peer reviewers, and external peer reviewers Katherine Mansted, Alicia Wanless and Dr Jacob Shapiro for their invaluable feedback on drafts of this report.

In 2019, ASPI’s International Cyber Policy Centre was awarded a US$100,000 research grant from Twitter, which was used towards this project. The work of ASPI ICPC would not be possible without the support of our partners and sponsors across governments, industry and civil society.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our Annual Report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber, emerging and critical technologies, issues related to information and foreign interference and focuses on the impact these issues have on broader strategic policy. The centre has a growing mixture of expertise and skills with teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building, satellite analysis, surveillance and China-related issues.

The ICPC informs public debate in the Indo-Pacific region and supports public policy development by producing original, empirical, data-driven research. The ICPC enriches regional debates by collaborating with research institutes from around the world and by bringing leading global experts to Australia, including through fellowships. To develop capability in Australia and across the Indo-Pacific region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises for the public and private sectors.

We would like to thank all of those who support and contribute to the ICPC with their time, intellect and passion for the topics we work on. If you would like to support the work of the centre please contact: icpc@aspi.org.au

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published October 2020.

ISSN 2209-9689 (online),
ISSN 2209-9670 (print)
Cover image: Produced by Rebecca Hendin, online.

Funding for this report was provided by Twitter.

  1. Fergus Hanson, Sarah O’Connor, Mali Walker, Luke Courtois, Hacking democracies: cataloguing cyber-enabled attacks on elections, ASPI, Canberra, 17 May 2019, online. ↩︎
  2. Katherine Mansted, ‘Engaging the public to counter foreign interference’, The Strategist, 9 December 2019, online. ↩︎
  3. Erik Brattberg, Tim Maurer, Russian election interference: Europe’s counter to fake news and cyber attacks, Carnegie Endowment for International Peace, May 2018, online. ↩︎
  4. Laura Rosenberger, ‘Making cyberspace safe for democracy: the new landscape of information competition’, Foreign Affairs, May/June 2020, online. ↩︎
  5. For a comprehensive overview of foreign interference in elections, see David Shimer, Rigged: America, Russia, and one hundred years of covert electoral interference, Knopf Publishing Group, 2020; Casey Michel, ‘Russia’s long and mostly unsuccessful history of election interference’, Politico, 26 October 2019, online. ↩︎
  6. David M Howard, ‘Can democracy withstand the cyber age: 1984 in the 21st century’, Hastings Law Journal, 2018, 69:1365. ↩︎
  7. Philip Ewing, ‘In “Rigged,” a comprehensive account of decades of election interference’, NPR, 9 June 2020, online. ↩︎
  8. Eric Geller, ‘Some states have embraced online voting. It’s a huge risk’, Politico, 8 June 2020, online. For a comprehensive discussion on electronic voting, see NRC, Asking the right questions about electronic voting. ↩︎
  9. CSE, Cyber threats to Canada’s democratic process. ↩︎
  10. Samantha Bradshaw, Philip N Howard, The global disinformation order: 2019 global inventory of organised social media manipulation, Computational Propaganda Research Project, Oxford Internet Institute, 2019, online. ↩︎
  11. National Research Council (NRC), ‘Public confidence in elections’, Asking the right questions about electronic voting, Computer Science and Telecommunications Board, National Academies Press, Washington DC, 2006, online. ↩︎
  12. Communications Security Establishment (CSE), Cyber threats to Canada’s democratic process, Canada, 7 June 2017, online. ↩︎
  13. Elizabeth Dwoskin, Craig Timberg, ‘Facebook takes down Russian operation that recruited U.S. journalists, amid rising concerns about election misinformation’, Washington Post, 1 September 2020, online. ↩︎
  14. See Alicia Wanless and Laura Walters, How Journalists Become an Unwitting Cog in the Influence Machine, Carnegie Endowment for International Peace, online, 1. ↩︎

Covid-19 Disinformation & Social Media Manipulation

Arange of actors are manipulating the information environment to exploit the COVID-19 crisis for strategic gain. ASPI’s International Cyber Policy Centre is tracking many of these state and non-state actors online, and will occasionally publish investigative, data-driven reporting that will focus on the use of disinformation, propaganda, extremist narratives and conspiracy theories by these actors.

The bulk of ASPI’s data analysis uses our in-house Influence Tracker tool – a machine learning and data analytics capability that draws out insights from multi-language social media datasets. This new tool can ingest data in multiple languages and auto-translate, producing insights on topics, sentiment, shared content, influential accounts, metrics of impact and posting patterns.

The reports are listed in chronological order:

#10: Attempted influence in disguise

This report builds from a Twitter network take-down announced on 8 October 2020 and attributed by Twitter as an Iranian state-linked information operation. Just over 100 accounts were suspended for violations of Twitter’s platform manipulation policies. This case study provides an overview of how to extrapolate from Twitter’s take-down dataset to identify persistent accounts on the periphery of the network. It provides observations on the operating mechanisms and impact of the cluster of accounts, characterising their traits as activist, media and hobbyist personas. The purpose of the case study is to provide a guide on how to use transparency datasets as a means of identifying ongoing inauthentic activity.

#9: Covid-19 and the reach of pro-Kremlin messaging

This research investigation examines Russia’s efforts to manipulate the information environment during the coronavirus crisis. It leverages data from the European External Action Service’s East StratCom Task Force, which, through its EUvsDisinfo project, tracks pro-Kremlin messages spreading in the EU and Eastern Partnership countries. Using this open-source repository of pro-Kremlin disinformation, in combination with OSINT investigative techniques that track links between online entities, we analyse the narratives being seeded about COVID-19 and map the social media accounts spreading those messages.

We found that the key subjects of the Kremlin’s messaging focused on the EU, NATO, Bill Gates, George Soros, the World Health Organization (WHO), the US and Ukraine. Narratives included well-trodden conspiracies about the source of the coronavirus, the development and testing of a potential vaccine, the impact on the EU’s institutions, the EU’s slow response to the virus and Ukraine’s new president. We also found that Facebook groups were a powerful hub for the spread of some of those messages.

27 Oct 2020

#8: Viral videos: Covid-19, China and inauthentic influence on Facebook

For the latest report in our series on Covid-19 disinformation, we’ve investigated ongoing inauthentic activity on Facebook and YouTube. This activity uses both English and Chinese language content to present narratives that support the political objectives of the Chinese Communist Party (CCP). These narratives span a range of topics, including assertions of corruption and incompetence in the Trump administration, the US Government’s decision to ban TikTok, the George Floyd and Black Lives Matter protests, and the ongoing tensions in the US–China relationship. A major theme, and the focus of this report, is criticism of how the US broadly, and the Trump administration in particular, are handling the Covid-19 crisis on both the domestic and the global levels.

29 Sept 2020

#7: Possible inauthentic activity promoting the Epoch Times and Truth Media targets Australians on Facebook

This ASPI ICPC report investigates a Facebook page which appears to be using coordinated, inauthentic tactics to target Australian users with content linked to The Epoch Times and other media groups. This includes running paid advertisements, as well as systematically seeding content into Australian Facebook groups for minority communities, hobbyists and conspiracy theories. Inauthentic and covert efforts to shape political opinions have no place in an open democratic society.

This report has been edited to delete references to a Facebook page entitled ‘May the Truth Be With You’. ASPI advises that, to the best of the Institute’s knowledge, the Facebook page has no connection with the other entities mentioned in this edited report.

Revised: 10 Dec 2021

#6: Pro-Russian vaccine politics drives new disinformation narratives

This latest report in our series on COVID-19 disinformation and social media manipulation investigates vaccine disinformation emerging – the day after Russia announced plans to mass-produce its own vaccine – from Eastern Ukraine’s pro-Russian media ecosystem.

We identify how a false narrative about a vaccination trial that never happened was seeded into the information environment by a pro-Russian militia media outlet, laundered through pro-Russian English language alternative news websites, and permeated anti-vaccination social media groups in multiple languages, ultimately completely decontextualised from its origins.

The report provides a case study of how these narratives ripple across international social media networks, including into a prominent Australian anti-vaccination Facebook group.

The successful transfer of this completely fictional narrative reflects a broader shift across the disinformation space. As international focus moves from the initial response to the pandemic towards the race for a vaccine, with all of the complex geopolitical interests that entails, political disinformation is moving on from the origins of the virus to vaccine politics.

24 Aug 2020

#5 Automating influence operations on Covid-19: Chinese speaking actors targeting US audiences

Automating influence on Covid-19 looks at how Chinese-speaking actors are attempting to target US-based audiences on Facebook and Twitter across key narratives including amplifying criticisms of the US’s handling of Covid-19, emphasising racial divisions, and political and personal scandals linked to President Donald Trump.

This new report investigates a campaign of cross-platform inauthentic activity that relies on a high-degree of automation and is broadly in alignment with the political goal of the People’s Republic of China (PRC) to denigrate the standing of the US. The campaign appears to be targeted primarily at Western and US-based audiences by artificially boosting legitimate media and social media content in order to amplify divisive or negative narratives about the US.

04 Aug 2020

#4 ID2020, Bill Gates and the Mark of the Beast: how Covid-19 catalyses existing online conspiracy movements

Against the backdrop of the global Covid-19 pandemic, billionaire philanthropist Bill Gates has become the subject of a diverse and rapidly expanding universe of conspiracy theories. This report takes a close look at a particular variant of the Gates conspiracy theories, which is referred to here as the ID2020 conspiracy (named after the non-profit ID2020 Alliance, which the conspiracy theorists claim has a role in the narrative), as a case study for examining the dynamics of online conspiracy theories on Covid-19. Like many conspiracy theories, that narrative builds on legitimate concerns, in this case about privacy and surveillance in the context of digital identity systems, and distorts them in extreme and unfounded ways. Among the many conspiracy theories now surrounding Gates, this one is particularly worthy of attention because it highlights the way emergent events catalyse existing online conspiracy substrates. In times of crisis, these digital structures—the online communities, the content, the shaping of recommendation algorithms—serve to channel anxious, uncertain individuals towards conspiratorial beliefs. This report focuses primarily on the role and use of those digital structures in proliferating the ID2020 conspiracy.

25 June 2020

#3 Retweeting through the Great Firewall: A persistent and undeterred threat actor

This report analyses a persistent, large-scale influence campaign linked to Chinese state actors on Twitter and Facebook.

This activity largely targeted Chinese-speaking audiences outside of the Chinese mainland (where Twitter is blocked) with the intention of influencing perceptions on key issues, including the Hong Kong protests, exiled Chinese billionaire Guo Wengui and, to a lesser extent Covid-19 and Taiwan. Extrapolating from the takedown dataset, to which we had advanced access, given to us by Twitter, we have identified that this operation continues and has pivoted to try to weaponise the US Government’s response to current domestic protests and create the perception of a moral equivalence with the suppression of protests in Hong Kong.

11 June 2020

#2. Covid-19 attracts patriotic troll campaigns in support of China’s geopolitical interests

This new research highlights the growing significance and impact of Chinese non-state actors on western social media platforms. Across March and April 2020, this loosely coordinated pro-China trolling campaign on Twitter has:

  • Harassed and mimicked western media outlets
  • Impersonated Taiwanese users in an effort to undermine Taiwan’s position with the World Health Organisation (WHO
  • Spread false information about the Covid-19 outbreak
  • Joined in pre-existing inauthentic social media campaigns

23 April 2020

#1. Covid-19 disinformation and social media manipulation trends

Includes case studies on:

  • Chinese state-sponsored messaging on Twitter
  • Coordinated anti-Taiwan trolling: WHO & #saysrytoTedros
  • Russian Covid-19 disinformation in Africa

8-15 April 2020

The ASIS Interviews

The ASIS Interviews is a series of interviews with the Director-General of the Australian Secret Intelligence Service, Paul Symon – with bio, transcripts and videos.

For the first time in the 68 year history of Australia’s overseas spy service, the top spy has gone before the camera for a series of video interviews, conducted by the Australian Strategic Policy Institute.

Symon, a former Major General, talks about the purposes and principles of the Australian Secret Intelligence Service and spying in the 21st century.

The interviews were recorded in September & October 2020 and will be released weekly.

1: The formation of ASIS.

2: Purpose and principles.

3: Spying for Australia.

4: Australia’s James Bond: finding jewels for the country.

Critical technologies and the Indo-Pacific: A new India-Australia partnership

This report by ASPI’s International Cyber Policy Centre and India’s Observer Research Foundation argues that as the India-Australia bilateral relationship continues to grow and evolve, both governments should invest in the construction of a new India–Australia partnership on technology.

The foundation for such a partnership already exists, and further investment areas of complementary interests could stimulate regional momentum in a range of key critical and emerging technology areas including in 5G, Artificial Intelligence, quantum technologies, space technologies and in critical minerals. The report contains 14 policy recommendations that will help build this new technology partnership.

This new report outlines what this new India-Australia technology partnership could look like. It examines the current state of the India–Australia relationship; provides an overview of current technology cooperation and where challenges and roadblocks lie; analyses each state’s competitive and complementary advantages in selected technology areas and highlights opportunities for further collaboration across the areas of 5G, Artificial Intelligence, Quantum technologies, Space technologies and in critical minerals.

The flipside of China’s central bank digital currency

What’s the problem?

China’s central bank digital currency, known as ‘DC/EP’ (Digital Currency / Electronic Payment), is rapidly progressing and, if successful, would have major international implications that have not yet been widely considered by policymakers.

DC/EP would have ramifications for governments, investors, and companies, including China’s own tech champions.

It has the potential to create the world’s largest centralised repository of financial transactions data and, while it may address some financial governance challenges, such as money laundering, it would also create unprecedented opportunities for surveillance. The initial impact of a successful DC/EP project will be primarily domestic, but little thought has been given to the longer term and global implications. DC/EP could be exported overseas via the digital wallets of Chinese tourists, students and businesspeople.

Over time, it is not far-fetched to speculate that the Chinese party-state will incentivise or even mandate that foreigners also use DC/EP for certain categories of cross-border RMB transactions as a condition of accessing the Chinese marketplace.

DC/EP intersects with China’s ambitions to shape global technological and financial standards, for example, through the promotion of RMB internationalisation and fintech standards-setting along sites of the Belt and Road Initiative (BRI). In the long term, therefore, a successful DC/EP could greatly expand the party-state’s ability to monitor and shape economic behaviour well beyond the borders of the People’s Republic of China (PRC).

What’s the solution?

To date, policymakers in the democratic world have taken a whack-a-mole approach to the security challenges presented by Chinese technologies, if they have taken action at all.

Those actions—such as those pertaining to Huawei and 5G over several years and TikTok and WeChat more recently—have been taken long after the relevant brands and technologies have entered the global marketplace and established dominant positions, and they don’t solve root problems.

The potential for DC/EP to be successful enough to have a disruptive impact on the global economic system might be far into the future, but it’s important to consider what impact DC/EP could have on the global economy. Liberal democracies should act now to deepen analysis, develop standards and coordinate approaches to the risks inherent in DC/EP, including unconstrained data collection and the creation of powerful new tools for social control and economic coercion. By acting now to build a baseline analysis of the DC/EP project, decision-makers have an opportunity to anticipate challenges and build a consistent and coherent policy framework for managing them.

Early efforts to establish and coordinate norms, rules and standards will reduce any subsequent need to resort to blunt and arbitrary measures that are economically, socially and diplomatically disruptive. Governments should also act to address existing vulnerabilities that DC/EP could exploit, for instance by introducing stricter laws on data privacy, by regulating the way that any entity can collect and use individuals’ data and by improving due diligence aimed at mitigating data security risks.

Executive summary

Globally, there’s increasing interest in the development of central bank digital currencies, driven by a wide range of policy motivations. A survey published by the Bank for International Settlements in January 2020 found that, out of 66 central banks, 80% were engaged in the research, experimentation or development of a central bank digital currency.1

The PRC is a significant actor in this space, not least because it’s years ahead of the world in research into the development of its central bank digital currency known as ‘digital currency / electronic payment’ or simply ‘DC/EP’ (see Figure 1). China’s market-Leninist approach to innovation, personal data and industry policy makes it possible to conceive that over a billion Chinese consumers could be transacting in DC/EP before a central bank digital currency becomes mainstream in any other country.

At the technocratic level, DC/EP is designed to ensure visibility and traceability of transactions and establish greater control over China’s financial system and capital accounts while displacing anonymising cryptocurrency alternatives that can’t be readily controlled. Recent reporting has also indicated that the People’s Bank of China (PBoC) aims for DC/EP to erode the dominance of Alipay and WeChat Pay in the digital payments space, levelling the playing field between the technology duopoly and commercial banks.

At the leadership level, DC/EP is being driven by the financial ‘risk management’ and ‘supervision’ imperatives of Chinese Communist Party (CCP) General Secretary Xi Jinping. DC/EP will offer no true anonymity, as the PBoC will have both complete visibility over the use of the currency, and the ability to confirm or deny any transaction. There are also no express limits on the information-access powers of the party-state’s political security or law enforcement agencies, such as the Central Commission for Discipline Inspection (CCDI), which has a keen interest in the technology. While DC/EP could enable more effective financial supervision and risk management that any government might seek to embed in a central bank digital currency, the PRC’s authoritarian system embeds political objectives within economic governance and otherwise reasonable objectives. Terms such as ‘anti-terrorist financing’, for instance, take on a different definition in the PRC that is directed at the CCP’s political opponents.

DC/EP is being developed and implemented domestically first, but could allow China to shape global standards for emerging financial technologies. It also creates opportunities for the PRC to bypass the US-led financial system, which it perceives as a threat to its security interests, potentially disrupting existing systems of global financial governance. Through DC/EP, Beijing could over time move away from the SWIFT system and bypass international sanctions.

The purpose of this policy brief is to improve baseline understanding of DC/EP’s structural mechanics and place the project in its political and bureaucratic context. The aim is to catalyse and contribute to an informed conversation about what the rollout of DC/EP may mean for China and for the world.

This policy brief is organised as follows: Section 1 is a general overview of digital currencies; Section 2 focuses on the policy drivers behind DC/EP; Section 3 examines DC/EP’s architecture based on patents in order to assess the surveillance capabilities it would embed; Section 4 describes the institutional ecosystem behind DC/EP; Section 5 looks at how DC/EP would affect domestic digital payment systems Alipay and WeChat pay; and Section 6 looks at the implications DC/EP could have for global financial governance.

Figure 1: What is DC/EP?

Source: Created by ASPI

1. Two sides of the digital-coin: freedom and control

Elise Thomas

A fundamental question at the heart of all digital currencies is one of control, but the ways in which the dynamics of control and power play out differ between different types of digital currencies.

There is a difference between private digital tokens (for example, cryptocurrencies) and central bank digital currencies (such as DC/EP). A primary goal behind many cryptocurrencies (such as bitcoin, a decentralised, anonymised blockchain-based digital token) is to evade the controls of any single actor, and in particular the control of governments.2 In this sense, the technology behind cryptocurrencies was devised as a challenge to the power of states over the finances of individuals. For a centralised, state-controlled digital currency, however, the inverse may be true. A centrally controlled digital currency could enable a level of financial surveillance, economic power and societal control that was previously impossible. Such tools present tantalising opportunities for authoritarian states, financial institutions and corporations in the absence of effective controls.

While many digital currency projects have been announced by both state and non-state actors, none has managed to attain a level of widespread adoption or to operate at scale as a medium of exchange.3

In Venezuela, the aggressive support of the Maduro government hasn’t been enough to make the nation’s ‘petro’ currency a success.4 Even the Facebook-backed Libra project—with its potential to leverage Facebook’s 2.6 billion users—has changed course towards integrating fiat currency payments into its existing platforms.5

Despite the failure to date of any digital currency to achieve mass adoption or widespread use as a medium of exchange, many central banks around the world have demonstrated an interest in the concept of developing their own digital currency. Beyond the PRC, central banks in Canada, Sweden, the Bahamas, Japan and many other countries are at different stages of research on and development of central bank digital currencies.6 They provide a range of policy justifications. The Bank of Canada, for instance, has said its research is contingency planning, and the bank doesn’t currently plan to launch a central bank digital currency. It has said that, alongside a potential decline in the use of bank notes, a key reason to potentially launch a central bank digital currency is the widespread use of alternative digital currencies, probably by private-sector entities that could ‘undermine competition in the economy as a whole because the company might use its dominant market position in one industry to control payments and competition in other industries’.7

Existing digital currencies have provoked mixed regulatory responses from states and financial institutions, and those responses have focused largely on the risks arising from cryptocurrencies (see Figure 2). There’s a tendency to approach them as speculative assets or securities, rather than as actual currencies.

Figure 2: Global regulatory framework for cryptocurrencies

Source: Created by the Law Library of Congress based on information provided in the report, Regulation of cryptocurrency around the world, online.

The goal of decentralised cryptocurrencies is to disperse power across the network and away from any one actor. Central bank digital currencies are fundamentally different. They are, as the Bank for International Settlements defines it, ‘a central bank liability, denominated in an existing unit of account, which serves both as a medium of exchange and a store of value’.8 DC/EP, for example, is a form of legal tender that’s issued and backed by a liability of the PBoC. It introduces the digital renminbi, an encrypted string that holds details about that individual bill and additional fields for currency security and tracking.

In a world increasingly driven by access to data, that granular detail about how money moves through the economy, through specific companies and industries, and through the personal accounts of individuals presents both a promise and a threat. The promise is a vastly greater understanding of how the economy operates and the ability to respond where needed for the benefit of all. The threat is the ability to consolidate power in the hands of authorities, to enable persecution and surveillance and to reshape society as the authorities want it to be. Centralised digital currencies have the potential to turn financial surveillance into a powerful tool that could be wielded by authoritarian states inside, and potentially even outside, their own borders.

2. Drivers of the PRC’s digital currency project

John Garnaut and Dr Matthew Johnson

At the leadership level, the DC/EP project has been driven by the financial ‘risk management’ and ‘supervision’ imperatives of CCP General Secretary Xi Jinping. At the technocratic level, it’s designed to ensure the visibility of all financial flows and establish greater control over China’s financial system and capital accounts while displacing anonymising cryptocurrency alternatives that can’t be readily controlled. Statements from the CCP and financial insiders indicate that a key driver of DC/EP is the party’s need for a financial architecture which exists outside the SWIFT network 9 and other US-dominated alternatives. The imperative of operating beyond the reach of US monitoring and law enforcement has come to the fore in recent months, as the US targets financial sanctions against CCP officials and entities in response to human rights and national security concerns. ‘We must make preparations to break free from dollar hegemony and gradually realise the decoupling of the RMB from the dollar,’ said Zhou Li, a former deputy minister of the International Liaison Department, in a June 2020 article.10

What problems would DC/EP solve?

PBoC official statements and documents give no clear answer to the basic question: What is the policy problem that China’s digital currency project is trying to solve? Nobody is claiming a consumer experience that’s superior to the already impressive convenience accessible through Alipay and WeChat Pay. The answer, however, becomes clear in statements emanating from higher up in the CCP organisation chart, where CCP leaders and Politburo-level organs describe a need to use technology to enhance the party-state’s visibility and control over the entire financial system. DC/EP is conceived as a supervision mechanism for preserving ‘stability’ and enhancing state control.

DC/EP fits within a vision of ‘economic work’ that Xi Jinping has developed over the past five years, which puts surveillance and supervision at the core. At the Central Economic Work Conference in December 2015, he said:

It is necessary to strengthen omni-directional supervision, standardise all types of financing behaviour, seize the opportunity to launch special programs for financial risks regulation … strengthen risk monitoring and early warning, properly handle cases of risk, and resolutely adhere to the bottom line that systemic and regional financial risk will not occur.11

Xi’s position that ‘financial risk should not occur’ is consistent with the party’s state security strategy, which prioritises pre-empting risk before it can emerge. This is embedded in the party’s state security work through the concept of ‘financial security’ (金融安全).12 Financial security means stability on the party’s terms. It calls for reforming the financial system by establishing supervision and control mechanisms, total financial governance, and strengthening China’s financial power.

At the Politburo’s collective study meeting of 23 February 2019, which focused specifically on preventing financial risks, Xi’s was quoted as stating:

It is necessary to do well in comprehensive financial industry statistics, complete an information system that reflects risk fluctuation in a timely manner, perfect information release management regulations, and complete a credit punishment mechanism. It is necessary to ‘control people, watch money, and secure the system firewall’ … Modern technological means and payment settlement mechanisms should be used to dynamically monitor online, offline, international, and domestic capital flows in a timely manner, so that all capital flows are placed within the scope of supervision of financial regulatory institutions.13

Xi’s guidance for using technology to connect finance and security has cascaded down to the fintech planning and implementation level. At every step, internally focused discussion of DC/EP has focused on supervision and centralised management. During a 30 December 2019 meeting of the PBoC Financial Technology Committee, PBoC deputy governor Fan Yifei reiterated the importance of supervising fintech innovation, ‘optimising’ the mobile payment ecosystem and ‘actively promoting data governance and accelerating the construction of a “digital central bank”’.14 At a PBoC work meeting held on 5 January 2020, participants including Governor Yi Gang and PBoC Party Committee secretary Guo Shuqing spoke of party-building at all levels of the financial system, building a ‘big supervision mechanism’, and strengthening financial statistics monitoring and analysis with specific reference to fintech and digital currency.15

Macroeconomic policy

As well as improving the scrutiny, and visibility, of international capital flows, and reducing the costs of printing and maintaining the circulation of cash, PBoC officials say the data collected through DC/EP will be used to improve macroeconomic policymaking. According to Yao Qian, who founded the Digital Currency Research Lab at the PBoC:16

Within this [digital currency] technology system, the central bank has the highest decision making and operational jurisdiction… big data analysis comes in during the process of currency issuance, monitoring, and control. Under conditions of data being appropriately stripped of identifying details, the central bank can use big data to carry out in-depth analysis of digital currency issuance, circulation and storage; understand the laws of monetary operation; and provide data support for intervention needs such as monetary policy, macro-prudential supervision, and financial stability analysis.17

Yao says the data used to inform macroeconomic policymaking will be anonymised. However, he also says the data will be used for law enforcement.18

Political discipline

The CCP’s top political organ for imposing political discipline internally, the CCP’s CCDI, is increasingly prominently involved in both the promotion and policy direction of DC/EP. The CCDI has recently promoted DC/EP’s potential to ‘solve’ the problem of terrorist financing and combat financial crimes such as bribery and embezzlement.19 However, the purpose of the CCDI is to impose party discipline through channels that exist above and outside the formal legal apparatus. The CCDI has served as Xi’s primary organisational weapon in his ongoing campaign to combat corruption, enforce ideological unity and purge the party of potential rivals.20 The involvement of the CCDI serves as a strong indicator of how the party intends to exploit the vast troves of data that DC/EP will make available to it.

Competing with the US financial-led global financial system

The party’s six-year program to develop a sovereign digital currency has been driven in part by a desire to propose currency alternatives to the US dollar (see Section 6). Recently, however, it’s been spurred by the competition from US digital currencies. China’s finance and banking officials have repeatedly expressed concern at the prospect of a supranational stablecoin, which they perceive as being tied to the US dollar. They equate US digital currencies with US dollar hegemony and say that it reinforces the need to decouple the renminbi from the US-dollar-led global financial system.21 An article by the PBoC’s China Banknote Printing and Minting Corp. Blockchain Technology Research Institute,22 published in the CCP Central Party School journal Study Times in August 2019, described DC/EP as a response to US-based digital currency Libra’s imminent “major and far-reaching effect on the global pattern of international monetary development”, and called for accelerating China’s development of digital currency and a digital currency supervision system.23 Similarly, Wang Zhongmin, former deputy chair of the China Social Security Fund Council and a former long-serving CCDI official, has said DC/EP’s progress is being benchmarked against that US effort.24 Li Lihui, former Bank of China president and head of the Blockchain Research Group of the China Internet Finance Association, has also indicated that China’s banking sector views US currencies as a danger to China’s currency and an extension of US global financial leadership and democratic values.25 

Competing globally

China has a clear ambition to shape global technological and financial standards. With a new industrial policy (China Standards 2035) on the horizon, DC/EP and its related technologies are likely to be an important component in China’s push to establish a comprehensive alternative to the dollar system. The liberalisation of China’s current account is not required for export of the DC/EP technology stack to other countries. China’s ability to develop new financial technology that embeds authoritarian norms of control and surveillance may affect global standards and financial infrastructure well before the internationalisation of the renminbi is achieved.

3. DC/EP and surveillance

Dr Samantha Hoffman

DC/EP is being built to meet China’s specific needs, as defined by the party-state. In order to understand the CCP’s needs and their potential implications, it’s necessary to examine the tracking of money flow that is inherent in the DC/EP system, in conjunction with the supervision objectives those capabilities support. DC/EP’s surveillance and data collection potential doesn’t create fundamentally new forms of political or financial control but will enhance existing monitoring and surveillance capabilities.

Centralised control and visibility

DC/EP transactions are fully traceable. Yao Qian (the PBoC’s primary patent author on DC/EP) described DC/EP as having an ‘anonymous front end, real-name backend’.26 There’s an element of anonymity through a characteristic of DC/EP called ‘controlled anonymity’, but true anonymity doesn’t exist, as currency registration and traceability are built into DC/EP’s transaction process. That process, augmented by data mining and big-data analysis, provides the PBoC with the ability to have complete oversight over the use of the currency. That functionality is provided through DC/EP’s ‘three centres’ (Figure 3).

Figure 3: DC/EP’s data centres

Source: Created by ASPI

The term ‘controlled anonymity’ within the operation of DC/EP means that the PBoC has complete supervision over the digital currency but has afforded users some anonymity for their transactions and protection of their personal information from other third parties, besides PBoC. DC/EP has been designed such that, even if commercial banks and merchants were to collude, users’ purchase history couldn’t be determined by them or any other third party, except, crucially, the currency issuer.27

PBoC Deputy Governor Fan Yifei has explained that full anonymity won’t be implemented through DC/EP in order to discourage crimes such as tax evasion, terrorism financing and money laundering.28

All central banks would need to ensure that their digital currency meets anti-money-laundering and countering terrorism financing rules. Central bank digital currencies would allow for better digital records and traces, but it’s been suggested in a report by the Bank of International Settlements that such gains may be minimal because illicit activity is less likely to be conducted over a formal monetary system that’s fully traceable.29

DC/EP is designed so it can be used without the need for a bank account, but digital wallets have a grading system such that wallets that are loosely bound to a real-name account have transaction size limits. A user can attain the lowest grade of digital wallet—with the transaction limits—by registering their wallets with a mobile number only (of course, phone numbers are required to be registered to an individual’s real name in the PRC). Users can access higher grade digital wallets by linking to an ID or bank card. Through the Agricultural Bank of China, for instance, users are encouraged to upgrade their digital wallets to a ‘Level 2 digital wallet’ by registering with their name and national ID details (Figure 4).30 If a user registers in person at a counter, there are no restrictions on their digital wallet.31

Figure 4: Leaked Agriculture Bank of China DC/EP mobile application

Agricultural Bank of China’s test DC/EP mobile app provides the function to scan code to pay, transfer money, receive payment and touch phones to pay. The digital currency section allows the user to exchange digital currency, view transaction summaries, manage the digital wallet exchange and link an account to the digital currency wallet.

Source: ‘China’s central bank digital currency wallet is revealed’, Ledger Insights, online.

The integration of DC/EP into third-party applications doesn’t make users’ transactions on those applications more private, but the underlying digital currency system is designed to provide privacy from third parties (except, of course, the central bank). That being said, practicalities when implementing any payment system mean that in practice there’s little anonymity for the individual from any app, because the app will already know the user, and when transacting will need the user to identify the recipient of the funds and the transaction amount. Therefore, the implementation of DC/EP into mobile applications, such as DiDi Chuxing, BiliBili and Meituan Dianping, that are in partnership negotiations with PBoC32 doesn’t change the amount of information those apps, and by extension their linked platforms, are able to collect on the user.

Using DC/EP to enhance the party-state’s control

The PBoC’s creation of a massive repository of financial transaction data could improve both the efficiency and visibility required for the PBoC and CCDI to effectively supervise and police financial transactions. DC/EP’s political-discipline-linked policy drivers—anti-money-laundering, anti-terrorist financing and anti-tax evasion—are linked to the party-state’s ‘social governance’ process (also called ‘social management’). Social governance describes how the CCP leadership attempts to shape, manage and control all of society, including the party’s own members, through a process of co-option and coercion.33 DC/EP helps solve legitimate problems, but that problem solving also acts as a tool for enhancing control. For instance, a local PBoC official described ‘anti-money laundering’ as an ‘important means to prevent and defuse financial risks and consolidate social governance.’34 Similarly, an article by Deputy Governor of the PBoC Liu Guoqiang published in the People’s Daily said:

In recent years, the scope of anti-money laundering work has become increasingly diverse and has expanded to many areas such as anti-terrorist financing, anti-tax evasion and anti-corruption. Anti-money-laundering work has strengthening modern social governance as its goal, through guiding and requiring anti-money-laundering agencies to effectively carry out customer identification, discovering and monitoring large-value transactions and suspicious transactions, timely capturing abnormal capital flows, and enhancing the standardisation and transparency of economic and financial transactions to weave a ‘security net’ for the whole society to protect normal economic and financial activities from infringement …35

More specifically, the connection of DC/EP’s policy drivers to social management is indicative of how DC/EP would ultimately serve the party’s needs in practice. Through the PRC’s global Operation Skynet, which seeks to ‘track down fugitives suspected of economic crimes and confiscate their ill-gotten assets’, the PBoC cooperates directly with the Ministry of Public Security because of the role of the PBoC as an anti-money-laundering authority.36 Genuinely corrupt officials are certainly caught up in the campaign, but the accusation of corruption is the result of a political decision linked to power politics. Likewise, the crime of ‘terrorist financing’ is defined by the Chinese party-state’s version of ‘terrorism’, and it’s been directly linked to the PRC’s campaign against the Uyghurs in Xinjiang. For instance, in July 2020, Australian media reported on a Uyghur woman who has been arrested on charges of financing terrorism for sending money to her parents in Australia, who used it to purchase a house.37 DC/EP doesn’t create a process that didn’t already exist, but the technical ability to aggregate bulk user data in one place has the future potential to automate identification and analysis processes that at present are only partially automated; for example, to help trace money transfers through different entities at different levels.

Nor does DC/EP create objectives that didn’t already exist. Rather, its digital nature and centralised supervision facilitate the aggregation and bulk analysis of user and financial data, to more easily meet those objectives.

Future extraterritorial implications?

Under Xi Jinping, the concept of social management has expanded to specifically include ‘international social management’.38 Something to consider is the fact that Hong Kong’s new state security law criminalises separatism, subversion, terrorism, and collusion in and support for any of those activities by anyone in the world no matter where they are located.39 This means that journalists, human rights advocacy groups, researchers or anyone else accused of undermining the party-state and advocating for Hong Kong democracy could be accused of those four types of crime. By extension, anyone financing those individuals or entities (such as funding a research group) could potentially be linked to the accusations. If DC/EP is successfully rolled out and adopted, then the world would have to be prepared to contend with a PRC in possession of information that would also allow it to enforce its definitions of the activities that it’s monitoring (anti-corruption and anti-terrorism, for instance) globally, thus potentially allowing it to implement PRC standards and definitions of illegality beyond its borders with greater effectiveness.

4. The party-state ecosystem behind DC/EP

Dr Matthew Johnson

At the China Fintech Development Forum on 20 June 2020, Wang Zhongmin, the former deputy director of the China Social Security Fund Board (China’s national pension fund) and a former member of the CCP’s CCDI, announced that the back-end architecture for China’s central bank digital currency was basically complete.40 After six years of planning, investment and R&D, progress towards a cashless society had finally reached the testing stage (Figure 5, next page). The fact that this key announcement was made by a former member of the party’s political discipline inspection body, rather than a current or former official of the PBoC, demonstrates that the bureaucratic structure behind DC/EP’s development goes well beyond the central bank.

The speed with which DC/EP is being developed is partly a result of the enormous institutional power behind it. As well as the PBoC and the CCDI, the project is being shaped by a cluster of powerful regulatory and supervisory institutions that serve as the fulcrum for CCP efforts to maintain leverage over every element of the financial and economic systems.

Beyond the supervisory institutions, many of China’s biggest companies are also being called in to support. They include:

  • Bank of China, China Construction Bank, Agricultural Bank of China, Industrial and Commercial Bank of China, China Postal Bank and China CITIC Bank
  • China Mobile, China Telecom, China Unicom, and China UnionPay
  • Alibaba Group affiliate Ant Group (Alipay), Tencent (WeChat Pay), Huawei Technologies and JD.com.

Figure 5: DC/EP development timeline

Source: Garnaut Global, September 2020.

PBoC leadership and innovation

The DC/EP project has been driven by the PBoC since its inception. Former PBoC Governor Zhou Xiaochuan established a digital currency research group in 2014. In March 2018, Zhou announced that the project had received approval from the State Council and now had a name—Digital Currency Electronic Payment.41

Through DC/EP, the PBoC has been swiftly transformed into a hub of party-state fintech innovation.

It has established its own technology units, such as the Digital Currency Research Institute, and harnessed a constellation of commercial enterprises and government agencies to drive investment in blockchain and fintech.42 More than 80 patents related to DC/EP have been filed with the Chinese Patent Office by research institutes connected to the PBoC.43 The standards created by these new technologies are likely to shape future development pathways for China’s cashless monetary system.

Information concerning local DC/EP pilots has been scarce, imprecise and occasionally misleading, but the overall trend it describes suggests that progress towards buildout of the user ‘front end’ is real.

Since April 2020, banks and government institutions have launched pilot distribution experiments and showcased prototype ‘digital wallets’ (apps that store payment details). The private sector has been particularly critical to building DC/EP’s scale; PBoC partners Alibaba Group and Tencent provide networks and raw data-processing power that no other state-controlled system can match (see Section 5).44

Powerful guidance

Outwardly shaped and managed by the PBoC, China’s DC/EP project is also guided by the top echelons of the CCP leadership. The PBoC itself isn’t independent but is one of several interconnected institutions, the function of which is, collectively, to prevent systemic risk through total control over China’s financial economy.45 The Financial Stability and Development Commission, chaired by Xi Jinping’s trusted economic adviser Liu He, sits at the apex of this financial regulatory cluster. The CCDI, the party’s extrajudicial discipline enforcer, encircles both, ensuring that regulatory officials adhere politically to Xi’s authority.46

Managing corruption: the Central Commission for Discipline Inspection

The CCDI sits several bureaucratic rungs above the PBoC and hasn’t featured in mainstream or industry reporting on DC/EP. Analysis of party texts and structures, however, indicates that the CCDI is emerging as one of the key patrons and potential customers of the DC/EP project. An ‘authoritative explainer’ on DC/EP, aired by national news broadcaster CCTV in June 2020, even explained that the CCDI would use digital currency as a ‘booster in managing corruption’.47

CCDI organisations are embedded directly within the PBoC itself, which is significant because it illustrates the party’s growing control over the central bank as well as other systemically important financial institutions.48 The CCDI is one of the party’s four core departments. It’s answerable directly to the Politburo Standing Committee through its Secretary, Zhao Leji, who’s the sixth-ranked leader in the Party (Figure 6). Three of Zhao’s deputies sit in the Central Committee. Compared to the CCDI, the PBoC is politically a relatively junior organisation. Its Governor, Yi Gang, isn’t counted among the 205 members of the Central Committee.49

Figure 6: DC/EP’s political and commercial ecosystem

Source: Garnaut Global, June 2020.

Coordinating security: the Financial Stability and Development Committee

In July 2017, Xi Jinping moved to integrate financial system regulation with the Party’s political, security, and legal organs by creating a new super agency called the Financial Stability and Development Committee (FSDC).50 Xi tapped Vice Premier Liu He to chair the committee, with Premier Li Keqiang as his deputy.51 The FSDC now serves as China’s main financial regulatory body.52

It also serves as the institutional flywheel that connects the finance system to key security organs.

 According to state-controlled economic news media, the FSDC has special ‘planning and coordination’ arrangements with the party-state’s core security bodies, including the CCDI, the Propaganda Department, the Office of the Commission for Internet Security and Informatisation, the Ministry of Public Security, the Ministry of Justice and the Supreme People’s Court.53 The FSDC also oversees local financial coordination and regulation through local branches of the Banking and Insurance Regulatory Commission, the Securities Regulatory Commission and the Foreign Exchange Bureau.54 The Office of the FSDC is located within the PBoC and is directed by PBoC Governor Yi Gang, illustrating the ‘deputy’ function that the PBoC plays in implementing FSDC policy.55
 

5. The role of WeChat Pay and Alipay in DC/EP

Fergus Ryan and Alexandra Pascoe

China’s mobile payments industry has seen explosive growth over the past decade as the country’s two most widely used mobile payment services, Alipay and WeChat Pay, have garnered more than 890 million users.56 The two platforms have driven a shift away from cash in the country’s economy— an effort that DC/EP is expected to continue and complete.

In 2016, China’s mobile payments hit US$5.5 trillion, or roughly 50 times the size of America’s $112 billion market, according to consulting firm iResearch.57 The following year, that figure more than doubled: transactions made on the two third-party payment institutions (TPPIs) totalled more than US$17 trillion.58 Using QR codes and digital wallets, the companies enabled consumers to jump directly from cash to mobile payments. That saw users leapfrog the nascent and cumbersome debit and credit card systems established by the commercial banking sector. Collectively, the two TPPIs hold more than 90% of the market. Alipay has over 50% market share, and WeChat Pay almost 40%.59 Ninety per cent of people in China’s biggest cities use those payment platforms as their primary payment method; each platform boasts more than 600 million monthly active users.60

Beijing’s policy towards the TPPIs was marked by early optimism about the ability of the companies to break down the control of the banking system by the Big Four state-owned commercial banks.

The aim was to increase competition and innovation in the financial sector and drive economic activity by opening up additional sources of lending for Chinese small and medium-sized enterprises.

The disruption and innovation brought about by Alibaba and Tencent were actively encouraged and coupled with favourable government policies and protection from international competition.

However, Alipay’s and WeChat Pay’s rapid growth and increasing level of dominance have caused the overt encouragement of the fintech sector and regulatory permissiveness to increasingly shift to ambivalence and moves to enhance oversight over the payment systems.

In 2010, the PBoC enacted regulations that meant that foreign-funded third-party operators would need State Council approval to operate in the Chinese market, and under different rules from those governing domestic operators. That ruling prompted Alibaba founder Jack Ma, in a highly controversial decision, to secretly spin off the online payment service Alipay from Alibaba Group, which foreign operators Yahoo and Softbank have significant stakes in, to a private firm he controlled.61

In a text-message exchange with Hu Shuli, the editor of business magazine Caixin, Ma sought to explain his decision to spin off the company without the go-ahead from Yahoo and Softbank by saying the decision involved ‘more than just commercial interests’ and that there were national security implications to Alipay’s ownership structure. ‘The market economy tells us to steer clear of politics.

But if I ruin Alipay, I may face prison in addition to bankruptcy,’ Ma texted Hu.62 The spun-off firm was later renamed Ant Financial and now operates Alipay.

Like its rival, Tencent, Alibaba and Ant Financial both have CCP committees as part of their governance structures.63 The CCP has a direct line into both companies, but policymakers are increasingly concerned about the inordinate power of the duopoly. There are also concerns over the speed with which their third-party payment ecosystems have taken over systemically important functions of the country’s economy.

Driven by concerns over the growing size of money market funds facilitated by Alipay and WeChat Pay (Yu’e bao 余额宝 and Lingqiantong 零钱通), as part of its ‘deleveraging campaign’ in 2017,64 the PBoC expanded its regulatory oversight of the TPPIs, ordering the firms to move funds out of commercial banks and into PBoC accounts. In 2019, that process was completed when the central bank took over all deposits of platforms such as Alipay and WeChat Pay.65 This has helped to address risks associated with shadow banking, while also moving valuable user transaction data into the hands of the PBoC.

Most recently, it was reported that the State Council is considering whether to launch an antitrust investigation into Alipay and WeChat Pay. The PBoC recommended the probe earlier this year, given the platforms’ dominance and attempts to foster greater competition in the payments space by assisting smaller companies to enter the market.66

Co-opting Alipay and WeChat Pay

DC/EP will be made available through a two-tier system. The central bank plans to issue DC/EP to both commercial banks and TPPIs, and then the banks and TPPIs would distribute it to consumers. In this case, the current financial structure doesn’t change with DC/EP, only the mechanism through which commercial banks and TPPIs get their money.

The PBoC could have dealt a serious blow to Alipay and WeChat Pay by excluding them from the second tier of the structure. However, given the user base of the two payment platforms, that would severely limit the take-up and use of the digital currency. The PBoC appears to be bringing Alipay and WeChat Pay into the DC/EP structure on its own terms, allowing it to continue its quest to rein in the dominance of the firms while also using their user base and technology.

Patent applications from both Alibaba and Tencent appear to indicate the role that these platforms will play in the issuance of DC/EP. Between 21 February and 17 March 2020, Alibaba filed five patents on ‘digital currency delivery and transaction account functions, supervision and handling of illegal accounts, digital currency wallets, [and] support for anonymous transactions’.67 On 24 April, it was also reported that Tencent had filed a patent related to the transaction of digital assets, although the report didn’t directly refer to the PBoC’s digital currency, as appeared in Alipay’s patents.68

That being said, how exactly the PBoC and TPPIs will cooperate remains unclear. How those institutions distribute DC/EP will be the subject of a ‘horse race’ between the commercial banks and the TPPIs, the eventual frontrunner of which will ‘take the whole market’, the head of the PBoC Digital Currency Research Institute, Mu Changchun, told an audience in Hong Kong in 2019.69 That echoed comments made in 2018 by PBoC Deputy Governor Fan Yifei, who wrote that the central bank could leverage market forces to optimise related systems through close cooperation with commercial banks and other organisations, without imposing any prescriptive technology path in advance. This would facilitate resource integration, synergistic collaborations and innovation, as well.70

Mu Changchun has trumpeted DC/EP as having a superior legal and security status to WeChat Pay and Alipay due to its state backing.71 He has said that, should Alipay or WeChat Pay go bankrupt, there’s currently no way to assure the money held in those digital wallets. However, if the wallets held PBoC-backed digital currency, those funds could be guaranteed by the central bank.

The alleged superior security of DC/EP is perhaps more a rhetorical point from Mu, rather than reflecting any real possibility of Ant Financial or Tencent going bust. Furthermore, regulation changes requiring Alipay and WeChat Pay deposits to be moved into PBoC accounts mean that the PBoC has already clawed back a fair degree of oversight and control over funds held by those platforms.

Mu’s statements, along with references to how DC/EP will allow for anonymous transactions, taking user transaction data out of the hands of ‘private’ firms and into the hands of the central bank, appear to be aimed at sowing distrust in the non-state platforms and motivating trust in the PBoC’s digital currency in an attempt to drive take-up.

Recent reporting citing sources ‘familiar with the thinking’ of the PBoC states that DC/EP is aimed at eroding the dominance of Alipay and WeChat Pay in the digital payments space and providing a more level playing field between the two payment giants and the commercial banks.72 While DC/EP certainly presents an opportunity for greater competition—with commercial banks advancing their own user-facing offerings of digital wallets and QR codes—the current market share of Alipay and WeChat Pay means that it’s unlikely that the commercial banks will be able to quickly gain a stronger foothold in the payments space. It’s true that the PBoC has tried to rein in the dominance of Alipay and WeChat Pay, but it’s likely that the two platforms will play some role in DC/EP’s success.

According to PBoC statements, the transaction processing requirement for DC/EP is an average of 300,000 transactions per second (tps).73 While Tencent’s fintech division processes an average of 1 billion transactions per day, on Singles Day in 2019, Alibaba reportedly demonstrated its ability to process 544,000 tps.74 It’s unclear how closely Alibaba is working with the PBoC on DC/EP and, although it could be called on for assistance if asked, the PBoC would be building its own back-end architecture, meaning that it couldn’t simply replicate Alibaba’s system. Despite that, the raw data-processing power of Alibaba, and to a lesser degree of Tencent, is unmatched by any state-controlled system. Without an ability to at least match Alibaba’s capabilities in this area, widespread voluntary take-up of DC/EP will be difficult to achieve.

Future adoption

Given the ubiquity of Alipay and WeChat Pay in China, implementing digital wallets via the commercial banks alone would not readily result in the wide-scale adoption and use of DC/EP that the PBoC hopes for.

There’s speculation that the PBoC will provide incentives to drive take-up in the use of digital currency, for instance by providing salaries and travel subsidies in the digital currency, or not charging merchants a fee to accept DC/EP. Those incentives could be coupled with further measures to limit the dominance of Alipay and WeChat Pay and to boost the competitiveness of the commercial banks.

But, since most people in China’s biggest cities use either WeChat Pay or Alipay as their main payment method, the PBoC needs the user base of those platforms to achieve scale. The way in which the payment platforms are integrated into Chinese people’s daily lives means that Alipay and WeChat users are unlikely to quickly switch to a different wallet that, from a user’s perspective, barely differs from what they already use.75 As indicated by patent applications, the two payment platforms appear to have scoped out a role within the DC/EP system in order to maintain their user base and position in the payments space.

Further, Alipay and WeChat Pay are working hard to stay ahead of a QR-code-based DC/EP, exploring the development of payments systems based on facial-recognition technology.76

Thus, DC/EP can’t be read simply as an attempt to wind back the dominance of Alipay and WeChat Pay. 

Beijing is likely to be working to strike a balance between using the technology and user base of the platforms while encouraging greater involvement from other players in the payments space.

6. DC/EP’s potential internationalisation and the global economy

The Chinese Government has stated that one driver behind its attempts to internationalise the renminbi is to create a substantial rival to the US dollar. From Beijing’s perspective, a US-led global economy is a potential threat to the Chinese party-state’s stability, because the US could leverage economic tools that could act as a catalyst for disrupting Chinese economic and social stability.77

Recent developments in Hong Kong illustrate why the party-state takes that threat seriously. In reaction to the Hong Kong State Security Law enacted on 1 July, the US and EU have both threatened sanctions on foreign financial institutions that knowingly do business with Chinese officials involved in stifling the protests.78 If taken to extremes, such sanctions could damage the Chinese economy and stifle development. Of course, Beijing has also suggested that any ‘rash’ US sanctions ultimately could damage US companies as well, including via possible Chinese retaliation.79

If DC/EP supports the PRC’s efforts to gain a stronger foothold in the international economic system, it could also help the PRC disrupt the existing system of global economic governance, which among other things could reduce the impact of international sanctions.

Renminbi internationalisation?

Since the 2009 global financial crisis, the internationalisation of the renminbi has been a significant PBoC objective. China’s 13th Five-Year Plan (2016–2020) clearly outlined the ambition, stating that China ‘will take systematic steps to realize RMB capital account convertibility, making the RMB more convertible and freely usable, so as to steadily promote RMB’.80 Its efforts to achieve that goal to date have included signing bilateral currency swap agreements,81 agreeing to add the currency to the International Monetary Fund’s Special Drawing Rights basket of currencies82 and investing heavily in renminbi-based regional projects.83

The nature of the Chinese economy and political system, however, undermines those objectives. Most internationalised currencies are associated with relatively open economies. In maintaining a ‘closed’ capital account84 and tight controls on the economy, Beijing inhibits its own internationalisation attempts. The renminbi doesn’t compete seriously on the international stage, even compared to its regional competitors, such as the Japanese yen. SWIFT’s June 2020 RMB Tracker statistics list the renminbi as the sixth most active currency for global payments by value, following the dollar, euro, pound, yen, and Swiss franc.

That being said, DC/EP could allow China to further define the global standards for emerging financial technologies, giving Beijing space to shape international standards (particularly as opposed to rival stablecoins). As a result, DC/EP may serve as a model for digitising a fiat currency—which would create a new form of power for Beijing. As a new technology, DC/EP’s incorporation into Chinese apps and cross-border trade might not have major implications initially, but could enable the PRC to push other countries’ financial technology out of developing markets.

Through DC/EP, payments would be settled as soon as possession of the digital currency changes, as opposed to the current system, which relies on intermediaries. Most current transaction methods are technically reversible for a period of time, depending on the speed and communication of the banks involved. This change would have significant implications for internationalisation via Chinese regional initiatives, particularly the BRI. If Beijing moves BRI payments to DC/EP, it could create DC/EP-based automated payments across more than 60 countries.85 Requiring DC/EP in payments doesn’t necessarily translate to those countries choosing to hold DC/EP or transact in it in any meaningful way, but it would provide an incentive for them to increase renminbi transactions where they might otherwise be reluctant. In any case, this process would be likely to take years. Even the integration of DC/EP into China’s financial activities wouldn’t necessarily lead to other countries choosing to either keep or spend DC/EP on their own.

An alternative to SWIFT?

If DC/EP succeeds, it could help reduce the PRC’s reliance on the SWIFT system. SWIFT is viewed as a secure financial messaging service that plays a vital role in connecting the international banking system.

Although the system itself has some flaws,86 it’s the mechanism by which financial institutions are able to communicate with each other, sending and receiving information about transactions in order to complete transfers and settlements. SWIFT acts as an intermediary for most global bank transactions, and the US has a capability to access those transactions for national security concerns.

For example, in 2006, the US Department of the Treasury went through SWIFT’s database to identify transactions tied to al-Qaeda, instructing SWIFT to block terror-related transactions.87 If SWIFT declines to be involved in a transaction, the transfer won’t go through. Naturally, this perceived level of oversight and control is concerning to many other global actors, especially those under sanctions.

Global reliance on SWIFT is one of the most crucial pieces of the financial system, and its impact is one that China doesn’t underestimate. In 2019, Huang Qifan, Deputy Director of the China Center for International Economic Exchange, stated that SWIFT is ‘gradually becoming [a] financial instrument for the United States to exercise global hegemony and exercise long-arm jurisdiction,’ citing examples of the US using the SWIFT database to blacklist and freeze transactions from Iranian banks over terrorism financing allegations, as well as the US’s 2014 threats to exclude Russia from the system altogether.88

The threats alone had an intensely negative impact on the Russian economy and depreciated the rouble.89

According to PBoC official Li Wei, through the BRI, China seeks to establish a ‘financial standard exchange cooperation and build a “hard mechanism” of … financial infrastructure cooperation’.90

To date, Beijing’s attempts to create an alternative to SWIFT have resulted in the introduction of the Cross-Border Inter-Bank Payments System (CIPS) in 2015. In 2018, CIPS handled approximately US$3.7 trillion.91 SWIFT, meanwhile, facilitated the transfer of US$40 trillion in 2018 and US$77 trillion in 2019.92

Bypassing sanctions?

The creation of an effective alternative to SWIFT would create an opportunity for Beijing to bypass international sanctions. In fact, CIPS has already been used by countries exposed to US sanctions, such as Turkey and Russia, to avoid SWIFT.93 If foreign businesses are able to bypass US banks and US currency, then the impact of US sanctions would be significantly reduced. While CIPS aids efforts to bypass US banks and currency, DC/EP could be implemented as a key part of the settlement system or as an alternative transaction method functioning in parallel to CIPS. It’s worth noting, however, that CIPS can carry any currency, while DC/EP will be limited to the renminbi.

DC/EP offers the opportunity to move away from the SWIFT system, as it appears DC/EP would have the same messaging capabilities that SWIFT and CIPS provide, but it would remove the need for intermediaries. DC/EP, therefore, could serve as a new messaging system that allows sanctions evasion, as an article published in Chinese state media argued:

[a] sovereign digital currency provides a functional alternative to the dollar settlement system and blunts the impact of any sanctions or threats of exclusion both at a country and company level. It may also facilitate integration into globally traded currency markets with a reduced risk of politically inspired disruption.94

Other state actors, such as North Korea, may also be attracted to the option to use DC/EP to evade sanctions. North Korea is widely understood as a proficient and successful cyber actor with an interest in cryptocurrencies and blockchain.95 Given Pyongyang’s interest in cryptocurrencies and increased holdings in various coins, any possibility of China allowing transactions between cryptocurrencies, such as bitcoin or Monero, and DC/EP could prove to be extremely beneficial to North Korea, and any other sanctioned actors. The most difficult part of sanctions evasion using cryptocurrency is the exfiltration point into fiat (or other digital) currency—DC/EP could offer a solution to that problem.

While, initially, given Beijing’s oversight, engaging with DC/EP might not be the ideal way past SWIFT, tightened sanctions and limited options could lead various sanctioned countries to view Beijing as their best path forward.

7. Recommendations

DC/EP’s rollout is likely to have notable ramifications for governments, investors and companies, including China’s own tech champions. More analysis is needed before prescriptive policy solutions can be developed for the political and financial oversight challenges DC/EP could create. At the same time, it’s important to act in anticipation of key shifts in global financial regulation and advances in financial technology, so that governments don’t end up trying to reverse course when it’s too late to deal with the systemic risks DC/EP could create.

We suggest the following:

  1. If DC/EP achieves global take-up, the political features it embeds won’t be possible to effectively mitigate or regulate. Therefore, governments must be prepared to mitigate the political risks by investing in research into and the development of credible alternatives to DC/EP for all key highly traded currencies.
  2. Decision-makers in liberal democracies must develop a clear strategy for detecting flaws in and improving the existing system for global financial governance and work to improve international coordination among each other to achieve those strategic outcomes.
  3. Liberal democracies should establish domestic laws on data privacy and protection. They should regulate the ways that any entity can collect and use individuals’ data, improve oversight and improve due diligence aimed at mitigating data security risks.

Acknowledgements

The authors would like to thank several anonymous peer reviewers, as well as Michael Shoebridge, Fergus Hanson, Danielle Cave, James Aitken, Bill Bishop, Stephen Joske and Greg Walton for their helpful feedback.

This independent research was partly supported by a US$50,000 grant from Facebook, Inc. Additional research costs were covered from ICPC’s mixed revenue base. The work of ASPI ICPC would not be possible without the support of our partners and sponsors across governments, industry and civil society.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our Annual Report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber, emerging and critical technologies, issues related to information and foreign interference and focuses on the impact these issues have on broader strategic policy. The centre has a growing mixture of expertise and skills with teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building, satellite analysis, surveillance and China-related issues.

The ICPC informs public debate in the Indo-Pacific region and supports public policy development by producing original, empirical, data-driven research. The ICPC enriches regional debates by collaborating with research institutes from around the world and by bringing leading global experts to Australia, including through fellowships. To develop capability in Australia and across the Indo-Pacific region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises for the public and private sectors.

We would like to thank all of those who support and contribute to the ICPC with their time, intellect and passion for the topics we work on.

If you would like to support the work of the centre please contact: icpc@aspi.org.au

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published October 2020.

ISSN 2209-9689 (online), ISSN 2209-9670 (print)

.

Funding statement: Funding for this report was partly provided by Facebook Inc.

  1. Codruta Boar, Henry Holden, Amber Wadsworth, ‘Impending arrival—a sequel to the survey on central bank digital currency’, Bank for International Settlements, January 2020, online; see also Raphael Auer, Giulio Cornelli, Jon Frost, ‘Rise of the central bank digital currencies: drivers, approaches and technologies’, Bank for International Settlements, August 2020, online. ↩︎