Hunting the phoenix

The Chinese Communist Party’s global search for technology and talent

NOTE: 

In Policy Brief Report No. 35 ‘Hunting the Phoenix’ by Alex Joske and published by the Australian Strategic Policy Institute, reference was made to Professor Wenlong Cheng, Professor and Director of Research, Chemical Engineering at Monash University. The author and the Australian Strategic Policy Institute accept Professor Cheng’s indication that he did not accept nor derive any benefit from the Thousand Talents Plan, or been involved in or contributed to China’s defence development. Further, the author and the Australian Strategic Policy Institute did not intend to imply that Professor Cheng had engaged in any discreditable conduct and if any reader understood the publication in that way, any such suggestion is withdrawn. The author and the Australian Strategic Policy Institute apologise to Professor Cheng for any hurt caused to him.

What’s the problem?

The Chinese Communist Party (CCP) uses talent-recruitment programs to gain technology from abroad through illegal or non-transparent means. According to official statistics, China’s talent-recruitment programs drew in almost 60,000 overseas professionals between 2008 and 2016. These efforts lack transparency; are widely associated with misconduct, intellectual property theft or espionage; contribute to the People’s Liberation Army’s modernisation; and facilitate human rights abuses.

They form a core part of the CCP’s efforts to build its own power by leveraging foreign technology and expertise. Over the long term, China’s recruitment of overseas talent could shift the balance of power between it and countries such as the US. Talent recruitment isn’t inherently problematic, but the scale, organisation and level of misconduct associated with CCP talent-recruitment programs sets them apart from efforts by other countries. These concerns underline the need for governments to do more to recognise and respond to CCP talent-recruitment activities.

The mechanisms of CCP talent recruitment are poorly understood. They’re much broader than the Thousand Talents Plan—the best known among more than 200 CCP talent-recruitment programs. Domestically, they involve creating favourable conditions for overseas scientists, regardless of ethnicity, to work in China.1 Those efforts are sometimes described by official sources as ‘building nests to attract phoenixes’.2

This report focuses on overseas talent-recruitment operations—how the CCP goes abroad to hunt or lure phoenixes. It studies, for the first time, 600 ‘overseas talent-recruitment stations’ that recruit and gather information on scientists. Overseas organisations, often linked to the CCP’s united front system and overlapping with its political influence efforts, are paid to run most of the stations.3
 

What’s the solution?

Responses to CCP talent-recruitment programs should increase awareness and the transparency of the programs.

Governments should coordinate with like-minded partners, study CCP talent-recruitment activity, increase transparency on external funding in universities and establish research integrity offices that monitor such activities. They should introduce greater funding to support the retention of talent and technology.

Security agencies should investigate illegal behaviour tied to foreign talent-recruitment activity.

Funding agencies should require grant recipients to fully disclose any participation in foreign talent-recruitment programs, investigate potential grant fraud and ensure compliance with funding agreements.

Research institutions should audit the extent of staff participation in foreign talent-recruitment programs. They should act on cases of misconduct, including undeclared external commitments, grant fraud and violations of intellectual property policies. They should examine and update policies as necessary. University staff should be briefed on foreign talent-recruitment programs and disclosure requirements.
 

Introduction

The party and the state respect the choices of those studying abroad. If you choose to return to China to work, we will open our arms to warmly welcome you. If you stay abroad, we will support you serving the country through various means.

—Xi Jinping, 2013 speech at the 100th anniversary of the founding of the Western Returned Scholars Association, which is run by the United Front Work Department.4

The CCP views technological development as fundamental to its ambitions. Its goal isn’t to achieve parity with other countries, but dominance and primacy. In 2018, General Secretary Xi Jinping urged the country’s scientists and engineers to ‘actively seize the commanding heights of technological competition and future development’.5 The Made in China 2025 industrial plan drew attention to the party’s long-held aspiration for self-sufficiency and indigenous innovation in core industries, in contrast to the more open and collaborative approach to science practised by democratic nations.6

The CCP treats talent recruitment as a form of technology transfer.7 Its efforts to influence and attract professionals are active globally and cover all developed nations. The Chinese Government claims that its talent-recruitment programs recruited as many as 60,000 overseas scientists and entrepreneurs between 2008 and 2016.8 The Chinese Government runs more than 200 talent-recruitment programs, of which the Thousand Talents Plan is only one (see Appendix 1).

The US is the main country targeted by these efforts and has been described by Chinese state media as ‘the largest “treasure trove” of technological talent’.9 In addition to the US, it’s likely that more than a thousand individuals have been recruited from each of the UK, Germany, Singapore, Canada, Japan, France and Australia since 2008.10

Future ASPI International Cyber Policy Centre research will detail Chinese Government talent- recruitment efforts in Australia. Past reports have identified a handful of Australian participants in China’s talent-recruitment programs, including senior and well-funded scientists, and around a dozen CCP-linked organisations promoting talent-recruitment work and technology transfer to China.11 However, the scale of those activities is far greater than has been appreciated in Australia.

China’s prodigious recruitment of overseas scientists will be key to its ambition to dominate future technologies and modernise its military. Participants in talent-recruitment programs also appear to be disproportionately represented among overseas scientists collaborating with the Chinese military. Many recruits work on dual-use technologies at Chinese institutions that are closely linked to the People’s Liberation Army.

These activities often exploit the high-trust and open scientific communities of developed countries. In 2015, Xi Jinping told a gathering of overseas Chinese scholars that the party would ‘support you serving the country through various means’.12 As detailed in Bill Hannas, James Mulvenon and Anna Puglisi’s 2013 book Chinese industrial espionage, those ‘various means’ have often included theft, espionage, fraud and dishonesty.13 The CCP hasn’t attempted to limit those behaviours. In fact, cases of misconduct associated with talent programs have ballooned in recent years. The secrecy of the programs has only been increasing.

The CCPs’ talent-recruitment efforts cover a spectrum of activity, from legal and overt activity to illegal and covert work (Figure 1). Like other countries, China often recruits scientists through fair means and standard recruitment practices. It gains technology and expertise from abroad through accepted channels such as research collaboration, joint laboratories and overseas training. However, overt forms of exchange may disguise misconduct and illegal activity. Collaboration and joint laboratories can be used to hide undeclared conflicts of commitment, and recruitment programs can encourage misconduct. Participants in talent-recruitment programs may also be obliged to influence engagement between their home institution and China. The Chinese Government appears to have rewarded some scientists caught stealing technology through talent-recruitment programs. In some cases, Chinese intelligence officers may have been involved in talent recruitment. Illustrating the covert side of talent recruitment, this report discusses cases of espionage or misconduct associated with talent recruitment and how the Chinese military benefits from it (Appendix 2).

Figure 1: The spectrum of the CCP’s technology transfer efforts

Talent-recruitment work has been emphasised by China’s central government since the 1980s and has greatly expanded during the past two decades.14 In 2003, the CCP established central bodies to oversee talent development, including the Central Coordinating Group on Talent Work ( 中 央 人才工作协调小组), which is administered by the Central Committee’s Organisation Department and includes representation from roughly two dozen agencies.15  In 2008, the party established the national Overseas High-level Talent Recruitment Work Group (海外高层次人才引进工作小组) to oversee the Thousand Talents Plan (see box).16 Local governments around China also regularly hold recruitment events at which overseas scientists are signed up to talent-recruitment schemes and funding initiatives.17 This demonstrates how talent-recruitment efforts are a high priority for the CCP, transcending any particular bureaucracy and carried out from the centre down to county governments.

The Overseas High-level Talent Recruitment Work Group

The Overseas High-level Talent Recruitment Work Group was established in 2008 to oversee the implementation of the Thousand Talents Plan. It’s administered by the Central Committee’s Organisation Department, which plays a coordinating role in talent recruitment work carried out by government and party agencies. Its members include the Ministry of Human Resources and Social Security, the Ministry of Education, the Ministry of Science and Technology, the People’s Bank of China, the State-owned Assets Supervision and Administration Commission, the Chinese Academy of Sciences, the United Front Work Department (UFWD) of the Central Committee of the CCP, the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the Ministry of Finance, the Overseas Chinese Affairs Office (now part of the UFWD), the Chinese Academy of Engineering, the National Natural Science Foundation, the State Administration of Foreign Experts Affairs (now part of the Ministry of Science and Technology), the Communist Youth League of China and the China Association for Science and Technology.18

To illustrate the international reach of CCP talent recruitment, the ASPI International Cyber Policy Centre (ICPC) has created an original database of 600 overseas talent-recruitment stations. The operation of the stations is contracted out to organisations or individuals who are paid to recruit overseas scientists. They might not have a clear physical presence or might be co-located with the organisations contracted to run them (see box). This is a growing part of the CCP’s talent-recruitment infrastructure—providing on-the-ground support to the CCP’s efforts to identify and recruit experts from abroad—but it has never been analysed in detail before.

Features of overseas talent-recruitment stations

  • Overseas organisations or individuals contracted by the CCP to carry out talent-recruitment work
  • Often run by overseas united front groups
  • Tasked to collect information on and recruit overseas scientists
  • Promote scientific collaboration and exchanges with China
  • Organise trips by overseas scientists to China
  • Present across the developed world
  • May receive instructions to target individuals with access to particular technologies
  • Paid up to A$30,000 annually, plus bonus payments for each successful recruitment

The database was compiled using open-source online information from Chinese-language websites. Those sources included Chinese Government websites or media pages announcing the establishment of overseas recruitment stations and websites affiliated with overseas organisations running recruitment stations. We carried out keyword searches using various Chinese terms for talent-recruitment stations to identify their presence across the globe. An interactive version of the map of stations is in the online version of this report (Figure 2).

Figure 2: Overseas recruitment stations and their links back to China

Please click the map for the interactive database. Hover over data points for details on each recruitment station. Please note: stations are geo-located to City level (not street-level). 

Using examples and case studies of stations from around the world, this report also reveals the role of the united front system in talent-recruitment work. The united front system is a network of CCP-backed agencies and organisations working to expand the party’s United Front—a coalition of groups and individuals working towards the party’s goals. Many of those agencies and organisations run overseas recruitment stations. As detailed in the ASPI report The party speaks for you: foreign interference and the Chinese Communist Party, the system is widely known for its involvement in political influence work, but its contributions to technology transfer have attracted little attention.

Why China’s talent-recruitment programs raise concerns

China’s talent-recruitment programs are unlike efforts by Western governments to attract scientific talent. As two scholars involved in advising the CCP on talent recruitment wrote in 2013, ‘The Chinese government has been the most assertive government in the world in introducing policies targeted at triggering a reverse brain drain.’19 The flow of talent from China is still largely in the direction of the US.20 However, research from the Center for Security and Emerging Technology found that the proportion of Chinese STEM PhD graduates of US universities intending to stay in the US has declined over the past two decades.21 In May 2020, the US Government announced new restrictions on visas for scientists linked to the Chinese military.22

The widespread misconduct associated with CCP talent-recruitment programs sets them apart from efforts by other nations. For example, an investigation by the Texas A&M University system found more than 100 staff linked to China’s talent programs, but only five disclosed it despite employees being required to do so.23 That level of misconduct hasn’t been reported in other countries’ talent-recruitment efforts. The absence of any serious attempt by the Chinese Government or its universities to discourage theft as part of its recruitment programs amounts to a tacit endorsement of the programs’ use to facilitate espionage, misconduct and non-transparent technology transfers.

The extent of misconduct by selectees suggests that this is enabled or encouraged by agencies overseeing the programs. Agencies at the centre of China’s talent recruitment efforts have themselves been directly involved in illegal activity. For example, an official from China’s State Administration of Foreign Experts Affairs was involved in stealing US missile technology through the recruitment of a US scientist (see Noshir Gowadia case in Appendix 2).24

Talent recruitment programs have been used to incentivise and reward economic espionage. For example, in 2013, Zhao Huajun (赵华军), was imprisoned in the US after stealing vials of a cancer research compound, which he allegedly used to apply for sponsorship there.25 A month after Zhao was released from prison, he was recruited by the Zhejiang Chinese Medicine University through the Qianjiang Scholars (钱江学者) program.26 In another case, a Coca-Cola scientist allegedly conspired with a Chinese company to secure talent-recruitment program funding on the basis of stolen trade secrets.27

Talent-recruitment programs are also tied to research commercialisation. Applicants to the Thousand Talents Plan have the option to join as ‘entrepreneurs’ rather than as scientists, supporting companies they have established in China.28 The Thousand Talents Plan is supported by the Thousand Talents Plan Venture Capital Center (千人计划创投中心), which runs competitions to pair participants with start-up funding.29

Commercial activity by talent-recruitment program participants isn’t always disclosed, which often breaches university policies on intellectual property and commercialisation. One recruit from an Australian university set up a laboratory and an artificial intelligence (AI) company in China that later received funding linked to the Thousand Talents Plan Venture Capital Center, but reportedly didn’t disclose that to his Australian university, against existing university policies. The company later supplied surveillance technology to authorities in Xinjiang.30

US investigations of participants in talent-recruitment programs have led to an increase in the programs’ secrecy, rather than reforms to make them more transparent and accountable. In September 2018, the Chinese Government began removing references to the Thousand Talents Plan from the internet and ordering organisations to use more covert methods of recruitment.31 A leaked directive told those carrying out recruitment work for the plan to not use email when inviting potential recruits to China for interviews, and instead make contact by phone or fax under the guise of inviting them to a conference (Figure 3). ‘Written notices should not contain the words “Thousand Talents Plan”’, the document states. In 2018, the official website of the Thousand Talents Plan removed all news articles about the program, before going offline in 2020.32

Figure 3: A leaked notice from September 2018 ordering organisations to use more covert methods of recruiting Thousand Talents Plan participants

Highlighted text: ‘In order to further improve work guaranteeing the safety of overseas talent, work units should not use emails, and instead use phone or fax, when carrying out the interview process. [Candidates] should be notified under the name of inviting them to return to China to participate in an academic conference or forum. Written notices should not include the words “Thousand Talents Plan”.’

Source: ‘被美國盯上 傳中國引進人才不再提千人計畫’ [Targeted by the US, it’s rumoured that China will no longer mention the 1,000 Talent Plan], CNA.com, 5 October 2018, online.

CCP technology-transfer efforts are often flexible and encourage individuals to find ways to serve from overseas. Participants in the Thousand Talents Plan, for example, have the option to enter a ‘short-term’ version of the program that requires them to spend only two months in China each year.33 Some selectees establish joint laboratories between their home institutions and their Chinese employers, which could be a way to disguise conflicts of commitment where they have agreed to spend time working for both institutions.34 ‘This enables them to maintain multiple appointments at once, which may not be fully disclosed. This may mean that they’re effectively using time, resources and facilities paid for by their home institutions to benefit Chinese institutions.

Without residing in China, scientists can support collaboration with Chinese institutions, receive visiting Chinese scholars and students and align their research with China’s priorities. Steven X Ding (丁先春), a professor at the University of Duisburg in Germany who has also been affiliated with Tianjin University, was quoted describing this mentality when he worked as vice president of the University of Applied Science Lausitz:35

I manage scientific research at the university, which has more than 100 projects supervised by me—this is a ‘group advantage’. I can serve as a bridge between China and Germany for technological exchange … and I can make greater contributions than if I returned to China on my own. Foreign countries aren’t just advanced in their technologies, but also their management is more outstanding. Being in Germany I can introduce advanced technologies to China, assist communication, exchange and cooperation, and play a role as a window and a bridge [between China and Germany].36

The CCP’s talent-recruitment activities are also notable for their strategic implications. The deepening of ‘military–civil fusion’ (a CCP policy of leveraging the civilian sector to maximise military power) means that China’s research institutes and universities are increasingly involved in classified defence research, including the development of nuclear weapons.37 Chinese companies and universities are also working directly with public security agencies to support the oppression and surveillance of minorities through their development and production of surveillance technologies.38  Participants in talent-recruitment programs also appear to be disproportionately represented among overseas scientists collaborating with the Chinese military.39 Recruitment work by the People’s Liberation Army and state-owned defence conglomerates is described later in this report.

These structures behind talent-recruitment activity and their links to national initiatives show how it’s backed by the party’s leaders and high-level agencies and has clear objectives. This contradicts the theory that China employs a ‘thousand grains of sand’ approach to intelligence gathering or economic espionage, relying on uncoordinated waves of amateur ethnic-Chinese collectors to hoover up technology.40 Indeed, what may be one of the most egregious charges of misconduct related to a talent-recruitment program involves Harvard Professor Charles Lieber, a nanotechnologist with no Chinese heritage, who was arrested in 2020 for allegedly failing to disclose a US$50,000 monthly salary he received from a Chinese university as part of the Thousand Talents Plan.41 As shown by the case of Zheng Xiaoqing, who allegedly stole jet turbine technology from GE Aviation while joining the Thousand Talents Plan as part of a Jiangsu State Security Department operation, talent recruitment can at times involve professional intelligence officers (see Appendix 2).

In 2012, Peter Mattis, an expert on CCP intelligence activity, wrote that ‘The “grains of sand” concept focuses analytic attention on the [counter-intelligence] risk individuals pose rather than on government intelligence services.’42 In the case of talent-recruitment programs, interpreting them through the lens of a ‘grains of sand’ model would place greater emphasis on individuals involved in the programs while neglecting the mechanisms of talent recruitment activity used by the CCP. Talent-recruitment efforts are carried out with heavy involvement from the united front system and dedicated agencies such as the Ministry of Science and Technology’s State Administration of Foreign Experts Affairs.43

It isn’t an ethnic program with individual actors at its core—it’s a CCP program leveraging incentives as well as organised recruitment activity—yet it’s often framed by the party as serving the country’s ethno-nationalist rejuvenation.44

Recognising these features of CCP technology-transfer activity—such as its central and strategic guidance, implementation across various levels of the Chinese Government, high-rate of misconduct and reliance on overseas recruitment mechanisms—should be fundamental to any responses to the activity.45 Poorly executed, and sometimes misguided, attempts at investigating and prosecuting suspected cases of industrial espionage have helped build an image of both the problem and enforcement actions as being driven by racial factors rather than state direction.46

Talent-recruitment stations

Chinese Government and Party agencies from the national to the district level have established hundreds of ‘overseas talent recruitment workstations’ in countries with high-quality talent, cutting-edge industries and advanced technology.47 The stations are established in alignment with central guidance on talent-recruitment work and also adapt to the needs of the various Chinese Government organs establishing them. They’re run by overseas organisations, such as community associations, and are a key part of the CCP’s little-understood talent-recruitment infrastructure.

The stations work on behalf of the Chinese Government to spot and pursue talent abroad. Their importance is reflected in the fact that research for this report has uncovered 600 stations spread across technologically advanced countries (Figure 4).48 The increasingly covert nature of talent recruitment efforts means on-the-ground measures such as talent-recruitment stations should become more important.

The highest number of stations (146) was found in the United States. However, Germany, Australia, the United Kingdom, Canada, Japan, France and Singapore also each had many stations. This underscores the global reach of China’s talent-recruitment efforts and the high level of recruitment activity in those countries.

Figure 4: The top 10 countries hosting identified talent-recruitment stations

The stations often don’t have dedicated offices or staff. Instead, they’re contracted to local professional, community, student and business organisations, such as the Federation of Chinese Professionals in Europe.49 Such organisations already have established links inside Chinese communities and receive payments in return for spotting and recruiting talent, promoting research collaboration and hosting official delegations from China. The organisations are often linked to the CCP’s united front system and may be involved in mobilising their members to serve the party’s goals—whether cultural, political or technological. In at least two cases, talent-recruitment stations have been linked to alleged economic espionage.

Talent-recruitment stations have been established since at least 2006, and the number has grown substantially since 2015.50 The recent expansion may be related to policies associated with the 13th Five-Year Plan (2016–2020) that advocated strengthening talent-recruitment work ‘centred on important national needs’.51 Of the 600 stations identified in this report, more than 115 were established in 2018 alone (Figure 5).52

Figure 5: Talent recruitment stations established each year, 2008 to 2018

Note: Only stations with verified establishment dates are included.

Politics and talent recruitment intersecting in Canada

In July 2016, the Fujian Provincial Overseas Chinese Affairs Office, part of the united front system, sent representatives, including its director (pictured first from left in Figure 6), around the world to establish talent-recruitment stations.53 Four were established in Canada. John McCallum, a Canadian politician who resigned as ambassador to China in 2019 after urging the government to release Huawei CFO Meng Wanzhou, was pictured (second from right) at the opening of a station run by the Min Business Association of Canada (加拿大闽商总会).54 The association’s chairman, Wei Chengyi (魏成义, first from right), is a member of several organisations run by the UFWD in China and has been accused of running a lobbying group for the Chinese Consulate in Toronto.55

Figure 6: The opening ceremony

Source: ‘Fujian Overseas Chinese Affairs Office’s first batch of four overseas talent recruitment sites landed in Canada’, fjsen.com, 21 July 2016, online.

We obtained several talent-recruitment station contracts, contract templates and regulations that shine a light on the stations’ operations (Figure 7). They reveal that organisations hosting stations are paid an operating fee, receive bonuses for every individual they recruit and are often required to recruit a minimum number of people each year. Those organisations are also collecting data on foreign scientists and research projects. They organise talent-recruitment events, host and arrange visiting Chinese Government delegations and prepare trips to China for prospective recruits.56

Figure 7: A talent recruitment contract signed between the Human Resources and Social Security Bureau of Qingrong District in Chengdu and a Sino-German talent-exchange association

Source: ‘About this overseas talent workstation’, German-Chinese Senior Talent Exchange and Economic and Trade Cooperation Promotion Association, 12 July 2017, online.

Organisations running recruitment stations can receive as much as ¥200,000 (A$40,000) for each individual they recruit. In addition, they’re paid as much as ¥150,000 (A$30,000) a year for general operating costs.57

CCP talent-recruitment agencies gather large amounts of data on overseas scientists, and overseas talent-recruitment stations may be involved in this information-gathering work. Domestically, the Thousand Talents Think Tank (千人智库), which is affiliated with the UFWD, claims to hold data on 12 million overseas scientists, including 2.2 million ethnic Chinese scientists and engineers.58 In 2017, a Chinese think tank produced a database of 6.5 million scientists around the world, including 440,000 AI scientists, as a ‘treasure map’ for China’s development of AI technology and a resource for talent recruitment.59 Abroad, recruitment stations set up by Tianjin City are instructed to ‘grasp information on over 100 high-level talents and an equivalent amount of innovation projects’.60 Qingdao City’s overseas stations are required to collect and annually update data on at least 50 individuals at the level of ‘associate professor, researcher or company manager’ or higher.61 The Zhuhai City Association for Science and Technology tasks its overseas stations with ‘collecting information on overseas science and technology talents, technologies and projects through various channels’.62

Information about overseas technologies and scientists is used for targeted recruitment work that reflects the technological needs of Chinese institutions. For example, Shandong University’s overseas recruitment stations recommend experts ‘on the basis of the university’s needs for development, gradually building a talent database and recommending high-level talents or teams to the university in targeted way’.63 The Guangzhou Development Zone ‘fully takes advantage of talent databases held by their overseas talent workstations … attracting talents to the zone for innovation and entrepreneurship through exchange events and talks’.64

However, the 600 stations identified in this report are probably only a portion of the total number of stations established by the CCP. The real number may be several hundred greater. For example, we identified 90 stations established by the Jiangsu Provincial Government or local governments in the province, yet in 2017 the province’s Overseas Chinese Affairs Office—only one of many agencies in the province establishing overseas recruitment stations—stated that it had already established 121 stations.65

One hundred and seventy-one identified stations were established by united front agencies such as overseas Chinese affairs offices. For many other stations, it’s unclear which part of the bureaucracy established them, so the real number of stations established by the united front system is probably much greater. Similarly, the Qingdao UFWD describes how the city’s Organisation Department produced regulations on overseas talent-recruitment stations and the UFWD advised on their implementation and encouraged united front system agencies to carry them out.66 Universities, party organisation departments, state human resources and social affairs bureaus, state-backed scientific associations and foreign experts affairs bureaus also establish overseas-recruitment stations. None of them is an intelligence agency, but the networks and collection requirements of stations mean they could benefit China’s intelligence agencies.

Overseas talent-recruitment stations are typically run by local organisations, which are contracted to operate them for a period of several years. The local groups include hometown associations, business associations, professional organisations, alumni associations, technology-transfer and education companies and Chinese students and scholars associations (CSSAs) (see box). Local host organisations have often been established with support from, or built close relationships with, agencies such as China’s State Administration for Foreign Experts Affairs and the UFWD.67 Overseas operations of Chinese companies reportedly also host talent-recruitment stations.68 In one case, a station was reportedly established in the University College Dublin Confucius Institute.69

Chinese students and scholars associations involved in running talent recruitment stations

  • US: Greater New York Fujian Students and Scholars Association, University of Washington CSSA, North American Chinese Student Association, UC Davis CSSA
  • Australia: Victoria CSSA, Western Australia CSSA, New South Wales CSSA
  • UK: United Kingdom CSSA
  • Switzerland: Geneva CSSA
  • Italy: Chinese Students and Scholars Union in Italy
  • Czech Republic: Czech CSSA
  • Ireland: CSSA Ireland
  • Hungary: All-Hungary CSSA

Provincial, municipal and district governments are responsible for most talent recruitment, yet their activities are rarely discussed. Qingdao city alone claims that it recruited 1,500 people through its recruitment stations between 2009 and 2014.70 Out of 600 recruitment stations identified in this research, only 20 were established by national organisations, such as the UFWD’s Western Returned Scholars Association (WRSA) and Overseas Chinese Affairs Office.

Similarly, over 80% of talent-recruitment programs are run at the subnational level and may attract as many as seven times as many scientists as the national programs. Between 2008 and 2016, China’s Ministry of Human Resources and Social Security determined that roughly 53,900 scholars had been recruited from abroad by local governments. More than 7,000 scholars were recruited through the Thousand Talents Plan and Hundred Talents Plan (another national talent-recruitment program) over the same period.71

Case study: Zhejiang’s recruitment work in the United Kingdom

A 2018 CCP report on Zhejiang Province’s overseas talent-recruitment work mentioned that it had established 31 overseas recruitment stations. According to the report, Brunel University Professor Zhao Hua (赵华) from the UK is one of the scientists recruited through their efforts.72 Zhao is an expert in internal combustion engines who was recruited to Zhejiang Painier Technology (浙江 派尼尔科技公司), which produces ‘military and civilian-use high-powered outboard engines’.73

The partnership between Zhao and Zhejiang Painier Technology was formed with the help of a talent-recruitment station and reportedly attracted Ұ300 million (A$60 million) in investment.74 The Zhejiang UK Association (英国浙江联谊会) runs as many as four talent-recruitment stations and has recruited more than 100 experts for Zhejiang Province or cities in the province.75 They include a station for Jinhua, the city where Zhejiang Painier Technology is based, so it could have been the organisation that recruited Professor Zhao.76

The Zhejiang UK Association’s founding president is Lady Bates (or Li Xuelin, 李雪琳), the wife of Lord Bates, Minister of State for International Development from 2016 until January 2019.77 Accompanied by her husband, Lady Bates represented the association at the establishment of a recruitment station for Zhejiang Province’s Jinhua city in 2013 (Figure 8).78 She was a non-voting delegate to the peak meeting place of the CCP-led United Front—the Chinese People’s Political Consultative Conference (CPPCC)—and is a member of the UFWD-run China Overseas Friendship Association.79

Figure 8: Lord (first row, second from right) and Lady Bates (first row, centre)

Source: ‘英国浙江联谊会再次携手浙江——与金华市政府签署设立金华英国工作站协议’ [British Zhejiang Friendship Association joins hands with Zhejiang again—Signed an agreement with Jinhua Municipal Government for the establishment of Jinhua UK Workstation], ZJUKA, no date, online.

Counsellor Li Hui (李辉), a senior united front official from the Chinese Embassy in London, praised the association at the station’s founding.80 In particular, he noted Lady Bates’s use of her personal connections to arrange for the signing ceremony to be held in the Palace of Westminster.81

Talent-recruitment stations help arrange visits by Chinese delegations. For example, the Australian alumni association of Northwestern Polytechnical University (NWPU) became a recruitment station for the university and Xi’an City, where the university is located, in 2018.82 It arranged meetings between NWPU representatives and leading Australian-Chinese scientists and helped the university sign partnerships with them. Within a month, it claimed to have introduced five professors from universities in Melbourne to NWPU, although it’s unclear how many of them were eventually recruited by the university.83 NWPU specialises in aviation, space and naval technology as one of China’s ‘Seven Sons of National Defence’—the country’s leading defence universities.84 It’s been implicated in an effort to illegally export equipment for antisubmarine warfare from the US.85

Overseas talent-recruitment organisations also run competitions and recruitment events for the Chinese Government. For example, in 2017, the UFWD’s WRSA held competitions around the world, including in Paris, Sydney, London and San Francisco, in which scientists pitched projects in the hope of receiving funding from and appointments in China. The events were held with the help of 29 European, Singaporean, Japanese, Australian and North American united front groups for scientists.86 Organisations including the University of Technology Sydney CSSA and the Federation of Chinese Scholars in Australia (全澳华人专家学者联合会)—a peak body for Chinese-Australian professional associations that was set up under the Chinese Embassy’s guidance—have partnered with the Chinese Government to hold recruitment competitions tied to the Thousand Talents Plan.87 As described below, CSSAs have run recruitment events for Chinese military institutions and state-owned defence companies.

Talent recruitment in Japan

The All-Japan Federation of Overseas Chinese Professionals (中国留日同学会) is the leading united front group for ethnic Chinese scientists and engineers in Japan. It describes itself as having been established in 1998 under the direction of the UFWD and the UFWD’s WRSA, which is a dedicated body used by the department to interact with and influence scholars with overseas connections.88

Every president of the federation has also served as a council member of the WRSA or the China Overseas Friendship Association, which is another UFWD-run body.89 It runs at least eight talent-recruitment stations—organising talent-recruitment events in Japan and bringing scientists to talent-recruitment expos in China—and reportedly recruited 30 scientists for Fujian Province alone.90 Despite its involvement in the CCP’s technology-transfer efforts, it has partnered with the Japan Science and Technology Agency to run events.91 Former prime minister Hatoyama Yukio (鸠山由纪夫) attended the opening of a WRSA overseas liaison workstation run by the group—the first established by the WRSA (Figure 9).92

Figure 9: Former Japanese prime minister Hatoyama Yukio at the opening of a WRSA workstation

While raw numbers of recruited scientists are occasionally published, specific examples of scientists recruited by individual stations are difficult to find. In 2018, Weihai, a city in Shandong Province, released the names of 25 scientists recruited through stations in Japan and Eastern Europe.93 Among the recruits were medical researchers and AI specialists, including a Ukrainian scientist specialising in unmanned aerial vehicles who was recruited by Harbin Institute of Technology—one of China’s leading defence research universities.94

Case study: The Changzhou UFWD’s overseas network

The UFWD of Changzhou, a city between Shanghai and Nanjing, has established talent-recruitment stations around the world. The UFWD set up the stations alongside its establishment of hometown associations for ethnic Chinese in foreign countries. This illustrates the united front system’s integration of technology-transfer efforts and political and community influence work.

In October 2014, a delegation led by the Changzhou UFWD head Zhang Yue (张跃) travelled to Birmingham to oversee the founding of the UK Changzhou Association (英国常州联谊会). Zhang and the president of the UK Promotion of China Re-unification Society (全英华人华侨中国统一促进会) were appointed as the association’s honorary presidents.95 A united front official posted to the PRC Embassy in London also attended the event.96

The association immediately became an overseas talent-recruitment station for Changzhou and a branch of the Changzhou Overseas Friendship Association, which is headed by a leader of the Changzhou UFWD.97 According to a CCP media outlet, the association ‘is a window for external propaganda for Changzhou and a platform for talent recruitment’ (Figure 10).98

Figure 10: A plaque awarded by the Changzhou City Talent Work Leading Small Group Office to its ‘UK talent recruitment and knowledge introduction workstation’ in 2014

Three days later, the Changzhou UFWD delegation appeared in Paris for the founding of the France Changzhou Association (法国常州联谊会). Again, the Changzhou UFWD head was made honorary president and the association became a talent-recruitment station and a branch of the Changzhou Overseas Friendship Association. CCP media described it as ‘the second overseas work platform established by Changzhou’ under the leadership of Changzhou’s Overseas Chinese Federation, which is a united front agency.99

As detailed in a report published by the province’s overseas Chinese federation, these activities were part of the Changzhou united front system’s strategy of ‘actively guiding the construction of foreign overseas Chinese associations’.100 By 2018, when the report was published, the city had established associations in Australia, Canada, Singapore, the US and Hong Kong and was in the middle of establishing one in Macau. The founding of the Australian association was attended by a senior Changzhou UFWD official, Victorian Legislative Assembly member Hong Lim and Australian Chinese-language media mogul Tommy Jiang (姜兆庆).101

Economic espionage

The following two case studies demonstrate how talent-recruitment stations and their hosting organisations have been implicated in economic espionage and are often closely linked to the CCP’s united front system.

Case study: Cao Guangzhi

In March 2019, Tesla sued its former employee Cao Guangzhi (曹光植, Figure 11), alleging that he stole source code for its Autopilot features before taking it to a rival start-up, China’s Xiaopeng Motors.102

In July, he admitted to uploading the source code to his iCloud account but denies stealing any information.103 Tesla calls Autopilot the ‘crown jewel’ of its intellectual property portfolio and claims to have spent hundreds of millions of dollars over five years to develop it.104 Additional research on the subject of this ongoing legal case shows a pattern of cooperation between Cao and the CCP’s united front system on talent-recruitment work dating back to nearly a decade before the lawsuit.

Figure 11: Cao Guangzhi (far left) with other co-founders of the Association of Wenzhou PhDs USA

Source: ‘全美温州博士协会 “藏龙卧虎”,有古根海姆奖得主、苹果谷歌工程师···’ [The ‘Hidden Dragon and Crouching Tiger’ of the Wenzhou Doctors Association of the US; there are Guggenheim Award winners, Apple Google engineers…], WZRB, 14 April 2017, online.

When Cao submitted his doctoral thesis to Purdue University in 2009, he and three friends established the Association of Wenzhou PhDs USA (全美温州博士协会).105 All four hail from Wenzhou, a city south of Shanghai known for the hundreds of renowned mathematicians who were born there.106 From its inception, the association has worked closely with the PRC Government. A report from Wenzhou’s local newspaper claims that the Wenzhou Science and Technology Bureau, Overseas Chinese Affairs Office and Overseas Chinese Federation gave the group a list of US-based PhD students and graduates from the town, whom they then recruited as members.107 The head of the Wenzhou UFWD praised the association during a 2010 trip to America as ‘the first of its kind and highly significant’.108

The Association of Wenzhou PhDs USA carries out talent recruitment on behalf of the CCP. The year after its establishment, it signed an agreement with the UFWD of a county in Wenzhou to run a talent-recruitment station that gathers information on overseas scientists and carries out recruitment work.109 That year, it also arranged for 13 of its members to visit Wenzhou for meetings with talent-recruitment officials from organisations such as the local foreign experts affairs bureau 110 and with representatives of local companies. Several of the members also brought their research with them, presenting technologies such as a multispectral imaging tool.111

Within a few years of its founding, the association had built up a small but elite group of more than 100 members. By 2017, its members reportedly included Lin Jianhai (林建海), the Wenzhou-born secretary of the International Monetary Fund; engineers from Google, Apple, Amazon, Motorola and IBM; scholars at Harvard and Yale; and six US government employees.112 At least one of its members became a Zhejiang Province Thousand Talents Plan scholar through the group’s recommendation.113 It also helped Wenzhou University recruit a materials scientist from the US Government’s Argonne National Laboratory.114

Case study: Yang Chunlai

The case of Yang Chunlai (杨春来) offers a window into the overlap of the united front system and economic espionage. Yang was a computer programmer at CME Group, which manages derivatives and futures exchanges such as the Chicago Mercantile Exchange. Employed at CME Group since 2000, he was arrested by the Federal Bureau of Investigation (FBI) in July 2011.115 In 2015, he pleaded guilty to trade secrets theft for stealing CME Group source code in a scheme to set up a futures exchange company in China. He was sentenced to four years’ probation.116

Before his arrest, Yang played a central role in a united front group that promotes talent recruitment by, and technology transfer to, China: the Association of Chinese-American Scientists and Engineers (ACSE, 旅美中国科学家工程师专业人士协会). From 2005 to 2007 he was the group’s president, and then its chairman to 2009.117

ACSE is one of several hundred groups for ethnic Chinese professionals that are closely linked to the CCP.118 ACSE and its leaders frequently met with PRC officials, particularly those from united front agencies such as the Overseas Chinese Affairs Office (OCAO),119 the CPPCC and the All-Chinese Federation of Returned Overseas Chinese. At one event, the future director of the OCAO, Xu Yousheng (许又声), told ACSE:

There are many ways to serve the nation; you don’t have to return to China and start an enterprise. You can also return to China to teach or introduce advanced foreign technology and experience—this is a very good way to serve China.120

Yang was appointed to the OCAO’s expert advisory committee in 2008.121 In 2010, he also spoke about ACSE’s close relationship with the UFWD-run WRSA.122

Further illustrating these linkages, Yang visited Beijing for a ‘young overseas Chinese leaders’ training course run by the OCAO in May 2006. Speaking to the People’s Daily during the course, Yang said, ‘It’s not that those who stay abroad don’t love China; it’s the opposite. The longer one stays in foreign lands, the greater one’s understanding of the depth of homesickness.’123 Yang also spoke of the sensitivity of source code used by companies, work on which doesn’t get outsourced. However, he hinted at his eventual theft of code by saying: ‘Of course, even with things the way they are, everyone is still looking for suitable entrepreneurial opportunities to return to China’.124

In 2009, an ‘entrepreneurial opportunity’ may have presented itself when ACSE hosted a talent-recruitment event by a delegation from the city of Zhangjiagang (张家港).125 At the event, which Yang attended (Figure 12), ACSE signed a cooperation agreement with Zhangjiagang to ‘jointly build a Sino-US exchange platform and contribute to the development of the homeland’—potentially indicating the establishment of a talent-recruitment station or a similar arrangement.126

Figure 12: Yang Chunlai (rear, second from right) at the signing ceremony for ACSE’s partnership with Zhangjiagang

Yang later wrote a letter to the OCAO proposing the establishment of an electronic trading company led by him in Zhangjiagang and asking for the office’s support.127 In mid-2010, he emailed CME Group trade secrets to officials in Zhangjiagang and started setting up a company in China. By December, he began surreptitiously downloading source code from CME Group onto a removable hard drive.128 

Yang’s relationship with the OCAO probably facilitated and encouraged his attempt to steal trade secrets in order to establish a Chinese company that, according to his plea deal, would have become ‘a transfer station to China for advanced technologies companies around the world’.129

Yang’s activities appeared to go beyond promoting technology transfer; there are indications that he was also involved in political influence work. This reflects the united front system’s involvement in both technology transfer and political interference. At a 2007 OCAO-organised conference in Beijing, Yang said that he had been encouraged by CPPCC Vice Chairman and Zhi Gong Party Chairman Luo Haocai to actively participate in politics, which he described as ‘a whip telling overseas Chinese to integrate into mainstream society’. He added, ‘I estimate that [ACSE] can influence 500 votes’ in the 2008 US presidential election.130 Yang also befriended politicians, including one senator, who wrote a letter to the judge testifying to Yang’s good character.131 In his OCAO conference speech, he highlighted the appointment of Elaine Chao as US Secretary of Labor and her attendance at ACSE events.132

Talent recruitment and the Chinese military

Talent recruitment is also being directly carried out by the Chinese military. For example, the National University of Defense Technology (NUDT, the People’s Liberation Army’s premier science and technology university) has recruited at least four professors from abroad, including one University of New South Wales supercomputer expert, using the Thousand Talents Plan.133

Outside of formal talent-recruitment programs, NUDT has given guest professorships to numerous overseas scientists, For instance, Gao Wei (高唯), an expert in materials science at New Zealand’s University of Auckland, was awarded a distinguished guest professorship at NUDT in May 2014.134

Gao is closely involved in CCP talent-recruitment efforts. In 2016, he joined Chengdu University as a selectee of the Sichuan Provincial Thousand Talents Plan.135 Just a month before joining NUDT, he signed a partnership with the State Administration of Foreign Experts Affairs as president of the New Zealand Chinese Scientists Association (新西兰华人科学家协会).136 In 2018, the association agreed to run a talent-recruitment station for an industrial park in Shenzhen.137 He has reportedly served as a member of the overseas expert advisory committee to the united front system’s OCAO.138 In 2017, at one of the OCAO’s events, Gao expressed his desire to commercialise his research in China and said that ‘even though our bodies are overseas, we really wish to make our own contributions to [China’s] development’.139

The military’s recruitment of scientists is supported by the same network of overseas recruitment stations and CCP-linked organisations that are active in talent-recruitment work more generally.

Chinese military recruitment delegations have travelled around the world and worked with local united front groups to hold recruitment sessions. In 2014, the New South Wales Chinese Students and Scholars Association (NSW-CSSA, 新南威尔士州中国学生学者联谊会) held an overseas talent-recruitment event for NUDT and several military-linked civilian universities.140 The NSW-CSSA is a peak body for CSSAs and holds its annual general meetings in the Chinese Consulate in the presence of Chinese diplomats.141 In 2013, NUDT held a recruitment session in Zürich organised by the Chinese Association of Science and Technology in Switzerland (瑞士中国学人科技协会).142 A similar event was held in Madrid in 2016.143

The Chinese Academy of Engineering Physics (CAEP), which runs the military’s nuclear weapons program, is particularly active in recruiting overseas experts. By 2014, CAEP had recruited 57 scientists through the Thousand Talents Plan.144 It runs the Center for High Pressure Science and Technology Advanced Research in Beijing in part as a platform for recruiting overseas talent. The institute doesn’t mention its affiliation with CAEP on its English-language website, yet it’s run by a Taiwanese-American scientist who joined CAEP through the Thousand Talents Plan.145 So many scientists from the US’s Los Alamos National Laboratory (a nuclear weapons research facility) have been recruited to Chinese institutions that they’re reportedly known as the ‘Los Alamos club’.146

CAEP also holds overseas recruitment events. At a 2018 event in the UK, a CAEP representative noted the organisation’s intention to gain technology through talent recruitment, saying ‘our academy hopes that overseas students will bring some advanced technologies back, and join us to carry out research projects.’147

Chinese state-owned defence conglomerates are engaged in the same activities. China Electronics Technology Group Corporation (CETC), which specialises in developing military electronics, has been building its presence in Austria, where it opened the company’s European headquarters in 2016 and runs a joint laboratory with Graz University of Technology.148 As part of its expansion, it held a meeting of the European Overseas High-level Talent Association (欧洲海外高层次人才联谊会) in 2017 that was attended by dozens of scientists from across Europe. Later that year, CETC reportedly held similar meetings and recruitment sessions in Silicon Valley and Boston.149 In 2013, the head of CETC’s 38th Research Institute, which specialises in military-use electronics such as radar systems, visited Australia and met with a local united front group for scientists.150 Several members of the group from the University of Technology Sydney attended the meeting, and two years later the university signed a controversial $10 million partnership with CETC on technologies such as AI and big data.151

The Chinese Government’s primary manufacturer of ballistic missiles and satellites, China Aerospace Science and Technology Corporation, has held recruitment sessions in the US and UK through the help of local CSSAs.152

In addition to traditional defence institutions (military institutes and defence companies), China’s civilian universities are increasingly involved in defence research and have also recruited large numbers of overseas scientists. ASPI ICPC’s China Defence Universities Tracker has catalogued and analysed the implementation of military–civil fusion in the university sector.153 The policy of military–civil fusion has led to the establishment of more than 160 defence laboratories in Chinese universities, and such defence links are particularly common among leading Chinese universities that attract the greatest share of talent-recruitment program participants.154 Many recruits end up working in defence laboratories or on defence projects.155

Recommendations

The CCP’s use of talent-recruitment activity as a conduit for non-transparent technology transfer presents a substantial challenge to governments and research institutions. Many of those activities fly under the radar of traditional counterintelligence work, yet they can develop into espionage, interference and illegal or unethical behaviour.

While this phenomenon may still be poorly understood by many governments and universities, it can often be addressed by better enforcement of existing regulations. Much of the misconduct associated with talent-recruitment programs breaches existing laws, contracts and institutional policies. The fact that it nonetheless occurs at high levels points to a failure of compliance and enforcement mechanisms across research institutions and relevant government agencies. Governments and research institutions should therefore emphasise the need to build an understanding of CCP talent-recruitment work. They must also ensure that they enforce existing policies, while updating them as necessary. This report recommends the introduction of new policies to promote transparency and accountability and help manage conflicts of interest.

For governments

We recommend that governments around the world pursue the following measures:

  1. Task appropriate agencies to carry out a study of the extent and mechanisms of CCP talent-recruitment work, including any related misconduct, in their country.
  2. Ensure that law enforcement and security agencies are resourced and encouraged to investigate and act on related cases of theft, fraud and espionage.
  3. Explicitly prohibit government employees from joining foreign talent-recruitment programs.
  4. Introduce clear disclosure requirements for foreign funding and appointments of recipients of government-funded grants and assessors of grant applications.
  5. Ensure that funding agencies have effective mechanisms and resources to investigate compliance with grant agreements.
  6. Ensure that recipients of government research funding are required to disclose relevant staff participation in foreign talent-recruitment programs.
  7. Establish a public online database of all external funding received by public universities and their employees and require universities to submit and update data.
  8. Establish a national research integrity office that oversees publicly funded research institutions, produces reports for the government and public on research integrity issues, manages the public database of external funding in universities, and carries out investigations into research integrity.
  9. Brief universities and other research institutions about CCP talent-recruitment programs and any relevant government policies.
  10. Develop recommendations for universities and other research institutions to tackle talent-recruitment activity. This can draw on the Guidelines to counter foreign interference in the Australian university sector developed by a joint government and university sector taskforce on foreign interference.156
  11. Create an annual meeting of education, science and industry ministers from like-minded countries to deepen research collaboration within alliances, beyond existing military and intelligence research partnerships, and coordinate on issues such as technology and research security.
  12. Increase funding for the university sector and priority research areas, such as artificial intelligence, quantum science and energy storage, perhaps as part of the cooperation proposed above.
  13. Develop national strategies to commercialise research and build talent.

For research institutions

We recommend that research institutions such as universities pursue the following measures:

  1. Carry out a comprehensive and independent audit of participation in CCP talent-recruitment programs by staff.
  2. Ensure that there’s sufficient resourcing to implement and ensure compliance with policies on conflicts of interest, commercialisation, integrity and intellectual property.
  3. Fully investigate cases of fraud, misconduct or nondisclosure. These investigations should determine why existing systems failed to prevent misconduct and then discuss the findings with relevant government agencies.
  4. In conjunction with the government, brief staff on relevant policies on and precautions against CCP talent-recruitment programs.
  5. Strengthen existing staff travel databases to automatically flag conflicts with grant commitments and contracts.
  6. Update policies on intellectual property, commercialisation, research integrity, conflicts of interest and external appointments where necessary.

Participants in CCP talent-recruitment programs should be required to submit their contracts with the foreign institution (both English and Chinese versions) and fully disclose any remuneration.

Appendix

Two appendices accompany this report:

  • Appendix 1: Selected Chinese government talent-recruitment programs
  • Appendix 2: Cases and alleged cases of espionage, fraud and misconduct

Readers are encouraged to download the report to access the appendices.

Acknowledgements

I would like to thank Jichang Lulu, Lin Li, Elsa Kania, John Garnaut, Danielle Cave, Fergus Hanson, Michael Shoebridge and Peter Jennings for their support and feedback on this report. Lin Li helped compile the database of talent-recruitment stations. Alexandra Pascoe provided substantial help in researching and writing the case summaries in Appendix 2. Audrey Fritz and Emily Weinstein contributed valuable research on talent-recruitment programs. I would also like to thank anonymous peer reviewers who provided useful feedback on drafts of the report. The US Department of State provided ASPI with US$145.6k in funding, which was used towards this report.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non-partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our Annual Report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber and emerging technologies and their impact on broader strategic policy. The ICPC informs public debate and supports sound public policy by producing original empirical research, bringing together researchers with diverse expertise, often working together in teams. To develop capability in Australia and our region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises both in Australia and overseas for both the public and private sectors. The ICPC enriches the national debate on cyber and strategic policy by running an international visits program that brings leading experts to Australia.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published August 2020. ISSN 2209-9689 (online)
ISSN 2209-9670 (print)

  1. Those conditions include lucrative wages, the creation of tailored venture capital firms and dedicated technology parks. For an influential and detailed study of the domestic infrastructure of PRC technology-transfer efforts, as well as much of its overseas activities through the State Administration of Foreign Experts Affairs, in particular, see Bill Hannas, James Mulvenon, Anna Puglisi, Chinese industrial espionage: technology acquisition and military modernisation, Routledge, London and New York, 2013. ↩︎
  2. See, for example, ‘致公党江苏省委首届“引凤工程”成果丰硕’ [Zhigong Party Jiangsu Committee’s first ‘Attracting Phoenixes Project’ has bountiful results], Jiangsu Committee of the Zhigong Party, 2 January 2011, online; Tang Jingli [唐景莉], ‘筑巢引凤聚才智 国际协同谋创新’ [Building nests to attract phoenixes and gather talents and knowledge, international collaboration for innovation], Ministry of Education, 5 April 2012, online; ‘“筑巢引凤”聚人才 浙江举行 “人才强企”推介会’ [Building nests to attract phoenixes and gather talents, Zhejiang holds the ‘strong talent enterprises’ promotional event], Zhejiang Online, 18 July 2019, online. ↩︎
  3. See Alex Joske, The party speaks for you: foreign interference and the Chinese Communist Party’s united front system, ASPI, Canberra, June 2020, online. ↩︎
  4. Xi Jinping [习近平], ‘习 近平:在欧 美同学会成立100周年庆祝大会上的讲话’ [Xi Jinping: Speech at the celebration of the 100th anniversary of the founding of the Western Returned Scholars Association], Chinese Communist Party News, 21 October 2013, online. ↩︎
  5. ‘习近平:瞄准世界科技前沿引领科技发展方向抢占先机迎难而上建设世界科技强国’ [Xi Jinping: Set sights on the cutting-edge of world science and technology and guide the direction of technological development; seize this strategic opportunity and meet the challenge of building a strong country in terms of science and technology], Xinhua, 28 May 2018, online. ↩︎
  6. Elsa Kania, ‘Made in China 2025, explained’, The Diplomat, 2 February 2019, online; PRC State Council, ‘中国制造2025’ [Made in China 2025], www.gov.cn, 8 May 2015, online; China’s National Medium-Long Term Science and Technology Development Plan (2006–2020) highlighted the goal of indigenous innovation: online . ↩︎
  7. China’s 2017 State Council Plan on Building a National Technology Transfer System describes talent recruitment as a form of technology transfer. See State Council, ‘国家技术转移体系建设方案’ [Plan on Building a National Technology Transfer System], www.gov.cn, 15 September 2017, online. ↩︎
  8. ‘我国留学回国人员已达265.11万人’ [The number of Chinese returning from studying abroad has reached 2,651,100], Economic Daily, 12 April 2017, online. ↩︎
  9. ‘中国驻外使领馆:万流归海引人才 不遗余力架桥梁’ [PRC overseas mission: amid the flow of tens of thousands of talents returning to China, we do not spare energy in building bridges], www.gov.cn, 4 June 2014, online. ↩︎
  10. These estimates are based on the conservative assumption that 60,000 individuals have been recruited from abroad through CCP talent-recruitment programs since 2008. Data on 3,500 participants in the Thousand Talents Plan was used to estimate the proportion recruited from each country. ↩︎
  11. Clive Hamilton, Alex Joske, ‘United Front activities in Australia’, Parliamentary Joint Committee on Intelligence and Security, 2018, online; Ben Packham, ‘Security experts warn of military threat from Chinese marine project’, The Australian, 10 February 2020, online; Alex Joske, ‘The company with Aussie roots that’s helping build China’s surveillance state’, The Strategist, 26 August 2019, online; Ben Packham, ‘Professor, Chinese generals co-authored defence research’, The Australian, 31 July 2019, online; Geoff Wade, Twitter, 25 February 2020, online. ↩︎
  12. Xi Jinping [习近平], ‘习近平:在欧美同学会成立100周年庆祝大会上的讲话’ [Xi Jinping: Speech at the celebration of the 100th anniversary of the founding of the Western Returned Scholars Association]. ↩︎
  13. Hannas et al., Chinese industrial espionage: technology acquisition and military modernization. ↩︎
  14. ‘中央引进国外智力领导小组始末’ [The beginning and end of the Central Leading Small Group for Introducing Foreign Expertise], Baicheng County Party Building Online, 30 September 2019, online. ↩︎
  15. ‘中国人才工作的新进展’ [New progress in China’s talent work], China Online, 28 June 2005, online. ↩︎
  16. ‘中共中央办公厅转发《中央人才工作协调小组关于实施海外高层次人才引进计划的意见》的通知’ [Notice on the CCP General Office circulating ‘Recommendations of the Central Talent Work Coordination Small Group on implementing the overseas high-level talent recruitment plan’], China Talent Online, 20 June 2012, online. ↩︎
  17. ‘2003年全国人才工作会议以来我国人才发展纪实’ [Recording the country’s talent development since the 2003 National Talent Work Conference], People’s Daily. Many of these events, such as Liaoning Province’s China Overseas Scholar Innovation Summit (中国海外学子创业周) and Guangzhou’s Convention on Exchange of Overseas Talents and Guangzhou, were first held before 2003. ‘2018中国海外人才交流大会开幕’ [2018 Convention on Exchange of Overseas Talents], Western Returned Scholars Association (WRSA), 24 December 2018, online ; ‘海外学子创业周凸显品牌效应’ [The Overseas Scholar Entrepreneurship Week has a clear brand effect], Sina, 26 May 2010, online. ↩︎

Working smarter, not harder

Leveraging government procurement to improve cybersecurity and supply chains

What’s the problem?

Australian governments are the nation’s largest spenders on ICT, but they’re failing to maximise the leverage that market power gives them to drive improved cybersecurity and more secure supply chains. Government can harness its spending power to not only improve its own cybersecurity, but to drive better cybersecurity throughout the wider economy. However, current approaches are fragmented and having limited impact, so a concerted national effort is needed, underpinned by major strategic changes in approach.

What’s the solution?

The Australian Government and the state and territory governments should establish a single coherent set of security standards expected from suppliers. The standards need to be more than just a tick-the-box exercise to set a minimum standard—they should provide multiple levels through which suppliers can seek to progress by continuous improvement. In order to protect sensitive data, secure managed enclaves should be used to minimise exposure to the risks of individual suppliers’ ICT systems.

Procurement frameworks need to provide commercial incentives for suppliers to improve their security. In limited areas where there’s a compelling strategic benefit to Australia from building capability, those frameworks should also be linked to a sovereign capability framework to ensure that preference is given to Australian companies.

Introduction

It’s forecast that this year there will be more than two and a half times more connected devices than there are people.1 Securing those devices and networks is critical but increasingly challenging— in 2018–19, the Australian Cyber Security Centre (ACSC) responded to 2,164 incidents,2 while data from the ReportCyber network suggests that more broadly across Australia there are approximately 150 cybercrime incidents per day.3

The Australian Government allocated an average of $65 million per year to its cybersecurity strategy over the past four years, but that figure is dwarfed by broader federal government ICT procurement, and even more so by the combined ICT spend by the three levels of Australian government. The amount spent annually by the federal government alone has grown significantly from $5.9 billion in 2012–13 to almost $10 billion now.4 State and local governments are also big spenders on ICT: the NSW Government IT budget is over $3 billion per year.5

Such scale means that government ICT procurement has significant market power. This paper explores how that procurement could be leveraged as part of the updated cybersecurity strategy currently being prepared for the next four years. The paper starts by examining supply-chain risks and opportunities, before looking at the key barriers and challenges and suggesting how they could be addressed. This study is based on interviews with key stakeholders in government and industry and a review of openly available material on government procurement approaches. While the focus is on Australian Government procurement, state and local government procurement is considered where appropriate.

Supply-chain risks and opportunities

Supply chains are integral to cybersecurity. Almost all end users of ICT systems rely on hardware, software or services built or delivered by someone else. Where a supplier becomes a critical node in the supply chain, integral to a large part of the ICT ecosystem, security failures have the potential to generate major systemic cyber and operational risks. We rely on suppliers exercising due diligence in their development, management and operational activities to avoid deliberate or accidental compromise (see box).

Supply-chain assurance risks

The first priority for government ICT procurement should be to ensure the security of the supply chain. However, it’s clear that supply-chain assurance can mean different things to different people. Generally, it can be considered under three main themes, which aren’t mutually exclusive:

  • Trust in the supplier company or organisation: Who owns, controls or influences the supplier? For nationally sensitive cases, there may be a preference or mandate for Australian-based capabilities. For example, the Digital Transformation Agency hosting strategy sets standards for data sovereignty and facility ownership, not just when contracts are signed, but throughout the lives of contracts.6
  • Security of the supplier’s IT systems: What controls does the supplier have in its IT systems to protect data received from the government customer or generated as part of delivering the contract? This can become important when suppliers are given access to the customer’s IT systems even for limited purposes. One of the highest profile data breaches—the loss of 70 million credit card details by Target in the US in 2013—occurred through the compromise of the IT systems of one of Target’s refrigeration contractors, which had access to a supplier portal for submitting invoices.
  • Security of the products and services being delivered by the supplier: Assuring the ownership of a company and its internal IT doesn’t necessarily mean that the products and services delivered won’t have security vulnerabilities. That will depend on the supplier’s security design and the assurance applied in their delivery. For example, this is critically important when procuring cloud services—the security of any applications that are run ‘in the cloud’ depends on the security of those individual applications.

The problem is that, in a market economy, the market often doesn’t provide the right incentives to suppliers. No one buys telecommunications services based on security, and how many consumers even think about the security options provided by their internet-connected doorbell? Governments are reluctant to directly intervene in the market, due not only to the cost and complexity of doing so, but also the moral hazard created by taking responsibility for decision-making away from the private sector and creating the perception that government is responsible for any residual risk.

However, government does interact with the private sector through its very significant procurement activities. Its position as a major buyer potentially provides significant market power that could be used to address some of these challenges. In an environment in which resources for cybersecurity are very limited, this could have the advantage of leveraging other existing budgets for ICT procurement. Of course, the priority should be to ensure security for the direct purposes of the procurement, but government also has an opportunity to leverage its market power to provide for broader benefits to the Australian economy and society.

Setting security standards expected from its suppliers may help to lift standards across the board. Companies will be incentivised to lift their standards in order to qualify to do business with the government, and it will often be easier for them to apply those standards across their whole enterprises rather than just for their government contracts. One example from a parallel field is the implementation of quality management systems brought about by government departments mandating ISO 9001 certification for suppliers. That has encouraged companies to implement quality management systems and to have them regularly audited and certified. This has created a vibrant market for auditors and consultants to help with designing and implementing appropriate systems and benefited the companies’ other customers through better quality assurance of their products and services. In the construction industry, the government has gone even further: companies are obliged to comply with the requirements of the Code for the Tendering and Performance of Building Work 2016 across their businesses or risk being barred from bidding for federally funded projects.7

With the right approach, there’s a real opportunity to stimulate innovation and new developments. If government can define the security outcomes required, that can encourage suppliers to compete to develop the most effective and value-for-money approaches to delivery. The most innovative approaches can then provide a market differentiator for the supplier that helps them to build business in the private sector, the export market, or both.

Challenges and barriers

Challenges and barriers to effective ICT supply-chain security include lack of coordination, unclear standards, a fragmented approach to security accreditation, uneven access to the market for suppliers and the need to comply with requirements to provide value for money.

Lack of a coordinated approach

Government procurement of ICT covers a vast range of products and services with different security implications, from commodity hardware for everyday use to highly sensitive specialist defence and national security systems. The Australian Government’s ICT expenditure is also spread across approximately 200 departments and agencies, which typically make their own procurement decisions based on their requirements and priorities. Overall governance is provided by the Department of Finance (for example, through the Commonwealth Procurement Rules8). The Digital Transformation Agency (DTA) has also negotiated government-wide contracts with key global suppliers,9 although departments and agencies are not compelled to use those suppliers. This fragmentation hinders efforts to use the combined market power of government procurement. In seeking more coordinated approaches, care will be needed to avoid the pitfalls that the DTA has faced in trying to set up government-wide frameworks.

Security standards and requirements

The Commonwealth Procurement Rules mandate the consideration of security risks in procurement, and it appears that the mandate is being applied. A study by IDC of global procurements for IT hardware showed that Australia performs better than many of its peers, and notably was the only country where there were no examples of ICT hardware procurements that didn’t specify any security requirements.10 Analysis for this report (see box) supports that conclusion but also shows that suppliers need to be ready to comply with a broad range of requirements. It also shows room for improvement for tenders that aren’t for direct ICT procurement but may have a key dependency on the security of suppliers’ systems to protect sensitive data.

Those working on defence projects often face the most significant risks and sophisticated threats, so for many years the Defence Industry Security Program has been in place to provide assurance of defence suppliers. The program has recently been overhauled to address the market barriers that it created and to implement options for different levels of assurance for different aspects of security, such as personnel, facilities and ICT, appropriate to the nature and sensitivity of the work.

Outside of Defence, requirements are generally more ‘light touch’, reflecting the different level and nature of risk, but are also much more fragmented and complex. From our analysis the standards that vendors may be asked to comply with, or at least be aware of, include the following:

  • The Protective Security Policy Framework (PSPF),11 issued by the Attorney-General’s Department, articulates government protective security policy, covering not just information security but also governance, personnel and physical security. This is quite high level, articulating five principles and 16 requirements to achieve the desired outcomes.
  • The Information security manual (ISM),12 issued by the ACSC, is a detailed cybersecurity framework for IT and security professionals. It consists of more than 180 pages and includes hundreds of controls tailored for different levels of government classified material, from ‘OFFICIAL’ to ‘TOP SECRET’.
  • Other guidance from the ACSC includes the Essential Eight Maturity Model,13 which is intended to provide a more manageable list of the top 8 recommended measures that can be implemented to improve cybersecurity, which are themselves a subset of 38 proposed strategies.14
  • ISO 27001 is an international standard for an information security management system (rather than specific controls).15
  • PCI-DSS is a specific set of standards for the secure storage and processing of payment card information.16

Review of government tender documents 

On one day in February 2020, 126 open approaches to the market were published and available on the Australian Government’s AusTender website.17 Of those, 18 were for the procurement of ICT products and services. All of them had some mention of security in the requirements, but the level of detail and approach differed:

  • Two didn’t specifically mention the PSPF or the ISM, and included vague, very high-level statements; one referred to no security requirements other than personnel screening.
  • Twelve specified the ISM and, in most cases, the PSPF. They were supplemented by additional requirements generally appropriate for the nature of the project. However, confusingly, sometimes specific ISM requirements were also called out as separate requirements. Of those 12, four included specific requirements for suppliers to ensure the security of their own supply chains; six were Defence projects referencing specific Defence security frameworks and requirements.

Other standards mentioned included other Australian Signals Directorate (ASD) guidance such as Strategies to mitigate cyber security incidents, ASD cryptographic evaluation, NIST–801 and ISO 27001. There were also a number of general statements about the required level of security, which varied from ‘reasonable efforts’ to mandated use of the ‘best available security’. There was inconsistency within individual tenders; for example, in one case requirements for security patching were mentioned in six different places, but the required timescales were variously described as ‘48 hours’ or ‘as required’ or weren’t specified.

Many of the other open approaches to market that were not directly ICT related still appeared likely to involve sensitive data being handed over to the successful contractor to allow it to deliver the required outcomes. Four were selected for review based on the likelihood that they involved the most sensitive data (financial data, personnel data for training, personal details of customers and health data). Of those, one had no security requirements, one mentioned only the need for personnel security screening, one mentioned a general need for compliance with the PSPF and awareness of the ISM, and one required compliance with a number of other standards, including PCI-DSS.

While these standards often have the same objectives, they take different approaches; for example, in whether they specify governance approaches, technical controls or expected security outcomes. It’s expensive and time-consuming for suppliers to go through a different process for each tender to prove compliance. A more efficient approach that would improve market dynamics would be to shift to a smaller, simplified set of standards. The DTA has tried to bring some standardisation into digital service delivery by government but has made limited forays into security.18 However, that may be appropriate, given DTA’s procurement focus; cybersecurity requirements should be specified by the appropriate experts and supported by procurement processes, not vice versa.

Furthermore, to be effective, the practical implementation challenges should be considered when choosing appropriate standards. In an attempt to find quick solutions from a buyer’s point of view, it appears that standards may be being recycled in different contexts. For example, many of the strategies recommended by ASD were originally formulated as recommendations for government departments and agencies. Although they’ve subsequently been broadened and recommended to businesses, too, applying them in a small business that doesn’t have the governance, policy and processes of a public-sector organisation can be very difficult. The Defence Industry Security Program requires even its smallest suppliers to comply with all of the ‘top 4’ controls, yet Australian National Audit Office reports regularly show that even many government departments can’t meet that threshold.19 ASD does provide specific guidance for small businesses,20 although we haven’t seen that guidance mentioned in the context of requirements for a government procurement.

There will be a need for experts who understand the practical implementation of the standards, both in the organisation that’s procuring the services and in the supplier that’s seeking to comply with the standards. Without that advice, expecting suppliers to simply follow the standards is unlikely to achieve the required security outcomes.

Security assurance of products and services procured

While assurance of suppliers and their IT systems is important, especially where sensitive data is being handed over to suppliers, the above standards still don’t really provide assurance when purchasing a product or service that it will be secure. This can be addressed by including specific requirements in the contract, but that doesn’t address the problem of verifying compliance. For more basic systems, it may be straightforward to verify configurations, safeguards, features and so on, but that’s more difficult for complex solutions, including software applications and cloud services. What about cybersecurity products themselves—how can buyers be assured that they behave as claimed and will have the desired security impact?

ASD has for the past few years awarded certification to some cloud services providers for processing data at ‘UNCLASSIFIED-DLM’ and ‘PROTECTED’ levels.21 This was a positive initiative by the appropriate technical experts in government to inject cybersecurity checks into the supply chain, and it has undoubtedly helped the take-up of cloud services by government departments by providing a ‘stamp of approval’. However, as it expanded beyond the initial focus on ‘infrastructure as a service’ into more complex cloud services such as ‘platform and software as a service’, demand seems to have exceeded the resources that ASD can provide, and it’s recently been confirmed that the scheme is being wound down.22 The announcement from ASD suggests that this will improve opportunities for local Australian businesses by removing a potential barrier. While the current list includes major multinational hyperscale cloud companies, we understand that some smaller providers have been waiting several years to go through this process, and the list hasn’t been updated for over a year. However, pushing the onus onto individual agencies and departments to make their own individual assessments runs the risk of fragmentation.

ASD also runs the Australasian Information Security Evaluation Program (AISEP), which certifies products in order to protect systems and information against cyber threats and lists them on the Certified Products List. This scheme uses an internationally recognised standard, the Common Criteria,23 with different levels of assurance based on impact, and ASD is also committed to the development of collaborative ‘protection profiles’ to further broaden the applicability of this scheme.

Product vendors must fund their own evaluations, which are carried out by an independent accredited test facility, and ASD oversees the process. However, where cryptographic evaluation is required, that’s done internally by ASD, and this can act as a bottleneck in the process due to a shortage of ASD resources. Given the importance of sovereign assurance of this aspect, additional resources should be found, potentially through engaging an external partner if one isn’t available internally.

Access to market

Cybersecurity is emerging as one of Australia’s most promising growth opportunities and has produced a number of vibrant companies and innovative ideas.24 Those companies need to connect with initial customers to validate their capabilities and provide a credible customer reference for broader sales efforts. Government contracts could be a good opportunity to do that and are potentially even better than grant funding, but it’s difficult for smaller companies, especially new entrants, to gain visibility and access to market opportunities. Many procurements are made through inflexible panel arrangements, forcing procurement to be routed through a handful of suppliers, and panel refreshes take place seldom, if at all, during a 3–5 year time frame. Procurement initiatives to reduce numbers of vendors and the bundling of projects as large integrated work packages are also factors that limit the ability of smaller players to directly tender for work. This means that small businesses may need to sell through a major prime, giving up 15–20% of revenue, which might be the difference between profitable and unprofitable work.

Even if they do get access to respond directly to requests for quotes, smaller companies may struggle to get brand recognition, while decision-makers prefer recognised brand names. Of course, to some extent this is in recognition of the fact that large multinationals can invest heavily in security, but it’s notable that many security companies that receive large venture capital investments seem to spend much of them on marketing, such as airport display advertising. There needs to be an even playing field to allow government buyers to assess and compare the security of the products and services being offered by companies of different types and sizes, by assessing against common standards and avoiding ratings based just on perceived brand reputation.

The value-for-money challenge

The Commonwealth Procurement Rules mandate value for money, but it’s currently difficult, if not impossible, to put a value on security. Agencies can stipulate minimum mandatory security requirements, but that doesn’t allow suppliers to differentiate themselves—customers and suppliers said that their expectation was that normally the winner would be the lowest cost solution that meets the minimum standards. Of course, for the most sensitive projects there may be more weighting on the security assessment, but that appears to be the exception rather than the rule. If providers believe they have differentiating security capabilities, their only realistic route is to lobby buyers before tender documents are drafted to get their preferred requirements included in the specification (once again, something that’s easier for larger established companies to do).

A better alternative would be a mechanism that mandates that security should always be explicitly included in the evaluation. One suggested option has been to explicitly include security as a ‘fourth pillar’ in evaluating proposals, alongside cost, quality and timescales, although this then leaves subjectivity about how to measure security and weight it against the other criteria. A better approach would be an effective pricing mechanism, reflecting the fact that better security should equate to lower financial risk. We understand that governments have been looking at how to value cybersecurity risk and found it challenging, so little progress has been made on this to date.

Of course, there’s a well-established market that provides a mechanism for consolidating data, sharing risk and best practice, helping organisations to manage and reduce risk, and putting a price on the residual risk—the insurance industry. However, the market for cybersecurity insurance, particularly in Australia, is currently poorly developed.25 Major players are still working out how traditional insurance concepts work in a cyber world where there are different threats (from petty criminals to nation states), attribution is difficult and collateral impacts can be significant. One example is the case of Mondelez v. Zurich Insurance, in which the insurer refused to pay out for the costs of a major cyberattack attributed to nation-state conflict, citing ‘act of war’ exemption clauses.26 There could be concerns that having insurance cover might make companies more complacent about security, and even make them more attractive targets for attackers if it’s known that they’re covered to pay out ransoms to recover encrypted data.

Recommendations for improvement

We recommend specific actions in the areas of assurance standards; testing and certification; cyber insurance; building sovereign capability; and securing government data.

Supplier assurance standards

There’s a need for a single set of standards for the assessment of supplier security to be used across government procurement. Further work is needed to define exactly what this should be, but the key characteristics should include the following:

  • Cover more than just technical IT controls by also including trust in the owners and employees of the supplier and a physical security component. The Defence Industry Security Program provides a good model for this, although required controls should be tailored to the level of risk.
  • Go beyond a single pass/fail level by providing a number of graduated levels. This will allow buyers to tailor the minimum level they require based on the nature of the project, but also gives suppliers a chance to show how they may exceed the minimum level, which may be considered an advantage in the evaluation process.
  • Encourage independent certification to build credibility, combined with efforts to build the pool of available assessors, for example through ASD accrediting assessors and ongoing quality control through reviews of randomised samples of work.
  • Ensure that, at the lower levels, it will be feasible for a large number of suppliers to be accredited in a short period of time. This will require ensuring that the criteria (for example, the existence of specific IT controls) can be readily evaluated.
  • Ensure that, at the higher levels, the assurance criteria are based more on risk and outcomes, encouraging suppliers to take a mature approach and to put in place continuous ongoing improvement plans.

Where possible, we should aim to learn from and leverage the experience of other countries. While the Australian market and customers may have some specialised requirements, it should be carefully considered whether those requirements are worth the costs of diverging from a standard used by another major country. Apart from the direct costs and benefits of reusing something that works for one of our allies, export opportunities will be improved if local companies that are getting certified for the local market automatically have a certification recognised overseas.

One example to consider is the UK Cyber Essentials Scheme.27 At the basic level, the scheme involves five basic controls that can be readily verified, and there’s an enhanced ‘Plus’ level that also includes an independent security test of the company’s systems. The UK Government has recently partnered with a commercial organisation to run the scheme and is reviewing the need for additional levels above and/or below those two levels.28

The US is getting ready to roll out CMMC (cybersecurity maturity model certification).29 Although CMMC is specifically defence focused, it is aimed at ‘controlled unclassified data’, which can be a common requirement across all of government. It combines recommended practices from existing US federal procurement regulations, international standards and even ASD’s ‘Essential Eight’, providing a graduated scale from level 1 with 17 specified practices through to level 5 with 10 times that number.

It includes a requirement for independent certification even at the lowest level and is designed to scale across the whole US defence supplier base (more than 300,000 companies) using a phased transition plan. Guidance material is still being developed, but it generally mandates outcomes rather than specific technical controls, so vendors may need technical advice to implement it effectively. 

Testing and certification processes

As noted above, assuring the security of a supplier and its systems is important, and that may be a sufficient safeguard when the potential risks concern sensitive data being handed over for processing or use by the supplier. However, where an IT product or service is being procured, supplier assurance in itself does not mean that the product or service is secure.

For hardware, particularly commodity hardware, customers may trust the vendor to do product assurance. This would require confirmation of the vendor’s processes for assuring its own supply chains. For example, how does the supplier ensure the traceability of components and products, verify chains of custody, and track any discovered vulnerabilities back to their point of origin? If there’s concern over specific products having targeted backdoors for a given customer, the customer could insist on choosing the items themselves from general stock in a warehouse. As an additional safeguard against any interference in transit, delivery systems could have their entire software (including firmware, BIOS etc.) rebuilt from verified images provided by the manufacturer. Some government departments have well-established procedures for this, which could be shared across other departments and agencies to build capability and scale.

These approaches can work for ‘commodity’ hardware (products that are manufactured and sold in significant quantities globally) and where the manufacturer is trusted. A different approach is needed for more specialised systems, smaller or untrusted vendors, and particularly software, which is inherently more complex and susceptible to security vulnerabilities. Assurance may be from a combination of design assurance and testing of the delivered product.

ASD has run schemes to centrally evaluate and test commercial products and services, such as the Certified Cloud Services List (CCSL) and Certified Products List. However, those schemes have suffered from resource constraints, particularly the CCSL, which hasn’t been updated for over a year. This has left government customers with the option of accepting self-certification from the vendor, with all the obvious risks and uncertainty that entails, or carrying out their own testing, which is likely to lead to, at best, duplication of effort among departments but more likely to the risk of inconsistent standards and potential failings due to the lack of specialist skills in each agency. A quick win would be to set up some sort of centralised library of evaluations carried out by individual departments, so that another department looking to use the same product could see and potentially reuse work already done.

Of course, care would be needed to ensure that a prior evaluation isn’t reused without considering the relevance of the context. It would also be preferable if there were some independent oversight or review, such as by the ACSC, to apply a common standard across agencies to ensure that vendors can’t ‘game’ the system by shopping around for the most favourable evaluation. This potential risk may be exacerbated by the recent decision for the ACSC to no longer maintain a list of certified cloud services and thus put the onus on individual departments. That announcement also suggested unspecified enhancements and uplift of the Information Security Registered Assessors Program. This could usefully include the suggestion that ASD accredits the certifiers and also provides some ongoing quality control through regular checking of a sample of the work undertaken.

However, ultimately, there needs to be an independent test and evaluation facility. If the ACSC doesn’t have the resources or capabilities to run such a facility, it could seek a partner to implement it and provide some specialist staff to support and accredit the processes being used. AustCyber has proposed a ‘sandbox’ that could be used for general proving of capabilities to potential government clients.30 Such a facility needs to be funded by the companies that are using it in order to ensure that it’s appropriately resourced and used when it can add value. It’s recognised that this could become a barrier to entry for small and medium-sized enterprises, but existing mechanisms (such as AustCyber’s role in identifying companies with commercially viable propositions and in providing targeted grants) could address that problem.

The ACSC has announced plans to establish consultative forums with industry, the first of which focuses on cloud security.31 The broader requirements for security testing and evaluation would be a suggested topic for a subsequent forum. However, it’s recommended that there be greater transparency about how industry representatives can be nominated and are selected—the announcement seems to suggest that the ACSC will select and invite representatives as it sees fit. When the Department of Home Affairs announced the establishment of an industry advisory panel for the 2020 Cyber Security Strategy, consisting of current or past executives of leading telecoms companies plus a representative of a US defence prime,32 that appeared to lack diversity and, in particular, to exclude any representation of small and medium-sized businesses.

Mandatory cybersecurity insurance for suppliers

For all government procurements of IT products and services, suppliers should be mandated to have appropriate cybersecurity insurance cover, thereby ensuring that there’s a price signal for risk. We’ve noted the problem that current mechanisms don’t provide an incentive to spend more on better security. In other spheres, we see that insurance provides this incentive—those that behave in less risky ways and take steps to mitigate their risk are rewarded with lower premiums. For example, household insurers typically offer discounts for houses that are normally occupied during the day and have good locks and monitored alarm systems.

This would be similar to existing obligations for public liability insurance and in some cases professional indemnity insurance that are commonly found in government tender requirements. Insurance should cover incident response, resilience resources and third-party breach liability. Government customers often insert such obligations in contractual clauses, but this would provide assurance that the company can have access to the right people and has the financial resources to meet these commitments, irrespective of the size and nature of the business—thereby removing an implicit preference for larger established brands.

It’s recognised that at present a number of factors are holding back the creation of an effective, functioning cybersecurity insurance market. Mandatory insurance would be a major factor in maturing the market, by ensuring sufficient demand to create economies of scale and building the overall volume of data that can be used for effective underwriting.

However, the market will require transitional support to manage the initial impact. Ideally, this move could be coordinated with Australia’s allies to build global scale and critical mass, but it’s unlikely to be practicable to achieve consensus without wasting the opportunity. If Australia is a global ‘first mover’ to make such a change, we’ll need to ensure that this provides opportunities for local insurers while insulating local suppliers from any initial systemic shocks. Other countries will seek to learn from our experience, and we need to ensure that there’s flexibility to also adapt in order to learn these lessons. The supplier assurance scheme, with graduated levels of assessment, should be designed to also meet the needs of insurers to help them with assessing risk. Appropriate risk-weighted premiums will be vital to ensure that insurance doesn’t effectively encourage risky behaviour or a false sense of comfort. The government may also need to regulate or even set up its own insurer to ensure that all companies have access to affordable cover in the short term. There’s a precedent for this: the government established Medibank to keep the private health insurance providers honest, and when the market was working well was then able to privatise the company.

In the longer term, there may still be a need for the government to be a last-resort reinsurer for major nation-state attacks, in a role analogous to its role in terrorism incident reinsurance.

Building sovereign capability

We’ve seen that cybersecurity represents a great economic opportunity for Australian industry, and that supplier trust is important. This means that, especially for the most sensitive applications, the development of sovereign industry capability should be encouraged. The government should establish a sovereign capability framework, identifying which technologies it’s strategically important to develop locally, and using that to guide more targeted mandated procurement and investment. An openly published framework would also help industry to prioritise its research and development to deliver in those areas. This would be analogous to the approach currently underway for the defence industry capability. This approach would effectively modify current procurement rules to allow government buyers to make decisions to prefer local suppliers where there’s a compelling need for a sovereign capability.

The US has for many years gone much further under the Buy American Act, which mandates government to prefer local suppliers in all cases unless the price premium is more than 25%. Applying such a blunt approach in Australia would make government spending less efficient and risk conflicting with international trade agreements. However, at the very least, the government should ensure that there’s a level playing field on which local companies of all sizes are able to have access to the market on an equal basis with global multinationals. There are arguments for a more measured ‘Buy Australian’ approach (for example, a target of, say, 5% of the IT spend on Australian companies) to be considered as a further step if sovereign capability development is slow to take off. This could act as a strong signal to those making procurement decisions about the importance of considering local suppliers.

Securing government data Where sensitive government data is provided to suppliers, assurance that the confidentiality and integrity of that data will be protected is needed. There are numerous examples of breaches, such as fighter aircraft plans being stolen from a small defence contractor’s network.33 Also, even if no information is passed to the contractor, the data that the contractor generates and delivers (for example, detailed blueprints for designs that it produces under the contract) may be sensitive.

While there’s a well-developed framework of security requirements for classified material, there can be significant risks involving unclassified but sensitive material that’s generally less well protected.34

We also see small businesses struggling to implement security on their IT systems to meet the requirements of the ISM with their limited budgets. While significant improvements can be made by improved basic cyber hygiene, for situations in which more sensitive data that may be of interest (for example, to nation-state attackers) is being processed, it’s difficult to implement advanced monitoring and the required defence in depth.

To address this, the government should establish a secure cloud-based environment that contractors can use for projects under contract to the government. This would allow companies to process, use and generate data using suitable technologies to assure separation from the host systems of the supplier. The environment would need to be fully functioning and have the range of ‘infrastructure as a service’ and ‘platform as a service’ offerings that companies would need. In order to avoid the overheads, and the moral hazard, of a government department trying to set up and run the assured environment, a better approach would be to license a small number of cloud vendors to provide it and to mandate suppliers to use one of those licensed services.

This approach should not only provide better assurance of data privacy and integrity but, by reducing the overheads of individual businesses implementing their own controls, should reduce the costs effectively charged by suppliers to government for compliance.

Conclusions

As the Australian Government looks to refresh its cybersecurity strategy in 2020, while end-user awareness and education will be important, the onus needs to be on the government and the private sector to uplift security across the board and make the lives of adversaries in cyberspace more difficult.

Government has limited human and financial resources and so needs to use them as effectively as possible. The significant overall ICT procurement spend by government represents an opportunity to do so, but is currently hampered by a fragmented approach, differing standards and regulations, and procurement approaches that don’t facilitate value being attached to innovative security approaches and sovereign capability.

Our main policy recommendations to address these challenges are as follows:

  • The Australian Government, working with the state and territory governments, should include in government procurement strategies consideration of how governments can use their market power to encourage better cybersecurity in what they purchase, and use that approach to encourage suppliers to improve the security of their offerings in all customer sectors.
  • Simplify the current array of supplier standards to a single set that provides multiple levels that can be used for different risk levels and also allow suppliers to demonstrate progress and enhanced levels of security.
  • Address gaps in the market for independent testing and certification, allowing buyers to be confident about the security of products and services and companies to be able to demonstrate and prove innovative approaches.
  • Follow up the recent announcements on the future of the CCSL and Information Security Registered Assessors Program by establishing a framework to standardise and assure the quality of work of independent assessors to provide a viable alternative, and ensure that industry consultations on future requirements are fully inclusive.
  • Ensure that risks to security are effectively factored into supplier quotes by investigating how a mandatory insurance regime could operate.
  • Develop and implement a sovereign capability strategy to ensure market opportunities for Australian companies of all types and sizes in order to build local capability in the most sensitive areas and to exploit the global economic opportunity that the cybersecurity market provides for local industry.
  • Use shared services approaches to ensure that consistent best practice is applied for the secure handling of sensitive data by government suppliers, without duplication of cost and effort.

Appendix: Detailed review of tender documents

Please download the report PDF to access the Appendix. 

Launch video

Minister for Industry, Science and Technology, the Hon Karen Andrews MP joins this ASPI webinar to provide a keynote address for the launch of the International Cyber Policy Centre’s report ‘Working smarter, not harder’.

The keynote is followed by a panel discussion and Q&A with report author and ASPI Fellow, Rajiv Shah, CEO for AustCyber, Michelle Price, Managing Director & Co-Founder, Macquarie Government, Aidan Tudehope and moderated by Director of ASPI’s International Cyber Policy Centre, Fergus Hanson.

Acknowledgements

The author would like to acknowledge the support of several Australian Government departments that were consulted for this study,in particular the Department of Human Services, along with other industry stakeholders who took time to share their experiences and perspectives. ASPI’s International Cyber Policy Centre receives funding from a variety of sources including sponsorship, research and project support from across governments, industry and civil society. ASPI would like to acknowledge Macquarie Government for supporting this research project.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our Annual Report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber and emerging technologies and their impact on broader strategic policy. The ICPC informs public debate and supports sound public policy by producing original empirical research, bringing together researchers with diverse expertise. To develop capability in Australia and our region, the ICPC has a capacity-building team that conducts workshops, training programs and large-scale exercises in Australia and overseas for both the public and private sectors. The ICPC enriches the national debate on cyber and strategic policy by running an international visits program that brings leading experts to Australia.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published August 2020

Cover image: Illustration by Wes Mountain. ASPI ICPC and Wes Mountain allow this image to be republished under the Creative Commons License Attribution-Share Alike. Users of the image should use the following sentence for image attribution: ‘Illustration by Wes Mountain, commissioned by the Australian Strategic Policy Institute’s International Cyber Policy Centre.’

Funding for this report was provided by Macquarie Government.

  1. Rob van der Meulen, ‘Gartner says 8.4 billion connected “things” will be in use in 2017, up 31 percent from 2016’, Gartner, 7 February 2017, online. ↩︎
  2. Australian Signals Directorate (ASD), Annual report 2018–19, Australian Government, 2019, online. ↩︎
  3. ASD, Australian Cyber Security Centre (ACSC), Cybercrime in Australia: July to September 2019, Australian Government, no date, online. ↩︎
  4. Henry Belot, ‘Federal government’s $10b IT bill now rivalling Newstart Allowance welfare spend’, ABC News, 28 August 2017, online. ↩︎
  5. Justin Hendry, ‘NSW govt IT spending tops $3bn’, ITNews, 1 August 2018, online. ↩︎

Clean pipes: Should ISPs provide a more secure internet?

Introduction

One of the largest online challenges facing Australia is to provide effective cybersecurity to the majority of internet users who don’t have the skills or resources to defend themselves.

This paper explores the concept of ‘Clean Pipes’, which is the idea that internet service providers (ISPs) could provide security services to their customers to deliver a level of default security.

The Australian Government looks to be implementing a version of Clean Pipes: on 30 June 2020 the Prime Minister announced a funding commitment to ‘prevent malicious cyber activity from ever reaching millions of Australians across the country by blocking known malicious websites and computer viruses at speed’.1

This paper examines arguments for Clean Pipes and possible implementation roadblocks.

Background

Australia’s 2016 Cyber Security Strategy recognised the opportunities and risks that come with cyberspace and committed to ‘enabling growth, innovation and prosperity for all Australians through strong cyber security’.2

Despite that strategy, however, the online security environment has continued to deteriorate.

There have already been several significant and newsworthy attacks3 so far this year:

  • Toll Group was affected by ransomware in both February and May.4
  • BlueScope Steel’s operations were affected by ransomware in May.5
  • MyBudget, a money management company, had outages caused by ransomware in May.6
  • Lion Australia, a beverage giant, was crippled by ransomware in June.7

However, most attacks aren’t publicly reported, so these incidents are undoubtedly just the tip of the iceberg.

A 2018 estimate that included broader direct costs calculated the potential loss to the Australian economy at $29 billion per year.8

During the Covid-19 crisis, there’s also been significant domestic and international concern about the vulnerability of critical infrastructure such as hospitals and the health sector to cyberattacks. Interpol warned that cybercriminals were targeting critical healthcare institutions with ransomware, and the Cyber Peace Institute issued a call for all governments to ‘work together now to stop cyberattacks on the healthcare sector’.9

This also rose to the highest levels of international diplomacy—the Department of Foreign Affairs and the Australian Cyber Security Centre (ACSC) issued a joint statement on ‘unacceptable malicious cyber activity’, and US Secretary of State Mike Pompeo warned of consequences for malicious cyber activity affecting hospitals and healthcare systems.10

This high-level diplomatic concern emphasises not only that cybersecurity is critically important, but that our current approaches to protecting Australia have failed to adequately protect all of our critical infrastructure.

The Problem

Providing resilient cybersecurity isn’t an inherently intractable task—for those who have the necessary skills and resources.

Individual organisations can and do make significant improvements in their cybersecurity posture when they’re motivated to prioritise security and invest the resources required, but when cybersecurity is viewed as an economy-wide challenge, there are significant sectors of the economy that do not, and probably never will, have the ability to successfully defend themselves.

Unfortunately, the motivation, capability and resources to provide robust cybersecurity are not aligned within the Australian internet ecosystem. Currently, too few businesses in Australia are motivated and capable of providing for their own security.

These are businesses that understand the risk to their operations that arise from failing to address security. Their business model demands that this risk be addressed, and, accordingly, they’ll pay to mitigate it. Some parts of the Australian business community could provide for their own cybersecurity but don’t give the task sufficient priority. Government should employ strategies that encourage them to invest in their own security. However, the bulk of Australian people and businesses fall into a third category: they would like to defend themselves online but don’t have the expertise or the resources to do so.

Large parts of the Australian economy and community can’t protect themselves online because they don’t have the skills or resources to do so.

Criminals, meanwhile, are agnostic about their targets and will attack whoever it is profitable to attack. As weaknesses in security in one area of the economy get shored up, other avenues are explored. If the top end of town is too tough, criminals will ransack those with relatively poor security—individuals and small and medium-sized enterprises.

They also take a ‘belt and braces’ approach to extracting money from their victims. In the May 2020 Toll Group ransomware attack, for example, the criminals first attempted to extract money with ‘traditional’ ransomware—encrypting IT systems to disrupt operations. When Toll refused to pay the ransom, the criminals changed to the exact opposite tactic and threatened to publicly release corporate data unless they were paid.11

Given that malicious actors seek out weakness and vulnerability wherever it exists in the economy, and that some parts of the economy will never have the sophistication and ability to protect themselves, we need to develop initiatives that provide ‘default security’ and bring resources and skills to those who don’t have them—who are generally small and medium-sized enterprises and consumers.

There are already initiatives that bring default security to groups that don’t have the skills or resources to protect themselves. 

They occur at different ‘layers’ of the architecture of the internet: at the hardware level, in operating systems, in some of the services that underpin the operation of the internet, and in the software applications that people use to access the internet (see Table 1).

Table 1: Current default security protections occur at different layers

At the most fundamental level, chip manufacturers have invested in the development of more secure computing architectures.12

Building upon those hardware improvements, operating system manufacturers have also baked default security into their products. This includes features such as automatic updates that make it easier to patch vulnerabilities, built-in anti-malware features such as Windows Defender and architectural features that make it more difficult for hackers to seize control, such as address space layout randomisation and data execution prevention.13

At the internet services layer, a number of Domain Name System (DNS; the system that converts human-readable internet addresses into internet protocol addresses) providers also include default security protection: Quad9, OpenDNS,14 Comodo Secure DNS15 and CleanBrowsing,16 among others. For example, Quad9 states in its FAQ that it ‘uses threat intelligence from a variety of public and private sources and blocks access to those malicious domains when your system attempts to contact them’.17

Google’s Safebrowsing18 and Microsoft’s SmartScreen,19 for example, are web-scanning, anti-phishing and anti-malware systems built into their respective browsers and operating systems to prevent users from visiting potentially dangerous web pages. As users browse the web, the pages they visit are compared to a list of ‘known-bad sites’ that have been confirmed to be hosting phishing or malware. If a user tries to visit one of those sites, instead of taking them directly there the user is shown a warning. These protections are imperfect, as the user can ignore the warning and click through to the site, and criminals and hackers are constantly trying new techniques to evade them, but they have very broad reach. Safebrowsing is used in Google’s Chrome, Mozilla’s Firefox and Apple’s Safari browsers, and together with SmartScreen in Microsoft Edge these systems protect billions of users by default. Google’s Transparency report statistics show that the SmartBrowsing system issued in the order of 5–10 million warnings per week so far this year up to late May 2020.20

These security improvements have occurred at different ‘layers’ of the internet—in browsers, in operating systems and in the underlying plumbing of the internet. They are also ‘high-leverage’ initiatives, in that these investments can improve security for millions to billions of internet users.

There have been improvements in default security in some aspects of online security over the past two decades, but there’s still a very long tail of vulnerability that we must cope with for the foreseeable future. Additionally, other developments threaten to undermine those improvements. The proliferation of the ‘internet of things’ (IoT)—internet-connected but poorly secured and increasingly ubiquitous consumer devices—threatens to introduce a large vector of insecurity that could drastically affect overall cybersecurity.21

Given the success of previous default-security initiatives, what other initiatives could have a widespread positive impact on the cybersecurity of millions of users?

Clean Pipes

One proposal that could help provide advanced capabilities to internet users is that ISPs be required or encouraged to perform ‘due diligence’ to protect their users from malicious traffic. This concept has been called ‘Clean Pipes’, drawing an analogy to water utilities providing clean drinking water.

Clean Pipes could involve ISPs using a variety of technologies to provide default security to their clients. At the conceptual level, this would involve:

  1. positively identifying threats, which could be, for example
    • internet locations that host malware or phishing
    • malware command and control
    • bogus traffic that can be used in attacks that try to overwhelm a service
    • ‘spoofed’ traffic that claims to originate from somewhere it doesn’t
  2. having some capability to proactively protect from different threats, such as
    • blocking and warning users who are attempting to navigate to dangerous locations, such as ones that host malware or phishing
    • removing bogus or spoofed traffic
  3. being able to adjust this blacklist dynamically and alter it through customer feedback if a location is inadvertently blacklisted.

These kinds of capabilities are already deployed around the world, in corporate networks, by British Telecom22 and recently by Telstra.

The Advantages

The key advantage of Clean Pipes is that it brings advanced scalable protection to an ISP’s entire customer base, which is particularly important to that majority of customers who don’t have the skills and resources to provide for their own security.

It’s also highly leveraged—although in a well-organised protection system the entire workforce involved in identifying malicious internet sites may be thousands of people, the knowledge they generate can be used to provide protection to potentially millions of ISP customers.

There are other advantages. ISPs also have a unique position in the network and are able to see all of the internet protocols that are being used, not just the very few that are used in web browsing. This means that ISPs can see different indicators of malicious behaviour than can, say, operating systems manufacturers, browser manufacturers, DNS providers, or even the anti-malware systems that work on individual computers. Each of these different vantage points into the internet has a different view and can be used to detect or even interrupt different kinds of activity. Browser-based protection, for example, can warn users of malicious websites but can do nothing to stop malware command and control once a computer is compromised.

Not only do ISPs get different views, they also get to act on those other protocols, blocking or redirecting them if need be. This is already standard practice where ISPs need to protect their networks from activity that could degrade or disrupt the network23 or where there’s already an established mechanism to block illegal content.24 ISPs could protect users from threats that can’t be tackled by the other default security providers previously mentioned.

There’s no legal impediment to ISPs providing some level of protection to their customers (excepting techniques that would be privacy-invading). Telstra has already implemented some customer protection under a Cleaner Pipes initiative and has blocked the ‘command and control communications of botnets and malware and [stopped] the downloading of remote access trojans, backdoors and banking trojans’.25 These initiatives can be written into terms-of-service contracts, although perhaps an ideal position would be to provide users with the ability to opt out if they don’t want default protection. For example, Google Safebrowsing and Microsoft SmartScreen both provide warnings that users are still able to navigate past.

ISPs already operate security operations centres and have security teams to protect their own networks’ integrity, so there are already skills and expertise resident within their organisations, although skill levels can vary significantly between ISPs. Providing default security to customers may require additional investment in resources, but it requires that an existing capability be grown rather than a new one created from scratch.

Additionally, ISP-level protections could be particularly useful in mitigating the risk from poorly secured IoT devices. Those devices can’t take advantage of some of the other default security advances that have taken place over recent years, such as improvements in browsers or operating systems, but they still communicate over the internet and do so in relatively standard ways, such that anomalous behaviour can be detected and at least some malicious behaviour blocked. That is, ISPs providing Clean Pipes could help mitigate one of our potential looming security threats.

Although ISPs providing default security protection has many benefits and could significantly reduce the damage caused by malicious traffic, it isn’t a panacea for all the ills of the internet. As with protections built into operating systems and browsers, malware, phishing and other threats will break through and cause harm to internet users.

ISP-level concerns and blockers

In Australia, ISPs, other than Telstra, don’t provide extensive default security protections to their customers. There are several reasons for this that fall into four categories:

  1. costs and ISP security expectations
  2. capability to detect and act
  3. understanding harms
  4. reputational risk.

Costs and security expectations

Possibly the underlying reason that most ISPs don’t invest significantly in Clean Pipes is that enhanced security costs more money and neither customers nor ISPs expect that an ISP should provide increased levels of default security.

Related to this, ISPs don’t believe that their customers value a more secure service, so there’s no potential profit available to justify a business case to provide these security services; therefore, no resources are allocated.

Additionally, there’s been no legal or regulatory obligation that has pushed ISPs to provide enhanced default security services.

Capability to detect and act

All ISPs have some level of security capability, which they need to protect their own networks. However, providing increased levels of default security to customers requires more extensive and more advanced capability to both detect malign behaviour and to act on it.

All ISP security operations must prioritise self-protection and they might not have additional capacity to detect malicious activity that doesn’t directly threaten their own operations. Without a clear view of malicious activity that affects their customers (or even third parties), ISPs are unable to act on it.

Any individual ISP would be able to identify some threats on its network, but a collaboration with multiple partners provides a more comprehensive and effective picture of both the threats and effective mitigations. Holistically understanding threats requires collaboration with multiple partners in the security ecosystem, including providers of threat intelligence, other industry verticals and competitor ISPs. Each organisation provides a different slice of the view so that the overall picture is far more complete than any individual organisation can develop on its own.

This industry collaboration would require two separate forms of trust:

  • Competitors would have to trust that companies within the same industry would not seek to gain competitive advantage through security collaboration. This is relatively straightforward within the information security community, as competitive advantage is seen to lie outside security, and effective security is generally perceived as a precondition for competition rather than as a basis for it.26
  • Companies need to trust the technical competence of collaborators. This is currently based on reputation and past performance, and there’s no formal process for technical trust to be built or certified.

The two forms of trust affect both the ability and willingness to share reliable information and to act effectively on information received. Discussions with stakeholders have indicated that significant skill and capacity differences exist between the security operations within different ISPs, and that those differences may make it difficult to engage in effective widespread information sharing across Australian ISPs.

Beyond merely detecting malicious activity, ISPs also need to have the ability to act on it. Acting on malicious behaviour requires additional financial investment beyond detecting it, so, even if ISPs see damaging activity, they may have decided that the costs of implementing default security for customers are simply too high. At the ISP level, most customers don’t pay extra for security services, so investment in providing improved security might not be seen as an economically viable return on investment.

Understanding harms

Beyond merely detecting malicious activity is understanding the harm that it causes. What malicious activity that ISPs see on their networks causes the most harm to customers? For activity that damages their own networks, that harm is easy for ISPs to understand, but quantifying damage caused to customers is very difficult.

Understanding the harms to customers could be improved by information sharing about the costs of cybercrime from government mechanisms such as ReportCyber, from NGOs such as IDCARE,27 or even from other industry verticals that collate information about the most damaging cybercrimes affecting their customer bases.

Some ISPs, particularly smaller ones, might not be able to detect malicious activity and don’t understand the harms it causes their customers. In such cases, ignorance is bliss—once an ISP sees malicious activity and understands that it causes harm to its customers, it faces its own version of the ‘trolley problem’. Do they intervene to protect their customers from dangerous activity on the internet, even though that may come at some financial cost?

Reputational risk

ISPs could also be concerned about the reputational risks involved in attempting to provide default security.

A key reputational concern is that ISPs may inadvertently block legitimate traffic. Although terms and conditions can mitigate legal concerns, ISPs still have to strike a balance between providing enhanced security and the risk that false positives will affect service quality. Importantly, there are harms to customers that occur when ISPs accidentally block non-malicious traffic and when ISPs allow customers to be harmed by malicious traffic. An ideal balance would minimise both harms while preserving online freedom, but this balance is inconsistently applied across different ISPs and is therefore probably suboptimal.

ISPs may also be concerned about the perception that default security requires them to compromise customer privacy. Certainly, government internet initiatives have focused on law enforcement and intelligence requirements, and Australia’s metadata retention laws28 and the Assistance and Access Act 201829 have been controversial.30 Telstra’s recent announcement regarding Cleaner Pipes, however, hasn’t so far been the subject of any significant level of controversy about privacy. In any case, whether through lack of obligation, understanding, capability or a business case, there’s no broad-based, ISP-led effort to provide default security to Australian internet users.

Government challenges

The challenges facing government mirror those facing ISPs.

The Australian Government hasn’t tried to lead a broader effort to provide default security to Australian internet users through a Clean Pipes initiative involving ISPs. In some sense, it hasn’t accepted that leading this kind of initiative is its job. In the absence of an industry consensus that ISPs should be providing some level of default security, the absence of government leadership or direction probably means that this status quo will continue.

A significant concern may be the controversies over privacy, censorship and surveillance that have accompanied previous internet initiatives, such as an internet filter proposed in 201231 and the previously mentioned metadata retention legislation and Access and Assistance Act. Those former initiatives have been focused on supporting law enforcement or preventing access to harmful content, rather than on providing secure internet access to consumers.

Concerns about privacy, censorship and surveillance could be mitigated by government initiatives having:

  1. a clear focus on threat filtering, with a clear and explicit goal of protecting internet users
  2. government leadership that doesn’t necessarily include government implementation
  3. actions focusing exclusively on cybersecurity threats rather than falling into mission creep and including other online harms (such as child exploitation) that are being tackled through other avenues (such as the e-Safety Commissioner)32
  4. transparency about how default security provisions are enacted and what they achieve
  5. a default system with an opt-out for those who don’t want to participate.

The cost of cybercrime isn’t well understood, and that makes it difficult to appropriately allocate resources. One of the most quoted estimates for cybercrime (a Microsoft-commissioned report from Frost and Sullivan) estimated in 2018 that cybercrime could cost Australia $29 billion per year,33 whereas a 2019 ACSC report estimated $328 million in annual losses.34

The ACSC report was based mostly on incidents self-reported to the ReportCyber platform and so is likely to be an underestimate of the cost, but the 100-fold difference between the estimated and measured values shows that the level of uncertainty is high. More comprehensive data would be helpful, and a granular understanding of the cyber threats that are causing the most harm would provide an economic justification for security investments that would be required to mitigate that harm.

Conclusion

This paper has documented some of the arguments for Clean Pipes initiatives in which ISPs deploy their security capabilities to provide default cybersecurity for their customers, and the potential difficulties in implementing such initiatives.

Large portions of the Australian economy and community aren’t capable of effectively providing for their own cybersecurity, and there are significant opportunities for wide-ranging and effective improvements in the security environment for all internet users.

Those approaches would be additional to other broad-based security improvements that have occurred in recent years and could go some way to mitigating the threat from the proliferation of poorly secured IoT devices.

Road Map

Currently, these opportunities aren’t being taken up because the Australian Government has yet to set a clear policy direction and because industry doesn’t see this as a business obligation. Recently announced government funding, including over $35 million to develop a ‘new cyber threat-sharing platform’ and over $12 million towards ‘strategic mitigations and active disruption options’ is an opportunity to change this status quo.35

The Australian Government should:

  • clearly articulate its position on ISPs providing default security services in its 2020 Cyber Security Strategy (Home Affairs)
  • raise the baseline of ISP security operational expertise by facilitating technical workshops (funding is available to support technical tools, but skilled cybersecurity personnel are also needed to both provide validated information and to make effective use of threat information) (ACSC)
  • investigate providing incentives to ISPs to implement improved default security (this could include technical training to improve capacity, funding for new capabilities, or even regulation or legislation to encourage adoption) (Home Affairs)
  • convene closed-door consultations with ISPs to discuss how the government could support and encourage the delivery of default security to customers (Home Affairs)
  • require transparency reports in which ISPs report on their efforts to provide safe and secure networks (Australian Communications and Media Authority)
  • more comprehensively quantify the cost of cybercrime in Australia through surveys and by engaging directly with Australian industry (Home Affairs).

ISPs should:

  • work with government to centralise and expand upon existing industry-wide efforts in collaboration, intelligence sharing and coordinated action. 

Australian industry, beyond ISPs, should:

  • increase the sharing of technical indicators of compromises that are affecting its customers (a government-supported centralised clearing house for information would support this)
  • measure the cost of cybercrime and share information, within intelligence-sharing bodies, about the most damaging cybercrime techniques
  • factor in consideration of the cost and risk of failing to manage security issues in supplying their services.

Acknowledgements

ASPI’s International Cyber Policy Center receives funding from a variety of sources including sponsorship, research and project support from across governments, industry and civil society. There is no sole funding source for this paper.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non-partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our Annual Report and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber and emerging technologies and their impact on broader strategic policy. The ICPC informs public debate and supports sound public policy by producing original empirical research, bringing together researchers with diverse expertise, often working together in teams. To develop capability in Australia and our region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises both in Australia and overseas for both the public and private sectors. The ICPC enriches the national debate on cyber and strategic policy by running an international visits program that brings leading experts to Australia.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published July 2020.
ISSN 2209-9689 (online),
ISSN 2209-9670 (print)

Funding Statement

There is no sole funding source for this paper.

  1. Scott Morrison, ‘Nation’s largest ever investment in cyber security’, media release, 30 June 2020, online. ↩︎
  2. Department of Home Affairs (DHA), Australia’s Cyber Security Strategy, Australian Government, May 2016, online. ↩︎
  3. The underlying cause of these attacks is not public, so it isn’t possible to say whether ISPs providing Clean Pipes would have prevented them. ↩︎
  4. Ry Crozier, ‘Toll Group “returns to normal” after Mailto ransomware attack’, iTnews, 18 March 2020, online; Ry Crozier, ‘Toll Group suffers second ransomware attack this year’, iTnews, 5 May 2020, online. ↩︎
  5. Ry Crozier, ‘BlueScope confirms a “cyber incident” is disrupting its operations’, iTnews, 15 May 2020, online. ↩︎
  6. Bension Siebert, Shuba Krishnan, ‘MyBudget blames hack for outage affecting thousands of customers’, ABC News, 15 May 2020, online. ↩︎
  7. Ben Grubb, ‘Drinks giant Lion hit by cyber attack as hackers target corporate Australia’, Sydney Morning Herald, 9 June 2020, online. ↩︎
  8. Swetha Das, ‘Direct costs associated with cybersecurity incidents costs Australian businesses $29 billion per annum’, Microsoft News Centre Australia, 26 June 2018, online. ↩︎
  9. Interpol, ‘Cybercriminals targeting critical healthcare institutions with ransomware’, news release, 4 April 2020, online; ‘CyberPeace Institute—call for government’, CyberPeace Institute, 26 May 2020, online. ↩︎
  10. Michael Pompeo, ‘The United States concerned by threat of cyber attack against the Czech Republic’s healthcare sector’, press statement, US Department of State, 17 April 2020, online; Department of Foreign Affairs and Trade, Australian Cyber Security Centre (ACSC), ‘Unacceptable malicious cyber activity’, news release, Australian Government, 20 May 2020, online. ↩︎
  11. Toll Group, ‘Toll IT systems update’, 29 May 2020, online. ↩︎
  12. For example, investment in trusted platform modules, Apple’s Secure Enclave in iOS devices. ↩︎
  13. Microsoft, ‘The most secure Windows ever’, no date, online. ↩︎
  14. OpenDNS, ‘Why users love OpenDNS’, 2020, online. ↩︎
  15. Comodo Cybersecurity, ‘Secure internet gateway’, 2020, online. ↩︎
  16. CleanBrowsing, ‘Browse the web without surprises’, no date, online. ↩︎
  17. Interestingly, when customers use these optional DNS services their ISP loses visibility and can no longer detect malware and assist them; ‘FAQ: DNS need to know info’, Quad 9, 2019, online. ↩︎
  18. Google, ‘Google safe browsing’, 2019, online. ↩︎
  19. Microsoft, ‘Microsoft Defender SmartScreen’, 27 November 2019, online. ↩︎
  20. Google, ‘Google safe browsing’, 2019, online. ↩︎
  21. Eliza Chapman, Tom Uren, The Internet of Insecure Things, ASPI, Canberra, 19 March 2018, online. ↩︎
  22. Dave Harcourt, ‘BT’s proactive protection: supporting the NCSC to make our customers safer’, National Cyber Security Centre, UK Government, 25 October 2018, online. ↩︎
  23. Such as, for example distributed denial of service (DDoS) attacks that attempt to overwhelm networks or websites. ↩︎
  24. For example, Interpol’s ‘Worst of’ provides a list of domains carrying child abuse material; Interpol, ‘Blocking and categorizing content’, 2020, online. ↩︎
  25. Andrew Penn, ‘Safer online and the new normal’, Telstra Exchange, 6 May 2020, online. ↩︎
  26. Even within the cybersecurity industry competitors collaborate, and the Cyber Threat Alliance serves as a model for competitors sharing information about threats. There are also many effective information-sharing initiatives overseas and in Australia (for example, see ‘Member ISACs’, National Council of Information Sharing and Analysis Centers, 2020, online). ↩︎
  27. ‘National identity and cyber support’, IDCARE, 2020, online; ACSC, ‘ReportCyber’, Australian Signals Directorate, Australian Government, 2020, online. ↩︎
  28. DHA, ‘Data retention’, Australian Government, March 2020, online. ↩︎
  29. DHA, ‘The Assistance and Access Act 2018’, Australian Government, September 2019, online. ↩︎
  30. For example, see Elise Scott, ‘Senate passes controversial metadata laws’, Sydney Morning Herald, 27 March 2015, online; Damien Manuel, ‘Think your metadata is only visible to national security agencies? Think again’, The Conversation, 5 August 2019, online; Stilgherrian, ‘Home Affairs report reveals deeper problems with Australia’s encryption laws’, ZDNet, 29 January 2020, online. ↩︎
  31. Ry Crozier, ‘Conroy abandons mandatory ISP filtering’, iTnews, 8 November 2012, online. ↩︎
  32. There are already mechanisms to block objectionable material, such as the Sharing of Abhorrent and Violent Material Act 2019, and those mechanisms should remain separate from security provisions. See Attorney-General’s Department, ‘Abhorrent violent material’, Australian Government, no date, online. ↩︎
  33. Frost and Sullivan, Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World, 2018. ↩︎
  34. ACSC, Cybercrime in Australia—July to September 2019, Australian Signals Directorate, Australian Government, 2019, online. ↩︎
  35. Morrison, ‘Nation’s largest ever investment in cyber security’. ↩︎

Genomic surveillance

Inside China’s DNA dragnet

What’s the problem?

The Chinese Government is building the world’s largest police-run DNA database in close cooperation with key industry partners across the globe. Yet, unlike the managers of other forensic databases, Chinese authorities are deliberately enrolling tens of millions of people who have no history of serious criminal activity. Those individuals (including preschool-age children) have no control over how their samples are collected, stored and used. Nor do they have a clear understanding of the potential implications of DNA collection for them and their extended families.

Earlier Chinese Government DNA collection campaigns focused on Tibet and Xinjiang, but, beginning in late 2017, the Ministry of Public Security expanded the dragnet across China, targeting millions of men and boys with the aim to ‘comprehensively improve public security organs’ ability to solve cases, and manage and control society’.1 This program of mass DNA data collection violates Chinese domestic law and global human rights norms. And, when combined with other surveillance tools, it will increase the power of the Chinese state and further enable domestic repression in the name of stability maintenance and social control.

Numerous biotechnology companies are assisting the Chinese police in building this database and may find themselves complicit in these violations. They include multinational companies such as US-based Thermo Fisher Scientific and major Chinese companies like AGCU Scientific and Microread Genetics. All these companies have an ethical responsibility to ensure that their products and processes don’t violate the fundamental human rights and civil liberties of Chinese citizens.

What’s the solution?

The forensic use of DNA has the potential to solve crimes and save lives; yet it can also be misused and reinforce discriminatory law enforcement and authoritarian political control. The Chinese Government and police must end the compulsory collection of biological samples from individuals without records of serious criminal wrongdoing, destroy all samples already collected, and remove all DNA profiles not related to casework from police databases. China must enact stringent restrictions on the collection, storage, use and transfer of human genomic data.

The Chinese Government must also ensure that it adheres to the spirit of the International Covenant on Civil and Political Rights (1966), the International Declaration on Human Genetic Data (2003), the Universal Declaration on the Human Genome and Human Rights (1997) and the Convention on the Rights of the Child (1989), as well as China’s own Criminal Law (2018). National and international legal experts have condemned previous efforts to enrol innocent civilians and children in forensic DNA databases, and the UN Special Rapporteur on the right to privacy should investigate the Chinese Government’s current collection program for any violations of international law and norms.2

Foreign governments must strengthen export controls on biotechnology and related intellectual property and research data that’s sold to or shared with the Chinese Government and its domestic public and private partners. Chinese and multinational companies should conduct due diligence and independent audits to ensure that their forensic DNA products and processes are not being used in ways that violate the human and civil rights of Chinese citizens.

Executive summary

Forensic DNA analysis has been a part of criminal investigations for more than three decades. Dozens of countries have searchable DNA databases that allow police to compare biological samples found during forensic investigations with profiles stored in those databases. China is no exception.

In 2003, China’s Ministry of Public Security began building its own forensic DNA database.3 Like other such databases, it contains samples taken from criminal offenders and suspects. However, since 2013, Chinese authorities have collected DNA samples from entire ethnic minority communities and ordinary citizens outside any criminal investigations and without proper informed consent. The Chinese Government’s genomic dataset likely contains more than 100 million profiles and possibly as many as 140 million, making it the world’s largest DNA database, and it continues to grow (see Appendix 3).

This ASPI report provides the first comprehensive analysis of the Chinese Government’s forensic DNA database and the close collaboration between Chinese and multinational companies and the Chinese police in the database’s construction. It draws on more than 700 open-source documents, including government bid tenders and procurement orders, public security bureaus’ Weibo and Weixin (WeChat) posts, domestic news coverage, social media posts, and corporate documents and promotional material (see Appendix 1). This report provides new evidence of how Xinjiang’s well-documented biosurveillance program is being rolled out across China, further deepening the Chinese Government’s control over society while violating the human and civil liberties of millions of the country’s citizens.

The indiscriminate collection of biometric data in China was first reported by Human Rights Watch.4

Beginning in 2013, state authorities obtained biometric samples from nearly the entire population of the Tibetan Autonomous Region (3 million residents) under the guise of free annual physical exams (Figure 1).5 In 2016, a similar program was launched in Xinjiang, where data from nearly all of the region’s 23 million residents was collected.6

Figure 1: Blood being collected as part of the free physical exam projects in Lhasa, Tibet Autonomous Region, May 2013, and Urumqi, Xinjiang Uyghur Autonomous Region, February 2018

Sources: ‘Tibet: People’s physical examination to protect the health of the people on the plateau’ (西藏:全民体检为高原百姓保健康), Government of China Web (中国政府网), 15 May 2013, online; ‘Xinjiang National Health Checkup: Cover the last mile and benefit the furthest family’ (新疆全民健康体检:覆盖最后 一公里 惠及最远一家人), Xinhuanet (新华网), 9 February 2019, online.

In those minority regions, DNA collection was only one element of an ongoing multimodal biometric surveillance regime, which also includes high-definition photos, voiceprints, fingerprints and iris scans, which are then linked to personal files in police databases. In both Xinjiang and Tibet, authorities intentionally concealed the reasons for biometric collection.7 When that data was combined with an extensive system of security cameras8 and intrusive monitoring of local families,9 the Chinese Government was able to extend its control over these already tightly monitored communities.

Such programs, however, were only the beginning. Starting in late 2017, Chinese police expanded mass DNA data collection to the rest of the country. Yet in contrast to the wholesale approach adopted in Tibet and Xinjiang, authorities are using a more cost-efficient but equally powerful method: the collection of DNA samples from selected male citizens. This targeted approach gathers Y-STR data—the ‘short tandem repeat’ or unique DNA sequences that occur on the male (Y) chromosome. 

When these samples are linked to multigenerational family trees created by the police, they have the potential to link any DNA sample from an unknown male back to a specific family and even to an individual man.

In this report, we document hundreds of police-led DNA data-collection sorties in 22 of China’s 31 administrative regions (excluding Hong Kong and Macau) and across more than a hundred municipalities between late 2017 and April 2020. Evidence suggests that, in some locations, blood collection has occurred in preschools (Figure 2) and even continued during the Covid-19 pandemic.10

Figure 2: One of more than 1,500 blood samples collected from kindergarten and elementary school students in Xiabaishi Township, Fujian Province, June 2019

Source: ‘Xiabaishi police energetically launch male ancestry inspection system development work’ (下白石派出所大力开展男性家族排查系统建设工作), Gugang Huangqi Weixin (古港黄崎威信), 4 June 2019, online.

The scale and nature of this program are astounding. We estimate that, since late 2017, authorities across China have sought to collect DNA samples from 5–10% of the country’s male population, or roughly 35–70 million people (Figure 3, and see Appendix 3). These ordinary citizens are powerless to refuse DNA collection and have no say over how their personal genomic data is used. The mass and compulsory collection of DNA from people outside criminal investigations violates Chinese domestic law and international norms governing the collection, use and storage of human genetic data.

Figure 3: Blood collection in Garze Tibetan Autonomous Prefecture, Sichuan Province, August 2019, and Binhe Township, Zhongwei, Ningxia Hui Autonomous Region, June 2018

Sources: ‘Batang police department continued to carry out information collection work of male family tree investigation system’ (巴塘县公安局持续开展男 性家族排查系统信息采集工作), Batang Police WeChat (巴塘县公安局微信), 20 August 2019, online; ‘Actively carry out DNA blood sample collection’ (积极 开展DNA血样采集工作), Binhe National Security Web (滨河治安国保), 13 June 2018, online.

The corporate world is profiting handsomely from this new surveillance program. Leading Chinese and multinational companies are providing the Chinese police with the equipment and intellectual property needed to collect, store and analyse the Y-STR samples. Key participants include Thermo Fisher Scientific, which is a US-headquartered biomedical and bioinformatics company, and dozens of Chinese companies, including AGCU Scientific, Forensic Genomics International, Microread Genetics and Highershine (see Appendix 4). Under China’s 2019 Regulations on Human Genetic Resource Management,11 if these companies partner with public security bureaus to develop new forensic products, any results and patents must be shared with the police. The continued sale of DNA profiling products and processes to China’s public security bureaus is inconsistent with claims that these companies have made to improve the quality of life and wellbeing of the communities they serve.

China’s national Y-STR database

In 2003, China’s Ministry of Public Security established a national DNA database for police forensic work.12 Over the following decade, police collected DNA samples during criminal investigations.

However, by the early 2010s, Chinese authorities began to engage in the mass collection of DNA from even wider groups. This included not only programs in Tibet and Xinjiang, which were the first to start, but also more targeted efforts elsewhere. Between 2014 and 2016, the Public Security Bureau of Henan Province collected DNA samples from 5.3 million men, or roughly 10% of the province’s male population.13 The province’s police saw the project as a massive improvement in their ability to conduct forensic investigations and extend state surveillance over even more of Henan’s population.

The success of that project encouraged its expansion nationwide and, on 9 November 2017, the Ministry of Public Security held a meeting in Henan’s provincial capital, Zhengzhou, calling for the construction of a nationwide Y-STR database (Figure 4).14

Figure 4: Ministry of Public Security Meeting on Promoting Nationwide Y-STR Database Construction, Zhengzhou, Henan Province, November 2017

Source: ‘The Criminal Investigation Bureau of the Chinese Academy of Sciences made an experienced introduction at the on-site promotion meeting for the construction of the Y-STR DNA database’ (厅刑侦局在全国Y-STR DNA数据库建设现场推进会上作经验介绍), Shaanxi Public Security Party Construction Youth League (陕西公安党建青联), 10 November 2017, online.

Data collection quickly expanded across the country. Between November 2017 and April 2020, documented instances of police-led Y-STR sample collection have been found in 22 of China’s 31 administrative regions (excluding Hong Kong and Macau) and in more than a hundred municipalities.15

Those are only the instances for which we have direct evidence. Given the national scope of this program, these figures are certainly an underestimate.

Unlike autosomal STR data, which is present in the DNA of both males and females, Y-STRs (the short tandem repeats on Y chromosomes) are found only in male DNA.16 Passed directly from father to son, they aren’t recombined with every successive generation. There’s therefore little variation in Y-STRs, apart from random mutations, and the Y-STR profile of a man will be nearly identical to that of his patrilineal male blood relatives. This means that forensic traces drawn from Y-STR data can point only to a genetically related group of men and not to an individual man.

However, when combined with accurate genealogical records (family trees) and powerful next-generation gene sequencers,17 Y-STR analysis can be a powerful tool. Because surnames are usually inherited from fathers, men who share a common surname are likely to share a common paternal ancestor and a common Y-STR profile.18 Likewise, if the Y-STR profiles of two men match, their surnames are likely to match, too. Therefore, if a Y-STR database contains a large representative sample of DNA profiles and corresponding family records, even an unknown male’s data can potentially be matched to a family name and even an individual, so long as investigators have on file the Y-STR data of that male’s father, uncle or even third cousin (Figure 5).

Figure 5: Illustration of shared Y-STR profile among patrilineal male relatives (translated)

Source: ‘The “hero” behind the murder case of the girl from the Southern Medical University: What is the Y-STR family investigation technique?’ (南医大女生 被害案背后 “功臣”: Y-STR家系排查技术是什么), Youku Video Net (优酷影视网), 25 February 2020, online. Partially translated from Chinese by ASPI.

For the Chinese Government, Y-STR analysis presents a more cost-effective and efficient method of building a national genetic panopticon. Unlike in Tibet and Xinjiang, authorities don’t need to collect DNA samples from all Chinese citizens in order to dramatically increase their genomic surveillance capacity. Authorities in Henan achieved 98.71% genetic coverage of the province’s total male population by collecting Y-STR samples from 10% of the province’s men and developing family trees for nearly all of the province’s patrilineal families.19 Following a similar program nationally, Chinese authorities could achieve genetic coverage for nearly all men and boys in China.

This is highly disturbing. In China’s authoritarian one-party system, there’s no division between policing crime and suppressing political dissent. A Ministry of Public Security-run national database of Y-STR samples connected to detailed family records for each sample would have a chilling impact not only on dissidents, activists and members of ethnic and religious minorities, but on their extended family members as well.

Figure 6: Meeting on Y-STR database construction, Suide County, Shaanxi Province, March 2019

Source: Lu Fei (路飞), ‘The successful completion of the training and mobilisation meeting of the Suide County public security bureaus for work on building a male ancestry inspection system’ (绥德县公安局男性家族排查系统建设工作动员部署及应用培训会圆满完成), Meipian (美篇网), 28 March 2019, online.

The Chinese state has an extensive history of using threats and violence against the families of regime targets in order to stamp out opposition to the Communist Party. Leaked documents obtained by the International Consortium of Investigative Journalists20 and The New York Times reveal that authorities in Xinjiang collect information on family members of detainees in the region’s re-education camps,21 and a detainee’s release is conditional upon the behaviour of their family members outside the camps.22 The repression of family members extends far beyond Xinjiang. Parents23 and children24 of prominent human rights lawyers, and the siblings of overseas government critics,25 are routinely detained and tortured by Chinese police.

By forcing a dissident’s family to pay the price for their relative’s activism, these tactics cruelly yet effectively increase the cost of resistance.26 A police-run Y-STR database containing biometric samples and detailed multigenerational genealogies from all of China’s patrilineal families is likely to increase state repression against the family members of dissidents and further undermine the civil and human rights of dissidents and minority communities.

Figure 7: Genealogical records collected from a single extended family, Hanjia Village, Liaoning Province, March 2018, and a meeting of police officers concerning family records in Weinan, Shaanxi Province, August 2018

Sources: ‘Wolong Police Station carrying out Y-bank construction’ (卧龙派出所深入开展Y库建设), Meipian (美篇网), 15 March 2018, online; ‘To implement the spirit of the Heyang meeting, the Huazhou District Public Security Bureau went to Fuping to learn the process of the construction of a male family investigation system’, (落实合阳会议精神,华州区公安局赴富平实地学习男性家族排查系统建设), Huazhou Criminal Investigation Bureau (华州刑侦), 10 August 2018, online.

We also know that Chinese researchers are increasingly interested in forensic DNA phenotyping. This computational analysis of DNA samples—also known as ‘biogeographic ancestry inferences’27—allows investigators to predict the biogeographical characteristics of an unknown sample, such as hair and eye colour, skin pigmentation, geographical location, and age. Chinese scientists have been at the forefront of these controversial methods,28 claiming to be able to identify whether a sample belongs to an ethnic Uyghur or a Tibetan, among other ethnic groups.29 Scientists have warned about the potential for ethnic discrimination,30 yet Chinese scientists are using these methods to assist the Chinese police in targeting ethnic minority populations for greater surveillance,31 while Chinese and foreign companies are competing to provide the Chinese police with the tools to do their work.32

Figure 8: Blood collection in Xi’an, Shaanxi Province, April 2020, and Tongchuan, Shaanxi Province, February 2019

Sources: ‘The technical squadron of the Criminal Police Brigade of the Huyi Branch Bureau fully endeavoured to ensure the smooth progress of the construction of the Y library’ (鄠邑分局刑警大队技术中队全力保障Y库建设工作顺利进行), Meipian (美篇网), 2 April 2020, online; ‘Chen Jiashan Police Station catches up and surpasses, and completes the Y library information collection task’ (陈家山派出所追赶超越 全面完成Y库信息采集任务), Meipian (美篇网), 24 February 2019, online.

A national database containing the genetic information of tens of millions of ordinary Chinese citizens is a clear expansion of the already unchecked authority of the Chinese Government and its Ministry of Public Security. Chinese citizens are already subjected to extensive surveillance. Even beyond Tibet and Xinjiang, religious believers and citizen petitioners across China are added to police databases to track their movements,33 while surveillance cameras have expanded across the country’s rural and urban areas.34 The expansion of compulsory biometric data collection only increases the power of the Chinese state to undermine the human rights of its citizens.

Building comprehensive social control

A range of justifications have been provided by Chinese authorities for the mass collection of DNA samples from boys and men across China. Some of those reasons can be found in a notice released online on 1 April 2019 by the Public Security Bureau in Putian, Fujian Province:

Blood Collection Notice

In order to cooperate with the foundational investigative work of the seventh national census and the third generation digital ID cards, our district’s public security organs will on the basis of earlier village ancestral genealogical charts, select a representative group of men from whom to collect blood samples.

This work will not only help carry on and enhance the genealogical culture of the Chinese people, but will also effectively prevent children and the elderly from going missing, assist in the speedy identification of missing people during various kinds of disasters, help police crack cases, and to the greatest extent retrieve that which is lost for the masses. This is a great undertaking that will benefit current and future generations, and we hope village residents will enthusiastically cooperate.35

From this and other similar notices found across the Chinese internet, it can be difficult to assess the primary motive behind this program. Yet there are clear indications that it is the forensic and social control applications of the program—commonly referred to as the construction of a ‘male ancestry inspection system’—which most interest authorities. An 18 November 2019 article from People’s Daily Hubei states:

The construction of a male ancestry investigation system is currently important work being carried out across the country by the Ministry of Public Security. Through foundational work such as illustrative mapping of male ancestral families, the extraction of biological specimens, and the collection of samples and building of databases, we will further understand and grasp the information of male individuals. In this way we will strengthen the use of male hereditary marker DNA technology, continue to increase the efficiency of the investigative screening of criminal offenders, comprehensively improve public security organs’ ability to solve cases, and manage and control society, and maximise the efficiency of criminal technologies to crack cases.36

At first glance, it might appear that Chinese police are engaged in the mass screening of local men as part of ongoing forensic investigations. So-called ‘DNA dragnets’ are rare but not unheard of: in 2012, Dutch police collected Y-STR data through cheek swabs from 6,600 male volunteers as part of an investigation into the 1999 rape and murder of a teenage girl,37 while Y-STR samples were collected from 16,000 men as part of a criminal investigation into the 2011 murder of an Italian teenager.38

Yet such mass screenings are highly controversial. Both the Forensic Genetics Policy Initiative39 and the Irish Council for Civil Liberties40 note that police pressure can transform the ‘voluntary’ submission of samples into compulsory acts, while the American Civil Liberties Union has condemned police-led DNA dragnets in the US as ‘a serious intrusion on personal privacy’.41 Best practices require that DNA samples collected in such mass screenings should be connected to a specific criminal investigation, provided only by volunteers in the geographically restricted area in which the offence took place, and be destroyed following the completion of the investigation.

The Chinese Government’s program of male DNA data collection violates all of those principles. In none of the hundreds of instances of police-led mass DNA collection-related work uncovered in our research is data collection described as part of an ongoing forensic investigation. Nor are any of the men or boys targeted for DNA collection identified as criminal suspects or as relatives of potential offenders. Finally, China’s authoritarian political system makes refusing police requests for DNA samples impossible.

Figure 9: Blood collection in Kaifeng, Henan Province, August 2019 (cropped), and Ordos, Inner Mongolia, October 2018 (still image from video)

Sources: ‘Xinghua Camp has taken several measures to complete the Y-DNA blood collection task’ (杏花营所多项举措完成DNAY库采血任务), Meipian (美篇 网), 14 August 2019, online; ‘Albas police station actively carries out blood collection work of Y library construction’ (阿尔巴斯派出所积极开展Y库建设采血 工作), Meipian (美篇网), 24 October 2018, online.

Instead, the Chinese Government’s national Y-STR database appears to be part of larger efforts to deepen comprehensive social control and develop multimodal biometric profiles of individual citizens.

Those profiles would allow state security agents to link personal information to biometric profiles, including DNA samples, retinal scans, fingerprints and vocal recordings.42 When completed, such a system could allow Chinese police to connect biometric data from any unknown sample to identifying personal information.

As in the earlier campaigns in Tibet and Xinjiang, DNA collection occurs in a range of places, including private homes,43 schools,44 streets,45 shops46 and village offices47 (see Appendix 2 for a full description of the collection process). Unlike in those two regions, the current program seems aimed at all Chinese men and boys, irrespective of ethnicity or religious faith. Yet there’s evidence that in one case police targeted ethnic Hui Muslims at a local cultural event, in a possible extension of the anti-Muslim campaign that began in Xinjiang (Figure 10).

Figure 10: DNA sample collection in a private residence in Jinhua, Zhejiang Province, September 2018, and at a Hui ethnic minority community centre in Shiyan, Hubei Province, October 2019

Sources: ‘The Baima Police Station of the County Public Security Bureau went to the jurisdiction to carry out blood collection work’ (县公安局白马派出所到 辖区开展血液采集工作), Pujiang County Public Security Bureau (浦江县公安局), 28 September 2018, online; ‘The Hubeikou Police presented safety lectures to the Hui ethnic people on the spot and collected male blood samples during the holy Ramadan festival of the Hui ethnic people’ (湖北口派出所利用回族 群众圣纪节日,给到场回族群众做法制安全讲座,并采集男性血样), Hexie Hubeikou Microblog (和谐湖北口微博), 10 October 2019, online.

The scale of data collection is enormous. Tens of thousands of DNA samples have been collected in single localities. In Tunliu County in Chanzhi, Shanxi Province, local authorities recommended collecting blood samples from 36,000 men,48 or roughly 26% of the county’s male residents; in Laoting County in Tangshan, Hebei Province, 56,068 samples were recommended for collection from the county’s 320,144 men;49 and an invitation for bids for the construction of a Y-STR database for the Xian’an District of Xianning, Hubei Province, states that 40,000 blood samples were collected from the district’s roughly 300,000 male residents.50 These figures alone—a mere fraction of the total size of the Chinese Government’s current DNA collection program—represent some of the largest targeted DNA dragnets in police history.

More disturbing still is the compulsory collection of DNA samples from children (Figure 11).51 Unconnected to any criminal investigation, police have collected blood samples from students at schools across China, including in Shaanxi,52 Sichuan,53 Jiangxi,54 Hubei,55 Fujian,56 and Anhui.57 In a single township in Fujian, more than 1,500 blood samples were taken from students at local kindergartens and elementary schools.58 In some cases, teachers have been enlisted to assist in DNA collection.59

Figure 11: Collecting blood samples from students, Poyang County, Jiangxi Province, November 2018, and Yunxi County, Hubei Province, March 2019

Sources: ‘Actively cooperate with students in collecting DNA samples’ (积极配合做好学生DNA样本信息采集工作), Dongxi Primary School Web (东溪小学王 网), 14 November 2018, online; ‘Safety management: Nine-year standard school in Shangjin Town actively cooperates with DNA information collection’ (安 全管理:上津镇九年一贯制学校积极配合做好DNA信息采集工作), Nine-year Standard School in Shangjin Town WeChat account (上津镇九年一贯制学校), 22 March 2019, online.

These accounts are in keeping with a 2017 Wall Street Journal investigation that found that police in rural Qianwei, Sichuan Province, collected DNA samples from male schoolchildren without explanation (Figure 12).60 This is a clear violation of Article 16 of the UN’s Convention on the Rights of the Child (to which China is a signatory) against the ‘arbitrary or unlawful interference with [a child’s] privacy’61 and an abuse of the authority police have over vulnerable adolescents.

Figure 12: Police-led DNA collection from middle and elementary school students in Shifan County, Sichuan Province, September 2019, and in Hanzhong County, Shaanxi Province, October 2019

Sources: ‘Shigu Junior High School actively cooperates with the public security police to do a good job of collecting DNA samples from teenagers’ (师古初中 积极配合公安民警做好青少年DNA样本采集工作), Shifang City Government Web (什邡市人民政府), 12 September 2019, online; ‘This elementary school in Nanzheng District has launched the collection of student DNA samples’ (南郑区这个小学,开展了学生DNA样本采集), Eastday (东方咨询), 12 October 2019, online.

While DNA samples are taken from men and boys outside of a police investigation, data samples are stored permanently in the Ministry of Public Security’s National Public Security Organ DNA Database (Figure 13).62

Figure 13: National Public Security Organ DNA Database screenshot (cropped)

Source: ‘Public Security Organ DNA Database Application System’ (公安机关DNA数据库应用系统), Beijing Haixin Kejin High-Tech Co. Ltd (北京海鑫科金高 科技股份有限公司), online.

Like the FBI’s Combined DNA Index System (CODIS) in the US,63 China’s national database permits DNA samples collected by police to be compared with samples stored in hundreds of local and provincial databases across the country. This database also contains additional core STR loci (locations on a chromosome) for enhanced discriminatory capacity tailored to the ethnic make-up of China’s population.64

The Chinese Government’s DNA database feeds into a constantly evolving program of state surveillance under the banner of the Golden Shield Project, which is led by the Ministry of Public Security. The project seeks to make the personal information of millions of Chinese citizens, including forensic and personal data, available to local police officers nationwide.65 According to the website of Highershine Biological Information Technology Co. Ltd, a company that builds Y-STR databases for the Ministry of Public Security, its databases allow DNA data to be compared with non-genetic data on Chinese citizens contained in the national personal residence database system and the comprehensive police database system, which are both part of China’s Golden Shield Project (Figure 14).

Figure 14: Highershine’s National Public Security Organ Male Family Ancestry Investigation System

Source: ‘National Public Security Male Family Investigation System collects clients’ (全国公安男性家族排查系统采集用户端), China Highershine (北京海华鑫安生物), online.

Evidence already suggests that this new DNA database is being integrated with other forms of state surveillance and ‘stability maintenance’ social control operations.66 Local officials in Sichuan Province have linked Y-STR data collection to the Sharp Eyes Engineering Project,67 which is a national surveillance program aimed at expanding video monitoring across rural and remote areas.68 The Chinese company Anke Bioengineering has also spoken of building a ‘DNA Skynet’,69 in an apparent allusion to another national surveillance program.70

Corporate complicity

Chinese and multinational companies are working closely with the Chinese authorities to pioneer new, more sophisticated forms of genomic surveillance. According to Ping An Securities, China’s forensic DNA database market generates Ұ1 billion (US$140 million) in sales each year and is worth around Ұ10 billion (US$1.4 billion) in total.71 Competition is intense. While multinational companies currently dominate equipment sales, domestic players are making significant inroads, and biotechnology is listed as a critical sector in the Chinese Government’s Made in China 2025 strategy.72 More than two dozen Chinese and multinational companies are known to have supplied local authorities with Y-STR equipment and software (see Appendix 4).

One of the key domestic producers of Y-STR analysis kits is AGCU Scientech Inc.,73 which is a subsidiary of one of China’s largest and fastest growing biotech companies, Anhui Anke Bioengineering (Group) Co. Ltd.74 AGCU’s founder and Anke’s vice president is Dr Zheng Weiguo.75 After working for Thermo Fisher affiliate Applied Biosystems and other companies in the US, he was invited by the Ministry of Public Security to help develop the Chinese Government’s DNA database in 2004 and set up AGCU in the city of Wuxi under the Thousand Talents Program in 2006.76 He now serves as an expert judge for this Chinese Government talent recruitment program and has been awarded numerous state prizes for his scientific and patriotic contributions.77

AGCU has partnered with public security bureaus across China to apply for patents for Y-STR testing kits78 and in 2018 entered into an exclusive distribution partnership with US biotech company Verogen to sell Illumina’s next-generation DNA sequencers in China.79 AGCU is now actively promoting Illumina next-generation solutions at domestic and international trade fairs organised by the Ministry of Public Security (Figure 15).80

Figure 15: An AGCU engineer discusses Y-STR data systems at the Public Security Bureau of Pingxiang, Jiangxi Province, August 2018

Source: ‘Pingxiang City Public Security Bureau Male Family Investigation System Construction Promotion Conference and “FamilyCraftsman” training class’ (乡市公安机关男性家族排查系统建设工作推进会暨“家系工匠”培训班), Meipian (美篇网), 17 August 2018, online.

Other players include Forensic Genomics International,81 which is a fully owned subsidiary of the Beijing Genomic Institute Group—a company with an increasingly global footprint. In August 2018, Forensic Genomics International signed a strategic partnership agreement with the Public Security Bureau of Xi’an82 and has worked with other public security bureaus to build Y-STR databases as part of this national program.83 Another company is Microread Genetics Co. Ltd, a leading life sciences company with a joint genetic lab in Kazakhstan,84 which has won contracts to provide public security bureaus with Y-STR testing kits85 and database construction services.86

Beijing Hisign Technology Co. Ltd is also providing Y-STR database solutions to the Ministry of Public Security.87 Founded by former People’s Liberation Army member Liu Xiaochun,88 Hisign has developed a range of big-data biometric surveillance products used to collect, store and analyse finger (palm) patterns, facial scans and forensic DNA samples (Figure 16).89 Its Y-STR databases, which the company boasts can be ‘seamlessly connected with the DNA National Library’ and which can ‘provide intelligent family tree mapping’, are used by the public security bureaus of eight provinces, autonomous regions and directly administered cities.90

Figure 16: Hisign’s Y-STR database genealogical mapping function

Source: ‘YSTR database application system’ (YSTR数据库应用系统), Hisign Technology (北京海鑫科金高科技股份有限公司网), online.

A number of leading multinational companies are also providing DNA sequencers and other forensic technologies to public security bureaus across China. They include the China subsidiaries of Thermo Fisher Scientific and Eppendorf. Of those companies, Thermo Fisher’s role is most prominent.

This corporate giant has 5,000 employees in China, which contributed over 10% of the company’s US$25 billion in revenue in 2019.91

The company’s involvement in biometric surveillance in Xinjiang is well documented.92 But, while it has vowed to stop selling human identification products in the region,93 Thermo Fisher’s extensive involvement in the Ministry of Public Security’s national DNA database program is less well known.

One week before the launch of the national Y-STR data program, representatives from Thermo Fisher joined Chinese academics and police officials at a conference held by the Forensic Science Association of China in Chengdu, Sichuan, from 1 to 3 November 2017 (Figure 17).94 Recorded presentations from the conference give a clear sense of how closely Thermo Fisher has worked with the Ministry of Public Security to improve police collection of Y-STR data.

Figure 17: Presentation on forensic Y-STR kits designed for the Chinese market by a representative of Thermo Fisher, Chengdu, Sichuan Province, November 2017

Source: ‘Dr Zhong Chang’ (钟昌博士), Tencent Video (腾讯视频), 8 November 2017, online.

In a talk by Dr Zhong Chang, a researcher at Thermo Fisher, two of the company’s DNA kits—the VeriFiler Plus PCR amplification kit95 and Yfiler Platinum PCR amplification kit96—are described as having been created in direct response to the Ministry of Public Security’s need for enhanced discriminatory capacity tailored to the ethnic make-up of China’s population.97 More disturbingly, Thermo Fisher’s Huaxia PCR amplification kit was developed specifically to identify the genotypes of Uyghur, Tibetan and Hui ethnic minorities.98

Such kits have been instrumental to the current national Y-STR collection program aimed at ordinary men and boys, and numerous local public security bureaus have purchased Thermo Fisher Y-STR analysis kits as part of the construction of male ancestry investigation systems99 and Y-STR databases.100

Thermo Fisher may defend these sales, as it did to Human Rights Watch in 2017, on the grounds that it’s impossible ‘to monitor the use or application of all products’ that it makes.101 That may be true, but the company is clearly aware of how its products are being used, and it actively promotes its close collaboration with the Chinese police in its Chinese-language publicity material. In a profile of Gianluca Pettiti, Thermo Fisher’s former head of China operations and current President of Specialty Diagnostics,102 the company boasts: ‘In China, our company is providing immense technical support for the construction of the national DNA database, and has already helped to build the world’s largest DNA database.’103 Similarly, in 2018, the company’s Senior Director of Product Management, Lisa Calandro, discussed the ‘sinicizing’ of their forensic science product line for the Chinese market.104

Even if multinational companies object to the use of their genetic products as part of China’s surveillance regime, new legislation puts them at risk of acting as the handmaidens of repressive practices. Under China’s 2019 Regulations on Human Genetic Resource Management, any patents emerging from joint research projects must be shared between foreign-owned and Chinese entities.105

That means that, if Chinese or international biomedical companies partner with the public security bureaus, their research results and patents must be shared with the police. Furthermore, Article 16 of the Regulations grants the Chinese state sweeping powers to make use of DNA datasets created by public or private researchers for reasons of ‘public health, national security and the public interest’.

This means that any genetic data or processes in China may be used by Chinese authorities in ways these companies might have never intended.

Human rights violations

The Chinese Government’s genomic surveillance program is out of step with international human rights norms and best practices for the handling of human genetic material.106 Article 9 of the UN Universal Declaration on the Human Genome and Human Rights states that ‘limitations to the principles of consent and confidentiality may only be prescribed by law, for compelling reasons within the bounds of public international law and the international law of human rights’,107 while Article 12 of the UN International Declaration on Human Genetic Data states that the collection of genetic data in ‘civil, criminal or other legal proceedings’ should be ‘in accordance with domestic law consistent with the international law of human rights’.108

The Chinese Government’s DNA dragnet is also a clear violation of the International Covenant on Civil and Political Rights’ prohibition against ‘arbitrary or unlawful interference’ with a person’s privacy,109 and Article 16 of the UN Convention on the Rights of the Child (to which China is a signatory) against the ‘arbitrary or unlawful interference with [a child’s] privacy’.110

There are three areas in particular where this program appears to violate the human rights of Chinese citizens:

1. Lack of legal authority

The compulsory collection of biological samples among non-criminal offenders is not currently authorised under Chinese law. Article 132 of the revised 2018 Criminal Procedures Law only permits the collection of fingerprints, blood and urine samples from victims or suspects in criminal proceedings.111 Chinese authorities are aware of this issue. Chinese scholars and experts have warned about the lack of a clear legal basis for the collection of biometric samples by police outside criminal investigations,112 while others have cautioned about the potential for mass social unrest if compulsory collection should occur.113

Figure 18: Blood collection in Tongchuan, Shaanxi Province, February 2019 (cropped), and Xi’an, Shaanxi Province, January 2020

Sources: ‘Wangjiabian Police Station solidly carried out the security work of opening the school campus’ (王家砭派出所扎实开展开学校园安保执勤工作), Meipian (美篇网), 20 February 2019, online; ‘The Zoukou Police Station combined with the “Millions of Police Entering Tens of Millions Community” activity, went deep into the jurisdiction to carry out male “Y” blood sample collection work’ (零口派出所结合“百万警进千万家”活动,深入辖区开展男性“Y”系血样 采集工作), Meipian (美篇网), 14 January 2020, online.

The compulsory collection of DNA samples in China has sparked controversy in the past. The mass DNA screening of 3,600 male university students by police in 2013 following a spate of campus thefts was condemned as disproportionate and a violation of China’s Criminal Law.114 When discussing the creation of a nationwide Y-STR database in 2018, Pei Yu of the Hubei Police Academy warned that the ‘large-scale coercive collection of blood’ from ordinary civilians would violate both Chinese domestic law and international norms and suggested that this would be a major legal hurdle for Chinese authorities.115

Police notices and social media posts make it clear that the authorities are worried about potential pushback. Posters urge public cooperation, while police are told to carry out careful propaganda work aimed at dispelling any concerns about blood collection.116 Yet online posts suggest that some still question the legal basis of this program.117

2. Lack of informed consent

Outside of a criminal investigation, the voluntary submission of genetic samples requires prior, free and informed consent.118 The Chinese Government’s current program of compulsory Y-STR data collection isn’t part of any criminal investigation. Yet there’s no evidence in the sources reviewed for this report that Chinese authorities sought people’s consent before collecting Y-STR samples; nor are those who have given samples likely to be aware of how this program could subject them and their families to greater state surveillance and potential harm.

Figure 19: Blood collection in Shangrao, Jiangxi Province, October 2019 (cropped), and Lantian County, Xi’an, Shaanxi Province, January 2019

Sources: ‘Xianshan Primary School: District public security bureau visits the school to collect blood samples’ (仙山小学:区公安局到校进行血样采集), Meipian (美篇网), 1 November 2019, online; ‘(Striving for “Safety Vessel” Lantian Public Security in Action: Public Security police keeping the peace at the end of the Spring Festival’ (争创“平安鼎”蓝田公安在行动: 年终岁尾春节至,公安民警守平安), Meipian (美篇网), 30 January 2019, online.

Police provide contradictory explanations or speak in vague generalities about the purpose of the DNA collection program. A local resident, for example, expressed confusion about why men in his village were being targeted for blood collection in a 2019 social media post.119 Other posts express concern about being compelled to provide biometric samples. In a post made in late 2018, a netizen reported that men were being required to submit blood samples to police when applying to change their residency permits.120 Extensive police powers (both legal and extra-legal) make it virtually impossible for someone to refuse a request for biometric data in China.121

3. Lack of privacy

Despite some assurances that personal information will be protected,122 police are given a wide remit to make use of genetic resources. DNA collected in Tibet and Xinjiang as part of a free ‘physicals for all’ program was used to enhance biosurveillance over those ethnic minority populations, without the knowledge of those from whom DNA samples were taken.123 Legal experts and ordinary citizens have also expressed concerns about the lack of robust privacy protections when it comes to Y-STR sample collection.124

Figure 20: Blood collection in Yantai, Shandong Province, March 2019, and Yulin, Shaanxi Province, April 2019

Sources: ‘Xiaoyang Police Station of Haiyang City: Check and fill the vacancies for the construction of the Y library’ (海阳市小纪派出所: 对Y库建设工作进行 查漏补缺), Shuimu Web (水母网), 28 March 2019, online; ‘Recent work trends of Sanchuankou Police Station of Public Security Bureau of Zizhou County’ (子洲县公安局三川口派出所近期工作动态), Meipian (美篇网), 7 May 2019, online.

Online posts note that police blood collection outside of a criminal investigation constitutes an infringement on personal privacy.125 In one post, a father claimed that a police officer threatened to revoke his residency permit if he didn’t provide a Y-STR sample for his child.126 The father wrote that, when he expressed confusion about the purpose of the program, he was asked: ‘Don’t you trust the government?’

A nationwide program of male DNA collection not only represents a serious challenge to the privacy of those whose profiles are contained in the database, but also undermines the privacy of their relatives, who may be unaware that their personal information is contained in the family trees that police have created as part of this project.127

These concerns about legality, consent and privacy are all the more evident when the Chinese Government’s program is compared with two other national DNA collection programs: the UK’s National DNA Database, which until recently stored DNA samples taken from people merely suspected (but not convicted) of recordable offences, and a 2015 law in Kuwait, which would have required all residents and visitors to Kuwait to provide DNA samples to the government. Both programs were highly controversial.

In a 2008 ruling by the European Court of Human Rights, the UK’s program was found to have ‘fail[ed] to strike a fair balance between the competing public and private interests’.128 Likewise, the UN Human Rights Committee’s 2016 periodic review of Kuwait raised concerns about the ‘compulsory nature and the sweeping scope’ of the program, the ‘lack of clarity on whether necessary safeguards are in place to guarantee the confidentiality and prevent the arbitrary use of the DNA samples collected’ and ‘the absence of independent control’.129

In both cases, the collection regime was dramatically scaled back or scrapped altogether. In the UK, the European Court’s ruling led to the UK’s Protection of Freedoms Act in 2012130 and the subsequent destruction of 1.76 million DNA profiles taken from people innocent of any criminal offence.131 In the case of Kuwait, the law was eventually found to violate constitutional protections of personal liberty and privacy by the country’s supreme court in 2017.132

The criticisms leveled against the UK’s and Kuwait’s DNA programs could easily apply to the Chinese Government’s current campaign of mass DNA collection, but a similar outcome is highly unlikely. China lacks independent courts that can check the power of the Chinese Government, the Communist Party and domestic security forces.133 Nor has the Chinese Government been receptive to criticisms of earlier mass DNA collection programs made by international human rights organisations.134 Finally, China’s authoritarian political system lacks a free press, opposition political parties and a robust civil society that can openly challenge the legality of this program.135

Recommendations

DNA analysis is now considered the gold standard for police forensics. Recent innovations in DNA sequencing and big-data computing make the process of analysing biometric samples more efficient and cost-effective. Yet forensic DNA collection has also been linked to the abuse of police power,136 and even commercial genealogical websites can lead to the loss of genetic privacy for the relatives of those who have voluntarily uploaded their data.137 In order to defend against possible abuses, compulsory police collection and storage of biometric data must be strictly limited to those convicted of serious criminal wrongdoing.

As detailed in this report, there’s no evidence that Chinese authorities are adhering to these standards. 

Unconstrained by any checks on the authority of its police, the Chinese Government’s police-run DNA database system is extending already pervasive surveillance over society, increasing discriminatory law enforcement practices and further undermining the human rights and civil liberties of Chinese citizens.

The tools of biometric surveillance and political repression first sharpened in Xinjiang and Tibet are now being exported to the rest of China.

In the light of our report, ASPI recommends as follows:

  • The Chinese Government should immediately cease the indiscriminate and compulsory collection of DNA samples from ordinary Chinese civilians, destroy any biological samples already collected, and remove the DNA profiles of people not convicted of serious criminal offences from its forensic databases.
  • The UN Special Rapporteur on the right to privacy should investigate possible human rights violations related to the Chinese Government’s DNA data collection program and broader programs of biosurveillance.
  • Governments and international organisations should consider tougher export controls on equipment and intellectual property related to forensic DNA collection, storage and analysis being sold in Chinese markets.
  • Biotechnology companies should ensure that their products and services adhere to international best practices and don’t contribute to human rights abuses in China, and must suspend sales, service and research collaborations with Chinese state authorities if and when violations are identified.

Appendix 1: Data sources

In chronicling the Chinese Government’s latest DNA dragnet, this report draws on more than 700 Chinese-language open-source documents that refer to the current program of Y-STR data collection, as well as related research on the forensic applications of Y-STR analysis in China and materials concerning China’s domestic forensic science market.

The sources listed in Table 1 don’t include the Chinese- and English-language sources we have cited concerning China’s broader systems of surveillance and governance, China’s earlier biometric data collection programs in Xinjiang and Tibet, or reports on DNA collection programs outside of China.

Table 1: List of primary data sources

Documented instances of police-led Y-STR data collection have been found in 22 of China’s 31 administrative regions (excluding Hong Kong and Macau),138 and in more than a hundred municipalities. It’s important to note that this total is likely to be an underestimate; instances of DNA collection may go unreported, and the true scale of the program is likely to be much greater. Data collection also appears to be continuing in some locations.

Appendix 2: How Y-STR samples are collected

The Chinese Government’s Y-STR data collection program appears to happen mostly in rural areas or townships and villages located on the periphery of cities. This may be because it is easier for police to produce accurate genealogies of patrilineal families and collect samples from multiple members of the same family in rural areas, where multiple generations of a single family are more likely to live in close proximity.139 Furthermore, many current urban residents are first- or second-generation migrants who can trace their ancestry back to extended families living in rural areas. Greater genetic coverage of Chinese men is more likely to be achieved by focusing on their ancestral families, rather than recent migrants to major cities. Finally, Chinese authorities may be focusing on rural areas because they believe their program will face less public scrutiny there than in more developed urban areas.

No matter where data collection occurs, this program is broken down into four stages: 

1. Preparatory meetings

Local Y-STR data-collection work begins with meetings led by the public security bureaus where police officers and other government officials are introduced to the role Y-STR data collection can play in combating crime and strengthening ‘social management’ (Figure 21).140

Figure 21: Local officials meeting to discuss male ancestry inspection systems, Anlu, Hubei Province, September 2019, and Weinan, Shaanxi Province, August 2018

Sources: ‘Chendian Township held a training seminar on mobilisation of the male family tree investigation system’ (陈店乡举办男性家族排查系统建设工作 动员业务培训会), Anlu Government (安陆政府网), 3 September 2019, online; ‘Weinan Municipal Public Security Bureau’s male family investigation system construction site promotion meeting was successfully held in Heyang’ (渭南市公安局男性家族排查系统建设现场推进会在合阳圆满召开), Meipian (美篇 网), 9 August 2018, online.

During these meetings, officers are organised into subgroups responsible for particular datacollection-related tasks. Meetings end with the signing of letters of responsibility, which lay out the obligations government offices have for completing Y-STR data-collection work.

2. Creating family trees

The next step is creating family trees for local men and boys. Collecting accurate genealogical information on local patrilineal families is of vital importance. This information will be used to identify a representative sample of men and boys from whom to collect genetic data and, in the future, will allow police to connect Y-STR data from an unknown male to a particular patrilineal surname and all the men sharing that name.

To collect genealogical information on male family members, police officers visit individual families, often accompanied by village cadres.141 Through these visits, police try to map out family genealogies going back from five to eight generations (Figure 22).142

Figure 22: Collecting genealogical data by hand, Chaohu, Anhui Province, April 2018, and Jinan, Shandong Province, September 2018

Sources: ‘Huailin town carried out male family tree survey and mapping’ (槐林镇开展男性家族家系调查和图谱绘制工作), Chaohu Government (巢湖政 府网), 10 April 2018, online; ‘The Chengguan Office successfully completed the Y library information collection task’ (城关所圆满完成Y库信息采集任务) Chegguan Police Station (城关派出所), 29 September 2018, online.

A mock illustration of these family trees is found in a 21 August 2018 government notice on Y-STR data collection in Sui County, Hubei Province, where names, mobile numbers and ID card numbers are collected (Figure 23).

Figure 23: Mock genealogical chart, Sui County, Hubei Province

Source: ‘Notice of the County Government Office on printing and distributing the work plan for the construction of the “Y-STR” DNA database in Sui County’ (县人民政府办公室关于印发随县’Y-STR’DNA数据库建设工作方案的通知), Sui Country Government (随县政府网), 4 September 2018, online. This mock
chart captures five generations of a single patrilineal family with the names, phone numbers and presumably state ID numbers to be recorded for each individual identified.

Family trees are first drawn by hand,143 and police officers and local officials work with members of targeted families to ensure accuracy (Figure 24).144 Not all local males are targeted, however. According to the same 2018 work notice from Sui County, only information on permanent residents in the rural or semi-rural counties, townships or ‘villages within cities’ of these municipalities is recorded.145

Figure 24: Completed family trees, Luliang, Shanxi Province, June 2018, and Baoji, Long County, Shaanxi Province, October 2018 (cropped)

Sources: ‘Lin County Public Security Bureau Y-STR DNA Family Investigation System Construction Database’ (临县公安局: Y—STR DNA家族排查系统建设数 据库), Meipian (美篇网), 26 June 2018, online; Caojiawan Police Station of Long County Public Security Bureau completed the first male family survey map (陇县公安局曹家湾派出所完成首张男性家族家系调查图谱), Meipian (美篇网), 10 October 2018, online.

After family trees are checked for errors, the finished charts are entered into computer databases using the commercially available genealogical mapping software ‘Ancestry Artisan’ (Figure 25).

Figure 25: Inputting genealogical information, Tongchuan, Shaanxi Province, August 2018 (cropped)

Source: ‘Chengguan Police Station completed the construction of male Y DNA bank’ (城关派出所全面完成男性Y库建设工作), Nanyuan Police (南苑警务网), 8 August 2018, online.

3. Compulsory collection of blood samples

Based on the family trees, a non-random sample of local men is targeted for compulsory Y-STR data collection (Figure 26). Estimates for the proportion of local men targeted vary from roughly 8.1% in Dongsheng District, Lingqiu County, Shanxi Province146 and 9.6% in Ordos, Dongsheng District, Inner Mongolia,147 to 25.4% in Tongchuan, Yijun County, Shaanxi Province148 and 26.4% in Changzhi, Tunliu County, Shanxi Province.149

Figure 26: Blood collection in Tongchuan, Shaanxi Province, June 2019, and Zhangzhou, Fujian Province, April 2019

Sources: ‘Tongchuan police: Hongqiao Yuhua Police Station completed the annual DNA blood sample information collection task’ (铜川公安:虹桥玉华派出 所完成全年DNA血样信息采集任务), Hongqiao Yuhua Police Station (虹桥玉华派出所), 9 June 2018, online; “Changtai: Blood Collection Notice” (长泰:采血 通告), Soho (搜狐网), 20 April 2019, online.

Samples are taken in the form of blood via a pinprick to the finger,150 and blood is collected on a paper card, which is then inserted into an envelope (Figure 27). This method of sample collection allows large amounts of data to be collected in the absence of storage space.151

Figure 27: Blood collection cards and envelopes, Tongchuan, Shaanxi Province, June 2019 (cropped), and Xi’an, Zhouzhi County, Shaanxi Province, May 2019

Source: ‘Jiufeng has taken multiple measures, combined points with points, broken common rules, and promoted quickly to strive to complete the construction of male family trees as soon as possible’ (九峰所多策并举、点面结合、打破通例 、快速推动,争取早日全面完成男性家系建设工作), Meipian (美篇网), 24 May 2019, online.

In some cases, blood is collected from individuals in their community, as shown in a video from 17 May 2019 of a police officer in Anqing, Anhui Province, taking blood from an elderly man (Figure 28).

Figure 28: Screen capture taken from video of blood collection in Anqing, Anhui Province, May 2019

Source: ‘In order to build the Y-DNA bank and not affect the farming time of the masses, the auxiliary policemen from Liuping Police Station entered the field on 17 May to collect blood samples for the Y-DNA bank from the people in the jurisdiction and publicise safety precautions’, (为了Y库建设工作和不影响群 众农耕时间5月17日柳坪派出所民辅警走进田间地头,为辖区群众采集Y库血样和宣传安全防范), Susong Liuping Police (宿松柳坪派出所), video, 17 May 2019, online.

In other cases, samples are collected simultaneously from numerous men at a designated location. 

A July 2019 video (possibly from Sichuan Province) shows dozens of men—many holding what appear to be copies of their family trees—having their blood taken by public security officers (Figure 29).

Figure 29: Screen capture taken from video of blood collection in Sichuan Province, July 2019 (cropped)

Source: ‘Rural: What are you doing together? It turns out collecting blood samples!’ (农村:大家围在一起干吗了,原来是在采集血样!), Tencent Video (腾讯视频), video, 15 July 2019, online.

Uniformed police officers aren’t the only ones who conduct blood collection. In a June 2019 video shot at a village government office in the Fuling District of Chongqing, local officials are seen recording identifying information for numerous men on sample collection envelopes before collecting blood samples (Figure 30).

Figure 30: Screen capture taken from video of blood collection in Fuling District, Chongqing Municipality, June 2019 (cropped)

Source: ‘The staff went to the village to collect DNA blood samples, which greatly conveniences the people’ (工作人员到村里面进行DNA血样采集,极大的 方便了人民群众), Haokan Video (好看视频), 11 June 2019, online.

According to the website of Bosun Life—a Beijing-based company that builds Y-STR databases—one person is selected for Y-STR collection out of a family of five to six, while two people are selected from a family of up to fifty.152

Figure 31: Blood collection in Ningde, Zhejiang Province, April 2019

Source: Nodded attention! Male family blood sample collection work started’ (点头人注意!男性家族血样采集工作开始了), Sohu (搜狐网),| 30 April 2019, online.

Local governments are under intense pressure to meet DNA sample-collection targets set by superiors higher up in the state, and there’s evidence that systems of rewards and punishments have been instituted to ensure that sample-collection quotas are met.153

4. Data sharing with public security bureaus

Once local blood collection is complete, data is entered into specialised police-run Y-STR databases (Figure 32). Numerous requests for tenders and procurement orders for the construction of Y-STR databases have been found for local public security bureaus across China.154

Figure 32: Data entry, Wulanhaote, Inner Mongolia, September 2019

Source: ‘Collection of blood samples from male families’ (男性家族血样采集工作), Meipian (美篇网), 17 September 2019, online.

In turn, these local databases are connected to a network of provincial Y-STR databases and the national forensic DNA database, as stated in government tenders (Figure 33).155

Figure 33: Data sharing between public security bureaus using Yingdi’s Y-STR database system (translated)

Source: ‘Solution pages of police equipment’ (解决方案列表), Yingdi (武汉英迪科技发展有限公司), online. Translated from Chinese by ASPI.

Appendix 3: Estimating the scale of Y-STR sample collection

While we know Y-STR samples have been collected from males across China, it’s difficult to determine how many boys and men in total have been targeted. However, a rough estimate can be produced. 

This requires first calculating the size of the pool from which samples could be taken. The scale of the Henan Y-STR database gives us a good indication of the proportion of men and boys who may have been targeted. Between 2014 and 2016, 5.3 million Y-STR profiles were collected from a total male population of roughly 49.6 million, or roughly 10% of all males. This was believed to have given authorities nearly 98.71% coverage of the province’s male population.156

In some cases, precise figures indicating the scale of male data collection in particular localities are available. By comparing the total number of Y-STR samples collected to the population of local males (roughly estimated to be half the total local population), we’re able to estimate the percentage of men and boys from whom biometric data may have been taken (Table 2).

Table 2: Local data on Y-STR sample collection

Please download PDF for full source listing.

We know from government records that, in areas where Y-STR data collection has occurred, anywhere from roughly 8.1% to 26.4% of all males have been targeted. The wide variation in those figures may reflect efforts to collect more data than needed.

Government procurement orders can also be used to estimate the scale of Y-STR sample collection (Table 3). Some of those orders provide precise figures for the number of Y-STR sample-collection cards local authorities have purchased. By comparing the number of sample-collection cards to the local male population (roughly estimated to be half the total local population), we can estimate the percentage of local men who may have been targeted for DNA data collection.

Table 3: Government bid invitations and procurement orders for Y-STR blood sample collection cards

Please download PDF for full source listing.

From these records, we can estimate that local authorities have purchased enough Y-STR analysis kits to collect samples from anywhere between roughly 7.4% and 26.2% of all local males. The wide variation in these figures may again reflect efforts to collect more data than needed.

The large proportion of men and boys targeted for data collection in some localities may be offset by lower levels of data collection in other areas. We have also considered the possibility that in some areas of the country data collection might not be taking place. While we know that this is a nationwide campaign, we don’t yet have precise figures for the number of municipalities in which data collection has occurred. For example, mass Y-STR collection doesn’t so far seem to be taking place in first-tier cities such as Beijing or Shanghai.

Based on these considerations, and the scale of the earlier provincial Y-STR database built by the Henan Public Security Bureau,157 we therefore estimate that the Chinese Government may be seeking to collect Y-STR profiles from as many as one out of every 10 males in China.

The proportion of men and boys within individual families targeted for Y-STR sample collection also gives us clues about the possible scale of this program. There are indications that the authorities aim to collect samples from at least two men from every family of six to 50 people, and a further one or two samples from families of more than 50 members.158 It isn’t clear how rigorously police are adhering to these standards, but at a minimum this suggests that the Chinese Government aims to collect Y-STR samples from roughly five out of every 100 men.

We therefore conservatively estimate that authorities aim to collect DNA samples from around 5-10% of China’s total male population of roughly 700 million. Based on these calculations, a completed nationwide system of Y-STR databases will likely contain at least 35–70 million genomic profiles.

How do these tens of millions of Y-STR samples relate to the Chinese Government’s broader genomic surveillance capabilities? According to a report by the Chinese insurance company Ping An, in 2016 Chinese authorities possessed DNA records for 44.35 million people, including 40.7 million from forensic databases, 1.49 million from crime-scene databases, 594,000 from missing people databases, and 513,000 in so-called ‘base level’ DNA databases.159 To those numbers we can add the roughly 23 million profiles taken in Xinjiang and 3 million in Tibet, for a new total of roughly 70 million—a total slightly lower than the figure of 80 million cited in recent Chinese press reports160 but identical to that provided on the website for Hisign Technology.161

If we add the estimated 35–70 million Y-STR profiles to the 70 million profiles authorities already possess,162 the Chinese Government likely has 105–140 million profiles on file. That doesn’t include DNA profiles currently being enrolled in the ‘newborn genebank’ that is being trialed in the Guangxi Zhuang Autonomous Region and Chongqing.163

Appendix 4: Companies participating in national Y-STR data collection

Table 4 lists Chinese and multinational companies that are known to provide the equipment, consumables, services and intellectual property used by the Ministry of Public Security and public security bureaus across China as part of the ongoing national program of Y-STR data collection.

Table 4: Chinese and multinational companies involved in the Y-STR data collection program

[[ Please download PDF for full source listing. ]]

Download

Readers are urged to download the full report PDF for the full sources, citations and references.

Acknowledgements

The authors would like to thank Danielle Cave, Derek Congram, Victor Falkenheim, Fergus Hanson, William Goodwin, Bob McArthur, Yves Moreau, Kelsey Munro, Michael Shoebridge, Maya Wang and Sui-Lee Wee for valuable comments and suggestions with previous drafts of this report, and the ASPI team (including Tilla Hoja, Nathan Ruser and Lin Li) for research and production assistance with the report. ASPI is grateful to the Institute of War and Peace Reporting and the US State Department for supporting this research project.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber and emerging technologies and their impact on broader strategic policy. The ICPC informs public debate and supports sound public policy by producing original empirical research, bringing together researchers with diverse expertise, often working together in teams. To develop capability in Australia and our region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises both in Australia and overseas for both the public and private sectors. The ICPC enriches the national debate on cyber and strategic policy by running an international visits program that brings leading experts to Australia.

ASPI’s International Cyber Policy Centre has no core funder. Rather, it is supported by a mixed funding base that includes sponsorship, research and project support from across governments, industry and civil society.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published June 2020.

ISSN 2209-9689 (online)
ISSN 2209-9670 (print)

Retweeting through the Great Firewall

A persistent and undeterred threat actor

Key takeaways

This report analyses a persistent, large-scale influence campaign linked to Chinese state actors on Twitter and Facebook.

This activity largely targeted Chinese-speaking audiences outside of the Chinese mainland (where Twitter is blocked) with the intention of influencing perceptions on key issues, including the Hong Kong protests, exiled Chinese billionaire Guo Wengui and, to a lesser extent Covid-19 and Taiwan.

Extrapolating from the takedown dataset, to which we had advanced access, given to us by Twitter, we have identified that this operation continues and has pivoted to try to weaponise the US Government’s response to current domestic protests and create the perception of a moral equivalence with the suppression of protests in Hong Kong.

Figure 1: Normalised topic distribution over time in the Twitter dataset

Our analysis includes a dataset of 23,750 Twitter accounts and 348,608 tweets that occurred from January 2018 to 17 April 2020 (Figure 1). Twitter has attributed this dataset to Chinese state-linked actors and has recently taken the accounts contained within it offline.

In addition to the Twitter dataset, we’ve also found dozens of Facebook accounts that we have high confidence form part of the same state-linked information operation. We’ve also independently discovered—and verified through Twitter—additional Twitter accounts that also form a part of this operation. This activity appears to be a continuation of the campaign targeting the Hong Kong protests, which ASPI’s International Cyber Policy Centre covered in the September 2019 report Tweeting through the Great Firewall and which had begun targeting critics of the Chinese regime in April 2017.

Analysing the dataset as a whole, we found that the posting patterns of tweets mapped cleanly to working hours at Beijing time (despite the fact that Twitter is blocked in mainland China). Posts spiked through 8 a.m.–5 p.m. working hours Monday to Friday and dropped off at weekends. Such a regimented posting pattern clearly suggests coordination and inauthenticity.

The main vector of dissemination was through images, many of which contained embedded Chinese-language text. The linguistic traits within the dataset suggest that audiences in Hong Kong were a primary target for this campaign, with the broader Chinese diaspora as a secondary audience.

There is little effort to cultivate rich, detailed personas that might be used to influence targeted networks; in fact, 78.5% of the accounts in Twitter’s takedown dataset have no followers at all.

There’s evidence that aged accounts—potentially purchased, hacked or stolen—are also a feature of the campaign. Here again, there’s little effort to disguise the incongruous nature of accounts (from Bangladesh, for example) posting propaganda inspired by the Chinese Communist Party (CCP). While the takedown dataset contains many new and low-follower accounts, the operation targeted the aged accounts as the mechanism by which the campaign might gain traction in high-follower networks.

The operation has shown remarkable persistence to stay online in various forms since 2017, and its tenacity has allowed for shifts in tactics and the narrative focus as emerging events—including the Covid-19 pandemic and US protests in May and June 2020—have been incorporated into pro-Chinese government narratives.

Based on the data in the takedown dataset, while these efforts are sufficiently technically sophisticated to persist, they currently lack the linguistic and cultural refinement to drive engagement on Twitter through high-follower networks, and thus far have had relatively low impact on the platform. The operation’s targeting of higher value aged accounts as vehicles for amplifying reach, potentially through the influence-for-hire marketplace, is likely to have been a strategy to obfuscate the campaign’s state-sponsorship. This suggests that the operators lacked the confidence, capability and credibility to develop high-value personas on the platform. This mode of operation highlights the emerging nexus between state-linked propaganda and the internet’s public relations shadow economy, which offers state actors opportunities for outsourcing their disinformation propagation.

Similar studies support our report’s findings. In addition to our own previous work Tweeting through the Great Firewall, Graphika has undertaken two studies of a persistent campaign targeting the Hong Kong protests, Guo Wengui and other critics of the Chinese Government. Bellingcat has also previously reported on networks targeting Guo Wengui and the Hong Kong protest movement.

Google’s Threat Analysis Group noted that it had removed more than a thousand YouTube channels that were behaving in a coordinated manner and sharing content that aligned with Graphika’s findings.

This large-scale pivot to Western platforms is relatively new, and we should expect continued evolution and improvement, given the enormous resourcing the Chinese party-state can bring to bear in aligning state messaging across its diplomacy, state media and covert influence operations. The coordination of diplomatic and state media messaging, the use of Western social media platforms to seed disinformation into international media coverage, the immediate mirroring and rebuttal of Western media coverage by Chinese state media, the co-option of fringe conspiracy media to target networks vulnerable to manipulation and the use of coordinated inauthentic networks and undeclared political ads to actively manipulate social media audiences have all been tactics deployed by the Chinese Government to attempt to shape the information environment to its advantage.

The disruption caused by Covid-19 has created a permissive environment for the CCP to experiment with overt manipulation of global social media audiences on Western platforms. There’s much to suggest that the CCP’s propaganda apparatus has been watching the tactics and impact of Russian disinformation.

The party-state’s online experiments will allow its propaganda apparatus to recalibrate efforts to influence audiences on Western platforms with growing precision. When combined with data acquisition, investments in artificial intelligence and alternative social media platforms, there is potential for the normalisation of a very different information environment from the open internet favoured by democratic societies.

This report is broken into three sections, which follow on from this brief explanation of the dataset, the context of Chinese party-state influence campaigns and the methodology. The first major section investigates the tactics, techniques and operational traits of the campaign. The second section analyses the narratives and nuances included in the campaign messaging. The third section is the appendix, which will allow interested readers to do a deep dive into the data.

ASPI’s International Cyber Policy Centre received the dataset from Twitter on 2 June and produced this report in 10 days.

The Chinese party-state and influence campaigns

The Chinese party-state has demonstrated its willingness to deploy disinformation and influence operations to achieve strategic goals. For example, the CCP has mobilised a long-running campaign of political warfare against Taiwan, incorporating the seeding of disinformation on digital platforms. And our September 2019 report—Tweeting through the Great Firewall—investigated state-linked information campaigns on Western social media platforms targeting the Hong Kong protests, Chinese dissidents and critics of the CCP regime.

Since Tweeting through the Great Firewall, we have observed a significant evolution in the CCP’s efforts to shape the information environment to its advantage, particularly through the manipulation of social media. Through 2018 and 2019 we observed spikes in the creation of Twitter accounts by Chinese Ministry of Foreign Affairs spokespeople, diplomats, embassies and state media.

To deflect attention from its early mishandling of a health and economic crisis that has now gone global, the CCP has unashamedly launched waves of disinformation and influence operations intermingled with diplomatic messaging. There are prominent and consistent themes across the messaging of People’s Republic of China (PRC) diplomats and state media: that the CCP’s model of social governance is one that can successfully manage crises, that the PRC’s economy is rapidly recovering from the period of lockdown, and that the PRC is a generous global citizen that can rapidly mobilise medical support and guide the world through the pandemic.

The trends in the PRC’s coordinated diplomatic and state-media messaging are articulated as a coherent strategy by the Chinese Academy of Social Sciences, which is a prominent PRC-based think tank. The academy has recommended a range of responses to Western, particularly US-based, media criticism of the CCP’s handling of the pandemic, which it suggests is designed to contain the PRC’s global relationships. The think tank has offered several strategies that are being operationalised by diplomats and state media:

  • the coordination of externally facing communication, including 24 x 7 foreign media monitoring and rapid response
  • the promotion of diverse sources, noting that international audiences are inclined to accept independent media
  • support for Chinese social media platforms such as Weibo, WeChat and Douyin
  • enhanced forms of communication targeted to specific audiences
  • the cultivation of foreign talent.

The party-state appears to be allowing for experimentation across the apparatus of government in how to promote the CCP’s view of its place in the world. This study suggests that covert influence operations on Western social media platforms are likely to be an ongoing element of that project.

Methodology

This analysis used a mixed-methods approach combining quantitative analysis of bulk Twitter data with qualitative analysis of tweet content. This was combined with independently identified Facebook accounts, pages and activity including identical or highly similar content to that on Twitter. We assess that this Facebook activity, while not definitively attributed by Facebook itself, is highly likely to be a part of the same operation.

The dataset for quantitative analysis was the tweets from a subset of accounts identified by Twitter as being interlinked and associated through a combination of technical signals to which Twitter has access. Accounts that appeared to be repurposed from originally legitimate users are not included in this dataset, which may potentially skew some analysis.

This dataset consisted of:

  • account information for 23,750 accounts that Twitter suspended from its service
  • 348,608 tweets from January 2018 to 17 April 2020
  • 60,486 pieces of associated media, consisting of 55,750 images and 4,736 videos.

Many of the tweets contained images with Chinese text. They were processed by ASPI’s technology partner in the application of artificial intelligence and cloud computing to cyber policy challenges, Addaxis, using a combination of internal machine-learning capabilities and Google APIs before further analysis in R. The R statistics package was used for quantitative analysis, which informed social network analysis and qualitative content analysis.

Research limitations: ASPI does not have access to the relevant data to independently verify that these accounts are linked to the Chinese Government. Twitter has access to a variety of signals that are not available to outside researchers, and this research proceeded on the assumption that Twitter’s attribution is correct. It is also important to note that Twitter hasn’t released the methodology by which this dataset was selected, and the dataset doesn’t represent a complete picture of Chinese state-linked information operations on Twitter.

Download full report

Readers are warmly encouraged to download the full report (PDF, 62 pages) to access the full and detailed analysis, notes and references. 

Acknowledgements

ASPI would like to thank Twitter for advanced access to the takedown dataset that formed a significant component of this investigation. The authors would also like to thank ASPI colleagues who worked on this report.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber and emerging technologies and their impact on broader strategic policy. The ICPC informs public debate and supports sound public policy by producing original empirical research, bringing together researchers with diverse expertise, often working together in teams. To develop capability in Australia and our region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises both in Australia and overseas for both the public and private sectors. The ICPC enriches the national debate on cyber and strategic policy by running an international visits program that brings leading experts to Australia.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published June 2020.

ISSN 2209-9689 (online)
ISSN 2209-9670 (print)

The party speaks for you

Foreign interference and the Chinese Communist Party’s united front system

What’s the problem?

The Chinese Communist Party (CCP) is strengthening its influence by co-opting representatives of ethnic minority groups, religious movements, and business, science and political groups. It claims the right to speak on behalf of those groups and uses them to claim legitimacy.

These efforts are carried out by the united front system, which is a network of party and state agencies responsible for influencing groups outside the party, particularly those claiming to represent civil society. It manages and expands the United Front, a coalition of entities working towards the party’s goals.1 The CCP’s role in this system’s activities, known as united front work, is often covert or deceptive.2

The united front system’s reach beyond the borders of the People’s Republic of China (PRC)—such as into foreign political parties, diaspora communities and multinational corporations—is an exportation of the CCP’s political system.3 This undermines social cohesion, exacerbates racial tension, influences politics, harms media integrity, facilitates espionage, and increases unsupervised technology transfer.

General Secretary Xi Jinping’s reinvigoration of this system underlines the need for stronger responses to CCP influence and technology-transfer operations around the world. However, governments are still struggling to manage it effectively and there is little publicly available analysis of the united front system. This lack of information can cause Western observers to underestimate the significance of the united front system and to reduce its methods into familiar categories. For example, diplomats might see united front work as ‘public diplomacy’ or ‘propaganda’ but fail to appreciate the extent of related covert activities. Security officials may be alert to criminal activity or espionage while underestimating the significance of open activities that facilitate it. Analysts risk overlooking the interrelated facets of CCP influence that combine to make it effective.4

What’s the solution?

Governments should disrupt the CCP’s capacity to use united front figures and groups as vehicles for covert influence and technology transfer. They should begin by developing analytical capacity for understanding foreign interference. On that basis, they should issue declaratory policy statements that frame efforts to counter it. Countermeasures should involve law enforcement, legislative reform, deterrence and capacity building across relevant areas of government. Governments should mitigate the divisive effect united front work can have on communities through engagement and careful use of language.

Law enforcement, while critically important, shouldn’t be all or even most of the solution. Foreign interference often takes place in a grey area that’s difficult to address through law enforcement actions. Strengthening civil society and media must be a fundamental part of protecting against interference. Policymakers should make measures to raise the transparency of foreign influence a key part of the response.

Introduction

The United Front … is an important magic weapon for strengthening the party’s ruling position … and an important magic weapon for realising the China Dream of the Great Rejuvenation of the Chinese Nation.

—Xi Jinping, at the 2015 Central United Front Work Meeting5

In recent years, groups and individuals linked to the CCP’s United Front have attracted an unprecedented level of scrutiny for their links to political interference, economic espionage and influence on university campuses. In Australia, businessmen who were members of organisations with close ties to the United Front Work Department (UFWD) have been accused of interfering in Australian politics. In the US, at least two senior members of united front groups for scientists have been taken to court over alleged technology theft. Confucius Institutes, which are overseen with heavy involvement from the UFWD, have generated controversy for more than a decade for their effects on academic freedom and influence on universities. Numerous Chinese students and scholars associations, which are united front groups for Chinese international students, have been involved in suppressing academic freedom and mobilising students for nationalistic activities.

The ongoing Covid-19 pandemic has also highlighted overseas united front networks. In Australia, Canada, the UK, the US, Argentina, Japan and the Czech Republic, groups mobilised to gather increasingly scarce medical supplies from around the world and send them to China.6 Those efforts appear linked to directives from the All-China Federation of Returned Overseas Chinese, a united front agency.7 The party’s Central Committee has described the federation as ‘a bridge and a bond for the party and government to connect with overseas Chinese compatriots’.8 After the virus spread globally, united front groups began working with the CCP to donate supplies to the rest of the world and promote the party’s narratives about the pandemic.

Regardless of whether those activities harmed efforts to control the virus, they appeared to take governments by surprise and demonstrate the effectiveness of united front work. The CCP’s attempts to interfere in diaspora communities, influence political systems and covertly access valuable and sensitive technology will only grow as tensions between China and countries around the world develop. As governments begin to confront the CCP’s overseas interference and espionage, understanding the united front system will be crucially important.

This paper dissects the CCP’s united front system and its role in foreign interference. It describes the broad range of agencies and goals of the united front system, rather than focusing only on the UFWD. 

It examines how the system is structured, how it operates, and what it seeks to achieve. It reveals how dozens of agencies play a role in the united front system’s efforts to transfer technology, promote propaganda, interfere in political systems and even influence executives of multinational companies.9

The united front system has nearly always been a core system of the CCP.10 For most of its history it’s been led by a member of the Politburo Standing Committee—the party’s top leadership body.

However, Xi has emphasised united front work more than previous leaders, pushing it closer to the position of importance that it occupied in the party’s revolutionary era by elevating its status since 2015. That year, he established high-level bodies and regulations that signalled a greater emphasis on and centralisation of united front work. Later, the Central Committee’s UFWD was expanded by giving it authority over religious, ethnic and Chinese diaspora affairs.11 The united front system and the UFWD in particular have also been given a central role in coordinating policy on Xinjiang, where the darkest side of the party’s political security efforts are on full display.

The CCP originated as a chapter of the Soviet Comintern in 1921. It is itself a product of Lenin’s international united front efforts. In 1922, it began carrying out its own united front work by proposing a united front of supporters of democracy.12

The party credits China’s victory in the Second Sino-Japanese War (1937–1945) to the ‘favourable conditions’ created through its united front with the Kuomintang. This arguably prevented the CCP’s annihilation by shifting the focus of the Kuomintang military from the CCP to Japan.13 It also enabled the party to infiltrate the Kuomintang and subvert it from inside. In the lead-up to the establishment of the PRC in 1949, the party successfully co-opted influential religious figures, intellectuals, engineers and political leaders. Many of them were organised into party-led civil society groups and eight political parties (often referred to as China’s ‘minor parties’ or ‘satellite parties’) that were promised a say in a post-liberation democratic China. Those parties officially accept the leadership of the CCP as a precondition for participation in China’s ‘multiparty cooperation and political consultative system’.

They now serve as platforms for united front work.14

During the ‘reform and opening period’, the United Front played an important role in supporting China’s economic development. Businesspersons, including those from the Chinese diaspora, were encouraged to invest in China and integrated into the United Front through platforms such as the UFWD-run All-China Federation of Industry and Commerce (中华全国工商业联合会).15 According to united front expert Gerry Groot, ‘economic construction required vast numbers of technicians, scientists and administrators’, and groups in the United Front helped reform China’s education system and attract foreign experts and technology.16

To this day, the united front system helps the CCP claim legitimacy, mobilise its supporters and manage perceived threats. It plays a central role in developing policy on highly sensitive issues such as Xinjiang, Tibet, religion and ethnic affairs. It also oversees the CCP-led political model of ‘multiparty cooperation and political consultation’ that’s been in place since 1949.17 This consultation takes place through the annual Chinese People’s Political Consultative Conference (CPPCC, 中国人民政治协商 会议), which is chaired by the Politburo Standing Committee member responsible for the united front system and attended by more than 2,000 party-approved representatives from different sectors of PRC society.18

The CCP claims that its system of political consultation and multiparty cooperation is a democratic model.19 However, it operates as a way for the CCP to falsely claim that it represents the full breadth of Chinese society. The CCP serves as China’s ruling party while other groups, such as the eight minor political parties (officially known as ‘democratic parties’) that accept the CCP’s leadership, offer advice to it through the CPPCC. Organisations that claim to speak for different interest groups—the China Association for Science and Technology and the All-China Federation of Returned Overseas Chinese, for example—are official components of the CPPCC.20 In practice, those organisations are controlled by the CCP. Their leaders are often party members, and, historically, some have been manipulated through inducement and coercion, including blackmail.21

In recent years, Xi Jinping has been promoting the United Front’s ‘multiparty cooperation and political consultative system’ as a ‘new type of party system’. It also serves as an inspiration for the CCP’s engagement with political parties around the world.22 A 2018 foreign policy editorial by the People’s Daily claimed that Xi Jinping’s ‘systematic elaboration on the super advantages of China’s party system has enlightened the whole world.’23 The chaos of Western societies shows that the CCP ‘is providing the world with … a China solution on how to seek a better political system’, the piece concluded. This point is echoed in training material for united front cadres, which warns that ‘Western hostile forces’ seek to overthrow the CCP and that their influence on overseas ethnic Chinese must be undone.24

The fact that the United Front is a political model and a way for the party to control political representation—the voices of groups targeted by united front work—means its overseas expansion is an exportation of the CCP’s political system. Overseas united front work taken to its conclusion would give the CCP undue influence over political representation and expression in foreign political systems.

Key terminology

The United Front (统一战线) is a coalition of groups and individuals working towards the CCP’s goals.

United front work (统一战线工作) refers to the CCP’s efforts to strengthen and expand the United Front by influencing and co-opting targets.

The United Front Work Department (中央统一战线工作部) is a CCP Central Committee department that coordinates and carries out united front work.

The united front system (统一战线系统 or 统一战线工作系统) is the grouping of agencies, social organisations, businesses, universities, research institutes and individuals carrying out united front work.

United front work is political work

In the words of the UFWD’s director:

The United Front is a political alliance, and united front work is political work. It must maintain the party’s leadership throughout, having the party’s flag as its flag, the party’s direction as its direction, and the party’s will as its will, uniting and gathering members of each part of the United Front around the party.25

It’s designed to bring a diverse range of groups, and their representatives in particular, under the party’s leadership.26

These activities focus on building relationships. Xi Jinping has emphasised that ‘the United Front is about working on people.’27 Co-opting and manipulating elites, influential individuals and organisations is a way to shape discourse and decision-making.

United front work encompasses a broad spectrum of activity, from espionage to foreign interference, influence and engagement (see box). There’s no clear distinction between overseas and domestic work. Premier Zhou Enlai, one of the PRC’s founding revolutionaries and a pioneer of the CCP’s United Front, advocated ‘using the legal to mask the illegal; deftly integrating the legal and the illegal’ (利用合法掩护非法,合法与非法巧妙结合), ‘nestling intelligence within the United Front’ (寓情报于统战中) and ‘using the United Front to push forth intelligence’ (以统战带动情报).28

The scope of united front work is constantly evolving to reflect the CCP’s global ambitions, assessments of internal threats to its security, and the evolution of Chinese society. Today, the overseas functions of united front work include increasing the CCP’s political influence, interfering in the Chinese diaspora, suppressing dissident movements, building a permissive international environment for a takeover of Taiwan, intelligence gathering, encouraging investment in China, and facilitating technology transfer.

Key united front groups and events linked to foreign interference

The Chinese People’s Political Consultative Conference is the peak united front forum, bringing together CCP officials and Chinese elites.

The China Overseas Friendship Association is a group run by the UFWD that recently subsumed the China Overseas Exchange Association.

The China Council for the Promotion of Peaceful National Reunification is an organ of the UFWD with numerous overseas branches.

The All-China Federation of Returned Overseas Chinese is a peak united front body for ethnic Chinese with overseas links.

The Western Returned Scholars Association is the UFWD’s primary body for interacting with ethnic Chinese scholars and scientists.

The Forum on the Global Chinese Language Media is a biennial meeting of overseas Chinese-language media outlets convened by the UFWD.

Chinese students and scholars associations are overseen by Ministry of Education officials and often seek to speak for, influence and monitor Chinese students abroad.

Local equivalents, such as the provincial Guangdong Overseas Friendship Association, exist for most major united front groups.

To those ends, united front work draws on hundreds of thousands of united front figures and thousands of groups, most of which are inside China. This report refers to members of united front groups—organisations guided or controlled by parts of the united front system—as ‘united front figures’. The most readily identifiable united front groups are China-based organisations officially supervised by united front agencies. For example, the China Council for the Promotion of Peaceful National Reunification—which has chapters in at least 91 countries or territories around the world—and the China Overseas Friendship Association are both directed by the UFWD.29 Members of China-based united front groups often run united front groups abroad. Many China-based united front groups have overseas branches.

Citations and Notes

Readers are urged to download the report PDF for the full list of citations and notes. 

United front work: a Xi family business

United front work runs deep through Xi Jinping’s life and family history. His father, Xi Zhongxun, was a central figure carrying out united front work directed at Tibet, seeking to influence the Dalai Lama and the Panchen Lama. As a Politburo member in the 1980s, he continued to spend most of his time supervising united front work. He was reportedly seen still wearing a watch given to him by the Dalai Lama three decades earlier.30 Two of Xi Jinping’s siblings were involved in political warfare work for the Chinese military.31

Xi Jinping himself spent 15 years climbing the CCP ranks in Fujian Province—a hotbed of united front and intelligence work targeting Taiwan and the Hokkien-speaking diaspora. In 1995, as a municipal party secretary, he penned a paper on united front work on the Chinese diaspora.32

Two decades later, in 2015, Xi moved to implement many of the ideas he advocated in the paper— greater emphasis on united front work by the party’s leadership and the integration of efforts across the party and bureaucracy. That year, at the Central United Front Work Conference, he repeated Mao Zedong’s famous 1939 description of the United Front as one of three ‘magic weapons’ (法宝) for achieving victory in the communist revolution.33 This was nothing new. Party leaders since the founding of the PRC have consistently run united front conferences and emphasised the United Front as a ‘magic weapon’, with the exception of the Cultural Revolution period.34 But, unlike his predecessors, Xi Jinping has reinvigorated the United Front by launching the greatest reforms of the united front system in at least a generation.

The December 2014 purge of Ling Jihua (令计划), who headed the UFWD and was a close ally of former president Hu Jintao, set the scene for Xi Jinping’s reform of the united front system.35 After positioning Ling as a scapegoat for the department’s problems, Xi began pursuing the ‘Great United Front’ (大统战)—a program for ensuring that united front work is carried out by the entire party and with greater centralisation, coordination and direction.36 He established a ‘leading small group’ for united front work that brought together dozens of agencies to inspect and improve united front work across the country, formally raised the status of the Central United Front Work Conference, reorganised the UFWD, and introduced the first regulations for united front work.37

In his report to the 19th Party Congress, Xi Jinping referred to the United Front as being about drawing the largest concentric circle around the party.38 Under the direction of the united front system’s leaders, agencies of the united front system seek to co-opt influential individuals and groups in a range of areas, including business, politics and science. Party committees, whether in multinational companies, research institutes or embassies, have been directed by Xi to follow the Central Committee’s directions and regulations on united front work.39 Figure 1 shows the system.

Figure 1: The united front system

* Asterisks denote agencies subordinate to the UFWD.

Leadership and agencies

Figure 2: Wang Yang

The united front system’s leader is Wang Yang (汪洋), the fourth-ranked member of the seven-man Politburo Standing Committee, the party’s top leadership body. Wang chairs the most important united front forum: the CPPCC. He also heads the Central United Front Work Leading Small Group.

Sun Chunlan (孙春兰), a Politburo member and vice premier who holds culture, health, sport, religion and education portfolios, may also be involved in supervising the government’s (as opposed to the party’s) contributions to united front work.40 Sun was previously head of the UFWD and currently chairs the council of Confucius Institute Headquarters, overseeing the global Confucius Institute program.41

The presence of State Council Secretary-General Xiao Jie (肖捷) at a recent leading small group event indicates that he may now be responsible for government agencies’ involvement in united front work.42

The status of the UFWD’s director, a key member of the system’s leadership, has been elevated in recent years. You Quan, the current head of the UFWD, is one of seven members of the Central Secretariat, which carries out the Politburo’s day-to-day work.43 His predecessor sat on the Politburo while heading the department.

Leaders of the united front system and representatives of relevant agencies sit in the Central United Front Work Leading Small Group.44 At least 26 agencies were represented in the leading small group’s activities in 2017.45 Agencies involved in united front work include the Propaganda Department, the Organisation Department, the Ministry of Education, the State-owned Assets Supervision and Administration Commission and the Ministry of State Security, which is the PRC’s civilian intelligence agency.46

The United Front Work Department

‘With everyone doing [united front work] together, there must be division of labour’, a senior UFWD official wrote in 2016.47 The UFWD acts as a coordinating agency for united front work. In practice, China’s bureaucracy is famously stovepiped and it’s difficult to determine how successful the UFWD’s coordination efforts are.

The CCP Central Committee has authorised the department to manage all overseas Chinese affairs, religious affairs and ethnic affairs work. Nominally, it oversees actions by other departments, such as the Ministry of Foreign Affairs, in those areas. Since March 2018, it has controlled three relevant government agencies: the Overseas Chinese Affairs Office, the State Ethnic Affairs Commission and the State Administration for Religious Affairs.48

Together with the Taiwan Affairs Office, the UFWD and 11 of its subordinate agencies had more than 600 officials at the level of bureau chief or above in 2016 (Figure 3). Bureau chiefs are ranked just under vice ministers and deputy heads of provincial governments. They’re roughly equivalent to first assistant secretaries in the Australian Public Service or assistant secretaries in the US Government.49

Figure 3: The UFWD’s 12 bureaus

*Asterisks denote unofficially named bureaus. Note: Bureaus 6 and 8–12 were all created after 2015.

The UFWD runs the offices of the central coordination groups on Tibet and Xinjiang affairs and coordinates policy on the two regions.50 The establishment of the UFWD’s Xinjiang Bureau, which doubles as the office of the Central Coordination Group on Xinjiang Work (中央新疆工作协调小组), coincided with the rapid expansion of re-education and detention camps there in 2016. United front work departments are found at lower levels of government across China. Provincial, city and even district party committees typically oversee their own UFWDs.

Internally, the department has 10 leaders, at least six of whom hold ministerial rank or higher (see Appendix 1 for further information about the department’s leaders). It has 12 bureaus, half of which were created after 2015. Bureaucratic changes in 2018 that brought overseas Chinese affairs under the UFWD’s ‘unified management’ also injected dozens if not hundreds of officials with substantial overseas experience into the department.51 Jinan University, Huaqiao University and the Central Institute of Socialism in Beijing are all subordinate to the UFWD and carry out research and training to support its efforts.52 Additionally, the UFWD runs dedicated training facilities, such as the Jixian Mountain Estate (集贤山庄), which is a complex in the outskirts of Beijing used for training China Overseas Friendship Association cadres.53

The department supervises more than 80 ‘civil groups’ at the national level, and more than 3,000 organisations are overseen by local UFWDs (see Appendix 2). Many of them, such as the China Overseas Friendship Association, are officially described as ‘united front system work units’ and operate like bureau-level organs of the UFWD.54 At least two of them have held special consultative status as NGOs in the UN Economic and Social Council.55 In 2014, an official from one of them, the China Association for Preservation and Development of Tibetan Culture (中国西藏文化保护与发展 协会), was barred from a UN human rights hearing after he intimidated a woman testifying about her father, political prisoner Wang Bingzhang.56

Propaganda work by the United Front Work Department

The UFWD commands substantial resources for propaganda efforts targeting the Chinese diaspora. It runs China News Service (中国新闻社), one of the CCP’s largest media networks, which has dozens of overseas bureaus.57

Several overseas Chinese-language media outlets are owned or controlled by the UFWD through China News Service, including Qiaobao (侨报) in the US and Australia’s Pacific Media Group (大洋传 媒集团).58 At least 26 WeChat accounts run by nine Chinese media outlets are in fact registered to a subsidiary of China News Service.59 The accounts operate in all Five Eyes countries, the European Union, Russia, Japan and Brazil. They include accounts registered to Qiaobao and Pacific Media Group, indicating that they may all belong to companies supervised by the UFWD. Many of the accounts appear to have tens of thousands if not hundreds of thousands of followers.

Figure 4: At least 26 overseas Chinese-language media WeChat accounts are registered to a company that’s ultimately owned by the UFWD

China News Service engages with foreign media through its biennial Forum on the Global Chinese Language Media (世界华文媒体论坛). The event has drawn hundreds of overseas media representatives, including some from Australia’s national broadcaster.60 Training classes on topics such as ‘How to tell the Belt and Road Initiative’s story well’ are held on the sidelines of the forum.61
 

Agencies carrying out united front work

Party committees at all levels must place united front work in an important position.

—Xi Jinping, speaking at the 2015 Central United Front Work Conference62

Party members are expected to play a role in the ‘Great United Front’ by carrying out work in their relevant areas.63 Dozens of party and government agencies are involved in united front work. More and more party committees in state and private companies, universities and research institutes are engaging in united front work. Representatives of the People’s Liberation Army (PLA) also attended the 2015 Central United Front Work Conference, indicating that the military is involved in united front work.64

Education

The Ministry of Education and party committees in Chinese universities lead united front work on campuses.65 The ministry works with the UFWD to hold regular conferences on ‘university united front work’ and maintains its own database of united front work targets, including relatives of overseas Chinese.66 Education officials also study official guidance on united front work and describe the education system as ‘an important battlefield’ for that work.67

Most Chinese universities have UFWDs responsible for the full breadth of united front work.68 For example, Xiamen University’s UFWD oversees religious affairs work at the university, which includes building a database of religious believers, managing student informants and monitoring students’ phones.69 Dalian University of Foreign Languages’ UFWD establishes alumni associations around the world and runs a database of overseas students and alumni as ‘a basis for overseas united front work’.70

Foreign affairs

United front work targeting the Chinese diaspora involves several agencies. Major ‘overseas Chinese affairs’ events are usually presided over by representatives of:

  • the UFWD (or the Overseas Chinese Affairs Office that it subsumed in 2018)
  • the National People’s Congress Overseas Chinese Affairs Committee
  • the CPPCC Hong Kong, Taiwan, Macau and Overseas Chinese Committee
  • the China Zhi Gong Party (致公党)
  • the All-China Federation of Returned Overseas Chinese
  • the Ministry of Foreign Affairs.71

The first five of those organisations are often called the ‘five Overseas Chinese’ (五侨).72 Most, if not all, of China’s embassies have several diplomats tasked with interfering in the diaspora— a kind of activity that’s officially under the ‘unified management’ of the UFWD.73 The decision to place diaspora affairs under the UFWD’s leadership came in March 2018 and ‘effectively resolved the problem of the Overseas Chinese Affairs Office, Ministry of Foreign Affairs and UFWD’s overlapping responsibilities’, according to the People’s Daily.74 Embassies hold meetings with local united front leaders where the leaders receive directions to influence public opinion, such as by coordinating rallies in support of Chinese Government policy or visiting officials.75

Increasing numbers of diplomats responsible for diaspora work now come from the UFWD rather than the Ministry of Foreign Affairs. For example, China’s ambassador to Sri Lanka has a background not in the foreign affairs system but as a united front official.76

Indeed, the UFWD was an important foundation for China’s foreign affairs bureaucracy. The International Liaison Department (the party agency managing party-to-party relations) was formed on the basis of a UFWD bureau in 1951.77 The International Liaison Department still has united front characteristics, although it isn’t known whether any of its activities are guided by the united front system.78 A former head of the department from the 1990s stated that he views its work as an international version of united front work. In an interview, he compared its interactions with foreign political parties to the CPPCC—the primary platform for the United Front’s so-called ‘system of multiparty cooperation and political consultation led by the CCP’.79

Intelligence and political warfare

Intelligence agencies carry out and take advantage of united front work. The networks, status and relationships built through united front work, as well as information gathered through it, facilitate intelligence activity. The integration of intelligence and united front work runs deep through the party’s history: at a 1939 Politburo meeting, CCP leader Zhou Enlai advocated ‘nestling intelligence in the United Front’ and ‘using the United Front to push forth intelligence’.80

The Ministry of State Security (MSS), which is China’s civilian intelligence agency, is involved in and benefits from united front work. Official accounts state that the MSS was created in 1983 by combining parts of four agencies, including the UFWD.81 One of its fronts, the China International Cultural Exchange Center (中国国际文化交流中心), carries out united front work. In 2004, a committee member at the centre said that the scope of its ‘domestic and overseas united front work activities is extremely broad’.82 At the time, its nominal director was a former UFWD minister.83

The China International Cultural Exchange Center may have been an important part of the MSS’s overseas operations. It’s linked to the MSS’s Social Affairs Bureau (社会联络局 or 社会调查局), also known as the 12th bureau. In their book Chinese communist espionage, Peter Mattis and Matthew Brazil describe the bureau as handling ‘MSS contributions to the CCP’s united front work system’.84 One of the bureau’s former chiefs, Mao Guohua (毛国华), was double-hatted as the centre’s secretary-general (Figure 5).85 Mao was the handler of Katrina Leung, a triple agent who successfully gained the trust of the US Federal Bureau of Investigation in the 1980s and 1990s.86

Figure 5: Retired MSS officer Mao Guohua in 2018

Source: ‘前国安部社会调查局局长说, “奉化的长处的短板是。。。。。。”’ [The former chief of the Social Affairs Bureau of the Ministry of State Security said, ‘The shortcomings of Fenghua’s strengths are …’], Sohu, 15 October 2018, online.

Similarly, the political warfare arm of the PLA—the Political Work Department Liaison Bureau (政治工 作部联络局), formerly the Liaison Department of the General Political Department (总参谋政治部联 络部)—has been described by experts as ‘most closely aligned with the united front system’.87 Like the International Liaison Department, this agency uses united front tactics (such as the use of prominent front groups, an emphasis on co-opting influential individuals, and efforts to discredit those who aren’t aligned with the CCP’s goals) but it’s unlikely that it’s part of the institutionalised united front system. The China Association for International Friendly Contact (中国国际友好联络会) is a united-front-style group run by the Liaison Bureau that seeks to build ties with foreign groups and individuals. Those it has interacted with include an Australian mining magnate, a former Australian ambassador to China, a new-age religious movement in Japan, and retired generals and bureaucrats from the US.88

Intelligence officers have used united front positions as cover. The overseas Chinese affairs consul in San Francisco during the 2008 Olympic torch relay was a suspected MSS officer, according to former US intelligence officials.89 Guangdong State Security Bureau Director Zhou Yingshi (周颖石) may have claimed to be a Guangdong UFWD vice minister as a form of cover in the past.90 An officer from the PLA’s Liaison Bureau was concurrently serving as a division head in Guangzhou city’s UFWD.91

There’s also evidence that the UFWD itself has recently carried out clandestine operations involving the handling of people covertly reporting to it. The Taiwanese Government is currently prosecuting a father–son pair who were allegedly recruited by an official from the Fujian Province UFWD.92 The father heads a united-front-linked political party in Taiwan, while his son is a retired lieutenant colonel.

Unverified reports have claimed that, like China’s intelligence agencies, the department is allowed to recruit Taiwanese as agents.93

Groups targeted by united front work

CCP regulations on united front work define 12 broad groups to be targeted:

  1. members of China’s eight minor parties
  2. individuals without party affiliations
  3. non-CCP intellectuals
  4. ethnic minorities
  5. religious individuals
  6. non-public-economy individuals (private businesses)
  7. new social strata individuals (urban professionals)
  8. overseas and returned overseas students
  9. people in Hong Kong and Macau
  10. Taiwanese people and their relatives in the PRC
  11. overseas ethnic Chinese and their relatives in the PRC
  12. any other individuals who need uniting and liaising.94

Work on the targeted groups is designed to bring them under the party’s leadership not merely to neutralise any opposition they may pose, but also to have them serve as platforms for further efforts.

Once groups or individuals have been integrated into the united front system, they can be used to co-opt and influence others. They’re also used to support the party’s claim that it represents and consults various constituencies not just in China but increasingly beyond China’s borders.

There’s no clear distinction between domestic and overseas united front work: all bureaus of the UFWD and all areas of united front work involve overseas activities. This is because the key distinction underlying the United Front is not between domestic and overseas groups, but between the CCP and everyone else.95 For example, the UFWD’s Xinjiang Bureau plays a central role in policy on Xinjiang but is also involved in worldwide efforts to whitewash the CCP’s internment of an estimated 1.5 million people in Xinjiang, primarily ethnic Uyghur Muslims, as an anti-terrorism and vocational training effort.96

State-owned enterprises and research institutions often have mature united front work departments.

For example, Baowu Steel (宝武钢铁), one of the world’s largest steel producers, has an internal UFWD and has established united front organisations for Taiwanese people and ethnic Chinese who have lived abroad.97 The company’s united front work evidently earned it praise—its CEO from 2007 to 2016 has been a UFWD vice minister since 2017.98

Large numbers of leading Chinese scientists were educated abroad and are members of China’s eight minor parties or have no party affiliation, making them another priority of united front work.99 The Chinese Academy of Sciences—one of the world’s largest research organisations, with more than 60,000 researchers—has a UFWD and a united front work leading small group that provides oversight of the academy’s united front work.100

Both Chinese and foreign private enterprises are increasingly targeted by united front work. In 2015, ‘new social strata individuals’—a category covering urban professionals such as managerial staff and NGO workers—became a new focus of united front work because of their growing influence in Chinese society and strong links to the West.101 For example, JD.com, one of the world’s largest e-commerce companies, is an official pilot site for united front work in private companies. In 2018, CEO Richard Liu announced the establishment of two united front groups within JD.com (Figure 6).102

Figure 6: Richard Liu (right) unveiling a plaque for JD.com’s united front work pilot site

‘Multinational companies such as the ‘Big Four’ accounting firms are also targets of united front work.103 Deloitte China established a united front association for young and middle-aged employees in 2016, headed by its CEO.104 At the association’s founding, a Deloitte partner thanked the UFWD for its support and promised: ‘The Deloitte Young and Middle-aged Intellectuals Association will comply with the Trial Regulations on United Front Work’.105

According to a government website, the Shanghai UFWD ‘took a liking’ (看上了) to a Deloitte partner, Jiang Ying, during its visits to Deloitte’s office.106 Senior members of China-based united front organisations are typically selected by local UFWDs. Jiang is now deputy CEO of Deloitte China, is a delegate to the CPPCC and was recently awarded a commendation from the Shanghai UFWD.107

In total, at least eight Deloitte China executives are delegates to the CPPCC or its local equivalents.108

United front structures within multinational companies provide additional channels for influencing the companies beyond party committees. United front groups often target people who aren’t members of the CCP, especially those who have spent time abroad. Under the ‘Trial regulations on united front work’, the UFWD is supposed to direct ‘relevant civil organisations’, such as Deloitte’s united front group, ‘to play a role in Hong Kong, Macau, Taiwan and overseas united front work’.109 After anonymous employees of the Big Four paid for a Hong Kong newspaper ad supporting protests there, all four companies released statements in support of the Chinese Government’s actions and were pressured to fire those responsible for the ad.110

In 2017, Deloitte partnered with the Australian Financial Review for an infrastructure forum in Melbourne, at which a Deloitte China executive who is also a delegate to the Shandong Committee of the CPPCC warned that Australia’s refusal to sign up to the Belt and Road Initiative was hurting business.111 His role in the united front group doesn’t seem to have been disclosed in the conference agenda.

Figure 7: Deloitte China Deputy CEO Jiang Ying at the CPPCC.

Source: ‘德勤声音——全国政协委员蒋颖在两会上踊跃谏言 多份提案吸引媒体高度关注’ [Deloitte’s voice—CPPCC member Vivian Jiang enthusiastically offers advice at the two sessions], Deloitte, no date, online.

Foreign interference and the united front system

This section of the report describes several aspects of united front work abroad, and particularly efforts to influence politics and think tanks, collect data and transfer technology. United front work generally involves covert activity and is a form of interference that aids the CCP’s rise and reduces resistance to its encroachment on sovereignty.112

It will be important for future studies to examine overseas united front work in Asia, North America and Europe. Efforts targeting scientific communities, religious groups and Chinese-language education remain understudied. Outside of Australia, New Zealand and the Czech Republic, there are very few detailed country-specific studies of influence and technology-transfer efforts linked to the united front system.113

Many CCP agencies, such as the International Liaison Department, the MSS, the Chinese People’s Association for Friendship with Foreign Countries and the PLA, engage in their own foreign interference efforts. Those activities often overlap with or take advantage of those of the united front system, and draw on the tradition of united front work, but they’re probably carried out independently.

Political influence

When it seeks to build political influence, united front work primarily targets political actors rather than political systems. Democracies subjected to united front work might retain democratic structures and processes, while representation and political participation are ultimately manipulated by the CCP.

Independent researcher Jichang Lulu has referred to this as a process of ‘repurposing democracy’ (see box).114

Understanding CCP influence, a prerequisite to any sound policy formulation, thus necessitates the analysis of the foreign activities of China’s entire political system, rather than decontextualised aspects of the work of its more familiar agencies. Such analysis would be vitiated by an a priori compartmentalisation guided by, e.g., distinctions between ‘influence’ and ‘interference’, ‘benign’ and ‘malign’, or ‘legal’ and ‘illegal’. While relevant to target-country policy responses, such categories may not be useful in the actors’ Leninist context. A narrow focus on the hostile leaves much influence work unaccounted for. Influence work as described in this study does not seek to disrupt democratic structures, but to repurpose them as tools facilitating the advancement of the policies of a totalitarian, expansionist régime.

—Jichang Lulu, Repurposing democracy: The European Parliament China Friendship Cluster, Sinopsis, 26 November 2019, online.

The role of the CCP in these activities is often covert. United front figures typically deny any links to the united front system. Australian-Chinese businessman and political donor Chau Chak Wing, for example, claimed he had never heard of the UFWD, despite mentioning it in a speech and being pictured meeting with its officials.115

Ethnic Chinese communities are a focus of united front work.116 In activities directed at diaspora communities, the CCP seeks to co-opt, control and install community leaders, community groups, business associations and media. It seeks to collapse the diversity of Chinese communities into a fictional homogeneous and ‘patriotic’ group united under the party’s leadership.117 Successful united front work wedges the party between ethnic Chinese communities and the societies they live in, expanding the party’s control of those communities’ channels for representation and mobilisation.

Members of Chinese communities who want to participate in community activities may unwittingly become associated with united front groups. Combined with the party’s surveillance and censorship of the Chinese social media app WeChat, this has smothered independent Chinese media outlets and community groups.118

Interference in Chinese communities harms genuine and independent political participation in politics by ethnic Chinese. In countries such as Australia, where united front work is quite mature, it’s proven difficult for politicians to avoid associating with united front groups and implicitly legitimising them as representatives of the broader Chinese community.119 For example, both major party candidates for a seat in parliament during the 2019 Australian federal election had reportedly either been members of united front groups or had travelled on united-front-sponsored trips to China.120 Both contenders for leadership of the NSW Labor Party in 2019 had attended events run by united-front-linked groups.121

Case study: Huang Xiangmo

Huang Xiangmo (黄向墨) is one of the most informative cases of united-front-linked influence efforts.

Ironically, his active efforts to influence Australian politics became a catalyst for the Australian Government’s introduction of counter foreign interference legislation and his own expulsion from the country.

Huang, also known by his legal name, Huang Changran (黄畅然), was born in 1969 in a small village in the Chaoshan region of Guangdong Province. According to a hagiographic account of his life published in 2012, he grew up in poverty and left school at an early age.122 Despite that, he worked hard and read widely. In 1998, he was working for the state-owned China Railway Construction Corporation.123 He soon founded a property development company named after his home village, Yuhu, and prospered amid rapid economic growth in the province.124

By 2012, Huang was ranked as China’s 420th richest person, worth an estimated Ұ4.5 billion (roughly A$700 million at the time).125 He also donated generously to public projects—specifically, those favoured by the Jieyang Party Secretary, Chen Hongping (陈弘平), such as the massive Han dynasty-inspired Jieyang Tower in the city’s central square.126 Huang also gained social standing, reflected in his appointment to the Jieyang People’s Political Consultative Conference—the city’s peak united front forum.127

In July 2012, Huang’s allies ran up against the CCP’s anticorruption machine. Party Secretary Chen was taken into the extralegal ‘shuanggui’ investigation process.128 Five years later, Chen received a suspended death sentence for corruption.129 He took down at least six associates, including the Guangzhou Party Secretary, with him.130 Among his sins, the People’s Daily reported, was his obsession with grand cultural and spiritual projects, including the Jieyang Tower and a lavish personal mausoleum.131 The next year, 17 police officials in Jieyang were fired, under suspicion of tipping off suspects about investigations.132

Shortly before the scandal erupted, Huang Xiangmo began relocating to Australia, building an investment portfolio in Sydney and purchasing a $12.8 million mansion. It’s reported that several business associates followed him, buying nearby properties provided they were cheaper and lower down the hill than his. Huang denies being involved in the Jieyang corruption case.133

It would be nearly a decade before Huang was next spotted in the Chinese mainland. However, his connections to Chinese authorities didn’t end with the corruption case and his arrival in Australia.

As early as February 2012, Huang became an honorary president of the Australian Council for the Promotion of the Peaceful Reunification of China (ACPPRC, 澳洲中国和平统一促进会), despite having no known substantial links to Australia before then.134 The reunification council is closely linked to the UFWD-run China Council for the Promotion of Peaceful National Reunification, which promotes the PRC’s annexation of Taiwan.135 Huang eventually became president of the Australian reunification council and a senior director of the UFWD-run China Council.136 The China Council’s president is Wang Yang, the Politburo Standing Committee member who oversees the united front system. Its senior vice president is the UFWD minister.137

As Philip Wen and Lucy Macken wrote in the Sydney Morning Herald in 2016, ‘Huang arrived in Australia in near-total obscurity. But big spending and relentless networking behind closed doors has seen him swiftly ingratiate himself with Australia’s most powerful politicians’.138

After arriving in Australia, Huang hired long-time ACPPRC member Eng Joo Ang (洪永裕) as an adviser to his company. Ang accompanied Huang as he met with former prime minister Kevin Rudd in December 2012 (Figure 8).

Sam Dastyari, then general secretary of the New South Wales Labor Party, also appeared at the meeting.139 Dastyari was known as a prolific fundraiser, and his relationship with and patronage from Huang Xiangmo led to the downfall of both. As Dastyari later said, ‘There is an arms race for donations between the parties. And when you’ve got individuals like Huang who are prepared to fork out millions of dollars they get listened to.’140

Figure 8: Eng Joo Ang, Kevin Rudd, Huang Xiangmo and Sam Dastyari, December 2012

Huang and his companies, associates and employees donated a total of over $3 million to both sides of politics.141 He also stepped in to pay a legal bill for Sam Dastyari, by then a senator.142 Another businessman—a CPPCC delegate and member of the UFWD’s China Overseas Friendship Association— helped Dastyari settle the difference when the senator overspent his parliamentary travel budget.143 Huang also partnered with CCP agencies, including the International Liaison Department, to organise and sponsor parliamentarians to travel to China.144

Former prime minister Rudd was only one in a long list of political figures with whom Huang networked. Huang secured meetings with the prime minister and opposition leader. At least four political figures—a former New South Wales Labor general secretary, a former New South Wales Labor treasurer, a former federal Liberal minister, and a former media adviser to a different federal Liberal minister—were hired by Huang and helped him build influence.145 Senior representatives of both major parties attended his daughter’s wedding in 2016.146

It seems that politicians treated Huang Xiangmo as a wealthy Chinese community leader and didn’t think too much about the political objectives contained in the very name of the reunification council he ran. Rather than alerting politicians to his links to the CCP, Huang’s leadership of united front groups was misinterpreted as a marker of his influence among Chinese-Australians. When Huang took over leadership of the reunification council when its original president died in 2015, senior Liberal Party politician Philip Ruddock appeared to gloss over the council’s founding purpose, remarking that it ‘has a rather strange name … Some people are very interested in the title. My emphasis is always on “peaceful”’.147

Roughly a dozen reunification council members have stood for election or gained jobs as political staffers. Chief among them was Ernest Wong (王国忠), whose predecessor in the New South Wales Legislative Council house was hired by Huang’s company.148 In a 2014 article attributed to him, he copied, word for word, advice on political participation from the Overseas Chinese Affairs Office—a core united front system agency that’s since been absorbed by the UFWD.149 In a line that also appears verbatim in the Overseas Chinese Affairs Office document, the article recommends: ‘[one of the ways for Chinese to participate in politics is] by pushing changes in policy and influencing government positions by working on politicians and elites.’150 Wong held positions in several united front bodies in both China and Australia and was reportedly a target of cultivation by Chinese intelligence officers.151

Consistent with the Overseas Chinese Affairs Office’s guidance, Wong and Huang sought to mentor young Chinese-Australians with political aspirations.152 The pair organised the Australia Young Leadership Forum for Chinese university students, which worked to train future political talent.153

Huang also engaged in philanthropic activities and gave generously to universities. He established centres in two Australian universities: the Australia–China Relations Institute (ACRI) at the University of Technology Sydney and the Australia–China Institute for Arts and Culture at Western Sydney University. Huang claimed to have personally selected a former Australian foreign minister as director of ACRI, which has attracted controversy since its founding in 2014.154 ACRI hosted a senior united front official in 2016 and also organised trips to China, supported by the Propaganda Department, for Australian journalists.155

Figure 9: Huang Xiangmo, surrounded by leaders of the reunification council and the Australia China Economics, Trade and Culture Association, shakes hands with Politburo member and former UFWD director Liu Yandong in 2012

Source: ‘Liu Yandong, member of the Political Bureau of the CPC Central Committee, meets with Australian overseas Chinese’, news release, Yuhu Group, 19 December 2012, online.

Huang caught the Australia Security Intelligence Organisation’s attention by 2015. That year, the agency’s director-general reportedly warned about Huang’s potential links to the CCP in briefings to Australian political parties.156

As investigative journalists began scrutinising Huang’s activities, his transactional dealings with political parties became clearer. In 2016, Huang reportedly withdrew a promised $400,000 donation to the Labor Party after its defence spokesman criticised China’s militarisation of the South China Sea.157

The next week, Senator Dastyari stood beside Huang at a press conference for Chinese-language media and urged Australia to remain neutral in the territorial dispute, which he described as ‘China’s own affair’.158

Dastyari eventually quit politics after it emerged that he’d warned Huang that Huang’s phone was probably bugged.159 Dastyari admitted in 2019 that Huang may have been an ‘agent of influence’ for the Chinese Government.160

Public figures began distancing themselves from Huang and his reunification council as controversy surrounding him grew. Several members had their names removed from the group’s public membership list.161 A Victorian state politician who had previously been a member of the council said, ‘I know what this organisation is about so I keep 100 miles from them.’162 Tim Xu, a former assistant to Huang, testified in 2019 that the reunification council is a front for the CCP.163

According to media reporting, some of Huang’s associates may have been involved in organised criminal activity. In July 2019, it was reported that two of Huang’s reunification council members were running illegal gambling junkets for Crown Casino and involved in money laundering. Huang himself gambled $800 million in one year with Crown Casino.164 In October, the Australian Taxation Office accused him of underpaying tax by $140 million, ordering his assets to be frozen.165

The growing scrutiny of Huang’s activities culminated in his residency in Australia being canceled while he was in Hong Kong. His citizenship application was denied and his residency rescinded after the Australian Security Intelligence Organisation reportedly concluded that he was ‘amenable to conducting acts of foreign interference’.166 Huang later complained to the state-owned Global Times that Australia has ‘the innate characteristics of a giant baby’.167

Huang’s story, however, hasn’t ended. His political donations, some of which were allegedly disguised through proxies, are being investigated by the New South Wales Independent Commission Against Corruption.168 In May 2019, Huang reappeared in mainland China for the first time in years—as a delegate to a united front meeting attended by Xi Jinping.169 In November 2019, Wang Liqiang, a Chinese defector to Australia, alleged that Huang had met with a PLA intelligence officer.170 Wang is now being sued by a former reunification council member.171 Huang’s networks, and united front networks more generally, are still active in Australia, and more than 120 organisations protested his expulsion.172

Recognising united front groups

There’s no foolproof way to identify a united front group, but the following activities may indicate that an organisation is associated with the united front system:

  • Its executives hold positions in China-based united front groups.
  • It advocates for the ‘reunification’ of China.
  • It associates frequently with the local PRC diplomatic mission.
  • It participates in pro-PRC political rallies.
  • It hosts visiting CCP officials from the united front system.
  • It issues statements or holds events in coordination with known united front groups.

Asking a knowledgeable friend in the Chinese community for advice can also be helpful.

Because of the opacity of some aspects of united front work, it’s difficult to know the degree of direction party officials exercise over united front figures. Even within each overseas united front group there appears to be variation in the relationships that members and executives have with PRC officials. To the extent that they’re directed, many of their united front activities are likely to be supervised by provincial or even municipal UFWDs, some of which have a greater overseas focus than the central UFWD.

It’s also possible that a small number of united front figures are ultimately directed by the MSS or PLA as intelligence assets, using united front work as a platform for intelligence activity. The two organisations are better resourced for and more experienced in serious political interference work than the UFWD.173 Both have records of using united front roles as cover. They may also be better positioned to wield leverage over individuals who are wanted for crimes in China.

Nonetheless, many united front figures aren’t acting spontaneously out of patriotic sentiments and an independent desire to please Beijing. Overseas united front figures frequently meet with united front system officials, receive directions and study relevant guidance. A Sydney man reportedly set up the Australian Jiangsu China Council for the Promotion of Peaceful Reunification (澳洲江苏中国和平统一 促进会) at the direction of a senior UFWD official.174 The Australian Guangxi Business Association (澳洲 广西总商会) was reportedly founded in 2011 under the ‘coordination’ of a provincial UFWD.175

When the PLA Navy made a visit to Sydney Harbour on 3 June 2019, a day before the 30th anniversary of the Tiananmen Square massacre, it was met by a welcoming crowd from the Sydney Beijing Association (悉尼北京会) bearing a custom-made banner.176 The visit hadn’t been publicly announced, indicating that the group had been notified beforehand by the Chinese Government.

In July 2015, the president of a Sydney-based association said his group ‘will strengthen its use of Xi Jinping’s spirit at the Central United Front Work Conference to go further in demonstrating our special characteristics’.177

In Australia and Taiwan, the CCP has used organised crime groups to carry out united front work.178

Several cases suggest that criminal activity may be tolerated by the Chinese Government and even used as leverage in exchange for participation in political influence operations.179 For example, media have reported that a prolific gambling junket operator involved in money laundering also runs three prominent united front groups in Melbourne, one of which is officially endorsed by the UFWD, and served as an honorary president of the ACPPRC.180 At the same time, he was a business partner of a former adviser to the Victorian Premier.181

In 2008, Sydney man Frank Hu (胡扬) was charged with importing 250 kilograms of cocaine.182

However, Hu was known to the public as a ‘Chinese community leader’ who was close to the PRC Consulate and ran a cultural association that took parliamentarians on tours of China.183 Similarly, Chang An-lo (张安乐), a Taiwanese gangster also known as ‘White Wolf’, is the founder of the Chinese Unification Promotion Party. The party has been raided by the Taiwan Government as part of investigations into political parties illegally accepting money from the Chinese Government.184

The lack of any clear distinction between domestic and overseas united front work means that changes in how that work is carried out in China could have important implications for foreign interference. While the UFWD has long worked with Chinese security agencies, links between those worlds appear to be deepening.185 In 2018, Ministry of Public Security Vice Minister Shi Jun was reassigned as a UFWD vice minister and now oversees the department’s work on Xinjiang.186 The UFWD plays a central role in the securitisation of Xinjiang, including the disappearance of approximately 1.5 million Uyghurs and other minorities into concentration camps.187 It has worked with the National Counter-Terrorism Office on security in the lead-up to major political meetings and runs campaigns with the MSS and the Ministry of Public Security to crack down on Christianity.188 This may foreshadow an increase in the brazenness, intolerance and intensity of united front work abroad, helped by the party’s increased ability to coordinate and direct that work.189

Case study: The British Chinese Project

The kinds of united front work observed in Australia, the US190 and New Zealand191 can be clearly seen in other Five Eyes countries and across Europe. In the UK, for example, the British Chinese Project (BC Project, 英国华人参政计划) is a group that says it seeks to foster the political participation of ethnic Chinese and build their influence on policy.192 It provides advice to, and acts as the secretariat for, the All-Party Parliamentary Chinese in Britain Group. The parliamentary group had six members in 2018.193

However, the BC Project’s close links to the united front system call into question its independence and ability to genuinely represent ethnic Chinese. Its chair and founder, Christine Lee (李贞驹), is an executive member of the China Overseas Friendship Association and a committee member of the CPPCC, which are both run by the UFWD (Figure 10).194 Lee is also a legal adviser to several Chinese Government organs, including the Chinese Embassy in London, the UFWD’s Overseas Chinese Affairs Office and the All-China Federation of Returned Overseas Chinese.195 Her law firm claims to be the only British one authorised by the Chinese Government to practise as a foreign law firm in China.196

Figure 10: Christine Lee at a 2019 united front meeting for overseas Chinese. United front system leader Wang Yang is seated directly in front of her.

Source: ‘Xi Jinping meets with representatives of the Ninth Conference for Friendship of Overseas Chinese Associations and the Fifth Council of China Overseas Friendship Association’, YouTube, 28 May 2019, online.

Since 2009, Lee has donated hundreds of thousands of pounds to Labour Party shadow secretary of state for international trade Barry Gardiner.197 Reports by The Times in February 2017 scrutinised Lee and Gardiner’s relationship, but appeared to have little effect on their activities.198 Lee’s son, Daniel Wilkes, has worked for Gardiner since 2015.199 Gardiner has been the chair of the All-Party Parliamentary Chinese in Britain Group since its inception in 2011.200

As shadow energy secretary, Gardiner was an outspoken advocate of a controversial proposal for Chinese Government involvement in the Hinkley Point nuclear reactor project. He argued that it was important to sign the agreement to show the UK’s acceptance of Chinese investment, even if it was a bad deal in financial terms.201 The Chinese partner on Hinkley Point, China General Nuclear Power Company (CGNPC), is a state-owned nuclear company that’s been involved in espionage and is subject to a US Government export ban because of its history of diverting nuclear technology to the Chinese military.202 The US Government has warned that CGNPC uses nuclear technology to aid the Chinese military, including through the development of floating nuclear reactors and reactors for submarines.

Technology transfer

The united front system is a central component of the PRC’s legal and illicit technology-transfer efforts.

United front technology-transfer efforts seek to establish or co-opt professional associations with members in universities, governments and private companies. The groups then help recruit overseas scientists and promote technology transfer to China.203 Some of them are also tasked with building databases on overseas scientists.204 The role of the united front system in technology transfer will be detailed in a forthcoming report by the ASPI International Cyber Policy Centre.

Exemplifying the united front system’s involvement in technology-transfer efforts, the UFWD’s Western Returned Scholars Association (WRSA, 欧美同学会) runs the official association for participants in the Thousand Talents Plan (千人计划专家联谊会), which is a flagship CCP talent recruitment program for foreign scientists.205 China’s Minister of Science and Technology from 2007 to 2018 was also a senior united front official and chair of the Zhi Gong Party (致公党), which is a minor party supervised by the UFWD that draws its membership from Chinese who have returned from abroad.206

The party and country respect the choices of overseas students. If you return to China to work, we will open our arms to warmly welcome you. If you stay abroad, we will support you to serve the country through various means. Everyone must remember: no matter where you are, you are sons and daughters of China.

—Xi Jinping, in his speech to the Western Returned Scholars Association, 2013

Some united-front-linked overseas professional associations have been implicated in economic espionage. For example, Yang Chunlai (杨春来), a programmer at a US mercantile exchange company, was convicted in 2015 of trade secret theft after stealing source code to set up a business in China. Yang had been president of the USA Association of Chinese Scientists and Engineers, which frequently meets with united front officials, and served on an advisory committee to the Overseas Chinese Affairs Office.207

In 2006, Yang visited Beijing for a ‘young overseas Chinese leaders’ united front training course.208

During the course, he said that his employer would never outsource work on its proprietary source code, but that ‘everyone is still looking for a suitable entrepreneurial opportunity to return to China.’ Three years after the training course, an opportunity may have presented itself when he met an investment and talent recruitment delegation from a Chinese county government. The source code he later stole, some of which he sent to the county government, was meant to help grow the business he established in the county’s free trade zone.209

More than a dozen groups in Australia are involved in technology transfer and talent recruitment work for the Chinese Government.210 For example, the Federation of Chinese Scholars in Australia (全澳华人专家学者联合会) was established in 2004 to promote scientific exchange between Australia and China. Its organising meeting was held in the PRC Embassy’s Education Office. Speaking at its founding, the Chinese Ambassador expressed her hope that its ‘experts and scholars would be able to transfer advanced technology achievements to China.’211 The federation and many of its members are associated with united front system organs, such as the WRSA.212 Its hundreds of members include several senior university officials and professors, most of whom have joined Chinese government talent recruitment programs.

Data collection

United front work is supported by the united front system’s growing use of information technology.

United front groups can build databases that may support the CCP’s political influence and technology-transfer efforts. For example, the Melbourne Huaxing Arts Group (墨尔本华兴艺术团) writes biannual reports back to the UFWD, keeps a database of political figures, public figures, and community groups, and has internal ‘secrecy regulations’.213 One part of the united front system even claims to hold data on 2.2 million ethnic Chinese scientists abroad.214 The Chinese Government has also provided overseas united front groups with lists of possible members, such as Chinese PhD students in America who have the same home town, to help their expansion.215

United front agencies are encouraged to take advantage of the internet and big data in their work.216

In November 2019, the UFWD partnered with the Central Cyberspace Administration to hold the first-ever meeting for united front work on ‘online figures’ such as social media influencers and live-streamers.217

Think tanks

The UFWD seeks to engage with foreign think tanks through the WRSA, which is the primary united front group for Chinese scientists and scholars who have lived abroad. The association’s secretary-general is a UFWD official, and it’s described as a ‘united front system work unit’.218 The association is active in both influence and technology-transfer efforts. It holds international think tank forums while also playing a key role in the Thousand Talents Plan—a CCP recruitment scheme for overseas scientists that’s been linked to economic espionage.219

One of the WRSA’s most successful activities has been the establishment of the Center for China and Globalization (CCG, 中国与全球化智库), which claims to be an independent think tank.220 The centre is headed by Wang Huiyao (王辉耀), a prominent international commentator who is also an adviser to the UFWD, a member of several united front groups and an important figure in the development of China’s talent recruitment strategy.221

Wang’s united front links first attracted widespread attention when he was scheduled to speak at a May 2018 Wilson Center panel on CCP influence. The event’s description didn’t mention his position in the united front system and claimed that discussions on CCP influence were ‘often poorly defined, exaggerated, and abused.’222 After Senator Marco Rubio wrote a letter to the Wilson Center asking it to disclose Wang’s united front links, Wang pulled out of the panel.223

But, since then, several Australian politicians have been taken to visit the CCG. In both 2018 and 2019, Australian NGO China Matters took several Australian politicians on trips to China, where they met with people from the centre.224 Australia’s then shadow treasurer repeated the CCG’s claim of being China’s largest independent think tank in a press release about the trip.225 On one of these trips, participants were also taken to meet the assistant president of the MSS’s University of International Relations.226 In 2019, Australia’s Trade Minister also gave a speech at the think tank.227

Aside from using the WRSA to engage with think tanks and scholars, united front figures have established and funded overseas think tanks. Thai united front figure Dhanin Chearavanont (谢国民), who is regularly given the seat of honour at major united front events, established Georgetown University’s Initiative for US–China Dialogue on Global Issues.228 A foundation run by Tung Chee-hwa (董建华), a vice chair of the CPPCC and former chief executive of Hong Kong, has funded research at several prominent American think tanks, including the Brookings Institution and the Center for Strategic and International Studies.229 The University of Texas turned down funding from the foundation after commentators highlighted Tung’s united front links.230

Chinese students and scholars associations

Overseas Chinese students, as well as returnees from abroad, have long been a target of united front work. This was reiterated in 2015 when Xi Jinping designated them a ‘new focus of united front work’.231 These efforts seek to maintain the CCP’s influence over Chinese students even when they are overseas and ensure that some can be mobilised when needed.

Chinese students and scholars associations (CSSAs) are the primary platform for united front work on overseas students. Most CSSAs operate under the guidance of Chinese embassies and consulates.232

A 2013 People’s Daily article describes Australian CSSAs as ‘completing their missions … under the direct guidance of the Embassy’s Education Office’.233 Globally, they have become the dominant bodies claiming to represent Chinese students at universities. At the same time as they provide useful services to students, CSSA executives have also been found reporting on dissident students, organising rallies and promotional events in coordination with the Chinese Government and its talent recruitment programs, and enforcing censorship.234

CSSAs primarily interact with Chinese Ministry of Education officials, but there’s evidence that this is a form of united front work carried out by the Ministry of Education. For example, Korea University’s CSSA claims on its website that the UFWD is responsible for ‘overall guidance on overseas student associations’.235 This is supported by a 2013 statement made by China’s Ambassador to Australia, who urged ‘outstanding CSSA cadres’ to study Xi Jinping’s remarks on the 100th anniversary of the founding of the UFWD-run WRSA.236 A UFWD deputy bureau chief was posted as the education attaché in Chicago between 2013 and 2016, indicating substantial overlap between the work of Chinese education officials abroad and UFWD cadres.237 In 2011, the UFWD led a delegation of Ministry of Education and university officials to the UK to study the establishment of associations for Chinese students, meeting with the chairman of the CSSA-UK.238 The CSSA-UK, a peak body for Chinese students in the UK, is a member organisation of the WRSA.239

Recommendations

Responses to united front work must engage governments, civil society and ethnic Chinese communities. They should seek to couple punitive measures for agents of interference with a positive agenda of support for and engagement with communities affected by united front work. Effective efforts to counter foreign interference are essential to protect genuine participation in politics by ethnic Chinese citizens. Counter-interference work can complement engagement with the PRC when carried out properly by helping to ensure that it aligns with national interests and isn’t used as a platform for interference.

This report recommends that governments pursue the following measures.

1. Recognise and understand the problem

  • Carry out detailed studies of united front work across the country as well as in specific sectors or regions.
  • Develop analytical capacity in government and the private sector for tracking and responding to foreign interference.

2. Develop high-level guidance and policy on countering foreign interference, issuing statements, policy documents and funding to establish it as a priority across relevant parts of the bureaucracy

3. Raise awareness of united front work and foreign interference

  • Effectively implement transparency-building measures such as the Foreign Influence Transparency Scheme.
  • Political leaders should improve how they frame efforts to counter foreign interference, making clear that they are not targeting minority communities, and seek to publicly attribute major cases of foreign interference.
  • Intelligence agencies should produce regular case studies and public reports on political interference threats, naming and describing the activities of major actors.
  • Intelligence agencies should increase their outreach to influential figures, such as retired politicians.
  • Expand intergovernmental channels for discussing foreign interference.

4. Ensure that legislation, resourcing and political will exist to build transparency and prosecute agents of interference

  • Existing laws and policies on espionage, foreign agents, external employment, conflicts of interest and foreign interference must be enforced.
  • Laws that introduce criminal offences for foreign interference and seek to expand transparency, such as registers of foreign agents, should be introduced and refined.
  • Ban foreign political donations where they are currently permitted.
  • Introduce real-time reporting of political donations.

Agencies responsible for investigating and prosecuting cases of interference must be sufficiently resourced.

  • Ban accepting support from or providing material support to foreign interference agencies (in addition to intelligence and security agencies).
  • Australia should reform its defamation laws, such as by introducing a national security defence.
  • The Australian Public Service should introduce and enforce a unified conflict of interest and external employment policy.

5. Protect those exposing interference

  • Police should be trained to handle and respond to politically motivated stalking and harassment.
  • Establish and promote reporting mechanisms for foreign interference.

6. Engage with universities to develop responses to related issues, such as monitoring and mobilisation by Chinese Government-backed student associations, technology transfer, economic coercion and censorship

7. Support and engage Chinese diaspora communities

  • Politicians and public officials should seek to engage with independent Chinese community groups and avoid legitimising united front groups and figures.
  • Politicians and public officials should ensure that they use precise language that distinguishes between ethnic Chinese communities, Chinese citizens and the Chinese Communist Party, as explained in John Fitzgerald’s report for ASPI’s International Cyber Policy Centre, Mind your tongue.240
  • Support new and independent Chinese community groups.
    • Emerging independent Chinese civil society groups must be priorities for protection from interference.
  • Security, migration and homeland affairs agencies should hold workshops and produce targeted, multilingual informational materials on interference.
  • Support independent Chinese-language media.
    • Ensure the independence of government Chinese-language media, such as Australia’s SBS Mandarin.
    • Award grants to independent Chinese-language media.
    • Place government notices in independent Chinese-language media outlets as a way to provide advertising funding to them.
    • Pay for local outlets to have the right to republish articles from independent Chinese-language media outlets in Hong Kong or Taiwan.
    • Establish scholarships for Chinese students to study journalism.
  • Explore ways to ensure freedom of speech and freedom from surveillance on WeChat, including through legislation.

8. Build expertise on China, Chinese people, the CCP and foreign interference

  • Commission and sponsor research on foreign interference and the CCP.
  • Fund research institutions to establish courses and workshops on foreign interference and the CCP.
  • Invest in greater Chinese-language training in schools, universities and government.

9. Deny visas for or expel agents of foreign interference

  • Visa applications by united front system officials and united front figures should be approached with a presumption of denial.
  • Foreign nationals, including diplomats, shown to have been involved in foreign interference should be expelled.

Appendix 1: Leaders of the United Front Work Department

You Quan (尤权)

Member of the Central Secretariat and UFWD minister (2017 – present); probably deputy head of the Central United Front Work Leading Small Group

  • Born in Hebei Province in January 1954
  • Party Secretary of Fujian Province (2012–2017)
  • Deputy secretary-general of the State Council (2008–2012)
  • Chairman of the State Electricity Regulatory Commission (2006–2008)

Ba Te’er (巴特尔)

UFWD deputy minister; vice chairman of the CPPCC; director of the State Ethnic Affairs Commission (2016 – present); member of the Central Committee

  • Born in Liaoning Province in 1955
  • Ethnic Mongolian
  • Deputy Party Secretary of Inner Mongolia (2009–2016)

Zhang Yijiong (张裔炯)

UFWD senior deputy minister (2012 – present), overseeing the day-to-day operation of the department; member of the Central Committee

  • Born in Shanghai in 1955
  • Worked in Qinghai Province from 1972 to 2006
  • Deputy Party Secretary of Tibet (2006–2010)
  • Secretary of the Political and Legal Affairs Commission of Tibet (2010)

Xu Yousheng (许又声)

UFWD deputy minister; director of the State Council Overseas Chinese Affairs Office (2018 – present); member of the Central Committee

  • Born in Fujian Province in 1957
  • Apart from a period in the Party Committee of Hunan Province (2012–2017), has worked mostly in the Overseas Chinese Affairs Office since 1982

Xu Lejiang (徐乐江)

UFWD deputy minister; party secretary and senior deputy chairman of the All-China Federation of Industry and Commerce (2017 – present); member of the Central Committee

  • Born in Shandong Province in 1959
  • Worked in China Baowu Steel Group, one of the world’s largest steel manufacturers from 1982 to 2016; chairman and party secretary from 2014 to 2016
  • Ministry of Industry and Information Technology vice minister (2016–2017)

Wang Zuo’an (王作安)

UFWD deputy minister (2018 – present); director of the State Administration for Religious Affairs

  • Born in Jiangsu Province in 1958
  • UFWD policy researcher (1983–1987)
  • State Administration for Religious Affairs official (1987–present)
  • Author of China’s religious issues and policies (中国的宗教问题和宗教政策) (2002

Tan Tianxing (谭天星)

UFWD deputy minister (2018 – present), responsible for international united front work.

  • Born in Hunan Province in 1963
  • Worked in the Overseas Chinese Affairs Office and the All-China Federation of Returned Overseas Chinese from 1991 to 2018
  • Attaché at the Chinese Embassy in Washington DC (1998–2002)
  • PhD in history from Peking University (1991)
  • Author of Reflections on history (历史的思考) (2015)

Shi Jun (侍俊)

UFWD deputy minister (2018 – present); director of the Office of the Central Coordinating Small Group on Xinjiang Work (中央新疆工 作协调小组).

  • Born in Jiangsu Province in 1962
  • Worked in Sichuan Province from 1978 to 2016
  • Party Secretary of Ngaba County (2007–2012); oversaw a crackdown on Tibetan Buddhism that led to a wave of self-immolations
  • Sichuan Province Public Security Bureau chief (2013–2015)
  • Central Political and Legal Commission deputy secretary-general (2016–2017)
  • Ministry of Public Security vice minister (2017–2018)

Zhou Xiaoying (周小莹)

Central Commission for Discipline Inspection representative in the UFWD (2018 – present); member of the Central Committee

  • Born in Yunnan Province in 1960
  • Worked in Qinghai Province (1975–2008)
  • Central Commission for Discipline Inspection representative in the State Ethnic Affairs Commission (2016–2018)

Zou Xiaodong (邹晓东)

UFWD vice minister (2018 – present); National People’s Congress delegate; responsible for united front work on intellectuals, scientists and universities

  • Born in Shandong Province in 1967
  • Worked and studied at Zhejiang University (1984–2018), apart from a period as deputy director of the Zhejiang Provincial Organisation Department (2016–2017)
  • Party Secretary of Zhejiang University (2017–2018)

Sources: All information and images taken from the UFWD’s website, online or Joske, The Central United Front Work Leading Small Group: institutionalising united front work, Sinopsis, 23 July 2019, online.

Appendix 2: National-level social organisations run by the UFWD or its subordinate agencies

The Ministry of Civil Affairs’ database of officially registered social organisations recorded the groups listed here in August 2019.241 These groups claim to be NGOs but are registered under various united front agencies.

On 11 August 2019, in addition to the organisations listed here, the Ministry of Civil Affairs database also recorded 5,432 organisations registered to local religious affairs bureaus, 3,089 registered to local UFWDs, 324 registered to local returned overseas Chinese federations (归国华侨联合会 )and 288 registered to local overseas Chinese affairs offices (侨务办公室).

Registered under the United Front Work Department

  • China Warmth Project Foundation (中华同心温暖工程基金会)
  • Elion Green Foundation (亿利公益基金会)
  • Oceanwide Foundation (泛海公益基金会)
  • China Overseas Study Talent Development Foundation (中国留学人才发展基金会)
  • Across the Strait Taiwanese Exchange Association (两岸台胞民间交流促进会)
  • China Foundation for Guangcai Program (中国光彩事业基金会)
  • China Glory Society (中国光彩事业促进会)
  • China Association for Preservation and Development of Tibetan Culture (中国西藏文化保护与发展协会)
  • China Sun Yat-sen Cultural Exchange Association (中华中山文化交流协会)
  • China Civil Chamber of Commerce (中国民间商会)
  • Wu Zuoren International Foundation of Fine Arts (吴作人国际美术基金会)
  • China Council for the Promotion of Peaceful National Reunification (中国和平统一促进会)
  • Alumni Association of the Huangpu Military Academy (黄埔军校同学会)
  • China Overseas Friendship Association (中华海外联谊会)
  • China Association of Zen Tea (中国茶禅学会)
  • China Research Association of the 1911 Revolution (中国辛亥革命研究会)
  • Chinese Private Economy Research Association (中国民营经济研究会)
  • Chou Pei-yuan Foundation (周培源基金会)
  • China United Front Theory Research Association (中国统一战线理论研究会)
  • Taiwan Scholar Association (台湾同学会)
  • Western Returned Scholars Association / Overseas-educated Scholars Association of China (欧美同学会/中国留学人员联谊会)
  • China Siyuan Foundation for Poverty Alleviation (中华思源工程扶贫基金会)

The UFWD also runs the All-China Federation of Industry and Commerce (中华全国工商业联合会), the All-China Federation of Taiwan Compatriots (中华全国台湾同胞联谊会), the China Soong Ching Ling Foundation (中国宋庆龄基金会) and the China Vocational Education Association (中华职业教育 社); however, these are referred to as ‘united front system work units’ and are not social organisations registered under the Ministry of Civil Affairs.242

Registered under the State Administration for Religious Affairs

  • Buddhist Compassion Relief Tzu Chi Foundation (慈济慈善事业基金会)
  • China Religious Culture Communication Association (中华宗教文化交流协会)
  • Buddhist Association of China (中国佛教协会)
  • Bishops Conference of the Catholic Church in China (中国天主教主教团)
  • National Committee of Three-Self Patriotic Movement of the Protestant Churches in China (中国基督教三自爱国运动委员会)
  • China Christian Council (中国基督教协会)
  • China Islamic Association (中国伊斯兰教协会)
  • Chinese Patriotic Catholic Association (中国天主教爱国会)
  • Taoist Association of China (中国道教协会)
  • Young Men’s Christian Association of China(中华基督教青年会全国协会 )
  • Young Women’s Christian Association of China (中华基督教女青年会全国协会)

Registered under the All-China Federation of Industry and Commerce

  • China Cultural Chamber of Commerce for the Private Sector (中国民营文化产业商会)
  • National Federation of Industry and Agriculture Industry Chamber of Commerce (全联农业产业商会)
  • China Chamber of Commerce for Metallurgical Enterprises (全联冶金商会)
  • China Environment Service Industry Association (全联环境服务业商会)
  • China Real Estate Chamber of Commerce (全联房地产商会)
  • China Education Investors Chamber of Commerce (全联民办教育出资者商会)
  • China International Chamber of Commerce for the Private Sector (中国民营经济国际合作商会)
  • China Science and Technology Equipment Industry Chamber of Commerce (全联科技装备业商会)
  • China Mergers and Acquisitions Association (全联并购公会)
  • Chamber of Folk Culture Artefacts and Artworks (全联民间文物艺术品商会)
  • China Book Trade Chamber of Commerce (全联书业商会)
  • China New Energy Chamber of Commerce (全联新能源商会)
  • China Chamber of Tourism (全联旅游业商会)
  • China Urban Infrastructure Chamber of Commerce (全联城市基础设施商会)
  • China–Africa Business Council (中非民间商会)

Registered under the Chinese People’s Political Consultative Conference

  • Silk Road Planning Research Center (丝路规划研究中心)
  • China Institute of Theory on the Chinese People’s Political Consultative Conference (中国人民政协理论研究会)
  • China Economic and Social Council (中国经济社会理事会)
  • China Committee on Religion and Peace (中国宗教界和平委员会)

Registered under the Overseas Chinese Affairs Office

  • China Overseas Exchange Association (中国海外交流协会)—now merged with China Overseas Friendship Association
  • China World Association for Chinese Literatures (中国世界华文文学学会)
  • Alumni Association of Huaqiao University (华侨大学校友会)
  • Heren Foundation (河仁慈善基金会)
  • China Language Education Foundation (中国华文教育基金会)

Registered under the All-China Federation of Returned Overseas Chinese

  • Overseas Chinese History Society of China (中国华侨历史学会)
  • Jinlongyu Charity Foundation (金龙鱼慈善公益基金会)
  • Silijiren Foundation (思利及人公益基金会)
  • Huang Yicong Charity Foundation (黄奕聪慈善基金会)
  • China Federation of Overseas Chinese Entrepreneurs (中国侨商联合会)
  • Overseas Chinese Charity Foundation of China (中国华侨公益基金会)
  • Overseas Chinese Literature and Art Association (中国华侨文学艺术家协会)
  • China Society of Overseas Chinese Photographers (中国华侨摄影学会)
  • China Association for International Cultural Exchanges with Overseas Chinese (中国华侨国际文化交流促进会)

Registered under the State Ethnic Affairs Commission

  • Alumni Association of the High School Affiliated to Minzu University of China (中央民族大学附中校友会)
  • Minzu University of China Alumni Association (中央民族大学校友会)
  • Chinese Association for Mongolian Studies (中国蒙古学学会)
  • China Ethnic Medicine Association (中国民族医药协会)
  • China Promoting Minority Culture & Art Association (中国少数民族文化艺术促进会)
  • Nationalities Unity and Progress Association of China (中华民族团结进步协会)
  • National Architecture Institute of China (中国民族建筑研究会)
  • Association for Promotion of West China Research and Development (中国西部研究与发展促进会)
  • China Ethnic Minorities’ Association for External Exchanges (中国少数民族对外交流协会)
  • Chinese Association for Ethnic Policy (中国民族政策研究会)
  • Korean-Chinese Scientists and Engineers Association (中国朝鲜族科技工作者协会 / 중국조선족과학기술자협회)
  • China Korean Language Society (中国朝鲜语学会)
  • Taiwanese Ethnic Minorities Research Association (台湾少数民族研究会)
  • China Association for Preservation of Ethnic Minorities’ Relics (中国少数民族文物保护协会)
  • China Korean Minority History Association (中国朝鲜民族史学会)
  • Academic Society of the History of Philosophical and Social Ideas in Chinese Minorities (中国少数民族哲学及社会思想史学会)
  • China Union of Anthropological and Ethnological Sciences (中国人类学民族学研究会)
  • China Mongolian Studies Association (中国蒙古语文学会)
  • Economic Promotion Association of Longhai & Lanxin Railway (陇海兰新经济促进会)
  • Research Association of Bilingual Education for Chinese Minorities (中国少数民族双语教学研究会)
  • China Association of Ethnic Economy (中国少数民族经济研究会)

Citations and Notes

Readers are urged to download the report PDF for the full list of citations and notes.

Acknowledgements

I would like to thank Peter Mattis, John Garnaut, Lin Li, Jichang Lulu, Clive Hamilton, Robert Suettinger, Danielle Cave, Michael Shoebridge, Peter Jennings, Fergus Hanson, Fergus Ryan, Matt Schrader and Gerry Groot for their feedback and insights. In particular, Peter Mattis helped formulate the concept for this paper and I benefited enormously from related discussions with him. I would also like to thank Nathan Ruser for creating the map in Figure 4.

The Ministry of Foreign Affairs of the Kingdom of the Netherlands provided ASPI with AUD80,000 of funding, which was used towards this report.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber and emerging technologies and their impact on broader strategic policy. The ICPC informs public debate and supports sound public policy by producing original empirical research, bringing together researchers with diverse expertise, often working together in teams. To develop capability in Australia and our region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises both in Australia and overseas for both the public and private sectors. The ICPC enriches the national debate on cyber and strategic policy by running an international visits program that brings leading experts to Australia.

The work of ICPC would be impossible without the financial support of our partners and sponsors across government, industry and civil society.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published June 2020.

ISSN 2209-9689 (online), ISSN 2209-9670 (print)

  1. In 2019, I studied and discussed the concept of the united front system together with Peter Mattis, then a visiting fellow at ASPI, and am deeply indebted to him for his analysis and insight on this issue. ↩︎
  2. The Australian Security Intelligence Organisation Act 1979 (online) defines acts of foreign interference as activities taken on behalf of or in collaboration with a foreign power that involve a threat to any person or are clandestine or deceptive and carried out for intelligence purposes, for influencing government or political processes, or are otherwise detrimental to Australia’s interests. ↩︎
  3. Xi Jinping, ‘Secure a decisive victory in building a moderately prosperous society in all respects and strive for the great success of socialism with Chinese characteristics for a new era’, speech delivered at the 19th National Congress of the CCP, 18  October 2017, online; See, for example, a former head of the CCP International Liaison Department’s comparison between domestic united front work and the CCP’s interactions with political parties around the world, discussed in Martin Hala, Jichang Lulu, The CCP’s model of social control goes global, Sinopsis, 20 December 2018, online. Julia Bowie and Nathanael Callan of the Center for Advanced China Research have also argued that China is offering the Chinese People’s Political Consultative Conference (CPPCC), the primary platform for the United Front, as a political model for other countries. See Julia Bowie, Nathanael Callan, China’s ‘new type of party system’: a ‘multiparty’ system for foreign consumption, Center for Advanced China Research, 21 August 2018, online. ↩︎
  4. This point has also been made by independent researcher Jichang Lulu. See Jichang Lulu, Repurposing democracy: The European Parliament China Friendship Cluster, Sinopsis, 26 November 2019, online. ↩︎
  5. Guo Lunde [郭伦德], ‘习近平引领统战工作进入新时代’ [Xi Jinping leads united front work into the new era], www.tibet.cn, 12 December 2017, online. ↩︎
  6. ‘海 外 华媒为战“疫”加油!’ [Overseas Chinese media cheers us on in the battle against the virus], ACFROC, 10 March 2020, online; ‘旅日侨团及华商华企侧援祖国疫情阻击战’ [Overseas Chinese groups in Japan as well as Chinese businesspersons and companies help the Fatherland’s battle against the virus], ACFROC, 7 February 2020, online; ‘悉尼华星艺术团团长余俊武:把抗疫之爱讲给世界听’ [Sydney Huaxing Arts Troupe leader Yu Junwu: Let the whole world hear our love in fighting the virus], ACFROC, 7 May 2020, online. ↩︎
  7. ‘中国侨联关于号召海内外侨胞为打赢“新型冠状病毒感染的肺炎”防控阻击战捐赠款物的倡议书’ [Proposal from the All‑China Federation of Returned Overseas Chinese on rallying overseas and domestic Chinese compatriots for donations to achieve victory in the battle to prevent and stop the pneumonia spread by a novel coronavirus], Consulate‑General of the People’s Republic of China in Melbourne, 26 January 2020, online; ↩︎
  8. ‘中共中央印发《深化党和国家机构改革方案》’ [The CCP Central Committee issues ‘plan for deepening the party and state’s institutional reform’], Xinhua, 21 March 2018, online. ↩︎
  9. Other forms of influence work carried out by the CCP, such as that carried out by the International Liaison Department, might not sit within the united front system, but can be described as using ‘united front tactics’ when they draw on the doctrines and principles of united front work. For example, united front tactics could involve the heavy use of front organisations and proxies, an emphasis on claiming representative power, and an emphasis on building interpersonal relationships with key representatives of targeted groups. Most Chinese party and state agencies run united front‑style groups that serve to co‑opt civil society and act as proxies for the CCP. For example, the International Liaison Department runs the Chinese Association for International Understanding (中国国际交流协会). ↩︎
  10. The Cultural Revolution may have been the only extended period in which the party’s united front work largely stopped. ↩︎
  11. ‘中共中央印发《深化党和国家机构改革方案》’ [The CCP Central Committee issues ‘plan for deepening the party and state’s institutional reform’], Xinhua. ↩︎
  12. ‘关于“民主的联合战线”的议决案’ [About the ‘democratic united front’ decision], 中国共产党历次全国代表大会数据库 [Database of the CCP’s congresses], n.d., online. ↩︎
  13. ‘西安事变的由来’ [Origins of the Xi’an Incident], 中国统一战线新闻网[China United Front Online], 8 May 2014, online; 党政干部统一战线知识读本 [Party and government cadre: united front knowledge reader], 华文出版社 [Huawen Press], 2014, 35. ↩︎
  14. China’s eight minor parties were formed in the years before 1949, but are all socialist and have ‘accepted the leadership of the Chinese Communist Party’. For a detailed study of these parties and the United Front, see Gerry Groot’s Managing transitions, 2004. The eight minor parties are the Jiusan Society, the China Democratic League, the China National Democratic Construction Association, the China Association for Promoting Democracy, the Chinese Peasants’ and Workers’ Democratic Party, the Revolutionary Committee of the Chinese Kuomintang, the China Zhi Gong Party, and the Taiwan Democratic Self‑Government League. These parties have different constituencies; for example, the China Zhi Gong Party was established in San Francisco as an alliance of overseas secret societies, and its members are overseas and returned overseas Chinese. See ‘中国共产党领导的多党合作是我国政治制度的一个特点和优点’ [Our country’s political system of multiparty cooperation under the CCP’s leadership is a special characteristic and advantage], 中央统战部网站[Central United Front Work Department], 8 January 2009, online; ‘中国共产党领导的多党合作和政治协商制度’ [The system of political consultation and multiparty cooperation under the leadership of the CCP], 中国政府网综合 [PRC Government Online], 27 July 2017, online. ↩︎
  15. Gerry Groot, ‘Managing transitions: the Chinese Communist Party’s united front work, minor parties and groups, hegemony and corporatism’, PhD thesis, December 1997, online, 332–334. ↩︎
  16. Groot, ‘Managing transitions: the Chinese Communist Party’s united front work, minor parties and groups, hegemony and corporatism’, 329, 340–341. ↩︎
  17. 党政干部统一战线知识读本 [Party and government cadre: united front knowledge reader], Huawen chubanshe, 2014, 80–104. ↩︎
  18. See Groot, ‘Managing transitions: the Chinese Communist Party’s united front work, minor parties and groups, hegemony and corporatism’, 156–163, for a discussion of the CPPCC’s creation in 1948. ↩︎
  19. Officially, the consultative system is ‘a democratic form and an institutional channel through which many things can be discussed and negotiated in a proper way’. See ‘What is a “new type of party system”?’, China.org.cn, 23 March 2018, online; In 2012, an American united front group specialising in educational exchanges even held what it claimed to be the world’s first ‘model CPPCC’ event: ‘Recap: The Ameson Foundation holds world’s first model CPPCC event’, Ameson, 2 August 2012, online. ↩︎
  20. ‘人民政协的组成和性质’ [The CPPCC’s make‑up and character], CPPCC, 14 September 2011, online. ↩︎
  21. Hu Zhi’an [胡治安], ‘知名民主人士的中共党籍问题’ [The issue of CCP membership of well‑known democratic figures], Yanhuang chunqiu, online; Xiao Yu [萧雨], ‘解密时刻: 统战内幕—前中共干部亲述’ [Declassified moment: inside the United Front—a former CCP cadre’s own account], Voice of America, 23 June 2017, online. ↩︎
  22. ‘中国共产党的对外交往——访中联部原部长朱良’ [The CCP’s external engagement—interview with former International Liaison Department minister Zhu Liang], China National Radio, n.d., online; European scholars Martin Hála and Jichang Lulu have called the International Liaison Department a ‘new comintern’, expanding its activities to foreign ‘bourgeois’ parties: Martin Hála, Jichang Lulu, A new Comintern for the new era: the CCP International Department from Bucharest to Reykjavik, Sinopsis, 16 August 2018, online. ↩︎
  23. Zhong Sheng, [钟声], ‘Op‑ed: China’s new type of party system enlightens world’, People’s Daily, 12 March 2018, online. ↩︎
  24. Toshi Yoshihara, A profile of China’s United Front Work Department, Center for Strategic and Budgetary Assessments, May 2018, 46–48, online. ↩︎

A Pacific disaster prevention review

Disaster risk reduction is a global policy issue. Reducing the likelihood and severity of damage and related cascading and cumulative impacts from natural hazards has become central to all nations and   has triggered the  evolution of international cooperation, multilateral responses and humanitarian aid efforts over many years.

The nexus between natural hazards and vulnerability is central to appreciating the scale of the damage caused by large disasters and resultant sociotechnical impacts. Multilateral efforts to mitigate the impacts of weather and climate hazards have progressed over time.  The Yokohama Strategy for a Safer World: Guidelines for Natural Disaster Prevention, Preparedness and Mitigation was a harbinger for the Hyogo Framework for Action, which emphasised building the resilience of communities and nations to the effects of disasters, and the Sendai Framework for Disaster Risk Reduction as the current flagship of unified effort.

Pacific island countries (PICs) have long been affected by weather-related disasters. Many PICs have been listed among the top 10 most disaster-prone countries in the World Risk Index over several years. In addition to damaging winds a convergence of flash flooding, king tides and high intensity rainfall contributed to damage to essential services, food supply and displacement of people across island economies. 

This year marks the fifth year of applying the Sendai Framework to Disaster risk reduction efforts globally – completing one-third of the Framework’s operational life cycle.  It seems an opportune time to take stock of the challenges faced by selected PICs in incorporating guidance from the Sendai Framework into policy, legislation and practice.  

This report details independent views on challenges to implementing the Sendai Framework in eight Pacific economies.  It does not pursue an in-depth analysis of constraints or impediments to implementation of the framework but seeks to present independent views on the ‘fit’ of the Sendai Framework to local needs in a general context of the Four priorities central to the Framework.

It hoped that it can contribute to ongoing discussion and thought about important issues in a vibrant yet vulnerable region.

Winning hearts and likes

How foreign affairs and defence agencies use Facebook

What’s the problem?

For defence and diplomacy, digital media, and specifically social media, have become an unavoidable aspect of their operations, communications and strategic international engagement, but the use of those media isn’t always understood or appreciated by governments.

While the Department of Foreign Affairs and Trade (DFAT) and the Department of Defence (DoD) both use social media, including accounts managed by diplomatic posts overseas and by units of the ADF, both departments can improve how they reach and engage online. It’s important to note, however, that their use cases and audiences are different. DFAT’s audience is primarily international and varies by geographical location. Defence has a more local audience and focus.

More importantly than the content, online engagement is dependent on the strength of the ties between the senders or sharers and the recipients of the content. For both departments, improving those online ties is vital as they seek to influence.

What’s the solution?

The Australian Government should use social media far more strategically to engage international audiences—particularly in the diplomatic and defence portfolios. Both DFAT and Defence should review outdated digital strategies, cross-promote more content and demonstrate transparency and accountability by articulating and publishing social media policies.

Both departments should create more opportunities for training and the sharing of skills and experiences of public diplomacy staff. They should refrain from relying solely on engagement metrics as success measures (that is, as a measure of an individual’s, usually senior staff’s or heads of missions’, level of ability or achievement).

Instead, by changing the emphasis from the producers of social media content to the audiences that interact with it, the engagement data can be usefully regarded as a proxy for attention and interest. This can tell us what kinds of audiences (mostly by location) are engaged, and what types of content they do and don’t engage with. This information indicates the (limited) utility of social media; this should guide online engagement policy.

This report also highlights and recognises the value of social media for the defence community — especially as a means of providing information and support for currently serving personnel and their families—by supporting the use of Facebook for those purposes by all defence units.

DFAT should remove the direction for all Australian heads of mission overseas to be active on social media. While this presence is indeed useful and boosts the number of global government accounts, if our ambassadors aren’t interested in resourcing those accounts, the result can be sterile social media accounts that don’t engage and that struggle to connect with publics online. Instead, both departments should encourage those who are interested in and skilled at digital diplomacy to use openness, warmth and personality to engage.

Introduction: the global rise of Facebook

This report examines DFAT’s and the DoD’s use of one social media platform—Facebook—and evaluates current practices to identify how, where and for what purposes Facebook has impact. 

The focus on Facebook reflects the platform’s global reach and its popularity as an everyday, essential medium for accessing and sharing information. Besides notable exceptions (such as China), in most places (such as some Southeast Asian countries), Facebook is so popular that it’s often roughly synonymous with ‘the internet’. This is a symptom of the platform’s ubiquity and utility as well as a consequence of Facebook’s heavily promoted services, including the Free Basics internet access service, which provides limited online access via a Facebook application.1

In order to generate lessons learnt, this report makes comparisons between Australian Government pages and their counterparts in the US, the UK, New Zealand and Canada. The analysis of Facebook use for diplomatic purposes is based on 2016–17 data extracted from Facebook pages of the diplomatic missions of eight ‘publisher’ nations (the five that are the subject of this report, as well as India, Israel and Japan) in 23 ‘host nations’.2 More recent data couldn’t be used because access is no longer available, but a review of the pages suggests that the analysis stemming from the data extracted during that period remains relevant.

The underlying design of Facebook deeply influences and limits its use by publishers and users. The Facebook newsfeed—the most commonly used feature for getting regularly updated information — prioritises posts from accounts that are either closely associated through a history of user activity, including liking, sharing, commenting and messaging, or are boosted through paid promotion.

One of the main consequences is that the more a Facebook user interacts with content that they prefer, the more likely they are to receive that type of material in their newsfeeds, which they’re in turn more likely to interact with and so on. Successful content has emotional appeal, or is useful, and comes from a Facebook page that’s been frequented by the user or been shared with a close member of a user’s Facebook network of friends. As this cycle continues, Facebook ‘gets to know its users better and better’.3

In other words, it isn’t enough to make engaging (meaning fun, compelling or relevant) content. Online engagement is dependent on the strength of the ties between the senders or sharers and the recipients of the content, at least as much and very probably more than the nature of the content. Understanding this is vital for governments as they seek to influence online.

But, as a social media network, Facebook brings with it complications for public diplomacy and defence social media strategies. For example, Facebook’s utility is limited by its underlying algorithm architecture and the habits and preferences of individual Facebook users, which are influenced by in-country patterns of social media usage and internet access. These issues need to be factored into departmental communications policies and social media strategies.
 

Online content, classified

Facebook posts can be classified into four types, according to their apparent function or purpose: outward-facing publicity (including propaganda), inward-facing publicity, engagement, and diplomacy of the public.4 The categories often overlap: content may be both inward- and outward-facing, for example. An analysis of these four types of content can be very useful for creating a strategy for effective DFAT and DoD Facebook use.

1. Outward publicity

Outward-facing publicity is the most common. It’s characterised by its evident target being the broader public of the country in which it’s posted, or a section of that public, such as overseas students, potential immigrants or, less commonly, large expatriate populations. It therefore uses the language of the local population and locally popular themes and topics. Content varies but usually involves the provision of information, publicity for events, branding exercises or the posting of trivia (such as pictures of koalas). Posts can also be warm and personal and include one of the internet’s maligned features—cuteness.

The most popular Facebook post recorded during this research displays many of those features. It’s a video of two American embassy ‘diplokids’ playing the Indian national anthem on the occasion of India’s Independence Day.5 It’s been viewed 2.53 million times and shared more than 125,000 times (as of January 2020).

Many popular posts are practical and transactional, such as information about employment, scholarships, funding opportunities and visa applications. The US Embassy in Mexico, for example, published a series of videos outlining the procedures for various visa classes. The Australian Consulate in Hong Kong published a sequence of posts targeting Australian citizens in the lead-up to the 2016 Australian federal election with information about how to vote, and—taking advantage of Facebook’s potential to target specific audiences—paid to promote them.

Posts announcing employment opportunities at the embassy or consulate for locally engaged staff are consistently among the most popular, especially in small and developing countries. These posts can serve as more than mere job ads. One such post, on the American Facebook page in Iraq, prompted an enquiry via the comment feed from a potential applicant who feared he might be too old to apply. The American page administrator replied, assuring this applicant that his application would be welcome and reiterating American policies against age-based discrimination in a way that promoted US values and demonstrated respect for an older Iraqi man, which in return inspired several positive comments in the thread.

Other popular outward-facing promotional posts include commemorations on significant memorial days and on the occasion of tragedies such as natural disasters. Noting these days of significance on Facebook should out of respect be considered obligatory, as they largely appear to be. Posts announcing support in the aftermath of disasters are often very well received (as indicated by numbers of shares and supportive comments) and suggest that Facebook can have a useful role in promoting aid and relief efforts. For example, the Australian Embassy in Fiji posted about assistance efforts after Tropical Cyclone Winston in 2016; those posts had engagement figures in the thousands (the mean engagement figure for 2016 was 29).6

Facebook posts promoting military activity elicited significant support in other contexts. US Facebook posts in support of Iraqi soldiers serving as part of the American-led coalition against Daesh, for example, were widely shared and commented on, almost entirely positively.

How important are ambassadors and consuls-general as proponents of outward-facing publicity? The research suggests that they’re significant assets where they’re personable and relatable and embrace the community and nation where they’re posted. Speaking the local language, either proficiently or with evident effort, is a major asset. While most posts are typically published in the local language (often as well as in English), publishing videos of heads of mission speaking the language seems to have additional audience appeal. One of the few Australian Facebook pages that increased its levels of engagement from 2016 to 2017 was that of the Embassy in Paris. Australia’s Ambassador to France, Brendan Berne, a fluent French speaker, features in a number of posted videos, including media appearances and official speeches.

In one popular video post, Ambassador Berne introduced changes in Australian law to legalise same-sex marriage and then popped the question to his unsuspecting partner, Thomas.7 This was acknowledged as unorthodox but was a calculated risk that paid off, increasing the profile of the Ambassador and thereby providing him with further platforms, including popular mainstream broadcast media, on which to promote the bilateral relationship.

Former US Consul-General in Hong Kong, Clifford Hart, exemplified how the personal can empower public diplomacy, to the extent that he was known as Clifford Baby (or ‘Clifford BB’).8 His very popular farewell video post featured Hart reflecting in Cantonese on his favourite places and dishes in Hong Kong. The video also uses catchphrases from Stephen Chow (an iconic actor in Hong Kong), which, while meaningless for those unfamiliar with his work, carried immense appeal for Hong Kongers.

2. Inward-facing publicity

Inward-facing publicity is related to outward-facing publicity but has an internal focus by appealing to smaller audiences—perhaps the local diplomatic or government community or to (even more internal) colleagues in Barton, Foggy Bottom or Whitehall.

This content frequently features a staged, formulaic photo of ‘distinguished guests’ at an official event.

Anecdotally, it’s been made clear to me on a number of occasions that this type of content is regarded as important, to the extent that hours can be spent on its production—the text carefully parsed and often escalated up the chain for approvals.

Although these events have limited appeal, they have a specific value that isn’t evident in their typically low engagement metrics.9 They’re important for those people featured in the photo and at the event as a record and an acknowledgement of their participation, and for indicating their status by highlighting their access, but the limited broader appeal of the posts suggests that the resources devoted to them should be minimised.

Other types of posts are evidently not (or poorly) targeted at a broader local public. These posts are characterised by the negligible use of local language or cultural connections and an overt emphasis on topics and themes that are of minimal interest to local target populations and more aligned to internal or specialised interests.

Common examples include key messages from governments about matters that are perhaps of global significance and represent core national values or positions on international matters (such as an opinion on certain environmental or human rights issues) but do not, according to the engagement data, resonate locally. These types of posts do no harm and are probably useful as records of, and advocacy for, important international issues. However, if they’re resource intensive, they present a poor return on investment.

One example of content that’s, probably inadvertently, inward-facing is a series of podcasts produced by the Australian Embassy in South Korea using the time of very senior diplomatic officials and promoted on the Embassy’s Facebook page. The podcasts featured interviews in English with significant Australians, including senior government figures. The low engagement metrics on Facebook (and the modest listening figures via Soundcloud) are unsurprising: in a saturated media market it’s difficult to imagine the appeal of podcasts in English featuring guests who (although esteemed and accomplished) are of marginal interest to a Korean audience.

The podcasts weren’t an evidently effective way of engaging with a Korean audience and, after 28 episodes over 18 months, were concluded at the end of 2017. While here it’s characterised as unsuccessful, creativity and bravery in public diplomacy should be supported. The idea of using podcasts is one that has value and could be adopted elsewhere, perhaps targeting specific audiences such as potential international students or investors and promoted via a more professionally oriented platform, such as LinkedIn. The South Korean experiment has the obvious lesson that such efforts can be made more likely to have impact if they’re planned to connect to and target local audiences as well as conveying Australian views and expertise.

Analysis for this report reveals that both outward- and inward-facing publicity posts by DFAT and Defence vary greatly in the engagement rates they enjoy. It’s difficult to see a pattern, and most successful posts are probably a result of good luck, good management and additional localised idiosyncrasies. But the general sense is that audiences largely pay attention to content that’s useful and relevant for them, not necessarily what’s most important to the authors of the content.

3. Engagement

Engagement posts are far less common than publicity posts. This is a bit surprising, as social media has been lauded as a site for interaction, discussion and debate and for making connections.

Some recent scholarship has concluded that diplomats aren’t taking advantage of this potential due to ingrained, institutionalised resistance, based on norms for information control and risk aversion.10 As a probable factor, this report outlines another entrenched problem: Facebook, due to its algorithmic factors that prefer close ties or paid promotion, isn’t often a very good platform for two-way engagement.

There are, however, some excellent examples of how Facebook has been used by Australian diplomats to facilitate a limited yet effective type of engagement through photo competitions. One, in Timor-Leste, invited photographs that characterised and shared affection for that country, thereby demonstrating ‘relational empathy’.11 Another, in the Australian Office in Taipei, invited Taiwanese in Australia to submit photographs of their travels and experiences, resulting in Taiwanese participating in a kind of networked conversation with other Taiwanese about their positive experiences in Australia, via an Australian diplomatic Facebook page. These types of photo-based campaigns could be replicated elsewhere.

Both of these competitions take advantage of a key function of social media—the ability to share images and tag friends—to increase the reach of their content. This turns Facebook users into micro-influencers, quite powerful at a smaller scale, distributing and personally endorsing content in their networks. An obvious advantage is that the content is provided and driven by users, not government officials. The fact that the content providers are from the local community also makes the content itself likely to have local references and appeal.

4. The audience, themselves

The last type of content present on these Facebook pages isn’t authored by the account holders (the diplomats) but by the Facebook users themselves. Usually, this appears in the comments, which can easily veer off onto (some malicious but some benign, even useful) tangents. The US Embassy in Mexico, for example, posts information about visa applications that can prompt reams of comments that ask for advice about people’s precise circumstances. Many of the requests are responded to by other Facebook users, who are able to offer specific advice.

Examples like this underscore the key lesson about Facebook for public diplomacy: social media users are often active audiences and participants who make choices about what content they respond to and how they respond to it based upon how relevant, useful and appealing they find it. This fundamental conclusion is a core lesson for DFAT and similar agencies.
 

Engagement—by the numbers

Ranking nations according to metrics fuels the spurious idea that those nations might be in competition with each other for attention in the digital space. Instead, it’s evident that diplomacy per se is in competition with the practically limitless amount of material published from all manner of sources, much of it antithetical to the aim of international amity, and all diplomats could benefit by learning from each other’s experiences. Instead of treating them as a measure of success, engagement metrics can be useful means of approximating audience size and attention.

On average, the data (in Figures 1–4) indicates that the Facebook audience for the 23 US official diplomatic accounts reviewed is far larger than others, but is also relatively passive. In comparison, Australia’s audience is comparatively more active and engaged. But we should note that all the figures below are global averages, varying considerably by location (again suggesting that a global ranking is unhelpful). The variations between the locations (see Table 1) contain important insights about what types of useful content, and which audiences are more active and engaged, are consequently more valuable.

All the following data is based on the Facebook pages of official diplomatic posts (embassies, consulates and similar offices).12 They’re typically managed by diplomatic staff who are often not public diplomacy specialists and are usually on a 3–4 year posting, usually with considerable input by locally engaged staff.

Figure 1 is based on the numbers of page likes (people who have ‘liked’ a Facebook page) in the host country where an embassy or consulate is located. Figures 2–4 are based on the levels of engagement (reactions, comments, shares) with the content that those embassies and consulates posted on their Facebook pages.

Figure 1: Facebook page likes, January–February 2018 (total, users located in host country)

Note: This data is no longer downloadable from Facebook’s application programming interface due to restrictions introduced by Facebook in 2019. This is one of the ways Facebook has limited public access to data. For example, until early 2018, it was possible to extract data about the location (based on their Facebook profile) of Facebook page followers, making it feasible to analyse the percentage of followers who were located in the host country (that’s the figure used here) or who were located elsewhere, either based in the home country (probably mostly expats) or in a third country. This includes followers who are suspected to be bogus, either paid to follow through click farms or fake accounts attempting to appear real. See D Spry, ‘Facebook diplomacy, click farms and finding “friends” in strange places’, The Strategist, 7 September 2017, online.

Figure 1 is the total for all of the embassies and consulates counted (a list of them is included in Table 1). Figure 2 is the average figure per embassy or consulate.

Figure 2: Average engagement per Facebook page, January–February 2018

The large number of the US Facebook page likes/followers highlighted above results in a relatively high level of engagements per post but not more engagements per user. In the latter category, Australia leads; the US runs last.

Figure 3: Average engagement per Facebook post, January–February 2018

Figure 4: Average engagement per Facebook user, January–February 2018

Table 1 shows Facebook reach (the percentage of a country’s total Facebook users who are following an embassy or consulate Facebook page) for 23 countries. As per Figure 1 (and see endnote 11), these figures include only those Facebook users who are located (according to their profile) in the country where the embassy or consulate is based (for example, followers of the Australian Embassy in Dili who are based in Timor-Leste). The figures in Table 1 are the average figures for the five nations and can vary considerably. For example, for Timor-Leste the average for all five embassies is 10.495% but for Australia it’s considerably higher (approximately 35% when last checked; this is one of the few embassy Facebook pages that demonstrates significant growth).

Table 1 also demonstrates the correlations between Facebook reach and per capita GDP, population size and median age (see the appendix for the methodology). Also, countries that are closer or more strategically intertwined are more likely to follow embassy and consulate Facebook pages (for Australia, Timor-Leste; for the US, Mexico and Iraq). An important finding of this research for Australian officials is that Facebook appears to be more useful for public diplomacy in developing countries that are small, young and geographically close to Australia.

Table 1: Facebook reach across 23 countries via a selection of indicators

The metrics vary by orders of magnitude: in Timor-Leste (on average) a Facebook page will be followed by about 10% of the population who have Facebook accounts; in Myanmar, it’s about 2%; in Taiwan and New Zealand, it’s about 1 in 1,000; in the UK and Canada, it’s about 1 in 10,000. In other words, on average, a Facebook page in Timor-Leste is close to a thousand times more likely to have a local follower than one in the UK or Canada.

For Australian diplomatic posts, the contrast is even starker: in Timor-Leste, around 26% of the local Facebook population follow the Facebook page of the Australian Embassy in Dili; the equivalent in the UK is 0.01%; in Canada, 0.005%. Australia’s Facebook page in Timor-Leste is around 5,000 times more likely to have a local follower than in Canada.

The temptation is to see this as a measure of the performance of Australia’s staff in Dili, Ottawa and London. That temptation should be resisted—there are, as Table 1 suggests, demographic factors (age, size, wealth) to consider when seeking reasons for the large variations in Facebook reach.

These demographic correlations suggest that Facebook diplomacy’s ‘success’ (or, I would suggest, ‘relevance’) isn’t necessarily the result of the public diplomacy staff’s skills and endeavours but more likely a product of external factors: the popularity of Facebook as a means of accessing information among younger populations; a lack of competing sources of information in smaller countries (with smaller media industries); and the funnelling of users onto the Facebook platform in those countries (including Timor-Leste and Cambodia) where Facebook’s Free Basics service provides free but limited internet access.

This implies that, while a Facebook page may be an effective, even a primary, public diplomacy tool in some places, it won’t always be in others: therefore, resources and strategy can be adjusted accordingly. For example, it suggests that the Australian embassies in Dili, Port Moresby and other high-ranking Facebook locations should be supported and encouraged to use Facebook (as they appear to be successfully doing). The high commissions in London, Ottawa and similar locations should maintain a presence but not prioritise Facebook as a means of public diplomacy, as it isn’t an efficient communication channel.

Limitations of using Facebook for diplomacy

However, if these numbers look small enough to question the point of having a Facebook page in some locations at all, it gets worse: average posts prompt engagement from between 1 in 100 and 1 in 1,000 followers. This means that in the UK, for example, the reaction rate is about 1 in 1 million active Facebook users. While reaction rates don’t equate to reach (reach figures aren’t obtainable), they’re indicative of attention and interest, and also contribute to the organic (non-paid) spread of the content.

This is likely to get worse. Changes to the Facebook algorithm since 2014 have made it more difficult to reach large audiences unless content is promoted through paid boosts. This is reflected in the engagement metrics falling or flattening year-on-year in most locations, with a few exceptions.

Therefore, the argument for an active Facebook page shouldn’t rest on the average engagement metrics alone. Facebook posts, as long as they’re prepared using minimal resources, are low risk, low investment and usually low reward. But some posts are quite valuable, even in locations where there’s usually little engagement, potentially serving as an economical means to exert influence with small, but repeated, effects. An examination of the types of posts and the levels of engagement they receive offers some insights.

Defence’s use of social media

A review of available defence organisations’ policies and associated commentary outlines three general areas of social media use:

  1. personal use by personnel, whether or not on deployment or active duty, and their families
  2. professional use by personnel in matters relating to their employment, such as networking and communication for the purposes of professional development and knowledge sharing
  3. official use by personnel acting as representatives of the defence force and in pursuit of the defence force’s aims.

The first type—personal use—prompts concern among military forces for its potential to endanger military personnel and operations, or to damage the reputation of defence organisations. Those risks aren’t confined to official Facebook pages and are as likely to occur elsewhere; infringements are already covered under existing policies (such as preventing harassment and promoting operational and personal security). Posting on social media may bring infractions to light, meaning that they can be addressed, but also increases the risk of exposing the offending content to a wider audience before it can be deleted and the infraction contained.

The UK and US defence forces are especially active in promoting responsible social media use, including by publishing guidelines for personnel.

These concerns are counterbalanced by the capacity for social media to act as a means for military families and friends to stay in touch with loved ones while they’re on deployment. Also, as some American studies suggest, social media are especially beneficial for military spouses who form support networks based on their shared experiences and concerns.13

The second type of use—professional but unofficial use—is evidenced in limited ways on Facebook.

One example is the Facebook page for The Cove,14 a website set up for the purposes of promoting research for military professionals.

The third type, official use, is the focus of this report. The defence forces of the Five Eyes nations all operate numerous Facebook pages. In the case of the US, each branch of the armed services has at least hundreds (US Air Force), if not thousands (US Army), of Facebook pages.15 The pages representing each of the main branches have millions of followers, while pages at the level of operational units (regiments, battalions and the like) vary in size accordingly.

Unsurprisingly, the Facebook pages of the branches of the US military have followers (page likes) an order of magnitude larger than in other nations (Figure 5).

Figure 5: US main military Facebook page likes, March 2018

The militaries of the others have comparable numbers of page followers, but the British Army has a significantly larger cohort than the others (Figure 6).

Figure 6: Main military Facebook page likes, non-US, March 2018

Quantitative analysis of the defence forces’ Facebook pages indicates that they receive considerably more attention and engagement than their diplomatic counterparts. The average Australian diplomatic Facebook page is followed by about 0.02% of the Facebook population in the host country (the notable exceptions are Timor-Leste, 26%, and Papua New Guinea, 7%). The larger defence force pages are followed by a larger portion of the Australian Facebook population: Defence Jobs Australia (3.3%) and the Australian Army (2.4%).

The raw numbers are similarly stark. Defence Jobs Australia has close to half a million followers, the Australian Army more than 360,000, the RAAF more than 280,000 and the RAN more than 120,000. Those numbers increase daily.

The combined figure of the page likes of the ADF Facebook pages analysed for this report is 1.45 million, or close to 10% of the Australian Facebook population (although of course many Facebook users can follow multiple pages and some may come from overseas).

In comparison, major news programs have about 1.5–2 million Facebook followers, and the ABC News Facebook page has close to 4 million. News and magazine pages are the leading Facebook pages for engagement, averaging about 100,000 engagements per page per week; Defence pages averaged 45,000 in total. The Australian Army page alone received 12,500 engagements on average per week—comparable to the music industry average and above education, department stores and politics.16

Other nations’ pages are similarly popular. These figures suggest that Facebook is valuable for defence forces as a means of communicating to their publics. They also suggest that those publics are paying attention to these pages.

Why? Partly, the answer lies in the content posted on the pages and the ways that publics engage with it. Defence department Facebook pages differ from their diplomatic counterparts in important ways—chief among them is the nature of their audiences, which appear more domestic and more closely engaged. Partly, this arises out of the large numbers of current and former personnel and their friends and families. Also, in many democracies, publics have greater levels of emotional connection— trust,17 nostalgia, admiration—with militaries than with other parts of government (including foreign affairs agencies).

Official use of these Facebook pages includes a number of related functions. The main ones are:

  1. publicity, firstly in the sense of promoting the defence force’s values, achievements and legacies, as well as information for potential recruits, and secondly in the sense of maintaining the openness and transparency that (within the parameters of operational and personal security) are expected from defence forces of democratic nations
  2. information sharing with the defence force’s broader community of interest, including family and friends of serving personnel and veterans as well as other stakeholders (such as people residing near bases or training areas), and including sharing details about exercises and deployments
  3. commemorations, including notifications and memorials for service personnel who have died on deployment or exercises, celebrations and thanks for retiring senior service personnel, and days of significance, either national (such as Anzac Day) or specific to the defence force.

This report’s analysis suggests that Facebook performs each of those functions usefully and in ways other forms of media would find difficult. User engagement varies considerably across the Facebook pages analysed. Some general observations include the following:

  • Levels of engagement are generally higher than for public diplomacy pages. In particular, defence content is shared more and attracts more comments.
  • Content on smaller Facebook pages (such as regiment, brigade or group pages) has a higher level of engagement per capita, suggesting a smaller but more engaged user community.
  • Comments appear to be positive and supportive: they express admiration for defence personnel, thanks for service (especially for those who died on duty), patriotism and nostalgia.
  • Military hardware in use has considerable appeal—cinematographic and otherwise.
  • Defence forces are highly regarded for their service (the ‘trust factor’) as well as their embodiment of national identity.
  • Members of defence forces, and their families and loved ones, use defence Facebook pages to express and share emotions, including, commonly, pride and admiration.

Some important posts—including notices about mental health—attract less engagement because those topics are sensitive and Facebook is public. This is an example of how Facebook users are conscious of their online personas and tend to portray themselves cautiously. It isn’t an argument against the value of those posts, which are useful opportunities for defence forces to raise awareness of important issues and available support services.

In action and in memoriam: ADF pages

The ADF Facebook pages attracting the highest engagement fall into two main categories: accounts of activities undertaken by ADF personnel (including community undertakings, training, exercises, deployments and military action) and commemorations of days of significance, the loss of military lives, or both.

The most important commemorative day on the Australian calendar, Anzac Day, is also the dominant topic on Defence Facebook pages, appearing in the top five most engaged posts of all the larger pages.

An exception is the Chief of the Defence Force’s Facebook page, where the most popular posts are those commemorating the return to Australia of fallen Vietnam War veterans and the 20th anniversary of the loss of 18 Army personnel during a Black Hawk helicopter collision in 1996.

On the smaller, unit-level Facebook pages, in addition to Anzac Day, popular posts commemorate important battles in the history of the unit, such as Long Tan in the Vietnam War and Kapyong in the Korean War. Other popular Facebook posts noted Australia Day, Mothers’ Day, Fathers’ Day and Christmas, sometimes connecting them to personnel currently serving overseas.

The popularity of commemorative posts suggests that Facebook facilitates support for ADF personnel and traditions in a public, shareable forum. Anzac Day’s popularity among the larger Facebook pages implies that those pages enjoy widespread popularity, whereas attention to unit-specific commemorations in the smaller pages indicates their importance to those with closer ties to those units, including veterans and their families.

Some posts feature videos of ADF personnel using impressive military equipment. These have evident appeal for military aficionados and, according to the Defence Jobs Australia Facebook page metrics, for potential recruits.

Another popular type of post outlines current actions taken by the ADF. Examples of this type include HMAS Darwin’s seizure, under UN sanctions, of illicit weapons heading to Somalia; assistance provided by HMAS Canberra to Fiji following Cyclone Winston; and Operation OKRA: Strike Vision, involving F/A-18A Hornets destroying facilities operated by Daesh in central Iraq.

Other examples of popular Facebook pages featuring the ADF in action include graduations (the Australian Defence Force Academy), promotions and—especially at the unit level—posts showing personnel assisting local communities and charities.

Five-Eyes defence forces

Commemorations and actions are top posts in other defence forces’ Facebook pages. The US defence forces’ pages, in particular, are notable for their popular displays of military hardware as well as being sites of public, patriotic support for troops.

The most popular post on the US Army Facebook page, on the anniversary on the 6 June 1944 D-Day landings in Normandy, exemplifies this combination of patriotism and military memorialisation. The comments on this post further indicate the commemoration’s personal significance for veterans’ families.

These US Facebook pages demonstrate the significance of the military services and suggest how deeply they’re embedded in American culture, in family histories, national identity and popular culture. Popular UK posts similarly suggest the link between military service, family legacies, history and nationalism—in this case sometimes represented by the British royal family.

Although similar themes are evident in all defence force Facebook pages, some examples of popular content from UK, Canadian and New Zealand pages offer small but significant contrasts with Australian pages.

For example, a New Zealand Defence Force video of a ceremony at the Menin Gate memorial in Ypres, Belgium, featuring personnel performing the haka was shared more than 30,000 times,18 and the most popular New Zealand Navy Facebook post was a link to a news report on the first sailor to get a moko (a full-face traditional Maori tattoo; Figure 7).19 The popularity of these posts reflects support for Maori culture as an intrinsic and valued part of New Zealand and its defence forces.

Figure 7: New Zealand Defence Force personnel perform a haka at Menin Gate, Belgium

25 April 2017, online.

Popular Canadian Facebook posts also showcase diversity and personality. The Canadian Army’s most popular post pays tribute to an indigenous veteran, Sergeant Francis Pegahmagabow of Wasauksing First Nation, a highly decorated World War I scout and sniper.20 Other popular content includes videos of deployed personnel in a snowball fight in Poland,21 a light-sabre fight marking Star Wars Day (#MayTheFourthBeWithYou),22 a warning against venturing onto military property while chasing Pokémon23 (see cover image) and personnel wearing red stilettos to support domestic violence survivors (Figure 8).24

Figure 8: Members of 3rd Canadian Division taking part in the #WalkaMileInHerShoes fundraiser in downtown Edmonton

Source: 3rd Canadian Division, ‘Members of 3rd Canadian Division are taking part in the #WalkaMileInHerShoes fundraiser in downtown Edmonton’, Facebook, 21 September 2017, online.

Defence recruitment

The relative popularity of defence recruitment sites indicates the value of Facebook for promoting military careers. This use of Facebook differs from the pages of the main defence force branches or at unit level, as it’s more akin to advertising and promotion and less like a community site: more bulletin board than discussion boards. It’s likely that many of these posts have been promoted through paid boosts and advertising, which is a common and reasonable use of marketing budgets (Figure 9).

Figure 9: Defence force recruitment page likes, March 2018

Generally, the recruitment pages’ content appears to have similar appeal to the main pages. For example, the most popular posts on the Defence Force Australia page are a 360-degree view of a boat drop from the amphibious ship HMAS Canberra (the second most popular post on Australian defence Facebook pages) and Anzac Day 2016. 

The recruitment Facebook pages are also notable for the high number of posts by Facebook users. Between 20% and 30% of the posts on the Defence Force Australia, RAF and UK Royal Navy recruitment Facebook pages are by users. Many of these user posts are genuine requests about positions and recruitment procedures.

Defence social media policy and strategy

The ADF’s social media guidelines, policies and strategy documents are not public. The last publicly available external review of Defence’s use of social media was released in 2011. 

This aversion to publicness and openness contrasts with the position of DFAT, which has published its public diplomacy25 and digital media strategies26, as well as the defence force of Canada, which has published its social media strategy,27 the defence force of the UK, which has published social media guidelines,28 and the various US forces, which have each published numerous policy and guideline documents.29

The Canadian social media guidelines go so far as to promote transparency and accountability as ‘principles of participation’, aimed at meeting community standards of trust and confidence.

It’s unclear why the ADF doesn’t operate on similar principles.

Conclusion and recommendations

Facebook pages provide opportunities for defence forces to communicate to publics and, at least as importantly, for publics to express their gratitude, admiration and affection to defence forces.

In contrast, diplomatic Facebook pages are targeted at, and receive attention from, foreign publics. Compared to defence, diplomatic Facebook pages receive far less attention, but the levels of attention vary. Specifically, in countries that are smaller, younger, poorer and closer (such as Timor-Leste and Papua New Guinea), Facebook is, based on the data, an important means to inform—and engage with—general publics. Communications strategy should therefore prioritise Facebook in those countries by training personnel, allocating funds to content production and paying heed to the levels and nature of engagement by publics. Elsewhere, such as in Canada and the UK, Facebook is far less important and should be deprioritised in, but not eliminated from, public diplomacy strategies.

The strengths and limitations of Facebook’s usefulness are determined by its algorithm, which prioritises audiences’ pre-existing connections and optimises content that appeals to their needs and desires. It’s essential therefore that Defence and DFAT prioritise those audiences when determining if, when and how to make use of Facebook.

This report argues for a measured, more strategic use of social media. Specific solutions are as follows.

For diplomacy

  1. Review the digital media strategy to account for the location-based variability of Facebook’s usefulness and prioritise resources accordingly.
  2. Encourage diplomatic missions to develop, implement and review localised social media plans using the experience and expertise of locally engaged staff (providing training where required), and redefine the role of Australia-based staff to strategic oversight and governance.
  3. Remove the direction for all heads of mission to be active on social media; encourage those who are active on Facebook to use openness, warmth and personality to create relational empathy.
  4. Create opportunities for training and sharing the skills and experiences of public diplomacy staff.

For defence

  1. Demonstrate and promote transparency and accountability by publishing social media policies.
  2. Recognise the value of social media for the Defence community, especially as a means of providing information and support for currently serving personnel and their families, by supporting the use of Facebook for those purposes by all defence units.
  3. Continue Defence’s impressive work using Facebook as a platform for the community to express support for personnel and veterans, and maintain the dignified, sombre tone of the memorial content.

For diplomacy and defence

  1. Consider cross-promoting content. Defence pages reach the large national audience that diplomacy increasingly needs. Diplomatic Facebook pages—in some locations—provide opportunities for the ADF to promote its actions and values to international audiences, acting as a useful vector for strategic communication.
  2. Refrain from using engagement metrics as success measures for diplomats; use them as proxies for public attention in order to gauge how the value of Facebook varies according to audience type and location.
  3. Prioritise audiences’ use of social media when developing strategies, creating content and allocating resources.

Appendix: Methodology

This research focused exclusively on Facebook. While other social network platforms, especially Twitter, are also relevant, they lie outside the scope of this report.

The research used digital media research methods, which made it possible to gather and analyse large amounts of data indicating Facebook users’ engagement with online content, including which posts received more than average attention, through the examination of Facebook engagement metrics (likes, comments and shares).

This enabled analysis of Facebook users’ interests based on either the content (what types of posts receive the most attention) or the users (who was engaging with content). In turn, this suggested how social media are used and therefore how they can be useful.

The analysis of Facebook use for diplomatic purposes is based on 2016–17 data extracted from Facebook pages of the diplomatic missions of eight ‘publisher’ nations (the five that are the subject of this report, as well as India, Israel and Japan) in 23 ‘host’ nations.30 Restrictions imposed by Facebook in 2019 (and before 2018 data was extracted) mean this form of research isn’t currently replicable. The database used in this research is therefore unique; it’s available from the author.

Unlike the defence Facebook pages, the data for the diplomatic pages includes the location of those Facebook users who have followed the Facebook pages of the diplomatic mission. Again, this feature is no longer possible due to restrictions introduced by Facebook in early 2018, before the defence Facebook pages analysis was undertaken.

This report is based on data that accesses the Facebook application programming interface and obtains Facebook post and comment content (text, and links to images and video), as well as engagement data (reactions, including likes, comments, and shares). Analysis followed a two-stage, mixed-methods approach. First, quantitative data analysis identified trends and outliers. Second, identified outliers (such as high-performing pages and posts) were treated as key case studies and their content was considered more closely using methods based on qualitative media studies.

The analysis of the Facebook pages was contextualised and informed by an examination of publicly available policy and strategy documents as well as background discussion with several currently serving or former defence and diplomatic personnel from Australia and elsewhere. An important note: the engagement metrics are not, and shouldn’t be, considered as indicators of the ‘success’ of a particular Facebook page. Instead, they were used here as indicators of attention, and therefore as a means of assessing what content a specific page’s audience was more interested in and how it made use of that content.

Acknowledgements

The author would like to thank the members of the Australian and international defence and diplomatic communities for their informal advice and support, as well as for their dedication and professionalism. Any errors and all findings, conclusions and opinions contained herein are my responsibility.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber and emerging technologies and their impact on broader strategic policy. The ICPC informs public debate and supports sound public policy by producing original empirical research, bringing together researchers with diverse expertise, often working together in teams. To develop capability in Australia and our region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises both in Australia and overseas for both the public and private sectors. The ICPC enriches the national debate on cyber and strategic policy by running an international visits program that brings leading experts to Australia.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published May 2020.

ISSN 2209-9689 (online)
ISSN 2209-9670 (print)

  1. L Mirani, ‘Millions of Facebook users have no idea they’re using the internet’, Quartz, 9 February 2015, online. See also Facebook, ‘Where we’ve launched’. ↩︎
  2. D Spry, ‘Facebook diplomacy: a data-driven, user-focussed approach to Facebook use by diplomatic missions’, Media International Australia, 168(1):62–80. ↩︎
  3. ‘The inquiry: How powerful is Facebook’s algorithm?’, BBC World Service, 24 April 2017, online. ↩︎

National security agencies and the cloud: An urgent capability issue for Australia

This new ASPI report, argues for the development of a national security cloud. If the community doesn’t shift to cloud infrastructure, it’ll cut itself off from the most powerful software and applications available, placing itself in a less capable position using legacy software that vendors no longer support.

The report’s authors argue that if this need isn’t addressed rapidly and comprehensively, Australia will quite simply be at a major disadvantage against potential adversaries who are using this effective new technology at scale to advance their own analysis and operational performance.

The report identifies four significant obstacles that stand in the way of Australia’s national security community moving to cloud infrastructure. These obstacles need to be crossed, and the change needs to be driven by ministers and agency heads. Ministers and agency heads have both the responsibility and perspective to look beyond the important current technical security standards and rules and think about the capability benefit that cloud computing can bring to Australia’s national security. They’re the ones who must balance opportunity and risk. 

Podcast

Supporting the report, in a special episode of Policy, Guns and Money, we continue the important conversation on cloud computing. Michael Shoebridge and John Coyne, co-authors of ASPI’s recent report ‘National security agencies and the cloud: An urgent capability issue for Australia’, are joined by Oracle’s Kirsty Linehan and Nathan Cook, experts in cloud computing, for an in-depth discussion on cloud computing in Australia’s national security infrastructure.

Cybercrime in Southeast Asia

Combating a global threat locally

What’s the problem?

Cybercrime is a serious threat facing Australia and the world, but this criminal activity is often wrongly viewed as a near invisible online phenomenon, rather than a ‘real world’ concern. Behind every attack sits one or more people in a physical location. Those people are products of particular socio-economic conditions, which influence the types of regional and local cybercrime activity they specialise in. Cybercrime isn’t evenly distributed around the globe, but is centred around hotspots, which offer potential breeding grounds or safe harbours from where offenders can strike. This is true in Australia’s own region, where some Southeast Asian countries are emerging as bases for serious regional, and even global, cybercrime threats. We’re not proactively tackling the locations where the cybercrime threat develops and matures.

What’s the solution?

Australia’s current approach to fighting cybercrime needs to be augmented to account more seriously for this local dimension, particularly in Southeast Asia, and our fight against cybercrime should be more targeted, enduring and forward-looking. While it makes sense to support international cooperation in the fight against cybercrime, those efforts need to be targeted to specific hotspots where the problem is the most acute and Australia’s contributions can provide the greatest value for money. This involves the identification of current or future cybercriminal hotspots within Australia’s near region.

Australia’s existing law enforcement capacity-building programs should be matched specifically to those countries producing the biggest cybercrime threat. Deeper relationships should also be developed between investigators in Australia and those countries through more cyber liaison posts and exchange programs. Finally, Australia should adopt prevention programs that seek to block offenders’ pathways into cybercrime and promote those programs to suitable cybercrime hotspots in the region.

Introduction

There’s a popular perception that cybercrime is an anonymous activity. With seemingly faceless attackers and so-called ‘darknet’ sites, a picture emerges of a threat unlike anything we’ve seen before.

But cybercrime shouldn’t generate this kind of paradigm shift. As Peter Grabosky astutely argued almost 20 years ago, it’s ‘old wine in new bottles’.1 The crime types—fraud, extortion, theft—remain the same; only the tools have changed. For the following analysis, I employ a broad definition: cybercrime is the ‘use of computers or other electronic devices via information systems such as organizational networks or the Internet to facilitate illegal behaviors’.2

The purpose of this report is to highlight how rooted in the conventional world cybercrime actually is. In many cases, there’s a strong offline dimension, along with a local one. All cyberattacks have one or more people behind them. Some of those offenders know each other in person. All are physically based somewhere and are the product of local socio-economic conditions. As a result, we see different ‘flavours’ of cybercrime coming out of different parts of the world. The specific focus of this analysis is on the nature of cybercrime within Southeast Asia and the local dynamics therein.

This report is structured in three parts. First, it outlines the nature of cybercrime as a local phenomenon, highlighting some of the most famous hubs around the world. Second, it zeroes in on the case of Southeast Asia. Finally, the report addresses potential policy solutions derived from this analysis, and particularly those that could be adopted by the Australian policy community.

The analysis contained in this report is informed not only by publications on cybercrime, but also by seven years of fieldwork carried out by the author in 20 countries. This involved interviews with 238 participants, including law enforcement agents, security professionals and former cybercriminals.3

Cybercrime as a local phenomenon

While cybercrime is often viewed essentially as an online and global phenomenon, it’s also an offline and local one.4 It’s true that many offenders participate in cybercrime so they can avoid real-world engagement with both their victims and their partners.5 For a number of others, though, the attacks on victims remain virtual, but they’re collaborating with cybercriminal partners in physical settings.

Sometimes they meet online first and later move their relationship into the corporeal world. In other cases, offenders know each other well already, perhaps coming from the same community, neighbourhood, university or school.6

While still a niche area of research, this offline dimension is slowly attracting the attention of the research community.7 But what really needs to be emphasised is the importance of local conditions in shaping local cybercrime.8 Cybercrime might be a universal problem, but certain countries appear to harbour a greater threat than others. These cybercriminal hubs often have particular specialities, as well.

It’s worth quickly sketching some of the most famous cybercrime hubs around the world. Perhaps the best known of all is the former Soviet Union. That region produces the most technically capable offenders within cybercrime, who are often responsible for developing top-level malware and other tools that are used throughout the industry.9 An excellent education system produces an oversupply of able technologists in the labour market, who then struggle to find opportunities in a weak technology industry.10

Another reputed cybercrime hub is Nigeria, which is known for far less technical forms of cybercrime.11

Nigerian cybercriminals have traditionally carried out ‘advance fee fraud’—the email scams familiar to users around the world.12 In more recent years, West African offenders have evolved. One growing threat is business email compromise, in which a scammer impersonates a CEO or other person to instruct an employee in the victim company to transfer funds into an account controlled by the criminals.13

There are a number of other cybercrime hubs around the world. While it’s beyond the scope of the present report to discuss them all, Table 1 summarises some of them in a simplified fashion. The next section addresses the particular dynamics of cybercrime in some Southeast Asian examples.

Table 1: Geographical specialisations

Source: Jonathan Lusthaus, Industry of anonymity: inside the business of cybercrime, Harvard University Press, page 77, 2018.

Cybercrime in Southeast Asia

Southeast Asia provides an interesting cybercrime case study, as it includes populations of both local and foreign offenders. While offenders are spread across the region, certain countries contain a larger cybercriminal threat than others. As a result, the analysis below is focused on two interesting examples that pose some of the greatest threat in the region: Vietnam and Malaysia. The discussion of Vietnam is centred on the local community of ‘black hat’ (criminal) hackers and the threat they pose. With regard to Malaysia, the physical presence of Nigerian fraudsters is the most relevant topic to examine.

Vietnam

While China, South Korea and North Korea rank higher, some rate Vietnam towards the top of general hacking capability in Asia.14 Even if only a proportion of the local hacker population turned towards crime, that would make Vietnam one of the most serious cybercriminal threats in Southeast Asia.

While some cybercriminals strike at home, Vietnam itself is not a target-rich environment, and major attacks there are not widely reported.15 One rare example was the Vietcombank case of 2016, in which 500 million dong (at writing about A$34,000) was extracted from a customer account.16

For those Vietnamese attacking overseas, credit card fraud has traditionally been a popular endeavour.17 The conventional business model has been to target ecommerce sites and steal the databases of credit card details. The cybercriminals can either sell the card data in virtual marketplaces or buy products online themselves and ship them back to Vietnam.18 The latter approach became increasingly difficult as ecommerce sites blocked some deliveries to Vietnam in response to this malicious activity, so the cybercriminals adapted and found overseas ‘mules’ who could receive items and then mail them on to Vietnam.19 Vietnamese cybercriminals have also engaged in personal data theft, compromising email and other account credentials, and a number of other schemes.

While it’s often important to make the point that cybercrime and hacking aren’t synonymous, in Vietnam the dominant form of cybercrime is tied to hacking. While some parts of the world are known for malware or fraud, Vietnamese cybercrime appears to have a strong focus on intrusions.20 This is likely to be tied to the local context, in which there’s a broader hacking culture and an ecosystem of Vietnamese forums alongside the international cybercriminal marketplaces. Education in computing and STEM disciplines more broadly is of a decent standard compared to that available in some other countries in the region, and there are recent efforts underway to improve it.21 There’s also fairly widespread corruption, which can shelter criminal activity. One former cybercriminal rated Vietnamese corruption ‘a good 8 of 10 points’.22

Vietnam is a significant location of cybercriminality, particularly by regional standards. While a number of factors suggest that it could become a major international cybercrime hub, there are other factors that may be preventing the greater spread of cybercrime there. One is that the level of technical proficiency is much lower than that found in other cybercrime hubs, such as a number of countries of the former Soviet Union.23 This means that the threat faced from Vietnamese cybercriminals is reduced. But there is also less of a push towards cybercrime in the first place, as job opportunities appear relatively robust. The Vietnamese economy has been growing in recent years.24 In particular, the technology sector is attracting investment and providing attractive salaries. There’s also a relatively established pipeline of top Vietnamese talent to foreign companies such as Google and Microsoft.25 While there remains a serious threat, these factors are probably keeping the problem of Vietnamese cybercrime from growing even further.

Malaysia

If the example of Vietnam is about local offenders striking internationally, the case of Malaysia is about foreign cybercriminals using that country as a base of operations. There is a community of local Malaysian cybercriminals, but the more pressing issue is the large presence of Nigerian fraudsters who have established themselves there.26 While Nigerian email scams are well known, many assume that the offenders are based in West Africa. There are indeed a number of offenders operating out of Nigeria, originally from inside internet cafes, and now making use of new mobile technology. But there are also Nigerian cybercriminals spread out across Africa and the world, including in the US, the UK, the Netherlands, India, the Philippines and Australia.27 Their presence in such countries can be for computing training, coordinating money-mule and other support operations, or running their own autonomous scam operations from those countries.28

Curiously, for some time Malaysia has hosted one of the largest concentrations of Nigerian fraudsters. It isn’t yet clear why this is such a fertile location, but it’s of growing concern, as perhaps many thousands of such offenders are running hugely profitable enterprises.29 These are relatively low-tech scams, such as business email compromise, but can be hugely damaging in their scale and impact. The modus operandi of Nigerian scammers in Malaysia is similar to that in other jurisdictions. A fraudster may arrive in Malaysia and find members of his existing social networks already there— almost always men—who may serve as suitable collaborators. This is similar to cybercriminals based in Nigeria, who appear to favour working with those whom they know already and have some form of personal connection with.30 Such an expat fraudster may also seek to involve some Malaysians into his scam. One surprisingly common tactic across the globe is to find a local girlfriend and use her knowledge, language and accent to enhance the scheme.31 For instance, a particular operation might contact victims suggesting that a parcel is waiting at an airport, but that the duty needs to be paid to release it. Having local knowledge means that the airport information and details can be checked for accuracy to avoid suspicion, and if a number is listed in the scam materials a Malaysian will answer the phone, rather than a West African.32

Policy recommendations for regional work against cybercrime

Australia’s existing approach to fighting cybercrime is built around enhancing international cooperation through increasing awareness, strengthening cybercrime legislation, law enforcement capacity building, and information sharing.33 Given the transnational nature of the threat, this is a sensible strategy, but it lacks specificity in its implementation, which could be more tactical and nuanced.

While cybercrime is an online and global threat, the Australian Government shouldn’t ignore the offline and local dimensions of the phenomenon. Cybercrime may be a universal problem, but some countries are more important hubs of cybercriminality than others. The status quo appears to be that any international action in this area is positive, regardless of where. But Australia will have greater success and make more cost-effective use of resources by targeting specific jurisdictions where cybercrime is a problem, with less focus on those places where the concern is limited. This potentially could be decided on the basis of the caseload of the Australian Federal Police (AFP) or intelligence, though other measures would also be possible. It’s likely that such assessments are already happening informally and internally, but they have yet to become part of a defined, sustained and published policy exercise.

Cybercrime might be different in each country, but the policy responses should usually be similar. The key task for governments such as Australia’s is less to determine what to do, but where to do it. The heart of this is to draw up a list of countries that pose the greatest cybercriminal threat to Australia, balanced against an assessment of where an Australian contribution might have the greatest effect. Given limits to resources and influence, it’s unlikely that Australia will take the lead in combating Eastern European cybercrime, though it should continue to support broader international efforts in that area (and might be wise to have a dedicated cybercrime liaison officer based somewhere within the former Soviet Bloc for that purpose).

Within Australia’s strategic backyard, Southeast Asia presents a clearer and more manageable challenge. Policymakers and practitioners have already had some cybercrime engagement with the region, with a broad focus on the ‘Indo-Pacific’.34 But, again, the true value is to be found not by addressing a large region as a whole, but by identifying particular cybercriminal hubs, or future hubs.

Vietnam and Malaysia are good places to start, but aren’t the only locations that should be evaluated.

For any chosen country, there needs to be a clear-eyed understanding of mutual benefit. Cybercrime is a universal problem. As internet usage and ecommerce in Southeast Asia grow, the number of local victims is also likely to grow. Australian law enforcement agencies have the skills, capacity and international connections to aid their regional partners in their own fight to protect their companies and citizens from cybercrime.

The following three recommendations continue Australia’s support for international cooperation on cybercrime, but ensure that it’s even more targeted, enduring and forward-looking.

Recommendation 1

Law enforcement capacity in the region has been improving but still has some way to go. For those countries that are facing large concentrations of cybercriminals, such as Malaysia, the challenge may overwhelm local capacity. When resources are limited, Southeast Asian countries may (reasonably) prioritise cases with local victims, rather than foreign ones.

Australia has a strong history of running cyber training programs in the region. Building on past efforts in this space, greater resources and further training opportunities for cyber-investigators in locations where the threat is the greatest should increase local capacity to take on cybercriminals. In places where corruption is a problem within law enforcement, greater support for anti-corruption programs may also be an asset.

Recommendation 2

Australian law enforcement can also play a greater role in supporting investigations in Southeast Asia.

This has already happened in individual cases,35 but building more enduring relationships is important. One of the most effective ways of achieving that is through liaison officers. Cross-border cases are often aided by having investigators who know each other’s systems, and may even know each other personally. High-level bureaucratic procedures can often get bogged down without agents at the coalface who can expedite the process. In those situations, trusted relationships can be important.

The best ways of building such relationships in Southeast Asia is to increase the number of opportunities for Australian agents to spend significant spells in the region and to provide similar opportunities for Southeast Asians in Australia. This can be achieved through the AFP, the Australian Criminal Intelligence Commission (ACIC), or both, having dedicated cyber liaisons in Southeast Asia, particularly in cybercrime hubs that acknowledge the mutual benefits involved. With some exceptions, such as the Jakarta Cybercrime Centre, the focus thus far has been on placing cybercrime investigators and analysts with major allies such as the US and the UK, along with international policing bodies such as Europol.

Those partnerships are important to continue for broader intelligence sharing, but great value could also be gained by expanding the use of liaisons to build relationships with countries where substantial cybercriminal operations are based, and where such a presence would be welcomed.

Improving investigation partnerships can also be achieved by ensuring that generalist AFP and ACIC liaisons who are already posted to cybercrime hubs do have cybercrime as a clear and core part of their portfolio, and the training and resources to match. This might be particularly useful in cases like Malaysia, where online fraud is the primary cybercrime threat but doesn’t always fall inside (somewhat arbitrary) bureaucratic definitions of cybercrime. Increasing opportunities for police exchange programs, perhaps tied to the capacity-building efforts noted above, would also allow for greater networking opportunities between Australian cyber police officers and their Southeast Asian counterparts.

Recommendation 3

Australia must be forward-looking in its approach to cybercrime. This involves not only identifying future cybercrime hubs in the region, but also acting to block cybercriminal pathways in at-risk countries. Policing approaches based on ‘prevention’ are gaining traction globally. The UK is playing a leading role, and the Dutch police have also invested in this space. Such approaches are less reactive.

They rely on identifying young people who may become involved in serious offending and then intervening before prosecutions are required. Industry engagement is encouraged, with a clear goal of diverting young technologists to legitimate career paths.36

Cybercrime prevention strategies target the root causes of cybercrime, rather than dealing with the symptoms. These efforts should be supported, expanded and internationalised. Australia is well placed to establish a prevention program within the AFP and beyond, but the government shouldn’t stop there. Part of this program should involve evangelising these approaches to other countries as well, and Southeast Asia is a logical focus. But, again, countries where cybercrime is a particular concern should be targeted. Prevention programs also make much greater sense in states such as Vietnam, where the offenders are indigenous, rather than places such as Malaysia, which face foreign cybercriminals establishing a new base.

Cybercrime prevention in Southeast Asia must also involve private industry. In some nations, a major concern is that there are simply not enough good job opportunities in the technology sector. There’s a natural push for countries in the region to improve education in computing and cybersecurity, but if the supply of tech talent becomes too much, some of those individuals may turn to cybercrime. Australian Government prevention efforts should engage with companies in both Australia and Southeast Asia, encouraging partnerships, investment opportunities and job growth in local technology sectors. There may also be greater opportunities for skilled migration and labour mobility within the region. Those efforts might require the AFP to cooperate with other government agencies, such as the Department of Foreign Affairs and Trade. Given that countries such as Vietnam have already shown that they have capable workforces and human capital that can be tapped, these programs should also be of direct benefit to Australian companies, beyond the broader aim of blocking local pathways into cybercrime.

Acknowledgements

This report is built on the insights and information provided by numerous interview participants, and could not have been written without them. I’m also very grateful to a number of colleagues for commenting on earlier drafts of this work, including Nigel Phair, Tala Stevens and a number of readers who prefer not to be named. I also thank the three peer reviewers for their thoughtful suggestions. Finally, great thanks must go to ASPI staff for their guidance, and particularly to Elise Thomas for coordinating this endeavour.

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber and emerging technologies and their impact on broader strategic policy. The ICPC informs public debate and supports sound public policy by producing original empirical research, bringing together researchers with diverse expertise, often working together in teams. To develop capability in Australia and our region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale
exercises both in Australia and overseas for both the public and private sectors. The ICPC enriches the national debate on cyber and strategic policy by running an international visits program that brings leading experts to Australia.

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2020

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published May 2020.

ISSN 2209-9689 (online)
ISSN 2209-9670 (print)

  1. Peter Grabosky, ‘Virtual criminality: old wine in new bottles?’, Social & Legal Studies, 2001, 10(2). ↩︎
  2. Samuel C McQuade, Understanding and managing cybercrime, Allyn and Bacon, Boston, 2006, 16. ↩︎
  3. For further detail, see Jonathan Lusthaus, Industry of anonymity: inside the business of cybercrime, Harvard University Press, Cambridge, Massachusetts, 2018. ↩︎