China is using cyberattacks, influence operations and mass data theft to extend repressive authoritarian controls over its population and throughout the world, according to a newly declassified U.S. intelligence report.
The 2020 report by the National Intelligence Council, an analysis unit, identified China as a leader among the world’s authoritarian states in employing “digital authoritarianism” as a means of ensuring political control at home and meddling in other countries.
As part of the anti-U.S. targeting, “Chinese intelligence officials analyzed multiple U.S. states’ … election voter registration data,” the report said.
The data was used to conduct a public opinion analysis of the 2020 presidential election.
“We assess that Beijing’s commercial access to personal data of other countries’ citizens, along with [artificial intelligence]-driven analytics, will enable it to automate the identification of individuals and groups beyond China’s borders to target with propaganda or censorship,” the council’s intelligence analysts concluded. “Such access and analytics also will enable Beijing to tailor its use of a range of online and offline carrots and sticks to its targets outside China — potentially on a large scale.”
The seven-page assessment, “Cyber Operations Enabling Expansive Digital Authoritarianism,” was declassified by Director National Intelligence Avril Haines last month.
China is using its control over Chinese overseas companies in the data collection effort. According to the report, Beijing in the next few years was ready to use commercial channels to expand digital authoritarianism.
“Beijing will be able to exploit Chinese companies’ expansion of telecommunications infrastructures and digital services, these enterprises’ growing presence in the daily lives of populations worldwide, and Beijing’s rising global economic and political influence,” the report said.
Chinese companies have been used by the government to surveil and censor enemies abroad, U.S. analysts say.
The report highlights security concerns over the Chinese company ByteDance, the parent company of the hugely popular TikTok video sharing app. TikTok, one of the fastest growing social media platforms in the world, uses artificial intelligence and manual auditing to filter content in a bid to portray China in a positive light.
The overseas effort to expand communist-style information controls were built on a mass surveillance system now in place inside China, the report contends. Inside China, for instance, Beijing hackers routinely break in and surveil computer networks and accounts of Tibetan groups.
In one case, a local political police and security bureau in Zhengzhou, located in the northeast part of the country, is automating the linkage of facial images and mobile device identification numbers captured by surveillance equipment installed in residential complexes.
“It is linking this data to a citywide surveillance network encompassing license plates, phone numbers, faces, and social media information,” the report said. “China uses mass surveillance and AI-driven algorithmic tracking of its citizens’ behavior at home to inform the use of soft or coercive incentives and disincentives to control them.”
Overseas, mass data theft is a new tactic of China, one also being used by Russia and Iran as well.
“Chinese intelligence services in 2017 stole 147 million [records] from a U.S. credit reporting agency, and almost certainly were responsible for the 2015 theft of 80 million records from a U.S. health care insurance provider,” the report said.
In 2020, a federal grand jury in Atlanta indicted four members of a Chinese military hacking group for breaking into and stealing Americans’ personal data from the credit reporting agency Equifax.
The healthcare provider mentioned in the report was Anthem. In 2019, the Justice Department issued an indictment against several Chinese hackers for the operation.
Russia’s Federal Security Service also is in the business of bulk data theft. The report said the service in 2013 conducted cyberattacks on a U.S. web services company and stole data from 3 billion accounts.
Iranian hackers also are engaged in large-scale theft of personal information, notably from telecommunications and travel companies. The Iranians’ goal is to “track targets of interest to the Iranian regime,” the report said.
“Data brokers are a prime target because they draw from thousands of sources to aggregate categories of information,” the report said. “Among the categories are demographics, home and neighborhood, occupation, education, purchases, property ownership, income and financial status, health details, vehicle information, personal interests, travel, social media and technology habits, ethnicity, and religious and political affiliation.”
China and Russia are improving their ability to study and manipulate large amounts of personal information. The operations allow the government to more effectively influence and coerce targets in the United States and in allied nations, according to DNI analysts.
“In some cases, they are impinging on Western democracies’ sovereignty and interests to enhance their domestic stability,” they wrote, adding, “We assess that Beijing will be able to exploit Chinese companies’ expansion of telecommunications infrastructures and digital services and their growing use in peoples’ daily lives to exert its digital authoritarianism.”
Increased concerns among European and other democracies regarding Chinese and Russian activities provides an opportunity for U.S. policymakers to propose alternatives to blunting digital authoritarianism. Chinese operations have included hacking operations against opposition figures, foreign media, non-government organizations and theft of bulk personal data.