Legalizing the Great Firewall: China's New Cyber Security Law Would Codify Censorship, Shutdowns

China released the draft of cyber security law on 6 July. Remix image.

China released the draft of cyber security law on 6 July. Remix image.

Many Internet users around the world are aware of the censorship regime of the Chinese government — this is not a well-kept secret. Yet Chinese government officials have denied on many occasions the government's role in filtering and blocking content from overseas web platforms such as Twitter and Facebook. Among the other things, this means that there is actually no channel by which citizens or businesses can challenge government censorship online. One can pursue legal action against Internet service providers, as in the court case against China Unicom for its service failure to access Google's online platform, but not against the government itself.

A new cyber security draft law may change this. The law would legalize China’s use of the Great Firewall to block access to information that authorities say violates local law, as part of an effort to make cyberspace a more “safe and harmonious” place for Chinese citizens and their government.

Rationalising Internet Control Policies

China has actively laid claim to “Internet sovereignty” since the 18th Congress of the Communist Party of China where Internet control dominated the central leadership’s agenda. But the draft law would codify previously scattered Internet regulations and solidify the status of the Cyberspace Administration as the leading government body making and enforcing policy for the Internet.

Article 43 of the draft states that the cyberspace administration and relevant departments shall require “relevant organizations” to adopt technological and other necessary measures to block the transmission of information that is prohibited by Chinese law. But the draft law does not specify any existing channel for citizen to appeal to authorities’ decisions concerning the blocking of content.

Legalizing Internet shutdowns

The draft also rationalises Internet shutdown tactics that were deployed during the Xinjiang riot of 2009. Article 50 of the draft stipulates that in order to protect national security and public order, and respond to major social security incidents, the State Council, or the governments of provinces, autonomous regions and municipalities with approval by the State Council, may take temporary measures with regard to Internet communication in certain regions, such as restricting it.

The law would oblige Internet service providers and platforms to actively monitor user activity and delete content that is forbidden by law in order to prevent that information from spreading (Article 40). Under current practice, both Internet service providers and content service providers are required to designate some personnel to handling censorship notices issued by government and party authorities, and to implement these requests round the clock. The draft law explicitly states that failure to prevent illegal information from spreading will result in punishment including warning, fines and even forced closures (Article 57). Law enforcement can also enlist network operators’ help for national security and criminal detection purposes (Article 23).

No real name, no service

The draft also duplicates the stringent requirements on the real name registration system of the NPCSC's 2012 Decision on Strengthening Network Information Protection, according to Clement Chen, a post-doctoral fellow at Hong Kong University's Faculty of Law. Article 20 of the draft states that network operators shall require users to provide real identity information when signing service agreements to ensure the traceability of their Internet activities and content. If users do not provide real identity information, network operators must deny them the relevant services. Chen adds that while the draft imposes obligations to protect privacy on the ISPs, it does not impose equally comprehensive obligations on public authorities in relation to their collection and processing of personal information within the broad scope of ‘Internet security maintenance’.

Expanding the authority of the Cyberspace Administration

The Cyberspace Administration, or the Office of the Central Leading Group for Cyberspace Affairs, was set up in 2013 with the aim of enhancing China’s cyber security and informatisation strategies. Chinese President Xi Jinping has since served as its chairman and on many occasions stressed cyber security and informatisation are significant strategic issues that are critical to national security and development.

The draft law may cement the Cyberspace Administration’s central leadership in administering, coordinating and supervising cyberspace affairs, from monitoring and censoring online content to evaluating and authorising the overseas storage and transfer of Chinese citizens’ personal information (Article 31). However, with the enhancement and expansion of the Cyberspace Administration’s role, it is unclear whether it will be subject to any form of supervision or judicial oversight.

The cyber security law may be seen as China’s official response to both domestic and foreign criticisms of the current chaotic and inefficient Internet control mechanism. By codifying the Internet control policies and concentrating the power to one body, China is likely to exert more aggressive posture with more efficiency in governing the domestic cyberspace.

Jennifer Zhang is an internet researcher at Journalism and Media Studies Centre, the University of Hong Kong.

1 comment

Join the conversation

Authors, please log in »


  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.