China Espionage Research Update, Q2, 2021

15 June, 2021

Thanks for subscribing and welcome to the second quarter 2021 newsletter. This and the earlier edition are archived here.

IN THE HEADLINES

  • Tightened CCP Controls in Hong Kong Reflect the Party’s Intelligence and Security History
  • The Story Behind Apple User Data in China—and How the CCP Gained Control of It
  • Thoughts on Beijing’s View of the American Espionage Threat
  • New Counterintelligence Rules Underline Heightened Risk for Foreigners in China 
  • Beijing and Australian and Canadian “Spies”: Just the Latest Chapter of China’s Timeworn Use of Hostage Diplomacy

Tightened CCP Controls in Hong Kong Follow the Party’s Intelligence and Security History Script

The South China Morning Post ran one of its best stories ever on 14 June describing how Chinese Communist power has gradually come out of the closet in Hong Kong—and how the party is now openly discussing its role and expectations in the former British territory.

One thing the writers did not focus on was how the CCP still follows past practices for consolidating control of newly acquired territories – that they honed during the revolution. As they “liberated” the last holdouts of the nation’s core area during the Chinese Civil War (1946-1949) and then took control of Xinjiang and Tibet, the Party tailored its approach to the “objective conditions” of each place, as Mao liked to say, but always moved in the same direction of consolidating total control to eliminate threats from “counterrevolutionaries.” In doing so, they assigned key tasks to the Party’s intelligence and security organs alongside the CCP United Front Work Department. We wrote about this, and the associated work of CCP intelligence and underground operatives in Chinese Communist Espionage.

As Mao also said, “Make the past serve the present” (古为今用, Gǔ wéi jīn yòng). I will elaborate more in my next book, and show how the CCP’s tendency to use historical lessons can make such measures predictable, today.

As usual, run a good VPN before reading anything coming out of China, Hong Kong, and Macau, and ensure that you have installed high-quality anti-virus software.

The Story Behind Apple User Data in China—and How the CCP Gained Control of It

In case you missed last month’s New York Times story, “Censorship, Surveillance, and Profits: A Hard Bargain for Apple in  China (May 17), one of the correspondents on that story was interviewed on NYT’s The Daily podcast from 14 June. In sum, all Apple user data in China is kept on a server controlled by an unnamed element of the PRC government, and they have the keys to decrypt it any time they want.

The question remains: if Beijing demanded decrypted user data from abroad, would Apple comply?

Thoughts on Beijing’s View of the American Espionage Threat

To be fair to China’s historically paranoid outlook, the Americans are also growing stricter. The FBI and local law enforcement in the U.S. have great power to investigate the goings on in foreign firms on U.S. soil, though obvious judicial and First Amendment protections exist.

And Chinese concerns about American spying are not unfounded, what with the 2012 spy scandal in Beijing that led to the arrest and execution of perhaps over a dozen Chinese agents of the CIA, including an aide to then Ministry of State Security (MSS) vice minister Lu Zhongwei.

Meanwhile, Chinese anti-spy propaganda, normally general in nature, is gradually becoming more specific about threats. The popular spy drama State Secrets (国家机密, Guójiā jīmì), which premiered in 2005, depicted contemporary State Security officers investigating Chinese bad guys lured into espionage by unnamed foreign powers, as did other media such as the one-act cartoon play “Dangerous Love” (illustration below). More recently, these efforts have ramped up and become more specific. In 2016, authorities began observing an annual National Security Day on 15 April to educate the public about foreign spy threats. Meanwhile, a successor to State Secrets premiered in 2015: With the Silent Section (于无声处, Yú wúshēng chù, aka: “In the Silence” on YouTube). This updated series depicts State Security officers chasing American spies and their recruited agents in 1984, just after the founding of the MSS. Actors with American accents were employed to play the bad guys, their names in the credits followed by “美国” (U.S.).

Less specific: A red-haired white guy, David, woos Xiao Li, a Chinese state employee, in the 2016 propaganda comic “Dangerous Love” (“Red-haired person” (红毛人) is an old shorthand for foreigner).
More specific: A Chinese-speaking American spy, “Charlie,” played by Scotty Robert Cox (柯国庆)) in “With the Silent Section.” In this scene, Charlie worries that he is being followed and tells his taxi driver to turn around and go back to the hotel—not knowing that all is already lost as the driver is an undercover State Security officer. When caught with incriminating evidence as he tries to leave China, Charlie commits suicide with a poison pill.

New Counterintelligence Regs Clarify Spy Laws, Heighten Risk for Foreigners in China

Years after Beijing passed a series of espionage-related laws between 2014 and 2017[1], the other big shoe has finally dropped: its Counterintelligence Regulations[2], announced on 26 April, give details about who is required to do what, and with whom, in China’s long anti-spy campaign now going into its eighth year.

These Regulations provide detailed implementation for two of those pieces of legislation: the State Security Law and the Counterintelligence Law (aka: the Counterespionage Law).

As Murray Scot Tanner described in his 2017 Lawfare Blog article, the spate of anti-spy legislation was written to make clear that the CCP and its subordinate government require citizens and organizations  to assist in Chinese intelligence operations, counterintelligence investigations, and cybersecurity efforts, albeit with no significant limits on government and party power nor any genuine attention to preserving individual rights.

When espionage-related legislation first emerged seven years ago, many commentators reacted with a yawn, asserting that they merely codified established CCP practices dating from Mao Zedong’s time (d: 1976). However, China is now a different place. It has far more contact with the outside world, with thousands of times more foreigners on its soil than before and an economy that is not only tied to the rest of the world, but is made up of many large and powerful firms; a situation that was unimaginable just a generation ago. Moreover, more Chinese have been exposed to, or at least learned about, foreign rule-of-law systems. Thus, detailed laws and regulations make it easier to govern—and catch spies—in this more sophisticated society.

By spelling out responsibilities of state security organs and the obligations of citizens and various organizations, these laws and the Regulations mandate standardized interactions between China’s intelligence community and the public, push counterintelligence responsibilities down to the lowest possible levels, and help deter corrupt activity by officials such as playing favorites or profiting through extortion.

In the first line of the introduction to the Regulations, CCP leader and PRC president Xi Jinping is named as the “core” of the party’s decision making: not unexpected in today’s atmosphere lauding him as equal to Mao Zedong in Chinese history, but a strong hint that all concerned had better pay attention. 

Leading up to the actual listing of its 26 articles, the introduction lays the main responsibility for counterintelligence work on public and private organizations in China, which Chinese State Security organs[3] are to “guide and inspect.”[4] The former is a set phrase referring to the Ministry of State Security in Beijing and its subordinate State Security Bureaus and Departments at the provincial, municipal, and county levels.

This appears to be the start of a huge, and new, undertaking: the Regulations task State Security organs at all levels to train officials and executives in “institutions, groups, enterprises and other social organizations”[5] across China; provide training materials; conduct inspections to audit for compliance to standards; and direct organizations to rectify mistakes.

Article 4 of the Regulations has the teeth: state security organs should impose unspecified time limits on audited organizations to meet standards, and can refer the case of a negligent person or organization to law enforcement or the courts as “an offense, (with) criminal responsibility to be investigated according to the law.”[6]  In Articles 7 and 8, enterprises are required to keep a current list with State Security of their employees conducting anti-spy work, engage in timely reporting of suspicious acts, and “provide facilities and other assistance to state security organs to carry out their tasks.”[7]

Article 9.7 calls for regular anti-spy education and training for persons in contact with foreigners and those with access to secret information. However, the language of the Regulations neither includes nor excludes foreign people, enterprises, and other organizations in China, nor does it mention Hong Kong and Macau.[8] 

While this seems to insulate foreigners from State Security, only time will tell, and there is no reason for optimism by foreigners in China. Moreover, PRC regulatory authorities such as the State Administration for Market Regulation already strive to treat foreign organizations the same way they do Chinese entities, providing a precedent for espionage investigations, not to mention requiring training and audits.

Since the Regulations do not exempt foreigners from the tender mercies of the security apparatus, the option of treating them like anyone else in China may remain reserved for politically timely application sooner or later: perhaps first on the Chinese mainland in tier 2 cities and below (e.g. Dalian, Shenyang, Zhuhai, Xi’an, Fuzhou) where few if any foreign journalists are present, then in tier 1 municipalities like Beijing, Guangzhou, and Shanghai. Considering their sensitivity in China’s bilateral relations and the presence of foreign consulates and significant foreign populations, Macau and Hong Kong would logically come last.

Keeping in mind the present threat against Canadians and Australians in China, there is always the possibility of stricter application toward a particular set of foreigners becoming timely due to bilateral tensions with Beijing. 

Critical information infrastructure is treated in Article 10, which requires security measures to prevent and stop foreign network attacks. That may leave open the possibility of a State Security organ interpreting this part of the Regulations as requiring network isolation of a foreign enterprise from their headquarters abroad. In Articles 24 and 25, State Security may enter premises for technical inspection and testing, or to install equipment for remote testing (远程技术检测, yuǎnchéng jìshù jiǎncè).  This is not a new practice (just ask Apple), but by its inclusion in the Regulations, it will likely become universal.

The language of the articles cited above should give pause to any foreign firm in China that wishes to maintain basic network security and ordinary security operations and investigations to counter unauthorized network access, internal fraud and embezzlement, and insider IP and other theft. A lesser-known but extant practice is conducting Technical Surveillance Countermeasures, or TSCM, i.e. hunting for audio and video “bugs” (TSCM is pursued by at least some foreign firms striving to protect trade secrets). In the past, PRC security organs have kept their hands off of such operations as long as they were conducted on company premises. Foreign enterprises were also able to (sometimes) resist intrusions by Chinese authorities.

Now, there are regulations that mandate the involvement of State Security practically anywhere they wish to go.

Beijing and Australian and Canadian “Spies”: Just the Latest Chapter of China’s Timeworn Use of Hostage Diplomacy

As Australia and Canada consider how to react to the defacto kidnap of the Australians Cheng Lei and Yang Hengjun and the Canadians Michael Spavor and Michael Kovrig, it would be good to obtain some perspective by reviewing China’s longstanding practice of hostage diplomacy.

The allegations that these four individuals were spying for a foreign power so far lack any evidence that they actually sought direct or indirect access to Chinese classified materials. Moreover, the blaringly loud rhetoric from Beijing on these cases is reminiscent of past incidents where apparently innocent suspects were subjected to show trials, seemingly to express the CCP’s displeasure with a foreign government and gain leverage.

When will Beijing start corralling Americans as “spies” when they really ain’t—just to make a point with Washington? Probably not in the near future, because doing so is a more sensitive matter than grabbing the citizen of, in Beijing’s eyes, a less powerful trading partner.

The following is an excerpt from an article, “Thinking the Unthinkable,” published in the Jamestown China Brief in 2016 that reviews Beijing’s hostage diplomacy up to that time. It seems to retain its relevance today.

Taking hostages is a fixture in Chinese history and modern practice. It was a formal part of Chinese statecraft until the 17th Century, including taking “external hostages” to control barbarian states during ordinary times, and during hostilities to facilitate negotiations for armistice or surrender. [1]

In modern times, extrajudicial hostage taking over business disputes, often condoned by local authorities, has become common. A few of many examples: American senior executives confined for days to weeks in separate incidents during 2007 and 2013 in Beijing, when Chinese staff feared layoffs; the bankrupt consumer products company whose Chinese suppliers stormed their representative office and took American employees hostage for about a week (Wall Street Journal, June 26, 2013) [2] Hostage taking is even a strategy of choice in a Chinese business publication: if a debt becomes uncollectable, enlist the help of the local Public Security Bureau to temporarily hold the debtor (China Law Blog, May 2016).

As illustrated in the comparisons below, private disputes are different than a state-sponsored detention, but the lesson to absorb is that use of detained people as pawns is more acceptable in China than elsewhere, which raises the risk to resident foreigners of all stripes. If the current leadership wished to make a list of precedents for holding foreigners without conventional criminal charges, it might look like this:

Some Precedents in PRC History Leading to Detentions of Foreigners Under Non-Criminal Circumstances

YearDetainee TypeIncidentCircumstances
1948-49DiplomatsConfinement to facility of diplomats, American Consulate, Mukden (Shenyang)Rising US-China tensions. Military campaign during Chinese Civil War.
1949-50DiplomatsDelayed departure of U.S. diplomats and other Americans from ShanghaiRising US-China tensions. Espionage threat in Shanghai.
1967DiplomatsBrief detention of UK diplomats during burning of British Embassy BeijingChaotic phase of Cultural Revolution.
1967-69JournalistLonger ordeal of Reuters correspondent Anthony GreyChaotic phase of Cultural Revolution.
2001  MilitaryDetention of an American EP-3 crew on Hainan IslandIncident On and Over the High Seas (INCSEA)
2008BusinessVisiting U.S. executives detained by workers at factory during labor dispute. *Local business dispute. Action ignored by Public Security Bureau.
2014BusinessDetention of Australian executive *PRC intelligence identifies and pitches a former intelligence officer.
2014-16MissionaryDetention of Kevin and Julia Garrett, Canadian missionariesCanadian-Chinese bilateral tensions prior to arrest.
2015BusinessDetention of American executive *PRC intelligence identifies and detains former intelligence officer.
2015DiplomatsDetention of American Consulate officer *Officer held and beaten by Chengdu municipal State Security Bureau for unclear reasons
2015BusinessDetention of U.S. corporate executives visiting tire factory in Shandong province. *Dispute between the firm and the local CCP committee following an earlier strike.
Sources: Chen Jian, China’s Road to the Korea War, the Making of the Chinese-American Confrontation (New York: Columbia University Press, 1994), pp. 33-39; Earl Wilson, “I was looking at him, this one man between me and freedom,” in “Get While the Getting is Good,” ADST.org; Roderick MacFarquhar and Michael Schoenhals, Mao’s Last Revolution (Cambridge, Massachusetts: Belknap Press, 2006), pp. 224-27; Anthony Grey, Hostage in Peking (London: Michael Joseph, 1970); Susan L. Shirk, China, Fragile Superpower (Oxford: Oxford University Press, 2007), pp. 236-37. *Interviews regarding unpublicized incidents.

By coincidence, the ordeal of the Garretts began two months after the Canadian government accused China in July 2014 of state-sponsored spying against the National Research Council in Ottawa (Xinhua, January 28, 2016; CBC News, July 29, 2014). Espionage charges were laid followed by deportation, possibly a signal example that the CCP is willing to use detentions and expulsions in a random way to pressure a foreign government. More recently, the dispute with South Korea over the THAAD deployment triggered the unexpected expulsion of an uncertain number of South Korean missionaries. Despite the declining number of Western and Korean missionaries after three years of CCP pressure, possibly thousands remain in China, subject to sudden official hostility (Christianity Today, March 8, 2017; Toronto Globe and Mail, August 25, 2014; billionbibles.org).

The 2001 EP-3 incident likely provides the most hints of how the CCP leadership would consider using Americans in China should a bilateral conflict suddenly arise. Chinese military leaders talked about preparing to fight the U.S., internal security bodies wanted to put the Americans on trial, and others who worked the bilateral relationship wanted to release the crew gradually or right away, and keep the aircraft. One Chinese advisor noted that “The internal negotiations were much more difficult than the negotiations with the US.” CCP General Secretary Jiang Zemin allowed the crew to depart China after 11 days, and their aircraft was disassembled and shipped back to the U.S. as freight. [3]

If tensions with the U.S. should escalate today, a similar internal debate should be expected—but this time the decider is Xi Jinping, a “hard authoritarian” who at least aspires to firmer control compared to recent CCP leaders. [4] Xi has taken an increasingly unforgiving stance against the American presence in Asia and may consider himself more secure in authority than did Jiang (China Brief, October 4, 2016). Strong though he may be, Xi’s choices in a crisis may be constrained by an accompanying rise in popular anger against foreigners. Moreover, the large number of Chinese immigrants in the U.S. also poses a problem in controlling a bilateral crisis.

  1. Yang, Lien-sheng. “Hostages in Chinese History.” Harvard Journal of Asiatic Studies, vol. 15, no. 3/4, 1952, pp. 507, 509-11, 516, 519-20. jstor.org/stable/2718238.
  2. Interview with a corporate security executive from a U.S. technology firm, 2007.
  3. Susan L. Shirk, China, Fragile Superpower (Oxford: Oxford University Press, 2007), pp., pp. 236-39. For a discussion of the material compromised during the incident, see The Intercept, April 10, 2016.
  4. David Shambaugh, China’s Future (Cambridge: Polity Press, 2016), pp. 2-3. In chapter four, especially pp. 98-100, the author argues that the “soft authoritarians” Jiang Zemin, Zeng Qinghong, and Hu Jintao were displaced after 2009 by “hard authoritarians” surrounding Xi Jinping.

QUOTE OF THE QUARTER

保守国家机密慎之又慎 !

Bǎoshǒu guójiā jīmì shènzhī yòu shèn

One cannot be too careful in guarding state secrets!

MEANWHILE, CHECK THESE OUT

Don’t miss our glossary of Chinese Intelligence Terms, a one-of-a-kind reference with hundreds of espionage and counterintelligence terms, translated into English with sources referenced so that you can see that is the product of research—not a leaked document.

https://www.ccpintelterms.com/

My next book, China’s Secret Wars, From Mao to Now will be a narrative account of Beijing’s spy apparatus. The research will involve extensive international travel for interviews to obtain perspectives from outside the Washington, DC Capital Beltway. I will hire graduate research assistants when finding is sufficient.

Please contact me for details using the contact us page at mattbrazil.net

Naval Institute Press, 2019

“This is an important and timely book. Brazil and Mattis place China’s sustained campaign of espionage in context. Chinese Communist Espionage: An Intelligence Primer is a must-read for all who play a role in protecting free and open societies from this pernicious threat to security and prosperity.” —H.R. McMaster, author, Dereliction of Duty: Johnson, McNamara, the Joint Chiefs of Staff and the Lies that Led to Vietnam

“In this painstakingly researched and very detailed effort to pierce the veil of Chinese opacity, Brazil and Mattis have helped limn both the history and current dimensions of the still shadowy world of Chinese intelligence and counter-intelligence operations.” –Orville Schell, Arthur Ross Director, Center on US-China Relations, Asia Society

“Mr Mattis and Mr Brazil provide a useful field guide to Chinese intelligence services.” –The Economist

“A well-laid-out account of how Chinese intelligence works, along with its internal contradictions and conflicts.” –Foreign Policy

“Chinese Communist Espionage: An Intelligence Primer is precisely what the subtitle says it is, a primer, and a very useful one…. Serious students of Chinese espionage and anyone interested in doing additional research–which the authors encourage–will find the footnotes and the bibliography extremely helpful.” –The Cipher Brief

“This timely work joins a select body of literature that examines China’s intelligence operations. This book is a very strong contribution to the field of study and unlike sensationalized or journalistic accounts, it presents an accurate and descriptive view of China’s Espionage activities.” –Nicholas Eftimiades, Assistant teaching Professor, Penn State University, and author Chinese Intelligence Operations

“The first book of its kind to employ hundreds of Chinese sources to explain the history and current state of Chinese Communist intelligence operations, Chinese Communist Espionage: An Intelligence Primer profiles the leaders, top spies and important operations, and links to an extensive online glossary of Chinese-language intelligence and security terms.” –The Foreign Service Journal

“This book will be of interest to the security specialist…. It will also be useful to those who are engaged in research on and teaching of comparative intelligence systems.” –Security Management

“Messrs. Mattis and Brazil’s book is the most comprehensive attempt yet to outline the range of China’s spying and the complicated web of agencies that carry it out. The scale of China’s relentless espionage activities is far more understandable thanks to their work. Readers may be surprised, for example, to find out that some of the earliest American Cold War spies gave their loyalty to Beijing, not Moscow, prompting one to wonder: Does China today have its own Kim Philby? The ignominious list of Americans, both of Chinese descent and otherwise, who have sold national or corporate secrets to China, or attempted to do so, is enough to raise questions about how much of China’s military and economic rise could have been achieved without espionage.” –The Wall Street Journal

See www.mattbrazil.net for links to other articles and to some of my online talks about this topic, available via YouTube and on podcasts.

Thank You for Signing Up for This Newsletter

Please feel free to forward it to friends with interest in the topic. An easy sign-up page to subscribe to this newsletter may be found here.

Don’t miss a single issue: each newsletter will be posted at https://www.mattbrazil.net

I always welcome tips about matters hitherto unknown to the public.

Matt Brazil​​

Non-resident Fellow, The Jamestown Foundation

Contributing Editor, SpyTalk

San Jose, California

Mobile (Signal enabled): +1-408-891-5187

Encrypted: matt.brazil@hushmail.com

https://www.mattbrazil.net/

https://www.usni.org/press/books/chinese-communist-espionage


[1] The 2014 Counterintelligence Law (反间谍法, Fan jiandie fa); the State Security Law (国家安全法) and Counterterrorism Law (反恐怖主义法, Fan kongbu zhuyi fa) in 2015; the Cybersecurity Law (网络安全法, Wangluo anquanfa) and Foreign NGO Management Law in 2016; and the 2017 State Intelligence Law (国家情报法Guojia qingbao fa), updated in 2018.

[2] 反间谍安全防范工作规定, Fǎn jiàndié ānquán fángfàn gōngzuò guiding. The title of the Regulations employs the Chinese phrase 反间谍 (Fan jiandie), literally “anti-spy,” which is variously translated into English as counter espionage and counterintelligence.

[3] 国家安全机关,  Guójiā ānquán jīguān

[4] 指导和检查, zhǐdǎo hé jiǎnchá. Perhaps by coincidence, this seems to reflect the trend in Western corporations to advocate that business units and individuals “own their own security” by avoiding rookie mistakes like posting company information on social media or thoughtlessly clicking on email attachments from unknown senders.

[5] 机关,团体,企业事业组织,和其他社会组织  Jīguān, tuántǐ, qǐyè shìyè zǔzhī, hé qítā shèhuì zǔzhī

[6] 构成犯罪的,依法追究刑事责任,  gòuchéng fànzuì de, yīfǎ zhuījiù xíngshì zérèn

[7] 为国家安全机关依法执行任务提供便利或者其他协助, wèi guójiā ānquán jīguān yīfǎ zhíxíng rènwù tígōng biànlì huòzhě qítā xiézhù

[8] 涉密、涉外人员 shè mì, shèwài rényuán. Some online translation tools mistakenly interpret the latter, 涉外人员, to mean “foreigners” because it contains the character (wài), for outsider. However, the Regulations do not contain any of the standard terms for foreign enterprises or foreigners (外国企业, 外国人, 外国公民, 国际友人, 外客, 外宾, 外籍人员, Wàiguó qǐyè, wàiguó rén, wàiguó gōngmín, guójì yǒurén, wài kè, wàibīn, wàijí renyuan), nor is there any reference to “citizenship/nationality” (国籍, guójí).