China’s National Intelligence Law, enacted on June 27 with unusual speed and limited public discussion, is a uniquely troubling milestone in Beijing’s four-year-old campaign to toughen its security legislation. Like the more widely reported Cybersecurity Law (which went into effect on June 1) and a raft of other recent statutes, the Intelligence Law places ill-defined and open-ended new security obligations and risks not only on U.S. and other foreign citizens doing business or studying in China, but in particular on their Chinese partners and co-workers.
Of special concern are signs that the Intelligence Law’s drafters are trying to shift the balance of these legal obligations from intelligence “defense” to “offense”—that is, by creating affirmative legal responsibilities for Chinese and, in some cases, foreign citizens, companies, or organizations operating in China to provide access, cooperation, or support for Beijing’s intelligence-gathering activities.
The new law is the latest in an interrelated package of national security, cyberspace, and law enforcement legislation drafted under Xi Jinping. These laws and regulations are aimed at strengthening the legal basis for China’s security activities and requiring Chinese and foreign citizens, enterprises, and organizations to cooperate with them. They include the laws on Counterespionage (2014), National Security (2015), Counterterrorism (2015), Cybersecurity (2016), and Foreign NGO Management (2016), as well as the Ninth Amendment to the PRC Criminal Law (2015), the Management Methods for Lawyers and Law Firms (both 2016), and the pending draft Encryption Law and draft Standardization Law.
A comparison of the final version of the National Intelligence Law and the penultimate draft issued on May 16 indicates that its authors had to soften some of these requirements and make it less explicit about to whom they apply. But the law’s broad language still imposes serious new security obligations, and the authors will probably get another opportunity to tighten these rules if detailed implementing regulations for the law are drawn up in the future.
Initial press coverage of the Intelligence Law spotlighted concerns that it would grant intelligence officials the right to enter otherwise restricted facilities, examine private records, investigate and question personnel, and access or even requisition communications or transport equipment owned by companies or individuals. But while the new law does grant these powers, similar authorizations have already been granted in other legislation, most notably the Counterespionage Law (Articles 9-16) and the Cybersecurity Law. It is the Counterespionage Law which most closely parallels the new Intelligence Law in its structure and focus.
As its name implies, the Counterespionage Law is far more defensive in orientation than the Intelligence Law. Article Four requires all Chinese citizens to preserve, and not harm, national security, and obligates all public groups, enterprises, organizations, and other institutions to “prevent and stop espionage activities and maintain national security.”
The Intelligence Law, by contrast, repeatedly obliges individuals, organizations, and institutions to assist Public Security and State Security officials in carrying out a wide array of “intelligence” work. Article Seven stipulates that “any organization or citizen shall support, assist, and cooperate with state intelligence work according to law.” Article 14, in turn, grants intelligence agencies authority to insist on this support: “state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organizations, or citizens provide needed support, assistance, and cooperation.” Organizations and citizens must also protect the secrecy of “any state intelligence work secrets of which they are aware.” These clauses appear to limit the obligations on individuals to Chinese citizens, but they do not stipulate that only Chinese “organizations” are subject to these requirements.
In other articles, moreover, the law’s drafters chose language that does not limit these demands on individuals to Chinese citizens. Article 16 authorizes security officials to make inquiries (xunwen; 询问) of any individuals as part of their intelligence-gathering, and to examine their reference materials and files. These officials can also commandeer the communications equipment, transportation, buildings, and other facilities of individuals as well as organizations and government organs (Article 17).
While the law requires that intelligence officials carry out such inquiries according to relevant state regulations, nowhere does the law explicitly authorize individuals or other actors whom they question—citizen or foreign—to refuse to answer questions or decline such access, information, or support. In this context, it is worth recalling that China’s Criminal Procedure Law requires persons questioned by law enforcement officials (including public security officials) to respond “according to the facts” and does not confer on them the right to silence. What is unclear is whether the passage of the Intelligence Law effectively places these intelligence activities within the same realm as criminal cases, which might compel persons who are interviewed to cooperate with intelligence officials.
Like other recent Chinese security legislation, the Intelligence Law leaves key concepts undefined, thereby expanding the law’s potential scope and its risks to foreigners. Most importantly, the law does not define its title concepts—“intelligence” or “intelligence work”—with details that clarify unacceptable government behavior or limit the obligations the law imposes on people and organizations. In this regard, a useful metric for comparison is one of the most fundamental of U.S. intelligence collection authorities, Executive Order 12333 on Intelligence Activities, which lays out detailed definitions, procedures, limitations and prohibitions regarding a number of intelligence activities, including government collection, retention, and dissemination of information on U.S. persons and corporations.
The Intelligence Law casts a broader net when it discusses the nature of intelligence activities. Article Two requires intelligence work to embrace Xi Jinping’s so-called “overall” or “comprehensive concept of national security” set forth in 2014, which would place virtually any issue—military, political, economic, social, technological, cultural or others—within the realm of intelligence work. Articles Two through Four describe intelligence work as the collection of open source or secret information, at home or abroad, to provide a reference for decision-making and protecting almost any national interest. These interests include, but are not limited to, “preventing and dissipating risks which endanger national security,” “safeguarding [China’s] governing regime,” its “sovereignty, unity, and territorial integrity,” economic prosperity, and the “sustainable development of the economy and society.”
The law also permits authorities to detain or criminally punish those who “obstruct” intelligence activities. But it does not define “obstruction” or distinguish it from mere failure to “support,” “assist,” or “cooperate”—the obligations noted in Article Seven. The law is also unclear about the means by which persons who are subjected to illegal mistreatment by intelligence authorities may file complaints or sue.
A few U.S. IT firms operating in China have expressed concerns about the wide-ranging obligations the new law might place on them to provide technical support to security officials for intelligence-gathering or other activities. The Intelligence Law itself grants officials general authority to demand “assistance” from private organizations and access or use their “communications” facilities. But companies could face even more serious burdens if the law is applied in concert with the new Cybersecurity Law, which accords officials far more specific authority to access and regulate many features of corporate networks that might be useful for intelligence-gathering. These include key business and personal data (which must be stored in China), proprietary codes, and other intellectual property. And like the Intelligence Law, the Cybersecurity Law broadly requires network operators to cooperate with public security and state security officials.
Dr. Murray Scot Tanner is a Principal Policy Analyst for Alion Science and Technology, and lives in Rockville, Maryland.
To read the full article, please click here.