The Western satellite of Hong Kong had a great run. Two decades resisting the authority of an empowered and modern Chinese Communist Party (CCP) is nothing to sneeze at. But with last month's passing of the National Security Law (NSL), which aims to clamp down on the raucous anti-CCP protests that have recently gripped the island, Hong Kong's unprecedented experiment in pseudo-sovereign liberalism looks to be coming to an end.
This law has already threatened the prized freedoms to which dissident Hong Kongers are accustomed. With the NSL also comes an uncertain future for both individual technology companies and the landscape of the global internet.
The law grants authorities with sweeping powers to root out what they consider "secession, terrorist activities, subversion, and collusion with a foreign country or with external elements"—no new feat for a government. At the same time, the NSL adopts the language of Western governments with promises to protect "human rights" including the "freedoms of speech, of the press, of publication, of association, of assembly, of procession, and of demonstration."
That is, unless those activities are deemed to be actually illegal by a newly created "Committee for Safeguarding National Security of the Hong Kong Special Administrative Region" that is supervised by the Mainland government. Should a would-be freedom fighter be suspected as a secretive terrorist under the system the Committee creates, they will be tried in a special court and subject to penalties up to life imprisonment.
This de facto legal crusade against any discussion of Hong Kong independence or CCP shortcomings creates problems for U.S. tech companies operating in the region. Many U.S. companies only partially operate on the mainland, and some of them are basically shut out. Having offices in Hong Kong lets them have a footprint in China without being openly subject to CCP rule (and therefore the public criticism in the West that would follow).
That is now changing with the NSL. China is exerting more direct control of Hong Kong through the Committee for Safeguarding National Security and another new body called the "Office for Safeguarding National Security of the Central People's Government in the Hong Kong Special Administrative Region," which is totally under the control of the mainland and not subject to Hong Kong jurisdiction at all. As the lines between the CCP and Hong Kong governance become blurrier, it becomes harder to claim you do not collaborate with or enable foreign governments that operate ethnic concentration camps.
And the NSL asks for much collaboration. Article 43 of the NSL empowers Hong Kong police with authorities to investigate suspected subversion. Specifically, law enforcement can "[require] a person who published information or the relevant service provider [i.e. technology company] to delete the information or provide assistance" including decryption. If the service provider refuses, the police can petition for a warrant to force the intended digital deeds.
In other words, to operate in Hong Kong, a technology company, foreign or domestic, must accept being deputized as a CCP informant. Failure to comply means possible fines of up to $100,000 HKD (around $13,000 USD) and six months in prison.
There are also provisions for surveillance. Subsection 6 outlines a process for law enforcement to apply for "interception of communications and covert surveillance operations" authorities along with a fast-tracked process for "less intrusive covert surveillance."
What future will American companies have in Hong Kong? Some of the biggies have already started to resist: Facebook, Google, Twitter, and Microsoft have already paused their information sharing request programs with the Hong Kong government.
Perhaps when the buzz dies down, and it looks to them like the NSL will not be too too onerous, American tech companies will resume normal operations. Hong Kong authorities have tried to assuage concerns by stating that the new laws will only target a small and specific minority. Maybe, maybe not. Would we expect a CCP-controlled jurisdiction to tell us when they plan on abusing power?
And there is great potential for abuse. The NSL does not just apply to Hong Kongers. Article 38 states that the law applies to "[offenses]…committed against the Hong Kong Special Administrative Region from outside the Region by a person who is not a permanent resident of the Region"—a.k.a. you. Hope you like the CCP! If you don't, keep your criticisms to yourself.
The NSL is not merely the first step in covering Hong Kong within the CCP's Great Firewall. It tries to extend Chinese jurisdiction over the open internet as well.
It is hard to see a way around a coming tech exodus from Hong Kong. Will American tech companies just tell these various People's Committees to go pound sand? Them and what army? Will the U.S. government back an escalation of conflicts with China on Big Tech's behalf? The potential for brinkmanship is clear.
The problem is built into many companies' business models. Firms like Google and Facebook survive on data-driven advertising. They make money by amassing personally identifiable and behavioral data. Law enforcement agents of any country would love to get their hands on that data, and it can be trivially easy to do this, especially when they have a world power government behind you.
It's a weird situation. The U.S. government has tapped into these rich data veins on persons both within and beyond our borders for years. And although the state here does not censor by law, powerful companies are often close to powerful politicians and they help each other out how they can. For freedom-loving people outside of U.S. borders (and even many people here), this anti-Chinese posture surely smacks of more than a little power-preserving hypocrisy.
The Western internet is undeniably more open than the one behind Great Firewall. But only to the extent that it does not effectively challenge our own power centers. Encryption is already of questionable legality in China. Our leaders are not too far behind with measures like the EARN It Act.
This is not to downplay the severity of the threat to Hong Kong dissidents and the open internet. The NSL must be strongly resisted and criticized because it puts lives at great risk. But so did measures like the PATRIOT Act, which we have merely become accustomed to here in our "free web." It may be that it's easier to challenge dangerous power-grabs when coming from "their side."
Challenges to the open internet emanate from many nations beyond the U.S. and China. Take your pick: there's Australia's encryption war, the German hate crime bill, the EU's General Data Protection Regulation, Brazilian battles against WhatsApp, and now India is getting in on the fun. For a brief and beautiful moment, technology secured free spaces online. As governments have gotten savvier, those free communities have become scarcer.
The sum effects of these developments may be to speed up the development of a more private web. Distributed networks will replace centralized platforms that can be leaned upon to censor or track individuals. Identities will be more pseudonymous and reputation-based rather than tied to bodies that can be oppressed by powerful groups. The act of sending bits will resistant to control even if the developers of the technology that empowers such acts really wished it wasn't.
At least, this is the vision of a new generation of cypherpunks that are working to build these technologies as we speak. It is becoming clearer that governments—even those that profess to operate on principles of liberalism—have no interest in securing a true open internet beyond what suits their present strategies for securing global power.
We can't rely on states. Our strongest hope for resistance against censorship and surveillance lies with technologies that are built to resist censorship and surveillance by design. The question is when current internet users will decide when they've had enough.