An Unholy Alliance? State-Corporation Relationships and the Surveillance of Religious Minorities

(1)

An Unholy Alliance? State-Corporation Relationships and the Surveillance of

Religious Minorities

Name: C.H.E. Groenewegen Student number: s1354310

Email: c.h.e.groenewegen@umail.leidenuniv.nl Supervisor: Dr. J. Shires

Master Thesis Crisis and Security Management January 2020

(2)

With the omnipresence of both physical and digital surveillance in our daily lives since 9/11, considering the factors and decisions that have led to the Big Brother World we live in becomes even more important. Justification for state security relates firmly to the protection of national security and the prevention of any violent incidents such as the devastating attacks that shaped the surveillance landscape. States are therefore actively involved in surveillance in order to mitigate these threats, and the rapid rise of technology has led to increased reliance on companies to perform digital surveillance. State-corporation relationships are thus a vital component for surveillance regarding security threats.

Surveillance has varying definitions, focusing on observation, power structures, and the regulation of behaviour, which have been studied extensively (Ericson & Haggerty, 2006; Monahan & Wood, 2018). A more recent development which is gaining traction in surveillance studies is the incorporation of technology in digital surveillance. This research aims to complement the current research on digital surveillance by defining its characteristics and so contributing to the existing body of knowledge. Furthermore, state-corporation relationships are principal in studies regarding public policy, but there appears to be a lack of research into these relationships when considering surveillance intermediaries in the private sector. Researching the effects of state-corporation relationships on digital surveillance therefore provides theoretical insights on this aspect of digital surveillance. Moreover, the theoretical contribution on digital surveillance is complemented with a practical approach for relevant stakeholders in the field of surveillance. Considering China and the United States as case studies provides research outcomes that give a clear overview of these states and their cooperation with relevant corporations. There is widespread information on both the Xinjiang surveillance state in China and the mass surveillance programs in the United States, but these cases have not yet been extensively been compared regarding state-corporation relationships and their cooperative or conflictual nature (Rozenshtein, 2018). This research aims to fill this gap and addresses these matters regarding digital surveillance.

This research will focus on to what extent state-corporation relationships affect digital surveillance in order to diminish or eliminate security threats. Two cases are analysed that involve digital surveillance programs and the relationship with the private sector in order to safeguard national security. These cases are compared based on the differences in digital surveillance, and three hypotheses are formulated to explain these outcomes. The first case is the digital surveillance of the Uyghur population in China. China has a history of framing this population as a terrorist threat. The government has created a surveillance state in order to

(4)

prevent terrorist attacks from occurring. As a result, the Uyghur population is being closely monitored. The Chinese surveillance state continuously collects data on citizens and actively seeks participation of the private in order to achieve this. This cooperative relationship defines numerous aspects of the surveillance program against the Uyghurs. The second case is the surveillance of Islamist terrorism by the United States. The ‘war on terror’ has been prominent on the US policy agenda since the 9/11 attacks. Since these events, surveillance has rapidly increased in the US. In order to mitigate potential terrorist threats, the United States has partnered with private actors in order to retrieve information. The Snowden files revealed mass surveillance programs such as PRISM, in which the state retrieved data from technology companies for the purpose of state security. This relationship has defined the ways in which the state retrieves data and performs surveillance. In some cases, corporations are not willing to give up data, such as in 2016 when the FBI attempted to gain access to iOS systems in order to control the iPhone of a terrorist suspect, without success (Kahney, 2019). This conflictual relationship determined the outcome of data retrieval and shows the effect on digital surveillance. Both cases portray digital surveillance programs against security threats and the impact of the private sector on the outcomes. This thesis thus highlights the effect of state-corporation relationships on digital surveillance as a means of security. It will answer the following question:

To what extent do different state-corporation relationships affect digital surveillance of security threats?

In order to get to the analysis, the following sub questions will subsequently be answered: • To what extent have China and the United States used the act of securitization to present

religious minorities as a security threat?

• What type of digital surveillance is being performed to mitigate national security threats in China and the United States?

• How do China and the United States make use of private sector technology to perform surveillance of national security threats?

• What type of state-corporation relationship do the USA and China have with large internally located technology companies, and what is the effect of these relationships on digital surveillance?

This research analyses the effect that the relationship between the states and respective domestic technology corporations has on the type of digital surveillance that takes place. Other factors will be taken into consideration, namely the different types of threats and the state

(5)

character that is involved with state surveillance. Ultimately, I will argue that state-corporation relationships are a significant driver for these differences. The extent to which a relationship is cooperative or conflictual, along with the legal framework on data distribution, contributes to the method of surveillance and under what circumstances it is performed.

First, the theoretical framework in Chapter 2 will highlight the most important literature on surveillance and its implications as a tool for state security. This will define surveillance, security threats, and the type of state-corporation relationships and so provides a framework for analysis. The methodology section in Chapter 3 provides justification of the chosen research methods and data collection, and operationalizes the research method. The two case studies will be presented in the following Chapter 4. For China and the United States, a description of the securitization of Muslim minorities is given, along with an overview of digital surveillance and the role of the private sector in both countries respectively. This information guides the reader into what will be analysed, this being the surveillance of the population in light of national security. Chapter 5 provides the analysis, which first gives an overview of the differences between the mass surveillance programs in the United States versus the targeted surveillance program in China is given. These differences will be analysed in light of three hypotheses: different types of threats, state characters, and the involved corporations and their relationship with the state. The conclusion will state that all three hypotheses are relevant to the differences in surveillance, but that state-corporation relationships are an important aspect to take into account.

(6)

2. Theoretical framework

This chapter provides a background of the theoretical concepts and theories on surveillance, security threats, and the private sector as a surveillance actor. The concept of surveillance is first explained along with the power relationship that exists, the shift from top-down

surveillance to multi-actor surveillance, the incorporation of technology, and the categories of surveillance. Then, surveillance regarding the mitigation of security threats, securitization of threats, legitimacy, and the tackling of security by private actors are discussed. Private actor involvement in surveillance is then elaborated on, tackling the increased involvement, state-corporation relationships, data sharing as a business model, legal frameworks, and incentives for government to invest in partnerships with private actors. The theories and concepts derived from this section will be used in the case descriptions and the analysis.

2.1 Surveillance

The traditional definition relates to the power structure in place. Surveillance in itself means ‘watching from above’ and implies that a powerful actor watches and monitors weaker actors (Monahan & Wood, 2018). This relationship between the actors involved in surveillance remains, there is more focus on what is to be achieved by performing surveillance. Scholars argue that surveillance is performed by actors in order to monitor and thus control or regulate people’s behaviour (Gilliom & Monahan, 2013). With a focus on regulating or changing people’s behaviour through observation, it is clear that the power relationship is inevitable.

This form of social control goes beyond merely watching people from above, but actively seeks to monitor behaviour of its subjects. This stems from Foucault’s panopticon metaphor, which scholars deem the leading metaphor for studying surveillance (Caluya, 2010; Foucault, 1979). The panopticon theory presents a setting in which prisoners have the feeling of being watched even though this is not always the case, leading to self-monitoring. This shows that power in the surveillance structure does not always need to be seen in order for it to be effective (Monahan & Wood, 2018). This power relationship, along with the drive to control and adjust behaviour is defining for contemporary surveillance studies.

Surveillance, whether visible or not, is distinctive and central in contemporary society. According to Staples, surveillance and social control takes place in all levels of societies and is not only one-directional (Staples, 2018). Surveillance has expanded and evolved from its traditional structure to a structure where multiple actors are involved in different types of data accumulation and observation (Richard V. Ericson & Haggerty, 2006). Surveillance that is

(7)

performed by multiple actors is distinctive for progressive societies, especially in light of rapid technological change.

This important development, the incorporation of technology, is central to the evolution of surveillance (Ericson & Haggerty, 2006). As opposed to the traditional perception of state surveillance, the involvement of technology in surveillance has caused a distortion in accountability and hierarchy. These fixed structures are blurred due to the involvement of specialized technical actors. Furthermore, technological development has stimulated automation of surveillance processes (Ericson & Haggerty, 1997; Ericson & Haggerty, 2006). The constant renewal of technological surveillance capabilities is significant for contemporary surveillance.

The traditional type of surveillance where people are merely being watched by other people has thus moved to the background as the rise of technological means such as camera equipment and AI technology has allowed for a shift to digital surveillance. This has changed the nature of how surveillance is conducted and monitored (Feldstein, 2019). According to Ünver (2018), digital surveillance regarding intelligence practices can be classified in the following five domains: biometrics, imagery (IMINT), data security, ICTs, and geolocation (GEOINT). However, these domains are constantly evolving and becoming intertwined. For instance, biometric surveillance techniques can make use of imagery in order to match camera footage with database images of citizens (Feldstein, 2019). There is therefore no clear line to divide digital surveillance practices. According to Eijkman (2012), surveillance technology used for state security can be categorized into three categories: biometrics, physical characteristics such as “digital images of faces, fingerprints, palm patterns, iris scans, and DNA”; visual surveillance, imagery attained through security cameras and software; and the tracing of personal data, namely personal information that can be “processed, disseminated, and shared between governmental agencies and sometimes third states” (Eijkman, 2012, p. 3-5). The type of data that is collected is thus a central aspect within digital surveillance.

2.2 Security and emerging threats

Surveillance nowadays can be used as a tool for monitoring any suspect populations that may be deemed a threat for state security (Ericson & Haggerty, 2006). As previously stated, surveillance in Western states has severely increased in the aftermath of the 9/11 attacks. The intensification of surveillance implies that monitoring is deemed necessary in order to diminish any security risks or threats related to societal safety (Ball & Webster, 2003).

(8)

Surveillance as a tool has been used in order to guard states from national security threats. The creation of such ‘perceived threats’ can be accounted for by securitization theory. Buzan, Wæver, and de Wilde argue that securitization takes place when state actors politicize and form security issues based on discourse of a perceived threat (Buzan et al., 1998). The results of securitization have often been criticized, as it may lead to threats being treated as security issued without any reassurance that there is any form of risk. They are therefore used as an incentive to use this tool for further state purposes (Mabee, 2007). Furthermore, threats fall under the traditional military use of security threats when they are being treated as having potential political risks. However, security has ranged far from this traditional perspective, as securitization has moved away from a traditionally military objective (Buzan et al., 1998).

The lawfulness of surveillance is often debated on accounts of legitimacy, privacy, and accountability. However, Feldstein (2019) states that it is necessary for governments to undertake surveillance for state security. Surveillance tools help to detect potential threats and assist in monitoring any suspicious behaviour. By collecting and sharing information within the government and with key stakeholders, a critical overview is given on potential threats and how to combat them.

In the current political atmosphere, security threats cannot be accounted for by states only. Governments need to cooperate with private actors and relevant stakeholders in order to gain sufficient access to data. Public-private cooperation on surveillance is therefore in place in order to tackle these threats in the most resource-efficient manner. Although these public-private partnerships are known to address security threats, it also brings along problematic aspects in tackling these issues. (Carr, 2016). These partnerships and their implications often fail to consider the target population that is negatively affected by it. According to O’Neill and Loftus, state surveillance and private sector involvement is shifting towards the management of “deviant populations” which are deemed a security threat (2013). This involves surveillance directed at this target audience and may have implications for state protection. The specific aim at certain populations is monitored by both the public and private sector, and the data is shared amongst these actors (Schinkel, 2011).

2.3 The private sector as a surveillance actor

This growing involvement of multiple actors has also allowed private actors to become an integral component of surveillance. Private actors have become intertwined with state surveillance, which makes it increasingly difficult to define which authority figure or actor is conducting surveillance and how this is regulated (Loader & Walker, 2007; Lyon, 2015b).

(9)

Furthermore, corporations share data with governments, with the benefit of government support, agreements, and economic benefits. This leads to increased sharing of data and provides governments with information that would not have been possible to attain without the private actor’s involvement (Lyon, 2015a). State-corporation relationships, “cooperative institutional arrangements between public and private sector actors” (Hodge & Greve, 2005), are therefore a crucial part of the surveillance assemblage and contribute significantly to state surveillance.

Governments have numerous reasons to undergo partnerships with the private sector for security purposes. Although governments are involved in innovation and key technological processes, they greatly benefit from companies that are specialized in these developments. Especially multinational technology corporations that are able to support governments on technology innovations and data processing are beneficial (Fuchs, 2013). Large amounts of data can be processed and therefore support states with timesaving and advanced technology. Furthermore, states rely on these corporations’ infrastructure. Internet intermediaries that provide online services and communication facilities have a large infrastructure in which data is stored (Sargsyan, 2016). Another example of infrastructure that private companies provide are surveillance products such as Closed-Circuit Television (CCTV). These tools for visual imagery are produced by private corporations and technical experts and allow for bulks of visual data to be stored and processed (Liang et al., 2018). Private companies thus provide governments with large amounts of processed data and the surveillance equipment to attain this data, which is beneficial due to more innovative processes and fast developing technology that these companies specialize in.

Many scholars claim that sharing users’ data and technological tools for profit is a well-known business model. Private companies collect users’ data and store this in large databases. This data is then compiled and analysed in order to use it for marketing or reselling purposes (Mineo, 2017; Scott, 2018). Zuboff (2019) labels this exchange of data as “surveillance capitalism”. According to the author, the monetization of large bulks of data collected by corporations has become a business model. Corporations sell this data to the highest bidder, whether it be the government or other retailers. The consequences of sharing mass data are not always clear, but creating revenue is a large incentive for private corporations to partake in it regardless. However, companies differ in values regarding the exchange of data and services for profit. Some entities exchange data for profit, whereas other companies explicitly claim that they do not participate in these practices (Cordero, 2018). The economic benefit is a driver

(10)

for data sharing, but not all companies find the added value to weigh up against the drawbacks of complying.

The information that is acquired by government is favoured by legal frameworks and pressure on the providers. A company that is situated in a country must abide by the laws of the country that they are operating in (Goldsmith & Wu, 2006). By imposing law enforcement requests, governments can gain access to user data provided by internet intermediaries. Although Internet Service Providers can be situated globally, data centres need to be physically located in one or more countries and they thus fall under the respective local legislation. This does however provide the possibility for corporations to choose locations that benefit them economically and politically (Wood, 2014). Furthermore, in the case of national security threats, governments can put pressure on corporations to comply with their requests to data (Sargsyan, 2016). These legal frameworks and policies shift the task of data mining and surveillance significantly to the private sector (Balkin, 2013).

From a governmental perspective, one of the purposes of these partnerships is to maintain security (Van Dijck, 2014). Companies can provide the government with data that can be used for state security, which provides opportunities for a wider set of data on suspect individuals. This makes the private sector a large player for state surveillance, and thus for state security. Private companies are willing to hand over data to third parties, including government and state-bound institutions, under legal frameworks or for revenue. Hence, they contribute to government investigations regarding state security (Liang et al., 2018; Sargsyan, 2016). Different theories exist on this phenomenon. Ball and Snider (2013) theorize the “Surveillance-Industrial Complex”, which refers to the public-private relationship between state security and intelligence entities and private sector technology corporations. They see this nexus as beneficial for governments, as it provides large amounts of processed data, low infrastructure costs, and accountability for the private actors (Ball & Snider, 2013). Furthermore, De Londras (2014) refers to “Privatized Counter-Terrorist Surveillance” (PCTS), which involves the government attaining huge amounts of technological capacity in order to surveill individuals and relevant actors. The author emphasizes the “private surveillance infrastructure” which is utilized for surveillance practices with counter-terrorist outcomes (de Londras, 2014, p. 8). This infrastructure is made up of technologies such as CCTV and GPS systems. State-corporation relationships for surveillance thus benefit the government in terms of data and infrastructure in order to foster state security.

State-corporation relationships can be defined as cooperative or conflictual. Corporations have many incentives to partner with the state, with the largest drivers being

(11)

economic benefits and the interest of national security. However, corporations may choose not to comply with unlawful or unwarranted requests for data. This leads to a conflictual relationship in which surveillance can be restricted due to the lack of data access. The cooperation of corporations for surveillance can therefore influence the outcomes and type of surveillance that the state conducts.

(12)

3. Methodology

This chapter accounts for the research design and how the analysis will be conducted. First justification for the case selection will be given, after which an overview of collected data is presented in light of the researched cases. The operationalization of the concepts that will be analysed is then discussed, leading to the method of analysis. Finally, the validity and generalizability of the research is presented along with the limitations of the study.

3.1 Case selection

In order to research the effect of state-corporation relationships on digital surveillance, two cases are analysed in a comparative case study. The cases both analyse the digital surveillance of security threats. To provide a relevant framework, the securitization of Muslim minorities, the digital surveillance, and the state-corporation relationships regarding surveillance are given as a framework for each country, respectively. This framework is then applied to the specific case studies: digital surveillance of the Uyghur population in China, and digital surveillance of Muslim minorities in the United States, in light of preventing terrorism. The selected cases regard the PRISM program and mass surveillance programs revealed by Snowden, and the Xinjiang surveillance state in China.

These cases have been selected based on different criteria for analysis of the research question. They are both cases where the government has a relationship with the private sector to perform digital surveillance of perceived security threats. The elements of the research question can thus be found in both case studies. Further criteria for the case selection provide a framework for comparison. These can be divided into the type of state, the type of threat that they are facing, and the state-corporation relationships that are in place.

The first similarity between the two cases is that both the United States and China are states with a high level of digital surveillance. US domestic surveillance practices date back to the First World War and have severely intensified after the 9/11 attacks. Similarly, China has a reputation for being one of the most heavily digitally controlled states worldwide. Digital monitoring has occurred since the establishment of the People’s Republic of China. This has intensified after the appointment of Xi Jinping as president, who has made digital surveillance one of China’s top priorities (Monahan & Wood, 2018). Moreover, within both China and the USA, surveillance is prominent within the government and its institutions. Both states have appointed and created platforms that prioritize surveillance, such as the National Security Agency (NSA) in the United States and the Cyberspace Administration of China (CAC). These agencies perform under the government and report to a central authority in the case of both

(13)

states. Digital surveillance as a policy priority and its rapid intensification in the last decade place the two states in a framework for comparison on the state-level. There is however a differentiation in the level of surveillance. China has established a surveillance state in which populations can be explicitly targeted, whereas the United States makes use of structural surveillance that is overseen by federal oversight mechanisms.

A main difference between the two cases is their types of government and political rule. The US officially functions as a constitutional republic and China as a one-party republic. Their political rule however differs, such as in terms of centralization of power, governmental bodies, and authority. These differences reflect on both states’ drivers for control. Although minimizing risk and maximizing security is high on the agendas of both actors, there are different drivers to account for when researching their security goals. These differences ultimately show how two states with high levels of surveillance operate in light of minimizing security threats.

One of the aims of these government bodies is the minimizing and eliminating of security threats. In both cases, the US and China see Islamist terrorism and the Uighur population as security threats respectively. There are however differences in the way these threats are perceived due to the securitization and labelling of the population as threats. To counter these threats, digital surveillance is in place in both states. The states also differ regarding targeted surveillance versus mass surveillance, and in terms of transparency. This is seen in the approaches of digital surveillance towards the security threats they attempt to mitigate.

The last difference that serves as a foundation for the analysis is the difference in state-corporation relations between the US and China. Both countries make use of private companies in order to pursue security needs, but they have different means of achieving this goal. For example, the Chinese National Intelligence Law, created in 2017, demands cooperation of organizations and citizens in order to comply to national security demands (Beijing’s New

National Intelligence Law, 2017), whereas the United States can attain data using warrants and

upon federal approval. Both the US and China predominantly retrieve necessary data from private actors, but they achieve this in different ways. This variance causes the outcome - the type of digital surveillance - to differ. Therefore, the relationship that the US and China have with internally located technology corporations and how this results in digital surveillance put in place will provide a relevant framework.

The two surveillance programs have limitations in their comparative structure. Analysing the mass surveillance programs of the Snowden revelations and thereafter limits US surveillance from the start of the ‘War on Terror’ to a smaller timeframe and does not coincide

(14)

with the start of the Chinese ‘People’s War on Terror’. However, this boundary is drawn in order to avoid a broad description of several surveillance programs and shifts the focus to the involvement of the private sector in the surveillance program. The cases therefore both describe surveillance programs that are aimed to mitigate terrorist threats. Moreover, the availability of data makes it necessary to analyse available documents such as the Snowden revelations. Drawing the boundary for the case studies therefore constraints comparability, but the analysis can still be drawn following the comparable criteria named above.

3.2 Data collection

The data that was collected for analysis consists of both primary and secondary sources. The primary sources that are used consist of government publications. For the Chinese case, these include white papers on counterterrorism, and cyber security laws. The US case documents consist of Executive Orders such as the Muslim Travel Ban and the Authorization for the Use of Military Force. These primary documents provide clear evidence of the laws and orders that are in place and account for policy directives in both cases.

Furthermore, multiple types of secondary sources have been consulted. The first type includes journal articles from peer-reviewed journals. These articles provided background information for both case studies in terms of securitization, security, big data, state-corporation relations, and the surveillance states of both countries. These articles thus provided a clear framework and relevant information for analysis. Moreover, books were used to support theory on surveillance, terrorism, security theories, and the security landscape since 9/11. The media outlets that were used included the Guardian, CNN, the Washington Post, Daily Mail, the New York Times, and the Financial Times. These provided information on the PRISM program, the US surveillance state, and reports on the situation in Xinjiang. Furthermore, blogs from Lawfare, the Harvard Law Review, and Foreign Policy were accessed in order to gain more background information on relevant (cyber security) laws and legal regulations regarding surveillance. Finally, independent research organizations and think tanks including Citizen Lab, Brookings Institution, Carnegie Endowment for International Peace and others gave relevant background information on AI surveillance, US state security and the surveillance state, and the Xinjiang surveillance state. These sources all provided an extensive report on the case studies and formed the foundation for the conducted analysis.

(15)

3.3 Operationalization

This research focuses on the different aspects of the research question, namely security threats, state-corporation relationships, and digital surveillance. Security threats are defined by how both governments securitize security threats. In both cases, this accounts to the prevention of terrorist threats by the Muslim population. State-corporation relationships, as used in this research, are defined by the sharing of data and infrastructure of corporations to the government. These relationships are defined as cooperative and conflictual, referring to the extent to which corporations are willing to share their data and work with the government to conduct digital surveillance. Digital surveillance in this research is defined by the characteristics that were found in both case studies. These relate to the goal of surveillance, surveillance techniques, the level of active targeted surveillance, transparency, and the type of surveillance structure that is in place. The analysis is conducted by testing three hypotheses and their outcome on the digital surveillance in both cases.

These hypotheses, accounting for the difference in state surveillance of security threats, will be assessed in order to weigh out the effect of state-corporation relationships against the alternative explanations. It is argued that the type of relationship states have with state-based technology companies plays a significant role in accounting for the difference in surveillance. However, other potential factors will be taken into account when looking at surveillance. The first level of analysis is the type of threat that exists in both states. In both cases, a security threat is constructed regarding a potentially threatening population. The analysis will look at how China and the United States have constructed their threat and if this affects the type of surveillance that takes place. Furthermore, the location of the threat will be taken into account. The US internationalized threat with a global surveillance apparatus is therefore set against the Chinese domestic threat with targeted limited surveillance. Lastly, the severity of the threat is compared and their consequences are included in the analysis. The second level of analysis is the type of state that the surveillance takes place in. China and the United States largely differ on certain levels and these will therefore be assessed when attempting to determine differences in surveillance. The US as a hegemonic power against China as a rising revisionist power will be compared. Furthermore, the regime type will be assessed and potentially provide an explanation for differences in surveillance. The last level of analysis are internally located technology companies and state-corporation relationships. The relationship between internally located technology companies in US and China differ. This is based on the laws in in each respective country and the voluntary of adversary relationship that is in place. It is argued that these relationship affect the type of surveillance that takes place in each country.

(16)

In order to derive conclusions from the case studies, the hypotheses are presented in light of the digital surveillance in place. This will conclude the extent to which the type of security threats, the state type, and ultimately the state-corporation relationships affect digital surveillance of security threats.

3.4 Validity, reliability, and limitations

The internal validity of this research relies on the effect of state-corporation relationships on the type of digital surveillance that a state conducts. The analysis explores the extent to which these relationships affect surveillance in both case studies. It is however difficult to assess the effect of state-corporation relationships, as many other justifications can make a difference on the outcome of the multi-causal situation. In order to account for a high level of internal validity, other explanations need to be considered that might cause an alternative outcome (Yin, 1994). Therefore, the analysis focuses on the role of state-corporation relationships, but also takes the different types of threats and state characters into account. This leads to an all-encompassing analysis of possible justifications, with state-corporation relationships as a key outcome.

The external validity is based on the generalizability of the research. The goal of this research is not to derive theory from these findings, but to analyse to what extent state-corporation relationships affect digital surveillance. This is based on the analysis of the two case studies. However, the results might not be applicable to all case studies that refer to digital surveillance and the private sector. An important matter to take into account is that this analysis portrays the effect of state-corporation relationships in these respective states, and can thus be applied to states that have a similar state-corporation relationship in place. Furthermore, the case studies of the US mass surveillance programs as revealed by Snowden and the Chinese surveillance state are not generalizable for all types of surveillance programs in both countries. These merely represent cases that can be analysed in light of state-corporation relationships that are relevant for the existence of digital surveillance of the surveilled population in that timeframe.

The reliability of the research is dependent on the documentation of the research as it is being conducted (Yin, 1994). The findings and there sources are continuously described to account for the data sources and to justify for the chosen data. This will allow for the research to be replicated. Furthermore, the research methods and used sources are based on empirical findings which have been subjectively chosen by the author. If the research on the two case

(17)

studies might be replicated, the same sources must be used to form the basis of the analysis. It is then expected that the outcomes will not exceedingly deviate from the results of this research.

(18)

4. Case studies 4.1 China

The following chapter will discuss the case of Uyghur surveillance in China which was officially authorized starting in 2014. A short history of the securitization of the population will first be discussed, leading up to the reasons for the PRC to consider the Uyghur population as a security threat. Afterwards, the process of digital surveillance in the country, along with the laws that enable this, are discussed. The role of the private sector in Chinese surveillance practices is then portrayed in order to clearly show how the private sector is involved. Concludingly is the case description of digital surveillance of the Uyghurs since 2014, including the companies that are involved and their relationship with the state.

4.1.1 Securitization of the Uyghur population

Uyghurs: A brief history

The Uyghur population lives in Xinjiang, China. Xinjiang is China’s largest province and is inhabited by a population of more than 21 million people. The population consists of a number of ethnic groups, of which the Uyghur is the dominant ethnic group (Gilbert, 2018). The Uyghur population is Muslim, which contrasts with China as an atheist state. Uyghur nationalists therefore argue that their culture does not resemble the dominant national culture of their home country (Mukherjee, 2015).

The Uyghur population has not always been included in the Chinese state. In the history of China, Xinjiang has been resourceful for natural gas, oil, and other natural resources. The region was however out of the Chinese government’s reach, as the central authority did not focus on the territory besides its resources. This changed in 1949, when the People’s Republic of China (PRC) was established and included Xinjiang in the country’s territory (Pokalova, 2013). The inclusion of Xinjiang in the PRC evolved when the region gained autonomy in 1955. The PRC established the Xinjiang Uygur Autonomous Region (XUAR), which formally acknowledged “the equality of nationalities; the freedom of minority nationalities to advance their political, economic and cultural development; and gave the right to self-government bodies to use their local national languages” (Pokalova, 2013, p. 284).

Although these rights were legally documented, the reality is that the PRC has continuously repressed Uyghur freedoms. The Uyghur community does not identify with China as a home country due to the cultural differences with the majority of Chinese culture, and due to policies that go against their cultural autonomy (Clothey & Koku, 2017). These

(19)

policies have actively gone against the religious and cultural rights that were given to the XUAR.

Oppression by the PRC

The main reason for anti-Uyghur policies is their conflicting religion that stands against China’s atheist state. Historically, religious groups have been actively surveyed by the government as these groups have had political agendas that differed from or were opposite from that of the state (Mukherjee, 2015). The one-party system in China, which is led by the CCP, stands in favour of atheism. In order to facilitate the existence of religious groups or minorities, the government allows practice of religion within officially approved venues (Clothey & Koku, 2017). This allows for state-controlled activities and permits religious practices under close observation.

The government has been imposing restrictions on certain Uyghur cultural or religious aspects since the existence of the PRC in 1949. In Xinjiang, there is a strong presence of Muslims belonging to the Uyghur population. Islam is generally disapproved by the government because it intervenes with state-centred policies (Guo, 2004). Furthermore, fear of terrorism and anti-state attacks are drivers for repression in China (Clothey & Koku, 2017).

One of these policies was the forced immigration of the Han Chinese to the Xinjiang region (Gilbert, 2018). Under the motivation of economic development, the government ordered Han Chinese to inhabit the area. As a result, the Han population grew from 6% in 1953 to almost 41% over a period of 47 years (Toops, 2004). Another policy was the attack on Uyghur culture and religion. The government has actively campaigned atheism in the 1990s, which stood against freedom of religion in the Constitution of the XUAR in 1954 (Pokalova, 2013). More active denial of religious freedom and rights resulted in dissent from the Uyghur population. These anti-religious campaigns and policies showed a colonialist type of repression against the Uyghur population. This repression has caused for protests and anti-state measures since 1949 (Mukherjee, 2015).

Construction of the security threat

The construction of the growing threat of the Uyghur population is due to a number of incidents. These caused for securitization of the population and active repressive policies to contain the Uyghur community. Besides structural suspicions against Muslim Uyghurs and fear of terrorism or anti-state measures since the 1990s, the following events caused the Chinese government to increase surveillance of the minority population.

(20)

A pivotal event was the Urümqi riot in Xinjiang. On July 5 2009, riots broke out in Urümqi, the capital of Xinjiang. The events occurred as a result of a peaceful protest by Uyghurs, to which the Chinese government reacted with acts of violence. Fully armed forces were put into place against the Uyghurs to handle the situation (Seytoff & Szadziewski, 2018). It is estimated that there were around 200 deaths resulting from these acts of violence (Corradini, 2011; Shepherd, 2019). In the coverage of the events, the Chinese government actively portrayed the Uyghurs as terrorists and criminals (Seytoff & Szadziewski, 2018). These events thus contributed to the depiction of Uyghurs as terrorists. More repressive policies against the Uyghur population as terrorists were therefore put in place.

Since the 2009 riots, many occurrences of violence have taken place. A significant increase of violent incidents occurred in 2013 and 2014. Late 2013, a van drove into Tiananmen Square and hit a group of pedestrians (Clarke, 2017). In March of the following year violence escalated as a knife attack took place in Kunming train station in Southern China and two suicide attacks occurred in Ürümchi South railway station in April and at an Ürümchi market in May (Smith Finley, 2019). This trend of greater acts of violence was accompanied by accusations of the Chinese government on the origin of the attackers. These events were labelled as terrorist attacks by Xinjiang extremists, leading to the government taking actions against them.

Following these incidents, Xi Jinping and the party secretary of the province, Zhang Chunxian, announced the ‘People’s War on Terror’. This state of emergency vowed to initiate measures against “the three forces of separatism, terrorism and religious extremism in Xinjiang” (Shepherd, 2019). These three forces have henceforth been the framework for China’s counterterrorism strategies (Tanner & Bellacqua, 2016).

Since the implementation of these measures, the Uyghur population has been under increased surveillance of the Chinese government. Policies aiming for stability and long-term peace in the region were implemented under Chen Quannguo, the party chief in Xinjiang. Since 2016, Chen developed a policing grid in the region where large amounts of police officers were put to work and introduced so-called ‘transformation through education camps’ (Shepherd, 2019). These measures were put into place to fight terrorism in Xinjiang by arresting criminals and citizens conducting minor offences. By placing them in camps where they would be mentored and educated, the Chinese government would implement their anti-terrorist policies (Pokalova, 2013). Citizen arrests and placement in these camps or prison are measures that are put into place after surveillance takes place in the area. By monitoring citizens, the government attempts to eliminate any form of security threat.

(21)

State-led policies against the Muslim population in Xinjiang have been occurring since the start of these events, but these policies have largely expanded since their official approval in 2014. The CCP then officially approved these measures, after which a large increase of policy against ethnic Muslim minorities was implemented. Although these measures are targeted at Muslims, only the population in the Xinjiang region has been the victim of detention and mass surveillance practices (Greitens et al., 2020). It is important to note that not all Muslim populations are explicitly targeted, and that the securitization of the Uyghurs is specifically directed towards preventing any form of security threats in the country.

4.1.2 Digital surveillance in China

One of the ways in which the CCP’s state capacity is enhanced is through surveillance of its citizens. By monitoring the population, the state keeps its political power in place. Surveillance practices ensure that the population follows the regime’s policies and so enables its coercive mechanisms (Wheelehan, 2019). In China’s one-party rule, there are no legal restraints to the government’s power (Qiang, 2019). Therefore, surveillance policies that are implemented are not overseen by a higher legal framework and can thus be applied according to state policy.

These policies are executed in the large surveillance state in China. The government has one of the most pervasive forms of information control in the world (Fry, 2015). This control involves the monitoring of citizens’ movement, the recording of individuals, and the collection of digital behaviour records (Chen & Cheung, 2017). This system does not merely observe behaviour but actively intends to change citizens’ behaviour. By censoring websites or “regulating intermediary actors like Internet service providers (ISPs) and the Internet content providers (ICPs)”, the government can intervene in citizens lives through surveillance and technology intervention practices (Zheng, 2007, p. 8-9). The surveillance that is in place thus involves biometric, visual, and personal data collection.

China is constantly building new surveillance mechanisms in which this surveillance can be done. In 2017, the Skynet project was completed. This project is one of the largest surveillance projects in the world, containing around 176 million surveillance cameras with the goal of increasing this number substantially (Qiang, 2019). These cameras can record and collect many forms of data, including citizens’ gender, clothing and height. The Artificial Intelligence systems that are equipped in these cameras gathers this information and transfers the data to the Chinese government. This is done under the motive of state security and the government claims to use it solely for these purposes (Shen, 2018). These projects are

(22)

constantly being created and rely on private sector involvement in order to perform this, along with a changing judicial system in order to keep up with these security measures.

Laws on data distribution

The Chinese judicial system in which surveillance takes place has expanded since Xi Jinping has been in power. With a large focus on Internet security in government policy, China has taken action in renewing and creating laws in which state power is enlarged. In recent years, the following laws have been adopted that have changed China’s legal structure regarding the Internet, surveillance and state security: The Counter-espionage Law in 2014, the National/State Security Law in 2015, the Counterterrorism Law in 2015, and the Foreign Non-Governmental Organization Law in 2015 (China’s intelligence law and the country’s future

intelligence competitions, 2018). These laws all focus on Chinese state security and have

expanded the ability for the government to collect data. This means that the state is given the ability to perform surveillance in light of intelligence operations, and may collect data in order to safeguard national security (Yang, 2019).

The most recent law regarding surveillance and Internet security is the China National Intelligence Law, which was passed in 2017. Similar to the laws that have emerged in the last decade, this law focuses on state security. However, the methods in which the Chinese government conducts this have changed significantly. It builds on previous laws of state security and surveillance, but elaborates on which intelligence agencies may perform this. Under the new cyber security law, “state intelligence agents” may perform “intelligence work”, which can be broadly interpreted (Yang, 2019). This means that these agencies may perform surveillance in cases that this is deemed necessary to ensure state security. The Ministry of National Security and the Internal Security Bureau of the Ministry of Public Security can therefore collect citizens’ data and company data without a warrant (Ünver, 2018). Furthermore, the law states that data can be collected and assessed to identify “problematic individuals and institutions” (China’s intelligence law and the country’s future intelligence

competitions, 2018, para. 4). The responsibility for Chinese intelligence agencies enhances

surveillance practices on citizens, justifying it in name of state security practices. The power of monitoring is thus in hands of the government and is authorized under Chinese law.

The current cyber security law clarifies what the responsibilities are for network operators, individuals, and the state regarding security. In Article 21 of the 2017 Law is a multi-level protection scheme (MLPS 2.0) based on the already implemented 2008 MLPS of the Ministry of Public Security (Shek & Zhang, 2019). The MLPS is a scheme that regulates

(23)

technical and organizational controls that relevant stakeholders - companies and individuals - must follow in order to comply to security standards. By ranking information into different security levels, network operators place their IT systems on a scale from 1 to 5, with 5 being the most sensitive. In this scheme, a higher ranking leads to increased monitoring by the Ministry of Public Security (Swinhoe, 2019). The system allows for a high level of governmental control on IT systems and data. By monitoring all network activity, a legal surveillance system is in place (Dickinson, 2019). Although Chinese laws do imply that corporations need to hand over data to the government regarding state security, they do not explicitly imply that the government is allowed to continuously access data, for example through a backdoor (Yang, 2019). It can however be concluded that all active regulations regarding data access provide the government with large access and control over user data upon request.

4.1.3 The private sector and surveillance in China

In order to strengthen state security, the Chinese government relies on the private sector. According to Dickinson (2019), China is continuously developing a “data gathering, surveillance and control program”. Surveillance is thus essential in safeguarding national security by preventing and mitigating any form of threat. In order to achieve this all-encompassing security system, the government aims to monitor and control every form of network activity. This includes the Internet, mobile phones, social networks, cloud systems, and email (Dickinson, 2019). The establishment of a large digital surveillance infrastructure is prioritized in Chinese policy and its realization is dependent on private sector technology and infrastructure. A centralized data infrastructure is thus China’s objective for control of data and technology in the country over its citizens. Data is gathered from private sector infrastructure and is used by the government in order to create a “state surveillance infrastructure” (Liang et al., 2018, p. 431). The private sector therefore plays a significant role in the establishment of China’s surveillance state.

The government cooperates with corporations in order to receive data, but the PRC also recruits companies in order to provide for surveillance technology. As the surveillance state is largely made possible by technology such as CCTV cameras for facial recognition, corporations that are in charge of producing these products are crucial for maintaining this infrastructure. Large technology corporations HikVision and Dahua have been recruited by the government to provide security cameras for the Skynet project, and Sensetime software is used for AI facial recognition technology (Shen, 2018). The government is increasingly investing in

(24)

these technologies that are necessary to maintain the security infrastructure that is in place. Other high-tech companies such as Alibaba, Baidu, and Tencent assist in surveillance for government-led purposes (Qiang, 2019). The provision of services for government surveillance programs is a key element of the infrastructure of the surveillance state in China.

In accordance with Chinese security laws, companies need to comply to government requests for data. The MLPS 2.0 standards and the national cyber security law both state that Chinese and internally located Internet Service Providers need to comply to requests by the government security agencies. There are restrictions on any forms of private or encrypted data which would prevent the PRC from accessing data which is deemed necessary for the government to secure the state (Dickinson, 2019). Therefore, internally located corporations all comply to the same rules and must cooperate with the state regarding user data. However, some companies have claimed to resist requests for data in order to protect their users. Ren Zhengfei, the CEO of Huawei, has claimed that the company would not comply to any demands by the government with regards to data (Kharpal, 2019). The company has received much critique on potential data sharing with the government and explicitly states that this would not be the case. It is however unclear whether this claim would hold as the cyber security law makes it impossible for domestic corporations to circumvent government requests for data.

To conclude, China has a mostly cooperative relationship with the private sector in terms of surveillance for security threats. The state makes use of private sector infrastructure in order to gather data on these networks. Furthermore, current cyber security law states that internally located corporations must share data when this is requested to mitigate security threats. The legal framework on data sharing and the internally located infrastructure assist in tracking suspicious individuals and so aids China in its quest for potential terrorists.

4.1.4 China and the digital surveillance of security threats

In this section, the case study of the digital surveillance of the Uyghur population will be described. A description will be given of the case study, describing the surveillance state that the PRC has created. Then, a description of the type of digital surveillance is presented, elaborating on biometrics, visual surveillance, and data collection with the help of the private sector.

In the Xinjiang region, the Uyghur population is under heavy surveillance by the Chinese government. The riots in 2009 that occurred due to injustice felt by the Uyghur population and the follow-up of terrorist events that were depicted on the population led to an increase of monitoring of the population (Chin & Bürge, 2017). The CCP has been actively

(25)

monitoring the 11 million Uyghurs that live in the Xinjiang region, leading to it becoming “a frontline laboratory for data-driven surveillance” (Qiang, 2019, p. 58). The government has been building a surveillance state since 2014 in order to collect information on the citizens of the region. Although this type of surveillance is not unique for the region, other parts of China are not as heavily monitored as in Xinjiang (Byman & Saber, 2019).

Chinese authorities claim that this state of surveillance against terrorist threats has always been in accordance with the law. These policies have been implemented in order to stop the evil the “three forces of separatism, terrorism and religious extremism in Xinjiang” (Shepherd, 2019). According to the white paper ‘the Fight against Terrorism and Extremism and Human Rights Protection in Xinjiang’ by the State Council Information Office, 13,000 terrorists had been arrested in the last five years (China's State Council Information Office, 2018). The white paper also states that any participants of religious extremism or possible terrorist activity can be sent to re-education camps. Chinese “pro-Beijing” newspapers such as the Global Times claim that the outcome of these surveillance programs and arrests is positive as it demonstrates the effectiveness of anti-terrorist policies (Doffman, 2019). Anti-terrorist laws and fights against terrorism are one of the largest drivers for these practices. Surveillance programs which include the tracking and monitoring of the Muslim Xinjiang population is therefore deemed necessary.

Within the Xinjiang surveillance state, the Chinese government makes use of digital surveillance techniques in order to track and monitor and suspicious behaviour. This data is being collected and processed for anti-terrorist measures and is the foundation for action against any suspects. The type of digital surveillance can be classified according to biometrics, visual surveillance, and data collection:

1. Biometrics: In Xinjiang, large amounts of biometric data is being gathered. This

data includes DNA, fingerprints, blood type, and iris scans (Byman & Saber, 2019; Qiang, 2019; Ünver, 2018). The government is collecting this data for a database of personal information of Xinjiang Uyghurs. According to Xinhua, a Chinese state-run news agency, this data is gathered for “universal health checks” (Zhang, 2017). This allows for the government to collect masses of personal information of the 11 million residents in Xinjiang.

2. Visual surveillance: Facial recognition software and security cameras are present throughout the entire Xinjiang province. This is for the purpose of identifying individuals, but also to track and monitor the location of individuals. Facial

(26)

recognition software can recognize citizens’ location and notify the government where any suspect individuals are located (Feldstein, 2019). CCTV and AI software enables the collection of visual surveillance for the government.

3. Data collection: Through “sensors, big data, and other cutting-edge technologies and methods”, the PRC aims to collect data of the Xinjiang population (Byman & Saber, 2019, p. 4). As the government has access to data that is collected with the infrastructure of Chinese Internet Service Providers, a large collection of mass data can be accumulated. This includes communications through a monitored app, which Xinjiang residents must download on their phones (Byman & Saber, 2019). The app, named ‘Cleannet Bodyguard’ is required to be installed on all phones in the region. It monitors all data and apps and can censor information that the government disapproves of (Gerin, 2018). The combination of active data collection through these apps and information that can be collected from technology companies results in an all-encompassing surveillance assemblage.

All collected data is gathered and used to identify threatening patterns or potential terrorist suspects in the entire Xinjiang region. This data is integrated into the Integrated Joint Operations Platform (IJOP), a mobile app used by intelligence bodies (Feldstein, 2019). Human Rights Watch has reported on the app, stating that it gathers the biometric, visual, and online data of individuals and processes it through algorithms that detect threats. This is used to identify and track down suspect individuals (Human Rights Watch, 2019). The collection of data is thus centralized and used by the government for anti-terrorist and state security purposes.

In the Xinjiang surveillance state, multiple companies are involved with the digital surveillance of the Uyghur population. The government has recruited companies for surveillance infrastructure, and this appears to be done for visual surveillance and data collection purposes. The two largest providers for visual surveillance technology in China are Hangzhou Hikvision Digital Technology and Zheijiang Dahua Technology. Both companies develop surveillance cameras and facial recognition technology that are used for security initiatives in the Xinjiang province (Schmidt & Feng, 2019). These two companies have gained large profits for installing surveillance equipment, demonstrating their cooperative relationship for economic incentives. Furthermore, Hikvision has a cooperative relationship with the PRC as it is owned by the state. Its chairman was also appointed for the National People’s Congress in 2018, making him a government official under the CCP (Rollet, 2018). SenseNets is another

(27)

company that provides facial recognition for the government. Doffman (2019) states that SenseNets if funded by the state in order to track residents of Xinjiang. Other facial recognition companies include DJI, Megvii, Intellifusion, Deepglint, Watrix, and iFlytek. These have all been recruited by the Chinese government to supply visual surveillance technology for the surveillance state in Xinjiang (Schmidt & Feng, 2019). With regards to data collection, a number of companies provide data and surveillance infrastructure that is used for surveillance. Tencent Holdings provides tools for surveillance and censoring by monitoring online social media such as WeChat (Ruan et al., 2016), and ByteDance is involved in censoring content and tracking citizens data (Schmidt & Feng, 2019). These companies all provide data and surveillance infrastructure to the state in a cooperative manner.

The large scale of surveillance in Xinjiang has created a threat of being captured by the government for the Uyghur population. Monitoring through CCTV cameras, mobile phone scans, ‘de-extremification apps’, and biometric databases has created a surveillance state that allows full control over the population and any possible threats. There is a significant role of the private sector for the use of digital surveillance and the construction of the surveillance state against the Uyghur population.

4.2 United States

The following chapter describes the digital surveillance of the Muslim population by the United States. It begins with a description of the securitization of Islam, leading up to the reasons for the population to be seen as a security threat. Then, digital surveillance in the United States is described along with laws regarding data distribution. Private sector involvement with surveillance is then portrayed, which shows the benefits for the government to engage with private actors, and why companies would comply to this. The final part consists of the case description of digital surveillance of the Muslim community. This includes the type of surveillance that is conducted, what companies are involved, and what their relationship is with the US government.

4.2.1 Securitization of Islam

Although the US War on Terror has been prevalent since the 9/11 attacks in 2001, anxieties over Islam have existed in the United States many years before the event occurred ( Fox & Akbaba, 2015). One of the reasons for the “anti-Muslim prejudice” was around the end of the Cold War. The United States needed to label a new “other”, as the fading communist threat was no longer present. This Orientalist labelling caused a shift to occur in which the US

(28)

government attempted to shift the focus on the ongoing problems that occurred in the United States at the time (Sadequee, 2018, p. 475). Furthermore, there has been an ongoing desire to reshape Islam in the United States in past Democratic and Republican administrations (DelReal, 2016; Hunt, 2016). A fear of violent incidents against the state has been prevalent, which has led to the prejudice that the population must be controlled.

The United States security framework changed significantly after 9/11. The 9/11 attacks were four coordinated terrorist attacks by the Islamist terrorist group al-Qaeda against the United States On 11 September 2001. The four planes crashed into the World Trade Center Complex and the Pentagon, and the last plane was headed towards Washington D.C. but crashed before it reached its destination (Moghadam, 2008). The events resulted in a large, global threat apparatus in which terrorism was imminent in worldwide foreign policy. Thimm (2018) argues that the dynamic after the events was comparable to the rise of the Cold War. This threat level and the changing state of emergency worldwide led to the US ‘War on Terror’. The War on Terror was announced to Congress by President George W. Bush on the 16th of September 2001, following the 9/11 attacks. The term came forth from the Authorization for Use of Military Force, which was made law on September 14 2001. The AUMF authorized the president to “use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks that occurred on 9/11, or harboured such organizations or persons” (H.R.J. Res. 23, 2001, p. 1). Targeting of individuals and organizations was new, as the use of force had previously only been declared upon states (Thimm, 2018). This laid the foundation for the anti-terrorist measures against suspect populations and potential terrorist threats.

The objectives of the War on Terror led to an increased amount of operations in the fight against terrorism. One of these objectives were orders to capture and kill terrorists given out by the CIA for Operation Greystone. As opposed to individually authorized orders by the president, the orders were delegated to the CIA (Thimm, 2018). Another operation, Stellarwind, was set up to enable the National Security Agency to gain access to telephone records of United States citizens to obtain information on potential terrorist suspects (Zeballos-Roig, 2019). The amount of covert operations aimed at potential terrorist suspects rose significantly after the War on Terror was announced.

The implications of 9/11 and the War on Terror included increased securitization of Islam in the United States. Although there is evidence of prejudice against Islam before 9/11, much scholarly research suggests that these events have severely increased the securitization of the population (Fox & Akbaba, 2015). In the United States, minorities that included

An Unholy Alliance? State-Corporation Relationships and the Surveillance of Religious Minorities

An Unholy Alliance? State-Corporation Relationships and the Surveillance of

Religious Minorities

Table of Contents