 OK, ladies and gentlemen, for those who don't know me, my name is Ian Wallace. I am the co-director of the cybersecurity initiative here at New America. As you may have seen as you came in with our big banner across the wall, one of our goals here at New America is looking at how technology is changing the world and understanding how we respond to that in a range of different sort of polity contexts, including how we secure this new sort of digital world in which we live. But of course, it is increasingly clear that not all of that technology is necessarily going to come from the United States. And one place where we're learning that that technology could well come from is China. The challenge in that regard, of course, is that while China is helping to define the global digital economy, what the people in China, particularly the Chinese government, but others, are doing and thinking is not particularly well understood. There are a number of reasons for that. Some cases it's deliberate. But it's even more due to the fact that there are cultural and particularly language barriers which make it difficult for non-China experts to really understand what's going on. A lot of material is made available in Chinese, but obviously not accessible to non-Chinese speakers. And that is why we jumped at the chance when to put together what we're calling our Digi China blog. And just today, to coincide with this event, we have gone live with that blog. For anyone who wants to find it, go to the Cyber Security Initiative homepage on the New America website. And you can see there four blog posts that we've already produced and previously circulated, but all captured in one place. And this is a blog that we're going to develop. We're going to grow with the help of this crew here and others to sort of pull back the veil a little bit on what's going on Chinese digital economy issues, both in terms of providing translations and in terms of analyzing and providing commentary on what's there. But in order to mark this historic moment, we thought we would get together in person. We spent a lot of time exchanging emails and have a conversation about what is going on with the Chinese digital economy and how it impacts all the rest of us around the world, particularly at a time when we're just about to get into the party congress, which puts China front and center of many policy issues that we grapple with. To have this conversation, we have a particularly formidable group of China experts. Going down the row, Paul Triolo from the Eurasia Group, Graham Webster, Yale Law School, Sam Sax from CSIS, and John Costello from Flashpoint. John is also a New America Cybersecurity Fellow. Paul and Graham, we're going to bring in as New America fellows in the not too distant future. Sam has her affiliation with CSIS, but we're very pleased to work with and cooperate between think tanks. I should also mention that another key player in this crew is Roger Krimers of Leiden University, who for obvious reasons wasn't able to come here quite so easily, but we will have here in person in the not too distant future. So we're going to have a moderated discussion picking up various different strands of the digital economy issues, and then towards the end, we'll move into a Q&A. So have your questions ready, and we'll come give you the opportunity to talk to these guys yourselves. In the meantime, however, if you are on Twitter and tweeting out, we're using the hashtag DigiChina, so D-I-G-I-C-H-I-N-A. And if anybody is watching online and wants to contribute, ask a question, feel free to use that hashtag, and we'll try and take that opportunity. So I'm going to work my way down the line before we get into a more back and forth and start with Paul. As we look at the Chinese digital economy, what, from looking at writings that we've seen and evidence from listening to what people in China are saying to each other, do we think the grand plan is? What's the strategy that underpins the government's cyber and general digital economy approach? Great question. First of all, I'd like to thank New America for inviting us to appear on this panel today. I think this is, I'm really excited about the launch of the new DigiChina initiative. And I think one of the things we'll be trying to do in that process is capture all the various pieces of the strategy. Because I think one important point to make here is that China has evolved over the last 25 years a very elaborate strategy that has changed over time, but is really very focused on the digital economy. And I think it might be useful to first step back a little bit and sort of see how we got here. Because some of these trends are not new. But I think what's new is some of the recent developments since the 18th Party Congress, for example. I mean, five years ago we were in a very different situation in some sense in terms of China's strategy. But since the 18th Party Congress, particularly with the elevation of Xi Jinping and the group around him that decided that I think to look at it anew at the issue of the digital economy and cyberspace and all of its many manifestations and came up with, I think, is a really a new strategy and one which is well-documented, which is what we'll be talking about a lot today, too. And which I think it's important to understand which documents are important, sort of from a high level. And then also we'll get into a little bit, too, about some of the implementation and operationalizing of some of the broader strategies. So I think I'll just touch on three broad trends that have sort of come together. One is these are longer-term trends, again, that preceded the recent political regime and the formation of some of the new groups. We'll talk about the new bureaucratic organization in China. So one big trend is the drive to reduce dependence on foreign technology. So that's been going on for a long time, but I think in the cyber domain and that has taken on particular importance, particularly under Xi Jinping. The second one is control the media. And again, that's been going on for a long time. And I think what's key here is the transition in terms of extending control of the traditional media into cyberspace. And that's part of, again, of a long-term trend. And then the third one is the emergence of cybersecurity as a sort of very salient issue in the wake of things like Stuxnet and the Snowden revelations and other issues in the 2012, 2013 timeframe. So those three broad strands, I think, were instrumental in following the 18th Party Congress and leading China to adopt a new approach to the whole issue of cyberspace. And so this culminated in 2014 with the establishment of the central cybersecurity and informatization leading group under Xi Jinping and an associate office called the Cyberspace Administration of China, which has no real equivalent in English, but it's easy to understand, I think, for the non-Chinese speaking audience. And again, I think it's critical to understand that in that leading group, first of all, which is one of many that Xi Jinping has set up in the last five years, that included a whole, all, it brought together all three of these strands. So there's, in particular, I think this is what's led to the focus on media and then cybersecurity is, I think, in terms of the name of the leading group, really encompasses that media component and then informatization is the Chinese term, which is very difficult to translate, but really means digital economy, innovation, a whole range of things and encompassed in that is really this issue of reducing China's dependence on foreign technology. So out of that formation of this leading group and the Cyberspace Administration of China, come a whole series of slogans and really important concepts, I think, that are usually attributed to Xi Jinping, but probably come from a group of experts and advisors around them. So things like, without cybersecurity, there is no national security. It's very important to understand that. And without informatization, no modernization. So that slogan, for example, I think it highlights some of the thinking behind the formation of a leading group and a whole new approach to cyber issues. And out of that also comes, I think, three concepts, which I think we can discuss further, but I wanna raise here. One is the concept of cyber sovereignty. Again, this has come out of a lot of different venues and speeches, but basically cyber sovereignty is something that China is, and particularly Xi Jinping, or is asserting that countries have the right to control the physical infrastructure and information that's within their borders. And it has a lot of other corollaries we can talk about, but it's an important concept that China has been pushing globally in various forums to become an accepted concept. And in some sense, there's some movement on that globally. The other important concept is the right to speak. So China, I think, one of the thrusts of the new leading group and the office was to help to change the facts on the ground. I think China perceived that the internet was basically built and established and the standards were set by primarily U.S. and other Western companies. And I think part of the overall strategy is to change the facts on the ground, to give China more of the so-called right to speak in global fora and in things like internet governance. So that's another key component of the strategy. So the convenient term for the strategy that we sometimes use is, and I think is really important, and it was highlighted in this Chuchure article that we recently translated, was the concept of building China into a cyber power or cyber superpower. I tend to prefer the term superpower because I think really the goal is the long-term goal of this strategy, which again came out of the formation of the leading group and the office, is for China to be essentially on par with the U.S., the other cyber superpower. And so I think part of the goal in establishing the leading group and the office was to bring that strategy forward and then begin operationalizing it. So one of the key pieces of that strategy is a legislative framework, which we'll talk about in some detail when we're in the sand. But so it's important that to understand both the sort of theoretical framework and the important documents surrounding that and the strategies and guidelines and plans. And then I think right now we're in an important period of operationalizing some of the concepts that came out of this theory of building China into a cyber superpower. So maybe I can all stop here. There's a lot more to discuss on the strategy, but let me just note that in the new blog that we've put up, we've tried to, we've started off with a series of documents including some of the sort of larger theoretical documents, but then also looking at some of the really practical issues that China is now running into in terms of operationalizing the strategy, things like cross-border data flows, data localization. These are really complex issues. So it's nice that the strategy sounds great when you read it in Chuchure. So I recommend the Chuchure article as a way to sort of, if you're really eager to jump into the details of China's cyber strategy, but then what we're also gonna be trying to get at is how does this become operationalized? How do you actually really go from a strategy and build something like, for example, a cybersecurity framework that includes these very complex issues, which are now largely global and impact US companies doing business in China, et cetera. So I think it's an exciting period and it'll be really interesting to see, and we'll get into this a little later about how the new party congress and whether we see new initiatives on all these fronts. So I'll stop here and to Graham, as Paul said, one of the interesting things about this space is there's a lot of strategy and sort of forward-looking thinking and by stereotype, Chinese are famous for their sort of long-term view, but there's also some pretty concrete kind of ideas about things that are happening pretty immediately and one of the technology areas where I think people in the US are beginning to open their eyes to what's going on in China is this area of artificial intelligence. Chinese have just come out with a new strategy. Can you tell us a little bit more about this? Partly for its own sake, but also for what it says about how China is thinking about some of these issues. Yeah, well, thanks Ian and thanks to New America for having us here and for serving as a sort of gathering place for our collaboration that's been going on among a bunch of organizations across a lot of geography. I think the AI issue is one that actually has been pretty well covered in the US and other English language media. At least it's covered in that. We hear about it a lot. And so what we did in sort of seeing this new state council next generation artificial intelligence development plan being published, this is a beast of a document. It's really long. It's full of details and we've translated it in full. So I should say, if the DigiChannel blog we put out, two of the things we've included is both the strategy article that Paul's talking about and indeed this strategy that the Graham is talking about now. So we went through the effort to sort of get past the initial statements. There's some things that I think, I'm gonna read a few quotes here from that document but there's some things that we've heard about quite a lot. So this document that's issued by the central government, it's the product of an agglomeration of interest but specifically the ministry of science and technology seems to have been the lead here and which sets them apart to some extent from the cyberspace administration of China. There's an element of competing centers of power within the Chinese government that we were analyzing as well. But something that has been in a lot of the newspapers and a lot of the media has been statements like this. AI has become a new focus of international competition. AI is a strategic technology that will lead in the future. The world's major developed countries are taking the development of AI as a major strategy to enhance national competitiveness and protect national security. They had these sort of eye popping targets in the document. They say by 2030 China's AI theories, technologies and applications should achieve world leading levels making China the world's primary AI innovation center. So this is the thing that caught everybody's imagination. The next layer down gets a bit more complicated and this is something that we suffer from in the US when we talk about AI policy as well. What do we mean here? So right in the top, they give us a little summary of some of the areas that they're talking about at the government planning level when they're talking about AI. They're saying deep learning, man-machine collaboration, swarm intelligence, autonomous control, big data-driven cognitive learning, man-machine collaboration, strengthened intelligence. Some of these words were a little tough to make concise. Swarm integrated intelligence, autonomous intelligence systems, human-like intelligence, these are the types of things that they're actually specifying targets for and the document gets in some detail about what types of initiatives should be created over the next 15 years or so to accomplish this world leading level. The sort of next layer that we thought was really interesting was that China's perspective on AI development and planning specifically addresses that there are going to be some risks, there are going to be some potential social, economic security downsides. So they say, while vigorously developing AI, we must attach great importance to the potential safety risks and challenges, strengthen the forward-looking prevention and guidance on restraint, minimize risk, and ensure safe, reliable, and controllable development of AI. These are some of the things where you get into a push to get Chinese researchers and industry to lead in the world, while also a concern that the government would like to remain able to successfully sort of supervise and control these things. It's a pretty serious dynamic that they're going to have to navigate as they approach these concerns. As somebody who works at a law school and I'll confess I'm not a lawyer, so I am interested nonetheless in the ways that different governments and different organizations try to figure out how to regulate new areas. Here the United States is not really figuring out what to do yet. We have emerging risks from AI, we have emerging ethical problems, at least at the planning level the Chinese government is saying that there needs to be research on legal issues such as civil and criminal responsibility, protection of privacy and property, information security, traceability, accountability. These are the types of things that are already programmed in. And so as part of this huge investment that's going to come with a lot of money and a lot of human resources, they're also specifying that they'd like to see serious policy thinking, ethical thinking about how to manage AI going forward. I'll note a couple more things before we move on to the other stuff. There's absolutely plenty to get into, but it's not just about leading the AI industry. There is a common concern in how technology is used from the perspective of the Chinese government and they describe it specifically. They'd like to see both advances in industry and advances in governance. And from that perspective, governance means both providing services to citizens, providing citizens with confidence in governance and really improving government as would be recognized in any political system at the same time. There's concerns about improving control and improving monitoring capabilities. And so the plan is, if it happens as planned, that AI will be used to both improve the Chinese Communist Party ability to provide governance, public goods and also to maintain control at the levels that they decide they'd like to. So it's a mixed bag and this is what you get when you go deeper into these documents. The last thing I'll notice, I'll note and I know that John is gonna get a little bit into the national security level as well but there's a specific note in this document in the overall plan that there's a need for civil military integration. This is a larger concept in Chinese political thinking but in the AI field this means that if civil or corporate developers are developing an AI technology, there may be some interest in figuring out how to leverage that for military capabilities and other sort of hard national security interests. So I'll stop there but the message that we've come away with and we're really excited to be doing these translations which occur across several different people. We try to land on an agreed translation even if not a totally undisputable one. We find that there's a lot of good material there and we're gonna keep putting it out over the next months and look forward to following along with you, thanks. Thank you, Graham. And we're gonna come back to sort of this AI and other technologies in due course but Sam, one of the areas that actually has had a fair amount of exposure in the Western media is the issue of China's new cybersecurity law and that's in part because people are concerned about the implications it has for the Western private sector or private sector companies within the rest of the world. However, it is not always clear that the message, the headlines that come out necessarily reflect the sort of nuances both within the law and the implementation of the law. So can you just give us a little bit of a fail for what the law says and what the ongoing discussions about how it is being implemented might tell us about where we're gonna get to? The cybersecurity law took effect in June and the media headlines around this were, there's just a lot of uncertainty, we don't know anything. And I don't think that's true. I think we actually know a lot more about this law and about the broader legal framework that it's a part of and that's where we get into the importance of Chinese sources and really taking close reads of those documents. So the first point I wanna make is that this law is part of a rapid build out of institutions, of policies, of regulations, of standards. There are dozens and dozens of pieces of this which the leadership in China sees as the tools needed to carry out this vision of China as a superpower that Paul mentioned. So this is sort of, how are they actually gonna do that? And in the past three years, we've seen a rapid expansion of this. The cybersecurity law itself, I think of as the centerpiece, the keystone in the art is a great description I've heard as well. And what's happening here is you have the government recognizing that the growth and development of technology has really gotten ahead of their ability to regulate it, to control it. AI is a prime example of that and Graham mentioned some of those dynamics between innovation and security. So that's what's driving this. Now how do we think about the law itself and this broader framework? So as I said, the cybersecurity law is really a centerpiece but it's not the only piece. In addition to the cybersecurity law, we're tracking dozens of different pieces of this legal system for cyberspace. So you have laws, you have the national security law, the counter-terrorism law that all get at this element of governance in cyberspace. You also have a host of regulations, of measures and guidelines which are meant to be read in reference to these laws and in many ways to expand on how China's policymakers are actually thinking about implementing their scope. Some of the most important of these, we've done a lot of analysis and translation of. There is a measure related to securing critical information infrastructure which my colleagues had an excellent post on over the summer. There are measures related to restrictions on cross-border data transmission. We just put out a piece on that on Friday. And then there are measures related to a new security review process for network products and services. Now those are just a few but those are, I'd say sort of the salient ones that we're really tracking. In addition, you have dozens and dozens of standards that have come out by a body called TC260 which is subordinate to the cyberspace administration of China. And these standards are not really standards in the way that we would think about an international standard. They're not descriptions of products. They're meant more to be explanations, again clarifying the scope and implementation of some of these umbrella concepts that are issued as laws. Now we can get into, well are the standards actually clarifying and narrowing the scope or are they just as ambiguous and broad? And that's a whole separate topic. In addition, you have a number of national level strategies which are not actual laws or regulations but they're sort of high level planning documents. So the national informatization plan, the 13 five-year plan on informatization, internet plus. So I encourage you to think about the cyber security law as part of this broader cyber governance system which is continuing to evolve and we're tracking it as we go. The third point that I wanna make about the cyber security law is, everyone is like, well this is really uncertain and broad, we don't know what it means. So I've worked in industry, I've seen from the ground level what some of this looks like in practical terms and I think that's one of the big questions that a lot of people had about the law. How does this impact operations? For foreign companies, for domestic companies, for the media and just a few highlights from that. So I'd say the most important practical implications for foreign companies, there are two. One has to do with how data is controlled as it transits across borders. There's a lot of internal debate on that and I'd be happy to talk more in depth about that on the panel. Paul and Graham and I, as I said, just wrote a piece about this element of it. The second is about new security reviews for products, network products and services that are in China. And the issue for foreign companies, and again I've experienced this first hand, is the sense that this is just a new area of regulatory uncertainty where you have a new security review and it's essentially a black box, right? We don't really know what that is gonna consist of. We also know that there are other separate security reviews at other parts of the bureaucracy in China. So there's a concern that companies could kind of get caught in the crossfires of these different reviews at different levels of the bureaucracy, which could be used for a sort of a political whim. The other area that I've seen is even before the cybersecurity law took effect in June, at least a year before this, foreign companies were voluntarily trying to demonstrate compliance with different elements of the cybersecurity law and the related measures and guidelines informally. So for example, going ahead and localizing their data in country, even before we know what the scope of that requirement is going to be, submitting to voluntary security reviews, right? So there's definitely a level of informal ad hoc implementation apart from the actual release of some of these documents. The last point that I wanna make about the practical implications are, let's not forget that this is not just aimed at foreign companies. So if we look at the enforcement actions that have been taken to date, they're all domestic companies. They're all about content regulation for domestic companies. And we're actually seeing a lot of internal debate, specifically over how this is gonna play out for China's national champions that are private sector that are in the tech space trying to expand overseas as part of this broader super power vision under Xi Jinping. So with that I'll stop and happy to talk more about any element of that as we get further on. And I think we'll particularly wanna pick up that sort of intersection between government and tech companies going forward. But before we get there, Paul in his remarks said, John, that there's this notion of without cybersecurity there's no national security. Tell us therefore a little bit about how China thinks about its national security, and in particular how its national security establishment is having its impact on the digital economy and tech issues in China. Right, I love talking about Chinese national security. It's the funnest topic up here in my opinion. But I mean, I have to echo a lot of what my sort of co-panelists have said. China has an expansive view of national security. It includes economic growth, state security, which is sort of internal control. And your sort of standard Western notions of national security. China sees promise, China has problems of scale, both socially and economically, and sees information technology as a driver of growth, social management and change, but with that comes very real risk of foreign influence. So it has a particularly difficult dilemma. It has to square. How does it modernize without making itself even more vulnerable? And that's encapsulated in a statement Paul just said, without modernization there, without informatization there's no modernization without cybersecurity there is no national security. And I think it's not a coincidence that you see the cyberspace administration of China is the leading group that heads up that office is for both informatization and cybersecurity. That those are two equities that definitely need to be balanced. And so any discussion of Chinese national security in the cyber domain or informatization needs to be held in conjunction with the other. And let's be clear. You know, taken solely on its face, China has extreme vulnerabilities in the cyber domain and they frequently discuss this. And the first point really is, is that since Stuxnet in 2009, Arab Spring, the Snowden leaks, Mariah last year, Wanakrai this year, China has seen a number of incidents, massive incidents that have shown the very real problems that could result if the internet or technology is not controlled. And that's certainly validated their claims. How they've responded is, traditionally, is through massive surveillance and control regimes. And what you're seeing in the last few years is a new rule of law, which seeks to provide a legal foundation for Chinese state security apparatus. But what I'm seeing differently in the last few years is what I'm calling techno legal regimes. You've seen legal measures and regulations that seek to make manifest the will of the Communist Party and the Chinese government in technology. But the major change for the last few years is they're seeking to do that at a technological level to make sure the technology cannot possibly break, or if it does, that it's immediately identified and known. Second, I'd say this is that we have a tendency to talk about this in sort of larger national security, international security concerns. China's worried about foreign governments. China's worried about foreign interference. China had the massive problem of crime and fraud that isn't often reported on. And just to give you background, this isn't a plug, but my company Flashpoint, we look into deep and dark web communities. And every day I can see Chinese cyber criminals responding to the law. It is a massive issue China has with identity theft, with fraud. I remember the series of Apache Struts exploits or vulnerabilities that have been released throughout this year. Within six hours you've seen it weaponized into a POC on the Chinese deep and dark web, and that no doubt pointed at Chinese websites. So let's not forget that China has over 700 million internet users and a rash of companies that are playing with technology that they may not understand, and they may not know how to protect and defend against. So let's be clear, taken on its face, China has a massive state security problem internally, not just from what it considers to be its strategic adversaries. Finally, I take this point. I think China's primary objective, its grand strategy, if it will, it is playing a chess game in my opinion. I think its primary objective is to remove its king, it's the CCP and its government, beyond the rules of play, of normal play, using every element of state power. I don't think it's to defeat a foreign adversary. I don't think it sees it in that terms. I think it's to ensure that social stability and the Chinese government can maintain regardless of any foreign influence. The problem that we have in looking at that is, is developing levers to do so that could very easily be turned around for exerting influence outside of its own borders. That's problematic. Supporting national champions, having techno legal regimes that have the potential to disadvantage foreign companies in China in favor of domestic ones, building a strong military for defense, building a massive national intelligence apparatus. All these are certainly for domestic control and all these do shore up the information security of the Chinese party state. But they're also very dual use. They could very easily be leveraged against the international community. And I'm not saying that China is doing that and I'm not saying that's the aim, but the potential for that is there. And I think it bears watching how that develops and how China intends to use it over the next few years. So John, we're gonna come back to the international piece in a minute, but the obvious big event coming up very soon is the party congress. And then we would be remiss if we didn't take the opportunity to say, you know, what that means for this. And clearly this isn't the key focus of what they're looking at, but it can't help but have implications for the future digital economy. So, China experts, what should we be looking for from the party congress and the brouhaha around it that could have implications going forward for this area? Let me jump in there. So I think there's a couple of issues. One is sort of what's already happened before the party congress and then what maybe may happen after the party congress. So prior to the party congress, of course, there's usually the requisite clamp down on social media and other applications of concern. So for example, we've seen in the last five or six months various efforts to renew control over things like virtual private networks and also to control these applications such as WhatsApp signals, some of the applications that are end-debt encrypted, for example. So I think our assessment generally is that that's part of a longer-term trend and in the run-up to something like a party congress, you're gonna see greater efforts to gain control over these types of emerging technologies. And so I think that trend will continue after the party congress, although I think it's a complicated issue because there's not a desire, I think, in China to completely cut off things like virtual private networks because these kinds of tools are used by part of the startup community in China and help in a sense on the innovation front. And so I don't think there's a desire to completely clamp down, but I think after the party congress, we'll probably see some potentially more regulation and some sort of further legal structure for some of these applications. I think on the digital economy side, we recently seen, also in the run-up to the party congress, rumors in the media about things like the Chinese government taking small stakes in Chinese tech companies. I'm a little skeptical of some of these rumors because I think there's already a lot of ways for the government to rein in some of the bigger players like Alibaba and Tencent through other regulatory mechanisms. Some of those new digital economy industries are pushing into areas traditionally that are the purview of other players in the Chinese system like the People's Bank of China, which has already, last year, started to take measures to require, for example, some kind of reserve for some of the electronic currency in the wallets that are used in some of the mobile payment systems. So I think there's already a lot of effort to sort of, again, as the traditional media has been brought under, as the online media has been brought under the controls with the traditional media, I think as the digital economy has expanded, of course, and I think as Sam mentioned, one of the problems is that, and this is not just unique to China, is that the regulatory system is always sort of playing catch up on these things. So I think probably after the party congress, we've also made a call that things like the cybersecurity law and next steps and implementation in some of the key areas like the cybersecurity review, which are still, many pieces of which are still done in place. Probably after the party congress, we'll see further progress in terms of, hopefully some clarity and to have some of the key provisions of the law will be implemented. So the party congress sort of put a lot of things on hold on the one hand and also led to some further clampdown on certain things like social media. But I think after the party congress, there'll probably be movement. We've also got the World Internet Conference coming up in December, probably early December, which is another one of those things that came out of the Xi Jinping sort of effort to unify the issues around digital economy and cybersecurity. The fourth iteration will be held in December and there may be some new initiatives that are unveiled there in terms of things like internet governance and some of the international aspects of the overall cyber strategy. So I think there's a lot of potential for things to happen after the party congress. Sam. I wanted to add briefly to that. A few weeks ago, I think there was reporting about extra clampdown on online content and online chat groups in advance of the party congress. And one of the things that we wrote about when that happened was, yes, we saw a spate of new regulations come out related to real name registration online, online chat group owners suddenly are gonna be held responsible for that content. These are important pieces of regulation, but we didn't look at them as pegged to the party congress per se. If you look at those regulations, real name registration, for example, has been something that the Chinese government has been trying to do since at least 2009 in many different iterations. So it's not like this is something that's just going to intensify leading up to this month, and then we're gonna sort of see it go on the back burner. That's not how we read that. We see this as part of a much broader effort to build out these cyber governance mechanisms that we've been talking about. And so seeing the party congress as like the sort of the crux of it, I think is a false lie. John. So this has less to do with the party congress than I say, the sort of the next challenge China has to square in supporting cybersecurity and digital economy efforts. The next sort of five years, China needs to figure out how to have its national security and state security apparatus engage with industry in a productive way for information sharing for IOCs, for cybersecurity. And that's certainly something the United States has challenges, certainly has challenges with. I can tell you this, the way sort of power is managed amongst Chinese state security is very divisive, it's very siloed. I mean, you have sort of five dragons in sort of Chinese cybersecurity, the CAC, Ministry of Industry and Information Technology. The CAC is done. Cyber-States Administration of China, Ministry of Industry and Information Technology, Ministry of Public Security, Ministry of State Security and the PLA. Each of those don't play nice with each other. So each of those has a specific role to play in cybersecurity. The question over the next five years, and I think a question that will certainly be helped answered with the National Party Congress, is how China's party is going to have those sort of five actors play together in cybersecurity in a way that benefits companies. I think that's gonna be difficult. Since 2012, cybersecurity has been sort of the imprimatur of Xi Jinping, and I think the next step there is, is to solve some of the bureaucratic issues at the top for cybersecurity. Other area that I think we're gonna, and other area where I should say, that we're gonna have develop over the next five years, Paul references, John did as well, is the way in which China engages on the international stage in terms of what we have previously called internet governance, but we now might think of sort of global governance in the digital era. What sort of sense do we have of how the Chinese are beginning to think about these issues, and we saw the effective collapse of the group of governmental experts at the UN, which may provide opportunities for states to come up with other ideas. Where do we think the direction is in terms of Chinese thinking on the international stage? Well, I'll give this a shot. I think it's nice that I didn't have to answer the 19th Party Congress question because my approach to predicting this particular future has been to stay out of it, but there are a few things to watch for as this emerges, and one of them is precisely this question. So along with these major party congresses, there are the release of long, pretty vague documents, but you can analyze from point to point whether the documents say something new or different about whatever your domain of interest is, and in this case, we've seen hints in some of the commentaries that have been put out there that there is a desire to move forward in international cybersecurity cooperation. So earlier this year, I think, or late last year, sometimes I get confused, there was an official Chinese strategy for international cooperation in cyberspace, this document included, there was a lot in there, but one of the things that it pushed was that there is a common insecurity that states face when it comes to cyber crime or non-state actors or other things that even states that may be rivals in one field may also have common security risks, and so I think that in a number of commentaries and number of forums, there's a hint that Chinese government may want to push forward some common security approach on the international stage in a way that is sort of distinct from the UN group of governmental experts that unfortunately was not able to come to an agreement. In that context, the discussion was about which norms could be sort of tentatively agreed among a number of states for state conduct in cyberspace. In this potential new space that we can watch for, it's what concretely can be done among governments to either jointly identify or jointly combat various cyber threats, so that's something that may be out there, then again it may not be, so we'll just be watching, at least that'll be what I'll do. And other people may have views on that, but sort of to feed into that sort of question about sort of Chinese approach to the international dimension, what do we see as their response to recent sort of global cyber incidents, particularly sort of ransomware attacks and others, and how does that feed in to these conversations about governance? I think just to expand a little bit on Graham, so they came out with this international strategy for cyber cooperation in March, which had an action plan, but no, this was all before the WannaCry and not the Petia viruses hit. I think my sense is that they were hit much harder by WannaCry than may have been reported or acknowledged in the media, this is what I've heard from several people. So I think there's a belief, maybe a growing belief in the Chinese system that there's an opportunity here given the likely continued threat of similar types of unpredictable global outbreaks of ransomware and other malware, given the amount of really sophisticated malware that's out there now for a variety of reasons. And so I think they may believe that this is a time to take the next step, for example, from the GGE and push for something at the global level in terms of things like sharing cyber threat intelligence at some level on things like ransomware attacks. So, but this is a very difficult issue that would involve building support within the UN and certainly would have to have the support of major players like the US and Eastern Europe, the EU. So I think there's a lot of interest in this within the Chinese system, how this will come out and in terms of a concrete proposal, I think remains to be seen. But I think the next time, if we wake up tomorrow and there's another massive ransomware attack globally, then this will give even more impetus to the Chinese to argue that the time has come for some sort of minimal level of sharing of globally. Because I think they were, also I heard that they were, they were concerned in the WannaCry, during the WannaCry attack that there wasn't enough cooperation, like cert to cert, there wasn't enough exchange of information on that threat. Anyone else? Was the question like what we can expect? Is it good? Hello? Was the question what we can expect from China internationally? Yes, and particularly whether kind of recent events could change that. I would say sort of two things. It was in a dialogue not too long ago and had to sort of bring this up and it's sort of uncomfortable talking about with the Chinese. But one is, you know, we need to recognize where there are asymmetries between the United States and China and cyberspace. That seems like an obvious thing. But there are two sort of fundamental ones. One is how we define cybersecurity. You know, China has a much more expansive definition of what a cyber threat is that includes anything that could disrupt social stability or sort of negative feeling, generate negative feeling. I think what we're gonna see, and you saw this in international cooperation and cyberspace, you're gonna see China, you know, pursue a consensus approach, try to find other states with whom they have that sort of asymmetrical view of cybersecurity and perhaps approach something in the UN in the next few years. The second one is sort of harder to define. Second asymmetry is that China's despite, despite, you know, the frequent APT reporting. Wow, it's like 20 minutes and it was the first time I mentioned Chinese APT. I should just say that's advanced persistent threat. Advanced persistent threat. So I would say this is that China at least defines itself as having an immature cyber defense and by a means cyber national defense capability. And, you know, China defining cybersecurity threat expansive, it will not change, but Chinese views on their relative maturity to the United States and Russia and, you know, the five ice countries on cyber capabilities is likely to change in the next five years. I think one of the things we need to watch is China's evolving approach to norms. I think China is going to want some sort of, you know, to have some level, you know, give itself some space to grow but without, and, you know, cyber norms could run counter to that. So I think you'll see sort of cooperation, especially law enforcement cooperation or something approaching understanding like sort of, you know, online anti-terrorism at a UN level when it comes to like sort of international cyber norms and law of armed conflict. I don't think that's likely to be viable in the next few years. So I'm going to open this to the floor fairly soon but two quick questions I want to cover. First one is, we heard from Graham about the new AI technology. We've spoken understandably about sort of cyber security. What are the other areas of technology that are, we should be tracking in terms of what China's doing, what's interesting, and therefore how they will be thinking about. I think cryptocurrency is an interesting quantum. What's out there that as we take this to Gjina blog forward, we're going to be trying to track? I'd add to that list the internet economy which can be divided into a lot of different sub-sectors. So that includes fintech, it includes e-commerce, it includes ride sharing and logistics over the internet as well as sort of social media platforms. You know, I've spoke with a number of folks that are on the ground in China actively investing in internet startups and they say that the internet sector in China, we're not talking the big Baidu Alibaba 10 cents, we're talking the emerging players at some of the most innovative dynamic creative work that they've seen and it's a pretty exciting space. I would just add, I think, we mentioned this briefly in one of the translations we did related to cross-border data flows. I think one of the issues that is critical, that Beijing sees as critical in getting the cross-border data flows piece right, is that they're looking ahead at eventually a situation where almost everything is in the cloud, cloud services are paramount and smart cities are a big piece of that. So I think it's important to sort of look, I think they sort of, in my mind, they're looking at the end, not the end game, but at least one key state is going to be when, I think they have 95 smart city initiatives now. They can, and Xi Jinping is building a new smart city in Xiang'an, which is south of Beijing. And so I think they're viewing this as they want to get, one of the reasons for the cyber security law, AI plays into all this, is that one of the key places, and that's also going to be one of competition with foreign companies, is the cloud and who manages the cloud, how is data secured in the cloud and how is privacy maintained in the cloud? These are really key issues. I think part of the way to view some of these initiatives and particularly the cyber security law is an attempt to get ahead of that eventuality when you're going to have critical infrastructure, being key applications being run from the cloud, and how is that going to be secured? How is data going to flow back and forth that's going to be a potential national security, national security implications? And so I think that one of the key applications is smart cities and in many manifestations, particularly things like autonomous vehicles, that's going to be a big area where China is already trying to get ahead from a regulatory point of view, trying to think through a lot of the issues related to connected vehicles, and looking at examples from the EU and other places. So I think that's sort of in three to four years when we have a fifth generation cellular networks deployed, and we have a tremendous more movement into the cloud, it's going to be a really different world, I think, and I think part of the regulatory game is to try to get ahead of that. Article that we translated, not just there is no national security without cybersecurity, but there's no informatization without cybersecurity. So it's this idea that cybersecurity is seen as an enabler of digitalization, and that you can't really capture the benefits of digitalization without that security base. I just want to put a plug in for something that's on the margins of the sort of digital realm, but I think is increasingly going to be relevant, and we see it also in the AI plan is biological science and technology. Genetic sequencing technology is a major area of development. In China, there's some global leading corporations that are working in this area. They're building data stores, national genetic data storage databases that are going to be consequential, and they're going to be merged with machine learning and other sort of digital technologies in a way that brings the digital policy and digital economy concern directly into the sort of human biological and of course agricultural biological field. So I'm going to be watching that. I think I've got a lot to learn in that area. I don't know about you. John. I think one of the larger points, I think all of us up here agree on this, is that China's arrived as an innovation powerhouse, and that the US and countries around the globe need to come to terms with the terms of that. There is some sort of skepticism that needs to come around anytime China. Chinese scientists make a sort of an outlandish claim, but I can tell you this pretty consistently, those are validated. The Chinese government and Chinese companies and Chinese venture capitalists are making big bets, and very much in the hope that they're paying off. One that is sort of a pet project of mine is quantum. China has launched World's First Quantum Satellite. They've installed the World's First nationwide quantum fiber network. And I can tell you this, there's no real chance, no one knows if it's really going to work as it intends, but it is a massive bet that the Chinese government's making with nearly unlimited funding. But I would say, look at it, there's the bet itself, and then there's the secondary thing, which is, the secondary beneficiaries of this are often scientists, post-docs, and small companies that get government funding, that get to start a business, or get to do basic research, and that basic research, it's, you never know where that's gonna come in, sort of, you never know where that's gonna lead. And so I think the secondary thing we need to look at when it comes to sort of these major innovation pushes is that down the line, there's sort of downstream beneficiaries in basic research, basic funding for applied research that could have unforeseen benefits, both Chinese innovation, and Chinese economy, and Chinese military competitiveness in the future. So last question from me. One of the things as we take this blog forward with that we've all agreed we wanna do is not necessarily just to think of this in bilateral terms, and we're very excited to be working with the University of Leiden in the Netherlands, which helps remind us that there's a big European dimension to the relationship with the child, to Chinese engagement in the international sphere. That said, as we sit here in Washington DC, and look across to Beijing, it's difficult not to think of what this means for the bilateral relationship. Graham, you do a newsletter about sort of US-China. What do you think these developments in the digital economy mean for the way in which the US engages with China, and more broadly, sort of US, the US economy engages with the Chinese economy? Well, I mean, briefly, I think it's, the digital economy issues are at the center of the development of US-China relations right now. We have a administration that is focusing a lot of the discussion about China policy and bilaterally with China on economic trade and investment issues. They're focusing that discussion further on things like intellectual property and technology, and there's the 301 investigation at the US Trade Representative that is likely to find that China has violated some of the... A 301 investigation is what? It's, don't try to get me too much of an expert on trade law, but it's a special investigation, and maybe others can say more if necessary, but it's an investigation that looks at whether another country has engaged in practices that violate US expectations, and it's also a set of tools that comes before the WTO regime solidified, and so if there's a finding that China has violated US expectations, in my understanding it's possible the US would come back with responses that would be inconsistent with the WTO. Now they'd also be free to respond in a way that is consistent with the WTO, and this has thrown quite a sort of wildcard into the bilateral conversation because the investigation itself is essentially a threat to China that over these intellectual property issues, the US government may be willing to sort of seriously jeopardize the international trade regime globally, so anyway, not to escalate too far into that, but I do think it is fairly central. The last thing I'll say about that is that in this, there's a sense of unfair competition that has set in among American businesses and business groups, there's also a cliche that has the benefit of being fairly insightful. I think that trade and investment had been the ballast of US-China relations keeping the ship stable as it sailed through, problems having to do with national security or human rights conflicts or other geopolitical issues. The business community is no longer so speaking with one voice in favor of stable overall relations with China, and I think it is closely related to these high tech areas in general and digital and specific, so yeah, it's wrapped up quite closely. Okay, we started five minutes away, so we're gonna go five minutes over if we may, that gives about 25 minutes to get some questions from you and the audience, and indeed if anyone online wants to tweet a question, feel free and we'll try and get it asked. Questions for the panel. What would you like to hear from them? For the back, yes please. Please wait for the microphone for the benefit of the people online, and please state who you are, where you're from, and end your question with a question mark. Nicole Genet from Standard Chartered Bank, and my question is actually about the intellectual property piece that you just discussed. There was a long period of time where China was sort of the poster child for intrusions specifically for the purpose of intellectual property theft, and then the intrusions dropped off and it was attributed to the agreement between the Obama administration and the Chinese government that they would no longer engage in destructive practices against each other. I'm wondering if that is the only reason why we've seen this drop off, or if it's possible that because of all the developments in Chinese technology, that they've actually reached a point where there's diminishing returns for those types of intrusions, and it's no longer really worth the effort. Tom? There's two things. I think there has been diminishing returns when it comes to what Chinese are able to get and sort of operationalize. When you look at sort of emerging innovative technologies such as AI or quantum, stealing trade secrets doesn't really convey an advantage, and some of the most pressing problems China has such as the issue of engine design, or it's using engine manufacturing and metallurgy, stealing trade secrets again is not gonna give you a massive advantage. I'd say that's number one. Number two is that the Chinese military wasn't good at it. They were able to steal some stuff with smash and grab tactics, but one thing that you're seeing is you're seeing the Ministry of State Security take over that mission, mostly because they're reliable, but the Chinese military's efforts to steal intellectual property was hopelessly compromised by sheer fact that they kept on getting caught and they became political liability. It's number one. Number two is China needs them to actually fulfill the mission of cybernational defense. So you've seen massive restructuring over the last few years, largely the focus of bridging the gap between where China's military is and where it needs it to be for the cyber domain, that means making it focus on issues of actual hard national security. For when I friends at FireEye and CrowdStrike, I think from what I recall have shown that the drop in military related APT actually started before the Xi Obama agreement, but certainly accelerated afterwards. I'll say this as a final note. Any notions that anyone other than the Communist Party was controlling Chinese APT should be assuaged after the Xi Obama agreement. Xi Jinping said, we will do no more hacking for economic espionage and there was a drop in APT. That right there is a foundation of accountability and expectation that Chinese controls their cyber forces and we should hold them to it. I just wanna add one thing in the scope of that agreement, that bilateral sort of parallel statements that were made, the promise was to not conduct or knowingly support stealing of secrets for the purpose of commercial competition. If you wanted to steal secrets from Boeing or something, this was still a free game and if the United States wanted to steal secrets from a national security crucial Chinese entity, it was also not something that they swore not to do. So anyway, I think there's a bit of a weasel word in there that's good to keep in mind as we think about the effect. And so you can ask questions about the motivation for that, but does that the very fact of this sort of drop-off in activity, at least in sort of the economic area suggest that China may be susceptible to a norms-based approach, at least when it suits them. Does that have implications for how we think about engaging them on some wider issues? The answer could be no, of course. I'm not sure. I think the myth of the Chinese monolith in cyber was so persistent and so strong for so long that it's weird to say that we helped create a monolith now that we can pressure, but whether that's sort of, you know, will bear dividends in the future is difficult. We do have more room in the cyber relationship because we sort of dropped the internet freedom agenda and the Chinese APT issue is at least dormant for now. So there is a lot more room there in dealing with China on cyber issues. Rebecca. Hi, my name is Rebecca McKinnon. Very interesting panel. I have one question about Chinese companies and sort of the alignment of their interests with the Chinese government. To what, I mean, at the moment that their interests are largely aligned, which is sort of keeping things on track, but you're seeing the government, you know, taking shares in Chinese internet companies or claiming that it plans to. I guess one question is to what extent do you expect that the interest of Chinese companies and the government will remain largely aligned and in what ways do you think there's potential for less alignment or in what areas, what types of companies and what types of implications do you think that has? To what extent do you think the Chinese government is able to sort of assert alignment in different ways? I'm just sort of curious about your perspectives looking forward. Great question. Who wants to jump in? Great question. I forgot to give it to you. No, no, no. You, you, you. No, you go. I'll jump in. Okay, okay. I mentioned before the issue of cross-border data flows and I think this is a great case study in understanding some of these dynamics between the government and some of the tech companies in China. We put out a piece last week I mentioned there's a lot of internal disagreement about this issue that we felt was actually not part of the public conversation and we wanted to get out there. This is an area of China's cybersecurity law where we actually have seen a lot of pushback from domestic industry in China, where it's pretty clear that if you want global, globally competitive Chinese brands that have access to markets outside of China, they're gonna have to engage in cross-border data transfers and they can't do that in a regime that is very restrictive of that. So that's an area where there has definitely been some give and take between government and industry. No, I think that this is an area where Jack Ma once described his relationship with Beijing as saying just because you love someone doesn't mean you should marry them, right? And I think that there's no doubt that there's a very close relationship but it may not be as monolithic as I think some would suspect. Paul, you wanna jump in? Yeah, great question. I think we've been wrestling with this. I'm very interested in this issue before. Because I think we're at this critical point where these companies like Alibaba Baidu and Tencent in particular and also some of the Chinese telecom companies and some of the smaller players are all interested in being global players. So, and at the same time China is putting in place this very interesting regime on the cyber side including things like data. So to get, just expand a little bit on Sam's point. So for example, Chinese companies like Alibaba are opening data centers now in Europe and other countries. So, but primarily a lot of what they're doing right now is servicing Chinese tourists and other people but in other Chinese visitors. But if they're gonna actually, for example, be servicing EU clients, then presumably they're gonna have to fall under the EU general data protection regulation which goes in place next year. And so in my mind it's still an open question mark as to how does that happen? Because under the GDPR, the EU will recognize other countries as having adequate protections for things like data privacy, data protection. But in the case of China, I don't think anybody would assert that the EU, for example, would rate China as adequate in terms of protecting data. The question is could a company like Alibaba gain that kind of certification? I know that when I ask people, well, does Alibaba have to comply with GDPR? The question is, well, of course. But I don't know in terms of actual practice how that's actually gonna happen. On the issue of ownership, again, as I said earlier, I'm a little skeptical that the Chinese government is going to insist on shares and board representation on all of the tech companies. I think so far it's been a couple of small media companies, primarily content companies, where there has been some sense, I think the Wall Street Journal reported that the CAC actually held some shares in a small company, EDN, I think was a company. But I just, as I said before, I don't see this as an approach that seems promising, because there are first there are many other ways for the government to assert control over companies. I think it's really complicated to their ability to go globally and be treated as essentially private sector companies, if they're gonna be viewed as essentially having government, some government shares and representation on the board. So, and this is a big issue now for issues like CIFIUS, which we haven't even touched on today, but again, as part of the broader US, China, and also the EU comes in here, there's a big move to restrict or at least review foreign investment in the US and in the EU in these high technology sectors. And one of the many criteria is for an ownership of a company. So, for example, Alibaba has already has a CIFIUS case, or CIFIUS with MoneyGram, and so now if suddenly the Chinese government has a 1% or a 5% stake in Alibaba, that's obviously what would complicate that calculation. So I don't see it as that method of holding stakes and having representation necessarily as something that in the long run is gonna maybe viable. Maybe after the party congress, we'll see some movement on that, but I think a lot of it has been sort of in the rumor, no. I'll just say really quickly that the example of the Alibaba affiliated financial and MoneyGram transaction that I believe is still under review, it's a demonstration of the government interest in designing data protection principles that give the government great access, already in conflict with the corporate interests of the potential Chinese acquirer. If those regulations or practices were different on the Chinese side, then the prospects for that transaction would be a lot greater than they are. And I would just add that this has significant implications as well for how we're thinking in the US about our approach to things like the cybersecurity law. Like the fact that there is more of a nuance and more of an internal debate in China matters, because right now those voices are very much alive and thriving in China and saying, hey look, let's maybe narrow the scope of what we're talking about here. I would argue that if we are too confrontational with China on this stuff, if we push them too hard, if we get into a cycle of retaliation from a trade perspective, those voices within China maybe lose some influence. And so it's not in our benefit to corner China on this issue. And so just to be a bit more explicit, do you see those voices from the tech companies or do you see them from within the government as well? Well, okay, well. Question over there at the back. Hi, Kath Cummins from the Global Network Initiative. I've got another question about companies only this time US companies or perhaps I should say foreign companies in China. What leverage do those companies have or have not as this whole sort of labyrinth of laws starts rolling out and to what extent do they have any impact on how local companies are going to be regulated as well? Stan, that's probably yours to start. No, I think, and this is true today and it was true five years ago. I think to the extent that global companies have something innovative and new to bring to the China market, that's gonna continue to create space for operations even as the regulatory uncertainty and costs of doing business there increase. It's always been the case that market demand is really important, not to say, but now I think we're in an environment where that's becoming much more difficult. I'm sorry, did I answer the full extent of the question or? Yeah. I should probably be a bit more specific. When I say leverage, I guess I'm talking about the much-vaunted internet freedom agenda, which I think I forget who just said was just recently dumped. Is that something that, is there leverage there on some of those agenda items, do you think? I don't understand what you're asking. If you could rephrase, I'm sorry. I'll try again. So, privacy and freedom of expression are two of the issues in the broader internet freedom agenda. I'm curious the role that foreign companies may or may not have in making sure that freedom of expression and privacy and other global norms have a chance to grow or be included in the Chinese internet space. I have a partial thought on that and it is that, I mean, I try to watch the G and I fairly closely, since it was started and I sort of keep asking myself, are the companies trying, right? So it's two questions, do they have the leverage and are they trying to do it? And I think sometimes yes and sometimes not. And as you know, better than anyone, the companies are very different in their approach. I think though that there is a, there are areas where there are alignments between elements of the bureaucracy and civil society in China that coincide with interests of some of the companies. And I think that that can exist to some extent in the privacy space. I think Chinese internet users are increasingly conscious at least of the sort of cyber crime related risks to privacy or so being exposed or having your financial data messed with. These are risks that are becoming more salient. Of course, in the Chinese context, there's privacy vis-a-vis the government and then there's privacy vis-a-vis the companies or other sort of things. So I think there are, I would not expect that there's a heck of a lot of leverage on privacy vis-a-vis the Chinese government, especially for Chinese users in China. I mean, that's gonna be a heavy lift and I wouldn't imagine people are gonna be very successful. However, if companies, and this can be foreign and domestic companies want to work on securing the data, being more ethical in the way it's used in big data and AI machine learning, et cetera, applications, I think there are real improvements that can be made. It just might demand a somewhat pragmatic division of likely attainable outcomes. We'll come back to you, John, but I wanna get a few more questions. Let's be fair and come over to this side. We'll come back. Hi, I'm Christie. I'm from IDefence. We're a friend intelligence research company. And I was wondering what you guys had in terms of a perspective on how you see China's long-term foreign intelligence collection objectives and capabilities changing over time. I know that's a very difficult one, but I mean, as you're saying, like from the degree of commercially motivated IP theft is obviously fallen off massively and we're starting to see much more of a targeted focus for Chinese APT activity. But there's also the possibility that as China expands its footprint internationally in terms of interconnectedness with global telecommunications, that they have the chance to scale up that capability quite significantly if they essentially want to go for an NSA type capability in the future. So how do you see that changing over time and whether there's anything in the PI conference discussion that's likely to shape that? So we could do a whole panel on this and indeed in due course we will, but John, do you wanna go very quickly? We're already seeing them. To be honest with you, you gotta understand Chinese intelligence primary comes from human intelligence, which is difficult to scale and is very federated and very compartmentalized. China needs to do the exact opposite with what their cyber surveillance mechanisms. And you're starting to see that. A few years ago, the Ministry of State Security started a pivot from targeting onesies and twosies users to actually targeting things at scale. You saw that with the OPM hack. You saw that with targeting Chinese and managed service providers earlier this year. You saw it with supply chain attacks. What appears, what China's Ministry of State Security is trying to do is collect the haystack to start to be able to build a global intelligence capability at scale. That's in fulfillment of their foreign intelligence mission. The next step here is intelligence reform. They still have separate parallel missions between the military and civilian side that neither need to be coordinated or completely divorced from one another to ensure they don't trip over each other's feet. Thank you. One more, I'll take two more hands up so we'll take both questions together if I may. So the gentleman with the glasses and then the gentleman standing up and we'll take both questions together if you may. Thank you. I have a very specific question and I hope somebody can comment on it. I work with a number of Israeli startups specifically in the cyberspace and increasingly, especially with some of the younger companies looking for capital, there's a question. There's lots of Chinese private equity in Israel right now that has been for a few years. They've bought all kinds of crazy things like the national dairy. The question is, your views on the real or the perceived issue that if an Israeli company takes Chinese capital it limits its ability to work in the US market and more specifically the US government. And for the gentleman with the line up. Hello, my name is Chuck Napar. I'm from a Jackson Cyber Enterprises and my question is, does China utilize NIST? And where do you see the future of NIST with innovation? Two questions, champagne. So two questions. One, fuse on Chinese VCs and the second question was, does China use the NIST framework and or, and maybe to cast that wordly, do we have a sense of what sort of standards and frameworks that they are using for their cybersecurity? So at the risk of overstepping my level of knowledge about the SIFIUS process in the United States, I think it's, you can generally say that a company having some Chinese investment around the world isn't necessarily going to immediately encounter trouble making investments or doing business with the US under the existing Committee on Foreign Investment in the US framework. That framework as it stands now is designed to assess usually majority stake or total acquisition, you know, controlling stake, you could say transactions for real national security priorities and in the case of a national dairy, I think that's what you said. You know, there was congressional push to review the major transaction where a Chinese firm bought Smithfield ham and you know, there were people making arguments that this is America's food security and this and that in any way, the Committee decided that after all, this was international security threat. So that's the current regime. It'd be another story to get into what might happen to SIFIUS in the future but for now, the mere fact of Chinese investment, I don't think is a major risk factor. Well, I would just add to that though that under legislation that will likely be proposed soon in Congress by Senator Cornyn, there is an attempt to expand some of the things that would kick off of SIFIUS investigation so that could include minority investments and minority stakes in companies. So there's gonna be a vigorous debate about that and there already is within the Treasury Department and others about how, because there's reluctance to mess with the underlying legislation but there could be over the next number of months an attempt to expand that which could cast new light on investments and particularly in high tech sectors. I think the concern is that things like AI, semiconductors, robotics and automation is going to be. And the last question before I wrap up, do we have a sense of what the Chinese themselves are using as the framework for that that runs inside the security regime? Well, I know recently they, in measures put out by Ministry of Industry and Information Technology earlier this year, they called for a sort of national sort of cyber threats database and they very specifically, at least directed subordinate organs to come up with and standards for IOCs and information sharing. It'll be interesting to see what comes out of that, whether they use NIST as a framework. I'm sure they might borrow some concepts from it but that I don't know. So just before we wrap up, I'm going to ask the panelists to tell me, or tell you in fact, what they're working on and what they think we should be looking forward as we develop this digital China blog. We look into the future of sort of Chinese digital economy. What have you guys got in store for the people who have been listening to us today? We'll go down. Paul. I'm particularly interested in the digital Silk Road because one thing we haven't mentioned yet today is One Belt One Road or the Belt and Road Initiative and I think there's a lot of hype about that, a lot of confusion and so one of the things I'm trying to kind of get my head around is what really is the digital Silk Road and how will that play out in the next, particularly two years? It'll probably come up at the WIC in December. There was a big panel on it last year which was essentially a Chinese company saying whatever we're doing along these countries is sort of One Belt One Road. But I think there's been a lot in the media recently about data centers, Huawei and other companies wanting to build data centers along countries along the One Belt One Road. So I think that's gonna be a big growth area in the next one to two years. Grant. There's gonna be a lot to look at but one thing already on our radar is there is a draft or full standard out on personal data protection and this is the standards set at a level separate from more explicitly binding measures and laws but they have force as adopted by various organizations and enforcement measures. And so we're gonna be looking at what and how personal data protection is framed, what it means in terms of comparing with international norms of privacy and this also meshes quite happily with the mandate that is in their AI national plan to think through the privacy implications of AI and that's something that's just a little bit further down the road as we look at all the materials. I'm also really interested in this evolving data protection regime in China and how China's approaching it, particularly given all the internal debate that we see around this issue. I'm also working on a big study which will release in early January assessing innovation in China's internet sector specifically. Are these companies able to be competitive and innovative globally is the next big question. And last question. So two things I'm gonna concentrate on in the next few years is crime. Not me doing it, but just. You have to raise money somehow. Yeah. Hey, do you see the cost of living? No, Chinese like we talk about Chinese law enforcement always from cracking down on dissidents and cracking down on internet control. And I think it's definitely warrants attention, but how are law enforcement actually changing things for the better and the Chinese internet and cracking down on cyber crime and how are cyber criminal communities responding? Second to that is how is China, intelligence apparatus gonna shift to support private sector capacity for cybersecurity? And I think that's a major question I see over the next year and two years. Things like how the Chinese cert going to interact with state security apparatus, how they're gonna serve this sort of national database. That sort of, how do I put it, anodyne but still important side of cybersecurity. How is that gonna work in China? I think that's an uncovered aspect and I look forward to looking into that. Ladies and gentlemen, I hope you agree with me. This has been absolutely fantastic. So please join me thanking Paul Triolo, Graham Webster, Sam Sacks and John Costello. And we didn't even mention Bitcoin.