A Socio-Technical Analysis of China's Cyber Security Policy: Towards Delivering Trusted E-Government Services
20 Pages Posted: 31 Mar 2017 Last revised: 16 Aug 2017
Date Written: March 31, 2017
On November 7, 2016, the Chinese government released a comprehensive new National Cybersecurity Law, with broad coverage of industrial sectors such as energy, transportation and information networks, and implications for disparate areas including data protection, privacy, and state surveillance, besides the security of information networks. On February 4, 2017, the Cyberspace Administration of China (CAC), charged with enforcing the Cybersecurity Law, produced a consultation draft for new administrative rules for online products and services, in preparation for June 2017 when the law goes into effect.
This paper examines the potential implications of the cybersecurity law and its operational rules on one of the many areas impacted by the law, namely the provision of e-government services. Specifically, it investigates whether (and how) the provisions of the law and its operational rules are likely to impact trust in e-government services, and consequently on the utilization rates of these services by consumers. Research has established that trust is a key predictor of the adoption of e-government services, and that security is a prime component of trust (Belanger & Carter, 2008; Borgman, Mubarak & Choo, 2015; Hung, Chang & Kuo, 2013).
To investigate the possible impact of the new cybersecurity law on trust in e-government services, we apply the organizing framework of socio-technical systems (STS) theory, which visualizes that human and technical elements interact and are reciprocally shaped within complex systems (Walker, Stanton, Salmon & Jenkins, 2008). Neither technical capabilities or human behaviors are “given,” but are iteratively modified and jointly optimized. STS theory has been frequently used to evaluate ICT policies (Kim, Shin & Lee, 2015). In line with the STS framework, we ask the following questions: 1). How have the current technical aspects and organizational practices of e-government in China affected citizen’s trust in and utilization of e-government services? 2). What technical and organizational aspects of e-government services are affected by the new cybersecurity law and its operational rules, and in what manner? and therefore, 3). What is the likely impact of the new cybersecurity law on delivering trusted e-government services, and increasing their utilization rates?
To answer these questions, we utilize prior survey research on citizen attitudes towards e-government in China, and a variety of sources on the e-government specific provisions of the cybersecurity law including the text of the legislation and the consultation draft rules, other government publications, industry reports, and academic articles. In addition, we conduct interviews with provincial and local government officials and technical staff directly responsible for providing e-government services.
After examining the potential impacts of the cybersecurity law on e-government, we conclude with recommendations on the further steps the government may need to take to promote the uptake of e-government services. Of special relevance is better coordination and information-sharing between local governments in charge of implementing e-government services and the central government that determines the technical and operational characteristics of information infrastructures. We also comment on the role of ICT vendors, and on the importance of personal data rights protections among stakeholders. China’s experiences with its cybersecurity law and other ICT policies will also be of interest to other countries as they embark on their information infrastructure initiatives.
Belanger, F., & Carter, L. (2008). Trust and risk in e-government adoption. The Journal of Strategic Information Systems, 17(2), 165-176.
Borgman, B., Mubarak, S., & Choo, K. K. R. (2015). Cyber security readiness in the South Australian Government. Computer Standards & Interfaces, 37, 1-8.
Hung, S. Y., Chang, C. M., & Kuo, S. R. (2013). User acceptance of mobile e-government services: An empirical study. Government Information Quarterly, 30(1), 33-44.
Kim, H., Shin, D. H., & Lee, D. (2015). A socio-technical analysis of software policy in Korea: Towards a central role for building ICT ecosystems. Telecommunications Policy, 39(11), 944-956.
Walker, G. H., Stanton, N. A., Salmon, P. M., & Jenkins, D. P. (2008). A review of sociotechnical systems theory: a classic concept for new command and control paradigms. Theoretical Issues in Ergonomics Science, 9(6), 479-499.
Keywords: cybersecurity, e-government, trust
Suggested Citation: Suggested Citation