China questions the safety of open source code amid sanctions and tech dependency risks, but can it build a viable alternative?

·6 min read

Debate about whether China can rely on open source codes, particularly those that originate in the West, has been growing in the country amid rising geopolitical and technology tensions, fanned by Russia's invasion of Ukraine in late February.

One view gaining traction in China, the world's second-biggest economy and a major consumer of open-source technologies, is that it must become more independent from the global open source community and bolster its indigenous ecosystem to avoid being exposed should global tensions ratchet up further.

Such concerns increased after popular open source software companies, such as Red Hat, announced that they would curtail their operations and discontinue services in Russia after it invaded Ukraine, dealing a major blow to the country's tech sector.

Do you have questions about the biggest topics and trends from around the world? Get the answers with SCMP Knowledge, our new platform of curated content with explainers, FAQs, analyses and infographics brought to you by our award-winning team.

Zhou Hongyi, founder of Chinese cybersecurity company Qihoo 360, has said that it should not be taken for granted that open source codes will remain free from sanctions in future.

Zhou Hongyi, Chinese billionaire entrepreneur, co-founder, chairman and CEO of the Internet security company Qihoo 360. Photo: SCMP/Simon Song alt=Zhou Hongyi, Chinese billionaire entrepreneur, co-founder, chairman and CEO of the Internet security company Qihoo 360. Photo: SCMP/Simon Song>

Zhou, also a top Chinese political consultant, said in a Weibo post that current "open-source technologies are mainly led and controlled by Western countries" and that China's security "will be a castle built on sand" if it continues to have no control over underlying codes.

Chinese database software vendor shrugs off sanctions risk on using open-source code from Oracle's MySQL system

This opinion has been backed by several industry watchers and state media, as a broader campaign to shake off foreign influence over China's economy gathers pace. It would also ease pressure on many domestic technology firms, which have had to dismiss allegations that they are at risk of sanctions for being overly dependent on Western database technologies and source codes.

The withdrawal of open source software developers from Russia following the invasion of Ukraine has left that country without viable options and that is another alarm bell for China, said Aseem Prakash, who works for Toronto-based consulting firm the Centre for Innovating the Future. As such, a rethink of China's technology strategy has been given added urgency.

"China will likely seek to reduce its dependence on open-source software in the same way that it is trying to rely less on Western-origin tech," said Paul Haswell, Hong Kong-based partner at law firm Seyfarth Shaw. This reflects concerns over possible sanctions but also China's desire to become more self-sufficient in core technologies, added Haswell.

Open-source technologies, which by definition are public and accessible to anyone connected to the internet to run, copy, modify or share, have been a huge contributor to China's flourishing tech industry over the past few decades.

Because of their flexible and easy-to-use nature, both tech companies and the government have embraced open source codes to spur software development. Nearly 90 per cent of Chinese companies use open source software, according to a report last year by the government-affiliated think tank China Academy for Information and Communications Technology.

Photo: Gitee alt=Photo: Gitee>

However, tough US sanctions placed on telecoms giant Huawei Technologies Co in 2019 for alleged threats to US national security - which have hobbled its global smartphone business - touched a raw nerve in China.

Beijing has since become increasingly worried that the country's heavy dependence on open source technologies, which are mainly developed and hosted by Western countries, could eventually backfire and become a major weakness amid rising geopolitical tensions.

The Ministry of Industry and Information Technology (MIIT), the top regulator of China's internet sector, has adopted a top-down approach to speed up a decoupling process and the development of domestic alternatives.

In June 2020, Chinese tech giants including Post-owner Alibaba Group Holding, Tencent Holdings, and Baidu established the country's first open-source software foundation, the Open Atom Foundation. It is governed by MIIT and manages some high profile open-source projects, such as Huawei's Open Harmony mobile operating system.

In the same year MIIT also hand-picked Gitee, a source code hosting platform backed by a group of 10 organisations including Huawei, government-affiliated research institutes, and universities, to build a China-centric open source ecosystem and fend off the influence of San Francisco-based and Microsoft-owned GitHub.

The government-chaired effort to build an indigenous open source industry has expanded quickly. In 2021, the industry raked in over 5 billion yuan of investment (US$750 million), according to a research report published by Gitee in January. Meanwhile, the code-hosting site has attracted a total of 8 million users and more than 20 million projects, Gitee said, making it the second-largest open source community in the world behind GitHub.

But despite this strong growth, some developers are wary of the strong state control over China's open-source community. For example, many repositories are grabbed directly from GitHub and transferred to Gitee to facilitate the development process, and as such the government is always on the lookout for sensitive material buried in the code.

Last month, Gitee said it would temporarily close and review all public code repositories on the site after Beijing tightened internet content controls, sparking anger in some sections of China's developer community.

"The platform has no choice but to act under government pressure," said a Shenzhen-based software developer at Huawei, who is an active user of both Gitee and Github. "But this process is extremely unorganised and slow, which is destructive to the domestic open source ecosystem," said the developer, ​​who asked to remain anonymous as the matter is sensitive.

In the meantime, the Chinese government has also demanded a mass procurement of domestic software to help expand the market for home-grown companies and replace foreign products, Bloomberg reported last month. However, some Chinese netizens have posted on social media that they have had to re-download Microsoft's Windows as many popular programs run poorly on domestic operating systems.

Building an operating system is relatively easy, said a Beijing-based back-end engineer at e-commerce giant JD.com. The difficult part is to build an open and welcoming ecosystem that can attract more users and software developers, which eventually forms a positive cycle, said the engineer who also asked to remain anonymous due to the sensitivity of the issue.

"It's smart for the government to embrace the innovative energy of open source to boost its own technological advancement," said Kevin Xu, senior director of global expansion & partnerships at GitHub, in his blog Interconnected. "But no government can or should try to 'nationalise' open source ... it's dangerous to think you can."

This article originally appeared in the South China Morning Post (SCMP), the most authoritative voice reporting on China and Asia for more than a century. For more SCMP stories, please explore the SCMP app or visit the SCMP's Facebook and Twitter pages. Copyright © 2022 South China Morning Post Publishers Ltd. All rights reserved.

Copyright (c) 2022. South China Morning Post Publishers Ltd. All rights reserved.