As Chinese President Xi Jinping prepares to travel to Seattle next week to meet with numerous tech executives, including Apple CEO Tim Cook and Microsoft co-founder Bill Gates, Silicon Valley’s delicate relationship with China has been thrust back into the forefront.
For companies like Google, Facebook and Twitter, breaking into China has proved difficult, if not impossible. CloudFlare, a $1 billion San Francisco startup that offers cloud-based optimization and online cybersecurity protection, this week announced its entrance into the market, which came about through a partnership with Baidu, the largest search company in China.
CloudFlare and Baidu’s partnership, established a year ago but announced this week, helps websites in China load more quickly than ever while protecting websites around the world from denial-of-service attacks originating from China. CloudFlare’s system is an intricate network of datacenters spread across the world. In order to offer its service in China without entering the country and becoming subject to the government’s invasive regulations, CloudFlare teamed up with Baidu, which has set up its own network of datacenters built to CloudFlare’s specifications. It also transferred its technologies to Baidu, a risky bet that required a high degree of trust.
CloudFlare CEO Matthew Prince recently spoke with International Business Times about his company’s partnership with Baidu, cybersecurity, state-on-state hacking, Xi's Seattle visit and the difficulties Google and Facebook face with entering China.
International Business Times: How did this partnership come about, and how does it benefit CloudFlare's customers?
Matthew Prince: In 2013, due to our growth, a number of different Chinese entities approached us to work together. We chose who we thought was the best of those potential partners, which was Baidu, the Google of China, and we’ve worked with them to take advantage of their existing infrastructure and the data centers that they have to turn up a feature-compatible version of CloudFlare inside of China.
What that means for CloudFlare customers outside of China is that if they care about the Chinese market, they can now all opt in to have us serve their content inside of China and it’ll load up significantly faster. At the same time, a lot of the largest attacks that we see come from inside of China, so now we have the ability to stop those attacks inside of China.
China has over 700 million active Internet users, and we’ve just made the Internet a lot faster for all of them. For our customers, we’ve given them access to those 700 million potential customers.
IBT: This partnership will help you guys make the Internet safer?
Prince: Yup. That’s right. There are more connected devices in China now than anywhere else in the world, and just like anywhere else in the world, there are some risks that those devices will get compromised with malware or become part of a botnet (a network of infected computer devices often controlled by hackers). When we see very large things like denial-of-service attacks, oftentimes China is one of the biggest sources of those attacks. That doesn’t necessarily mean the attacker is in China, but they’re using botnets that have a large component inside of China.
Previously, a lot of that attack traffic would end up impacting our facilities in San Jose and Los Angeles. What we’re able to do now is actually have those attacks get sinkholed inside of China.
IBT: China has a history of copying American tech companies. Are you afraid that could happen to CloudFlare?
Prince: From the beginning, CloudFlare has open-sourced almost everything. The value of what we provide comes from two things that are very difficult to replicate. The first is the network of datacenters that we’ve built around the world. That network is something that’s extremely difficult for anyone, even a company like Baidu, to replicate. We’re turning on a new data center per week throughout this year. That itself, and how it’s structured, is very difficult to replicate.
The more important one is the threat data which comes off of our systems. If at any point we had some problem with Baidu or any other partner, we turn off the spigot of that threat data, and the value of the underlying code goes to zero. The value is really in the network and the data that the network receives.
IBT: Exactly how delicate is this relationship with Baidu and China?
Prince: Any partnership is only good if both sides are getting something out of it and if it’s costly for both sides to potentially unwind it. In this case, the Baidu team has invested heavily in building out a network to our specs across mainland China. That network only has value if it is fed by the data that comes off of the rest of our global network. If at any point Baidu tried to walk away and replicate this themselves, they’d have a number of different challenges.
On the other side, we think of China as an absolutely critical network. If at any point we don’t act as good partners, Baidu can say, “You don’t get to use our network inside of China.” In that sense, both of us have something to lose in the relationship if things don’t go well. That’s the negative view. The positive view is, we both have a lot to gain if things do go well.
IBT: Could Google or Facebook -- companies that are not in China today -- emulate how you were able to enter China?
Prince: It’s a quarter of the Internet’s population. One out of four people on the Internet is a Chinese Internet user. If your mission, like CloudFlare’s, is to help build a better Internet and you don’t have any presence inside China, then the best you can promise is that you’re helping to build three-quarters of a better Internet. It’s an absolutely critical region for us to address.
The same thing is true for Google, Uber and Facebook. The question is, how do you get that access? From a regulatory perspective and also a technical perspective, Chinese Internet is governed very differently from the rest of the world. The challenge is, how do you get access to the market while ensuring that you can stay true to the principles of privacy, security and an open Internet?
In our case, I think we had an easier time with that than someone like Facebook does. Facebook inherently creates a graph that interconnects all of their users together. That inherently means that users who are outside of China effectively get drawn into China. We designed a system where a user inside of China is treated completely differently than a user outside of China. And because CloudFlare doesn’t have any operations inside China ourselves, we’re not ever forced into a position where the Chinese government could ask us to reveal some piece of information about a customer.
IBT: How important is Xi's meeting with tech executives for U.S.-China relations?
Prince: What’s important is less one particular meeting and more that there continues to be a dialogue between China and the rest of the world in terms of what their policies are. It’s easy to say, “Oh there are no problems in China” and go on your merry way. It’s also easy to villainize China and say, “You can’t trust them with anything.” I think that the truth lies somewhere in between. There are clearly things about the Chinese Internet that are very different than the rest of the world and don’t necessarily align with U.S. values, but frankly there are things that are different about about the U.K. Internet and the Russian Internet. The Internet has its own different regional complexities. Having more discussions around that is always important.
We’re definitely watching very carefully what happens at the meeting. There are days when it feels like there are increasing crackdowns by China to isolate its Internet from the rest of the world, and there are days when it feels like it’s opening up more.
IBT: What has been most surprising to you about dealing with China?
Prince: One thing which has been a surprise to me is that we talk about the Chinese Internet policy as if it’s one thing, and the reality is that any government is made up of multiple branches or divisions. In the U.S. there is the Federal Trade Commission, the Federal Communications Commission, the Federal Aviation Administration, the Treasury Department, the Pentagon, the NSA, the CIA, the FBI -- there are all these different parts of it, and a lot of times they don’t necessarily agree. Similarly, there are some aspects of the Chinese government that believe they should be much more open and much more like the U.S., and there are some parts of the Chinese government that if they could have their way, they’d shut the Internet down entirely.
What’s useful about this summit is that it can help us figure out what is going to be the Chinese policy. This is going to be one of those opportunities where the president of China is going to be able to say, “Here’s what the policy is,” because we’ve heard a number of different perspectives. That’s what I’ll be watching for. It’s a complex system like ours except that there are four times as many people living there. It’s almost unimaginable.
IBT: There are some who say Xi may be using his Seattle trip to highlight the rift between Silicon Valley and the Obama administration, which is preparing sanctions against China. What do you make of it?
Prince: Obviously there’s real concern when networks are being compromised and it makes it much harder to trust various organizations and various countries. And a lot of the mistrust that you read in the U.S. press comes from that. I’m hopeful that policies can be put in place that make it so that cyberattacks are not acceptable, but mostly, what we at CloudFlare are going to do is keep protecting our customers from any attacks that we see.
I’m just glad I’m not president of the United States. I’m also glad I’m not president of China.