US-China cyber agreement, the hotline, and the “knowingly” qualification
by Chris Zappone
Xi Jinping’s US visit has yielded a modest agreement between the US and China regarding hacking. Very modest.
Stopping, or at least slowing the theft of US commercial data that can aid foreign businesses is a central concern to the US. But the one line that addresses this phenomenon in the agreement has a troubling qualifier in it.
“The United States and China agree that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
“Knowingly” makes all the difference. Because if China’s government is unaware of the commercial hacking efforts, it’s hard to hold Beijing responsible.
Possibly the most tangible result is the establishment of a hotline to be used with a group of high-level officials on both sides, to support “fighting cybercrime and related issues.”
On the US side it will include:
The Secretary of Homeland Security
The Attorney General
with input from the FBI and intelligence agencies.
On China’s side:
An official at the ministerial level
the Ministry of Public Security
the Ministry of State Security
the Ministry of Justice
and the State Internet and Information Office
But the wording suggests this is separate for the all-important issue of commercial hacking. That use of hacking would come under the “search for norms” statement on China and the US.
“Both sides are committed to making common effort to further identify and promote appropriate norms of state behavior in cyberspace within the international community.”
Already US Director of National Intelligence James Clapper has said he wasn’t optimistic the deal would slow China’s cyber onslaught.
The same Reuters report contains this line: “…there were questions about the extent to which it was orchestrated by the Chinese government.”
Either the Chinese government is masterminding and controlling these raids on valuable US corporate data and hiding its hand in them, or the Chinese government is not fully in control of them. In fact, in many cases, the Chinese government is helpless to control them. Hence, the “knowingly” clause of the agreed pledge.
If that’s the case, it says a lot about the division of power within China, with central authorities themselves unable to rein in the activity. I suspect the real importance of this agreement about economic hacking may be how much it tells the world about the kind of control Beijing exercises over hacking taking place on their territory. To be fair: the US struggles to police hacking within the US. But when the target is high-profile enough, US authorities throw resources at it.
Robert Knake of the CFR sees another future implication of the deal. He notes that under the terms of the deal, China is expected to respond to requests for law enforcement actions from the US. “This is how the United States will measure the Chinese commitment,”
A big part of the BRICs rise is the elevation of BRIC-level governance onto the world stage. So it remains to be seen how China handles this challenge. But I suspect it’s quite a bit different from the twilight of the Cold War, with its treaties and dialogues that were effective in changing the world. We’re all still searching for the new rules. I imagine they will only become apparent after more crises.