Can the United States and China Make Peace in Cyberspace?
Experts say inking a cyber deal has never been more important -- or more difficult.
As Chinese President Xi Jinping continues his official visit to the United States, cyber security — and the possibility of a first-ever cyber arms deal between the United States and China — rank high on the agenda. In this ChinaFile conversation, experts discuss the possibility of a major attack on critical infrastructure, the difficulty of inking a cyber deal, and how the United States can continue to defend free speech in the face of Chinese online censorship.
Rogier Creemers, research officer at the Program for Comparative Media Law and Policy at the University of Oxford:
The good news is that we will most likely not see devastating cyber assaults with spill-overs into the kinetic realm between both nations. The probability that China switches off the lights in New York City or that the United States switches off the lights in Shanghai is negligible. The reported talks on a sort of agreement about proliferation in the cyber realm demonstrates that there is a recognition on both sides that there are worst case scenarios that must be avoided. However, the importance of this agreement must not be overstated: neither side currently has an interest in causing serious bilateral conflict. In that sense, the agreement is an empty gesture: a promise not to do something neither side was planning anyway, without strong implementation and monitoring measures.
And this brings us to the bad news, which is that irritation and tensions will continue to persist in the relationship.
Some American voices have accused China of tone-deafness to U.S. concerns on cybersecurity. Yet a close read of authoritative party media shows that the well-known allegations of economic cyber-espionage are, at least, mentioned. They are, however, always connected to the claim that the United States is equally tone-deaf to China’s worries and insecurities. Some of these are existential: the Chinese policy sphere is rife with writings about the regime-changing intentions of “foreign hostile forces”. Moreover, in Chinese policy circles, it is claimed the Snowden revelations have amply demonstrated that the United States merely use their views and values as an insincere pretext to pursue narrow self-interest. The result is that China has adopted a consistent defensive strategy that is closely matched to its actual capabilities, making for a relatively strong bargaining hand. Exacerbating this problem is the fact that the United States rarely has followed through on its stated intentions, creating an image of weakness.
But perhaps most problematically, it seems that — beyond wanting an end to economic espionage — the U.S. government doesn’t have a realistic scenario for where it wants the cyber relationship to go, and how to get there. Most importantly, it is necessary to consider what actually can be achieved. Many aspects of Chinese Internet governance are unlikely to change any time soon, regardless of any U.S. input. There are few incentives to relax policy on online speech, or change Beijing’s stance on China’s cyber sovereignty. Political capital spent in these areas will strengthen the agenda of hawks in Beijing, without any significant progress on the ground. Rather, priority should be given to interests that are mutually significant and immediately relevant, as well as to developing better structured channels for consultation and negotiation. Lastly, the United States will need to bear in mind that, as its leadership in cyberspace is considerably less dominant than in the past, it will face the argument that other countries are equally entitled to conduct similar actions.
Charlie Smith, pseudonymous spokesman for GreatFire.org, an organization which monitors and circumvents Chinese censorship:
The most that will come out of this meeting is the start of a discussion about how to set up a nonproliferation agreement on cyber warfare. But it will likely be a long time before we ever see anything concrete put in place.
One of the difficulties in hammering out an agreement is defining which attacks should be considered as “cyber attacks.” The bigger semantics question, however, is whether or not the Chinese authorities consider the great firewall to be “critical infrastructure” and thus protected under any peace agreement. They likely will argue that it is, and that attacks on the great firewall should be protected under any truce.
China demands respect for its desire to maintain cyber sovereignty and, in March of this year, unleashed a cyber weapon, the Great Cannon, in an effort to disrupt overseas websites that were delivering uncensored and stability-threatening information into China, including ours.
China and the United States are at opposite ends on the issue of freedom of speech. Earlier this month, The New York Times published a story claiming that the Obama administration would consider countering Chinese cyber attacks by dismantling the great firewall. It’s clear that the U.S. government does not consider censorship to be critical infrastructure, and rightly so.
If Washington plays its cards right during Xi’s visit, it could secure China’s promise in working together to deter cyber attacks while finally making the decision to ramp up their efforts to tear down the great firewall. The U.S. government has invested in many Internet freedom projects — now is the time to make sure they have what they need to bring down the world’s most sophisticated censorship apparatus. Beat online censorship in China and you can beat it anywhere. As an added benefit, this would also open the market for the thousands of global Internet and media companies who have seen their websites blocked by the Chinese authorities.
The U.S. government should take the opportunity of what will be an unamenable Xi delegation to put into action a plan to achieve Internet freedom in China. This could include:
- Pledging continued financial support for the development of circumvention tools.
- Putting pressure on U.S. companies to reverse their decisions to cooperate with the censorship demands of the Chinese authorities. The first meetings should be with executives from Apple and LinkedIn.
- Developing a defense mechanism to protect against DDoS attacks (like the Great Cannon) which try to induce self-censorship.
- Putting pressure on Chinese companies operating in the United States or listed on U.S. stock exchanges to limit their censorship of users outside of China.
These actions, which would arguably lie beyond the parameters of a cybersecurity agreement, would send the right signal to the Chinese authorities, and would be a far more effective deterrent for future cyber attacks than a last-minute, cobbled together Memorandum Of Understanding. Ultimately, this course of action also would bring freedom of access to information to hundreds of millions of people around the world.