China agrees not to spy on the U.S. in cyberspace,but experts say ‘promises don’t get us very far’

China agrees not to spy on 

the U.S. in cyberspace,but 

experts say ‘promises don’t get 

us very far’

Elise Viebeck, Washington Post | September 28, 2015 

Xi Jinping, China's president, left, and U.S. President Barack Obama walk from the Oval Office to a joint news conference in the Rose Garden at the White House in Washington, D.C., U.S., on Friday, Sept. 25, 2015.

Barack Obama and Xi Jinping dined together on Thursday and Friday, but you can bet that there is no love lost between their countries in cyberspace.

In talks at the end of last week, the presidents of the United States and China agreed not to spy on each other in cyberspace for economic reasons. China is one of the United States’ top cyber adversaries, and U.S. officials blame the Chinese government for sponsoring a long list of corporate and government hacks in the past several years. To put it in perspective, former NSA director Mike McConnell said in March that there is virtually no major American company that the Chinese government has not hacked. U.S. officials had threatened to impose economic sanctions on Chinese companies that benefited from the hacks.

“The question now is,” Obama said at a news conference with Xi on Friday, “are words followed by actions?”

The problem came into sharp relief last week, when the Office of Personnel Management estimated that 5.6 million – instead of 1.1 million – fingerprints were stolen when hackers breached its system. Federal officials and cyber experts blame China – they suspect that Beijing is building a massive database of information about federal workers for use in espionage – but so far, the United States has not accused China publicly.

Setting the tone for Xi’s visit, Susan Rice, the White House’s national security adviser, said that Chinese hacking poses an “economic and national security concern to the United States.”

Related

• Giant hack of millions of U.S. government files may be the key for foreign spies to plunder even more secure info
• Government of Canada websites under attack, hacker group Anonymous claims responsibility
• ‘Ideological security is of the utmost concern’: Meet ‘The Great Cannon,’ China’s latest cyberweapon

“It puts enormous strain on our bilateral relationship, and it is a critical factor in determining the future trajectory of U.S.-China ties,” Rice said.

As if in response, Xi spoke about the issue on Tuesday in Seattle, telling U.S. business executives that China is strongly committed to cybersecurity norms and is a victim of hacking itself. “The Chinese government will not in whatever form engage in commercial theft, and hacking against government networks are crimes that must be punished in accordance with the law and relevant international treaties,” Xi said.

How should U.S. officials interpret and respond to Xi’s promise? Can he be taken at his word? We asked five experts to weigh in. Here is what they said:

Scott Bates, president of the Truman Center for National Policy:

“It’s important to remember that the largest acts of espionage against the United States in this century have emanated from cyber attacks based in the People’s Republic of China. Xi is either not in control of those inside his own country originating cyber attacks against the United States, or his pledges do not reflect today’s reality. Either way, we cannot take his statements on cyber security seriously until China begins to follow some basic rules of the road.”

Rep. Adam Schiff, D-Calif., ranking member of the House Intelligence Committee:

“President Xi’s commitment that China will not engage in commercial theft would be as dramatic a departure from Chinese practice over the last decade as it would be welcome. No nation has done more to advance its economic interests through the theft of the work product of others than China, and we will soon be able to detect whether Xi’s words mean anything more than a friendly gesture. If they do not, I would strongly support a policy of increasing consequences for continuing Chinese government-sanctioned cyber theft.”

James Lewis, senior fellow at the Center for Strategic and International Studies:

“The Chinese are trying to position a deal or a good outcome for the summit, and hope this pledge will help do that. It won’t, because he can’t deliver. Promises don’t get us very far.”

Bruce Schneier, fellow at Harvard Law School’s Berkman Center for Internet & Society and author of “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World”:

“I think it’s posturing. It’s basically the same thing that the U.S. says, and the U.S. hacks foreign government and corporate networks all the time. The problem is that there aren’t any laws that protect foreign networks, and there aren’t any relevant international treaties that limit commercial espionage. So I wouldn’t expect China to be any less aggressive on the Internet than the U.S. is.”

Adam Segal, senior fellow for China studies at the Council on Foreign Relations:

“A positive first step, acknowledging the problem and stating that Chinese government will not conduct (attacks). But we will have to wait and see what this means in reality. Many of the attacks are conducted by proxies, giving China deniability, and Beijing questions U.S. ability to attribute hacks to specific groups, which may also give it some wiggle room.”