Lingering Questions over the U.S.–China Cyber Affirmation
One of the biggest takeaways from Chinese President Xi Jinping’s recent state visit was the announcement that Washington and Beijing agreed “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” The language is straightforward in English as well as in the Chinese version appearing in state media. In addition to the affirmation, Obama and Xi approved a high-level joint dialogue mechanism to fight cybercrime and related issues. The Chinese side includes the Ministry of Public Security and Ministry of State Security as well as several other relevant departments. The cyber-related announcements proved wrong the pessimistic expectations of Xi’s state visit. One long-time China watcher, based on his conversations with People’s Liberation Army (PLA) officers in Beijing, wrote just ahead of the Obama–Xi meeting that no such cyber accord would be possible.
Optimists will see the joint affirmation (agreement is too formal a word) as a turning point in the relationship and the possible end to one of the issues poisoning the U.S.–China relationship. The joint affirmation and the accompanying cyber dialogue mechanisms, however, leave some troubling questions unanswered. Moreover, although it appears China now agrees with U.S. views about acceptable targets for national intelligence efforts, the language — “with the intent of providing competitive advantages” — requires an additional set of changes in thinking that may not be possible amid Sino–American distrust. If the affirmation fails to curb Chinese intellectual property theft — as even Director of National Intelligence James Clapper fears — those words intended to save intellectual property from government theft may become yet another broken promise littering the U.S.-China relationship.
First, President Xi echoed previous statements from Beijing that China does not steal intellectual property as a matter of policy and certainly not across cyberspace. The evidence has accumulated to the point where that statement cannot be treated as anything other than a deliberate falsehood. However, if China does not steal intellectual property, then an affirmation not to do so is meaningless. One hopes that the Chinese side admitted, at least privately, that China’s intelligence agencies have stolen intellectual property before agreeing to the U.S.–China joint statement. Otherwise, the situation appears to be that Beijing is pretending that the cookie jar does not exist after its hand has been caught in it.
The joint statement could be nothing more than another version of Xi’s “new type of great power relations.” This touted catchphrase frames the problems in the U.S.–China relationship as the result of Washington’s actions, and Washington, therefore, is the only side that needs to rectify its policies. The concept, which some Americans have embraced, and related discussions omit issues, like Chinese theft of U.S. intellectual property and interference with freedom of navigation, that Washington has raised repeatedly as problems in the relationship.
Second, the absence of the PLA in the agreement casts a shadow over the effectiveness of any mechanism to file requests about alleged violations of Chinese civilian and military intelligence collectors hacking foreign companies. The Ministry of Public Security and Ministry of State Security do not have the authority to enter PLA compounds to conduct investigations and make arrests. Other Chinese security organizations, like the State Secrets Bureau, have separate military elements and so also cannot access the PLA. The Ministry of National Defense is the PLA’s mechanism for dealing with non-military organizations; yet, even they are not a part of the Sino–American committee to handle law enforcement issues dealing with cyberspace.
The PLA has a critical role to play, not only because they are one of the most significant Chinese perpetrators of commercial theft, but also because they reportedly provide key members to the foremost Chinese policymaking body on cyberspace, the Central Network Security and Informatization Leading Small Group.
Action rather than words will define what happens next. For PLA watchers, its obedience to the party’s commands is axiomatic. The PLA stood by and saluted as a succession of leaders made decisions that sacrificed military modernization for other political objectives. Deng Xiaoping actually cut the defense budget steadily through the 1980s. Jiang Zemin initiated the PLA’s exit from business that, while partially compensating for defense budget shortfalls, personally enriched military officers. If Xi Jinping and the Chinese government intend to stand by the cyber affirmation, then a dramatic drop-off in Chinese cyber espionage should be visible within weeks because the PLA would be the first of the Chinese agencies involved to draw down systematically and redirect its resources — unless foreign observers have profoundly misread the party–PLA relationship. If such a drop-off is not seen, then the most likely explanation is that Xi had no intention of abiding by the affirmation.
I would welcome being proven wrong on these potential problems with the U.S.–China statement. In the best case, China blinked and accepted the nearly unique U.S. understanding that there are distinctions between intelligence collection for companies’ commercial benefit and for the governments’ national security. Moreover, Washington effectively deterred China from continuing to operate on a different set of rules and restored some credibility in an area where the threats of action against China leaked repeatedly to the press never materialized.
Unfortunately, it appears both the sides may be setting each other up for another broken promise, and broken promises have undermined the pragmatic but optimistic atmosphere of the U.S.–China relationship as it matured in the 1970s and 1980s. Here are just three examples of significant promises broken over the years. First, Henry Kissinger promised Zhou Enlai a nearly complete withdrawal of the U.S. security presence in Asia and keeping the U.S.–Japan alliance in place to restrain Tokyo’s security options, but the 1990s saw Washington use the alliance to push Tokyo to “normalize” its defense policy and play a greater security role internationally. Second, Beijing made numerous agreements to protect intellectual property in the 1990s, not the least of which were World Trade Organization commitments, but Chinese theft only seems to have gotten steadily worse. Third, Washington reneged on its commitments to decrease and eventually cease arms sales to Taiwan in the Third Joint Communique issued in 1982: Arms sales have increased slowly but steadily since the early 1990s. Both sides have overpromised, seemingly choosing expediency in dealing with each other rather than thinking through the implications of broader policies.
These broader views of appropriate policy seem to make the cyber affirmation untenable, as both sides will continue to collect intelligence with potential commercial value. As others have noted, China views its activities in cyberspace in the commercial, economic, and national security realm as a part of comprehensive national power and protecting China’s developmental path. Accepting the U.S. interpretation requires Beijing to disaggregate its policy toolkit in unprecedented ways. Additionally, the vast scientific and industrial information complex in China serves to promote national development, not Chinese companies’ competitive advantage. Such a distinction probably will not find open ears in Washington, nor will China’s acquisition of dual-use technologies in strategic fields, like telecommunications, for national defense modernization.
DNI Clapper says the United States should “trust but verify;” however, verification almost certainly would demand the use of invasive intelligence methods to access Chinese corporate networks — or, at least, their communications. This would require Beijing to trust that the United States will not pass on that information to American companies. Moreover, the fine distinctions that Americans want to draw between supporting commercial companies and collecting intelligence on foreign scientific developments and their related economic base also ask Beijing to accept U.S. government support to defense-industrial companies that now increasingly compete internationally, including with some Chinese firms. This seems like a little too much trust to ask of two governments that increasingly mistrust the intentions of one another — or at least of a Chinese government fearful that the United States secretly intends to subvert and change the regime.
Strategic distrust may be a popular buzzword for discussions of the U.S.–China relationship, but the way some experts have characterized it suggests misunderstanding. Both sides justifiably think the other made promises, and both sides have broken some of these promises. They do not misunderstand each other; broken promises mean legitimate grievances. If the affirmation not to use national intelligence assets to steal intellectual property fails to be a signal success, then the consequences of this broken promise may be difficult if not impossible to amend. Probably more than any other issue, cyber has poisoned the well of U.S.–China relations as reports and leaks confirmed each side’s worst suspicions of the other’s activity in cyberspace.
Peter Mattis is a Fellow in the China Program at The Jamestown Foundation and author of Analyzing the Chinese Military: A Review Essay and Resource Guide on the People’s Liberation Army (2015).