Cybersecurity and espionage promise to be among the highest priority topics in the conversations that will be held during Xi Jinping's upcoming state visit, particularly in the light of escalating measures that the United States government has taken against China. Last year, the Department of Justice indicted five PLA officers allegedly affiliated with a Shanghai-based unit that, according to claims of the Internet security firm Mandiant, had engaged in systematic exfiltration of industrial knowledge for years. Now, in the wake of revelations that – again allegedly Chinese – hackers have purloined highly sensitive data on every individual who applied for U.S. government security clearance in recent years, the Obama administration has announced sanctions against Chinese companies and individuals who have benefited from economic espionage and intellectual property theft, or have engaged in destructive cyber-attacks.
It is clear how this posturing is intended to play in domestic U.S. politics, as the upcoming presidential primary season will likely see continued criticism of Chinese politics – if it were up to Republican candidate Donald Trump, Xi Jinping would be served a McDonalds hamburger instead of the more traditional state dinner. It is, however, less clear what the intended goals of these policies are, and whether or not this approach will be effective.
The overarching problem is the difficulty to adequately define the harm that these policies are trying to avert. While it is understandable that corporations are, perhaps rightly, peeved at continuous efforts to access their sensitive information, few convincing examples of exactly how such information is used to their detriment have come forward so far. There are some good reasons for this. First, much intellectual property held by corporations is public to some degree: patent applications, for instance, require a full description of the protected inventions. Second, absorbing such information is difficult: imagine how hard it would be for a novice cook to recreate a three Michelin star recipe based only on the succinct notes of the highly experienced chef. And even if said cook would be able to recreate that particular recipe after much trial and error, s/he would still not be able to display the expertise and experience to create a menu full of dishes of the same quality. In that sense, the theft of technological information might be a blessing in disguise: there are good reasons to believe that a focus on absorption as a mode of innovation is holding back the development of managerial structures and soft skills within Chinese businesses that are necessary to transform them into true global leaders and serious competitors of established multinationals. Civil aviation is only one example. Despite the fact that China has had access to first-rate technology from all over the world, its first airliner, the ARJ-21, is now eight years late and has yet to carry its first fee-paying passenger. Third, even if harm could be clearly demonstrated, there already are ample legal means to counter such activities, primarily in intellectual property law, but also through criminal procedure. What would sanctions further bring to the table in terms of deterrent?
A second challenge is that these sanctions seem to start from the assumption that there are clear and universal norms of state behavior in cyberspace that China breaches – which there are not. Instead, they further muddle the already hard-to-define difference between commercial espionage (which the U.S. denies engaging in) and more traditional intergovernmental forms of intelligence-gathering. It is, of course, both right and politically expedient for governments to defend the interests of “their” companies against wrongdoing by other governments. Nor should China be exculpated from what is a growing body of evidence against it. Yet in the absence of demonstrable serious harm, it is urgently necessary to find common priorities and challenges in the cyberspace realm. China and the United States face common issues in countering cybercrime, ranging from financial fraud to child pornography. The reform of the governing structure of ICANN, the Internet's addressing authority, is only one aspect of technical and governance changes that will be necessary to ensure the Internet's continued development. Yet for the foreseeable future, competition – not cooperation – will remain the norm.
More than anything else, this is an issue of political prestige. Leadership in information technology has, like nuclear technology in an earlier age, become the hallmark of a primordial global power. Ideologically, the Chinese Communist Party seeks to portray technological development as a vindication of its political project as much as the American side wants to believe that its technological prowess is the result of its exceptional commitment to liberty and creativity. Both also want to define the norms for the continued development of the global Internet – with almost diametrically opposed propositions. And perhaps most importantly, both countries see each other as the most important threat to future welfare and security, making it politically profitable to engage in chest-thumping at home and obstinacy abroad. The ironic fact is, however, that both countries remain mutually dependent on each other economically. In other words, they will need to find a way towards a more nuanced approach, recognising that 21st century statecraft always comes with its hypocrisies and frictions, and that prioritization of concerns is therefore necessary. The alternative is that cyber questions will remain a prominent irritant in the relationship.