Pages

3 August 2015

Cybersecurity: We Need a Chinese Snowden

By Alexander Bowe
July 31, 2015

Without Chinese revelations about Chinese hacking and espionage, a cyber-détente is unlikely. 
Two issues have dominated the discussion of American-Chinese relations in recent months: the escalating war of words in the South China Sea and cybersecurity. Recently, clandestine hacking conflicts between the United States and China have increased in prominence. A bombshell report by internet security firm Mandiant in February 2013 claimed that a secretive Chinese military unit based out of Shanghai was responsible for a series of hacks on United States-based corporations. Another report a couple of months later showed that China was by far the largest source of international hacking attacks, with 41 percent of the world total (of course, the United States was number two on that list, but more on that in a bit); furthermore, the number of attacks originating in China was found to have drastically increased since the first quarter of that year.

In the last few decades, it has been thought that China intentionally restricted its covert intelligence-gathering operations out of a desire to prevent diplomatic scandals from harming its burgeoning economic relationships; more recently, however, this consensus within the leadership appears to have dissolved, either as a result of a change in the balance of power among internal factions in the CCP leadership or because the leadership simply believes now that China is powerful enough to weather the diplomatic fallout from any such scandals. In any case, as evidenced by the devastating and brazen hack into Washington’s Office of Personnel Management this past June, if Beijing really is the culprit as is suspected, it clearly no longer cares about diplomatic fallout from flexing its cyber-muscles. Either way, actors within China have ramped up their cyber-attacks, both with new tactics like the so-called Great Cannon, an offensive cyberweapon that repurposes the traffic coming into Chinese companies’ servers for the use of DDoS attacks against foreign servers, and with good, old-fashioned hacking for the purpose of stealing information, as in the OPM incident.

Snowden Revelations

While the exact scope of state-sponsored hacks originating in China is unknown, the public knows a great deal more about recent American national security policy regarding electronic surveillance and intelligence gathering, thanks to the revelations of former National Security Agency analyst Edward Snowden in June 2013.

This information regarding the American government’s broad and invasive surveillance tactics – which turned out never to have been legal in the first place – shocked the international community, including Americans. Spying is a fundamental part of statecraft and always has been, even between countries that are friendly to each other; many countries routinely spy on each other but pretend otherwise, insisting that spying is by nature unethical and illegitimate while engaging in it themselves all the while. This kind of doubletalk often ends up creating awkward situations for those concerned. For example, the United Kingdom, which is currently investigating measures in tandem with many other countries to keep authoritarian regimes from spying on domestic dissidents and human rights activists, was recently found to be spying on Amnesty International’s communications. Similarly, the German government initially expressed outrage at revelations that the American government had bugged Angela Merkel’s phone, only to be embarrassed when it came to light that Germany had been helping the NSA spy on other European allies and businesses.

In short: everybody spies. Still, many felt that the United States had gone too far, particularly in regards to its domestic spying operations (especially since these invasive methods didn’t end up making anyone safer). In addition to the revelations regarding Section 215 of the Patriot Act, however, the Snowden files also detailed some of the American government’s international espionage initiatives. These targets included allies and rivals alike, with China no exception: Snowden told the South China Morning Post that the American government hadhacked into Chinese telecommunications companies and Beijing’s Tsinghua University. Beijing was publicly outraged by these violations of China’s sovereignty. Beijing has always viewed protection of sovereignty as one of its most important core interests – if not its most important core interest – so it has taken this issue very seriously. However, ever since the Snowden revelations came out, Beijing’s persistent approach on the issue of cyber-security has been to point its finger at Washington by drawing attention to the leaks rather than to honestly and realistically engage in discussions of its own practices.

In Denial

As described above, everybody hacks everybody else: “digital spying… is largely considered part of the global espionage game.” However, by refusing to acknowledge its own policy and practice, Beijing essentially creates a firewall (a Great Liarwall?) between itself and those seeking to initiate constructive dialogue concerning cyber-security. For example, the Communist Party has steadfastly denied that it engages in any censorship of the Chinese internet, even though it is commonly known even within China that the government regularly engages in this practice, with the phrase “climb the [Great Fire]wall” (pa qiang) – which means to take measures to evade online censorship – long ago having entered everyday use in Chinese. In spite of this demonstrable fact, Beijing’s stance regarding its internet censorship has remained the same: deny, deny, deny. Since discovering that repeated denials in the face of reality and international consensus can actually be remarkably effective in maintaining the status quo and preventing other parties from forcing discussions to progress – as with Russia’s insistence in spite of literal smoking gun evidence that there are not and never have been any officially sanctioned Russian troops or materiel active in illegally occupied eastern Ukraine – autocratic governments appear to have come to the conclusion that there is simply no reason to admit any wrongdoing if they don’t have to. Basically, if opposing parties are not going to take concrete steps to force Beijing or Moscow to let the dialogue move forward, why should they comply? The current state of things in both cases is what works best for the relevant regimes, so they view it as in their strategic interests to maintain the status quo of doing what they want and lying through their teeth that they’re doing otherwise, because they believe that there is nothing that anyone else can – or, more to the point, will – do about it.

The biggest problem in the case of China’s stance regarding its online practices is that, as far as Beijing is concerned, in the eyes of its public it unquestionably has the moral high ground. Since everyone knows roughly the full extent of Washington’s practices but Beijing can claim that it’s never been “confirmed” (i.e., admitted by China instead of simply being accused by others) that it has done anything wrong, it can and does continue to act as if it is the sole injured party. Whenever the American government brings up cyber issues, the Communist Party can simply say “One word: Snowden” and smugly walk out of the room. Communist officials often go out of their way to bring up the Snowden leaks, both at academic conferences and official political briefings, just to make sure that everyone still knows that the moral balance is firmly tilted in China’s favor and that this is not going to change anytime soon. Unfortunately, the only way for the United States and China to move forward in this matter is for the Chinese government to be forced to admit that it is morally on the same level as its American counterpart when it comes to espionage for the sake of national security (state-sponsored industrial espionage is a separate matter), Without that, an honest engagement can never occur.

The Chinese government in its various forms throughout its engagement with Westerners has long had a problem with viewing foreign counterparts as its equals. In the Opium Wars era, one of the line items in the Treaty of Nanjing, one of the infamous “unequal treaties” signed with the Western powers, was that British representatives would be guaranteed the right to treat with their Chinese counterparts “on perfectly equal footing” (page 20) rather than having to observe excessively and inappropriately obeisant formalities. Even today, there are some within China who are beginning to advocate an explicit shift in international norms from the idea of total qualitative equality under the law between sovereign nations toward one that views certain countries as more important based on their power, status, and responsibilities. This is alarmingly evident, for example, in then-Foreign Minister Yang Jiechi’s controversial 2010 statement that “China is a big country, other countries are small countries, and that’s just a fact,” implying not only that China should have a special status based on its relative power but that this should be right. Regarding its territorial disputes in the South China Sea, Beijing has deliberately not bothered to explain what basis in law its “Nine-Dashed Line” has, leaving other parties to infer that Beijing simply assumes that its relatively greater power means that its claims inherently carry more weight and don’t need to be supported by anything else. In light of this, it is clear that Beijing is fond of the idea of China’s being formally elevated above other parties in dialogues and disputes, which makes it virtually impossible to get Beijing to treat with others as equals when it doesn’t want to.

So, how can Beijing be made to treat with the United States as a moral equal on the issue of cyber-security? The answer is simple: We need a Chinese whistleblower like Snowden to expose the depths of Chinese cyber policy and practice. It would not be enough for Washington or another external actor to hack into Chinese servers and forcibly extract the damning evidence; such actions would simply result in Beijing doubling down on the matter and increased drumbeating about violations of China’s sovereignty. If anything, prospects for reconciliation would be harmed even more, condemning American attempts at engagement to indefinite purgatory. Therefore, the whistleblower must be someone from within the Chinese state apparatus who is directly connected to the relevant departments – either an employee like Snowden who personally executed surveillance and intrusions or someone involved in the more rarified policy aspects. This would in theory force Beijing to address its cyber practices by taking the matter of admitting that it engages in such practices out of its hands, which is precisely what happened to the American government after the Snowden leaks. Having been forced to accept the basic premise that it has gotten its hands dirty just like Washington, the next step is to accept that they are on the same moral level in the matter and thus that dialogue and concessions are possible without losing face. After all, as the saying goes, the first step in solving a problem is admitting that a problem exists; without making that initial concession, no further constructive steps can be taken.

Since Beijing is so fond of citing examples from the Cold War, a Cold War analogue is apropos here: During the Cold War, the most worrying strategic issue was the seemingly endless escalation of American and Soviet nuclear stockpiles. This unfettered arms production endangered both sides, but neither could stop without first securing the other’s promise to do the same. Before a reduction in strategic nuclear arms could be seriously discussed, both parties had to admit that the current practice was mutually harmful. Only then could they begin to take steps to rein in their out-of-control proliferation, helping to end the Cold War.

The same logic applies in the matter of mutual cyber-attacks: Before earnest efforts at reduction can be discussed, both parties must honestly accept that such reductions are necessary, and that requires mutual owning up to the extent of their own practices. A defector from within China’s state apparatus is the best way to force this to happen; without such leaks, a cyber-détente will probably never be possible.

Of course, even if a Chinese Snowden were to appear, there is no guarantee that Beijing would respond favorably, but it appears to be our only hope nonetheless.

Alexander Bowe is a doctoral candidate in international relations at Tsinghua University.

No comments:

Post a Comment