Cyber‐Espionage (Not Necessarily Implicating U.S. Agencies) Returns to the Headlines
The Washington Post reported this morning that the U.S. government is “charging members of the Chinese military with conducting economic cyber-espionage against American companies.” According to the story, Attorney General Eric Holder will “announce a criminal indictment in a national security case,” naming members of the People’s Liberation Army.
If you will recall, cyber-security, cyber-espionage, and cyber-theft of trade secrets and other intellectual property belonging to American businesses started becoming prominent sources of friction in the U.S.-China relationship about 18 months ago before suddenly dropping off the front pages 11 months ago to make way for revelations of domestic spying by the U.S. National Security Agency. Somehow, the notion that Chinese government-sponsored cyber-theft broached a red line lost some of its luster after Americans learned what Edward Snowden had to share about their own government.
But today the issue of Chinese cyber-transgression is back on the front pages. Never before – according to the Washington Post – has the U.S. government leveled such criminal charges against a foreign government. The U.S. rhetoric has been heated and, just this afternoon, the Chinese government responded by characterizing the claims as “ungrounded,” “absurd,” “a pure fabrication,” and “hypocritical.”
While the U.S. allegations may be true, given well-publicized U.S. cyber-intrusions, it isn’t too difficult to agree with the “hypocritical” characterization either. Perhaps that’s why the U.S. government is attempting to distinguish between cyber-espionage, which is conducted by states to discern the intentions of other governments – and is, from the U.S. perspective, fair play – from “economic” cyber-espionage, which is perpetrated by states or other actors against private businesses and is, from the U.S. perspective, completely unacceptable. It’s not too difficult to understand why the United States has adopted that bifurcated position. The Washington Post quotes a U.S. government estimate of annual losses due to economic cyber espionage at $24-$120 billion.
That is an enormous amount of loss. But the figure is impossible to verify since just about all the information from which it derives is classified. Even if it were verifiable, who is to blame for such loss? The Chinese government may be complicit and, if so, should be asked to make amends. Chinese companies or individuals may be guilty and, if so, should be prosecuted for violating specific laws. But let’s not let the victims off the hook so easily. Under the doctrine of “fool me once shame on you, fool me twice shame on me,” how is it possible for profit-maximizing U.S. companies to be so reckless and cavalier about protecting their assets, especially when these alleged losses accrued over a period of time? Theft – including intellectual property theft – is a fact of life, and it is the responsibility of property owners to do their parts to reduce the incidence of theft. If that means incurring greater private costs to make illegal downloading or duplication more difficult, so be it. If it means investing in extra cybersecurity measures to protect trade secrets, do it. If it means taking executive communications off the main server and onto a dedicated, impenetrable network without access to the internet, c'est la vie.
The primary beneficiaries of intellectual property are its owners. Companies owning patents, copyrights, and trade secrets – not the taxpaying public – benefit financially from the use of that intellectual property. Why, then, should the taxpaying public – instead of the direct beneficiaries of intellectual property – be called upon to flip the bill when it comes to enforcing intellectual property rights? Perhaps, you may think, I’m getting ahead of myself. How has the taxpaying public been asked to flip the bill, you wonder?
Well, before these bilateral cyber-tensions were defused temporarily by the NSA revelations, it looked like cyber-espionage would become the single most important issue in the U.S.-China trade and economic relationship for the foreseeable future. U.S. congressional committees and executive agencies were effectively blacklisting Chinese telecom companies, and legislation was passed into law forbidding U.S. agencies from purchasing Chinese information technology systems.
Those actions might have merited a Chinese challenge at the World Trade Organization on the grounds that the United States was violating its market access commitments. However, WTO members are permitted under Article XXI of the General Agreement on Tariffs and Trade to act in accordance with their own national security interests, even if that means suspending tariffs and other market access concessions. To demonstrate that banning Chinese IT products was a matter of national security – which the United States might be compelled to do if there were a WTO case – the United States might want to point to other efforts it has made to dissuade Chinese actions that threaten U.S. national security. So that brings us to the criminal case brought today by the Justice Department.
It’s tough to imagine that lodging today’s complaint will do much more than build a case record that the United States is taking measured steps to address a perceived problem, which would ultimately make the case for banning Chinese imports of telecom products more defensible from a WTO perspective. That’s where the cost of enforcement is socialized. In this atmosphere of distrust, where allegations based on classified or other unverifiable information have to suffice for the closest thing to the truth, only blanket solutions that curtail Americans’ economic freedoms, such as trade and investment restrictions, can prevail. That outcome subsidizes IP holders and benefits U.S. companies that will fare better in the absence of Chinese competition.
We need to find a more reasonable solution than this. It should start with our insistence that companies do a better job of protecting their own interests.
