Spy Vs. Spy: When is Cyberhacking Crossing the Line?

A ChinaFile Conversation

Vincent Ni: For a long time, Huawei has been accused by some American politicians of “spying on Americans for the Chinese government,” but their evidence has always been sketchy. They played on fear and possibility. I don’t agree or disagree with them, but when Chinese commentators accuse U.S. companies of doing the same thing, Americans’ usual response is “where is the evidence?”

I’m not surprised by the New York Times report. After all, spying and fetching data are in the job descriptions of governmental organizations such as the National Security Agency—be they in China or the United States. They will not stop their operations because of revelations about the nature of their work, but they might instead make efforts to further beef up their capacity to be more technologically sophisticated in order not to expose themselves so easily. (Think: Edward Snowden was just a contractor!).

The key question—as raised from the very beginning of the Snowden revelations—is how the N.S.A. can use the data they obtain more carefully for genuine protection of citizens? I don’t think there is an answer to this. In Britain, for example, the line between liberty and government interference has been debated for hundreds of years. We will still be discussing this until the next “big shock” emerges.

From a journalist’s point of view however, no matter what the U.S. government is doing behind the curtains, there is always an opportunity for us to report and comment, as long as the evidence is sound. From Watergate to the Snowden affair, this is not the first time the U.S. government finds itself embarrassed. But after these scandals, they always seem to be able to move on, allow greater transparency and fiercer debates. This is perhaps what we in China should learn.


Let's recall what's in the last year, especially since the release of the Mandiant report in February 2013. China was under vehement attack by the United States as the worst cyber hacker in the world. But what Edward Snowden's leaks have reveled since last June show it is the other way around. The U.S. has been conducting by far the largest cyber espionage, and not just against China, but also against nations and individual people in this world, including its own allies and world leaders. And what has been made public so far, according to Alan Rusbridger, editor of The Guardian, accounts for only one percent of the 58,000 files from Snowden. This means the scale of U.S. cyber espionage is way beyond everybody's imagination, if we are already surprised day by day and week by week by the continuous revelation from Snowden.

The hacking into Huawei, and Chinese banks and government leaders, only reveals a little bit more of the N.S.A. hacking, but I am sure it's still a tip of the iceberg of the U.S. hacking into China, whether against Chinese government, businesses or ordinary people.

Looking at this, it's so hypocrtical for the U.S. to have pretended to be innocent before the Snowden revelation. And it's not convincing for some in the U.S. to shamefully defend it for national security reasons and still try to claim the moral high ground.

The U.S. has been trying to divert attention by arguing that China's hacking is into the U.S. business secrets and the U.S. does not do that. But the Huawei case shows that the U.S. can hardly prove this.

It is true that the U.S. may not have as many commercial secrets it wants from China, a developing country, as China wants from the U.S. But that does not mean the U.S. is not spying on Chinese companies, given the huge technology edge N.S.A. has over China and any other nations in the world.

Just remember, all the international calls in the U.S. are being monitored.

To me, the U.S. has been basically arguing that I can peek at your bedroom, bathroom, and kitchen as often as I want, but you cannot peek at my garage. That is ridiculous.

Yes. There should be rules for the cyber world, regarding what should and should not be done. But the U.S. is in no position to call itself a saint. Far from it.

The U.S. government should take the lead to show restraint in the cyber world. And what Obama said on January 17 is clearly not enough in that regard.

The China-U.S. dialogue on cyberhacking has muddled three different issues.

The first is the question of whether it is legitimate for countries to use the Internet to spy on one another for national security purposes. Snowden revealed that the U.S. does this, but we should not be surprised. International law does not ban espionage, and it will never be able to do so. Except when allies make deals to refrain from spying on one another (deals that apparently are often broken), governments simply have to protect their state secrets with better Internet security.

The second issue is whether it is legitimate to penetrate another country’s cyber networks to conduct warfare. I doubt that the use of hacking to take down the cybernetworks of an enemy’s military can ever be outlawed. It remains the obligation of all advanced militaries to figure out how to use the Internet to weaken other militaries and how to defend their own networks against such attacks. But the international community should update the laws of war (“international humanitarian law”) to ban this kind of hacking when it is used to harm civilian populations—for example, by shutting down electricity, water, or banking networks.

The third kind of international cyberhacking involves what is called “industrial espionage,” that is, the stealing of technology and trade secrets. Naturally this is done more by countries that need the technology than by those that have it, so it has become an issue where the U.S. is complaining about the behavior of China (see Chinese Industrial Espionage: Technology Acquisition and Military Modernization, by William C. Hannas, James Mulvenon, and Anna B. Puglisi, Routledge, 2013). It would help ameliorate this problem if the international community could agree to update the body of international law that protects intellectual property (copyrights, trademarks, patents, and the like) to make such espionage via the Internet illegal. Of course, this would not put an end to the temptation to steal economically valuable secrets. The only real solution is for companies and countries that possess valuable intellectual property to do a better job of protecting their computer networks.

Thanks for publishing the good pieces by Chen and Ni. It is difficult to disagree with them. The U.S. hypocrisy in the cyberhacking story brings back the days of one-sided American attacks on China in the '50s and '60s, where the theme was "Do as I say, not as I do." See, e.g., my speech before the American Society of International Law in April 1967 (Proceedings). Of course, China and the U.S. should undertake serious negotiations with other major players to limit cyberhacking. Perhaps Snowden's revelations have made this possible. "Shí shì qiú shì!" (实事求是) Seek truth from facts!