US-China cybersecurity talks should focus more on trade secret theft than espionage

Earlier this week, Chinese and US leaders concluded their annual US-China Security and Economic Dialogue in Washington, DC.

In addition to currency issues, climate change and territorial disputes in the South China Sea, the talks prominently featured cybersecurity. The growing focus in this area is understandable considering the recently disclosed massive hack into the US Office of Personnel Management (OPM).

This year-long breach exposed the personal data of tens of millions of federal employees, including their social security numbers. The intrusion also revealed sensitive information on security clearances and background checks. Although the Obama administration has yet to publicly identify the culprits, those familiar with the breach claimed the involvement of government-sponsored Chinese hackers.

Such allegations have drawn public and policy attention to China’s espionage activities. Spying, however, is generally considered fair game – even by American officials. Thus, if future US-China cybersecurity talks are to be productive, greater attention should be devoted to a different type of hacking – the online theft of trade secrets and proprietary data.

Growing concerns of industrial espionage

Cyberattacks and industrial espionage from China have been a growing concern among US businesses. Last month, six Chinese nationals, including two professors, were indicted for industrial espionage involving radio frequency filter technology. The year before, a former DuPont employee was convicted of selling his employer’s trade secrets to a Chinese company.

Conventional wisdom suggests a bright line between government and industrial espionage. As President Barack Obama reportedly told Chinese President Xi Jinping, the United States did not “steal from China Telecom to help AT&T.”

Few countries, however, follow this approach – a point former Defense Secretary Robert Gates readily concedes. France provides one of the more notorious examples. Leaked US diplomatic cables indicate that the country has “conduct[ed] the most industrial espionage on other European countries, even ahead of China and Russia.”
Government versus industrial espionage

Even within the US administration, the line between government and industrial espionage has been murky at best. A top secret document obtained by Edward Snowden, for instance, shows that “an American law firm was monitored while representing a foreign government in trade disputes with the United States.”

Since the launch of the Trans-Pacific Partnership negotiations, the administration has also repeatedly invoked national security to justify the nondisclosure of negotiating texts. If trade is routinely considered a matter of national security, potentially justifying state-sponsored espionage, determining when spying is allowed is virtually impossible.

Moreover, the OPM hack could not have been prevented even if industrial espionage had been outlawed. As widely reported, the breach did not involve the theft of trade secrets or other confidential business information. Instead, the hackers seized personal information that many security experts, including former CIA and NSA Director Michael Hayden, consider a “legitimate foreign intelligence target.”