China Might Negotiate Cybersecurity

The West shouldn't have completely ignored a Sino-Russian bid to set international rules for cybersecurity.

Instead of responding to its offer to limit cyberattacks, the Obama Administration has chosen to berate China.

The BBC reports that in a recent television interview, President Obama “upbraids” China, telling George Stephanopoulos that the United States will have “some pretty tough talk” with the Chinese over their failure to abide by international norms in cyberspace. Washington has strong reasons to protest China’s widespread industrial espionage and penetration of our civilian and military networks, including even those that govern U.S. infrastructure.

But calling on China—in March 2013—to help formulate and enforce new rules of international conduct in cyberspace, without even acknowledging that China provided a detailed and surprisingly reasonable proposal for exactly that in 2011, is astonishing. It seems that the White House and the peripatetic new secretary of state—who seems out to collect even more frequent-flier miles than Secretary Clinton—are left without time to work out a China policy and did not even do their homework. Or the White House is playing to the home galleries rather than paying mind to China’s sensibilities and, in this case, ignoring the valid contributions China has made to the much-needed international dialogue on cybersecurity.

This week the Obama Administration heated up its rhetoric against China over the issue of cyberattacks, stating that American corporations are increasingly voicing, “serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale.” National Security Advisor Tom Donilon called for military-to-military dialogue and stronger economic ties with China, but noted that both were undermined by mistrust in the realm of cybersecurity. He called on China to recognize “the urgency and scope of this problem and the risk it poses”; take “steps to investigate and put a stop to these activities”; and “engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace.”

Donilon made no mention of the “International Code of Conduct for Information Security,” a draft resolution introduced by China, Russia, Tajikistan and Uzbekistan to the UN General Assembly in September 2011. The following excerpts illustrate that if one did not know which nations submitted this proposal, one could easily assume that 95 percent of the draft code was composed by Western nations led by the United States. The preamble “[recognizes] the need to prevent the potential use of information and communication technologies (ICTs) for purposes that are inconsistent with the objectives of maintaining international stability and security, and may adversely affect the integrity of the infrastructure within States, to the detriment of their security.” It suggests the following code.

Each State voluntarily subscribing to this Code pledges:

To comply with the UN Charter and universally recognized norms governing international relations, which enshrine, inter alia, respect for the sovereignty, territorial integrity and political independence of all states, respect for human rights and fundamental freedoms, as well as respect for diversity of history, culture and social systems of all countries.” [emphasis added]

Not to use ICTs including networks to carry out hostile activities or acts of aggression and pose threats to international peace and security […]

To cooperate in combating criminal and terrorist activities which use ICTs including networks, and curbing dissemination of information which incites terrorism, secessionism, extremism or undermines other countries' political, economic and social stability, as well as their spiritual and cultural environment […]

To fully respect the rights and freedom in information space, including rights and freedom of searching for, acquiring and disseminating information on the premise of complying with relevant national laws and regulations […]

To settle any dispute resulting from the application of this Code through peaceful means and refrain from the threat or use of force.

(You can read the full text here.)

The proposal was largely dismissed by Washington and its Western allies as an attempt by authoritarian governments to legitimize restricting the flow of information online in order to stamp out dissent and bolster their regimes. Jason Healy of the Atlantic Council wrote that “[t]he overall sense from the US government seems to be that this covers old ground in an attempt to score points and regain the initiative for a more repressive Internet.” Michael Posner, assistant secretary at the U.S. State Department’s Bureau of Democracy, Human Rights and Labor, stated that the Code “would shift cyberspace away from being a multi-stakeholder, people-driven model – to a system dominated by centralized government control. Not a good idea. An online world where more and more countries begin policing content for ideological correctness…would extinguish the promise of technology to drive global understanding and the free exchange of information, ideas, and innovation.”

Pages