The New Normal: China's Risky Intelligence Operations

"Chinese leaders may not think China and its peaceful development project face significant international consequences for its intelligence operations abroad."

Thirty years ago, Beijing placed restrictions on its overseas intelligence gathering to prevent political blowback from exposed operations from jeopardizing Deng Xiaoping’s Reform and Opening Policy. Today, such political considerations no longer appear to influence Chinese policymakers and intelligence policy. China’s widespread theft of information in cyberspace probably has done more to poison the well of U.S.-China relations than almost anything else. The possibility of any meaningful fallout from such operations seems remote from the concerns of Chinese leaders, even as Washington considers more aggressive responses to cyber intrusions.

This shift is remarkable for two reasons related to both China and outsiders watching it. First, while Beijing may speak the language of cooperation, its more aggressive pursuit of intelligence speaks to greater Chinese expectations of competition—expectations that go back at least five years. Second, that this has gone unremarked highlights how little outsiders evaluate Chinese cyber activities in the context of the country’s intelligence and security apparatus. Though a forensic accounting of intrusions is useful for policy and security, deriving meaning about Chinese intentions requires this context and answering questions about what cyber gets China that other sources do not.

The idea of a communist system restricting intelligence operations sounds almost absurd on its face; however, 1985 was a big year for China and Chinese intelligence. That year, a mid-level but politically-connected Chinese intelligence official defected to the United States, prompting a chain of events that led to the dismissal of the Minister of State Security Ling Yun, China’s civilian intelligence chief. The defection lent credence to the Ministry of Foreign Affairs (MFA) argument to Deng Xiaoping that intelligence operations from official missions overseas should be restricted on the grounds that exposure could jeopardize Deng’s efforts to forge links abroad to modernize the Chinese economy. The defection, according to the diplomats, presaged exposure of Chinese intelligence operations abroad, and restricting the kinds of operations and the number of intelligence officers in embassies would be beneficial. Deng, who had suffered at the hands of the previous intelligence services, took the side of the Ministry of Foreign Affairs and placed onerous restrictions on the intelligence officers in embassies—if they were allowed to stay at all.

If Chinese espionage cases can be taken as any indicator, the 1985 restrictions remained in place for years and only recently may have been lifted. From 1985 through 2010, the number of instances where Chinese intelligence officers working out of official missions were exposed running clandestine human intelligence operations was almost zero. For example, in 1988, U.S. counterintelligence drew out Chinese military intelligence officers in the United States with the promise of access to cryptographic secrets and ultimately expelled them. This, however, hardly counts as the lure was too valuable an opportunity to miss. It was not until 2010, when Swedish authorities arrested a Uighur who was working for Chinese intelligence that the world saw a Chinese espionage case handled by officers working out of an embassy rather than from within China. Presumably, Beijing lifted the restrictions some months or even years before the Swedes discovered the operation.

Beijing’s efforts to collect intelligence through cyberspace have demonstrated considerably less caution over the years. Long before cybersecurity became the topic du jour, U.S. officials suspected China for a number of intrusions into unclassified government systems. The publicity surrounding intrusions into the Tibetan government-in-exile, foreign ministries, and Google with obscure names like as GhostNet, Shady Rat, and Operation Aurora raised the profile of Beijing’s intelligence collection. And these were not the results of government investigations or proactive intelligence operations that would be illegal in the private sector to identify the perpetrators. China’s government hackers may have had some successes; however, they were not recognized as the best in the business. Even if individual groups were technically sophisticated, the totality of Chinese cyber actors suspected to be in government employ were uncoordinated and duplicative, noisy, and uneven.