Thirty years ago, Beijing placed restrictions on its overseas intelligence gathering to prevent political blowback from exposed operations from jeopardizing Deng Xiaoping’s Reform and Opening Policy. Today, such political considerations no longer appear to influence Chinese policymakers and intelligence policy. China’s widespread theft of information in cyberspace probably has done more to poison the well of U.S.-China relations than almost anything else. The possibility of any meaningful fallout from such operations seems remote from the concerns of Chinese leaders, even as Washington considers more aggressive responses to cyber intrusions.
This shift is remarkable for two reasons related to both China and outsiders watching it. First, while Beijing may speak the language of cooperation, its more aggressive pursuit of intelligence speaks to greater Chinese expectations of competition—expectations that go back at least five years. Second, that this has gone unremarked highlights how little outsiders evaluate Chinese cyber activities in the context of the country’s intelligence and security apparatus. Though a forensic accounting of intrusions is useful for policy and security, deriving meaning about Chinese intentions requires this context and answering questions about what cyber gets China that other sources do not.
The idea of a communist system restricting intelligence operations sounds almost absurd on its face; however, 1985 was a big year for China and Chinese intelligence. That year, a mid-level but politically-connected Chinese intelligence official defected to the United States, prompting a chain of events that led to the dismissal of the Minister of State Security Ling Yun, China’s civilian intelligence chief. The defection lent credence to the Ministry of Foreign Affairs (MFA) argument to Deng Xiaoping that intelligence operations from official missions overseas should be restricted on the grounds that exposure could jeopardize Deng’s efforts to forge links abroad to modernize the Chinese economy. The defection, according to the diplomats, presaged exposure of Chinese intelligence operations abroad, and restricting the kinds of operations and the number of intelligence officers in embassies would be beneficial. Deng, who had suffered at the hands of the previous intelligence services, took the side of the Ministry of Foreign Affairs and placed onerous restrictions on the intelligence officers in embassies—if they were allowed to stay at all.
If Chinese espionage cases can be taken as any indicator, the 1985 restrictions remained in place for years and only recently may have been lifted. From 1985 through 2010, the number of instances where Chinese intelligence officers working out of official missions were exposed running clandestine human intelligence operations was almost zero. For example, in 1988, U.S. counterintelligence drew out Chinese military intelligence officers in the United States with the promise of access to cryptographic secrets and ultimately expelled them. This, however, hardly counts as the lure was too valuable an opportunity to miss. It was not until 2010, when Swedish authorities arrested a Uighur who was working for Chinese intelligence that the world saw a Chinese espionage case handled by officers working out of an embassy rather than from within China. Presumably, Beijing lifted the restrictions some months or even years before the Swedes discovered the operation.
Beijing’s efforts to collect intelligence through cyberspace have demonstrated considerably less caution over the years. Long before cybersecurity became the topic du jour, U.S. officials suspected China for a number of intrusions into unclassified government systems. The publicity surrounding intrusions into the Tibetan government-in-exile, foreign ministries, and Google with obscure names like as GhostNet, Shady Rat, and Operation Aurora raised the profile of Beijing’s intelligence collection. And these were not the results of government investigations or proactive intelligence operations that would be illegal in the private sector to identify the perpetrators. China’s government hackers may have had some successes; however, they were not recognized as the best in the business. Even if individual groups were technically sophisticated, the totality of Chinese cyber actors suspected to be in government employ were uncoordinated and duplicative, noisy, and uneven.
Some of this might be explained by the difficulty of attribution in cyberspace, and, for years, analysts and security specialists opined about the challenge of identifying the perpetrators of network intrusions. In the months leading up to the indictment of five Chinese military officers for economic espionage in 2014, industry reports pinpointing China as the source of the latest intrusions into U.S. and international networks suggested attribution was becoming easier if still imperfect. And with cybersecurity rising in importance as an international policy issue, it was only a matter of time before governments and their intelligence services moved beyond forensic analysis.
Publicly-available information offers no clear reason why China’s risk calculus on intelligence operations has changed; however, several possible considerations, likely in combination, are leading Beijing toward more aggressive intelligence operations.
Imperative of Intelligence Collection: China’s international interests abroad have expanded dramatically, and, with the increasingly competitive nature of U.S.-China relations and tensions in the East and South China Seas, national security probably has become more important. With the PLA’s capabilities still not sufficient for many missions outside China’s periphery, intelligence can provide the advance warning and time for Beijing’s more slowly-moving diplomatic tools to work. The more Chinese interests expand beyond Beijing’s ability to protect them, the greater the imperative for a far-reaching and active intelligence effort.
Change in Bureaucratic Balance of Power: The Ministry of Foreign Affairs may no longer have the standing to make such an argument and win in the face of opposition from the Minister of State Security (MSS) and its military counterparts. According to one former Chinese diplomat, the MSS had little voice in foreign policymaking during the 1980s—and the MSS did not sit on China’s leading foreign policy body, the Central Foreign Affairs Leading Small Group until the mid-1990s—but more current analysis suggests the MSS became more influential. China’s foreign policy making process also has become more pluralized, watering down the MFA’s influence.
Earlier Risk Overstated Lowering Current Concern: Beijing has not faced any political and few economic consequences for its intelligence activities abroad, including exposed operations in cyberspace. In 1985, the MFA may simply have overstated the risks Chinese intelligence operations posed to the country’s relationships to the outside world. Diplomats often play the role of nay-sayers. Beijing knew other countries had uncovered the operations of its intelligence services and its open source collectors who vacuumed up foreign scientific materials, sometimes crossing the line into national security information. As time passed, this knowledge would have suggested that the risks MFA had outlined were no longer (or never were) as serious as Chinese leaders had imagined.
Lower Perceived Vulnerability: This is closely related to the previous thought. Chinese leaders may not think China and its peaceful development project face significant international consequences for its intelligence operations abroad. China may be heavily reliant on trade and external sources of investment and technology; however, it also is a leading trading partner of most major economies. Those in other countries fear that any move against Beijing could generate corresponding Chinese moves and lead to a trade war. This situation now encourages a caution in dealing with Beijing that simply was not the case in the 1980s.
China may have one of the longest traditions in intelligence, but invoking this tradition as a quasi-mystical explanation for how Beijing manages intelligence does not provide insight into Chinese intelligence today. The Chinese intelligence apparatus as it is configured today only dates to 1983, and, up through the 1970s, the services were heavily dependent on their leadership’s personalities and politics. The policymaking apparatus it supports has been evolving during that time as Chinese politics became more institutionalized.
As noted elsewhere, the behavior of intelligence services can be seen as a leading edge of a country’s foreign policy. Chinese-language sources define intelligence in much the same way as their Western counterparts: information collected, processed, and distributed to inform decision making. Whether politicized or objective, the intelligence collected by China’s spies provides clues that can serve as an indicator of where Beijing’s policy is heading.
The evolution of Chinese intelligence policy from risk aversion to risk acceptance marks a significant turn, even if we cannot pinpoint exactly when a decision was made in the 2000s. It underscores the shift from Deng Xiaoping’s strategy of “bide and hide” to “proactively doing something.” While we have few ways to gauge intent based on the aggressiveness of intelligence operations in cyberspace, the methods used in traditional espionage could be a better sign to watch. Against Taiwan, Beijing holds nothing back. Taiwanese, when traveling to the mainland, can be arrested, threatened, kidnapped, blackmailed, cajoled, paid, or otherwise induced to spy. Such aggressiveness has been rare against foreign targets (but not unheard of), and watching both the use of methods and the scope of targets that receive a recruitment pitch will be the best gauge of the Chinese intelligence services’ and Beijing’s appetite for risk.