Obama and Xi: Who’s the Cyberspy Now?

The startling revelations that the NSA has been collecting Americans’ phone data and tapping into U.S. Internet servers is overshadowing President Obama’s first major summit with Chinese President Xi Jinping and undermining Obama’s number one goal for the meeting: to press China on its cybersnooping on Americans.

For more than a decade, China has been the source of the greatest number of, and most damaging, cyberattacks on U.S. government and corporate interests. Some senior U.S. military officials have called China’s efforts an all-out assault to attack “anything and everything” in the U.S. cyber-infrastructure with the goal of stealing intellectual property, spying on U.S. national defense plans, and preparing for a future conflict that may or may not ever come.

Earlier this week in Singapore, just days before this weekend’s summit between Obama and Xi at California’s Sunnylands resort, Defense Secretary Chuck Hagel linked the Chinese Communist Party government and the People’s Liberation Army to the attacks directly for the first time.

“We are clear-eyed about the challenges in cyber. The United States has expressed our concerns about the growing threat of cyber-intrusions, some of which appear to be tied to the Chinese government and military,” Hagel said, touting a coming U.S.-China cyber working group. “We are determined to work more vigorously with China and other partners to establish international norms of responsible behavior in cyberspace.”

The Sunnylands summit was supposed to be Obama’s first big chance to put that vigorous plan into action. The whole idea of the summit was to provide the leaders of the world’s two largest economies time to get to know each other, leave the structured talking points behind, and forge a bond based on frank and unscripted discussions about tough issues.

But experts and lawmakers now say that Obama will have a hard time pressing Xi on Chinese cybersnooping while the entire world is reeling from the revelations that Obama himself has been overseeing a policy for years that allows the NSA to collect data on every American’s phone and Internet activity—all without the public’s knowledge.

“Obama has to walk a very fine line to tell the Chinese to stop doing things that are clearly illegal but at the same time justify to the American public these extraordinarily sweeping programs in what seems like a really unprecedented campaign to record everything,” said Michael Auslin, an Asia scholar at the American Enterprise Institute, a conservative think tank.

What the Chinese and American governments are doing is not equivalent, said Auslin. He said China is stealing secrets and intellectual property totally outside international laws and norms while the U.S. government’s purpose is ostensibly to prevent terrorism under what it describes as an extensive although opaque system of legal justifications and internal checks and balances.

But the Chinese could very well use the news to avoid any criticism of their cyber-mischief and turn the tables on Obama. They are likely to argue that Obama doesn’t have any hard evidence that the Chinese government is behind all of the cyberattacks emanating from China and that American agencies and businesses are not doing what they need to do to protect their own online property.

“If I were the Chinese I would say, ‘As far as we can tell you have made the entire digital domain an open space. And now you’re coming down on us? Not to mention your government takes an extremely liberal view about what information is protected,’” said Auslin.  “My biggest fear is that Xi will walk out of this saying to himself, ‘I really have nothing to worry about.’”

Denis Blair, Obama’s first director of national intelligence and the co-chair of the Commission on the Theft of American Intellectual Property, said recently that the Chinese probably would use Obama’s aggressive surveillance programs as a “debating point” when Obama presses Xi on Chinese cyber-espionage. But Blair defended the administration’s activities.

"If China has a FISA court and a truly independent judicial body that decides on whether internal communications can be read by the government that would be terrific,” he said. “Of course there's no chance of that and that's the difference between them and us."  

One problem is that the White House hasn’t outlined any specific measures it might take to pressure the Chinese government to act more responsibly in cyberspace and no specific deliverables on the issue are expected at this weekend’s summit. A senior administration official said that the goal was just to communicate American concerns and then keep the conversation going from there.

 “We certainly, as a part of our interest in protecting U.S. businesses, will raise with the Chinese any concerns we have about intrusions that we believe emanate from China,” the official said. “So I think we will raise it in that context and make clear that we need to have an open and candid and ongoing bilateral dialogue on this issue.”

That’s not going to be enough for U.S. lawmakers, including senior Democrats, who have been asking Obama in recent days to make sure Xi knows there will be consequences if China doesn’t clean up its act. Senate Armed Services Committee Chairman Carl Levin (D-MI) wrote to Obama last week to urge him to tell Xi there will be “real costs on China” if it continues to steal U.S. intellectual property.

Levin, John McCain (R-AZ), Jay Rockefeller (D-WV), and Tom Coburn (R-OK) have a bill called the Defense Cyber Threat Act that would compel the president to block imports of goods that use stolen American technology or intellectual property.

“I thought you could refer to this bill in your meeting with President Xi as an example that the U.S. will indeed impose real costs on China should they continue to steal our intellectual property," Levin wrote to Obama.  

That letter came only one day after a Washington Post report revealed that the Pentagon’s Defense Science Board had concluded that Chinese hackers had stolen the designs for over two dozen critical weapons systems.

The Pentagon’s annual report on the Chinese military has repeatedly acknowledged that the People’s Liberation Army has worked with Chinese industry and academia to train vast cybermilitias that could be activated during a crisis to increase China’s ability to wage cyber and electronic warfare. The report also states that Chinese military hacking is going on every day.

“China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs,” the 2013 version (PDF) of the report stated. “The information targeted could potentially be used to benefit China’s defense industry, high technology industries, policymaker interest in U.S. leadership thinking on key China issues, and military planners building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”

Rep. Randy Forbes (R-VA), the co-founder of the Congressional China Caucus, said this week that the U.S. doesn’t even have a comprehensive set of policies to deal with the cyberthreat coming from China and other places.

“It’s a major concern to us, because we don’t know when we have an attack, what kind of responses we can make to it. We have a bunch of legal questions that we are going to have to wrap our heads around,” he said.

Even after the summit is over, the effect of this week’s revelations regarding the NSA’s activities will have a long-term effect on how U.S. citizens and businesses view their vulnerabilities in cyberspace. Before, they were worried about snooping from China, now they have to worry about their own government as well.

“If you are an American citizen or an American business, you are getting it from both sides,” said Auslin. “Basically every single way you communicate, you probably feel utterly helpless. If it’s not someone who’s antagonistic to you it’s your own government. How do you protect yourself from that?”

Daniel Klaidman contributed to this report.