US-China cybersecurity talks should focus more on trade secret theft than espionage

Earlier this week, Chinese and US leaders concluded their annual US-China Security and Economic Dialogue in Washington, DC.

In addition to currency issues, climate change and territorial disputes in the South China Sea, the talks prominently featured cybersecurity. The growing focus in this area is understandable considering the recently disclosed massive hack into the US Office of Personnel Management (OPM).

This year-long breach exposed the personal data of tens of millions of federal employees, including their social security numbers. The intrusion also revealed sensitive information on security clearances and background checks. Although the Obama administration has yet to publicly identify the culprits, those familiar with the breach claimed the involvement of government-sponsored Chinese hackers.

Such allegations have drawn public and policy attention to China’s espionage activities. Spying, however, is generally considered fair game – even by American officials. Thus, if future US-China cybersecurity talks are to be productive, greater attention should be devoted to a different type of hacking – the online theft of trade secrets and proprietary data.

Cybersecurity was high on the agenda as Chinese and US officials met earlier this week.Reuters

Growing concerns of industrial espionage

Cyberattacks and industrial espionage from China have been a growing concern among US businesses. Last month, six Chinese nationals, including two professors, were indicted for industrial espionage involving radio frequency filter technology. The year before, a former DuPont employee was convicted of selling his employer’s trade secrets to a Chinese company.

Conventional wisdom suggests a bright line between government and industrial espionage. As President Barack Obama reportedly told Chinese President Xi Jinping, the United States did not “steal from China Telecom to help AT&T.”

Few countries, however, follow this approach – a point former Defense Secretary Robert Gates readily concedes. France provides one of the more notorious examples. Leaked US diplomatic cables indicate that the country has “conduct[ed] the most industrial espionage on other European countries, even ahead of China and Russia.”

Government versus industrial espionage

Even within the US administration, the line between government and industrial espionage has been murky at best. A top secret document obtained by Edward Snowden, for instance, shows that “an American law firm was monitored while representing a foreign government in trade disputes with the United States.”

Since the launch of the Trans-Pacific Partnership negotiations, the administration has also repeatedly invoked national security to justify the nondisclosure of negotiating texts. If trade is routinely considered a matter of national security, potentially justifying state-sponsored espionage, determining when spying is allowed is virtually impossible.

Moreover, the OPM hack could not have been prevented even if industrial espionage had been outlawed. As widely reported, the breach did not involve the theft of trade secrets or other confidential business information. Instead, the hackers seized personal information that many security experts, including former CIA and NSA Director Michael Hayden, consider a “legitimate foreign intelligence target.”

Five Chinese military officers were accused of cyberespionage.Reuters

Difficulty in pinpointing responsibility

Thus far, the Obama administration has yet to offer any direct evidence linking the OPM hack to the Chinese government. Producing such evidence has not been easy. It will be even more difficult if the hacks involve servers of private companies, such as last year’s cyberattacks on Sony’s movie studio.

Politicians and pundits are right to remind us that state-owned enterprises continue to dominate the Chinese economy. But they cannot be more wrong when they lump all Chinese actors under the state. As anybody doing business in Beijing, Shanghai and Guangzhou can attest, the divide between state and private actors has grown considerably in the past two decades.

With widespread outsourcing and use of private contractors, it has also been increasingly difficult – even in the United States – to distinguish state-funded intelligence gathering from its private counterpart. Greater transparency will help, but national security remains an area where transparency is hard to attain – understandably so.

A need to refocus

Given the challenge inherent in any cybersecurity talks involving espionage, Chinese and US leaders should turn their attention to the online theft of trade secrets and proprietary data. Such a focus will be of considerable interest to not only US businesses but also their Chinese counterparts.

Domestically, the lack of protection for trade secrets and proprietary data in China frustrates local businesses as much as it worries foreign companies. Although protection is offered through the Law Against Unfair Competition, that statute was enacted in 1993 – close to a decade before China’s accession to the World Trade Organization. Worse still, the law has not been revised even though laws in other major intellectual property areas have all been overhauled at least twice.

Internationally, the field of trade secret protection remains wide open. In 1994, the World Trade Organization’s TRIPS Agreement introduced multilateral standards in this area for the first time. Yet those standards remain far less established than the century-old copyright, patent and trademark standards.

If China and the United States could reach a consensus over new trade secret standards, they might pave the way for greater harmonization across the world. Such harmonization is particularly likely considering the European Union’s recent effort to develop a new trade secret directive.

Immense Potential for Cooperation

Although commentators enjoy discussing the cultural barriers to intellectual property reform, trade secret protection has deep historical roots in China. Research, for example, shows that manufacturers of traditional Chinese medicines such as Tongrentang protected their manufacturing process as early as the Qing Dynasty (1644–1912).

Given this historical tradition, immense potential exists for China and the United States to work together to strengthen protection for trade secrets and proprietary data. Greater cooperation in this area will not only alleviate the growing concerns of both Chinese and US businesses. It will also enable both governments to sidestep the virtually impossible task of distinguishing between government and industrial espionage.

Peter K Yu does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.