Whether you think Edward Snowden is a hero or a traitor, there’s no denying that his latest revelations are bad for U.S. businesses. As I wrote last week, Snowden’s divulgence of the National Security Agency’s (NSA) Prism electronic surveillance program is bad news for American tech companies, especially those operating in China. Snowden’s latest claim – that the U.S. government has been engaging in cyber attacks on Chinese entities for years – further imperils U.S. businesses by threatening to derail nascent progress resolving the ongoing Sino-American cyber dispute, and heightening the likelihood of retribution China-based hackers on U.S. organizations.
Following his successful debut as NSA whistleblower with the Guardian, Snowden turned to Hong Kong’s South China Morning Post last week for round two, revealing that the U.S. has been hacking organizations in both mainland China and Hong Kong for years. Snowden’s intel, coupled with a Foreign Policy article on the NSA’s “ultra-secret China hacking group,” captured the attention of the Chinese people and press. As contextChina’s Wen Liu reported in a recent post, Chinese netizens were quick to label Snowden a freedom fighter. Meanwhile, state-run news publication the Global Times referred to him as a “card” in the U.S.-China relationship and Party mouthpiece the People’s Daily ran an editorial decrying U.S. hypocrisy in the cyber realm.
Snowden’s claims came at a moment when the U.S. and China appeared to be making progress, albeit in small increments, in their ongoing bilateral cybersecurity dispute. During the recent US-China presidential summit, Presidents Obama and Xi agreed on existing threats lurking in the cyber realm and pledged to cooperate in addressing them. In a post-summit press conference, U.S. National Security Advisor Tom Donilon clarified the path forward, stating that he believed the Chinese now understood the U.S. position on the issue, while noting that the detailed work in hashing out norms and rules for cyber in the Sino-American relationship will begin with the July Strategic and Economic Dialogue. Days later, the Chinese Ministry of Foreign Affairs established a cyber office, presumably to help facilitate this work.
Whether Snowden’s claims will derail this progress remains to be seen. Thus far, Chinese officials have been reticent to directly criticize the U.S. in response to the allegations. Last Thursday, Chinese Ministry of Foreign Affairs spokeswoman Hua Chunying noted “we have seen the relevant reports, but I regret that I have no information to give you on this.” Earlier this week, Hua stated “we believe the United States should pay attention to the international community’s concerns and demands and give the international community the necessary explanation.”
Regardless of whether this official tone changes, Snowden’s revelations are bad news for the US-China cybersecurity dispute writ-large, and for American businesses in particular, for at least two reasons:
1) The allegations muddy the waters in the ongoing dispute at a time when clarity is needed.
The U.S. government has consistently sought to make clear that its protests aren’t about Chinese actions in cyberspace in general, but rather about one aspect of Chinese behavior in the cyber realm – economically-inspired espionage. In a press conference on June 8, National Security Advisor Donilon twice underscored this distinction, stating bluntly that the dialogue between the two presidents was “not focused on cyber-hacking and cyber crime…, [but rather] the specific issue that President Obama talked to President Xi about today is the issue of cyber-enabled economic theft — theft of intellectual property and other kinds of property in the public and private realm in the United States by entities based in China.”
Snowden’s accusations, which do not make these same distinctions, cut against the American government’s effort to clarify the terms of discussion as a starting point in the bilateral dialogue. As a result they fuel the type of overly simplistic media reports and public debate that force both governments to brave the limelight in stating their positions on these issues at a time when these positions are still being mapped out.
Conflating cyber hacking, cyber crime, and cyber espionage with economically-motivated cyber theft also threatens to have much more pernicious effects. If the same general fuzziness surrounding the terms of the dialogue employed by Snowden and replicated by others spills into the realm of officialdom it will impede the ability of the U.S. and China to move towards a resolution in the dispute.
2) The allegations heighten the possibility of retributive attacks on American organizations.
By placing U.S. cyber attacks on China so firmly in the public eye, Snowden’s claims heighten the likelihood that Chinese hackers will target U.S. organizations in response. This is particularly true when speaking of China’s legions of hongke — “red hackers,” or patriotic hackers – who may or may not be operating at the behest of the state. There is precedent for this, with red hackers targeting American and Japanese organizations during various international disputes.
For businesses, then, Snowden’s new claims present new perils. Not only do they threaten to undermine early progress in resolving the US-China cybersecurity dispute, but also increase the likelihood that American organizations will be targeted by patriotic Chinese hackers. As a result, firms that needed a solution to their cybersecurity woes yesterday will find that the dangers of today are even more pressing and the outlook for tomorrow remains grim.
Editor’s Note: contextChina is a Seattle-based media company following the growing impact of China on the Pacific Northwest across business, technology and policy. You can follow contextChina on Twitter @contextchina.