clock menu more-arrow no yes mobile

Filed under:

The new US-China cybersecurity agreement: a brief guide

Obama and Xi.
Obama and Xi.
Win McNamee/Getty Images
Zack Beauchamp is a senior correspondent at Vox, where he covers ideology and challenges to democracy, both at home and abroad. Before coming to Vox in 2014, he edited TP Ideas, a section of Think Progress devoted to the ideas shaping our political world.
  1. On Friday afternoon, President Obama and Chinese President Xi Jinping announced a new cybersecurity agreement: Both countries agreed not to steal or enable the theft of intellectual property or other trade secrets from each other.
  2. This is really about China hacking the US: A 2013 report found that 80 percent of intellectual property theft targeting US companies came from China. Not all of this is by the Chinese government, but lax enforcement by Chinese authorities helped it happen; the US couldn't prosecute Chinese offenders because it's out of American jurisdiction.
  3. The agreement does not cover government-to-government cyber espionage — such as, say, the massive recent hack of the Office of Personnel Management, or more traditional spy targets.

On paper, this is a big win for the US

According to Council on Foreign Relations senior fellow Robert Knake, the agreement will be enforced by something called CERT-to-CERT agreement — that is, direct cooperation between Chinese and American law enforcement officials. If American commercial secrets are stolen, US law enforcement should now be able to call up their Chinese counterparts and expect real investigations and possibly even arrests as a result.

This hasn't been true in the past. "In the latest business climate survey by the American Chamber of Commerce in China, nearly 80% of the 447 respondents described Beijing’s enforcement of intellectual-property rights laws as 'ineffective' or 'very ineffective,'" the Wall Street Journal's Chun Han Wong writes.

The agreement also establishes a Cabinet-level dialogue between the countries on espionage and a "red phone" system the US can use to register complaints.

In short, the US has gotten China to at least promise to clamp down on an issue that has been a real economic problem for the US. It's also set up an enforcement mechanism that the US can use as a barometer to see if China is actually following through (if there are no arrests, then it's not working), as well as a system for registering complaints if China shirks. That's not nothing.

Did US threats of sanctions help?

The behind-the-scenes story, according to Knake (who ran cybersecurity policy at the National Security Council until earlier this year), is the threat of American sanctions.

In late August, the Washington Post reported that the US was formulating a set of economic sanctions that it planned to slap on Chinese businesses it suspected of carrying out cyberthefts. China wanted to limit the impact of those sanctions on its economy, which is perhaps why it agreed to this.

"The threat of sanctions brought the Chinese government to the table and kept them there," Knake writes.

Can China actually see this through, even if it plans to?

This doesn't mean the issue is settled — or that China will be either able or willing to fully enforce a ban on cybertheft by Chinese companies. Commercial cybertheft is common within China as well, so there's reason for skepticism about the country's ability to fully resolve the problem.

The Obama administration still plans to sanction some Chinese companies, but likely will not target government officials.

And, of course, there are still the many other forms of Chinese cyber espionage directed toward the United States. US-China tensions over cyber espionage are far from over. Still, this agreement is a step.