U.S.-China Renew Cybersecurity Vow Not to Hack Each Other

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Cybersecurity discussions between the departments of Justice and Homeland Security, and Chinese officials, yielded positive cybersecurity agreements, including a promise not to engage in targeted hacking, according to a summary of outcomes document released Oct. 6.

Companies with a large presence in China, such as Apple Inc., and other large U.S. tech companies may see the agreements as a positive step toward international cybersecurity cooperation. The agreements also lower cybersecurity risks to companies’ trade secrets and intellectual property if both countries uphold their ends of the bargain, former government officials and national security attorneys told Bloomberg BNA.

The U.S.-China Law Enforcement and Cybersecurity Dialogue (LECD) between Attorney General Jeff Sessions, DHS Acting Secretary Elaine Duke, and top Chinese officials Oct. 4 was the first of four bilateral policy meetings agreed to by President Donald Trump and Chinese President Xi Jinping during an April meeting at Mar-a-Lago in Florida.

Among the topics discussed during the first meeting was cybercrime and cybersecurity, according to the document. The U.S. and China agreed to continue the cybersecurity cooperation reached during a 2015 China-U.S. High-Level Joint Dialogue on Combating Cyber Crimes and Related Issues between former President Barack Obama and Xi.

Specifically, the U.S. and China agreed to continue to provide timely responses on information requests related to cybercrime; not conduct or support cyberattacks and theft of intellectual property and trade secrets; make efforts to find “appropriate norms” for international cyberspace behavior; maintain “high-level joint dialogue” on cybercrime issues; and increase law enforcement cooperation on security instances. Additionally, China and the U.S. will make efforts to enhance cyberthreat information sharing between the two countries.

Companies “should be cautiously optimistic” about the cybersecurity discussions, and if they succeed, “it would be a positive to businesses in both countries,” John Carlin, global risk and crisis management partner at Morrison & Foerster in Washington and former assistant attorney general for national security at the DOJ, told Bloomberg BNA Oct. 6. Cybercrime, including theft of Intellectual property and trade secrets, is a significant issue for companies in the U.S. and China, so reaching these types of agreements—even where there are other diplomatic differences—is a good sign, he said.

Representatives for the White House didn’t immediately respond to Bloomberg BNA’s email request for comment.

Positive Step

Other former Obama-era officials also agreed that the U.S.-China cybersecurity discussions should be viewed positively.

Companies are “the ultimate victims” of cybercrime, so the dialogue is “necessary both to communicate the limits of what each government is willing to tolerate and to start generating norms” for cybersecurity, Beth George, privacy and data protection counsel at Wilson Sonsini Goodrich & Rosati in San Francisco and former White House cybersecurity associate counsel, told Bloomberg BNA Oct. 6.

Both Carlin and George said that after the 2015 discussions between the U.S. and China, companies saw a drop in Chinese hacking incidents. Although “the tangible results are hard to measure,” the discussions “can result in changes in behavior, even if they are not acknowledged,” George said.

The focus on large policy issues doesn’t mean the governments of China and the U.S. aren’t focused on real-world impacts of cybercrime.

The meetings and orders “are meant to address real-world problems such as botnets and cyber espionage” and not just mere policy talk, Steven Chabinsky, partner at White & Case and head of the firm’s global data, privacy & cybersecurity practice, told Bloomberg BNA Oct. 6.

However, some think expectations for improvements should be tempered. The discussions should be viewed as “merely indicating that the two sides have not abandoned their prior respective positions” on cybersecurity cooperation, Nelson G. Dong, corporate partner at Dorsey & Whitney LLP in Seattle and chair of the firm’s national security law practice and former deputy associate attorney general at the DOJ, told Bloomberg BNA Oct. 6.

The Trump administration’s summary document “would have indicated any ‘actual positive results’ if there had been any, but there are none disclosed,” he said.

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

Text of the summary document available at http://src.bna.com/taL.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security