Today, both the Washington Post and the New York Times have articles on the United States' demand that China halt cyberattacks and agree to
acceptable norms of behavior in cyberspace.
On its face, it seems reasonable to ask China to establish norms in cyberspace and halt the theft of trade secrets, confidential business information, and proprietary technologies from corporate computers. But it's pretty laughable given the degree to which the U.S.'s National Security Agency (NSA) for years has been secretly collecting nearly all personal and e-mail correspondence of its citizens without a warrant.
While the White House is certainly entitled to ask the Chinese government stop data theft from American computers and open a dialogue about proper netiquette, it's rich for the U.S. to call what China's allegedly doing "cyber-espionage." That's because 1) the U.S. has been using Naris devices to secretly collect over 100 billion e-mails a day of its own citizens--without a warrant, and 2) has been investigating and prosecuting whistleblowers, for espionage, for trying to expose this sweeping domestic surveillance.
Personally, I have no doubt that China's military has been involved in cyberattacks on American corporations and government agencies. According to the Times, the Obama administration is seeking three things from China:
1) public recognition of the urgency of the problem;
2) a commitment to crack down on Chinese hackers; and
3) an agreement to take part in a dialogue to establish global standards.
More frequently than support group confessions, U.S. businesses have been speaking out about how they've been violated by foreign hackers. The problem with the U.S.'s demands on China is their blatant hypocrisy.
First, there has been scant public recognition, much less any information at all, about why the U.S. is secretly collecting its own citizens' e-mail data and the rules governing the use of the data. Exhibit #1 is the way the FBI's recent use of personal e-mail information against Generals Petraeus and Allen, who were accused of no crime. Even though they were never prosecuted, the e-mail content was still used in ways that led to professional and personal difficulties.
Second, asking for a commitment from China to crack down on its own hackers is understandable. The US has certainly engaged on its own brutal crackdown on its non-governmental hackers, like Aaron Swarz and Jeremy Hammond. But to pretend the U.S. government doesn't hack other countries' computers is belied by phenomenon like the Stuxnet virus the U.S. and Israel created to attack Iran's industrial system, in this case, its nuclear facilities. And, BTW, China claims that more than 1.7 million attempts were made to hack Chines government sites and attacks from the U.S. accounted for 63% of the incidents. Whether or not China is telling the truth, the U.S. has never denied Stuxnet.
Third, an agreement to create global standards is a good idea. However, I don't see how that's viable when the U.S. cannot even follow its own standards, first with the countless violations of FISA (for which we later immunized the telecoms after the fact), and more recently, with the "secret interpretation" of Section 215 of the Patriot Act.
I do hope the world can have a constructive dialogue about cybercrime and cybersecurity issues. But I represent 4 NSA whistleblowers who were themselves the targets of years-long espionage investigations and a failed prosecution (that of Thomas Drake). Right now, a number of U.S. hacktivists are being overcharged and prosecuted for trying to make information more freely available.
Until we can have an honest conversation about our own war on information--particularly information that embarrasses the U.S. government, or worse yet, exposes its crimes--I don't believe we can have an honest conversation with other countries who are doing to us what we do to our own.