Can the U.S. Trust China to Stop Stealing Business Secrets?

Obama threatened sanctions, but proving responsibility for a cyberattack will be difficult.

The U.S. and China agreed Fri­day not to hack in­to com­pan­ies to steal their sens­it­ive trade secrets. But even Pres­id­ent Obama, who an­nounced the deal at the White House with Chinese Pres­id­ent Xi Jin­ping, seemed to ques­tion wheth­er China will stick to its word.

“The ques­tion now is, are words fol­lowed by ac­tions?” Obama said. “We will be watch­ing care­fully to make an as­sess­ment as to wheth­er pro­gress has been made in this area.”

The U.S. has been press­ing China for years to stop con­duct­ing cyberes­pi­on­age on U.S. com­pan­ies. While the U.S. de­fends its own vast sur­veil­lance pro­grams, it ar­gues there should be an in­ter­na­tion­al norm against steal­ing busi­ness secrets to be­ne­fit a coun­try’s own com­pan­ies.

Obama warned that the U.S. could im­pose sanc­tions if it finds proof of com­mer­cial es­pi­on­age. He seems to be look­ing to fol­low Pres­id­ent Re­agan’s policy with the So­viet Uni­on of “trust, but veri­fy”—but the prob­lem is that veri­fy­ing re­spons­ib­il­ity for a cy­ber­at­tack can be ex­tremely dif­fi­cult.

Adam Segal, a seni­or fel­low at the Coun­cil on For­eign Re­la­tions who stud­ies China policy and cy­ber­con­flict, called the agree­ment “sig­ni­fic­ant,” but he ad­ded that China can eas­ily claim an at­tack came from some lone hack­er rather than the gov­ern­ment it­self. China has long denied that it is be­hind at­tacks on U.S. com­pan­ies and gov­ern­ment.

“Of course, the proof will be in the im­ple­ment­a­tion,” Segal said. “The Chinese can still ques­tion at­tri­bu­tion, and much of it could be con­duc­ted by prox­ies out­side of the cent­ral gov­ern­ment’s dir­ect con­trol.”

Obama said the U.S. would likely im­pose sanc­tions only against in­di­vidu­als or com­pan­ies that it could prove were be­hind an at­tack. The U.S. can’t hold the Chinese gov­ern­ment re­spons­ible for everything its cit­izens do, Obama ac­know­ledged.

“Pres­id­ent Xi, dur­ing these dis­cus­sions, in­dic­ated to me that, with 1.3 bil­lion people, he can’t guar­an­tee the be­ha­vi­or of every single per­son on Chinese soil, which I com­pletely un­der­stand,” Obama said. “I can’t guar­an­tee the ac­tions of every single Amer­ic­an.”

But he urged China to show that it’s not spon­sor­ing the at­tacks and to ag­gress­ively crack down on cy­ber­crim­in­als. As part of the agree­ment, the two na­tions pledged to es­tab­lish a sys­tem for a “high-level joint dia­logue” on cy­ber­crime and to cre­ate a “hot­line” to rap­idly share in­form­a­tion and re­spond to at­tacks.

At the press con­fer­ence on the White House South Lawn, Xi ar­gued that it is in China’s in­terest to re­duce cy­ber­crime. “Co­oper­a­tion will be­ne­fit both, and con­front­a­tion will lead to losses on both sides,” Xi said. “China strongly op­poses and com­bats the theft of com­mer­cial secrets and oth­er kinds of hack­ing at­tacks.”

The agree­ment won praise from the U.S. tech in­dustry, which has ar­gued that Chinese spy­ing has put it at an un­fair dis­ad­vant­age. “This an­nounce­ment shows that the highest levels of gov­ern­ment from both na­tions un­der­stand that cy­ber­se­cur­ity ten­sions should not be a bar­ri­er to free trade and open sys­tems of in­nov­a­tion,” Dean Gar­field, the CEO of the In­form­a­tion Tech­no­logy In­dustry Coun­cil, said in a state­ment. “This agree­ment fi­nally starts a sus­tained dia­logue where there was very little com­mu­nic­a­tion. It il­lus­trates a spir­it of co­oper­a­tion on a sens­it­ive is­sue, which is a pos­it­ive sig­nal to tech­no­logy com­pan­ies.”