"Greetings from the Chinese Embassy"
"Greetings from the Chinese Embassy." That's how the email opened. It was an invitation to lunch (or tea) with a counselor in the embassy to discuss cybersecurity. How could I say "no?" So I went to lunch the other day. It was, on the whole, altogether pleasant, and relatively unsurprising, but worth noting nonetheless for what it suggests.
After a suitable amount of small talk, the discussion began (no surprise) with the recent indictments of Chinese officials. The counselor was particularly troubled that the indictment was of military officers who, he suggested, ought to be
Published by The Lawfare Institute
in Cooperation With
"Greetings from the Chinese Embassy." That's how the email opened. It was an invitation to lunch (or tea) with a counselor in the embassy to discuss cybersecurity. How could I say "no?" So I went to lunch the other day. It was, on the whole, altogether pleasant, and relatively unsurprising, but worth noting nonetheless for what it suggests.
After a suitable amount of small talk, the discussion began (no surprise) with the recent indictments of Chinese officials. The counselor was particularly troubled that the indictment was of military officers who, he suggested, ought to be immune from prosecution. He also argued (correctly!) that since China would never turn over their military officials for trial under U.S. law that the only result was to harm the ongoing U.S. China dialogue on cyber issues (and, he added, likely other issues).
When I pointed out that likely the indictment was part of a frustration on America's part that the Chinese had refused to even acknowledge their own role in cyber intrusions (much less act to stop them) the conversation took a bit of a surprising turn. My lunch companion responded that China would take action if the U.S. would just provide the details of the cyber intrusions so that China could investigate. He contended that the U.S. had not shared any details up to this point. I gently disagreed, noting that U.S. officials (up to and including then-National Security Advisor Donilon) said that the U.S. had provided details to the Chinese but to no avail. So, even on this factual question there was (and remains) apparent disagreement. Have we even provided a useful dossier to China? I am pretty sure I know the answer ... but .... it is difficult to achieve meaningful cooperation if China will not reciprocate U.S efforts and acknowledge their own role.
Finally, we moved on, with the counselor arguing that the U.S. should not be focused on establishing rules of the cyber road with China but rather that we should focus on the EU and our allies. After all, he said, if the U.S. can’t agree with its allies on the consequences on different types of cyber activities, it will be even more difficult with China. Finally, in a standard trope, he argued that China is really not that advanced or much a cyber power.
On the whole, as I said, very interesting. My sense is that the indictments have had the effect of getting China's attention, and that they are in the process of gathering information in order to assess their response options. If signalling was the intent, my lunch suggests it was at least partially successful.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.