Posts

NYT Should Explain How It Selects Which Articles Get Translated into Mandarin

/3 Comments/in /by

Screen Shot 2015-11-27 at 10.26.59 AMThe front page of the NYT today features the story of Anastasia Lin, Chinese-born and Canadian-raised Miss Canada, who was denied entry to China for the Miss World contest.

Clasping hands with youngsters in red Communist Youth League scarves, contestants from more than 110 nations descended on the southern Chinese island of Hainan this week for the 65th annual Miss World contest.

But one contestant was absent from the opening ceremony: Miss Canada, otherwise known as Anastasia Lin, a 25-year-old actress and classically trained pianist who has been denied a Chinese visa to attend the monthlong pageant, apparently because of her outspoken advocacy for human rights and religious freedom in China.

After waiting in vain for weeks, Ms. Lin packed up her Canadian-designed eveningwear on Wednesday and quietly boarded a Hong Kong-bound flight with the hope she might obtain an on-demand visa at the border and perhaps slip unnoticed into mainland China.

It was not to be.

The Chinese authorities, tipped off to her arrival, barred her from flying onward to Hainan.

You can read the story in English or–on the web–in Mandarin.

You can also read this story, on opposition to a new cloning technology center opening in China, in Mandarin.

But Mr. Xu must contend with skeptical consumers in China, where food safety is a near obsession after scandals like melamine-tainted baby formula and recycled industrial “gutter oil.” Online reaction to the project has been overwhelmingly negative.

“Crazily evil!!!” commented the user No-Music-No-Life on Weibo.

You can’t read this story, on Xi Jinping’s efforts to revamp the military, in Mandarin (though as the article notes, it was available in and almost entirely derived from China’s official news service, Xinhua).

President Xi Jinping of China has announced a major reorganization of the nation’s military, state-backed news media reported on Thursday, laying out plans to create new command systems intended to integrate and rebalance land, air and sea forces into a more nimble People’s Liberation Army.

You also can’t read this story, on the sentencing of human rights activist Guo Feixiong, at which he was sentenced with an extra charge on top of those he was tried on.

Yang Maodong [Guo Feixiong], a hardened veteran of political protest in southern China, knew he had virtually no hope of winning his freedom on Friday when he was brought into a courtroom to face a judge’s verdict on charges that he had disturbed public order.

Chinese judges, after all, convict and imprison indicted dissidents with metronomic consistency, reflecting the ruling Communist Party’s control of the courts. Mr. Yang — a human rights campaigner better known by his pen name, Guo Feixiong — had already prepared a statement denouncing his imprisonment.

But the Tianhe District People’s Court in Guangzhou, the capital of Guangdong Province, erupted in denunciations from Mr. Yang and his lawyers when the presiding judge revealed that he had added a new charge against the defendant — one that his lawyers had been given no chance to defend him against.
The new charge, “picking quarrels and provoking trouble,” meant that Mr. Yang would spend an additional two years in prison, according to his lawyers. Mr. Yang, who stood trial almost exactly a year ago, was convicted Friday on that charge and the original one and was sentenced to a total of six years.

[snip]

Chinese law allows judges to add new charges to convictions at their own discretion. But the lawyers said that the power was rarely used, and they denounced the judge’s refusal to grant them time to prepare a considered response.

Asked by telephone Friday about the addition of the new charge, an official at the court in Guangzhou who deals with news media inquiries said, “I don’t know, and even if I did, I couldn’t tell you.” She would not give her name.

This is not the first time I’ve been struck by NYT’s selection of articles to translate into Mandarin; it did so as well with a curiously incomplete story about US expelling its Operation Fox Hound agents. I’ve noticed a few others in passing without recording what they are (but will now do so).

It really is time for NYT to explain the process by which it selects stories for translation into Mandarin. In general, it seems as if the stories that would have good propaganda value get translated — though that doesn’t explain why the Guo Feixiong story did not get translated.

But if it is basing these decisions off of propaganda value, it should also explain how it selects them. Does the State Department get a vote?

It is great for NYT to translate articles. But if it’s only doing so for those that serve US interests (and pointedly not doing so for articles that serve Chinese interests) it is really serving as a propaganda organ, not a news site.

CloudStrike’s Own Announcement Makes It Clear It Doesn’t Have Proof of Ongoing Chinese Economic Cyberattacks

/3 Comments/in /by

Many many many outlets are reporting that China has continued conducting economic espionage even after Xi Jinping agreed to stop doing it. They base that claim on this post from CloudStrike, a big cybersecurity contractor that spends a lot of time feeding the press scary stories about hacking.

Here’s the proof they offer:

Over the last three weeks, CrowdStrike Falcon platform has detected and prevented a number of intrusions into our customers’ systems from actors we have affiliated with the Chinese government. Seven of the companies are firms in the Technology or Pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection which the Cyber agreement does not prohibit.

[snip]

In addition to preventing these intrusions, the CrowdStrike Falcon platform also provided full visibility into every tool, command and technique used by the adversary. This allowed us to determine that the hackers saw no need to change their usual tradecraft or previously used infrastructure in an attempt to throw off their scent.

The include a timeline showing 9 attempted intrusions into Tech Sector companies, and 2 into Pharma companies since Xi and President Obama signed the hacking agreement.

Now, even assuming that CrowdStrike has accurately labeled these Chinese government hackers (CrowdStrike’s CTO was less confident in an interview with Motherboard) this still is not proof that China has violated the agreement.

After all, the key part of the agreement is on how stolen information gets used — whether it gets used to benefit individual companies or even entire sectors (the latter of which we do in our own spying, but never mind). If CrowdStrike prevented any data from being stolen, then it is impossible to assert that it was being stolen to benefit market actors without more evidence that the hackers were tasked by a market actor. Even the indictment everyone points to as proof that China engages in economic espionage did not allege that the People Liberation’s Army had shared the data involved in the single economic espionage charge with private sector companies, and given that the data in question pertained to nuclear technology ,it’s not something that is proven just because it was stolen in the context of an ongoing relationship with the victim (even if that is a logical presumption to make).

The same is true here. When China hacked Google to spy on dissidents, that was clearly national security spying. When the US hacked Huawei to figure out how to backdoor its equipment, that was clearly national security spying.When the US used Microsoft and Siemens products to carry out StuxNet, the tech companies were merely enabling targets. There are too many reasons to hack tech sector companies for solidly national security purposes to claim, just based on the sector itself, that it was done for economic espionage.

You can’t even point to the 2 Pharma intrusions to make the claim. A list of sites the State Department identified as critical infrastructure from a leaked 2009 cable includes over 25 pharmaceutical sites (including animal Pharma), many of them related to vaccines. If we’re treating pharmaceutical supply and research facilities as critical infrastructure, with the presumed consequent defensive surveillance of those sites, it is tough to argue the Chinese can’t consider our pharmaceutical companies making key drugs to be critical targets. Both can be argued to stem from the same public health concerns.

I’m not saying it’s impossible or even unlikely that these intrusions were attempted economic espionage. I’m saying that this isn’t evidence of it, and that the reporting repeating this claim has been far too credulous.

But that also points to one of the inherent problems with this deal (one pointed to by many people at the time). When last he testified on the subject, Jim Clapper didn’t even claim to have fully attributed the OPM hack. The same attribution and use problems exist here. China may steal data on an important new drug, but that’s not going to be enough to prove they stole it for commercial gain until they release their own copycat of the drug in several years and use it to undercut the US company’s product, and even then that may require a lot more data — collected by spying! — from inside the market companies themselves (in part because China engages in many other means of stealing data which aren’t the subject of a special agreement, which will make even the copycat instance hard to prove came from an intrusion).

China knew that, too, when it signed the agreement. It will take more than evidence of 11 attempted intrusions to prove that China is violating the agreement.

Obama and Xi Set Up a Red CyberPhone

/2 Comments/in /by

Here are the terms of the cyber agreement announced today.

  • The United States and China agree that timely responses should be provided to requests for information and assistance concerning malicious cyber activities. Further, both sides agree to cooperate, in a manner consistent with their respective national laws and relevant international obligations, with requests to investigate cybercrimes, collect electronic evidence, and mitigate malicious cyber activity emanating from their territory. Both sides also agree to provide updates on the status and results of those investigation to the other side, as appropriate.
  • The United States and China agree that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.
  • Both sides are committed to making common effort to further identify and promote appropriate norms of state behavior in cyberspace within the international community. The United States and China welcome the July 2015 report of the UN Group of Governmental Experts in the Field of Information and Telecommunications in the Context of International security, which addresses norms of behavior and other crucial issues for international security in cyberspace. The two sides also agree to create a senior experts group for further discussions on this topic.
  • The United States and China agree to establish a high-level joint dialogue mechanism on fighting cybercrime and related issues. China will designate an official at the ministerial level to be the lead and the Ministry of Public Security, Ministry of State Security, Ministry of Justice, and the State Internet and Information Office will participate in the dialogue. The U.S. Secretary of Homeland Security and the U.S. Attorney General will co-chair the dialogue, with participation from representatives from the Federal Bureau of Investigation, the U.S. Intelligence Community and other agencies, for the United States. This mechanism will be used to review the timeliness and quality of responses to requests for information and assistance with respect to malicious cyber activity of concern identified by either side. As part of this mechanism, both sides agree to establish a hotline for the escalation of issues that may arise in the course of responding to such requests. Finally, both sides agree that the first meeting of this dialogue will be held by the end of 2015, and will occur twice per year thereafter.

The structure of these bullets, which comes from the White House, is rather interesting. The first and last simply announce an effort to agree to cooperate on cyber issues, with the first bullet announcing the principle and the last describing the nitty gritty of it. Basically, this is a call to implement a red phone — like the one Russia and the US had for nukes — for cybersecurity.

The third bullet, “welcoming” the UN Group of Government Experts report, is also about confidence building.

Which leaves the second bullet, which (unless I’m mistaken) goes far beyond what Obama noted in his press conference with Xi Jinping, but Xi did note in his speech: an agreement “that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors,” that is, that China stop using hacks to steal from US companies. While the US does steal confidential business information, they don’t do so for competitive advantage of commercial sectors, though I can imagine some scenarios that China might claim did so. I imagine they’ll complain some about our spying on trade negotiations, for example, which probably would fall under this agreement.

I don’t think anyone thinks China will do this (though note the wiggle room in the “conduct or knowingly support” language). Instead, I suspect all the other language about confidence building intends to provide the US a means to more directly complain about this (and perhaps trade off corruption targets for hacker targets?).

Finally, note what was not included: Any promise to end spying for intelligence, like the OPM hack and/or US use of XKeyscore to accomplish the same kind of bulk collection. As I’ve said, I think that hacking might, for the short term, actually help confidence building measures, as it might provide some kind of transparency, though not verification.

We shall see whether a Red Phone for cyber will do any good.

Update: Herb Lin notes that the Red Phone idea is good in theory but hasn’t always worked as it should with China.

Clearly a good thing in principle.  But implementation is an issue, and experience with other hotlines between the United States and China has not always been positive.  A case in point is the military hotline between the United States and China, intended to enable direct communications between senior military leaders on both sides during crisis, has not always been operational even during routine tests of the system.  On several occasions in which the line was tested for operational capability and also in the wake of the 2001 EP-3 incident over Hainan, the Chinese military failed to respond at all.  In addition, the purview seems to be limited to cybercrime (whatever that might mean) and not to cyber issues related to national security.

The Real Story Behind 2014 Indictment of Chinese Hackers: Ben Rhodes Moves the IP Theft Goal Posts

/2 Comments/in /by

As I’ve noted repeatedly, there has been some abysmal reporting on the indictment, in May 2014, of 5 Chinese People’s Liberation Army hackers. Over and over reporters claim, without any caveat, that the indictment was for the theft of intellectual property, the kind of economic espionage we claim to forswear but complain about China conducting. Here are two recent examples.

David Sanger:

And when Unit 61398 of the People’s Liberation Army in China was exposed as the force behind the theft of intellectual property from American companies, the Justice Department announced the indictment of five of the army’s officers. Justice officials hailed that as a breakthrough. Inside the intelligence community and the White House, however, it was regarded as purely symbolic, and the strike on the Office of Personnel Management continued after the indictments were announced.

Elias Groll:

But nearly a year and a half after that indictment was unveiled, the five PLA soldiers named in the indictment are no closer to seeing the inside of a federal courtroom, and China’s campaign of economic espionage against U.S. firms continues.

Given that China’s hacking of US targets is so central to this week’s visit by Chinese President Xi Jinping, I wanted to return to that indictment to tease out what it actually showed. Because it — and Deputy National Security Advisor Ben Rhodes’ description of it in the lead-up to Xi’s visit — makes it clear the US is really talking about far more than IP theft.

The May 2014 indictment was mostly about monitoring negotiations and trade disputes

The indictment includes 31 charges. Just one of those charges — involving the theft of nuclear plant information from Westinghouse — is for economic espionage. Just one of those charges — involving the same theft from Westinghouse — is for theft of a trade secret. I’ll return to the Westinghouse charges in a second.

The additional charges include 9 Computer Fraud and Abuse Act violations (1-9) for breaking into various computers and stealing information, much of it to enable further hacking, 14 charges (10-23) of damaging a computer by planting malware in various computers, and 6 charges ( 24-29) of identity theft for stealing identity information associated with the targets of the attacks.

Yes, all those other 29 charges did involve hacking to obtain information. But that’s the point of what I wrote in my previous post on this: the theft isn’t the core of what we — at least explicitly — complain about China taking, the technology IP of private companies.

Here’s what PLA allegedly took from the five victims other victims, aside from Westinghouse, described in the indictment:

  • SolarWind (a German company with a location in Oregon): PLA allegedly stole detailed information on SolarWind’s financial position at a time when SolarWind was litigating a dumping complaint against Chinese solar manufacturers
  • US Steel: During a period when it was litigating cases against the Chinese steel industry, including against Baosteel, PLA allegedly stole data from (apparently) a sysadmin mapping USS’ computers and mobile devices
  • Allegheny Technologies Incorporated: During a period when it had already started a joint venture with China’s Baosteel but also when it was in anti-dumping litigation against the company, PLA monitored ATI’s computers
  • Alcoa: Immediately after Alcoa and Aluminum Corporation of China bought a 14% stake of Rio Tinto together, PLA monitored Alcoa’s computers
  • US Steel Workers: During a period when it, and the steel industry, was pushing for anti-dumping action against China, PLA stole emails including strategic information

Note the last one: the Steelworkers. A bunch of business reporters are pointing to this indictment — for stealing strategic discussions from a union! — as proof that China is stealing intellectual property from US corporations and sharing it with Chinese companies.

The one case of IP theft in the indictment is reverse engineering, not independent IP theft

In addition to those four corporations and one union, there’s Westinghouse, the one victim against which DOJ actually alleged economic espionage. In 2007, Westinghouse entered into a joint venture, which included significant but carefully negotiated tech transfer. The indictment doesn’t describe which entity involved in the deal it had in mind (several companies were involved, including ones that are more independent from the state), though it is almost certainly China’s State Nuclear Power Technology Corporation, which has no illusions of independence from the state.  The deal was signed with ExIm Bank support and export licensing approval. Since that time, the deal has been renegotiated over what technology would get transferred to China, and Westinghouse is still building new reactors under the deal, with the latest one opening in May 2015. A subsequent contract sold even more advanced nuke plants, with Westinghouse expecting 100% localization through the contract.

In the middle of this 8 year relationship that has and will lead to Westinghouse transferring the technology to build these plants, on May 6, 2010, the indicted hackers allegedly stole information pertaining to design specs for pipes within nuclear power plants; the indictment does not say whether those pipes were included in the technology transfer. In the economic espionage section, the indictment alleges this information got transferred for the benefit of a foreign government, China, not naming even Chinese nuclear authority SNPTC, much less any of the individual joint ventures involved in the deal. That is, even in the charge pertaining to economic espionage, the indictment does not claim this was about benefitting a specific company, but instead was about benefitting the country as a whole. And it’s not like the US can claim it doesn’t spy on specific nuclear companies in the interest of the country as a whole.

And even the Westinghouse hack included the theft of information pertaining to negotiations. The indictment notes that in the advance of Hu Jintao’s state visit to the US in 2011, as Westinghouse and SNPTC were negotiating further construction, one of the hackers targeted deliberative emails regarding these negotiations.

Some stolen e-mails described the status of the four AP1000 plants’ construction. Many other stolen e-mails, however, concerned Westinghouse’s confidential business strategies relating to [SNPTC], including Westinghouse’s (a) strategies for reaching an agreement with [SNPTC] on future nuclear power plant construction in China; and (b) discussions regarding cooperation and potential future competition with [SNPTC] in the development of nuclear power plants elsewhere around the world.

Altogether, the indictment alleges, PLA hackers took 1.4G of data, which in the grand scale of nuclear plans and negotiations is not all that much data.

All of which is to say that the economic espionage charge was a fairly minor theft in the scope of the larger indictment, constituting nowhere near the kinds of data China steals from Defense contractors, and not alleging a transfer to a specific company. It’s also, both in the scale of data stolen from US companies doing business in China (where reverse engineering is often considered the cost of doing business) and the scale of Chinese IP theft here, miniscule.

The US spies on trade disputes too

The rest of the indictment — by far the bulk of the charges — involves spying during a range of negotiations, several of them international trade disputes (though there’s also an aspect of intimidation anytime takes a trade dispute against China). We know that NSA spies on other countries involved in trade disputes, including spying on the American attorneys representing foreign governments in trade disputes. It spies rampantly in advance of larger trade negotiations. And I would be shocked if the US didn’t spy on countries considering huge arms deals with ostensibly private US companies, especially when those deals are central to the petrodollar laundering that serves as the foundation to our Middle East strategy. That is, much of what we charged China’s PLA hackers for in this indictment, the US does. And we certainly spy on individual foreign companies for US national advantage, as when we mapped out Huawei very similarly to the way China mapped out USS.

None of that’s to excuse it. But it is to say no one should expect an indictment that involved — in the grand scheme of things — miniscule amounts of IP theft and lots more amounts of trade negotiation theft to teach China a lesson about IP theft. If we want to teach China a lesson about IP theft, then maybe we should indict it for IP theft, especially the kind of IP theft outside the realm of ongoing business relations which we claim to be the real concern.

That has never happened, and reporters should stop claiming it has.

Ben Rhodes now says this is about IP theft and confidential information

All that said, in the run-up to Xi Jinping’s visit, the Administration has actually gotten slippery on what it means when it invokes this kind of theft.

In an on the record conference call Tuesday, Ben Rhodes claimed (according to the transcript), “the United States government has already engaged in law enforcement actions, for instance, that targeted Chinese entities who we believed were behind that type of activity,” referring to this 2014 indictment. He had just described the activity as, “cyber-enabled theft of confidential business information and proprietary technology from U.S. companies” and described the goals as, “the protection of intellectual property and the ability of businesses to operate without concern of cyber theft.” In addition to “proprietary technology,” Rhodes is now including the cyber-enabled theft of “confidential business information” to China’s sins.

That is, in the days before a big public discussion about cyber theft, Ben Rhodes is moving the goal posts, describing the action of concern to include both “proprietary technology” — what they’ve been talking about for years — and “confidential business information” — which definitely describes what the PLA hackers took but doesn’t describe what they usually talk about when discussing IP theft.

Interestingly, Rhodes went on to suggest China would change its ways because otherwise US corporations won’t want to do business with them. “[T]he chief reason I think the Chinese have an interest in changing some of their behavior in the cyber realm is because if they’re operating outside of established international rules and norms, they’re ultimately going to alienate businesses, including U.S. businesses who have been critical to Chinese economic growth.” This is not the model of stealing data on the F-35 from Lockheed and subcontractors, the quintessential example of IP theft people like to point to. Rather, it’s the use of hacking to reverse engineer products China is buying from US companies, something Chinese companies usually do by stealing tools used in plants in China. Maybe Rhodes is correct that companies aren’t going to rush headlong into the fastest growing market anymore knowing China will reverse engineer, including by cyber-theft, of the things they’re buying, though I think that’s only likely if China’s growth continues to skid to a halt.

Ultimately, Rhodes accused China of cheating capitalism at a more fundamental level. “[T]hat’s something that gets at the integrity of the global economy, and that’s why we’ve been so focused on this.” Which is where it gets rather farcical, because it’s not like the US as a country doesn’t do what it can to bend the rules for its companies. Plus, if the Administration wants to take on China’s cheating, there are far easier ways to do it, such as on currency.

The roll-out of some kind of mutual understanding on cyber issues this week will be interesting regardless of Rhodes’ moving of the goal posts. But that he has done so — and broadened our age-old complaint about IP theft to now include the theft of confidential business information (some, but not all of which, we also do), is itself notable.

Did the OPM Hack Fix Jack Goldsmith’s Anonymity Problem?

/3 Comments/in /by

In a piece claiming “the most pressing problem the United States sees in its cyber relations with China [is] the widespread espionage and theft by China in U.S. public and private digital networks,” Jack Goldsmith argues any cyber agreement with China won’t be all that useful because we would never be able to verify it.

I still adhere what I once wrote in response to this: “in the absence of decent verification, we cannot be confident that transparency measures are in fact transparent, or that revealed doctrine is actual doctrine.  Nor can norms get much purchase in a world without serious attribution and verification; anonymity is a norm destroyer.”

Goldsmith says this in a piece that claims to adopt Sanger’s expressed concerns about the proposed deal and what it won’t cover. Here’s Sanger:

But it seems unlikely that any deal coming out of the talks would directly address the most urgent problems with cyberattacks of Chinese origin, according to officials who spoke on the condition of anonymity to describe continuing negotiations.

Most of those attacks have focused on espionage and theft of intellectual property. The rules under discussion would have done nothing to stop the theft of 22 million personal security files from the Office of Personnel Management, which the director of national intelligence, James R. Clapper Jr., recently told Congress did not constitute an “attack” because it was intelligence collection — something the United States does, too.

The agreement being negotiated would also not appear to cover the use of tools to steal intellectual property, as the Chinese military does often to bolster state-owned industries, according to an indictment of five officers of the People’s Liberation Army last year. And it is not clear that the rules would prohibit the kind of attack carried out last year against Sony Pictures Entertainment, for which the United States blamed North Korea. That attack melted down about 70 percent of Sony’s computer systems.

So Sanger quotes James Clapper saying he doesn’t consider OPM an attack (for good reason), but says that’s one of the most urgent concerns about Chinese hacking. Clapper’s response doesn’t seem to substantiate Sanger’s claim about the centrality of that as a concern, though I think it is a huge concern. I’ll come back to this.

Then Sanger — in a piece that once again repeats the shitty reporting that last year’s indictment showed the theft of IP to bolster state-owned industries (see this post, but I’m working on a follow-up) — says the agreement won’t cover IP theft. Finally, Sanger says that the agreement might not cover a Sony pictures hack, which the Chinese haven’t been accused of doing, so why would that be important in an agreement with the Chinese?

That last bit is where Goldsmith actually doesn’t adopt what Sanger has laid out. Indeed, he seems to say the agreement is about Sony type hacks.

[T]he ostensible “agreement” won’t have anything to do with the most pressing problem the United States sees in its cyber relations with China – the widespread espionage and theft by China in U.S. public and private digital networks.  The negotiation is mainly about cyberattacks (cyber operations that disrupt, destroy, degrade, or manipulate information on adversary networks) and not about cyberexpoitation (cyber operations involving theft, intelligence-gathering, and the like on digital networks).

The Sony hack certainly disrupted and destroyed the film studio’s networks, even while exposing a bunch of embarrassing intelligence. But thus far, we’re proceeding as if China hasn’t done that to “us” (to the extent a Japanese owned film studio counts as the US), North Korea has. We don’t even ever talk about whether China, in addition to robbing the F-35 program blind, also sabotaged it;  I remain agnostic about whether the US defense industry needed China’s help to sabotage the program, but China definitely had the persistence in networks to sabotage key parts that have since proven faulty. Plus, we’re taking it on faith that claims that the NYSE/United outages that happened on the same day are really unrelated, and curiously we’re not talking about the serial air travel outages we’ve experienced of late (after United, the FAA and then American went down because of “software problems”). I would suggest that the IC may have reason to have urgent concern about China’s ability and willingness to sabotage us, above and beyond its IP theft and intelligence theft, but if it does it’s not telling us.

But let’s take a step back. Since when did we conflate IP theft and the OPM hack? Those are different problems, and I’d really love to have a discussion — which surely wouldn’t happen with any government officials in any unclassified forum — whether the OPM hack is now considered a more urgent threat than serial Chinese IP theft, or whether Clapper is being honest in consistently dismissing it as similar behavior to what we do. Sure, IP theft used to be the most urgent issue, but did that change when China absconded with a database of much of our clearance data? The relative urgency of the two seems an utterly critical thing to understand, given that China pwned us in the OPM hack, and now 3 months after discovering that, we’re signing a cyber agreement.

All the more so given that the OPM hack goes right to the issue of anonymity though not, perhaps, verifiability.

In his piece, Goldsmith is a bit more trusting of the Clapper claim — which I laid out here — that we lost technical accesses in the wake of the Snowden leaks. I think that may well be the case, but it’s just as likely that’s disinformation, either for Congress in advance of the Xi Jinping visit, or for the Chinese. Goldsmith presents that as one more reason why we can’t verify any agreement, and therefore it will be largely worthless.

But does it matter that the OPM hack created symmetry in transparency of personnel (which is different from technical accesses) between China and the US? Does it matter that, with the OPM hack, the Chinese largely replicated our ability to create fingerprints using XKS, and through that figure out who in China was doing what?

That is, we may not have full attribution ability right now — in Clapper’s description it sounded like we could consistently ID tools and persona, but not necessarily tie that persona back to the Chinese state, though, again, that my have been disinformation. But both the US (through XKS) and China (through OPM) have achieved a kind of transparency in personnel.

Which brings me to my central question, in response to Goldsmith’s claim this agreement is pretty meaningless because of the attribution and verification problems. He may well be right it will be a mostly symbolic agreement (though if we move towards norms that may be a positive step).

But until we tease out the real interaction of the old problem — the IP theft — with the new one — that China has our intelligence community by the balls, and until we develop more certainty that some other acts of sabotage aren’t, in fact, cyberattacks, I’m not sure we’re really understanding the dynamics behind the agreement.

Just as importantly, it seems, we need to understand what a new kind of personnel transparency affects our expectations about verification or trust in cyberspace. I don’t know the answer to whether this kind of symmetry chances the considerations on verification or not, but it does seem a relevant question.

Cyber-Unicorn Journalists Shocked the Unicorn Didn’t Appear, Again

/12 Comments/in /by

When last we checked in on claims the US was going to cyber-deter China, I suggested people should understand the underlying dynamics at work.

Before people start investing belief in unicorn cyber deterrence, they’d do well to understand why it presents us such a tough problem.

That was 11 days ago. Since then, James Clapper has claimed (I’m not necessarily endorsing this claim as true, especially given the timing) the US isn’t even 100% sure China is behind the OPM hack — in part because we’ve lost some monitoring capabilities in recent years — all while making it clear we don’t consider it an attack because we do precisely the same thing to China. At the same time, top level US and Chinese officials met in anticipation of Xi Jinping’s visit. Here’s the White House readout of that meeting.

From September 9-12, senior Administration officials held a series of meetings with Secretary of the Central Political and Legal Affairs Commission of the Communist Party of China Meng Jianzhu in Washington, D.C.  Mr. Meng traveled to Washington as President Xi Jinping’s Special Envoy to discuss cybersecurity and other issues in advance of President Xi’s State Visit. Secretary of Homeland Security Jeh Johnson hosted Mr. Meng during his visit. In this capacity, Secretary Johnson convened a meeting between members of the Chinese delegation and representatives from the Departments of State, Treasury, Justice, Federal Bureau of Investigation, and the Intelligence Community.  In addition, FBI Director Comey also met with Mr. Meng at FBI headquarters for discussions. National Security Advisor Susan E. Rice received Mr. Meng for a meeting at the White House, where she had a frank and open exchange about cyber issues.

Remember: China is believed to have all of Jim Comey and Jeh Johnson’s security clearance files (probably Susan Rice’s as well). Comey in particular keeps raising that point. That surely adds something to such negotiations, knowing that your interlocutor has read a ready-made intelligence portfolio that your own government compiled on you.

Now the journalists who keep reporting that the US is about to, honest to god, this time they mean it, sanction China for its hacking report that sanctions are off the table for now, in part because those negotiations resulted in some kind of cyber agreement.

The United States will not impose economic sanctions on Chinese businesses and individuals before the visit of China President Xi Jinping next week, a senior administration official said Monday.

The decision followed an all-night meeting on Friday in which senior U.S. and Chinese officials reached “substantial agreement” on several cybersecurity issues, said the administration official, who spoke on the condition of anonymity because of the topic’s sensitivity.

The potential for sanctions in response to Chinese economic cyberespionage is not off the table and China’s behavior in cyberspace is still an issue, the official said. “But there is an agreement, and there are not going to be any sanctions” before Xi arrives on Sept. 24, the official said.

The breakthrough averted what would have raised a new point of tension with the Chinese that could have overshadowed the meeting — and Xi’s first state visit.

“They came up with enough of a framework that the visit will proceed and this issue should not disrupt the visit,” the official said. “That was clearly [the Chinese] goal.”

The reporting on this appears to be problematic, in part, because sources for these stories themselves misunderstand the issue.

Yet what that agreement is remains unclear. Two U.S. officials told The Daily Beast that substantial disagreement remains between the U.S. and China. China insists that it’s the victim of cyber spying, not a perpetrator. But the U.S. has filed criminal charges against Chinese officials for their role in stealing trade secrets and intellectual property from American companies.

[snip]

[CSIS Deputy Director Scott] Kennedy noted that given the length of time Meng was in Washington, his visit almost certainly covered other issues, including China’s efforts to hunt down Chinese nationals accused of crimes who are living abroad. U.S. law enforcement officials have complained that Chinese state security operatives are working in this country illegally and trying to intimidate Chinese people living here legally.

Remember, “US official” is journalistic code often used for members of Congress or contractors. And if these (possible) members of Congress don’t understand that the US sensors embedded in China’s networks are incredibly invasive cyber spying, if whoever claimed that our indictment for stealing information on trade disputes (something we spy on too) believes that we indicted for stealing IP, if those sources can’t imagine we might respond to the OPM hack by cracking down on extraordinary Chinese agents in the US, then those sources aren’t appreciating the real power dynamics at stake. And we’re going to continue to have journalism on this topic that serves more to provide a convenient narrative than to inform.

Thank you for playing, thank you for providing the appearance of a threat to placate Congress and drive a narrative of a tough negotiation, all while not laying out how the OPM hack changes things.

Several things seem to have been missed in this recent round of cyber-deterrence unicorn reporting. While China’s crashing stock market (renewed again today) provides a bit more leverage for the US against China — among other things, it raises the value Chinese elites would place on their US property and holdings, though China itself wants to pressure some of the same elites — it is still not in our best interest to antagonize this relationship. Moreover, whatever additional leverage we’ve got economically is more than offset by the OPM and related hacks, which China could use in any number of ways to really damage the US, especially given so many of our other critical systems — public and private, and I suspect that’s part of what some of the related hacks have been designed to demonstrate — remain insecure.

Most importantly, even before the Snowden leaks, the US had a real interest in finding some kind of norms that would make the cyber realm less volatile. That’s probably even more true now, because (as Clapper said, and this part I believe) our adversaries have been hardening their own defenses while stealing information that turns out to be more valuable to the US, meaning we don’t have such asymmetric advantage in the cyber realm anymore.

This comes at a time when Congress has become adamantly opposed to anything that resembles negotiations, because to them it looks like weakness. And most seem not to understand the stakes behind the reasons why the OPM hack cannot be considered an attack.

So if some credulous reporting created the space for such an agreement, great!

NSA Apologists Now Blaming Snowden for NSA’s Own Cyberdefense Failures

/13 Comments/in /by

Read this claim about NSA spying, but don’t laugh.

“None of what the U.S. is doing is benefiting American business.”

Did you manage not laughing at the notion that the US is spending $70 billion a year on spying and none of it — not one little bit of it! — benefits American businesses?

Didn’t think so.

That quote, from Mandiant Chief Security Officer Richard Bejtlich, is just one of the utter absurdities built into this Kurt Eichenwald piece attempting to blame Edward Snowden for our failure to stop Chinese hacking of us.

Here’s the logic.

In May, [Tom] Donilon flew to Beijing to meet senior government officials there and set the framework for a summit between Obama and Chinese President Xi Jinping; Donilon and other American officials made it clear they would demand that hacking be a prime topic of conversation. By finally taking the step of putting public – and, most likely, international – pressure on the Chinese to rein in their cyber tactics, the administration believed it was about to take a critical step in taming one of the biggest threats to America’s economic security.

But it didn’t happen. The administration’s attempt to curb China’s assault on American business and government was crippled – perhaps forever, experts say – by a then-unknown National Security Agency contractor named Edward Snowden.

Snowden’s clandestine efforts to disclose thousands of classified documents about NSA surveillance emerged as the push against Chinese hacking intensified. He reached out to reporters after the public revelations about China’s surveillance of the Times‘s computers and the years of hacking by Unit 61398 into networks used by American businesses and government agencies. On May 24, in an email from Hong Kong, Snowden informed a Washington Post reporter to whom he had given documents that the paper had 72 hours to publish them or he would take them elsewhere; had the Post complied, its story about American computer spying would have run on the day Donilon landed in Beijing to push for Chinese hacking to be on the agenda for the presidential summit.

The first report based on Snowden’s documents finally appeared in The Guardian on June 5, two days before the Obama-Xi meeting, revealing the existence of a top-secret NSA program that swept up untold amounts of data on phone calls and Internet activity. When Obama raised the topic of hacking, administration officials say, Xi again denied that China engaged in such actions, then cited The Guardian report as proof that America should not be lecturing Beijing about abusive surveillance. [my emphasis]

Let’s review what Eichenwald has done here.

First, he has taken the Administration at its word that publicly shaming China, and then negotiating with them, would have slowed their cybertheft.

Next, he has insinuated — though not provided evidence — that both Snowden’s initial leaks and the timing of their release (which, after all, took place at different times) were all intentionally rather than coincidentally linked to the US effort to rein in Chinese hacking, and done at the direction of Snowden (that may be the case, but he hasn’t presented it, and if that were Snowden’s real intent, you would think he would have leaked specifics about our attacks on China weeks before he did).

He has highlighted an email (did he somehow get the content of an Edward Snowden email to Barton Gellman? Because I can’t imagine Gellman sharing this.) threatening to take his documents somewhere else, without thinking through what it means that he already had gone somewhere else or considering other reasons (he was holed in a hotel room, for example) why Snowden might have had some urgency for publishing. [Update: Here’s where that claim came from.]

And then he has Xi’s comments on America’s own hacking, which Eichenwald suggests was a response to the Section 215 and PRISM disclosures–“top-secret NSA program that swept up untold amounts of data on phone calls and Internet activity”

With me so far?

Curiously, Eichenwald makes no mention of the document that might actually bolster his case and which almost certainly was the reference Xi intended: the Presidential Policy Directive on cyberwar, which was released just hours before Obama’s meetings with Xi started in CA.

But that would require painting a very different picture of what the US does in cyberspace than this one. Read more