Cyber-Unicorn Journalists Shocked the Unicorn Didn’t Appear, Again

When last we checked in on claims the US was going to cyber-deter China, I suggested people should understand the underlying dynamics at work.

Before people start investing belief in unicorn cyber deterrence, they’d do well to understand why it presents us such a tough problem.

That was 11 days ago. Since then, James Clapper has claimed (I’m not necessarily endorsing this claim as true, especially given the timing) the US isn’t even 100% sure China is behind the OPM hack — in part because we’ve lost some monitoring capabilities in recent years — all while making it clear we don’t consider it an attack because we do precisely the same thing to China. At the same time, top level US and Chinese officials met in anticipation of Xi Jinping’s visit. Here’s the White House readout of that meeting.

From September 9-12, senior Administration officials held a series of meetings with Secretary of the Central Political and Legal Affairs Commission of the Communist Party of China Meng Jianzhu in Washington, D.C.  Mr. Meng traveled to Washington as President Xi Jinping’s Special Envoy to discuss cybersecurity and other issues in advance of President Xi’s State Visit. Secretary of Homeland Security Jeh Johnson hosted Mr. Meng during his visit. In this capacity, Secretary Johnson convened a meeting between members of the Chinese delegation and representatives from the Departments of State, Treasury, Justice, Federal Bureau of Investigation, and the Intelligence Community.  In addition, FBI Director Comey also met with Mr. Meng at FBI headquarters for discussions. National Security Advisor Susan E. Rice received Mr. Meng for a meeting at the White House, where she had a frank and open exchange about cyber issues.

Remember: China is believed to have all of Jim Comey and Jeh Johnson’s security clearance files (probably Susan Rice’s as well). Comey in particular keeps raising that point. That surely adds something to such negotiations, knowing that your interlocutor has read a ready-made intelligence portfolio that your own government compiled on you.

Now the journalists who keep reporting that the US is about to, honest to god, this time they mean it, sanction China for its hacking report that sanctions are off the table for now, in part because those negotiations resulted in some kind of cyber agreement.

The United States will not impose economic sanctions on Chinese businesses and individuals before the visit of China President Xi Jinping next week, a senior administration official said Monday.

The decision followed an all-night meeting on Friday in which senior U.S. and Chinese officials reached “substantial agreement” on several cybersecurity issues, said the administration official, who spoke on the condition of anonymity because of the topic’s sensitivity.

The potential for sanctions in response to Chinese economic cyberespionage is not off the table and China’s behavior in cyberspace is still an issue, the official said. “But there is an agreement, and there are not going to be any sanctions” before Xi arrives on Sept. 24, the official said.

The breakthrough averted what would have raised a new point of tension with the Chinese that could have overshadowed the meeting — and Xi’s first state visit.

“They came up with enough of a framework that the visit will proceed and this issue should not disrupt the visit,” the official said. “That was clearly [the Chinese] goal.”

The reporting on this appears to be problematic, in part, because sources for these stories themselves misunderstand the issue.

Yet what that agreement is remains unclear. Two U.S. officials told The Daily Beast that substantial disagreement remains between the U.S. and China. China insists that it’s the victim of cyber spying, not a perpetrator. But the U.S. has filed criminal charges against Chinese officials for their role in stealing trade secrets and intellectual property from American companies.


[CSIS Deputy Director Scott] Kennedy noted that given the length of time Meng was in Washington, his visit almost certainly covered other issues, including China’s efforts to hunt down Chinese nationals accused of crimes who are living abroad. U.S. law enforcement officials have complained that Chinese state security operatives are working in this country illegally and trying to intimidate Chinese people living here legally.

Remember, “US official” is journalistic code often used for members of Congress or contractors. And if these (possible) members of Congress don’t understand that the US sensors embedded in China’s networks are incredibly invasive cyber spying, if whoever claimed that our indictment for stealing information on trade disputes (something we spy on too) believes that we indicted for stealing IP, if those sources can’t imagine we might respond to the OPM hack by cracking down on extraordinary Chinese agents in the US, then those sources aren’t appreciating the real power dynamics at stake. And we’re going to continue to have journalism on this topic that serves more to provide a convenient narrative than to inform.

Thank you for playing, thank you for providing the appearance of a threat to placate Congress and drive a narrative of a tough negotiation, all while not laying out how the OPM hack changes things.

Several things seem to have been missed in this recent round of cyber-deterrence unicorn reporting. While China’s crashing stock market (renewed again today) provides a bit more leverage for the US against China — among other things, it raises the value Chinese elites would place on their US property and holdings, though China itself wants to pressure some of the same elites — it is still not in our best interest to antagonize this relationship. Moreover, whatever additional leverage we’ve got economically is more than offset by the OPM and related hacks, which China could use in any number of ways to really damage the US, especially given so many of our other critical systems — public and private, and I suspect that’s part of what some of the related hacks have been designed to demonstrate — remain insecure.

Most importantly, even before the Snowden leaks, the US had a real interest in finding some kind of norms that would make the cyber realm less volatile. That’s probably even more true now, because (as Clapper said, and this part I believe) our adversaries have been hardening their own defenses while stealing information that turns out to be more valuable to the US, meaning we don’t have such asymmetric advantage in the cyber realm anymore.

This comes at a time when Congress has become adamantly opposed to anything that resembles negotiations, because to them it looks like weakness. And most seem not to understand the stakes behind the reasons why the OPM hack cannot be considered an attack.

So if some credulous reporting created the space for such an agreement, great!

12 replies
  1. orionATL says:

    point 1. focusing on what snowden revealed as harmful to intelligence capability is blaming a single individual for an incompetent, because intellectually corrupt, social structure’s (bureaucracy’s) failure. this should be seen for what it is – embarassingly obvious excuse-making for professional incompetence.

    point 2. the snowden claim may be, i would say “is” based on ic’s long past history, a lie – a lie intended to deflect well-merited criticism.

    point 3. it is far, far more important, long term, to this society’s social compact with its citizens that snowden have made his revelations even if they truely did impact the ic’s spying abilities of the moment (in some trivial or significant ways).

    point 4. it is extremely important for our long-term national security that merited doubt be cast on the value of our current ic’s focus on a cloak-and-router war of data collection (“intelligence”) and analysis.

    • emptywheel says:

      Where did I say Snowden’s leaks weren’t heroic? FFS, I of all people, couldn’t and wouldn’t make that claim.

      But I didn’t see anyone complaining about reporting that not just Google — which a Snowden leak had shown to be compromised — but also other software companies that never showed up in leaks were hardening their defenses.

      Therefore it is utterly absurd for people to complain about a report that China (and all the countries shown to be targeted and all those not) is doing so too. Of COURSE they are, because they have a slightly more comprehensive understanding of the many ways the US has pawned them.

      It’s one thing to believe that Clapper is right when he says our adversaries have hardened their defenses and another to say I think we’re blind. I don’t think the latter is true, and given the timing, think Clapper was probably overestimating what China has been able to shut down.

      Same with Google, of course.

      • orionATL says:


        if i have a criticism to make of you you will know it because, being an english major, you will recognize the nominative of direct address which i always use in any serious situation :))

        i was criticizing the washington spokespeople, and only those, who like to use snowden’s disclosures a) as an excuse for official blunders involving the failure to anticipate and protect, and b) as another opportunity to place in public record some official damnation of snowden the better to hang him with at some later time.

        the triggering phrases for me were “we’ve lost some monitoring capabilities in recent years” and “even before the snowden leaks”. i was not interested in shooting the messenger (you, criticizing some reporters) but rather the undercurrent of american officials blaming snowden over and again for ic failures .

        as for your two articles today, i think they are very useful critiques of the credulous or ignorant or malign reporting we frequently see in the american press.

        question for comparative analysis: why do we see so much less of this kind of reporting in the guardian or al-jezeera?

  2. bloopie2 says:

    “Remember: China is believed to have all of Jim Comey and Jeh Johnson’s security clearance files (probably Susan Rice’s as well).” Good point. And it raises the question to me, “Has anyone considered not putting this type of material online? I mean, how often does anyone need to access Jim Comey’s security clearance file — ever? Just have a couple paper copies filed away somewhere, as in the old days. It may slow you down once in a while but as we see, haste makes waste.

  3. Trevanion says:

    …and remind me again how we know that Snowden was the first time anyone successfully removed material from within the [fill in the adjective] grasp of NSA?

    • Les says:

      Besides Snowden, there was also a former high-level NSA official who was offering to remove NSA surveillance gear for $ 1 million. It’s impossible to say whether this was bonafide or a trap.

      • Trevanion says:

        My point is that it is beyond the reach of Lewis Carroll to think that a removal or two of things, or more, did not happen before the Snowden incident, given the collective IC pants around the ankles in the weeks that followed as they pretended to “know” the scope of what had happened. Fast forward, and there is once more the absence of any serious internal oversight or fallout over the OPM snatch, which took place also on the watch of the IC.

        And yet Sr. Sanger and the rest of the MSM once again look the other way and give us the same tired fear-of-others narrative of the past 15 years.

  4. orionATL says:

    [… Remember: China is believed to have all of Jim Comey and Jeh Johnson’s security clearance files (probably Susan Rice’s as well). Comey in particular keeps raising that point. That surely adds something to such negotiations, knowing that your interlocutor has read a ready-made intelligence portfolio that your own government compiled on you.…]

    so what?

    – what info is a gov file going to have about a u.s. negotiator that would change the outcome of nation-to-nation negotiations ?

    – what changes in outcome would occur if chinese negotiators knew comey has three mistresses, lung cancer, and, say, a history of bankruptcies.

    – what info is going to be in any gov file that couldn’t be found out otherwise were it critical to an adversary to know.

    – we have routinely created and distributed dossiers on important officials we negotiate with forever. did roosevelt, churchill, and stalin not know intimate details of each other’s lives – in an era long prior to the current pervasive electronic spying?

  5. orionATL says:

    james comey has become the royal fish, er, fear, monger.

    what comey is doing follows the iron law of washington’s big bureaucrats – make up some fable to scare the shit out of our congressgoobers in order to get more money, more terrtitory, and more freedom from legal controls, aka, more authority.

  6. orionATL says:

    “…But I didn’t see anyone complaining about reporting that not just Google — which a Snowden leak had shown to be compromised — but also other software companies that never showed up in leaks were hardening their defenses… ”

    i did not know about these matters ’til now, but an endless war of proliferation and defense was what i was referring to when i cited the example from wikip yesterday of greg hoaglund’s rootkit exercise over 15 yrs ago (rootkit trojans being the bane of peons’ computers (often referred to as pc’s :).

  7. orionATL says:

    by the way, you should consider my #4 response similarly. i don’t frequently cite you to attack you. i cite you to locate the reader’s mind. if i am reading and commenting at emptywheel on necessarily brief but nonetheless complex articles, citing seems essential.

Comments are closed.