BLOOMINGTON, Ind. -- The U.S. Department of Justice announced criminal indictments today against five officers of the Chinese People’s Liberation Army for conducting economic cyber espionage and committing cyber crimes.
Attorney General Eric Holder announced that a grand jury indicted five hackers, who, acting on behalf of the Chinese government, allegedly infiltrated the networks of American companies, including Westinghouse Electric, U.S. Steel and Alcoa, to steal trade secrets. The five hackers reportedly belong to a specific unit of China’s PLA that engages in infiltrating and exploiting foreign computer networks. The hackers face criminal charges under various U.S. laws, including the Economic Espionage Act and Computer Fraud and Abuse Act.
Indiana University experts offer their perspectives:
Indictments show U.S. 'going on the offensive'
David P. Fidler, an IU legal and cybersecurity expert, said the indictments will not lead to convictions and will intensify already tense Sino-American relations, but they constitute an important development.
“The U.S. government knows the likelihood of successfully prosecuting these individuals for violating U.S. criminal law is virtually nil because the cooperation of the Chinese government would be necessary for the U.S. government to gain custody and conduct a criminal trial in the U.S.,” said Fidler, the James Louis Calamaras Professor of Law at the IU Maurer School of Law. “This move is really not about attempting to faithfully execute these laws.”
Fidler, also a senior fellow at the IU Center for Applied Cybersecurity Research, said the charges will generate criticism of the U.S. government given recent disclosures by former National Security Agency analyst Edward Snowden that have revealed aspects of U.S. cyber espionage activities.
“The Obama administration must understand that charging People's Liberation Army members with economic espionage will raise eyebrows and hackles given the scale, nature and intensity of NSA cyber espionage disclosed by Snowden, including espionage allegedly against the Chinese government and companies,” he said. “So, this move is not about trying to respond to national and international concerns related to the Snowden leaks and the harm they have done to U.S. interests.”
Instead, Fidler continued, “This move indicates the U.S. government is shifting from playing defense in response to Snowden to going on the offensive on matters of fundamental concern to U.S. cybersecurity and economic power. One casualty of Snowden’s leaks was the initiatives the Obama administration mounted in the first half of 2013 against the pervasive nature of Chinese economic cyber espionage. The U.S. government is returning to what had been, pre-Snowden, one of the biggest cybersecurity problems the U.S. and other countries faced.”
Fidler said attempting to prosecute Chinese state actors raises the stakes for American foreign policy and cybersecurity. The indictment could lead Chinese and other foreign hackers to intensify their efforts against the U.S. government and American companies, including potential cyber attacks that cause damage in addition to stealing valuable information.
“Going on the offensive and declaring ‘game on’ in the post-Snowden context constitutes a far more difficult challenge and risky endeavor,” he said. “The application of U.S. criminal law to Chinese officials will worsen Sino-American relations on cyber issues and potentially in the larger, increasingly tense competition between the two powers. Other countries, including China, might decide to charge NSA officials or employees with violating their espionage and cyber crime laws, producing adverse consequences for the U.S. government in its relations with these countries. This decision means that the Obama administration believes the benefits of going back on the offensive outweigh the risks of continuing to react to damaging disclosures about its own cyber espionage activities.”
Fidler can be reached at 812-855-6403 or [email protected]
Lack of 'clear rules of the road' leads to self-interested accusations
Scott Kennedy, who directs the Research Center for Chinese Politics and Business at the IU Kelley School of Business, said the indictments suggest the political nature of claims about cyber spying.
"Cyber crime and espionage is growing rapidly, and certainly the Chinese are big players, no doubt about it," he said. "And yes, it appears that a great deal of China's cyber espionage is directed at large corporations, and it would be naive to believe there is a strong firewall between the Chinese intelligence community, other government agencies and Chinese companies. I have no evidence, but I wouldn't be surprised if there is regular sharing of information."
At the same time, Kennedy said, it's probably misleading to say Chinese spying serves industrial policy while American spying just protects U.S. national interests.
"Regardless of what the U.S. government publicly claims, given what we've learned in the past year from sources such as Edward Snowden and others," he said, "it would be naive to think that U.S. intelligence never engages in cyber espionage that can be of benefit to American companies, or that government agencies never share such information with American companies."
The bottom line, Kennedy said, is that, when it comes to cyber espionage, there are likely more similarities between the U.S. and China than meet the eye.
"Equally important, there are very few clear rules of the road on how governments and companies should behave in the area of cyber security," he said. "Until there's greater international consensus, and not just unilateral statements from the U.S. or a small club of countries such as the G8 or OECD, there will be no rules of the road. And we will continue to be buffeted by such accusations that are rooted in the interests of the accusers and not based on international laws and obligations."
Kennedy is also an associate professor of political science in the College of Arts and Sciences. He can be reached by email at [email protected]
Allegations should be placed in context
To better understand what's happening, it's important to look at the issue in a historical and political context for the indictments, said Scott Shackelford, assistant professor of business law and ethics in the Kelley School and a senior fellow at the Center for Applied Cybersecurity Research.
In terms of history, recall that FBI double agent Robert Philip Hanssen was sentenced to life in prison in 2002 for stealing and selling to the Soviet Union classified documents over 22 years.
"Now consider that between August 2007 and August 2009, it's believed that 71 government agencies, contractors, universities and think tanks with connections to the U.S. military were reportedly penetrated by foreign hackers," Shackelford said. "The Defense Department has admitted to losing some 24,000 files to cyber espionage."
It's safe to assume these incidents caused more damage than Hanssen's crimes, he said; but in the rare cases where the people responsible have been caught and convicted, they have not been severely punished.
The indictments can be seen as just the latest development in a campaign by the Obama administration to shine a harsh light on the espionage activities of China.
"For example, in early 2013, the administration implemented new policies and countermeasures in response to the ongoing theft of trade secrets that includes heightened diplomatic engagement," he said. "But the campaign was badly derailed by Edward Snowden's revelations last year."
The indictments could be posturing by the administration during ongoing trade negotiations with China.
"Since July 2013 during the China-U.S. Strategic and Economic Dialogue, the United States and China publicized plans to begin negotiating an expansive bilateral investment treaty that will reportedly include the difficult issue of enhancing bilateral cybersecurity by protecting trade secrets," Shackelford said. "According to U.S. Treasury Secretary Jacob J. Lew, if successful, this would be 'the first time China has agreed to negotiate a bilateral investment treaty, to include all sectors and stages of investment, with another country.' Although the future of this treaty is uncertain, U.S. allegations could be at least in part designed to put greater pressure on China over provisions in this treaty."
Shackelford is the author of the upcoming book "Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace." He can be reached at 812-855-9308 or [email protected].