Tensions over cybersecurity are building between the U.S. and Beijing after the latest string of hacking attacks in the United States, some of which have been traced back to China.
The two countries have dug in their heels on differing approaches to cybersecurity and don’t appear ready to budge, experts say.
The White House has become bolder in calling out Chinese leadership for its economic espionage, and when Chinese President Xi Jinping makes his first U.S. state visit later this year, cybersecurity is likely to hang over his meetings with President Obama.
The Chinese support the right to control their own cyber space, a concept called cyber sovereignty. The U.S. wants China to agree to international norms that could reduce China’s level of control over its own Internet.
“Both parties are waiting for the other party to make the next step,” said Kristen Eichensehr, an international security professor at the University of California, Los Angeles, School of Law and former State Department attorney.
The tensions have been a problem for U.S. tech companies.
The Chinese market, rapidly approaching 1.5 billion people, is an attractive target for expanding tech giants like Apple, Google, Microsoft and Facebook. But Beijing has made it tougher for these U.S. companies if they don’t play by China’s rules.
Google and China have feuded for years over the government’s online censorship laws, and Beijing recently blocked Gmail altogether. Microsoft is facing an anti-monopoly investigation and paid a $140 million fine for evading Chinese taxes. Facebook still isn’t allowed in the country.
China has also been accused of widespread snooping on these firms. Last fall, security experts said officials were vacuuming up passwords and sensitive data on Apple users after hacking the company’s cloud storage system. More recently, the government was blamed for infiltrating Microsoft’s online email system in China.
The simmering tensions boiled over two weeks ago when the tech sector got wind of upcoming cybersecurity regulations. The new rules would require companies to install Chinese encryption standards that give officials full access to company data. Firms would also have to submit all secret code for inspection.
A massive coalition of trade groups appealed to the Chinese government and the White House, arguing the rules would inhibit their ability to operate.
Some say this could be a catalyst for the two countries to have serious talks on the issue.
“If the U.S. increases the pressure on these new cybersecurity regulations, I think the Chinese would at least have to respond,” said Chinese cyber policy expert Adam Segal, a senior fellow at the Council on Foreign Relations.
The U.S. could take the issue to the World Trade Organization, which oversees global rules of trade and counts both China and the U.S. as members.
Such a move, Segal said, “would almost by definition open a broader discussion about cybersecurity.”
Earlier this week, Obama spoke with Xi by phone, urging “swift work” to resolve cyber differences.
“That seems to me like the best signal we’ve seen in a couple of months,” Eichensehr said.
It’s possible cybersecurity will take a back seat during the visit to other issues, such as the two countries’ recent agreement on reducing carbon emissions, the ongoing Ebola crisis in Africa and perhaps the territorial disputes in the South China Sea.
“Over time we will hopefully find a way to manage our disagreements” on cyber, said Crowley, now a fellow at the George Washington University Institute for Public Diplomacy and Global Communication. “I doubt seriously it will involve swift work.”
Bob Stasio, a Truman Project national security fellow and former National Security Agency (NSA) employee, said the situation was akin to the ongoing nuclear discussions throughout the 1980s between the U.S. and the Soviet Union.
Despite intermittent talks and occasional agreements to reduce nuclear warheads, both countries knew there was an impenetrable cultural difference.
“Did that really ever get resolved?” Stasio asked.
— Updated 4:14 p.m.