Lawfare readers have followed and discussed the Snowden revelations with a mixture of dread and excitement. Our focus, understandably, is on the impact of the leaks on the intelligence community and on U.S. national security policy. The seemingly endless disclosures and associated news stories, along with the many declassified documents from the ODNI, have sparked discussions on echnological change, government accountability and oversight, FISA reform, and other important issues. For many Americans, however, the bigger problem is the leaks’ impact on the U.S. economy and on American businesses---many of whom do business overseas. European allies may eventually shrug off their frustrations with the NSA, but my Brookings colleagues Cheng Li and Ryan McElveen argue that China is far less likely to do so. The revelations are leading to a policy shift that may hinder U.S. technology firms in China for years or even decades.
Cheng Li is director of research and a senior fellow at the John L. Thornton China Center in the Foreign Policy program at Brookings, and is a director of the National Committee on U.S.-China Relations. Ryan McElveen is a research assistant at the Thornton Center.
NSA Revelations Have Irreparably Hurt U.S. Corporations in China
U.S. technology firms conducting business in China are used to being swayed by geopolitical winds, but they will never fully recover from the irreparable damage left by the devastating NSA revelations of 2013. After such a turbulent year, it is useful to review what happened and determine how to move forward.
As the first summit meeting between Chinese President Xi Jinping and U.S. President Barack Obama approached in June at the Sunnylands estate in California, the Obama administration made every indication that cyber security would take top billing on the agenda.
This was a hard-won break from the past for U.S. corporations. After years of trying to elevate the issue of commercial cyber espionage in the public consciousness, the business community was finally given a golden opportunity to push for change as events evolved in its favor in early 2013.
In February, U.S. cyber security firm Mandiant released a report revealing that the Chinese government had infiltrated almost 150 major U.S. corporations and agencies over the past seven years. The report narrowed the origin of these extensive online attacks to a People’s Liberation Army (PLA) operations center in the Pudong area of Shanghai.
In May, another report emerged from the Defense Science Board revealing that China had secured access to detailed designs of Pentagon military weaponry and aircraft.
As these events unfolded, President Obama’s then National Security Advisor Tom Donilon began urging China to curtail these activities and pushing for China to address them at the June Presidential summit. At the same time, though, NSA contractor Edward Snowden was encouraging newspapers to publish accounts of NSA espionage.
For the Obama administration, Snowden’s timing could not have been worse. The first story about the NSA appeared in The Guardian on June 5. When Obama and Xi met in California two days later, the United States had lost all credibility on the cyber security issue.
Instead of providing Obama with the perfect opportunity to confront China about its years of intellectual property theft from U.S. firms, the Sunnylands meeting forced Obama to resort to a defensive posture. Reflecting on how the tables had turned, the media reported that President Xi chose to stay off-site at a nearby Hyatt hotel out of fear of eavesdropping.
After the Sunnylands summit, the Chinese government turned to official media to launch a public campaign against U.S. technology firms operating in China through its “de-Cisco” (qu Sike hua) movement. By targeting Cisco, the U.S. networking company that had helped many local Chinese governments develop and improve their IT infrastructures beginning in the mid-1990s, the Chinese government struck at the very core of U.S.-China technological and economic collaboration.
The movement began with the publication of an issue of China Economic Weekly titled “He’s Watching You” that singled out eight U.S. firms as “guardian warriors” who had infiltrated the Chinese market: Apple, Cisco, Google, IBM, Intel, Microsoft, Oracle and Qualcomm. Cisco, however, was designated as the “most horrible” of these warriors because of its pervasive reach into China’s financial and governmental sectors.
For these U.S. technology firms, China is a vital source of business that represents a fast-growing slice of the global technology market. After the Chinese official media began disparaging the “guardian warriors” in June, the sales of those companies have fallen precipitously. With the release of its third quarter earnings in November, Cisco reported that orders from China fell 18 percent from the same period a year earlier and projected that overall revenue would fall 8 to 10 percent as a result, according to Reuters. IBM reported that its revenue from the Chinese market fell 22 percent, which resulted in a 4 percent drop in overall profit. Similarly, Microsoft has said that China had become its weakest market.
However, smaller U.S. technology firms working in China have not seen the same slowdown in business. Juniper Networks, a networking rival to Cisco, and EMC Corp, a storage system maker, both saw increased business in the third quarter. As the Chinese continue to shun the “guardian warriors,” they may turn to similar but smaller U.S. firms until domestic Chinese firms are ready to assume their role. In the meantime, trying to completely “de-Cisco” would be too costly for China, as Cisco’s network infrastructure has become too deeply embedded around the country.
Chinese technology firms have greatly benefited in the aftermath of the Snowden revelations. For example, the share price of China National Software has increased 250 percent since June. In addition, the Chinese government continues to push for faster development of its technology industry, in which it has invested since the early 1990s, by funding the development of supercomputers and satellite navigation systems. Still, China’s current investment in cyber security cannot compare with that of the United States. The U.S. government spends $6.5 billion annually on cyber security, whereas China spends $400 million, according to NetentSec CEO Yuan Shengang. But that will not be the case for long. The Chinese government’s investment in both cyber espionage and cyber security will continue to increase, and that investment will overwhelmingly benefit Chinese technology corporations. China’s reliance on the eight American “guardian warrior” corporations will diminish as its domestic firms develop commensurate capabilities.
Bolstering China’s cyber capabilities may emerge as one of the goals of China’s National Security Committee, which was formed after the Third Plenary Meeting of the 18th Party Congress in November. Modeled on the U.S. National Security Council and led by President Xi Jinping, the committee was established to centralize coordination and quicken response time, although it is not yet clear how much of its efforts will be focused domestically or internationally.
The Third Plenum also brought further reform and opening of China’s economy, including encouraging more competition in the private sector. The Chinese leadership continues to solicit foreign investment, as evidenced by in the newly established Shanghai Free Trade Zone. However, there is no doubt that investments by foreign technology companies are less welcome than investments from other sectors because of the Snowden revelations.
As 2013 comes to a close, it is now well documented and well-known that both the United States and China engage in extensive espionage efforts for national security interests. But China’s espionage efforts are different in one key respect: China conducts surveillance on U.S. commercial entities, while the United States focuses on government targets. Although the U.S. government classifies its surveillance and does not share business secrets with U.S. companies, Chinese spies readily hand over proprietary information from U.S. firms to Chinese firms, breaching intellectual property rights and stealing the fruits of research and development on which American companies have spent billions of dollars.
To address these concerns, the United States must clearly indicate that its primary concern is China’s commercial cyber espionage, and that its goal is to protect future U.S. innovation. This is a goal to which both the U.S. and her allies can commit. By working to forge an agreement with China on the enforcement of intellectual property rights protections, the U.S. will finally be able to move out of the shadow of Edward Snowden. Even then, U.S. technology companies must prepare for their new reality—a greatly reduced share of the Chinese market wherein the enforcement of IPR will only soften their downfall.