US-China cyberspace tussle & int’l law
IN fact, the United States has a long history of cyber-espionage. But since the late 1990s, the Chinese government has been increasing its economic, technological and military capabilities to become a leader in cyber-warfare.
In response to aggressive actions by the US, experts say China is embracing its citizen hacker community.
The Chinese government states that it intends to work with the “international community to promote the building of a peaceful, secure, open, and cooperative cyberspace.
” Similarly, U.S. government policy is to “work internationally to promote an open, interoperable, secure, and reliable” cyberspace.
While this semantic overlap in officially stated goals suggests strong similarities between Beijing and Washington in their viewpoints on international law and norms in cyberspace, they are more different than similar.
For the record, China’s participation in a 2013 UN report affirming the applicability of international law to cyberspace is a promising development.
The same UN group had been gathered in 2014 to address some of the more challenging and divisive concepts regarding state responsibility and use of force in cyberspace.
Any fractures in the debate at this meeting reflected some of the major differences between the United States and China on cyberspace policy.
These differences clearly endorsed that Beijing seemed unwilling to compromise on issues such as Internet sovereignty and information control, which it judges as critical to the maintenance in power of the Communist Party of China (CPC) regime.
Understanding the development and underlying factors of tensions, the concerns of both sides, and the way in which these problems combine in the poorly managed competition over 5G which are pivotal to moderating friction and building the future digital world.
However, subsequently— all these issues that piled up over the years— once again came to light with the 5G and Huawei controversy.
This time, however, economic and geopolitical concerns were at the heart of the issue: 5G’s faster connection and data transmission speeds, as well as lower latency, have the potential to enable not only significant economic growth, but also innovate critical technologies in a host of different fields.
Despite being the global leader in the development and implementation of 4G technologies, the US worries that it might be left behind in the technology race over 5G or in related processes of global norm-setting, as reduced US leadership could produce unfavorable conditions for the future of its economic endeavors and global market presence.
Factually analyzing, China has had legitimate cyber-security concerns like every other country.
They’re worried about attacks on their networks. And the Snowden revelations from the—Edward Snowden, the former NSA contractor— evidenced that the U.S.
has had significant cyber capabilities, and it has attacked and exploited vulnerabilities inside of China.
And while the Chinese might have used to think that they were less vulnerable to cyber-attacks given the shape of the Chinese network in the past, one could reasonably think that it probably changed around 2014-2015, especially as the Chinese economy had become increasingly dependent on E-commerce and digital technology.
Whereas, its GDP is largely dependent on digital technology. So the Chinese are worried about the same types of attacks the US is worried about.
And then, fourth and finally, China does not want the United States to be able to kind of define the rules of the road globally on cyber, create containing alliances around digital or cyber issues and wants to constrain the ability of the U.S. to freely maneuver in cyberspace.
The US has an interest in the flow of information across borders, calling for countries to respect intellectual property rights and the privacy of individuals.
On the diplomatic front, Washington aims to ensure freedom of expression and the free flow of data across national borders.
The United States has also argued that international law, including the laws of armed conflict, applies to state behavior in cyberspace. For Beijing, it is critical to balance security, domestic stability, and development.
China wants to prevent various illegal online actions that it views as harming the rapid growth of the digital economy, public security, and social stability.
American calls for Internet freedom and cyber deterrence are viewed as targeting China. Beijing also seeks to use legal and administrative measures to reduce dependence on foreign technology, and improve its defenses.
Internationally, Beijing has promoted the norm of cyber sovereignty. Today, cybercrime or cyber-terrorism has emerged as one of the most serious security concerns, having a disruptive and negative impact on the economy, social and educational institutions, as well as military and political institutions.
Educational institutions, on the other hand, have been easy prey. As per the K-12 Cyber-security Resource Center’s incident map, since 2016, 1,180 cyber incidents have been documented in the US which excludes the unreported cyber-attacks.
On the economy front, cybercrime is expected to cost the global economy $6 trillion per year, constituting the largest exchange of wealth in history, and will be more lucrative than the global trade of all major drug traffickers put together.
The very idea of regulating cyberspace via international law is not something remarkably novel.
Since 1996, the efforts of formulating international law on cyberspace have already been continuously proposed (and refuted) by law experts, business actors, and states.
There are three dominant ideas on how cyber-space should be regulated by international law: Liberal Institutionalists, Cyberlibertarian and Statists.
Liberal institutionalists like Wu (1997) call for the importance of international institutions and rule-based multilateralism in managing cyber-pace.
Nevertheless, it is not impossible to have international arbitration in the Permanent Court of Arbitration in The Hague, Thus, Netherlands can act as an adjudication party on cyberspace as it already has a mandate on outer space, energy, and environmental cases.
However, it needs major approval from state actors to push such mandates and authorities on cyberspace cases.
International law, however, is primarily a legal order for states (and their creations, like international organizations).
As such, international law does not hold a monopoly on the regulation of cyberspace. Given industry and civil society players, other regulatory regimes (for example, industry self-regulation) offer alternative vehicles.
Multi-stakeholder governance, for example, has become the main avenue for governance of the internet architecture.
At the same time, non-state actors have expressed an interest in questions of how international law applies to governance in cyberspace.
For example, the International Committee of the Red Cross and the Independent Groups of Experts who authored the two Tallinn manuals (with plans for a third in the works) have explored how existing international law rules and principles translate into the cyber context.
Microsoft’s President Brad Smith even called on states to conclude a new “Digital Geneva Convention” to regulate state behaviour in cyberspace.
—The writer, an independent ‘IR’ researcher-cum-international law analyst based in Pakistan, is member of European Consortium for Political Research Standing Group on IR, Critical Peace & Conflict Studies, also a member of Washington Foreign Law Society and European Society of International Law.
