What the new China trade deal really means, according to cybersecurity experts

Not many people are going to get a copy of the full text of this week’s “Phase 1” trade deal signed by the United States and China, sit down, open it up, and start reading its near-100 pages. But if you’re in the cybersecurity business, this is the hottest thing off the presses in a long time. It’s no secret that the Chinese government and corporations—including state-owned companies—are a major threat to American intellectual property. One in five American companies report that China has stolen their intellectual property, and these Chinese raids can cost our businesses as much as $600 billion every year. The Phase 1 negotiations provided the U.S. with a golden opportunity to take China to task on IP theft and redraw a trade relationship that protects American technology.

The document gets off to an encouraging start. Intellectual property is addressed right at the beginning, in Chapter 1. While this might seem common sense, setting out language that describes this problem at the top of a document that bears Chinese and American signatures is a major diplomatic and economic milestone that cannot be overlooked. China has actually admitted that this is a problem instead of issuing reflexive denials. This is the first step toward substantive change.

The United States has asked in no uncertain terms for commitments on China’s part to protect our intellectual property for technology and other innovative sectors. And, to their credit, the Chinese have agreed to take an important step in this direction. China has agreed to halt the common practice of forcing technology transfers as a condition for American enterprises to do business in China, and to institute harsher processes and penalties for patent theft.

But when it comes to concrete solutions for achieving this goal and holding China to account, Phase 1 is relatively thin. It also fails to anticipate future moves the Chinese might make to circumvent new restrictions on their rampant technology theft. Finally, some glaring issues of crucial importance to American tech companies are not addressed in Phase 1 at all.

A key principle in any trade relationship is reciprocal market access, but Phase 1 doesn’t cover the disparity in access between the U.S. and China brought about largely by China’s market-distorting government subsidies. As it stands, government support for tech industries in China makes it impossible for American companies to compete fairly on the global stage. This, in fact, is an important goal of a major Chinese government initiative known as the “Made in China 2025” plan, by which China intends to become the global market leader in everything from quantum computing to artificial intelligence. And the quickest way to get there? Stealing technology from others, of course. Since the “MIC 2025” plan was unveiled, the cybersecurity industry has noticed an uptick in intellectual property espionage.

Needless to say, the seemingly-voluntary restrictions the Chinese have agreed to in the Phase 1 deal are directly at odds with their MIC 2025 goals. Which will take priority for the Communist Party leadership – honoring their international commitments or sticking to their domestic agenda? This remains to be seen.

Another Chinese move after announcing MIC 2025 was to impose more stringent requirements on companies – including American firms – looking to do business in China. If a foreign company wanted to operate in their country, the Chinese reserved the right to inspect the source codes and even demand technology transfers. The Russians use similar regulations to swipe code and other intellectual property from foreign companies. The Phase 1 agreement attempts to address this, but the language it uses contains some troubling ambiguities.

The document promises both parties “effective access to…operate openly and freely” in each other’s territory, “without any force or pressure from the other Party to transfer their technology to persons of the other Party.” That sounds good.

But then there’s this caveat: “Each Party shall determine the appropriate method of implementing the provisions of this Agreement within its own system and practice.”

It’s the “Each Party shall determine” phrasing that is disconcerting. What if American businesses and research universities do not agree with what the Chinese ultimately “determine”? On the American side, will the “appropriate methods” we set up for China’s compliance be developed transparently and open to comment from the public, industry and academia? The government agencies charged with implementing the agreement would be wise to consider this.

Also missing from Phase 1 is a solution to the Huawei question, which will certainly serve as an important global test case. The Chinese telecom giant – partially owned by the state – is seeking to expand its market share into the U.S., our European allies and elsewhere by promising cheap and speedy 5G internet connections. Of course running our data through Chinese technology – with a direct line back to Beijing – has massive implications for global security, which the negotiators should have taken the opportunity to address in Phase 1.

But it would be unfair to criticize the agreement as simply “going easy” on China. It also doesn’t solve one major issue that is doing harm to both Chinese and American companies: tariffs. The agreement does roll back some tariffs, which is commendable. The U.S. has agreed to cut the tariff rate on some tech goods and delay upcoming tariffs on others, a 25 percent tariff remains in place on $250 billion worth of Chinese products including everything from PCs to power adapters. Tariffs don’t help American tech companies – in fact they have cost the industry nearly $2 billion. Dropping these tariffs altogether would not only show good faith to China, it would relieve some pressure on American businesses.

Fortunately, negotiations for Phase 2 of this agreement remain ongoing. The fact that Phase 1 was signed and both parties are continuing the conversation in good faith should be encouraging. But where Phase 1 laid out the problems and took some first step, Phase 2 should focus clearly on implementing solutions.

The next step is for China to submit an “Action Plan to strengthen intellectual property protection” in the next month. This is an opportunity for the Chinese to show the U.S. government and American tech companies that they are serious about this problem. How might they do so? They should lay out a clear process for American companies in China to report IP theft to the government, and what the Chinese government would then do to investigate the claim. If there is a dispute, there should be a resolution process spelled out, step-by-step. Good communication can solve a lot of problems. Along those same lines, the Chinese government needs to make sure “private” (or semi-private) Chinese firms abide by the same rules, so they can’t act as false flags for Chinese government agencies. And, outside of the agreement itself, it wouldn’t hurt for the Chinese to make examples of some IP violators to show their sincerity.

Meanwhile, the American cybersecurity industry will look forward, cautiously, to a safer and more free future relationship with China.

Theresa Payton, former White House CIO, is the founder and CEO of cybersecurity consultancy Fortalice Solutions.

s.parentNode.insertBefore(t,s)}(window, document,’script’,
fbq(‘init’, ‘1389601884702365’);
fbq(‘track’, ‘PageView’);

Leave a Reply

Your email address will not be published. Required fields are marked *