It seems that no visit of a Chinese official can happen without a revival of Chinese proverbs. Maybe the point is to remind us how ancient a culture China is, or emphasize a reputation for wisdom. Even President Xi Jinping joined in, saying, “The fire burns high when everyone brings wood to it.”
But the English language has folksy aphorisms, too, including this one: "Give your adversaries just enough rope to hang themselves." In fact, that's just what the US should do with its cybersecurity deal with Beijing.
According to the official fact sheet on the agreement: "The United States and China agree that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors."
Since that was released Friday, the scoffing has been deafening. China experts and cybersecurity professionals both says China's commitment to the agreement lacks all credibility. After all, earlier this week, President Xi denied that China engages in cyberespionage, despite numerous reports that are rich with detailed evidence.
Maybe the critics are too fast to pounce on the deal, which is a pretty easy target. Are they missing an important point? Perhaps China continues its attacks intended to steal trade secrets but reduces the volume of the assaults. Cybersecurity experts often forget that diplomacy isn't binary. It's analog and if this leads to "less but not zero" – it is still a win for our side.
Perhaps more importantly, if this agreement does fall apart (and chances are it won't hold for long, if at all), the US will be in a much stronger position to respond to Beijing over its commercial espionage.
We now have Xi’s public and very personal commitment to Obama that China doesn't engage in commercial espionage, nor will it in the future. We also have a rich vein of proof saying China does exactly what it denies. The administration – and cybersecurity companies – should start planning their campaign of naming and shaming now. When the Chinese operations continue, we must call them out.
To succeed, this cannot be an occasional release of damning reports every year or so, but a sustained campaign. Every denial has to be met with evidence. Every mewling “hacking is illegal in China” must be met with “then arrest this person and bring them to justice.” When state-owned enterprises are shown to be involved, demand “party discipline” be imposed on the executives and political officers.
To make this happen, the Obama administration should declassify significant amounts of material to make the case against China, and publicly expose Xi’s false claims.
President Reagan burned intelligence sources to prove the Soviets knew that the Korean airliner they shot down was not a US Air Force jet (as summarized in Jeffery Richelson’s "A Century of Spies: Intelligence in the Twentieth Century"). A National Security Agency article noted "a Soviet official claimed that it was the most damaging blow of the Cold War, one from which the USSR never recovered."
President Obama doesn’t need to go so far to expose sources and methods, but must embrace that same principle.
While naming and shaming will go only so far, so the administration should be ready with sanctions. After giving his personal commitment to reduce cyberattacks, Xi has far less room to maneuver if the US decides to sanction commercial spying that takes place after Friday's agreement.
But maybe, just maybe, none of this naming and shaming or threat of sanctions is needed and China actually fulfills its pledge.
Another aphorism in English is more timely than ever: "When you come to a fork in the road, take it." Whether the deal with China succeeds or fails, it can still be a win-win for the US. That probably isn’t the same win-win that Xi alluded in his speech to US tech executives in Seattle earlier this week, but it still counts. China might have had Confucius, but the United States had Yogi Berra. And it ain’t over until it’s over.
Jason Healey is senior research scholar at Columbia University’s School of International and Public Affairs and senior fellow at the Atlantic Council. Follow him on Twitter @Jason_Healey.