President Barack Obama and Chinese President Xi Jinping walk to the Rose Garden of the White House in Washington, Friday, Sept. 25, 2015, for their joint news conference.

President Barack Obama and Chinese President Xi Jinping walk to the Rose Garden of the White House in Washington, Friday, Sept. 25, 2015, for their joint news conference. AP Photo/Andrew Harnik

Can the U.S. Trust China to Stop Stealing Business Secrets?

Obama threatened sanctions, but proving responsibility for a cyberattack will be difficult.

The U.S. and China agreed Fri­day not to hack in­to com­pan­ies to steal their sens­it­ive trade secrets. But even Pres­id­ent Obama, who an­nounced the deal at the White House with Chinese Pres­id­ent Xi Jin­ping, seemed to ques­tion wheth­er China will stick to its word.

“The ques­tion now is, are words fol­lowed by ac­tions?” Obama said. “We will be watch­ing care­fully to make an as­sess­ment as to wheth­er pro­gress has been made in this area.”

The U.S. has been press­ing China for years to stop con­duct­ing cyberes­pi­on­age on U.S. com­pan­ies. While the U.S. de­fends its own vast sur­veil­lance pro­grams, it ar­gues there should be an in­ter­na­tion­al norm against steal­ing busi­ness secrets to be­ne­fit a coun­try’s own com­pan­ies.

Obama warned that the U.S. could im­pose sanc­tions if it finds proof of com­mer­cial es­pi­on­age. He seems to be look­ing to fol­low Pres­id­ent Re­agan’s policy with the So­viet Uni­on of “trust, but veri­fy”—but the prob­lem is that veri­fy­ing re­spons­ib­il­ity for a cy­ber­at­tack can be ex­tremely dif­fi­cult.

Adam Segal, a seni­or fel­low at the Coun­cil on For­eign Re­la­tions who stud­ies China policy and cy­ber­con­flict, called the agree­ment “sig­ni­fic­ant,” but he ad­ded that China can eas­ily claim an at­tack came from some lone hack­er rather than the gov­ern­ment it­self. China has long denied that it is be­hind at­tacks on U.S. com­pan­ies and gov­ern­ment.

“Of course, the proof will be in the im­ple­ment­a­tion.”

“Of course, the proof will be in the im­ple­ment­a­tion,” Segal said. “The Chinese can still ques­tion at­tri­bu­tion, and much of it could be con­duc­ted by prox­ies out­side of the cent­ral gov­ern­ment’s dir­ect con­trol.”

Obama said the U.S. would likely im­pose sanc­tions only against in­di­vidu­als or com­pan­ies that it could prove were be­hind an at­tack. The U.S. can’t hold the Chinese gov­ern­ment re­spons­ible for everything its cit­izens do, Obama ac­know­ledged.

“Pres­id­ent Xi, dur­ing these dis­cus­sions, in­dic­ated to me that, with 1.3 bil­lion people, he can’t guar­an­tee the be­ha­vi­or of every single per­son on Chinese soil, which I com­pletely un­der­stand,” Obama said. “I can’t guar­an­tee the ac­tions of every single Amer­ic­an.”

But he urged China to show that it’s not spon­sor­ing the at­tacks and to ag­gress­ively crack down on cy­ber­crim­in­als. As part of the agree­ment, the two na­tions pledged to es­tab­lish a sys­tem for a “high-level joint dia­logue” on cy­ber­crime and to cre­ate a “hot­line” to rap­idly share in­form­a­tion and re­spond to at­tacks.

At the press con­fer­ence on the White House South Lawn, Xi ar­gued that it is in China’s in­terest to re­duce cy­ber­crime. “Co­oper­a­tion will be­ne­fit both, and con­front­a­tion will lead to losses on both sides,” Xi said. “China strongly op­poses and com­bats the theft of com­mer­cial secrets and oth­er kinds of hack­ing at­tacks.”

The agree­ment won praise from the U.S. tech in­dustry, which has ar­gued that Chinese spy­ing has put it at an un­fair dis­ad­vant­age. “This an­nounce­ment shows that the highest levels of gov­ern­ment from both na­tions un­der­stand that cy­ber­se­cur­ity ten­sions should not be a bar­ri­er to free trade and open sys­tems of in­nov­a­tion,” Dean Gar­field, the CEO of the In­form­a­tion Tech­no­logy In­dustry Coun­cil, said in a state­ment. “This agree­ment fi­nally starts a sus­tained dia­logue where there was very little com­mu­nic­a­tion. It il­lus­trates a spir­it of co­oper­a­tion on a sens­it­ive is­sue, which is a pos­it­ive sig­nal to tech­no­logy com­pan­ies.”