Henry Farrell writes: During the Obama administration, the United States and China reached an agreement on how to deal with contentious issues in cybersecurity. Both the United States and China hack into each other’s systems on a regular basis. The agreement was not intended to stop this but to prevent it from getting out of control in ways that might damage bilateral arrangements. Thus, the agreement created a kind of hotline for communication and information sharing about potentially problematic behavior, as well as a continuing dialogue on cyber issues. It also ruled out efforts by state actors to steal intellectual property (the United States had persistently complained that Chinese state hackers stole U.S. companies’ secrets and passed them on to Chinese competitor firms). To the surprise of many in the United States, the agreement seems to have helped moderate Chinese efforts to steal commercial secrets, although there is disagreement over whether this was because China was shamed and wanted to preserve honor, or alternatively used the agreement to impose control over unruly hackers.
Either way, this deal worked — to the extent it did work — because both states had roughly convergent interests over a very limited set of issues. It did not involve the exchange of truly sensitive information — China does not trust the United States with details of its defenses against cyberattacks, and the United States does not trust China. Instead, the two sides have looked to manage their disagreement, rather than engage in deep and extensive cooperation.
That doesn’t appear to be what Trump wants
As Trump has described his discussions with Putin, both want something much more far-reaching than the deal that Obama reached with China. Instead of setting up dialogue, Trump wants to engage in true cooperation. He wants to set up a joint “unit” that would handle election security issues so as to prevent hacking. This unit would, furthermore, be “impenetrable.”
Critics in the United States have unsurprisingly interpreted this proposal as a transparent ploy by Trump to sideline accusations that Russian hackers helped him win the presidential election. However, even if Trump’s proposal is taken at face value, it doesn’t make much sense.
U.S. officials don’t trust the Russians
If the proposed cybersecurity unit were to work effectively, the United States would need to share extensive information with Russia on how U.S. officials defend elections against foreign tampering. The problem is, however, that information that is valuable for defending U.S. systems is, almost by definition, information that is valuable for attacking them, too. This is one reason U.S. officials have not previously proposed any far-reaching arrangement with Russia on cybersecurity. Providing such information would almost certainly give the Russians a map of vulnerabilities and insecurities in the system that they could then exploit for their own purposes.
It would not only provide the fox with a map of the henhouse, but give him the security code, the backdoor key, and a wheelbarrow to make off with the carcasses. [Continue reading…]