A screen full of alphanumerics depicting encryption and the word 'password' emphasized by a magnifying glass

One fear often voiced about Huawei, the Chinese telecoms equipment maker, is that it is a secret agent of the Chinese government. If it were allowed into the US, could it not embed hidden code into its devices that would enable the Chinese intelligence services to monitor everything passing along its networks? Now substitute the word Verizon for Huawei. Thanks to Edward Snowden, the US intelligence contractor gone rogue, we know that Verizon did something quite similar.

According to an order from a Foreign Intelligence Surveillance Act (Fisa) court, leaked by Mr Snowden, Verizon was required to hand over information about all calls made by its 120m customers. If that’s true, should Verizon be banned from operating in China, or any other country for that matter?

The question is posed half-facetiously. But only half. If Verizon – and most other US telecoms and internet carriers – routinely pass data to the government, does that not come awfully close to people’s suspicions about Huawei? One could argue that the National Security Agency, which monitors the traffic, is only looking for terrorist threats, not snooping on other countries’ governments. Then again, how could we possibly know that?

Mr Snowden’s revelations are hardly that surprising. Yet imagining that such things go on and having them spelt out in black and white are quite different things. The US-Sino debate about cyber espionage will never be quite the same again.

First, we should be clear about what we have learnt. So far as we know, Verizon did not allow the NSA to listen in on all calls unfiltered. Instead, it handed over so-called “metadata”. To access conversations, the Fisa court had to issue a specific order. The same restrictions appear to hold for the Prism programme, which the NSA uses to monitor the communications of subscribers of nine internet companies, including Google, Facebook and Skype.

These fine distinctions may not count for much. After initial silence from Beijing, recent days have been dominated by the sound of Chinese authorities clambering on to their high horse. Hua Chunying, foreign ministry spokeswoman, described China as “one of the major victims of cyber attacks” and urged the international community to draft regulations on cyber security. Wasn’t that precisely what President Barack Obama was supposed to have asked Xi Jinping, his Chinese counterpart, when they met away from prying eyes and ears (yeah, right!) in the Sunnylands estate this month?

Naturally, we should not take China’s professed outrage too seriously. It was almost comical to read the People’s Liberation Army Daily describe Prism as “frightening” and accuse the US of being an “habitual” eavesdropper. So brazen are China’s intelligence services, they don’t even bother to hide the fact that they monitor citizens’ internet activity. If they don’t like what they see they simply take it down. Still, if China can’t claim the cyber equivalent of the moral high ground, nor very easily can the US.

From now on, in particular, it will be harder for Washington to make the distinction between state and commercial espionage. The US position has been that, while state-on-state spying is inevitable, business and economic espionage crosses a line. Washington will still try to make that case. Indeed, there is no evidence that the NSA has sought to steal Chinese commercial secrets.

On the other hand, a 60-page report by Mandiant, a US computer security firm, found that Unit 61398 of the PLA was directly responsible for attacks on US corporations.

Even so, the lines look more blurred than they did before. It will be more difficult for Washington to portray China Inc as some unholy alliance between state and a phoney private sector. America’s most powerful technology companies, it turns out, are routinely obliged to act as if they were a branch of the government. Beyond China, governments of countries such as India have long pressed North American technology companies to share data that might impinge on national security, often to be told that this was technically or ethically impossible. Now they know that’s not true. Moreover, foreign governments have learnt that their own citizens’ data are considered fair game when it passes over the networks of US companies.

“Our legitimacy and standing will be seriously compromised,” says Adam Segal, a cyber expert at the Council on Foreign Relations, of US preaching. “It is true that the Chinese are still doing it and we need to stand firm. But the politics is much more complicated now.”

Huang Chengqing, who heads China’s network emergency response body, said Beijing had “mountains of data” on US cyber attacks. An article in Foreign Policy magazine this month detailed the work of the Office of Tailored Access Operations, a secretive unit of the NSA, in penetrating Chinese systems. When Mr Obama told Mr Xi that Chinese spying had to stop, it would have been interesting to hear how the Chinese president responded. We may never know. Or perhaps the NSA can tell us.

david.pilling@ft.com

Get alerts on Cyber warfare when a new story is published

Copyright The Financial Times Limited 2019. All rights reserved.
Reuse this content (opens in new window)

Follow the topics in this article