“It is estimated that 80 percent of American adults have had all of their personal data stolen by the CCP (Chinese Communist Party), and the other 20 percent most of their personal data,” William Evanina told the Senate Select Committee on Intelligence on Aug. 4 in his opening statement.
As Evanina, the former director of the National Counterintelligence and Security Center, also stated, “the existential threat our nation faces from the Communist Party of China is the most complex, pernicious, strategic and aggressive our nation has ever faced.”
What is the most shocking aspect of Beijing’s illegal collection of American data? It is not that China has conducted the most successful criminal enterprise ever. It is America’s unwillingness to stop a crime that has continued for decades.
One thing’s for sure: Chinese hackers have collected unprecedented amounts of information. “Beijing has stolen sensitive data sufficient to build a dossier on every American adult — and on many of our children, too, who are fair game under Beijing’s rules of political warfare,” testified Matthew Pottinger, President Trump’s last deputy national security adviser, at the same hearing.
What’s new? As Pottinger pointed out in his opening statement, Beijing has been able to penetrate recently built 5G networks and so “has taken this to a new level,” giving Chinese officials the ability to compile “dossiers on millions of foreign citizens around the world.” As a result, Pottinger noted, they have a newfound ability “to influence and intimidate, reward and blackmail, flatter and humiliate, divide and conquer.”
Evanina’s and Pottinger’s written testimony comes after repeated mass Chinese attacks on American networks. The 2017 Equifax hack, which took the personal data of 145 million Americans, followed the 2014 hacking of the Office of Personnel Management, resulting in the theft of data of at least 22 million federal employees. The Anthem attack, disclosed in 2015, affected 79 million persons. The Obama, Trump and Biden administrations all announced indictments of Chinese hackers, but these criminal charges were just for show as no official thought any of those charged would ever see the inside of a federal courthouse. The U.S. was merely demonstrating to China that it could identify hackers by name and locate, down to the terminals used, their locations.
Beijing has continued hacking because, apart from these symbolic acts, the United States has imposed no costs on China.
The Biden administration, to its credit, publicly accused China of running a network of “criminal contract hackers” responsible for this year’s Microsoft Exchange hack, which hit “tens of thousands of computers around the world.” NATO and U.S. allies, in a coordinated move, made similar charges against China.
Despite publicly accusing Beijing of criminal conduct, the Biden administration decided to take no action, however. Why not? “In the case of China, there’s still that building of consensus around malicious cyber activity, around the need to call it out together, work collectively on defense, and work collectively on consequences as well,” Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger said to the Aspen Security Forum this month.
In short, the Biden administration did not impose any costs because American allies were not ready to do so.
Neuberger spoke of the “step-by-step approach of building that consensus” and a “sequential, thoughtful approach to bring partners along,” but those are synonyms for inaction. Since when does the U.S. give a veto to others regarding the enforcement of its own laws?
One of the downsides of trying to create a coalition is the adoption of lowest-common-denominator solutions, or in this case, the adoption of no solutions. At times like this, either America exercises leadership or nothing gets done. Neuberger correctly points out that the failure to do anything now does not preclude “follow-on activities.” The administration, she says, wants to “establish those norms of accepted behavior in cyberspace.” One might wonder which American ally does not believe ransomware attacks are a violation of “norms”?
There is a complication in that Chinese state security officials contracted out the hacks to criminals, but how can this not be considered criminal activity of the state itself, especially when American officials hold Russian government officials responsible in the same circumstances?
The Biden administration does not want, in Neuberger’s words, to “go at it alone,” but it ultimately has an obligation to enforce laws and protect America.
The White House said it raised concerns with senior Beijing officials about “broader malicious cyber activity.” Fine, but the Chinese regime will not stop hacking American networks until the costs Washington imposes exceed the enormous benefits of this criminal activity. Chinese communists are villains, but it is American political leaders who have permitted them to be villainous. Americans should be mad at Beijing — and at the people they elected to protect them but who have decided not to do so.
Gordon G. Chang is the author of “The Coming Collapse of China.” Follow him on Twitter @GordonGChang.