The US and China Agree Not To Conduct Economic Espionage In Cyberspace

blottsie writes: The leaders of China and the United States agreed on Friday to take new steps to address cyberspying, vowing that neither country would conduct or knowingly support the theft of intellectual property. Senior law-enforcement and intelligence officials from both nations will evaluate how the two major powers respond to each other's requests for assistance fighting "malicious cyber activity," the White House said in a statement. The group will hold its first meeting before the end of the year, with subsequent meetings occurring twice per year.

what a pushover

So, we're going to trust China not to hack?! Great plan Obama!

Re:what a pushover

[imidan]

No. And your trite oversimplification is utterly worthless. We make the agreement so that when China *does* break it, we have a protocol in place for responding. We contact the Chinese government, we point at the malicious behavior, and we expect them to correct it. If they do not, then we have put in a good-faith effort, and we can enact our own consequences.

It's a first step. It's not the entire solution. But we have to start somewhere.

Re:what a pushover

My money is on that US broke the agreement before China did.

Yes, I assume that it happened before this news hit Slashdot.

Re:what a pushover

What's Obama gonna do, send more jobs to China? Boy will they look silly when they are struggling with overemployment...

Re:what a pushover

[amiga3D]

In all reality I'd bet neither side intends to abide by it. It's yet another treaty not worth the paper it's written on.

Re:what a pushover

... when China *does* break it, we have a protocol in place for responding. We contact the Chinese government, we point at the malicious behavior, and we expect them to correct it....

I guess it will be a "sternly worded" diplomatic correspondence between the two states. And after than, business as usual.

Re:what a pushover

[Salgak1]

And of course, any treaty the Chinese GOVERNMENT signs prohibiting the Chinese Government from hacking the US, is not binding on all the private and even corporate hacking outfits there. Much less the Russian, Iranians, or the other members of the cast of thousand any SOC guy is familiar with. Or, they just go deniable, and hack via bots and previously pwned systems. Either way, a lot of sound and fury, signifying nothing . . .

Re:what a pushover

[NotDrWho]

So, we're going to trust China not to hack?!

Every bit as much as they're going to trust the U.S. not to hack them.

Re:what a pushover

No, they go "wasn't us, didn't do it, must have been compromised machines being used as a proxy." and continue business as usual.

Re:what a pushover

[allcoolnameswheretak]

Obama is not sending jobs to China. Corporations are.

Re:what a pushover

Think about all of the technology that the US has and has had compared to China. Do you honestly believe that the US gov hacked Chinese businesses to try to get past them? Intellectual property theft is moving in almost completely one direction and that is from the US to China, not the other way around, so I'd be very happy to take that bet.

Re:what a pushover

Please kill yourself. Your family can blame your suicide on Obama.

Re:what a pushover

[chipschap]

We plan on trusting Iran. Why not China too? And maybe North Korea, ISIS ....

Re:what a pushover

[sshir]

My guess is that both sides will start to do it Russian style - outsource the "data acquisition" step to 3rd parties. In Russian case those are outright criminal organizations, mixing business with pleasure, so to speak.

Re:what a pushover

[chipschap]

Please kill yourself. Your family can blame your suicide on Obama.

I thought we were supposed to blame everything on Bush.

Re:what a pushover

[chipschap]

Kerry will wave his little finger[1] and say "Naughty, naughty!" and the Chinese will run screaming with fear from such a tough-minded diplomat.

[1] Just the one on his left hand, as anything more would be politically incorrect.

Re: what a pushover

I liken it to the Anglo-German agreement.

Re:what a pushover

The data that the United States is looking for, is which firms are manufacturing which items, for which client. The tech is more or less irrelevant.

The data that PRC is looking for, is the tech that makes their manufacturing companies more efficient at doing so. What the product is, and who the customer is, is more or less irrelevant.

What this treaty means, is that both countries will openly exchange the requested data, albeit through back channels, rather than clandestinely.

Re:what a pushover

Nah, just a disastrous war that formed ISIS, the deaths of hundreds of thousands of Iraqi civilian men women and children, the worst economic depression since 1939, and literally torturing and killing people at an offshore death camp for about six years. Just that stuff.

Re:what a pushover

You don't understand, Bush's plan was infallible and showed incredible foresight! It's Obama's fault for not committing to Bush's plan to occupy the middle east for the next 700 years.

Re:what a pushover

Obummer will have to be out of office before we act on any breach of protocol because that PUSHOVER is known for ignoring crossed lines unless you count the ones in his coloring book.

Re:what a pushover

[blue9steel]

If they do not, then we have put in a good-faith effort, and we can enact our own consequences.

Yes, like sending them harshly worded messages while doing nothing.

Re:what a pushover

[imidan]

Yes, like sending them harshly worded messages while doing nothing.

Not the approach that I would endorse, but to each his own.

I mean, this deal may be completely meaningless. Maybe both sides will break it over and over, and we'll eventually just throw it away. But, again, it's a first step in a conversation. Some conversations in international diplomacy have to be started more than once. Some take a long time to get anywhere. But we'll never accomplish anything at all if we never start the conversation.

Re:what a pushover

[fredgiblet]

Can you explain the value of that information to the US government?

Re:what a pushover

[tsotha]

Nah. They're going to pretend to stop and we're going to pretend not to notice they haven't.

This is all for domestic consumption.

Re:what a pushover

... But we have to start somewhere.

The USA did start somewhere: It's called the WTO, then later WIPO. The problem being the USA lost control of the WTO and it began settling cases against the USA. Plus China avoided their commitments to TRIPS and the WTO, leaving the biggest manufacturers on the planet with the UCC Geneva accord in common. This is a new attempt at economic protections, mostly for the USA. The question I want answered: How does this treaty differ from the TRIPS agreement?

Re:what a pushover

[towermac]

No, he can't. It's just anything to continue the narrative that the US is no better than anyone else, and usually worse. Any frikkin subject can lend itself to piling it on.

Re:what a pushover

[towermac]

See, I was thinking; if it was that easy, why didn't Obama make that call 7 years ago? Or hell; fly over there even. They do give him use of a plane. A nice one.

Re: what a pushover

[GrahamJ]

While doing the same thing, more like.

Re:what a pushover

[towermac]

We already trusted North Korea. We gave them food, fuel, and a nuclear reactor in exchange for not developing a bomb.

Am I the only one that remembers that?

Re:what a pushover

[Attila+Dimedici]

Actually, it is not even a treaty. It is merely a verbal agreement between two heads of state. It doesn't mean anything. It is just a nice soundbite that no one actually believes.

Re:what a pushover

Think about all of the technology that the US has and has had compared to China. Do you honestly believe that the US gov hacked Chinese businesses to try to get past them?

Look at anything manufactured. Do you really think there is anything manufactured in China that they don't know how to design?
It's not the 00's anymore, taking the technological lead for granted was the first mistake.

Another thing that could be worth considering China can put people in space, the US can't.

Re:what a pushover

And do you think they should trust your NDA not to put spying devices in Cisco routers?

Are you sure you are approaching this from a position of equals?

Re:what a pushover

"continue the narrative that the US is no better than anyone else"

After Snowden, do you really still take this position, really?

Re:what a pushover

Nope, I also remember that Donald Rumsfeld was the Chairman of ABB when ABB sold the nuclear reactors to North Korea.

Re:what a pushover

Intellectual Property has many definitions, and you cant steal it either.I think some will say only new, genuine stuff, which is highly debatable. Troll's get lost - China will be a cheaper producer and exporter because its companies are not burdened with such crap nor 'evergreening' 'rights' . Based on the Snowden leaks, claims are not likely to be true at all.

Re:what a pushover

[towermac]

I don't think he was chairman of one of the largest and oldest Swiss companies there is, hell, one of the largest conglomerates in the world. But he was on their board at one time, which I did not know.

How that has anything to do with the price of tea in China, I would love to hear, AC.

Re:what a pushover

[wyHunter]

On the contrary, government policy does CONTRIBUTE to this. And I'd say our policy for decades, Republican or Democrat in power, has been to offshore jobs.

Re:what a pushover

[wyHunter]

Not to mention Obama, whose administration encouraged the rise of Isis, through basically abandoning Iraq, and supporting the Muslim Brotherhood. As for economic depressions, the current one we are in due to administration incompetence, is completely on Obama - who is as much or more of a failure than Bush.

Re:what a pushover

So the power and riches of America are not based on taking unfair advantage over their weaker opponents (countries)?
This is News!

So We Both Are Engaged Fully Then.

[zenlessyank]

I see your bits.

Hmmmm.

[minkowski76]

Translation: China has pretty much stolen everything it wants.

Re:Hmmmm.

[Chris+Mattern]

Translation: both sides will work harder at hiding it.

Re:Hmmmm.

[The_Noid]

Instead of stealing it they'll just copy it.

Re:Hmmmm.

[dsmatthews9379]

I'm pretty sure if the USA comes across something useful that they don't already have they will take it and make it their own too, in fact I am sure they do it. It is just that China started so far behind that they are working much harder to play catch-up. You could never trust either party and I can't see why you should now, just because they said they would behave themselves, because when has that been a guarantee of anything?

Great!

[pr0nbot]

Phew! Crisis averted. I'll switch off my firewall.

Re:Great!

[antdude]

/me , not Chinese from China, hacks pr0nbot's server for pr0n.

Fingers crossed

[PopeRatzo]

The US promises to just put the head in.

Re: Fingers crossed

Before finishing they promise to "pull out" as well. 99% effective I heard. Could be skewed data. Who knows. Who tells the doc, "he pulled out, how can this happen"

Whew!

Problem solved! Open the firewalls!

HA - HA - HA!!!

[sshir]

I almost peed myself laughing... Were they able to keep their faces straight when they were "agreeing"?

Re:HA - HA - HA!!!

[Moof123]

Worth the toilet paper it is written on.

Re:HA - HA - HA!!!

[Aighearach]

As President Obama put it,

"The question now is, are words followed by actions? And we will be watching carefully to make an assessment as to whether progress has been made in this area."

Re:HA - HA - HA!!!

[towermac]

Holy crap they are going to watch. Carefully even. And then he's going to assess. China better watch their ass.

Done and done. Tied off nicely. Good job Obama!

Re:HA - HA - HA!!!

[penguinoid]

They agreed to say they won't conduct economic espionage against each other.

Well, that's that.

It's certain that both sides will keep their word.

The Treachery of Images

[Pseudonymous+Powers]

The US and China Agree Not To Conduct Economic Espionage In Cyberspace

And what's more, they both agreed that they never had done anything like that before, not ever in history!

Isn't that swell?

What is this "intellectual property" thing

that you keep talking about? Can ideas be kept as property?

Quoting the immortal words of Gordon Gekko

"How much is enough?"
"It's _NEVER_ enough."

If you think either side (that's both USA and China) are going to stop any time soon, you're deluding yourself.

*Snort*

[bev_tech_rob]

Yea, right.... (roll eyes)... will be business as usual.......

FTFY

[The+Grim+Reefer]

The US and China Agree Not To Conduct blatant Economic Espionage In Cyberspace...

And will be sure to use more plausible stories (or at least ones that are not under copyright) when they get caught.

Too late, China has a reputation

[sideslash]

Everybody in the USA knows China has been grabbing everything it can by digital espionage for a long time now.

And ha ha, guess what -- thanks to Snowden, everybody in China, not to mention the world, knows that the USA indiscriminately grabs whatever it can from foreign sources.

Only a fool would believe that either side has any intentions of stopping.

Re:Too late, China has a reputation

Everybody in the USA knows China has been grabbing everything it can by digital espionage for a long time now.

And ha ha, guess what -- thanks to Snowden, everybody in China, not to mention the world, knows that the USA indiscriminately grabs whatever it can from foreign sources.

Only a fool would believe that either side has any intentions of stopping.

Sane people realize that both sides have had what some term greedy individuals or organizations that have done questionable things that cost their side or the other dearly. It's not government sanctioned and certainly predates cyber-warefare. It's other individuals/organizations with their own agendas doing it. These two highest leaders of two of the largest nation states are doing what you'd expect them to do. "Yes, we have a problem, and we both will do what we can to improve it." It's an uphill battle for sure, because these individuals/organizations will do almost anything to continue to do whatever it is they do.

Re:Too late, China has a reputation

Both nations are pretty battered and bruised. China's economy took some black eyes, and the US has been having a death by a thousand cuts, either by people selling classified documents, intrusions, or just many, many people asleep at the switch when it comes to cybersecurity.

China has one cybersecurity advantage. Their Great Firewall. Not only does it protect against foreign propaganda, it keeps out the brunt of offshore attacks. This something the US should do, because it would reduce a lot of the attacks before they touch infrastructure.

Re:Too late, China has a reputation

[sideslash]

This something the US should do, because it would reduce a lot of the attacks before they touch infrastructure.

What the heck? Are you posting on behalf of the PRC?

Re:Too late, China has a reputation

Okay, I'll bite. How does it protect against external attacks, and when is the last time they successfully prevented an attack with it? What happened during the man-on-the-side attack on Github, and how did that improve the security of Chinese internet users?

Re:Too late, China has a reputation

[towermac]

We dragnet the whole planet in an attempt to keep the world safe from terrorists. The only effect they might feel from that is an attack that didn't happen. Right or wrong, that's what we're doing.

They target us specifically, stealing what amounts to money. The effect from that is that they are enriched at our expense. That's what they are doing.

Totally the same thing.

Re:Too late, China has a reputation

well said

Re:Too late, China has a reputation

Man, you are one successfully brainwashed American. How does spying on European leaders and industry executives help to "keep the world safe from terrorists"? When did you last have your borders breached by "the enemy" or "the terrorists"? People like you are exactly the kind of waste that is spewed out from the bowels of American society, damaged and mis-shaped by your indoctrinating culture and American "news" outlets.

Re:Too late, China has a reputation

[towermac]

Don't think that European leaders just drink champagne all day with their pinkies stuck out. Maybe most of the time, but they also run spies and know things. Knowing what they know is more than you knew before. You'd have to be damned arrogant to think that they don't know anything worth knowing. Same goes for the very rich.

Borders? What borders? The US hardly has any. But what we have, has been breached pretty harshly a few times in the last 20 years.

Yes, the news sucks, but they didn't make up terrorism. They may sell it for profit, but they didn't invent it. Don't think we all fall for it hook line and sinker.

By the way, I'm guessing you're 12, and live in Seattle.

Re: Too late, China has a reputation

Keep the world sace from terrorism what a fucking joke. If the US wanted that they would stop funding and training them.

Riight

[epyT-R]

Meaningless scribbles on scraps of paper are useless for national defense.. Just ask hitler and stalin. As long as china does the bulk of our technology manufacturing, this will never fly. Even if china wanted to, it could never enforce such policy, and neither country will roll back its surveillance programs on the other.

Outer space

[jfdavis668]

Instead of spying in cyber space, they will return to using outer space to get the same result.

My well-reasoned response.

[galabar]

Bwahahahaha!

cyber-

Can we please stop using the prefix "cyber"? It's not 2008 anymore.

Re:cyber-

No.

They are actually being completely honest

They plan to conduct their economic espionage through bribery and proxies directed by their secret agents like civilized people.

  Less chance of embarassing leaks that point out the blatant misappropriation of taxpayer funds i.e. theft on criminal activity to support the rich and connected that way.

not conduct ... or not get caught?

[petes_PoV]

neither country would conduct or knowingly support the theft of intellectual property.

So both countries have developed networks of patsies and the necessary levels of plausible deniability.

No-one actually thinks they will stop, do they?

Before the ink was even dry...

[Mysticalfruit]

We were busy hacking them and they were busy hacking us.

Sure

*wink* *wink*, *nudge* *nudge*, say no more!

Damn! I almost had it.

I've been working for years to figure out how those sly yellow devils get the fortunes in the cookies. Oh well - their IP is safe. ...

For now!

and

niether side can be trused to honour the treaty, Mind you the Merkins probally wont even ratify it.

Interesting drop off of attacks from China today..

[CSG_SurferDude]

For what it's worth, http://longtail.it.marist.edu/... shows a significant drop off of attacks from China yesterday (Thursday) and today (Friday). FYI: Longtail is an ssh brute force analysis program with 11 ssh honeypots live today. I've been getting almost 300,000 attempts per day, but only got about 75,000 yesterday, and 88,000 (so far) today.

Good!

Go, Republicans! Go!

Mutual agreement? MWAHAHAHAHAHAHAHAHAHAHAHAHA!!!

[Chas]

Call me when a REAL, ENFORCEABLE policy is in place.

This is just a public patty-cake party. Nobody who's out of the public eye will follow this for a second.

Face saving agreement, nothing more

[WillAffleckUW]

This is just to pretend that China isn't going to steal our corporate data, and government data, and that the NSA and CIA won't do the same.

But both will.

Wait...

Does this mean the US have also agreed to stop economic espionage in Europe?

Re:what else could happen

[hackwrench]

The US could go to the World Trade Organization and ask them to allow the United States to place tariffs on goods made in China.

Re:Mutual agreement? MWAHAHAHAHAHAHAHAHAHAHAHAHA!!

[Aighearach]

They have to find something to pretend to agree on, and it isn't going to be the Spratly Islands, human rights, or reserve currency standards. Might as well play patty-cake over something with secret details.

How about military espionage?

[American+Patent+Guy]

The whole point of intellectual property (whether it be patents, trademarks or copyrights) is to make the subject matter available to the public where it can be seen. Agreeing not to conduct the theft of IP is like agreeing not to pee on the plains of Mars. Meaningless.

What I don't see here is anything about military espionage. Someone has been lifting the personal identities of government employees, which could be used to extort them into revealing secrets. Where's the hotline for that?

This is just another meaningless dog and pony show from our vanity-trumps-everything-in-chief.

Re:How about military espionage?

[AHuxley]

Re "Someone has been lifting the personal identities of government employees"
The US and its helper nations had secured, all its projects and accounts safe from the Soviet Union and other nations well into the 1990's on vast digital databases.
Every department, agency, mil and gov digital site seemed have been kept secure or was a honeypot as bait, junk busywork projects to be tracked when found or traps.
ie at some point and for some reason the US gov selected to place its databases in an easy to read plain text format on an open network facing file structure.
The "dog and pony" is now for the securing, clean up and private sector experts to rent cyber solutions over the issue of why databases online that are not encrypted is not a great idea.
Re "what is left to protect"? Most of the US gov basic, entry level systems may start as parts from China, parts of Asia, Spain, Germany, France, the UK that are then cleaned up during a knock-down kit supply line thats sold on as Made in the USA as far as regulations go. Great for contractors and lawyers to have the paper work for.
A vast network of parts plans and designs floating around long global just in time supply chains.
The mil space/sat work is bespoke, 100% hand crafted in the USA but is limited run spy sat production lines.
The only way for the US to be secure is to totally revert to a US only supply chain again. That would be blocked by the powerful contractors and lawyers lobby who are happy to support their lucrative import fronts.
Military espionage is very easy to protect against, every nation can do it, but its more tempting for the US to buy in cheap, buy from allies ensuring their locked into US/NATO standards and the price difference between a rebranded import and US domestic mil price is a great win.

Uh huh...

What they mean is, the US and China agree to be better and sneakier about their espionage. Only a fool would believe they'll eliminate it.

Re:what a pushover imdian is a little apparatchik

[imidan]

imdian , you appear to be an apparatchik for the Obama regime. imdian, go fuck yourself in the ass with a serrated steak knife. you are a obama loving mao loving geobbels like fucking brown shirt yellow piece of dog shit you fuck. you fucking traitor.

Zow! I usually don't pay attention to abuse from AC, but this one is great! It's culinary! It has both a commies and nazis! Also, poop. So acerbic!

OPM

So will they please send me back all the info they took from OPM?

3 most common international lies

[OutOnARock]

We won't spy on your country.....

the check is in the mail......

we won't cum in your mouth

Peace in our time

[istartedi]

Peace in our time. Sponsored by Huawei. Hey, I didn't type that last part. WTF?

Not really changing a single thing.

"well... officially we won't be and we'll deny any accusation pointed our way."

Utterly futile and hopeless agreement

The way to secure your shit is to write proper code, reduce the bloat, and so on. The idea you can just 'agree not to target each other' and everything will be fine is a joke. There are some 200ish countries and trying to get everybody to agree when most if not all countries can't enforce the rules upon its own citizens is a stupid battle to even try and fight. The better approach is to *fix your shit*. Implement sane open standards, restrict bloat, audit code, implement systems of authentication. Lock down systems and centralize development for the most critical component (ie code is public, but the developers environments shouldn't be compressible, for instance an adversary shouldn't be able to break into an office an install a keylogger to obtain GPG keys). Multiple parties should be reviewing *any* and *all* changes. This is particularly important for core pieces like drivers, firmware, and similar components.

The core components should fit on an a 1.44MB floppy. However your not going to get that when you have a hundred thousand devices to support and thousands of different bloated packages of which many do the same thing and are literally just camouflage for the same underlying libraries.

Re:what a pushover imdian is a little apparatchik

[towermac]

I know right. Hell, I'd have modded it back up, but they don't have a mod that even fits that. 'Underrated' would be an insult to honor.

All I can do is save it. I think I'll put it in my work email signature rotation.

Maginot Line?

[thogard]

It looks like the USA is taking its defense plans from the pre-WWII French.

1st it was the Joke Strike Fighter and now its a gentleman's agreement to stop doing what everyone knows is going on all the time.

Can they build another wall?

Re:Interesting drop off of attacks from China toda

[NoKaOi]

So I assume this means that as part of the treaty, the US government disclosed to China the honeypots it knows about. China is in the process of disclosing it to their pet script kiddies, but only 75% of the script kiddies have so far stopped hitting those known honeypots.

kek

and however you say kek in Mandarin

Peace for our time

[thinkwaitfast]

Hooray!

close the gate .. long after the horse has bolted

This agreement is basically the signal that China has completed hoovering up all the USA's IP. They already have all the manufacturing. This should have been stopped in 1992, but the Manchurian Candidate....

And you trust the U.S to do this?

Wow. You might as well ask them to dismantle the entire NSA and all that spying machinery they've built up. China will have to continue to defend their IT infrastructure and economic interests, because the U.S sure as hell will not stop spying and breaking into foreign systems. You can't trust the U.S gov, period.

Re:Interesting drop off of attacks from China toda

Of course, the Chinese are sincere and can be trusted on their word. However, we're yet to see a similar drop in the attacks from the U.S gov on IT industry and governments around the world, and I doubt we ever will.