By Matthew F. Ferraro
By portraying the attack as acceptable, the United States is surrendering valuable ground.
In the weeks since news broke of the extraordinary cyber hack of the Office of Personnel Management (OPM), presumably by China, the response by some American officials and commentators has been curious: begrudging respect for the theft of background data on tens of millions of Americans, guarded understanding, and even professional admiration. “Don’t blame the Chinese for the OPM hack,” former NSA and CIA Director Michael Hayden said, arguing that he “would not have thought twice” about seizing similar information from China if he had the chance. Director of National Intelligence James Clapper echoed the sentiment, saying at a recent conference, “you have to kind of salute the Chinese for what they did. . . . If we had the opportunity to do that [to them], I don’t think we’d hesitate for a minute.”
From the perspective of U.S. security interests, this excess of honesty is a strategic and tactical error. By portraying the OPM attack as acceptable in the rough-and-tumble world of great power politics, the United States is needlessly surrendering valuable arguments that, if properly advanced, could mitigate Chinese aggression in cyberspace and elsewhere. To that end, the U.S. government should do more, first, to distinguish its intelligence collection from the far more intrusive and unaccountable activities that constitute contemporary Chinese practice; second, call China to account for violating privacy norms in much the same way the international community has criticized U.S. practices since the Snowden leaks; and, third, leverage accepted international norms of behavior to check Chinese aggression on the web, on the seas, and beyond.
Let us be clear about the scope of China’s cyber espionage. In addition to the OPM breach, which resulted in the theft of personnel records for as many 21.5 million current, former, and prospective federal employees and contractors, knowledgeable sources also suspect China of hacking health-insurance providers Anthem and Premera Blue Cross and seizing health-care records of millions of Americans. These records reveal profoundly personal details about mental illnesses, drug and alcohol use, criminal histories, bankruptcies, personal contacts and relatives, Social Security numbers, and some fingerprints. With this information, observes U.S. Senator Ben Sasse, Beijing can threaten, intimidate, and blackmail literally millions of federal workers and their families.
As Benjamin Wittes of the Brookings Institution wrote, China is “almost certainly” creating “digital dossiers on people.” “It’s everything civil libertarians and privacy activists have been warning about for years,” Wittes said.
Read the full story at The Diplomat