The United States and China announced on September 25 that they had reached a "common understanding" to combat "cyber-enabled theft of intellectual property." While the joint statement and accompanying White House Fact Sheet was short on details, President Obama and President Xi Jinping agreed that neither country's government would "conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent to provide a competitive advantage to companies or commercial sectors."
To help ensure compliance with this pact, both sides agreed to establish an enforcement mechanism for investigating and mitigating cybercrimes and malicious cyber activity, pursuant to which the two countries will establish a "high-level" working group that includes senior officials from both nations (including the U.S. Secretary for Homeland Security and the U.S. Attorney General) as well as a "red phone" hotline to resolve disputes and facilitate direct communications. Both countries also pledged to work together on information sharing and the collection of electronic evidence among law enforcement officials.
The timing of the joint announcement is notable. Of late, both China and the U.S. have accused each other of hacking into critical computer systems; stealing data, trade secrets, and other proprietary information from corporations; and threatening public and private networks. The U.S. in particular has accused China of stealing billions of dollars' worth of intellectual property and trade secrets from U.S. commercial entities and has recently signaled a willingness to impose economic sanctions on Chinese businesses that benefited from cyber-enabled theft.
Perhaps because of these accusations, the pact has elicited mixed reviews, and many hurdles to cybercrime investigation coordination and cyber intelligence sharing remain. Some still criticize China's commitment as lacking credibility, due in part to inadequate judicial relief and other administrative and enforcement shortcomings in the country. Others criticize the U.S. for not doing enough internationally to address cybercrime and theft of intellectual capital, and for failing to address the Chinese government's history of ignoring frequent assistance requests from U.S. law enforcement agencies in investigating economic cyber attacks emanating from China. Nonetheless, China's pledge to cooperate on cyber-theft prevention may stall the U.S.'s threat to impose sanctions on Chinese firms, and may indicate a new approach to cybercrime prevention and international law enforcement cooperation between the two countries.
Under the terms of the agreement, the U.S. will be able to track Chinese investigations and arrests through joint dialogue and cooperation. Although President Obama explicitly left the possibility of sanctions on the table, the decision on whether or not to levy such sanctions may thus come to depend on China's willingness to implement measures that mitigate cybercrimes and malicious cyber activity.
For now, U.S.-based companies should continue to monitor relations between the two countries and generally should maintain effective cybersecurity practices, policies, and procedures. Notwithstanding hopeful political pronouncements, the threat of cyber intrusion and loss of intellectual property remains very real. As the two countries embark on closer cooperation and coordination, companies should explore how best to capitalize on this momentum when investigating cross-border cybercrimes, and enlisting the assistance of their respective law enforcement agencies.