Interpreting the 2nd wave of cyber security threats to China

The U.S. has two times challenged China in the field of Internet governance. The first challenge came in the form of a speech delivered by former U.S. Secretary of State Hillary Clinton on Internet freedom following Google's withdrawal from the Chinese mainland. The second came earlier this month as a private security firm, Mandiant, released a report accusing the Chinese military of stealing U.S. intellectual property.

I have discussed the first attack in an earlier publication. How to make sense of this new offensive -- a seemingly scheduled escalation -- of the previous hostility in terms of both rhetoric and substance? Observers feel reluctant to comment on the Mandiant report because they fail to understand the technical details. However, it is fairly easy to make sense of this dispute by reading the report itself and by some creative thinking

An important point to consider is that the China-U.S. conflict over Internet governance can be traced back to the first World Summit on Information Society (WSIS) in Geneva, 2003. China insisted on the role of state leadership in Internet governance, while the U.S. proposed market leadership. Both countries had their own reasons. For China, the state plays an important role in development and market issues. State authorities also manage the media to maintain social stability. The U.S. will not loosen its grip over core Internet resources because it is a gathering place for a myriad of commercial interests.

The EU then offered to broker a deal between the two parties. In June 2005, the EU Council of Ministers outlined its position on Internet governance by proposing a new cooperation model to solve conflicts over the management of the Internet's core resources, namely the domain names systems, IP addresses, and the root server system. This new cooperation model stated that "the existing Internet governance mechanisms should be founded on a more solid democratic, transparent and multilateral basis, with a stronger emphasis on the public policy interest of all governments," and should be based on two principles ranging from "it should not replace existing mechanisms or institutions" to "it should contribute to the sustainable stability and robustness of the Internet." According to my European colleagues, this proposal was raised to bridge differences between China and U.S.

When I was reading about this in 2005, I failed to see the value of the proposal itself and the significance of the role of EU in this grand dispute because I disliked state interference. In retrospect, both the EU proposal and the EU's role were a viable solution that accurately reflected the multi-stakeholder principle in Internet governance. One would expect that the U.S. would respond positively to the EU's stance because it clearly stated that the new model should not replace existing mechanisms, but U.S. simply said no.