trade offs in security?

which did we value more?

I participated in four ‘hybrid’ national security conversations over the past fortnight and a half. The message decidedly from two of the four was that people prefer logging in rather than attending in person. I confess to being surprised because I thought people tired of online events years ago.

Instead, people are proving the path of least resistance wins. Typing in questions on the computer after watching an online presentation precludes dressing beyond sweatpants, seemingly satisfying many. Online events also allows one to ask questions semi-anonymously as the time delay between typing the question, the speaker processing a question (whether moderated or not), then answering that question, and moving along to the next question almost eradicates any opportunity for those in a big meeting to know who lodged the inquiry. It certainly refocuses attention, unless the question is so bizarre (which I did hear one of that sort yesterday), from the slant the questioner may be quietly raising about a topic, a speaker, the government or anything else.

I would not do that in China these days because being online faces equal scrutiny to being in a room full of other people. An article earlier this week on the ‘patriotic hackers’ facilitated by the CCP states reminds us that the freedom to participate in a open-minded exchange of ideas long ago ended in China as the ever-more paranoid government uses yet one more instrument to corral any opposition.

The bulk of the article centered on files revealing that hackers within the China IT-ecosphere hack into innumerable companies and entities around the globe. The implication of this article, along with concerns raised by cyber specialists over the past decade, is that Chinese hackers feel free, if not empowered, to get into any computer system they can. International norms be damned. Hacking has become an entitlement because China wants to know what technologies are out in the world or what intelligence secrets they can acquire illegally. Additionally they crave identifying vulnerabilities they could use in case of a conflict to undermine adversaries (read: the United States).

I strongly doubt any ACC reader doubts that China hacks any and everything possible, with tacit, if not direct support from the Ministry of Public Security in the Chinese capital. It’s just how China views a relatively new instrument of national power with which it is quite comfortable. (We rarely discuss that other allies and partners probably also hack or that voices within the United States advocate us doing the same thing to the rest of the world but that is another matter.)

Today’s hackers also seek not merely to scarf up information but to deposit misinformation and malicious code. After the obvious Russian incursion into the 2016 elections in several countries, one would be naive and/or foolish to assume China would not seek to undermine the 2024 election cycle across the United States. Additionally, China also appears preparing to impair the U.S. infrastructure should a conflict between the two states actually occur—something many Chinese genuinely seem to expect as they see Washington acting aggressively to prevent China’s rise as a ‘respected’ actor. That we see their actions as malicious does not equate to their view of culpability or rights. Instead, China projects that we are doing nefarious things to them instead of seeing a problem with what they do to us. Conversations as recently as five years ago focused on them seeig our steps as unjustifiable as opposed to their own ‘pure’ motives.

It’s easy to focus on Beijing’s external behaviour but I was far more interested in the government’s use of these hackers to monitor their own citizens’ actions online. This is not new, either, of course. When I first started traveling to China a quarter century ago, one could still find ‘internet cafe’ options for logging on to the web. As a federal employees, we knew already in the late 1990s that the Chinese monitored everything we did, including online. I never went into an internet cafe since I knew they were following me but I appreciated why a Chinese twenty-something saw these stations providing anonymity.

Over the past twenty-five years,