What Alexander Hamilton Can Teach Us About Cyber Policy (Defense One)

    41
    0

    What Alexander Hamilton Can Teach Us About Cyber Policy
    By Jessica Malekos Smith (defenseone.com) / July 21 2018

    Let’s apply the first Treasury Secretary’s principles to, say, China’s economic espionage.

    In 1774, Alexander Hamilton posited that good policy consists of three ingredients: “First, that the necessity of the times require it. Secondly, that it be not the probable source of greater evils, than those it pretends to remedy. And lastly, that it have a probability of success.”

    Though this Hamiltonian framework is useful for any policy discussion, it is a particularly good lens for the cyber realm, for it encourages policymakers to balance the expected effects and unintended consequences of a proposed policy; and to harmonize concerns over too little, or too much, government intervention.

    Biographer Ron Chernow wrote that Hamilton “saw too clearly that greater freedom” — i.e., freedom from government restriction — “could lead to greater disorder and, by a dangerous dialectic, back to a loss of freedom. Hamilton’s lifelong task was to try to straddle and resolve this contradiction and to balance liberty and order.” Much like the precarious years of the fledgling American republic, today’s cyberspace exists in a dual state of disorder and order.

    To better understand how Hamilton’s framework can help us, let’s look at a specific challenge: Beijing’s efforts to steal the West’s business secrets.

    In 2011, the Office of the National Counterintelligence Executive wrote that “Chinese actors are the world’s most active and persistent perpetrators of economic espionage.” In 2015, U.S. President Obama and Chinese President Xi entered into a Cyber Pact, vowing that neither state would “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

    Unfortunately, “the hacking has not stopped” according to Dmitri Alperovitch, the Chief Technology Officer of the CrowdStrike cybersecurity firm. There’s some evidence that it has decreased, though this might indicate hackers’ improving ability to cover their tracks, or perhaps a rising focus on other countries. In March, the U.S. Treasury Department said in a 215-page report that “Beijing’s cyber espionage against U.S. companies persists and continues to evolve.”

    Given these mixed results, what would Hamilton recommend? First, as the “founder of US economic protectionism,” he’d probably say that we need a stronger policy. Cyber economic espionage undermines trust in global trade and politics. The necessity of the times requires it.

    Second, he might also suggest evaluating whether the Obama-Xi Cyber Pact produced more harmful effects than it was intended to cure—and how we might stop a new policy from having similar effects. While some viewed the Pact as a promising first step toward cyber norms, its lack of enforcement mechanisms was somehow glossed over, leaving nothing but a “cyber mirage,” as the Wall Street Journal put it. Hamilton encourages a vigorous examination of “the consequences of the means” from a proposed measure, including the “extent and duration” of its effects.

    Another drawback of the Pact: it doesn’t account for cultural distinctions in the definition of espionage. Although all states collect economic intelligence—a subset of national security intelligence collection—the prohibition extends specifically to commercially motivated espionage — i.e., “economic espionage.” For example, in 2014 the FBI issued a public indictment against five Chinese military hackers for engaging in commercially motivated cyber espionage (in other words, spying for the purpose of stealing trade secrets) against several U.S. businesses, including but not limited to Westinghouse Electric, SolarWorld, U.S. Steel, Allegheny Technologies, and Alcoa.

    The Obama Administration held that a “major difference [exists] between spying for national security purposes, something the U.S. does daily, and the commercial, for-profit espionage carried out by China’s military.” This, however, is a Western distinction that is not recognized in China, says Texas A&M law professor Peter Yu: to Chinese policymakers, there is an “overlap between security and economic concerns” because many Chinese businesses are “state-owned enterprises.” Put another way by David Sanger of the New York Times, the “Chinese argue that the distinction is an American artifact, devised for commercial advantage. They believe that looking for business secrets is part of the fabric of national security, especially for a rising economic powerhouse.”

    When boundaries become fuzzy, policies must impart clarity — in this case, a framework to help actors on both sides determine which kind of espionage is which. One option is to implement a Cyber Espionage Predominant Purpose Test, or CEPP Test, a variation on the “predominant purpose tests” used to resolve contract disputes. Such a test “helps courts decide whether the UCC [Uniform Commercial Code] or the common law governs a particular transaction that involves both goods and services. (For instance, the sale of a household appliance that needs to be installed can be seen as involving both tangible and moveable property and significant labor),” writes David Horton, a law professor at the University of California, Davis.

    A CEPP Test would gauge the predominant purpose of the espionage act in question by considering the type of economic/commercial data in dispute; how the economic/commercial information was acquired; and the overall intent of the entity that collected the economic/commercial data. Rather than relying upon each country to argue for its own bright line rule or definition, this test would enable the International Court of Justice to evaluate both parties’ views, determine the predominant purpose of the cyber espionage act in question, and reach an equitable settlement. Based on these historical-legal underpinnings, the CEPP Test has a high potential for success — meeting Hamilton’s third principle.

    The 2019 G7 Summit in France could be an opportunity for a discussion on implementing the CEPP Test to curtail cyber economic espionage. America’s first Treasury Secretary would no doubt be pleased to see it.

    With special thanks to Elizabeth Weingarten and Justin Sherman.

    https://www.defenseone.com/ideas/2018/07/what-alexander-hamilton-can-teach-us-about-cyber-policy/149921/?oref=d-river

    [pro_ad_display_adzone id="404"]

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here