Me Thinks They Doth Protest Too Much: Espionage in the Cyber Age

This past weekend brought more Snowden flakes about NSA spying. However, this time the alleged espionage targeted not American citizens, “foreign nationals reasonably believed to located outside the US,” or China but American allies–European Union (EU) officials, diplomatic facilities, and computer networks. If true (as seems likely from US government responses–see below), these leaks combine with the previous disclosures about NSA surveillance to inform people of the scale, capabilities, and audacity of US intelligence gathering activities.

European leaders expressed shock and took much umbrage, with some dredging up the dark spying days of the Cold War and others issuing threats of adverse consequences for upcoming US-EU negotiations on a transatlantic trade agreement. Responses from President Obama, the Director of National Intelligence, and Secretary of State made the same point–the US engages in espionage as all nations do in order to protect foreign policy and national security interests.

This response was simultaneously true and disingenuous. All countries spy in some form or another, and, European public displays of anger aside, the spying includes keeping an eye on allies. And that includes the intelligence agencies of European countries whose leaders were shocked–so shocked!–at the US gathering intelligence on their possible future actions. The response was disingenuous because the US has an intelligence capability that is unrivaled in the world and the political and economic power to pursue espionage without fear of serious consequences. See, for example, the US-EU transatlantic trade talks will start as scheduled despite lots of frothing Euro mouths.

However, not too long ago, it was American officials and politicians who were frothing about Chinese cyber spying against the US government and US-based companies. Snowden’s apparent disclosure of large-scale US cyber espionage against Chinese government, business, and academic targets and, now, allegations about US spying on European governments, makes the past few months of portraying Chinese cyber espionage as beyond the pale look, well, less impressive. Even the US attempt to distinguish economic espionage against companies from classical state-on-state spying gets lost in the growing perception–now directly re-enforced by the US government–that all countries engage in espionage against allies and rivals whenever and however they see fit. In this light, earnestly repeated assertions by China that it does not engage in cyber espionage against the US and other countries and that it is the innocent victim of American spying appear, strangely, rather unseemly for a rising world power.

Should the protagonists in these events stop whining about espionage and just get on with it? Or, do these revelations suggest that the Internet has turned “everybody does it” espionage into an out-of-control phenomenon that damages individual privacy, alliances, and great power politics and requires some re-thinking? Existing international law is permissive of spying, and the few international legal rules that contain limits do not constrain the practice in any effective way. As already indicated, Snowden’s leaks have derailed the US effort to portray Chinese cyber espionage as outside “norms of responsible behavior in cyberspace,” and the coordinated chorus from top US government officials to the latest leak that “all nations do it” might well have ended the willingness of other countries to consider American ideas about re-thinking international norms about espionage in light of the global importance of the Internet.