U.S.–China Week: Econ dialogue, human rights resurfaces, North Korea approaches, Apple’s Chinese data center (2017.07.17)

Welcome to Issue 106 of U.S.–China Week. Coming to you from Beijing this week amidst a busy travel schedule, this issue covers in brief some major events since the last edition two weeks ago. Publication will remain irregular for the next month. In other publications this week, Paul Triolo, Rogier Creemers, and I produced an analysis on China’s new draft regulations for “critical information infrastructure” protection in the context of the Cybersecurity Law, available at New America’s Cybersecurity Initiative. We also jointly translated the draft regulations.

As always: Please encourage friends and colleagues to subscribe to U.S.–China Week. Here is the web version of this issue, ideal for sharing on social media, and you can follow me on Twitter at @gwbstr. Please send your comments, quibbles, and suggestions to [email protected].

RECENT DEVELOPMENTS

  • The first Comprehensive Economic Dialogue meeting is to be held Wednesday in Washington, Xinhua reported. The 100-day timeframe for initial economic progress promised when President Xi Jinping visited President Donald Trump in Florida expired over the weekend, and while some progress has been claimed, Reuters reported that there is still much to be desired, including U.S. access to China’s market for biotech crops and financial services. Vice Premier Wang Yang, who had been the Chinese co-chair of the economic track of the Strategic and Economic Dialogue, will lead the Chinese delegation, and the U.S. side will be led by Treasury Secretary Steven Mnuchin and Commerce Secretary Wilbur Ross.
  • The scholar, activist, and Nobel Peace laureate Liu Xiaobo died of cancer after spending his last years in prison, and the Chinese government’s handling of Liu’s case and his death has produced renewed focus on Chinese human rights issues among U.S. observers and officials.. The White House issued a statement from the press secretary saying Trump was “deeply saddened” by the news. (The same day, Trump praised Xi as a “terrific guy” who “wants to do what’s right for China.”) The secretary of state and the U.S. ambassador to the United Nations each released a statement that praised Liu and turned attention to the continued restrictions imposed on his wife, Liu Xia. The State Department explicitly pushed for China to allow Liu Xia “to depart China, according to her wishes.” Previously, a White House spokesperson noted that U.S. and German experts were invited to examine Liu and had called for his release on “full parole.” This surge of official statements stands in contrast to the Trump administration’s apparent reluctance to raise human rights issues in its relations with authoritarian governments.
  • “There are two ways — quotas and tariffs. Maybe I’ll do both,” Trump told reporters after complaining that other countries were “dumping steel” in the United States. Ross told skeptical lawmakers that he hoped any new actions would bring other countries to the negotiating table and noted previous efforts to pressure China on steel were not successful, WaPo reported. Trump’s comments were followed by a surge in U.S. steel stock prices. Axios reportedTrump’s like course of action would include gaining the support of other governments to target Chinese practices.
  • After North Korea tested a new missile, Secretary of State Rex Tillerson said in a statement: “Testing an ICBM represents a new escalation of the threat to the United States, our allies and partners, the region, and the world. … Any country that hosts North Korean guest workers, provides any economic or military benefits, or fails to fully implement UN Security Council resolutions is aiding and abetting a dangerous regime.” Jake Sullivan, an Obama administration official and top Hillary Clinton adviser, and Victor Cha, a Bush administration official, argued that the U.S. government should press for a deal in which China provides “disbursements to Pyongyang, as well as security assurances, in return for constraints on North Korea’s [nuclear and missile] program.” If not, they write, the U.S. government could turn to widespread “secondary sanctions” on Chinese entities involved with North Korea. Zhu Feng of Nanjing University wrote, “Going forward, China has three options: it can work more closely with the United States on getting tougher on North Korea, continue to drag its feet and avoid rocking the boat, or reinforce its alignment with Russia and use North Korea as a piece in a geopolitical chess game against the United States and South Korea. Of these options, only the first choice aligns with China’s long-term interests to integrate with the international community.” WSJ reported that the Trump administration is preparing unilateral measures, and that Mnuchin said North Korea will be a topic of U.S.–China meetings in Washington this week, presumably including or alongside the Comprehensive Economic Dialogue. After meeting with Xi at the a G20 meeting in Hamburg, Trump said, “As far as North Korea is concerned, we will have, eventually, success.”
  • Scrutiny of Chinese investments in the United States continued as Alibaba affiliate Ant Financial refiled for Committee on Foreign Investment in the United States (CFIUS) approval for its proposed $1.2 billion acquisition of MoneyGram. The deal had not been approved by CFIUS within the 75-day limit following the previous filing. A Chinese think tank scholar meanwhile argued that the U.S. government should not block Chinese semiconductor acquisitions.
  • Apple said it will open its first data center in China in order to comply with the Cybersecurity Law that began to go into effect June 1. NYT reportedthat “Apple said, however, that it would retain the encryption keys for the data stored at its center and that Guizhou-Cloud Big Data would not have access, meaning it would not be able to see what photos or documents were stored in iCloud without Apple’s permission.” WSJ reported, “The [Guizhou data] center will be operated by a company owned by the Guizhou provincial government, and whose chairman was a local government official until last year.”

#USChinaWeek1967
‘Johnson Reviving Bid for Contacts With Red Chinese; Seeks to Convey His Views Through Rumanian Chief and Other Visitors; End of Tension Sought; President Trying to Sound Peking on the Prospects of Nuclear Accord’

“WASHINGTON, July 10[, 1967]—President Johnson appears to be trying to signal to the leaders of Communist China his revived interest in reducing tension between Washington and Peking. The interest, as such, is not new, but it appears to have gained impetus from the President’s success in laying down new lines of communication with Premier Aleksei N. Kosygin of the Soviet Union and other Eastern European leaders. Mr. Johnson has raised the subject of China with a number of recent visitors, including Premier Ion Gheorghe Maurer of Rumania, who visited Peking last week after a call at the White House. The White House is now cautiously but not reluctantly acknowledging the President’s desire to have such visitors convey his views to the Chinese. … By implication, Mr. Johnson’s message to the Chinese leaders also has suggested that the United States should not be viewed as the automatic ally of Moscow against Peking in every situation.”

(Source: The New York TimesThis entry is part of an ongoing feature of U.S.–China Week that follows U.S.–China relations as they developed in another era of change and uncertainty, 50 years ago.)

ABOUT U.S.–CHINA WEEK

U.S.–China Week is a weekly news and analysis brief that covers important developments in U.S.–China relations and features especially insightful or influential new policy analysis.

Graham Webster is a senior research scholar, lecturer, and senior fellow of the Paul Tsai China Center at Yale Law School, where he specializes in U.S.–China diplomatic, security, and economic relations through research and Track II dialogues. He is also a fellow for China and East Asia with the EastWest Institute. His website is gwbstr.com.

Disclaimer: Opinions expressed here are my own (and I reserve the right to change my mind).

Free Subscription to U.S.–China Week by clicking here or e-mailing me is open to all, and an archive of past editions appears at my long-running website on East Asia and the United States, Transpacifica.

Contact: Follow me on Twitter at @gwbstr. Send e-mail to [email protected].

U.S.–China Week: A week of irritants, new FONOP rhetoric, Taiwan arms, steel decisions loom (2017.07.03)

Welcome to Issue 105 of U.S.–China Week. This is the last edition of U.S.–China Week published from my home base at Yale Law School in New Haven, Conn. This weekend I will begin a move westward to set up shop in the San Francisco Bay Area, where I am at work developing new projects on China’s technology policies and development. I am grateful to my Yale colleagues for more than five years of camaraderie, collaboration, and support in the field of U.S.–China relations, and I look forward to continuing this work together in China and remotely over the next few months. I also look forward to exciting announcements in the coming weeks, and—fear not!—my expectation is that I will continue to produce U.S.–China Week for the foreseeable future, possibly with significant improvements and new collaborators.

The newsletter will, however, be irregular over the next six weeks or so as I drive west and, before arriving in California, travel to Beijing, Nanjing, Shanghai, Shenzhen, Hong Kong, and possibly Hangzhou. If you’re in one of those places, in the Bay, or in my hometown of Boulder, Colo., I would be delighted to meet up with friends old and new.

In the mean time, there’s plenty of news to review this week. For a longer view of U.S. strategy toward Asia, check out my review of Michael Green’s By More Than Providence at the Los Angeles Review of Books.

As always: Please encourage friends and colleagues to subscribe to U.S.–China Week. Here is the web version of this issue, ideal for sharing on social media, and you can follow me on Twitter at @gwbstr. Please send your comments, quibbles, and suggestions to [email protected].

TALKING TOUGH
Trump administration takes several steps likely to irritate Chinese officials, but broader signal in question

The Trump administration took several steps likely to irritate Chinese counterparts a week after the first Diplomatic and Security Dialogue meeting in Washington produced minimal apparent results. While opposing several individual measures as indicated below, when a Ministry of Foreign Affairs (MFA) spokesperson was asked whether the “honeymoon” between Trump and Xi was over, he said, “The China–U.S. ‘honeymoon’ idea you mentioned is a media interpretation.” The MFA in general stuck to well-worn formulations about “non-conflict, non-confrontation, win-win cooperation,” as well as enlarging areas of common understanding, deepening cooperation, and managing differences.

  • Human Trafficking: A State Department report ranked China as one of 23 countries of greatest concern for human trafficking. The report’s release eventwas attended by Ivanka Trump. A State Department official explained China’s re-designation in terms of applying the Trafficking Victim Protection Act. Asked if downgrading China was “part of a broader strategy on China,” the official said “the minimum standards that are in the law don’t really allow for consideration of strategic relationships or other factors.” An MFA spokesperson said, “We are firmly opposed to the irresponsible remarks made by the US based on its domestic law about others’ efforts against human trafficking.”
  • Taiwan Arms Sales: The Trump administration “formally notified Congress of seven proposed defense sales for Taiwan. It’s now valued about 1.42 billion,” a State Department spokesperson said. An MFA spokesperson said the “proposed arms sales to Taiwan in particular, run counter to the important consensus at the Mar-a-lago meeting” and added, “On an issue as important as this, wrong actions by the US will affect bilateral cooperation in major areas.” CNN reported that the sale would include advanced missiles and torpedoes. / Related: An MFA spokesperson said China was “strongly concerned about and firmly opposed” to a Senate proposal that would allow U.S. military vessels to dock in Taiwan.
  • Sanctions on Chinese Entities Related to North Korea: The Treasury Department announced that China’s Bank of Dandong “acts as a conduit for illicit North Korean financial activity” and the department “proposed to sever the bank from the U.S. financial system,” meanwhile designating two Chinese individuals and one Chinese company for sanctions related to North Korea. Treasury Secretary Steven Mnuchin said in a statement: “While today’s actions are directed at Chinese individuals and entities, we look forward to continuing to work closely with the Government of China to stop illicit financing involving North Korea. We are in no way targeting China with these actions.” Arguing as Chinese officials generally do that unilateral sanctions on foreign entities are inappropriate, a MFA spokesperson said, “We strongly urge the US to immediately correct its mistake, so as not to impact bilateral cooperation on relevant issues.” / Related: “China National Petroleum Corp has suspended sales of fuel to North Korea over concerns the state-owned oil company won’t get paid,” Reuters reported.
  • Steel: Though no decision has been announced, Axios and others reported that White House officials were debating whether to declare that “foreign-made steel threatens U.S. security,” a determination that could lead to tariffs and/or quotas, Bloomberg reportedFT opined that such restrictions would be “economically nonsensical and politically ruinous … Even by [Trump’s] standards, this would be a mindlessly destructive act.”
  • Freedom of Navigation Operation: See next item.

ANALYSIS: In my view, the human trafficking designation probably does not indicate a change of views in the administration; the ambassador responsible was fairly convincing in describing the bureaucratic process that led to the designation. The Korea-related sanctions too do not necessarily reflect a change in approach; U.S. efforts to increase pressure on China (to in turn pressure North Korea) through such small-scale measures may reflect an acknowledgement that this pressure-by-proxy hasn’t worked yet, but they are continuous with both Obama and Trump administration approaches. They may even reflect a belief that the Obama administration’s ratchet-up of public and private pressure on commercial espionage was a model to follow. Slightly less status-quo are the Taiwan arms sale and a freedom of navigation effort so closely following the last such voyage. One could have expected a China-friendly administration to hold back on these. Still, the idea that the Trump administration is China-friendly has always been based on the thinnest evidence—basically that the two leaders said some nice things in Florida and Trump didn’t follow through immediately on some more flashy threats. To the extent one can predict anything with a U.S. political system in constant slow-motion crisis, the pending decision on steel will be a much better indicator of the direction of U.S.–China relations. After Trump and Xi spoke by phone, and with their upcoming meeting at the G20 summit in Hamburg, there will be plenty of opportunities to look for new signs, but I think this week’s news underlines the need to watch for real substantive changes instead of subtle atmospherics. That said, see below for a potential sign of tougher responses from China on the South China Sea.

SOUTH CHINA SEA
U.S. ship sails within 12 nautical miles of Chinese outpost in Paracel Islands; MFA claims infringement on sovereignty

The USS Stethem “passed by Triton Island in the Paracel Island chain on Sunday to test claims by not only Beijing but also Vietnam and Taiwan, [a U.S. defense] official confirmed to USNI News.” A Pacific Fleet spokesperson reportedly said, “We conduct routine and regular [Freedom of Navigation Operations], as we have done in the past and will continue to do in the future. Summaries of these operations are released publicly in the annual DoD Freedom of Navigation Report, and not sooner.” Chinese reaction appeared to come at a higher level of alarm compared with the last time a U.S. destroyer was reported to have sailed by Triton Island, in January 2016. Specifically, a MFA spokesperson said (enzh) this week’s U.S. action “seriously infringed upon China’s sovereignty” (严重侵犯中国主权), language not present in the MFA statements (12) at the time of the Wilbur Ross operation in 2016, when protests were couched in terms of “harming China’s sovereignty, security, and maritime interests.” The “seriously infringed upon China’s sovereignty” phrase appears in Chinese statements about matters of high priority, including for instance the Japan’s so-called nationalization of the Senkaku/Diaoyu Islands in 2012, the awarding of the Nobel Peace Prize to Liu Xiaobo, and matters regarding Taiwan. In the present case, the Ministry of National Defense statement echoed the MFA statement in calling the U.S. act illegal and said it “seriously damaged the political atmosphere for the development of China–U.S. military-to-military relations.”

CYBERSPACE + TECH

  • NYT reported that Alibaba affiliate Ant Financial’s attempt to purchase MoneyGram is a key test for the Trump administration’s posture toward Chinese acquisitions of U.S. firms as senators promise new proposals to change the CFIUS process that governs such deals.
  • Adam Segal analyzes the failure of the most recent UN Group of Governmental Experts effort on cyberspace norms, about which U.S. representative Michele Markoff made very frustrated remarks saying “some participants” refused to affirm the applicability of certain parts of international law to how states use ICTs. Segal writes: “Markoff does not call out the obstructionist states by name, but it is safe to assume China and Russia were among them. Beijing has never liked the idea that international law applies to cyberspace, and began walking back the 2013 report almost as soon as the ink was dry.”
  • At Lawfare, Ron Cheng explores the use of financial sanctions and penalties for cybercrime, including their potential application to China-tied cases.

#USChinaWeek1967
‘Chinese Down Straying U.S. Plane Near Hainan’

“WASHINGTON, June 26[, 1967]—An unarmed United States Air Force F-4 Phantom jet was shot down by Chinese aircraft this morning when it inadvertently strayed into Chinese airspace near or directly over Hainan Island, the Defense Department announced. Both crew members of the Phantom parachuted before the twin-engine jet crashed into the South China Sea about 30 miles south of Hainan. They were rescued unhurt by an American Navy helicopter, a Pentagon spokesman said. … The aircraft’s communications were also working only intermittently, the spokesman said, and thus the two pilots apparently could not be warned by American radar operators at land bases that they were heading toward Hainan. The incident today marked the second time an American jet fighter has been shot down by the Chinese for straying into Hainan’s airspace … The previous incident occurred in September of 1965 … The pilot, Capt. Phillip E. Smith of Roodhouse, Ill., parachuted into the sea, but was captured by Chinese vessels and is still being held.”

(Source: The New York TimesThis entry is part of an ongoing feature of U.S.–China Week that follows U.S.–China relations as they developed in another era of change and uncertainty, 50 years ago.)

ABOUT U.S.–CHINA WEEK

U.S.–China Week is a weekly news and analysis brief that covers important developments in U.S.–China relations and features especially insightful or influential new policy analysis.

Graham Webster is a senior research scholar, lecturer, and senior fellow of the Paul Tsai China Center at Yale Law School, where he specializes in U.S.–China diplomatic, security, and economic relations through research and Track II dialogues. He is also a fellow for China and East Asia with the EastWest Institute. His website is gwbstr.com.

Disclaimer: Opinions expressed here are my own (and I reserve the right to change my mind).

Free Subscription to U.S.–China Week by clicking here or e-mailing me is open to all, and an archive of past editions appears at my long-running website on East Asia and the United States, Transpacifica.

Contact: Follow me on Twitter at @gwbstr. Send e-mail to [email protected].

U.S.–China Week: ‘Consensus’ at D&SD? Trump to China this year, Cornyn’s CFIUS changes, Alibaba to Detroit, Ford and Tesla to China (2017.06.26)

Welcome to Issue 104 of U.S.–China Week. New out this week is an essay by Hong Yanqing of Peking University, translated by Paul Triolo and myself, and published as a working paper by the Paul Tsai China Center at Yale Law School. Hong, who has worked for the Cyberspace Administration of China (CAC) and is a key participant in the TC260 standards-setting process under CAC, provides detailed and uncommonly authoritative insight into how Chinese policymakers view the scope, process, and intention of new regulations on the cross-border flow of data stemming from the Cybersecurity Law and related documents. Foreign businesses, governments, and trade associations—as well as Chinese companies who operate across borders—have concerns ranging from uncertainty over the rules’ meaning, to compliance challenges, to the potential for de facto trade and market access barriers. Hong’s essay will not eliminate all of these concerns, but his account provides important details not generally available in English. Read it here.

As always: Please encourage friends and colleagues to subscribe to U.S.–China Week. Here is the web version of this issue, ideal for sharing on social media, and you can follow me on Twitter at @gwbstr. Please send your comments, quibbles, and suggestions to [email protected].

SUMMIT CIRCUIT
U.S. and Chinese officials hold first ‘D&SD’ in Washington; Trump state visit to China expected in 2017

Secretary of State Rex Tillerson and Secretary of Defense Jim Mattis held the first Diplomatic and Security Dialogue (D&SD) meeting with State Councilor Yang Jiechi and People’s Liberation Army (PLA) Chief of the Joint Staff Gen. Fang Fenghui. President Donald Trump set an uneasy stage for the meeting, writing on Twitter, “While I greatly appreciate the efforts of President Xi & China to help with North Korea, it has not worked out. At least I know China tried!” Pre-meeting U.S. press conferences (State, State/Defense) also indicated an emphasis on North Korea. The People’s Daily‘s “Zhong Sheng” column called for cooperation, managing differences, and avoiding unnecessary trouble in U.S.–China relations.

Following the meeting, the Chinese government (but not the U.S. government) published a “consensus reached” at the meeting (English | Chinese). Concrete elements of the “consensus” were few but include: efforts toward Trump-Xi meetings in July at the G20 meeting in Hamburg and in China; the exchange of visits between defense ministers; and a visit to China by the chairman of the Joint Chiefs of Staff. Tillerson and Mattis spoke to reporters following the meeting, verbalizing much of what appeared in the Chinese side’s “consensus” release. A photograph published by Xinhua showed Yang and Feng, accompanied by Chinese Ambassador Cui Tiankai, meeting with Trump, National Security Adviser H.R. McMaster, and presidential adviser and son-in-law Jared Kushner. (The Chinese government reportedly invited Kushner and Ivanka Trump to China later this year.) Yang also met with Speaker of the House Paul Ryan and Senator Bob Corker.

What’s next? Before the meetings, Acting Assistant Secretary of State Susan Thornton indicated “we’ll have another Diplomatic and Security Dialogue with China, possibly even another one this year.” She also said the expected Law Enforcement and Cybersecurity channel would be chaired on the U.S. side by the secretary of homeland security and attorney general, and noted it “was established in the previous administration,” indicating continuity with what used to be called the “U.S.–China Cybercrime and Related Issues High Level Joint Dialogue.” Tillerson said Trump “looks forward to his state visit to China later this year.”

ANALYSIS: It’s hard to judge outcomes from this first “D&SD” meeting. While it is significant that a top PLA general and the secretary of defense are now in direct contact through episodic meetings, contact alone doesn’t solve the dilemmas of the Korean Peninsula or defuse an assumption of rivalry among some security officials on both sides. Unlike in the trade area, where the governments pushed out “early harvest” announcements of agreements that in some cases were already half-baked last year, this meeting brought no concrete announcements and set up nothing like the 100-day economic timeline following the Trump-Xi meeting in Florida.

INVESTMENT + SECURITY
Cornyn CFIUS reform bill will not name any country in particular, but senator expresses China concerns in speech

In a speech hosted by the Council on Foreign Relations, Senator John Cornyn (R-Tex.) announced he and Senator Gary Peters (D-Mich.) would be putting forward a bill to revise the system by which the U.S. government examines inbound foreign investment transactions for national security implications. The timeline for the proposed changes to the Committee on Foreign Investment in the United States (CFIUS) process was reportedly not given. Cornyn reportedly said “no nation’s name will be mentioned in the bill,” but that China “is using every tool at its disposal to close the technology gap between the U.S. and that country” and “China is the most preeminent and most aggressive country acting technically in a way to avoid the CFIUS process.” As discussed here last week, Cornyn’s concern about foreign investment is largely oriented around China and fast-developing areas of technology such as artificial intelligence (AI). Patrick Tucker at Defense One has an good story putting those concerns in context. / Meanwhile, venture capitalist and former Google China head Kai-Fu Lee writes about a different set of risks faced by the United States and China as they lead in AI development: AI technologies “will reshape what work means and how wealth is created, leading to unprecedented economic inequalities and even altering the global balance of power.”

TRADE
While Alibaba goes to Detroit, Ford and Tesla go to China

Alibaba founder Jack Ma was in Detroit for Gateway ’17, an Alibaba event advising U.S. small businesses on how to reach Chinese consumers through the company’s platforms. Emily Parker writes, “Earlier this year Ma had told President Donald Trump that he intended to create a million U.S. jobs, and the event was a step toward fulfilling that promise. ‘If we can help one million small businesses online and each small business can create one job, we can create more than one million jobs,’ Ma said in Detroit.” Parker writes that while the jobs rhetoric may be showy, some U.S. small businesses have developed significant sales in China through e-commerce platforms, sometimes with the assistance of firms who ease the regulatory and marketing burden of operating across borders.

Ford Motor, on the other hand, announced plans to build its Focus model “in China, rather than in Michigan or Mexico,” NYT reported. “… Ford’s decision could shift work away from American auto parts factories, which are heavily concentrated in Ohio, Indiana and southern Michigan.” Tesla, meanwhile, was reportedly in talks with the Shanghai government about setting up a car plant in the region.

#USChinaWeek1967
‘Secret U.S. Memos on China Disclosed’

“WASHINGTON, June 24[, 1967] (AP)—The State Department made public secret diplomatic dispatches today that were devoted to the United States relations with China in 1944. The dispatches included an evaluation that said relations with China were bad and that the Army was primarily responsible for the situation. The correspondence included a report to President Roosevelt from Donald Nelson, his personal envoy to China, stating that ‘our relations with China were bad—very bad.’ ‘The attitude of our army in China is primarily responsible for this situation,’ it added. Mr. Nelson had made a special mission with Maj. Gen. Patrick J. Hurley to confer with Generalissimo Chiang Kai-shek in October, 1944. One memorandum, concerning friction between Mr. Chiang and Gen. Joseph W. Stilwell, was from Clarence W. Gauss, then the Ambassador to China, to Cordell Hull, who was the Secretary of States. The note disclosed that General Chiang had insisted that General Stilwell ‘must go,’ and that if there was to be an American commander in chief in China, he must be under General Chiang’s command. The dispatches disclose that pressure from the President led to Mr. Chiang’s reluctant agreement to a United States military observer mission with the Communist forces in Yenan.”

(Source: The New York TimesThis entry is part of an ongoing feature of U.S.–China Week that follows U.S.–China relations as they developed in another era of change and uncertainty, 50 years ago.)

ABOUT U.S.–CHINA WEEK

U.S.–China Week is a weekly news and analysis brief that covers important developments in U.S.–China relations and features especially insightful or influential new policy analysis.

Graham Webster is a senior research scholar, lecturer, and senior fellow of the Paul Tsai China Center at Yale Law School, where he specializes in U.S.–China diplomatic, security, and economic relations through research and Track II dialogues. He is also a fellow for China and East Asia with the EastWest Institute. His website is gwbstr.com.

Disclaimer: Opinions expressed here are my own (and I reserve the right to change my mind).

Free Subscription to U.S.–China Week by clicking here or e-mailing me is open to all, and an archive of past editions appears at my long-running website on East Asia and the United States, Transpacifica.

Contact: Follow me on Twitter at @gwbstr. Send e-mail to [email protected].

U.S.–China Week: First ‘D&SD’ this Wednesday, DPRK pressures, CFIUS changes, cybersecurity reviews, trade talks (2017.06.19)

Welcome to Issue 103 of U.S.–China Week. This Wednesday brings the first meeting the new partial replacement for the Strategic and Economic Dialogue (S&ED), the Diplomatic and Security Dialogue (D&SD). It will take place in Washington, with the United States represented by Secretary of State Rex Tillerson and Secretary of Defense Jim Mattis. The Chinese delegation will be chaired by State Councilor Yang Jiechi, with Chief of the PLA Joint Staff Department Gen. Fang Fenghui “also attending,” according to the Foreign Ministry.

Tillerson had said in May that “so far it appears we will get people at the Politburo level and at much higher levels of the government within China to participate in these dialogues.” Compared with the S&ED, the D&SD is minus-one Politburo member (Vice Premier Wang Yang, who led the economic track) but plus-one high-level PLA officer. Still, Fang is outranked on the Central Military Commission by its Vice Chair Gen. Fan Changlong, who is a Politburo member and was framed as counterpart to the U.S. secretary of defense during a 2015 U.S. visit. It will be interesting to see what if any detailed outcome documents emerge this week, and how U.S. and Chinese messaging either harmonize or conflict. Of course, there is also the question of alignment between President Donald Trump and his cabinet secretaries.

As always: Please encourage friends and colleagues to subscribe to U.S.–China Week. Here is the web version of this issue, ideal for sharing on social media, and you can follow me on Twitter at @gwbstr. Please send your comments, quibbles, and suggestions to [email protected].

INVESTMENT + SECURITY
U.S. national security reviews could tighten for Chinese investments with proposed CFIUS changes

If a proposal to change the way the U.S. government reviews foreign investments for security concerns is implemented, China might be added to a list of countries deemed deserving of increased scrutiny, Bloomberg reported. Senator John Cornyn’s proposal would reshape the Committee on Foreign Investment in the United States (CFIUS), the body that approves, denies, or requires changes in foreign acquisitions for national security reasons. From Bloomberg: “Cornyn’s legislation would require CFIUS to create a list of countries whose companies merit extra scrutiny, such as China, a [Cornyn] spokeswoman said. The bill would also broaden the scope of the committee to include technology joint ventures and real estate transactions near military bases or other national security facilities, she said.” At present, only when a foreign entity gains a controlling stake in a U.S. firm may CFIUS review the transaction. Bloomberg also reported that Treasury Secretary Steven Mnuchin is pushing changes to CFIUS, which he chairs, and wishes to include China on a new list of what the report called “hostile nations.”

Reuters reported that an unreleased Pentagon report “warns that China is skirting oversight and gaining access to sensitive technology through transactions that currently don’t trigger CFIUS review.” Mattis called CFIUS “outdated,” and a Cornyn aid told Reuters the proposed bill would provide a mechanism for the Pentagon to lead efforts to identify specific technologies that require extra focus. Of particular concern, according to Reuters sources, is artificial intelligence and machine learning technology, and the risk that, “When the Chinese make an investment in an early stage company developing advanced technology, there is an opportunity cost to the U.S., since that company is potentially off-limits for purposes of working with the [Department of Defense].” Foreign Ministry spokesperson Lu Kang said, “We believe there should not be undue political dimensions imposed on commercial takeovers, let alone political intervention.” / Meanwhile: The U.S. Department of Energy said it would invest $258 million over three years in a supercomputing race in which China is the main competitor. And a fund reportedly backed by Chinese government money is making a third bid to get CFIUS approval to acquire acquire the microchip company Lattice.

ANALYSIS: Reforms to CFIUS have been a topic of discussion for years, with some concerned that the committee lacks the power to stop or modify investments that could impact national security but don’t fit the current criteria for review, and others concerned that the present regime is unnecessarily opaque and results in an effective barrier to mutually beneficial investment flows with China and other countries. The particular reforms being proposed would call into question the legitimacy of the CFIUS reviews as narrowly focused on national security, especially with the proposal to maintain a list of countries that would receive special scrutiny. While no one doubts that China-linked transactions would receive scrutiny, making a list of countries subject to unequal treatment seems unnecessary and problematic in trade diplomacy. There is a good case to be made for updating the CFIUS process, but the current proposal seems to me to be on the wrong track and likely to create more difficulties then it would solve.

KOREAN PENINSULA
Trump aides reportedly question China’s willingness to help with N. Korea; Pressure mounts on Chinese firms

NYT reports that U.S. officials are questioning the prospects of initial Trump administration hopes that China would pressure North Korea. A source said China’s actions on North Korea could even affect whether Trump and Xi meet at the G20 in Hamburg next month. NYT also reported that Chinese officials “among those most interested in” a Trump meeting with North Korean leader Kim Jong-un, a prospect somewhat less likely following the return of an apparently brutalized U.S. prisoner.

The U.S. government does have specific demands of China, according to reports. Officials told WSJ that the Treasury Department could impose sanctions on Chinese entities that trade with North Korea and have asked the Chinese government to pressure them. “‘We’ve told the Chinese we hope they’ll act against certain companies and people,’ said a senior U.S. official briefed on North Korea policy. ‘But we’ve also said that we’re prepared to act alone and can reach North Korea if we choose.'” U.S. prosecutors also reportedly “accused a Chinese company…of laundering money for North Korea and said they would seek $1.9 million in civil penalties.” According to NYT, the $1.9 million comes from an amount the company allegedly transferred for North Korea, clearing the funds through the United States.

ANALYSIS: Direct legal action against Chinese targets, combined with the threat of sanctions, is a strong echo of what Obama administration officials have said was a winning playbook in bringing Chinese officials to the table over state-linked commercial hacking. The big “win” in that case was a public statement by Xi forswearing support for internet-enabled theft of business secrets for commercial gain. When it comes to commercial hacking, however, the Chinese government already had reason to rein in PLA hackers who might have been freelancing or acting without central approval. In this case, it is hard to imagine threats to name and shame a few Chinese firms and individuals would change China’s fundamental calculus regarding pressure on North Korea.

CYBERSPACE + TECHNOLOGY
Chinese IT security examiner explains details of national security review process, clarifies Windows 10 status

Following the provocative essay translated and featured here last week that called for a moratorium on use of the new Windows 10 China Government Edition unless and until it passes China’s national security review, one of the experts involved in conducting those reviews gave an interview (later translated by Rogier Creemers, Paul Triolo, and me) to the same outlet. Wang Jun, lead engineer of the China Information Technology Security Evaluation Center (CNITSEC), argued that the new Windows edition was developed to be “secure and controllable” in the Chinese government’s view and described important details about how the national security reviews are to function. (Ni Guangnan, author of the initial piece arguing against using the new Windows edition, had another piece on the topic this week, arguing for the importance of “indigenous and controllable” operating systems.)

Among several important insights in the new interview, Wang describes the role of source code examination in determining whether a product meets government requirements: “Operating system source code can run as long as 100 million lines. How much to look at, what part to look at, and how to judge the code are decided according to objectives of the technology evaluator in the third party evaluation process. Reading every single line is perhaps ideal, but doing so would require an enormous amount of time and resources. On the other hand, from the perspective of a technology evaluator’s methods, looking at every line may not be necessary. But as evaluators we ask for 100 percent of the source code and then, starting from a foundation of analyzing the program’s structure and how it integrates with the user’s machine, we decide which modules specifically require examination and verification.”

Meanwhile:

TRADE
Commerce secretary says moving on from ‘easier deliverables’ in China talks; Beef, chicken, dairy deals reported

Calling the news of implementing a long-discussed deal to reopen U.S. beef exports to China one of “the easier deliverables” in the 100-day timeline following the Trump-Xi meeting in Florida, Commerce Secretary Wilbur Ross told a WSJ forum, “We’re now working on another list. We generally have two conference calls a day, one early in the morning our time and one late at night with the Chinese. That’s five, six, seven days a week. … We’re interested in very specific, very tangible achievements. And we’re finding a very, very sensible give-and-take with the Chinese right now.”

Meanwhile:

#USChinaWeek1967
‘Peking Test Blast a Surprise to U.S.: Size of Explosion and Speed of Nuclear Development Were Not Foreseen’

“WASHINGTON, June 17[, 1967]—The Atomic Energy Commission, confirming that Communist China had exploded a hydrogen bomb, said today that the blast had an explosive force equal to several million tons of TNT. United States officials were somewhat surprised by the Chinese test, which was viewed as further evidence of the unexpectedly rapid progress being made by Peking in developing a nuclear arsenal. While China was known to be working on the design of a thermonuclear device, the test came sooner than had been generally predicted by United States intelligence officials. … Senior military analysts in Washington believed that the Chinese announcement of the successful test would intensify political pressure for the deployment of a missile defense system around the United States. But they felt there would not be an actual threat to American cities until the Chinese have built up a force of intercontinental ballistic missiles.”

(Source: The New York TimesThis entry is part of an ongoing feature of U.S.–China Week that follows U.S.–China relations as they developed in another era of change and uncertainty, 50 years ago.)

ABOUT U.S.–CHINA WEEK

U.S.–China Week is a weekly news and analysis brief that covers important developments in U.S.–China relations and features especially insightful or influential new policy analysis.

Graham Webster is a senior research scholar, lecturer, and senior fellow of the Paul Tsai China Center at Yale Law School, where he specializes in U.S.–China diplomatic, security, and economic relations through research and Track II dialogues. He is also a fellow for China and East Asia with the EastWest Institute. His website is gwbstr.com.

Disclaimer: Opinions expressed here are my own (and I reserve the right to change my mind).

Free Subscription to U.S.–China Week by clicking here or e-mailing me is open to all, and an archive of past editions appears at my long-running website on East Asia and the United States, Transpacifica.

Contact: Follow me on Twitter at @gwbstr. Send e-mail to [email protected].

Chinese IT security examiner describes review process, clarifies status of Chinese government Windows edition

A public controversy among computer security experts in China has erupted over the degree of national security assessment required in general and what specifically is required by the new Cybersecurity Law and related regulations. Ni Guangnan, an academician with the Chinese Academy of Engineering and a longstanding proponent of indigenous technology in China, recently argued (in a piece translated here) that the new Windows 10 China Government Edition should not be approved for government procurement because it has not yet formally passed the new law’s national security review process. Here, Wang Jun, lead engineer of the China Information Technology Security Evaluation Center (CNITSEC) which is a third-party review organization for the Chinese government, argues that the Microsoft-CETC joint venture behind the new custom Windows edition was developed in consideration of Chinese government security priorities and therefore should be given due consideration as “secure and controllable.” Wang also provides important insights into the degree to which the nascent national security review system has already started to operate and describes in detail his view of how the process is expected to work.

The following was translated from the Chinese original by Rogier Creemers, Paul Triolo, and Graham Webster. 

Core Security Examination Expert on Calls to Suspend Use of Windows 10 China Government Edition: At This Stage, Forcing a Switchover Is Not the Best Option

Southern Metropolis Daily Original

2017-06-12 13:20

China Information Security Monitoring Centre General Engineer Wang Jun

Academician Ni Guangnan of the Chinese Academy of Engineering stated recently in a media article that the Windows 10 version for the Chinese government has not passed cybersecurity review, and should remain outside of the government procurement catalogue. What is cybersecurity review? How does this matter implement the regulatory system just established on 1 June, and what network products is it aimed at?

A Southern Metropolis Daily (SMD) journalist interviewed Wang Jun, General Engineer at the China Information Technology Security Evaluation Center (CNITSEC). Wang Jun has answered these questions from an expert perspective, he indicated that cybersecurity review has a set of activations and review procedures exclusive to itself, these are identical for domestic and foreign products, there is no difference.

Wang Jun indicated that cybersecurity should be discussed in an open environment. The Chinese government version of Windows 10 may be considered as a positive trial in order to resolve the objective requirements concerning operating systems inside China at present, and raising our own technological levels and capabilities.

The general security review for Window 10 has begun, the security review situation for the governmental version is hitherto not understood.

SMD: Has the Chinese Government version of Windows 10 undergone security review?

Wang Jun: The forerunner of the Chinese Government version of Windows 10 is the common version of Windows 10, it is a commercial product of Microsoft, and is the common version distributed worldwide. As I understand it, our country has already started its cybersecurity review (hereafter named security review) of the common version of Windows 10. CNITSEC is designated by the Cyberspace Administration of China, and has undertaken third-party evaluation work of the common version of Windows 10; but at present, I have not seen a decision by the controlling department concerning whether it passed or not.

With regard to whether the governmental version of Windows 10 is on the way towards cybersecurity review, I have not yet heard about the circumstances in this matter.

SMD: And what is the result of the third-party evaluation by CNITSEC of the common version of Windows 10?

Wang Jun: We have major conclusions in two areas: the first is that we have discovered that in comparison with Win8, Win7 and earlier operating systems, the security functions in Windows 10 have been improved substantially. Second, a number of security risk points still exist, in fact, in the common version of Windows 10. According to the work agreement, we are not yet able to reveal details.

SMD: Security review has only been determined by law in the past few years, did we have similar work before this?

Wang Jun: The cybersecurity review system was only finally established in 2016, but before that, similar work actually had been begun.

In 2003, the National Development and Reform Commission authorized CNITSEC to act as a national monitoring body, and represented China in concluding a Government Security Program agreement for source code inspection with Microsoft; this is a multilateral agreement, and Microsoft has concluded GSP agreements with many countries. Considering that a fair few national governments have security concerns with Microsoft operating systems, Microsoft agreed to, through the GSP program, open up source code in a small scale and with secrecy protection, but because this involved intellectual property protection, it only took place in in a small scale, and did not turn into open source. Microsoft, from its side, exhibited a positive attitude, and where we were concerned, this added a channel for understanding.

GSP is an agreement in which both sides are equal, and security review means that when there are risks in a product that may influence national security, we represent the country in conducting a review, and the scope of security review may be broadened.

SMD: Some experts say Windows 8 and Windows 10 use trustworthy technology; will this mean manufacturers have a strong controlling power over operating systems?

Wang Jun: I basically agree with this point of view, in the common Windows 10 operating system, the manufacturer has a very strong controlling power over the system. But the strengthening of this sort of controlling power may have a double-edged sword effect. If it is especially strong, it possibly may mean that user controllability over this system is weakened; on the other hand, if user controllability over operating systems is extremely strong, hackers can equally have these kinds of capabilities, and in this kind of situation, it may also bring new security risks, because of that, we need to find a point of balance.

Where China is concerned, the common version of Windows 10 is not a complete black box.

SMD. So where the Chinese government is concerned, Windows 10 is not a black box after all, right?

Wang Jun: Right. According to the GSP agreement, Microsoft has provided an opportunity to review source code, but as to what the details are that come up in review, these may only be made public with the agreement of both sides.

In the national security review process of the common version of Windows 10, our center has undertaken third-party evaluation work, in Beijing. It has also inspected and verified the source code of the common version. Furthermore, the scope of its review and verification of source code is broader than under the original GSP agreement.

SMD: Can one guarantee security through inspecting source code?

Wang Jun: Between conducting source code inspections and coming to a conclusion whether a product is safe or not, there is a lot of technical work that needs to be done. One cannot simply say that “I give you the source code to look at and so it is absolutely safe,” one should also not simply believe that technological monitoring means going through source code line by line. 

SMD: What technical methods are required to reach a determination of security?

Wang Jun: Source code security examination is in fact one of the methods for the third-party evaluation part of cybersecurity review or information security evaluation, but it is not the only method. Determining the security of network products is a comprehensive process requiring multiple methods. For instance, monitoring program behavior in the real work environment is one evaluation method, as is reverse engineering of executable files.

There are also international common criteria (CC) for security examination of network products (if operating systems are considered a kind of product). CC are also an important reference indicator for our Evaluation Center’s product security evaluation.

Operating system source code can run as long as 100 million lines. How much to look at, what part to look at, and how to judge the code are decided according to objectives of the technology evaluator in the third party evaluation process. Reading every single line is perhaps ideal, but doing so would require an enormous amount of time and resources. On the other hand, from the perspective of a technology evaluator’s methods, looking at every line may not be necessary. But as evaluators we ask for 100 percent of the source code and then, starting from a foundation of analyzing the program’s structure and how it integrates with the user’s machine, we decide which modules specifically require examination and verification.

Cybersecurity reviews must be triggered by someone, and they do not separate domestic from international.

SMD: Are national cybersecurity reviews the same thing as “user testing” and “security testing”?

Wang Jun: Simply put, security reviews and technological evaluation or user evaluation are not the same thing. In the process of security review, however, technology evaluation or user evaluation may be included. Security reviews are about the possibility of network products and services influencing national security.

According to the Security Review Measures for Network Products and Services, the security review process must first be triggered, and the measures clearly enumerate several conditions for triggering. One is if relevant national authorities believe a type of product or service requires cybersecurity review. Two is if national trade associations recommend security review. Three is if the market reflects that it must be done. We believe the market includes the masses, users, etc.

As soon as someone suggests security review, a legally determined work procedure must be undertaken. This work procedure should be defined ahead of time by the competent national department. Security review is serious and important work that cannot be taken lightly and executed at a word; it requires a work procedure and official confirmation before beginning.

SMD: What is the work procedure for national cybersecurity reviews?

Wang Jun: In my understanding of the relevant laws and regulations, once it is initiated, there are several steps. First, a third-party evaluation organization appointed by the competent department undertake objective evaluation of the network product or service for requirements such as security, controllability, reliability, data validation (材料的真实性), user control of the product, etc.

At the same time, there is another set of work, for instance relevant examinations, background investigations, determination of whether there is any unfair competition or influence on the national economy and market. This comprehensive investigation can take place at the same time.

Once the technology evaluation and comprehensive investigation are complete, the results are be submitted to a committee of experts for opinions, independent examination, and judgment. The competent organ finally determines whether review has been passed. It cannot listen only to one side’s opinion, so it asks a high-level experts’ committee to submit judgment and opinions. We are all responsible for our own conclusions and work independently.

Finally, the cybersecurity review office synthesizes the views and reports up to the cybersecurity review committee, which issues the result of the security review.

SMD: Does national cybersecurity review only target foreign network products?

Wang Jun: According to my understanding of the spirit of the Cybersecurity Law, the cybersecurity review does not distinguish between domestic and foreign, cybersecurity review does not have a nationality preference, and it’s not the case that foreign things are all examined while domestic things are not.

I believe that, it doesn’t matter if it’s Microsoft’s general use edition of Windows, the joint venture C&M Information Technology Co.’s Windows 10 China Government Edition, or another Chinese-made operating system. If the product needs to undergo relevant security review, according to the law- and regulation-decided procedure, they can all go through cybersecurity review. The legal requirements are the same.

Once technological evaluation or security investigation, the procedure, standards, and requirements are the same. Of course, different product circumstances may determine different emphases, but on the whole the requirements are the same.

“Developing Windows 10 China Government Edition was a kind of attempt”

SMD: Many people believe a Chinese operating system should replace [Windows]. As an expert, do you agree with this view?

Wang Jun: My own personal view is that our country has a portion of professions and fields that at this stage objectively need to use the Windows platform. Technologically, Windows is in some ways advanced, and it has formed an ecosystem. Many of our applications have developed a certain extent of dependency on the Windows system, and without saying whether this dependency is rational, it’s an objective fact. I understand that some professional users, including some in critical information infrastructure areas, would have difficulty simply switching to a non-Windows operating system.

Thus under these conditions, forcing switchover to non-Windows systems is not necessarily the best choice.

On the other hand, in the open environment, if we can ensure security and controllability of a piece of advanced foreign technology, we can at least say there’s no need to exclude it or decide not to use it.

SMD: How do you view Windows 10 China Government Edition?

Wang Jun: Windows 10 China Government Edition was jointly developed by China Electronics Technology Group (CETC) and Microsoft, and the C&M Information Technology Co. was set up with CETC holding 51% of shares and Microsoft holding 49%. According to my understanding, in their cooperation, Microsoft is willing to open source code under the condition that intellectual property is protected. I believe developing Windows 10 or another later government-use edition in this method is a positive and meaningful attempt.

We understand the goal of this method is to try to give government and critical information infrastructure users an improved edition that suits Chinese users’ security requirements better than the general edition. This is a way to explore new solutions to problems at this stage. I think it’s something to look forward to.

SMD: Do you think that developing a Windows 10 Chinese government version and developing a domestic operating system is not contradictory?

Wang Jun: For the R&D of a domestic operating system, plus the time required to put one into use,  and packaging this to form an ecological environment requires a certain amount of time.

The use of the Windows 10 China Government-specific version, and the R&D and vigorous promotion of the application of a domestic operating system, including the construction of an ecological environment, can be carried out in parallel. In deciding whether or not to implement this parallel situation, it may well be worth considering the issue in terms of improving the degree of control over China’s cybersecurity, and the actual needs of users. We should allow this attempt in a tolerant manner.

Of course, this is for government departments and critical information infrastructure users. Other social users, and business users, must decide according to their own needs what kind of operating system to use.

A “Domestic system does not mean that it must be secure”

SMD: For domestic operating system security issues, what are your views? Is a domestic operating system secure?

Wang Jun: From a security point of view, domestic systems have some advantages compared to some foreign systems, but we cannot simply think that a domestic system must be secure. There are several reasons for this, first of all, any product has vulnerabilities, and vulnerabilities are a fundamental problem of cybersecurity, there is no certain security situation.

Second, some of our own domestically produced systems can be more reassuring in some aspects of security than for foreign products, for example, we do not have to worry about deliberate or passive implantation of malicious programs by the designer; but we may have gaps in terms of other aspects of security with other people, such as our understanding and mastering of security issues and anti-attack capabilities, there may be areas that we are not sufficient. The question of security is a comprehensive consideration.

Third, there are some equipment may be OEM abroad (the original design is abroad, we just got the production license); there are some domestic systems that use open source software, but for OEM and open source itself, domestic systems may also carry security issues.

Moreover, because the special nature of open source systems, there is not a manufacturer, so there may be loopholes and no one to solve the situation. Taking these factors together, we cannot simply say that the domestic network products must be secure.

SMD: So, do you think the Windows 10 China Government Edition requires a complete network review?

Wang Jun: As I just said, network products and services, whether domestic or foreign, whether it is domestic firm or joint venture, are also required in accordance with relevant national laws and regulations to carry out the necessary security assessment, or even a security review. The Windows 10 China Government Edition should also be no exception. Of course, to start a security review requires things to be done in accordance with the relevant legal procedures. If you meet the conditions for triggering the security review, in accordance with the legal procedures, it is possible to conduct a cybersecurity review.

SMD: Is it not the government procurement of critical information network infrastructure that requires conducting a cybersecurity review? So the security review and government procurement are naturally bound into one piece?

Wang Jun: As far as I know, the two are not naturally bound together. Government procurement also has its own procedural requirements. In the Cybersecurity Law, there is a provision for procurement that states that “network products or services that have not passed a security assessment or security review” may not be purchased. We should pay attention to the understanding of “have not,” which should be understood as “should undergo but did not undergo a cybersecurity review.”

Therefore, according to the current law, I think it is clear that if a product did not pass a security review, and clearly announced that it did not pass, it cannot be entered into the procurement directory.

SMD: The current technical testing for security is usually just testing a sampling, how to ensure that each computer operating system is secure?

Wang Jun: We are currently testing the methods, concerned about the two aspects of dynamic and static, but we are limited by the current technology and methods, and there is more of a focus on the static state. We are responsible for certain samples and security conclusions at a given point in time, but these are not permanent and it is difficult to achieve permanent security testing. However, the evaluation agency will try to make up for the relevant deficiencies, such as continuous monitoring, on-line monitoring or testing methods to strengthen the understanding, and mastering of the dynamic security situation.

SMD: Some people worry about the security of foreign products, fearing incidents such as described by Snowden. Is this not justified?

Wang Jun: This concern is reasonable—no one dares to say no. This is one of the reasons we have always stressed security and controllability. But we should not ask for absolute security, just as we do not stop driving a car because of the risk of traffic accidents. In fact, we also have a certain degree of anti-risk ability, through our work, to improve the security and controllability of foreign products, so that the risk is reduced to an acceptable level. Then we can use foreign advanced products.

Southern Metropolis Daily reporter Wu Bin from Beijing