Charges Against Chinese, and U.S. Policy on Hacking

Publication Type: 
Other Writing
Publication Date: 
May 23, 2014

Cross-posted from The New York Times Opinion Pages. 

To the Editor:

Re “5 in China Army Face U.S. Charges of Cyberattacks” (front page, May 20):

On Monday, federal prosecutors unsealed an indictment of five members of the Chinese military, accused of invading the networks of American companies. The case is intended as a diplomatic cudgel and a symbol of executive exasperation. Perhaps unintentionally, it also reflects the limited upside to criminal hacking laws.

Federal policy has long treated hacking as a “computer crime,” in which government’s role is to punish intruders. Whatever the merits of that view in the 1980s, modern computer security is much different. The worst offenders are often unidentified, extraterritorial or even — as here — affiliated with another nation. American law enforcement simply cannot reach most sophisticated hackers.

There are other roles the federal government can and should play in computer security. It might promote best practices, offer incentives for training programs and facilitate information sharing, for example. It could also mandate effective defenses in sensitive sectors.

These approaches are more regulatory than law enforcement in nature. Implementing them will require difficult political decisions. But they are the only viable paths ahead.

If federal policy on hacking continues to emphasize prosecution, it will end up like Monday’s indictment — mostly symbolic.

Stanford, Calif., May 20, 2014