Can Angela Merkel persuade China not to spy on Germany?

German magazine Wirtschaft Woche is reporting that she is trying to do just that. The report seems credible, given the remarks of other senior German officials, and knowledgeable Germans appear to be taking the report seriously as it has spread over the wires. While visiting Japan last month, the chancellor said she would seek a “solid guarantee” from Beijing and Huawei about the integrity of data on German networks. Arne Schönbohm, head of the German federal cyber security agency, suggested Berlin would give Huawei the opportunity to participate in Germany’s planned 5G roll-out if Beijing provides assurances on data security. Washington also is taking it seriously as the administration is threatening to reduce intelligence sharing if the Germans hold the door open for Huawei. Berlin appears to be pursuing a third option for dealing with the challenge of securing Huawei’s equipment from the same espionage concerns being pressed by U.S. and allied intelligence services: Rather than adopting an Australian-style exclusion or creating a U.K.-like security review center, Germany is seeking to work with China and Huawei to bring the firm into its market while pre-empting worries about spying.

Germany’s elected leaders have the right to make any decision they wish regarding Huawei and its future role in critical German infrastructure. However, to make Huawei’s participation contingent upon a “no spying” pact would be farcical if it were not so disingenuous. German leaders may say the risks are acceptable or manageable. They may say nothing and just welcome Huawei. They might be wrong about the former, and the latter is their right. But thinking that a “no spying” agreement will address these risks is the worst form of delusion, because it means locking in future generations of Germans on the basis of wishful thinking.

There are at least three reasons to not take Germany’s idea seriously. In addition, what happened after the U.S.-China agreement in 2015 does not give cause for optimism that Beijing would honor another such deal.

First, there is no reason to take the assurances of Chinese officials and Huawei executives at face value. The Intelligence Law passed in 2017 requires Chinese individuals and companies to cooperate with state intelligence services to collect intelligence and remain quiet about such cooperation. The language is plain: “any organization and citizen shall, in accordance with the law, support, provide assistance, and cooperate in national intelligence work, and guard the secrecy of any national intelligence work that they are aware of … .” Huawei’s defenders and Chinese officials would have you believe otherwise, though, suggesting that the lack of specificity in the law indicates narrow authorities and unspecified procedural safeguards will protect equipment users.

It’s difficult to countenance the idea that Huawei and Chinese leadership will exercise such restraint. The Intelligence Law and other laws in China’s suite of national security legislation — the Counter-Espionage Law (2014), State Security Law (2015), Counterterrorism Law (2015), Foreign Non-Governmental Organization Management Law (2016), and Cyber Security Law (2016) — largely codify what the Chinese party-state was already doing. The law’s relatively recent passage does not exempt Huawei’s pre-2017 business from scrutiny (and the data outflows from the African Union headquarters would seem to warrant it). That the laws explain past behavior is a point I have argued elsewhere, have been told directly by Chinese security officials, and can be found in Beijing’s propaganda about the national security laws: they contain “new rules that have proven effective in practice.”

China’s top diplomat and Politburo member Yang Jiechi told the Munich Security Conference in February, “China has no law requiring companies to install ‘back doors’ or collect foreign intelligence.” It is true that the law does not say “installing back doors” or specifically refer to “foreign intelligence.” One has to wonder, though, whether such a narrow reading of a law is justified when it does not even identify which intelligence agencies are being granted authorities. Beijing is going to do what it is going to do; the law is just a public statement to clarify what the party expects of its citizens.

Second, Germany is home to a number of Chinese dissidents and Uyghur exiles, and it seems unlikely that the Chinese Communist Party would forgo its ability to surveil them. Among them are the writer Liao Yiwu, Nobel Peace Prize winner Liu Xiaobo’s widow and artist Liu Xia, and the artist Ai Weiwei. Munich also is home to the World Uyghur Congress, and in 2009, the Chinese consulate’s harassment of Uyghurs there spurred German authorities to crack down. Berlin has granted refugee status to Uyghurs like Dolkun Isa, whom Beijing has labeled a terrorist because of his student activism in the early 2000s. Given that the Chinese Communist Party’s concept of security is defined by the absence of threat — including dangerous ideas, like civil society, rule of law, universal values as well as freedoms of speech, press, and association — it is difficult to imagine Beijing halting its spying in Germany. At a minimum, these efforts currently include human and technical surveillance. In 2010, the Swedes convicted one of their Uyghur citizens, Babur Maihesuti, for spying on his fellow Uyghurs outside China. His activities included spying in Germany and collecting email and telephone contacts.

Third, Germany cannot credibly build any threat of potential consequences into a no-spying agreement. Even if the Chinese government is caught exploiting Huawei’s equipment, threatening meaningful consequences requires Berlin to make several assumptions about the future. The first is that future German leaders will be prepared to accept the political and economic costs of ripping out and replacing Huawei’s equipment. The economic costs also include any downtime created by disruptions to normal service. The second is that alternative 5G equipment providers will be available — a questionable assumption given Huawei’s undercutting of the international market.

Finally, let us keep in mind that the foregoing analysis ignores Beijing’s past behavior. In September 2015, President Barack Obama signed a similarly intended statement on intellectual property theft with Chinese Communist Party General Secretary Xi Jinping. The two sides agreed that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

At the time, I doubted the affirmation would hold but could appreciate the merits of trying to resolve one of the issues poisoning the well of U.S.-Chinese relations in a relatively cost-free way. But in assessing the agreement’s success, it’s important to take the context into account. Democracies are much better at being aggressive when their options have been exhausted. Without the failed efforts to use indictments against Chinese People’s Liberation Army (PLA) officers for hacking in 2014 and the broken agreement, the United States may not have arrived at the Department of Justice’s China Initiative , announced last fall, to put more resources into countering Beijing’s political interference, economic espionage and intelligence activities. The Obama-Xi agreement may have been a delusion, naive, or ill-advised — or some combination of all three — but, politically, it succeeded at moving public opinion and the machinery of government toward a better policy. Moreover, unlike the German idea of a no-spying pact for market access, the agreement did not create new vulnerabilities or dependencies on the party-state or on Chinese companies.

Claiming that the agreement worked to reduce Chinese spying ignores the fact that the fall of 2015 may have been a unique period of change for Beijing’s computer network operations. What we did not know in September 2015 was that two months later, Xi would announce a massive organizational reform of the PLA. The signals-intelligence departments and technical reconnaissance bureaus would be reorganized into the Strategic Support Force. Nor was it widely known that the Ministry of State Security, China’s primary civilian intelligence and security service, has almost certainly has been the party-state’s most sophisticated thief in cyberspace.

The circumstances in late 2015 suggested three credible scenarios for what the Chinese government was doing in cyberspace and why the PLA’s cyber espionage appeared to decrease after the Obama-Xi agreement. One, U.S. pressure and publicity worked in tandem with Xi’s domestic political campaigns to move the PLA away from collecting economic data irrelevant to warfighting. Two, Xi continued the commercial divestiture begun in the late 1990s, and the PLA took stricter measures to ensure that its resources served military rather than commercial interests. Three, the U.S. indictments as well as the publicity generated by cyber security companies could have demonstrated to Xi that the PLA hacking in support of Chinese companies was compromised. Consequently, even though the Chinese leadership still values computer network operations to help Chinese firms, it may have ordered the PLA to suspend its economic espionage business — at least in the United States — to make way for the more sophisticated Ministry of State Security.

The available information suggests the third scenario was the most likely. In November 2017, the Department of Justice issued another indictment for three hackers connected to the Ministry of State Security. Their activities began before and continued after the September 2015 agreement. The point of the indictment seems to have been a quiet warning to Beijing that the United States did know the agreement had been violated from the very beginning. Even if the more optimistic first scenario is correct and the Chinese military has stopped conducting economic espionage, Berlin does not seem to have taken any of the steps to ensure Beijing understands Germany’s capacity and will to respond.

Choosing telecommunications equipment and services is largely about choosing to whom one is vulnerable. This is not just a question about technical risk or whether there is a smoking gun showing that Beijing is exploiting Huawei’s access. The problem is also political. Chinese and U.S. firms are among the leaders on 5G, so today’s dilemma will repeat itself. Europeans should be able to see a difference between the United States and the People’s Republic of China. And if they can’t, perhaps supporting a European solution would be satisfactory. Investing in a U.S. or European solution would come with a higher price tag and almost certainly some delay, but at least it would be free of the self-delusion.

Peter Mattis is a research fellow in China Studies at the Victims of Communism Memorial Foundation and a contributing editor for War on the Rocks. He is the author of Analyzing the Chinese Military: A Review Essay and Resource Guide on the People’s Liberation Army (2015) and co-author of the forthcoming Chinese Communist Espionage: An Intelligence Primer (Naval Institute Press, 2019).

Image: Amin Akhtar/Vodafone Institute