Fighting cyber espionage, legally

Stewart Baker

Attorney and former Department of Homeland Security official Stewart Baker argues that a digital rule of law could be surprisingly effective.

Attorney and former Department of Homeland Security official Stewart Baker thinks so. The world might be friendlier to a digital rule of law than is commonly supposed, Baker asserted at a Dec. 4 breakfast sponsored by the American Bar Association. He pointed to Chinese President Xi Jinping's willingness to agree to international cyber accords and anti-hacking crackdowns within the People's Liberation Army as recent examples

Instead of going after the Chinese government, American companies and agencies could instead look to foreign firms.

"[Suing the Chinese government] is probably not your best bet anyway because the Chinese government will just, you know, stay offshore and thumb its nose at you," Baker said. "You're trying to dry up the market for cyber espionage rather than stop the cyber espionage directly, which is, that's what deterrence is all about."

Lawsuits, in other words, could help kill the cyber espionage market.

Baker said the Computer Fraud and Abuse Act, the Uniform Trade Secrets Act and Section 337 of the Smoot-Hawley Tariff Act all contain provisions related to stolen trade secrets that American firms could use to block foreign goods from the American marketplace.

Foreign firms are interested in stolen intellectual property so they can sell goods based on it, Baker noted. If they can't sell those goods in the world's biggest economy, they'll be a lot less keen on IP theft.

"These are potentially enormously valuable tools in the hands of the private sector," Baker said, predicting a major goods-blocking lawsuit from an American company against a foreign firm within the next five years.

The feds have a role to play, too, he said, calling on intelligence agencies to help scout foreign networks for stolen data. Targeted sanctions through the Office of Foreign Asset Control at Treasury also can help punish and dissuade hackers, Baker added.

What of the problems of attribution, and the threat of retaliation?

We have "remarkable" attribution capabilities by this point, Baker said, echoing the claims of those peeved in the private sector who want a more aggressive hack-back approach.

Retaliation, at least as concerns China, may not be a serious threat, he noted, as President Xi is "selling out" Chinese hackers in the interest of cementing internal control and assuaging world concerns.

Earlier this month, China claimed to have arrested the hackers responsible for the Office of Personnel Management breach, an intrusion Americans long suspected was state-sponsored, but which the Chinese government is now blaming on criminals.

Baker asserted that, all things considered, robust international legal action is the preferred way forward on cyber threats. The current de facto cyber defense model, emphasizing protecting networks rather than punishing and dis-incentivizing hackers, runs counter to the very principles of the law and civilized society, he noted.

It's as if the world was a town plagued by muggers, he said, and instead of arresting the criminals, the town's police chief told pedestrians to wear body armor to protect themselves.

"That chief of police wouldn't last a day with a plan like that," Baker said.

About the Author

Zach Noble is a former FCW staff writer.


  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

  • Defense
    Dana Deasy, DOD Chief Information Officer, hosts a roundtable discussion on the enterprise cloud initiative with reporters, Aug. 9, 2019, at the Pentagon, Washington, D.C. (DoD photo by Air Force Staff Sgt. Andrew Carroll)

    DOD CIO 'very confident' that White House influence didn't guide JEDI award

    At his Senate confirmation hearing, Defense Department CIO Dana Deasy said the department's $10 billion cloud contract was awarded by a team of experts.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.