The big story a couple weeks back was Google’s threats about pulling out of China and the allegations of Chinese cyberattacks against Google and other U.S. corporations. Amidst all that, I missed the story about a series of cyberattacks carried out by China against a U.S. law firm that was representing the plaintiffs in a recently filed suit against the PRC.
Gipson Hoffman & Pancione, the law firm representing Santa Barbara-based software maker CYBERsitter, LLC, in a $2.2 billion software piracy action filed last week against the People’s Republic of China and seven major computer manufacturers in connection with distribution of the controversial Green Dam censorware program, has come under a cyber attack directed from within China. The attack comes on the heels of widespread reports of Chinese cyber attacks against Google. Cyber attacks were initiated from within China against CYBERsitter itself last June when the Green Dam piracy was first reported in the press.
The cyberattacks were in the form of emails disguised to look as though they originated from within the firm, but instead contained Trojans, which could have been used to allow the attackers to gain control of the firm’s machines.
Luckily for Gipson Hoffman & Pancione, apparently the Chinese hackers could not convincingly pull off American Lawyer email-speak, and the messages were written so suspiciously that no one actually opened the Trojans.
Aside from Google and the above law firm, at least thirty other American commercial entities have been subject of Chinese cyberattacks. Or, to use the polite euphemism favored by the State Department, “cyber intrusions.” Cyberattack, you see, could be a dangerous term for diplomats to bandy about — it comes to close to being an accusation that China is committing the most serious breach of international law.
Although starting a war with China is obviously in no one’s best interest, now or most likely ever, I think I would be willing to argue that, under international law, China’s actions (assuming all allegations are true) do constitute a use of force that would authorize the U.S. and other nations who were the subject of attacks to respond in kind. China, of course, is well aware that at this point no nation would as a practical matter retaliate with force, but the Chinese cyberattacks may end up forcing an international law of cyber-relations to develop faster than would otherwise be anticipated.
This is true not only for issues of international law governing the use of force, but also for international trade law. Baidu, the major Chinese internet search engine , saw its stock shares rise in price in the wake of the recent Google-China conflict. Baidu had already was the market leader, but was beginning to feel the squeeze from competition with Google — and Baidu will, undoubtedly, continue to benefit if the Google pull-out really does occur. It’s not hard to see where the potential for a national treatment violation lies in that, and it looks like Google’s lawyers have already been considering the possibility.
According to lawyers, the US could argue that Beijing’s censorship in effect discriminated against foreign services such as Google, contrary to its commitments under the General Agreement on Trade in Services (Gats).
“If China imposes harsher web filtering restrictions on Google than on local search engines, such as Baidu, Google may have a WTO discrimination claim,” said David Spooner, a former assistant secretary of commerce, now at the law firm Squire Sanders & Dempsey.
Interesting argument. But if their attorneys keep that kind of talk up, Squires Sanders & Dempsey may want to start being careful about opening any email attachments that come their way.