Skip to main content
  • Sections
  • Search

Center for Strategic & International Studies

User menu

  • Subscribe
  • Sign In

Topics

  • Climate Change
  • Cybersecurity and Technology
    • Cybersecurity
    • Data Governance
    • Intelligence, Surveillance, and Privacy
    • Military Technology
    • Space
    • Technology and Innovation
  • Defense and Security
    • Counterterrorism and Homeland Security
    • Defense Budget
    • Defense Industry, Acquisition, and Innovation
    • Defense Strategy and Capabilities
    • Geopolitics and International Security
    • Long-Term Futures
    • Missile Defense
    • Space
    • Weapons of Mass Destruction Proliferation
  • Economics
    • Asian Economics
    • Global Economic Governance
    • Trade and International Business
  • Energy and Sustainability
    • Energy, Climate Change, and Environmental Impacts
    • Energy and Geopolitics
    • Energy Innovation
    • Energy Markets, Trends, and Outlooks
  • Global Health
    • Family Planning, Maternal and Child Health, and Immunizations
    • Multilateral Institutions
    • Health and Security
    • Infectious Disease
  • Human Rights
    • Civil Society
    • Transitional Justice
    • Human Security
  • International Development
    • Food and Agriculture
    • Governance and Rule of Law
    • Humanitarian Assistance
    • Private Sector Development
    • U.S. Development Policy

Regions

  • Africa
    • North Africa
    • Sub-Saharan Africa
  • Americas
    • Caribbean
    • North America
    • South America
  • Arctic
  • Asia
    • Afghanistan
    • Australia, New Zealand & Pacific
    • China
    • India
    • Japan
    • Korea
    • Pakistan
    • Southeast Asia
  • Europe
    • European Union
    • NATO
    • Post-Soviet Europe
    • Turkey
  • Middle East
    • The Gulf
    • Egypt and the Levant
    • North Africa
  • Russia and Eurasia
    • The South Caucasus
    • Central Asia
    • Post-Soviet Europe
    • Russia

Sections menu

  • Programs
  • Experts
  • Events
  • Analysis
    • Blogs
    • Books
    • Commentary
    • Congressional Testimony
    • Critical Questions
    • Interactive Reports
    • Journals
    • Newsletter
    • Reports
    • Transcript
  • Podcasts
  • iDeas Lab
  • Transcripts
  • Web Projects

Main menu

  • About Us
  • Support CSIS
    • Securing Our Future
Photo: Feng Li/Getty Images
Commentary
Share
  • LinkedIn
  • Facebook
  • Twitter
  • Email
  • Printfriendly.com

How Will China Retaliate beyond Tariffs?

March 29, 2018

As the Trump administration prepares a series of trade actions and investment restrictions against China, Beijing has signaled its intention to respond. Besides reports of coming Chinese counter tariffs, with no clear timeline, possibly on U.S. agriculture exports or aircraft, there is much uncertainty about what form Chinese retaliation could take. There are credible rumors of Beijing drawing up lists of U.S. companies with strong domestic counterparts that it would block from the Chinese market (however, there is no publicly available information on this). Chinese media is awash with nationalist calls for a tougher stance against the United States. One user posted: “The US had already declared a war. Why we were only making slogans?”

Both sides are engaged in negotiation that could result in a deal. There is a strong case to be made that the Chinese government will not change behavior absent external pressure. After all, it was the threat of sanctions against Chinese companies ahead of President Xi Jinping’s state visit to Washington in September 2015 that paved the way for the agreement on cyber-enabled industrial espionage. (Although the deal does not appear to be holding up.)

Yet, if negotiations break down, and we enter a period of extended hostility, retaliation from Beijing will go beyond counter tariffs. The Chinese government has other more opaque and unwritten channels to employ against U.S. firms with significant assets in China’s market. Specifically, China’s cybersecurity law can be used as a form of “backdoor” trade retaliation by opening up a number of informal tools to hurt U.S. firms in China.

Indeed, the very existence of these informal tools lies at the heart of the systemic problems that the Trump administration is seeking to address, from security audits that put intellectual property at risk to using cybersecurity to advance industrial policies. The Trump administration is correct to address these issues. But in doing so, it also must have a clear understanding about the consequences of its style of confrontation and where, specifically, there will be additional costs beyond U.S. or Chinese tariffs.

Backdoor Retaliation via China’s Cybersecurity Legal Regime

Below are just three “backdoor” retaliation tools that are receiving less attention, where the tech sector will bear the brunt of a protracted U.S.-China trade war:

  1. Black box cybersecurity reviews. In the information communications technology (ICT) sector, U.S. companies with domestic Chinese counterparts may see licenses canceled or denied under various cybersecurity reviews and certifications. There are at least six different cybersecurity reviews that the government could use to delay or block market access. The reviews are essentially a “black box,” because we do not know what they entail and what is required to pass them. Reviews are conducted at multiple levels of the bureaucracy without visibility into criteria, which allows Beijing to wreak havoc on U.S. company operations in a way that seems not directly confronting U.S. trade actions.

    For a detailed discussion of each of these security audits and their practical implications, please see the recent CSIS report, Meeting the China Challenge. To minimize loss in trade conflicts, the World Trade Organization set up the principle that trade retaliation should be proportionate and public. China’s possible use of black box reviews as a political tool will further complicate efforts to reach an agreement in negotiation.

  2. Hardline interpretation of ambiguous rules in China’s cybersecurity law. Some of the more concerning provisions in China’s cybersecurity law (e.g., data localization, more onerous rules for critical information infrastructure) are written broadly, leaving space for interpretation when it comes to how they will be implemented. To be sure, many U.S. companies already are preparing for conservative readings of these provisions in their operations in China and have found the Chinese side less than responsive in channels for engagement on these topics. That said, the benefit of ambiguity is that it allows space for maneuver, which would swiftly close in a cycle of retaliation. Undefined terms in the cybersecurity law such as “important data” and “critical information infrastructure” could become tools to hold up licenses and approvals.

    Meanwhile, there are a number of ongoing track 1.5 and 2 dialogues that have become important channels for exchange and could come to a halt. There are examples in which Chinese domestic industry has been an important ally to U.S. companies on pending regulatory issues, despite being competitors. These local champions could become less helpful to U.S. partners as trade tensions spill over to affect the broader bilateral relationship, particularly if these Chinese companies are blocked from the United States under the banner of reciprocity.

  3. Encryption requirements. Beijing has a draft encryption law in the legislative process. If enacted and enforced, the law could be interpreted to require only preapproved domestic encryption products—a redline for many foreign companies in China. This has been a regulatory gray zone for years, and the Chinese government recognizes that enforcement would come at too high a cost for the foreign firms it needs to stay in the market. An exemption in the current regulation allows companies to apply for approval to use foreign-produced commercial encryption products. But in a trade war, all bets are off
     

    Concerning requirements under the draft law include decryption demands when national security is involved, on-site inspections to access data and seize equipment, and a national security review for certain kinds of encryption products and services. There has not been much reporting about the law, and it is not mentioned in the March 22 report from the Office of the U.S. Trade Representative (USTR). But a recent article in China’s official press stated that authorities are accelerating the legislative process. The law would significantly strengthen enforcement powers of China’s State Cryptography Administration through expanded government supervision and access under China’s first-ever uniform encryption regime. Since the rules for this new regime are still being written, they can easily become another “backdoor” tool.

Why the Approach to Confrontation Matters

It is telling that the USTR report paid far less attention to China’s cybersecurity law than it did to older policies: “Made in China 2025” had over 100 mentions while the cybersecurity law had just 16. Since so much of the law is still pending clarification from Chinese authorities, it is understandable that the report did not go into much detail about its practical effects. Yet, the cursory treatment of the cybersecurity law and its broader framework in the report underscores how the Trump administration’s approach is not calibrated to solve these challenges and likely will only make them worse. While a quick deal with Beijing will reduce escalation risks, it is more likely that the outcome of negotiation would be a symbolic win for the Trump administration without addressing these deeper challenges impacting all ICT and the digital trade.

Samm Sacks is a senior fellow with the Technology Policy Program at the Center for Strategic and International Studies in Washington, D.C.

Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).

© 2018 by the Center for Strategic and International Studies. All rights reserved.

Samm Sacks
Media Queries

Contact H. Andrew Schwartz
Chief Communications Officer
Tel: 202.775.3242

Contact Caleb Diamond
Media Relations Manager and Editorial Associate
Tel: 202.775.3173

Related
Asian Economics, China, China Cyber Outlook, Cybersecurity and Technology, Defense Strategy and Capabilities, Defense and Security, Geopolitics and International Security, Intelligence, Surveillance, and Privacy, North America, Strategic Technologies Program
Footer menu
  • Topics
  • Regions
  • Programs
  • Experts
  • Events
  • Analysis
  • Web Projects
  • Podcasts
  • iDeas Lab
  • Transcripts
  • About Us
  • Support Us
Contact CSIS
Email CSIS
Tel: 202.887.0200
Fax: 202.775.3199
Visit CSIS Headquarters
1616 Rhode Island Avenue, NW
Washington, DC 20036
Media Queries

Contact H. Andrew Schwartz
Chief Communications Officer
Tel: 202.775.3242

Contact Caleb Diamond
Media Relations Manager and Editorial Associate
Tel: 202.775.3173

Daily Updates

Sign up to receive The Evening, a daily brief on the news, events, and people shaping the world of international affairs.

Subscribe to CSIS Newsletters

Follow CSIS
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram

All content © 2021. All rights reserved.

Legal menu
  • Credits
  • Privacy Policy
  • Reprint Permissions