Stand up for facts and support PolitiFact.
Now is your chance to go on the record as supporting trusted, factual information by joining PolitiFact’s Truth Squad. Contributions or gifts to PolitiFact, which is part of the 501(c)(3) nonprofit Poynter Institute, are tax deductible.
I would like to contribute
Former Hewlett-Packard CEO Carly Fiorina recently took President Barack Obama and Hillary Clinton to task on the issue of cybersecurity, via a column posted on Medium. She said Obama and Clinton have left the United States "woefully uprepared for cyberterrorism."
Fiorina said cybersecurity is "a critical piece of our strategy to defeat ISIS and restore American leadership in the world." She made a number of assertions in that column; here we’ll look at one she made about the United States’ efforts to prevent cyber attacks from China.
"When we held recent economic dialogues with China," Fiorina wrote, "we agreed on over 100 different things — including wildlife trafficking and volcano research. None of these 100-plus points of agreement addressed cybersecurity."
China has been implicated in past data breaches, including perhaps the most far-reaching hacking incident so far, which accessed a large cache of sensitive personal data held by the federal Office of Personnel Management.
Campaign spokeswoman Anna Epstein told us that Fiorina was referring to a news release in which the White House summarized 127 areas of agreement reached in June 2015 at the Strategic & Economic Dialogue, a periodic summit between high-level representatives of the United States and China.
Fiorina has a point that none of the 127 items on that list explicitly addressed cybersecurity. However, her argument is weaker if one looks beyond that list of 127 items: Fiorina ignored a subsequent agreement between the United States and China that dealt directly with cybersecurity.
But let’s start with the summit. In their public addresses at the summit’s opening, Vice President Joe Biden, Secretary of State John Kerry and Treasury Secretary Jack Lew each said that cybersecurity was an important issue for U.S.-China relations, and Chinese Vice Premier Wang Yang agreed in his speech.
The cybersecurity discussion -- a thorny one -- apparently did not lead to an agreement by the end of the summit, though experts told PolitiFact it may have been covered within the 127-point list by point 4, which confirmed the existence of "candid, constructive discussions between the two sides on strategic security issues."
The biggest problem with Fiorina’s claim, though, is that it fails to account for significant developments later in 2015.
The most important of these is an agreement on cybersecurity between the United States and China announced in September. That came almost three months before Fiorina posted her column.
On Sept. 24 and 25, Obama hosted President Xi Jinping of China for a state visit. During that visit, the two leaders announced an agreement on cybersecurity. Here are some of the key elements the two countries agreed on:
• Cooperation on investigating malicious cyber-activities coming from their territory;
• A pledge not to conduct or knowingly support cyber-theft of confidential business information to aid companies or industries;
• Efforts to promote international consensus on norms for state behavior in cyberspace;
• Creation of a "high-level joint dialogue" on cybercrime with regular meetings, as well as a "hotline" to prevent the escalation of issues.
"This was important, because China accepted that states should not conduct cyber espionage against commercial entities to create competitive advantage," said Adam Segal, senior fellow for China studies and director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations.
And there have been notable developments since then, Segal has written: "There was positive follow up in the first round of cyber talks between the Department of Homeland Security and Chinese Ministry of Public Security in December 2015" when the two sides "agreed on guidelines for requesting assistance on cybercrime or other malicious cyber activities, as well as to conduct ‘tabletop exercises’ in spring 2016 and to define procedures for use of the hotline."
In addition, since Xi’s visit, the White House has worked to advance cybersecurity policies with other countries. A similar agreement between the United Kingdom and China has been struck, and there are indications that Germany would sign a "no cyber theft" deal with Beijing in 2016, Segal wrote.
Meanwhile, during the G-20 summit in November 2015, the White House announced that the leaders in attendance reached a notable consensus that international law applies to state conduct in cyberspace, including pledges not to "conduct or support cyber-enabled theft of intellectual property."
It’s worth noting that experts acknowledge significant difficulties in enforcing cybersecurity agreements. "Just three weeks after the agreement, cybersecurity companies reported new attacks on pharmaceutical companies," Segal wrote.
Fiorina said, "When we held recent economic dialogues with China, we agreed on over 100 different things — including wildlife trafficking and volcano research. None of these 100-plus points of agreement addressed cybersecurity."
One document listing agreements struck during a June 2015 U.S.-China summit supports Fiorina’s point, but citing that one document is a case of extreme cherry-picking. Three months later -- and three months before Fiorina published her article -- the United States and China struck a significant cybersecurity agreement, and since then, the countries have taken steps to implement the agreement and forge cybersecurity agreements with other nations.
The statement contains an element of truth but ignores critical facts that would give a different impression, so we rate the claim Mostly False.
Carly Fiorina, "Cybersecurity" (on Medium), Dec 17, 2015
State Department, "U.S.-China Strategic & Economic Dialogue Outcomes of the Strategic Track," June 24, 2015
State Department, "The U.S.-China Strategic & Economic Dialogue / Consultation on People-to-People Exchange," June 23, 2015
Department of Homeland Security, "First U.S.-China High-Level Joint Dialogue On Cybercrime And Related Issues Summary Of Outcomes," Dec. 2, 2015
White House, "Fact sheet: President Xi Jinping’s State Visit to the United States," Sept. 25, 2015
White House, "Fact Sheet: The 2015 G-20 Summit in Antalya, Turkey," Nov. 16, 2015
Justice Department, "U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage," May 19, 2014
Adam Segal, "The Top Five Cyber Policy Developments of 2015: United States-China Cyber Agreement," Jan. 4, 2016
Washington Post, "Chinese breach data of 4 million federal workers," June 4, 2015
The Hill, "UK, China mirror US anti-hacking pact," Oct. 21, 2015
South China Morning Post, "Handshake to end the hacking: China and Germany pledge for peace in cyberspace by 2016," Nov. 9, 2015
Reuters, "China tried to hack U.S. firms even after cyber pact: CrowdStrike," Oct. 19, 2015
New York Times, "U.S. and China Seek Arms Deal for Cyberspace," Sept. 19, 2015
Email interview with Malcolm Lee, senior fellow at the John L. Thornton China Center at the Brookings Institution, Jan. 6, 2016
Email interview with Susan Landau, professor of social science and policy studies at Worcester Polytechnic Institute, Jan. 6, 2016
Email interview with Adam Segal, senior fellow for China studies and director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations, Jan. 6, 2016
Email interview with Eric Schultz, White House spokesman, Jan. 6, 2016
Email interview with Anna Epstein, spokeswoman for Carly Fiorina, Jan. 6, 2016
Read About Our Process
In a world of wild talk and fake news, help us stand up for the facts.