In their letter to IMF Managing Director Christine Lagarde, they pointed to a recently disclosed breach of up to 4 million current and former federal employees’ personal data – reportedly by China — as the latest example of “China’s rapacious actions that are aimed at disrupting the global economy and undermining the stability of international market participants.”
Last week, the Office of Personnel Management acknowledged its networks were hacked in December, exposing the Social Security numbers, job performance and training records, among other data of millions of current and former workers. Earlier this year, several major health care companies acknowledged similar breaches, with tens of millions of Americans’ personal information exposed.
The senators also were apparently referring to a series of cyber intrusions aimed at U.S. companies for purposes of commercial espionage – to steal trade secrets that would give Chinese industry a competitive advantage.
Though the United States has not officially accused Beijing of carrying out the hacks against OPM and the health companies, privately a number of U.S. officials have stated the Chinese government directed the OPM intrusion. And private cybersecurity researchers have linked China to the hacks of the health insurers.
Last week, China dismissed the allegations of hacking as "irresponsible and unscientific."
The incidents “are just the latest in a litany of egregious actions, or inactions, that reflect the government’s lack of an ability to participate in an honest and transparent manner on the global stage,” the senators wrote.
Until China stops its hacking operations, the IMF should not designate the yuan as a reserve currency, Schumer said in a statement. “We need to punish China’s bad behavior, not reward it.”
Currently there are only four currencies that enjoy membership in the IMF’s basket of key currencies that can be used for foreign exchange among IMF member countries: the dollar, the euro, the yen and the British pound. The IMF board is meeting informally in the coming weeks to assess whether they should enlarge the group of reserve currencies.
“China has failed to make the necessary reforms to be considered a trusted and fair player on the international stage,” the senators wrote. “And therefore we urge the IMF to forgo any consideration of the yuan’s inclusion” in the special reserves that make up the funds “special drawing rights” system.
Zachary Goldman, a former Treasury Department official who is now the executive director of New York University’s Center on Law and Security, said the senators were “linking China’s ascendance in the strategic realm to its cyber espionage,” which may be appropriate depending on the motivation for the espionage. If the hacking is for commercial purposes — to give Chinese industry a leg up over U.S. competitors, then seeking to punish Beijing seems logical, he said.
But espionage done for more traditional motives, as was the case with the OPM hack, some analysts say, is less clear-cut, he said.
“We need to be careful about how we signal what the norms should be so as not to inadvertently and inappropriately constrain our own options,” he said. In other words, the United States spies on other countries, too. And it would not want to set a norm that it could not follow.
“It’s a good idea to find ways to push China to stop spying,” said James Lewis, a cyber policy expert at the Center for Strategic and International Studies. “The OPM incident isn’t the best case, though,” because it appears to be “traditional espionage.”
Better to target commercial spying, he said, because in that space, “China’s actions are wildly divergent with international practice.”
One of the hacks linked to China involved health insurance giant Anthem. In that case, the personal data of up to 80 million Americans was exposed. It included social security numbers, e-mail addresses, and income data. There was no sign, however, analysts said, that any of it wound up on the black market where it could be sold to identity thieves.
The bottom line, Goldman said, is to the extent that the United States finds Chinese cyber-espionage to be unacceptable, it should use the tools it has available to deter and punish China.
“We don’t want to do so in a way that precludes the United States from collecting intelligence to protect its interests and those of the international community,” he said. “But it’s hard to see how the theft of 80 million health insurance customers’ records meaningfully advances legitimate sovereign interests.”