Beijing has used its media to counter accusations of cyber espionage by the U.S. and other governments for several years, typically with denials and alleged cyber misdeeds by the U.S. itself. This is a common modus operandi: a government accuses China of hacking, often releases a report or issues public statements with limited evidence to justify the accusation in both cases, and Beijing promptly retaliates. Recently, the U.S. Director of the FBI testified before Congress, referring to an alleged Chinese state-sponsored cyber espionage campaign called “Volt Typhoon,” which he said is deliberately embedding itself in U.S. critical infrastructure and “waiting for the right moment to deliver a devastating blow.” Unsurprisingly, China responded through its embassy in the United States, denying the claim that Volt Typhoon was linked to the work of cyber criminals and not Chinese state actors.

The U.S. government is not alone in having no qualms about linking these activities to China. Both Microsoft and Google have reached the same conclusion and made their analysis and findings public. And while both have detailed articles on the nature of the activity and how it operates, both are conspicuously reticent in providing evidence of attribution. Volt Typhoon’s activities were first observed in mid-2021, conducting cyberattacks on high-value targets such as critical infrastructure organizations in countries around the world to gain and maintain access undetected. If true, this is consistent with what a state actor would do in terms of cyber espionage, positioning itself to leverage clandestine access to conduct more disruptive attacks later should it deem necessary.

However, shortly after the FBI director’s testimony, an Australian “IT expert” came forward with an opposing opinion that offered an alternative to what was presented to Congress. According to this author, the timing of the testimony, as well as the Five Eyes consultation on Volt Typhoon in March 2024, fit with the fierce debate in Congress over the renewal of the Foreign Intelligence Surveillance Act (FISA). FISA is the highly controversial law that empowers U.S. intelligence and security agencies with surveillance powers to target, monitor, and collect data without a warrant, violating privacy and rights. According to the author, the FBI director’s sensationalism about potentially disastrous consequences was intended to paint a dire picture, instill fear in the public, and pressure policymakers to renew FISA without serious or meaningful revision. This is not to say that this alone was the catalyst for the passage of FISA, but it may have been enough to sway undecided lawmakers.

Still, it’s not hard to see that the FBI director’s over-the-top language was intended to build up the Chinese cyber threat, at a time when cyber power Russia is embroiled in a traditional and cyber conflict with Ukraine and the Middle East is on the brink of full-blown war. Drawing attention to China’s cyber activities now seemed like an odd move. That’s important because for a long time, Chinese cyber activities were predominantly focused on stealing American intellectual property and trade secrets. Despite its established offensive cyber capabilities, Beijing had preferred to use those capabilities to spy, steal, and monitor rather than engage in aggressive, disruptive, or destructive behavior. As a result, the constant calls of Chinese cyber theft soon became white noise to the public. That perception was only exacerbated by the fact that no U.S. presidential administration saw fit to hold Beijing accountable and impose consequences on it, whether punishment or deterrence.

The public hears a foul being called but sees no retaliation, and is forced to interpret Washington’s inaction as a tacit admission that such theft is “no big deal” at all. After all, the U.S. public has seen the United States take more aggressive and costly actions in the past to respond to perceived threats (e.g., invading Iraq with weapons of mass destruction). The fact that decades-long Chinese cyber espionage campaigns have not reached a threshold that would warrant a more forceful U.S. government response suggests that it does not view the activities as the threat some say they are. Other governments have been linked to destructive cyber attacks (e.g., Iran, Israel, North Korea, Russia, the United States), but not China. So the question remains: why now?

If the Australian author is correct, the focus on maintaining FISA powers at all costs is concerning, given the track record of abuse by the agencies it empowers. What is perhaps equally troubling is that at the time the FBI director was testifying about Volt Typhoon and the Chinese cyber threat, a massive data breach occurred at National Public Data, a consumer data broker that exposed the Social Security numbers, addresses, and phone numbers of hundreds of millions of Americans online when a hacker began selling the information online in April 2024. Compared to the FBI director’s testimony and the FISA debates, it appears that the government is more concerned with securing its own surveillance and data collection capabilities and powers than protecting the personal information of its citizens. This is unacceptable, as data breaches continue to compromise the very types of information the government itself wants to collect. In 2023, there were about 3,200 data breaches affecting more than 353 million people, almost the same number of people living in the United States at that time. Where are the fierce debates in Congress about protecting citizens’ data?

Redacted FISA court rulings uncovered thousands of cases of FISA abuse by federal agencies. In particular, FBI field offices repeatedly conducted prohibited searches, and the National Security Agency conducted routine, suspicionless searches of people abroad applying for immigration benefits. Although such activities are supposed to be conducted in the name of protecting the United States, there is little accountability about what happens to the information collected, how it is stored, how it can be (mis)used, and how it is destroyed. Trust in government is not high among the U.S. public, according to a poll that found that in 2023, only two in 10 Americans believed the government would “almost always” do the right thing. This opinion is further clouded by cases of government failure, or cases where government abuse is so obscured under the guise of preserving “national security” that even the Supreme Court refuses to address the issue.

Cyber ​​espionage and geopolitics are becoming increasingly intertwined. On the one hand, geopolitics can fuel cyber espionage campaigns in which a state seeks to gain a decision-making advantage by compromising an adversary’s confidential information and plans. Or it can be used to gauge the political position of even the most trusted allies on controversial issues. It can also be used to gain access and establish a permanent presence in networks of interest in order to further exploit them or conduct even more disruptive operations. On the other hand, a larger game is being played in which allegations of cyber espionage can fuel geopolitical conflicts by pursuing more strategic goals, such as attempting to prohibit the proliferation of foreign equipment, limit the expansion of a state’s global technical reach, minimize global influence, or simply advance one’s own agenda and/or technology over that of a rival state and reap all the financial and other benefits that come with it.

And in that context, it becomes less important whether Volt Typhoon is state-sponsored or the work of cybercriminals. It’s more important to look at what the story is trying to accomplish, who it’s trying to influence, and what its goals are. Because in the end, there are three key takeaways: 1.) China has been linked to yet another cyberespionage campaign; 2.) China has been linked to activities that COULD be used to conduct disruptive attacks at a later date; 3.) The growing danger of the Chinese cyber threat provides more fodder to convince governments to turn away from Chinese technological, political, or economic offerings; and 4.) FISA authorities are here to stay for the foreseeable future.

The latter is concerning, because threats and national security are supposedly the reasons we should voluntarily surrender our civil liberties to those government officials who say, “trust us” to do the right thing. But there seem to be more examples of abuse and misuse that stem from blind trust in institutions that consistently fail to live up to that trust, and since the passage of FISA, there have been more cases where these intelligence requests have failed to produce successful results (think, for example, of the findings on the Hamas attack, the Russian invasion of Ukraine, or the Ukrainian invasion of the Kursk disaster). The government should be transparent in providing us with evidence that this blatant suppression of civil liberties is making the country safer. At the very least, the rest of us should demand it do so, and hold it accountable through our elected officials when it does not.