Trump's plan to work with Putin on cybersecurity makes no sense

President Donald Trump announced Sunday on Twitter that he and Russian President Vladimir Putin were talking about forming an "impenetrable Cyber Security unit" to prevent election hacking in the future.

Other U.S. politicians, including Sen. Marco Rubio, R-Fla., have reacted with consternation. Rubio suggests that partnering with Putin on cybersecurity would be like partnering with Syrian President Bashar Assad on a "Chemical Weapons Unit" (Assad is widely believed to have carried out chemical weapons attacks on his own people). The U.S. ambassador to the United Nations, Nikki Haley, has defended Trump, saying that the U.S. doesn't trust Russia but that "you keep those that you don't trust closer, so that you can always keep an eye on them and keep them in check." So why are Rubio and many others so critical of Trump, and does Haley's defense make any sense?

There is some precedent for working with states that you don't trust on cybersecurity issues. During the Obama administration, the U.S. and China reached an agreement on how to deal with contentious issues in cybersecurity. Both the U.S. and China hack into each other's systems on a regular basis. The agreement was not intended to stop this but to prevent it from getting out of control in ways that might damage bilateral arrangements. Thus, the agreement created a kind of hot line for communication and information sharing about potentially problematic behavior, as well as a continuing dialogue on cyberissues. It also ruled out efforts by state actors to steal intellectual property (the U.S. had persistently complained that Chinese state hackers stole U.S. companies' secrets and passed them on to Chinese competitor firms). To the surprise of many in the U.S., the agreement seems to have helped moderate Chinese efforts to steal commercial secrets, although there is disagreement over whether this was because China was shamed and wanted to preserve honor, or alternatively used the agreement to impose control over unruly hackers.

Either way, this deal worked — to the extent it did work — because both states had roughly convergent interests over a very limited set of issues. It did not involve the exchange of truly sensitive information — China does not trust the U.S. with details of its defenses against cyberattacks, and the U.S. does not trust China. Instead, the two sides have looked to manage their disagreement, rather than engage in deep and extensive cooperation.

As Trump has described his discussions with Putin, both want something much more far-reaching than the deal that Obama reached with China. Instead of setting up dialogue, Trump wants to engage in true cooperation. He wants to set up a joint "unit" that would handle election security issues so as to prevent hacking. This unit would, furthermore, be "impenetrable."

Critics in the U.S. have unsurprisingly interpreted this proposal as a transparent ploy by Trump to sideline accusations that Russian hackers helped him win the presidential election. However, even if Trump's proposal is taken at face value, it doesn't make much sense.

If the proposed cybersecurity unit were to work effectively, the U.S. would need to share extensive information with Russia on how U.S. officials defend elections against foreign tampering. The problem is, however, that information that is valuable for defending U.S. systems is, almost by definition, information that is valuable for attacking them, too. This is one reason U.S. officials have not previously proposed any far-reaching arrangement with Russia on cybersecurity. Providing such information would almost certainly give the Russians a map of vulnerabilities and insecurities in the system that they could then exploit for their own purposes.

Furthermore, when Trump says that this unit would be "impenetrable," he implies that Russia and the U.S. would cooperate on making it secure against outside hacking by third parties. Again, such cooperation is wildly unlikely to work well. To make it work, the U.S. would have to share sensitive methods with Russia, as well as vice versa. Neither side is going to want to do this, because again it would provide potential adversaries with a deep understanding of protective measures, which might allow those adversaries to penetrate them.

In short, the kind of cooperation that Trump is proposing would be very hard to accomplish between close allies with deeply shared security interests (the U.S. shares a lot of secrets with select allies — but it does not share everything, for the same reasons that they do not share their deepest defensive secrets with the U.S.). It is more or less impossible to carry off with a state that not only is often an adversary but has recently demonstrated its desire to hack U.S. elections, if only it could get away with it.

If Trump's tweet reflects a change in U.S. policy, it is potentially a big win for Russia's government. One of the reasons that U.S.-Russia relations deteriorated during the Obama presidency was Putin's belief that the U.S. was interfering in other countries' elections and that he was going to be the next target. Russia today is a "managed democracy," which allows some electoral competition, as long as it does not threaten the power of the government. This means that the Russian government saw the various prodemocracy movements supported by the U.S. during the "Arab Spring" and in Ukraine as an existential threat. The U.S. was not only encroaching in countries that Russia thought of as part of its sphere of influence. It was perhaps threatening to support a "prodemocracy" movement in Russia itself, which would topple Putin and his allies from power. Hence, Russia has insisted in various international debates that cybersecurity be defined so as to prevent foreign interference in Russia's electoral process.

Trump's willingness to play ball with Russia on elections may or may not stem from his domestic problems. From Putin's perspective, however, it is an unmitigated win. If the U.S. is willing to cooperate with Russia on election security, it suggests that the U.S. is willing to treat Russian elections as legitimate and is perhaps beginning to accept Russia's understanding of democracy promotion as an unacceptable form of interference in other countries' domestic politics.

As is often the case with Trump's tweets, it is unclear whether they reflect any real policy process. Trump is not noted for his fine grasp of the niceties of policy, and he deliberately excluded other senior officials from his discussions with Putin.