Strikeback! Commission on IP Theft Report Gets All Ronin On China

Posted on 23 May 2013 by


strike_back_xlgA bipartisan group that studies the effects and impacts of IP theft in the US, The Commission on the Theft of American Intellectual Property, has released a report outlining their findings on the scope of the issue and making policy recommendations to combat it.

The most interesting proposal among several: strikeback to re-capture stolen IP from thieves’ networks. From sober, non-marketing types, this is pretty cool.

The commission, headed by former Director of National Intelligence Dennis Blair and former US Ambassador to China and former Utah Governor Jon Huntsman, puts some numbers on the issue that are well understood by those in the industry and will be rather shocking to casual observers.

The report seeks to, “Propose appropriate U.S. policy responses that would mitigate ongoing and future damage and obtain greater enforcement of intellectual property rights by China and other infringers.” The involvement of commission staff with some serious China chops lends credibility to the findings for those who have been less involved and still ask the querstion, “Really?”

Yeah, really.

The key findings place American losses through IP theft at “hundreds of billions per year.” This is a highly dissatisfying number – sure would have been great to hear that it was,say, “$372.91bn” – but in our opinion this lends the report credibility, because it’s fairly impossible to put an exact number on it. More to the point, the report discusses the downstream and knock-on effects of IP theft:

Stolen IP represents a subsidy to foreign suppliers that do not have to bear the costs of developing or licensing it. In China, where many overseas supply chains extend, even ethical multinational companies frequently procure counterfeit items or items whose manufacture benefits from stolen IP, including proprietary business processes, counterfeited machine tools, pirated software, etc.

Conceptualizing nation-state sponsored IP theft as a state-provided subsidy is a strong concept, and one which goes a long way to contextualizing the “Why?” question that seems to vex American CEOs who try and understand why they have been targeted.

Then there’s this:

A confluence of factors, from government priorities to an underdeveloped legal system, causes China to be a massive source of cyber-enabled IP theft. Much of this theft stems from the undirected, uncoordinated actions of Chinese citizens and entities who see within a permissive domestic legal environment an opportunity to advance their own commercial interests. With rare penalties for offenders and large profits to be gained, Chinese businesses thrive on stolen technology.

I’ve often told victims the quote by David Etue, that one only need worry about the enemy who understands that they can spend $1bn to compete with you of $10m to steal what you developed. This report bears that concept out.

The report discusses other nation-state sponsors of IP theft, including Russia and India, but it puts a broader number on the percentage of IP theft that originates in China. While many studies have claimed this number to be 70%, the Commission reckons that China is responsible for between 50% and 80% of American IP theft. It bases this range on the representative court cases in which China is the destination for stolen IP, reports by the U.S. Trade Representative, studies from specialized
firms and industry groups, and US Government studies.

More interesting are the reasons cited by the report for why China is stealing so much of our stuff:

National industrial policy goals in China encourage IP theft, and an extraordinary number of Chinese in business and government entities are engaged in this practice. There are also weaknesses and biases in the legal and patent systems that lessen the protection of foreign IP. In addition, other policies weaken IPR, from mandating technology standards that favor domestic suppliers to leveraging access to the Chinese market for foreign companies’ technologies.

The report makes a range of recommendations, of which this first is highly tempting:

Designate the national security advisor as the principal policy coordinator for all actions on the protection of American IP. The theft of American IP poses enormous challenges to national security and the welfare of the nation. These challenges require the direct involvement of the president’s principal advisor on national security issue to ensure that they receive the proper priority and the full engagement of the U.S. government.

This clearly underlines the national security aspect of IP theft in a very stark manner – and that’s very good. But while this and about ten other Commission recommendations for government and legislative action would undoubtedly help, it is far more important that companies themselves take responsibility for their cyber-security and take these threats and their impact more seriously.

The real meat of this report is buried in one of the last recommendations. After making the usual pfapp about supporting vulnerability management, the report calls for the US Government to:

Support American companies and technology that can both identify and recover IP stolen through cyber means. Without damaging the intruder’s own network, companies that experience cyber theft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information.

Pa-POW! Strikeback!

This has, of course, long been a stated desire of companies – especially of security companies. Wouldn’t it be great to kick in the door at the hacker’s lair, kick some ass, grab some files and leave them in a cowering mass on the floor, bleeding?

Of course this report doesn’t get to that movie-like outcome, but it is the first high-level, publicly stated, non-commercial and serious proposal to modify laws to would allow some form of strikeback to recapture IP assets.

And we like that.

As the commission says:

Only when the danger of hacking into a company’s network and exfiltrating trade secrets exceeds the rewards will such theft be reduced from a threat to a nuisance.

Can I get a AMEN?

You can get the report here.