In April 2024 FBI Director Christopher Wray said (not for the first time) that China tries to steal “intellectual property, technology, and research” from all corners of the U.S. economy.
The poster child for this sort of thing is Huawei, which, according to the Department of Justice, has a “long-running practice of using fraud and deception to misappropriate sophisticated technology from US counterparts.”
So the U.S. government thinks that the U.S. has a problem with Chinese commercial-industrial espionage. China is stealing trade secrets, intellectual property, data, patents and such, often via cyberattacks.
Make that two
Actually, the U.S. has two problems here. There is the theft problem and there is the reporting problem.
Looking just at the category of cybercrime, consider that the FBI “estimates only 15% of victims report their crimes to law enforcement.”
If we extrapolate this percentage to all forms of intellectual property (IP) crime, we see how big is the problem of the lack of reporting of IP theft. This happens because of mismatched incentive structures.
The theft certainly hurts American companies. The Center for Strategic and International Studies notes that the theft of intellectual property “does not mean that the victim company has lost the ability to make products. What has happened is that it now faces a new competitor. This is the real problem, since China flouts its World Trade Organization commitments and hobbles foreign competition. It has created a protected Chinese market, provides subsidies for foreign sales, and imposes nontariff barriers to hamper Western companies. Subsidized Chinese companies [with stolen IP] operating from a closed domestic market and selling to an open international market have an immense advantage, and this is a logical strategy.”
At the same time, though, “embarrassment and skepticism about the chances of tracking down the culprit helps to explain why individuals tend not to report cybercrime.”
Embarrassment = legal liability in failing to protect shareholder property. Bad press for management. Damage to “the brand.”
Skepticism = doubting the outcome of investigations. Doubting that there is any benefit to catching the perps.
Involving law enforcement costs time and money that companies believe “is not likely to result in recovery to the business.” Worse, businessmen fear “that the FBI or the Secret Service may descend upon these companies and try to take over that investigation.”
In 2018, FBI Director Christopher Wray promised that his agency would “ ‘treat victim companies as victims’ ” and said that “sharing information provided by companies to other agencies was not its responsibility.” But he is singing a new tune for “victim companies” these days: “The FBI fights back against China through Bureau-led ‘joint, sequenced operations’ alongside our partners. ‘As part of those operations, we’re often sharing targeting and other information with partners like U.S. Cyber Command, foreign law enforcement agencies, the CIA, and others, and then acting as one,’ he said.”
Apparently, then, a case about IP theft or cybercrime could indeed turn into an investigation of the company reporting the theft or cybercrime.
The example he showcases in this discussion engages all sorts of third parties in a “victim company’s” business. It would give any business executive pause.
Domestic IP theft
Sometimes, the Bureau will caution Silicon Valley giants about the threats they face, which is ironic. Harvard Business Review notes that if “major tech companies seem less concerned about IP violations closer to home, that might be because in these cases they’re often the perpetrators, not the victims.”
The scale of domestic IP theft or infringement is astonishing. “In August of 2021,” reports HBR, “a jury ordered Apple to pay $300 million in damages to Optis Wireless Technology for infringing on that firm’s patents. Apple similarly owes VirnetX, an internet security software firm, over $570 million for infringement. And Cisco and Centripetal Networks, a Herndon, Virginia, startup, will return to the district court to litigate whether Cisco infringed Centripetal cybersecurity patents. Cisco previously owed nearly $2 billion to Centripetal for infringement….
“For years, executives at major tech firms have seen these legal judgments as just a cost of doing business.”
No wonder big tech does not want the FBI, with its “sequenced operations,” poking around in its business.
In 2021, an IP Commission reported to the president with ideas on how to fix the IP crime incentive structure. The suggestions included:
Deny the use of the U.S. banking system to foreign companies that repeatedly benefit from the misappropriation of U.S. IP.
Ensure robust endorsement and enforcement of International Trade Commission decisions to block products containing stolen IP from being imported into the United States under Section 337.
Instruct the Federal Trade Commission to implement meaningful sanctions against foreign companies using stolen IP.
Further strengthen the Foreign Investment Risk Review Modernization Act process to include the evaluation of IP protection as a condition for investment in the United States.
Require the Securities and Exchange Commission to subject companies known to engage in IP theft to executive and auditor disclosure rules.
These seem to be more about neutralizing the benefits of stealing than about encouraging the reporting of crimes. Little matter; they appear not to have been implemented anyway. The incentives remain with the criminals. □
James Roth works for a major defense contractor in Virginia.
