The conventional way to protect intellectual property is to patent it. This gives an inventor legal protection for his idea: if others want to use it, they must pay him. The snag is that he must publish his idea, making it easy for someone in a less lawful country to steal it.
So a lot of companies are keeping their most valuable ideas under wraps. Alas, this is not foolproof, either. Hackers are cunning, and China employs thousands of them to steal foreign secrets, as a report last month from Mandiant, a computer-security firm, made clear.
No one knows how many trade secrets companies keep, or how much they are worth. Some, like customer lists, are generated during day-to-day operations. Others are kept secret because patents typically last only 20 years. Had Coca-Cola patented its secret recipe, it would have lost the rights to it long ago. And it would have lost its mystique straight away.
However, the main reason for favoring secrecy over patents is security. Elon Musk, for example, refuses to patent technologies developed at his SpaceX rocket company for fear that foreign space agencies would simply pinch them.
Many companies do not realize when their secrets leak. Richard Bejtlich, the chief security officer of Mandiant, estimated last year that over 90% of firms penetrated by Chinese hackers were unaware of the fact. A survey by ASIS International, a security-industry body, estimated the annual value of stolen corporate intellectual property at $300 billion in America. Another put it at over $1 trillion worldwide.
Digital thieves hail from all countries, but one stands out. In the 16 years since America’s Economic Espionage Act (EEA) made the theft of commercial secrets a federal crime, a third of all EEA prosecutions have involved people born in China or seeking to help its government or businesses. Since 2008, 44% of cases have had a Chinese connection.
One defendant stole secrets relating to military aircraft and the Space Shuttle. Others have spied on firms such as Ford, GM, Dow Chemical, Motorola, and DuPont. The Chinese government strenuously denies any involvement. It notes that its firms are victims, too. In a 2010 global survey by McAfee, another IT-security firm, Chinese businesses reported the highest average losses from intellectual-property theft: $7.2m each, compared with just $375,000 for British firms.
Most trade-secret thefts (and over 90% of EEA prosecutions) involve insiders. These are typically employees or contractors who are given access to sensitive information, which they snaffle via flash drive, mobile phone, or e-mail. Respondents to the McAfee survey rated insider threats above those posed by software vulnerabilities or cyber-terrorism.
Solutions are far from straightforward. America’s patent office is mulling whether to propose a new class of “economically sensitive” patents whose existence could be kept secret until a patent is granted (a process that typically takes over three years), to avoid giving thieves a head start. This is unlikely to satisfy businesses. Of more use, say some, would be amending the law to provide a federal right of civil action, allowing companies to pursue their own cases against spies. At the moment civil cases are subject to state law.
Last month Barack Obama’s administration unveiled new proposals to prevent the theft of American trade secrets. These include diplomatic efforts, voluntary industry initiatives, smarter investigations, and tougher laws. Congress has increased the penalties for infringing the EEA and removed a loophole that allowed a Russian programmer to walk free after copying source code for Goldman Sachs’s trading software. Even so, since 1996 there have been only about 125 indictments under the EEA. Most thieves are not caught.
© The Economist Newspaper Limited, London (March 16, 2013)