A blue-ribbon panel issued a report on Wednesday focusing on trade secret theft by China and urging a number of executive and legislative reforms, including enactment of a federal trade secrets statute and providing American companies with some limited right to “hack back” against those that launch cyberattacks against them. The report has already generated a fair amount of media coverage and is sure to spark further debate on what to do about international trade secret theft and cyberattacks (for more on the report, see this Op-Ed piece in The Washington Post, as well as these articles in Forbes, the BBC and PCWorld).
The Commission on the Theft of American Intellectual Property by The National Bureau of Asian Research (that’s a mouthful) assembled the report. The panel that authored the report includes high profile figures such as the former Ambassador to China (Jon M. Huntsman, Jr.), the former Chairman and CEO of Intel Corporation (Craig R. Barrett), the former Director of National Intelligence and Commander in Chief of the U.S. Pacific Command (Retired Admiral Dennis C. Blair), and former U.S. Senator Slade Gorton from Washington state.
The Reasons for the Report: For those that have been following these issues, the report relies on many of the statistics and developments that are by now considered to be conventional wisdom or accepted as true: $300 billion estimated annual losses due to foreign trade secret and cybertheft, drag on U.S. GDP growth, American job losses, and corrosion of the incentives to innovate, among others.
However, unlike other reports and commissions, this one unambiguously singles out China “as the world’s largest source of IP theft” and quotes estimates that “China’s share of international IP theft” is “roughly 70%.” In this respect, the Commission differs substantially from other high profile reports — most notably, the Obama Administration’s Trade Secrets Initiative launched last February, which elected not to single out China (although that initiative did detail incident after incident of theft involving a China connection).
The report also addresses what it believes to be the root causes of this serious international problem, as well as the role of the Chinese government in allowing or promoting it. It posits that “much of this theft stems from the undirected, uncoordinated actions of Chinese citizens and entities who see within a permissive domestic legal environment an opportunity to advance with their own commercial interests. With rare penalties for offenders and large profits to be gained, Chinese businesses thrive on stolen technology.” However, the report does note that role of the Chinese government in some of these efforts, citing the recent Verizon risk report that found that “‘state-affiliated actors’ accounted for 19% of the 621 successful ‘breaches’ in the 47,000 attacks reported.”
The Commission’s Notable Recommendations: A number of short-term solutions are advocated to reorganize and finetune the federal executive branch’s focus and responsibility. However, it is the “medium-term solutions” proposal that I thought was the most noteworthy, which is the section that advocates for legislative and legal reforms.
In my view, the most important legislative reform proposed in the report is the very first one — the call for an amendment to the Economic Espionage Act (EEA) to provide for a private right of action to allow companies and businesses to sue for the theft of their trade secrets (readers of this blog already know that I have supported this effort). The report does not advocate a particular bill (such as the pending Protecting American Trade Secrets and Innovation Act) or particular remedy. Rather, the report focuses on the practical reasons that require that legislation: over-burdened federal prosecutors who lack the resources to pursue these actions under the EEA and the jurisdictional and evidentiary limitations of state court actions that may frustrate the ability of companies to protect their trade secrets overseas.
The Commission also recommends that the EEA be amended so that the Federal Circuit would serve as the Federal Court of Appeals for all federal trade secret actions, “since it serves as the appellate court for nearly all IP-related cases and thus has a high degree of competency on IP issues.” This is a good suggestion and would provide uniformity and clarity on any new statute as well as for future prosecutions under the EEA.
Finally, the Commission advocates two noteworthy but controversial cyber proposals. It supports the present Cyber Intelligence Sharing Protection Act (CISPA) that has passed the House of Representatives but faces opposition within the Senate and by the Obama Administration on privacy grounds.
The Commission also supports giving American companies the right to a some limited form of a “hack back” against foreign cyberattacks (for a fine and brief analysis of this provision, see the recent post of Steptoe’s Stewart Baker for The Volokh Conspiracy). This would likely require an amendment to the Computer Fraud and Abuse Act (CFAA), which as presently drafted, would expose American companies to civil claims or prosecution under the CFAA. (For a debate on the merits of allowing a hack back amendment, see the exchange between Stewart Baker (in favor) and Professor Orin Kerr (against) in The Volokh Conspiracy).
For those with the time, I would recommend reading the report which has a host of other comprehensive proposals that should be strongly and seriously considered by the Administration and Congress.