Cyber War And Theft Of Intellectual Property The Threat That China Poses To The United States
Cyber War And Theft Of Intellectual Property: The Threat That China Poses To The United States
Abstract
Over the recent past, there have been massive developments concerning the use of computer technology and the internet to conduct surveillance upon enemy nations or rival countries by other opposing powers. This paper discusses the recent developments in cyber space warfare and the role of china in the current threats that have placed the United States of America and the world as a whole on high alerts. The paper posits that there are steps the Chinese government has refused to take regarding the level of internet usage to access foreign intellectual content. Instead of working together with the USA and other governments to reach an agreement on the way they can exchange military intelligence, for example, the Chinese have reportedly hacked into the systems of other governments and helped themselves with this intellectual property. This paper discusses some of the most prevalent issues regarding Chinese IP theft as well as the characteristics of these thefts. The paper also analyzes the factors that will facilitate success and collaboration relative to China IP threats.
Introduction
In the recent past, there have been various threats as well as successful attempts by the Chinese to hack into the Computer intelligence systems of the United States government with the aim of stealing highly classified information regarding some of the core US operation schema. These recent threats are not the first of their kind, since the first IP theft cases can be traced back to as early as the 1970s. However, many researchers and scholars have given their opinions concerning the increasing cases of cyber attacks, with divergent opinions being brought into light. While some hold that theft of intellectual property of high value like military operations are acts of war, others argue that these are necessary evil that a country may indulge in to get trade secrets for the sole purposes of economic development.
Consistent research into the issue has revealed some cases of intellectual property thefts across history, and especially involving the US. What these researchers have failed to give the much deserved attention is the reasons why these IP thefts occur. Similarly, researchers have given only a small deal of research into the role of China in IP theft and its driving factor towards cyber war. The aim of this research paper, therefore, is to fill this information gap by offering an in-depth analysis on China’s case. In order to achieve this, the paper will corroborate information from both primary and secondary sources on the topic of discussion so as to offer balanced arguments. The writer holds the position that the degree of involvement of China in IP theft has reached the extent that it can no longer be ignored or wished away. China is becoming a threat to the security of data in the computer achieves of the US, and by extension, the entire world.
This paper is divided into various sections for ease of analysis or perusal in the following manner. This section, which is the first section, is the introduction, which offer insight into the content of the paper and the objective of study the second section outlines some of the most important issues that have so far come into play regarding the formulation of China IP threats. The third section analyses some of the most fundamental characteristics of China IP threats, and the fourth section discusses the factors that will facilitate success and collaboration relative to China IP/threats. The paper winds up in a conclusive summary which offers a preview of the discussion and the author’s thoughts on the same.
Global issues associated with formulating China IP/threats
The prosecution problem
Intellectual property refers to anything that is uniquely created by someone largely by the use of their mind (intellect) and, as such, has exclusive ownership rights. These rights are protected by the law and they extend to items such as music, art, literary content, inventions and discoveries, and symbols among others. In the computer world, they include programs, software, hardware, firmware and certain pieces of information that are otherwise classified to the owner(s). Today, most countries own huge archives of information regarding important functionalities of the government. The information can include anything from personal data of citizens, criminals, government, employees; to profiles of business organizations, their historical or criminal activities; to the country’s military and defense strategies.
Chinese hackers continue to plague the world with their persistent intrusion into foreign computer systems in search of secrets and other things known only to them. As General Keith Alexander testified during his Senate confirmation hearing as the first leader of US Cyber Command, the top government institutions are probed hundreds of thousands of times daily (Senate Armed Services Committee, 2010). These include the White House, CIA, FBI and Pentagon, among others, all of which are known for their huge banks of data. In 2006, Chinese hackers extracted an estimated 20 terabytes of data from government computers (Morozov, 2010). Private companies also are not immune from attacks. Earlier this year, Google moved from China to Hong Kong after tracing threatening cyber activity which affected at least 20 other U.S. corporations, to servers in China. As the Air Force takes on an expanding role in deterring and defending against foreign cyber threats, judge advocates find themselves increasingly responsible for providing cyber law expertise (Huntley, 2010).
To address this growing need, The Judge Advocate General’s School recently launched its first cyber-law course. The three-day curriculum included lectures on computer and network basics, cyber operations law, and current threats in cyber warfare. Air Force JAGs can now earn cyber law LLM’s. The Air Force Law Review likewise tackled the issue by publishing a master edition on a range of cutting edge cyber law issues
To provide context to the rapidly expanding field of cyber law, it is helpful to look more closely at the cultural environments in which hackers operate. It has been foldout that the hackers in china belong to organized groups with private communication channels. Understanding what might be called the “culture of Chinese hacking” enables scholars to contextually understand the threat of hacking as well as clarify some of the most crucial legal issues confronted in cyberspace.
Current Events
In recent years, American cyber attack victims have included an illustrious group: the U.S. State Department (2005), the Pentagon’s NIPRNET (2006), the US Naval War College (2006), a nuclear weapons laboratory at Oak Ridge National Lab in Tennessee (2007), the White House (2008), and NASA (2008) (Huntley, 2010). In one instance, hackers linked to China reportedly acquired information on NATO troop movements in Afghanistan; in another, the Joint Strike Fighter program was reportedly compromised (Sullivan, 2009)
While individual hackers can and do pose a threat to U.S. security, recent reports suggest a substantial organization within the Chinese hacker community. Last year, researchers discovered a cyber espionage network called Ghostnet, which was targeting computers in the foreign ministries and embassies of many Asian countries, as well as news media and non-governmental organizations. A virus linked to Ghostnet was able to spread to some 1300 computers in over 100 countries. To make the situation worse, the Ghostnet hackers, most of whom are based in China, were able to posses the control of the victimized computers temporarily (Morozov, 2010).
More recently, researchers have uncovered a cyber espionage network that compromised systems primarily based in India (Sullivan, 2009). This network, originating in Chengdu, China, acquired information from the Indian government, the United Nations, and the office of the Dalai Lama, including access to his personal e-mail. One of the most historical hacking of all time is attributed to the operation in which Indian hackers stole the information regarding NATO troop movements in Afghanistan. These breaches of security reflect the global effect of such attacks.
The rapid increase in cyber threats present judge advocates with numerous novel legal issues, such as the definition of a cyber “weapon” and whether harmful cyber activities constitute “attacks” under the law of armed conflict (Sullivan, 2009). Likewise, traditional JAG work in communications law, intelligence oversight, and information security law has been complicated by related cyber issues. One issue that is most significantly discussed currently is the issue of attribution in which the biggest question is whether the hacker can attribute his (or her) hacking activities to the government.
Attribution
In 2008, the U.S.-China Economic and Security Review Commission held a hearing on Chinese cyber threats, bringing together experts from throughout the national security community. The Commission’s report from the event concluded that “determining the origin of cyber operations, and attributing them to the Chinese government or any other operator, are difficult. Computer network operations provide a high degree of plausible deniability to the Chinese government (Sullivan, 2009). To the extent that uncertainty obscures questions of attribution in the cyber world, how are legal advisors to proceed?
Under international law, a state can be held responsible for the actions of a non-state actor if it can “effectively control” the non-state actor.12 Officers with the People’s Liberation Army Academy of Military Sciences elaborated on this point in 2007, explaining to an American delegation that attribution of hackers to the Chinese government would require that “the source… be clearly identified” (Goldsmith, 2009).
In the The Air Force Law Review, Major Arie J. Schaap argued that a more appropriate attribution rule in the cyber realm would allow for attribution where a state merely acquiesces to cyber attacks on foreign targets, despite having the means to prohibit and prevent such activity14 So conceived, if the Chinese government were to take a purely permissive stance on hacking, and if it demonstrated the capacity to prevent hacking originating within its sovereign territory, the argument might be made that the Chinese government could be held responsible for hacking originating in China. However, as discussed below, China has at least presented itself as neither purely permissive nor capable of preventing hacking (Sullivan, 2009).
Steps to criminalize hacking and publicize the prosecution of high-profile hackers creates at least a colorable argument that the Chinese government does not seek to permit hacking by non-governmental Internet users. Furthermore, reported attacks by Chinese hackers on Chinese business interests, many of which are closely connected to local government and party officials, suggests an inability to prevent some forms of non-governmental hacking (Sullivan, 2010).
It is perhaps too easy to argue that non-governmental hacking by private Chinese citizens cannot easily be attributed to the state, or that hacking by the People’s Liberation Army can be attributed to the state. A more concrete and vexing attribution problem arises when one looks more closely at the gray area between state and non-state in China’s sprawling military industrial complex. As part of its drive to modernize the PL A, the Chinese government has sought in recent years to draw on resources found in the civilian population. In 2003, for example, the Sixteenth Party Congress announced the policy of yujun yumin, or locating military potential in civilian capabilities. As a result, determining where the Chinese government ends and the civilian sector begin is an increasingly imprecise undertaking (Barboza, 2009).
Chinese universities are a case in point. Recently, researchers affiliated with major Chinese universities have published a number of articles on cyber security, including several examining vulnerabilities in U.S. infrastructure. One article, entitled “Cascade-Based Attack on the U.S. Power Grid,” looks at how an attacker might cause power grid failures in the United States. (Goldsmith, 2010). Another article, “Research of Attack Taxonomy Based on Network Attack Platform,” introduced a network attack platform capable of launching virus, Trojan Horse, and other cyber attacks (Goldsmith, 2010).
The status of personnel at universities is likewise a complicating factor. The Information Security Engineering Institute at the Shanghai Jiaotong University (SJU) is currently headed by Mr. Peng Dequan, former Director of the Science and Technology Commission of the Ministry of State Security, one of China’s principal foreign intelligence services Arie (2009). Through the revolving door between the academic and military communities is by no means unique to China, it does demonstrate the difficulties one would have clearly identified the source of Chinese cyber capabilities. Mr. Peng’s position as head of SJU drives this point home, given that the recent hacker attacks on Google were traced to computers at SJU (Sawyer, 2010).
If the university system and military industrial complex were not complicated enough, perhaps the best example of the difficulties of accurate attribution in China is the eight million member militia spread throughout the country, which researchers call “an operational nexus” between Chinese military operations and civilian information security professionals (Barboza, 2009). Directly accountable to the State Council and Central Military Commission, militia units are comprised of civilians from commercial firms in fields critical to national defense, including software design and telecommunications (Mulvenon and Sam, 2010). Local militia units in Ningxia, Henan, and Guangdong provinces have published online material describing unit missions, which include network, information, electronic, and psychological warfare (Weinstein, 2009). These militia units have sought out individuals with foreign languages and cultural skills, suggesting a mission not limited to territorial China (Weinstein, 2009).
Attribution of Chinese cyber attacks likely will become increasingly difficult for US officials. As we have seen, there are no clear lines distinguishing military from non-military actors in China. While this blurry line plays a role in how hackers operate, cultural factors also influence the world of the Chinese hackers.
HYPERLINK “http://ehis.ebscohost.com/ehost/detail?sid=e2e23b33-f1b9-45c5-92ff-4adc2220394f%40sessionmgr198&vid=1&hid=109&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d” l “toc” o “Chinese Hacker Culture”Chinese Hacker Culture
Hacker War, a novel published online in 2008 by a number of Chinese e-publishing websites, offers a window into the often inaccessible world of Chinese hacking (King, 2009). The protagonist, Chen Yonghao, hears the call to arms after the accidental NATO bombing of the Chinese embassy in Belgrade, Yugoslavia. Rather than taking up traditional weapons, however, Chen organizes a group of citizen hackers through an Internet chat room — and the Chinese Hackers Union is born. The Union then launches a series of patriotic cyber attacks against those believed to be most responsible for the bombing: the United States government. The White House website is hit first. Chen hacks in and defaces the website, causing the site to be shut down as repairs are made. News of the hack quickly spreads, earning Chen and the Union respect and fame throughout the Chinese Internet community (Todd, 2009).
Scores of books similarly lionizing patriotic Chinese hackers have been published online in recent years, one indication that hackers increasingly enjoy an esteemed position in modern Chinese Internet culture. Hacker novels with names like Hacker Legend and I Am A Hacker are commonplace, putting Chinese citizens a click away from a fictional tour through the computer systems of the Pentagon, White House, and other popular U.S. targets. Perhaps recognizing the emergence of the hacker hero phenomenon, the Chinese government has recently ramped up efforts to reframe the issue and brand hackers as mere criminals. Recent headlines – including those in publications closely monitored by the Chinese government – tell of prominent hackers brought to justice by an increasingly tech-savvy Public Security Bureau (Jie, 2009). But for all the efforts of the Chinese government, hacking continues to be a growth industry in China, and its reach is global.
A culture of underground hackers feeds off easy access to and continual encouragement from websites and hacker fiction. In China, hackers have remarkably easy access to information guiding their activities. Four major search engines in China, Baidu, Google China, Google US, and Yahoo!-China, all produce links to hacker websites with a simple search of “Multiple line equation cannot be converted into text.” the most common Chinese term for “hacker.” These hacker websites include discussion forums where hackers compare accomplishments and describe how to hack certain networks (Branigan, 2009). With easy access to such information, new hackers can learn how and what to hack and receive encouragement for doing so.
Online novels are a wildly popular phenomenon in China and a major growth industry (Branigan, 2009). At times earning $10 per thousand characters typed, online authors of hacker fiction can be expected to keep pumping out their product, and legends of heroic hackers storming the distant walls of American network infrastructure will proliferate.
HYPERLINK “http://ehis.ebscohost.com/ehost/detail?sid=e2e23b33-f1b9-45c5-92ff-4adc2220394f%40sessionmgr198&vid=1&hid=109&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d” l “toc” o “Chinese Law”Chinese Law
While China is not a member of the European Union Convention on Cybercrime, new laws passed in 2009 by the Chinese People’s Congress do appear to reflect an effort by China to adopt the core principles of the Convention (Branigan, 2009). The Convention requires that member states criminalize certain forms of cyber activity, including unlawful access, interfering with data or systems, unlawful interception, and computer fraud or forgery (Jie, 2009).
Two new Chinese laws criminalize illegal acquisition of computer system data or control of computer systems and prohibit supplying programs or tools for the purpose of illegal control of computer systems (Branigan, 2009). Conceivably, the new law prohibiting the supply tools for the purpose of intrusion into computer systems could be the tool used to shut down many of the easily accessible chat forums and hacker fiction websites that provide instructions on how to hack systems of foreign governments. There is some anecdotal evidence that the Chinese government could be in the early stages of a crackdown on certain types of unlawful cyber activity; (Branigan, 2009) the Chinese government, for its part, claims to have “nabbed” just over 1,000 hackers under the new criminal laws, though such reports are difficult to verify.
China’s well known restrictions on free expression likewise permit the government to restrict hacker websites and literature. Under Article 225 of China’s Criminal Law, Chinese publishers are prohibited from publishing materials without first acquiring a license through the General Administration on Press and Publication (GAPP) (Todd, 2009). In addition to licensing restrictions, GAPP works with the Central Propaganda Department to regulate the content of publications. The Regulation on the Administration of Publishing (2001) empowers officials to punish authors and publishers for a number of infractions, including the vague prohibition on published material that “harms national security or national interests.” (Todd, 2009). A web search conducted from China for the Tiananmen Square Massacre produces a webpage with an error. Other taboo topics include the Dalai Lama, political independence of Taiwan, and ethnic conflict in Muslim regions of China. The Chinese government censors this material in the name of national security and national interest. However, hacker websites and hacker fiction that glorifies cyber attacks of the U.S. government remain largely unfiltered.
Chinese law enforcement has used this regulation to crack down on Internet books with unapproved content in the past, such as the 2007 sting resulting in the removal of over 300 online books featuring pornographic content (Jie, 2009). Together, China’s cybercrime and publishing laws equip law enforcement with strong tools to address hacking and other cyber threats. While the Chinese government possesses the legal tools to do so, it does so infrequently. One could argue that the smothering censorship applied to certain subject matter – such as the Dalai Lama or Taiwanese independence – and the relatively limited restrictions on hacker Internet discussion forums, websites, and even e-books, implies a tacit endorsement of Chinese hacker activities.
These uncertainties raise strategic questions of the first order: does China “harbor” hackers? Should the language of the War on Terror be applied in a future War on Cyber Terror? How could China demonstrate to U.S. satisfaction that it does not “harbor” hackers? Would an international organization tasked with cyber inspections – akin to the current nuclear watchdog regime – help resolve these issues?
The beginning of an answer may lie in what is known as the United States-China Joint Liaison Group (Liaison Group). Having evolved over the decade-plus since President Bill Clinton met with Chinese leaderships to establish stronger bilateral relations, the Liaison Group today serves as a primary vehicle by which the United States and China coordinate bilateral law enforcement operations on issues like transnational crime and intellectual property infringement. Headed by the U.S. Department of State and the Chinese Foreign Ministry, the Liaison Group has helped the two sides resolve a number of cases, including an anti-intellectual piracy operation over $500 million (Jie, 2009).
The Liaison Group could help resolve one type of attribution problem in particular: where the United States has been cyber-attacked and China wants to avoid responsibility (e.g., war). Through the Liaison Group, China can help the United States verify that, though the attacks originated in China, they were done by rogue elements or otherwise non-state citizen hackers. The Chinese side of the Liaison Group could get the Public Security Bureau to arrest the hacker and hand him over to the FBI, thereby verifying that no “armed attack” justifying American retaliation had occurred. Whether it takes the form of the Liaison Group or some other vehicle of coordination, the United States and China would do well to take quick steps to institutionalize a joint fight on cyber threats, thereby reducing the types of uncertainties and suspicions that have been the prelude to conflict throughout history.
HYPERLINK “http://ehis.ebscohost.com/ehost/detail?sid=e2e23b33-f1b9-45c5-92ff-4adc2220394f%40sessionmgr198&vid=1&hid=109&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d” l “toc” o “Conclusion”Conclusion
Hacking is now a popular sport in China. The hacker hero is alive and well in Chinese popular culture and fiction. How the emergence of a Chinese hacker culture will influence the frequency and severity of Chinese hacker attacks remains to be seen. At the very least, Chinese hackers have an increasingly rich library of hacker fiction from which to plot their next attacks. Recent cyber attacks worldwide reflect a need to understand where these attacks originate. As we continue to develop technology, organization, and skills necessary to combat cyber threats, it is ironic that we rely ultimately on the Chinese philosopher Sun Tzu, who counseled in The Art of War to “know your enemy” (Weinstein, 2009). Doing so will better enable the Air Force to win the fight in cyberspace.
As the Air Force takes on an expanding role in deterring and defending against foreign cyber threats, judge advocates find themselves increasingly responsible for providing cyber law expertise. One issue presenting a challenge is attribution: when, if ever, can the victim of a cyber attack attribute responsibility to the host government of the hacker? (Weinstein, 2009).
Characteristics of China IP/threats
There are many examples of China-based IPR breaches. Huawei Technologies, for example, China’s leading telecoms-equipment maker, according to The Economist (“Special Report: China’s Champions,” 2005) was successfully sued by Cisco for IP theft in an American court. Huawei is one of the so-called state champions that the central government decided would be among the 30–50 of its best state firms to be built into globally competitive multinationals by 2010 (“Fear of China,” 2005). At home, these companies enjoy tax breaks, cheap land, and virtually free funding via the state-owned banks. Abroad, the Chinese government helps these state champions to secure contracts or exploration rights (“Special Report: China’s Champions,” 2005). Chinese car firms are pervasive counterfeiters of foreign models: one local favorite is half Mercedes, half BMW (“Fear of China,” 2005). So ahead of the game are the counterfeiters that Harry Potter books are published in China before J. K. Rowling, the author, has written them!
Amcham-China’s president maintains that “the problem [of IP theft] is growing faster than the enforcement efforts . . . and this problem of growing exports is really one to watch because that is going to reverberate against China on the international stage” (AmericanThere are many examples of China-based IPR breaches. Huawei Technologies, for example, China’s leading telecoms-equipment maker, according to The Economist (“Special Report: China’s Champions,” 2005) was successfully sued by Cisco for IP theft in an American court. Huawei is one of the so-called state champions that the central government decided would be among the 30–50 of its best state firms to be built into globally competitive multinationals by 2010 (“Fear of China,” 2005). At home, these companies enjoy tax breaks, cheap land, and virtually free funding via the state-owned banks. Abroad, the Chinese government helps these state champions to secure contracts or exploration rights (“Special Report: China’s Champions,” 2005).
Chinese car firms are pervasive counterfeiters of foreign models: one local favorite is half Mercedes, half BMW (“Fear of China,” 2005). So ahead of the game are the counterfeiters that Harry Potter books are published in China before J. K. Rowling, the author, has written them! Amcham-China’s president maintains that “the problem [of IP theft] is growing faster than the enforcement efforts . . . and this problem of growing exports is really one to watch because that is going to reverberate against China on the international stage” (American Chamber of Commerce China, 2006). Some analysts, Yang (2005) for example, argue that some allowance for cultural impediments on the Chinese side is called for to establish a tighter IP protection regime. The argument for tolerance is predicated on history: during the Qing dynasty (1644–1912), China ruled almost a third of the world’s population and oversaw a third of the world’s GDP. It can look back on a history of innovation, spanning the inventions of paper money, explosives, the printed book, and professional civil service (Maddison, 2001). Today, there remains more than a vestige of resentment among the Chinese people that their inventions attracted none of the royalties that they are now exhorted to pay to others.
Perhaps this period of IP piracy is an intermediate phase on the road to development, just as the United States a century ago exhibited similar behaviors. For example, Charles Dickens complained bitterly about the theft of his rights by American publishers (Edwards, 2007). The Budweiser brand, it is claimed, was systematically deconstructed and stolen in the nineteenth century from Czech brewer Budejovicky Budvar by a Czech émigré, and then reconstructed in the United States. As recently as 2009, the second largest court in the European Union confirmed a previous decision not allowing Anheuser Busch to register the trademark Budweiser in the European Union (“Court Has Supported Budvar,” 2009).
It may be expected that China will become more compliant about protecting IP when it gauges that it has enough of its own IP to protect (Kirkpatrick, 2005). Indeed, China now has a National Intellectual Property Strategy that looks to “improve the intellectual property system, actively work to create a favorable legal environment, market environment and cultural environment for the development of intellectual property in order to greatly improve China’s capacity to create, utilize, protect and administer intellectual property. This will provide strong support for the effort to make China an innovative country and develop a moderately prosperous society in all respects” (Outline of the National Intellectual Property Strategy, 2008). This phraseology disturbs other governments, as they expect China to use its IP portfolio to block entry and negotiate advantage in international markets. The potential is great. China is now a major source of innovation; for example, in 2008 there were 800,000 Chinese patent applications, 360,000 of which were for design patents.
Analysis of the China Cyber war situation
The research for this article involved a subset of 20 face-to-face interviews conducted in China, with a range of relevant players: CEOs of companies that hold multibillion-dollar asset portfolios based on heavy concentrations of IPRs, IP lawyers, IP consultants, management consultants, advertising agencies, branding consultants, and those who track down and prosecute counterfeiters on behalf of the IP owners. These interviews comprised a subset of a larger study involving 150 interviews probing the experiences of foreign companies in China.
The analysis illustrates that the methodologies employed by many foreign companies to ensure the integrity of their IP in China are seriously flawed. It is estimated that over 70% of cases, IP theft in China occurs as a result of companies having failed to take effective action, or having executed only partially effective steps to protect their IPRs. The data analysis of the CEOs interviewed suggests that the majority of companies are not taking effective steps to protect their intellectual property.
It is paradoxical that these foreign-invested enterprises (FIEs) have a myriad of governance rules, ranging from the use of cash through to the issuance of stock options, yet the critical group of intellectual assets known as IP is left largely unguarded. Given that employees are the most vulnerable IP leakage point, human resources (HR) policies in the majority of cases appear lax from the outset as they fail to make provision, as part of the recruitment process, for striking tight agreements regarding IP protection. As an IP lawyer explained, IP has legs: What we normally see in China is the leg. Where do the legs come from? The legs come from your employees. They’re the ones with access to the information.
They’re the ones with the access to your intellectual property. It’s not the patent office. It’s not the government that’s giving your secrets away. So once you’ve registered your IP, you need to go and take an approach which is employee based . . . you should get your employee’s contracts, take a look at them, and try to assess whether or not your IP is protected in those agreements and whether or