Intellectual capital's (IC) rising value in the production of wealth has been mirrored by its increasing vulnerability to crime. It is estimated that a majority of the productive capacity of organizations is tied up in IC and even a significantly more conservative estimate leaves IC as a major force in organizational competitiveness. The move from tangible to intangible assets as a major productive force has produced a number of challenges to management and financial reporting. This shift has also resulted in a new vulnerability to financial crime that organizations face as a result of their reliance on IC.
Taken together, these factors have created a new environment in which IC is uniquely at risk from financial crime. This paper explores these risks in greater detail in order to demonstrate that traditional legal remedies are largely ineffective to protect IC property rights and that given this policy environment and the nature of IC itself, prevention is the only reasonable means for protecting IC.
The definition is in one sense more generic than that incorporated in the EEA. The Act differentiates between the theft of trade secrets, carried out without the intent to benefit a foreign sovereign, and economic espionage, intended to further the strategic initiatives of a sovereign state and/or damage those of a rival state. The definition of economic espionage used in this paper considers the nature of the conduct at issue and therefore encompasses those who steal to benefit either a sovereign state or private parties. The broader definition is necessary to implement the paper's focus on economic espionage as a unique type of criminal activity, one with effects beyond the parameters of current policy and legal redress.
The essence of economic espionage has remained unchanged when observed from a historical perspective. Economic espionage continues to consist of covert actions intended to eliminate emarket advantages. There is, for example, a long history of such actions in the USA, dating back to the late seventeenth and early eighteenth centuries, when intellectual piracy was the de facto policy of the fledgling republic.
The convergence of technology, economic, demographic, and social factors has resulted in the emergence of the "Flat world" described by author Thomas Friedman. Friedman asserts that these factors have resulted in a leveling of the economic playing field and allowed developing nations like China, India, states comprising the former Soviet Union, Eastern Europe, and South America to compete more evenly with more developed nations. The case Friedman posits is a compelling one, amply demonstrated by the recent growth in gross domestic product in China, India and to a lesser extent the other geographic areas mentioned. Factors leading to a "flat world" have also altered the methods and operations of those engaging in economic espionage.
Prior to globalization, economic espionage practitioners were constrained by traditional factors of proximity, scale, physical constraints, and patterns. These factors required that espionage tradecraft be conducted in a high-risk environment by professional intelligence operatives trained to recruit agents and manage agent networks. Typically, this required elaborate coordination and planning to accomplish meetings or exchanges. Proximity between agents and handlers could not be avoided. Case officers were limited in the number of agents they could manage ensuring a scale of operations contingent on resources. The physical constraints of operating in a foreign environment were a constant challenge with respect to logistical support and operational techniques. Additionally, the need to follow established tradecraft protocols resulted in patterns that could be discerned by counterintelligence personnel increasing the risk of discovery and apprehension.
In today's so-called "flat world", the entire operational landscape has been transformed. The need for proximity with respect to agent operations has been lessened by the ability to remotely and anonymously target data contained on information networks. The scale of operations has been greatly expanded by the ability to simultaneously target multiple objectives, increasing potential collection capabilities by an order of magnitude far exceeding what was formerly available to traditional agent networks. The absence of physical constraints in cyberspace provides an unbounded virtual operational venue characterized by speed and an immediacy of results absent in traditional espionage operations. The ability of operators to implement a variety of targeting techniques crossing multiple international jurisdictions reduces the likelihood of a successful counterintelligence operation and affords a much lower risk environment. This reduction of risk combined with a commensurate opportunity for higher rewards will result in an increase of trade secret and intellectual property theft since there is so much to be gained in comparison with the flattened cost of espionage efforts.
Practitioners of economic espionage consist primarily of two groups: state sponsors and business competitors. The overexpansion of broadband capacity during the dot.com bubble era had some unanticipated consequences relative to Friedman's flat world scenario. This overexpansion resulted in increased world-wide connectivity, collaboration and information sharing to an extent not previously attainable. The ability to aggregate and disaggregate information remotely provides numerous electronic targets of opportunity. The dark side of the flat world is that the productivity-enhancing factors are vulnerable to a variety of electronic targeting and attack methodologies by adversaries engaged in economic espionage collection pursuits.
The proliferation of state-sponsored theft of IC has proven especially problematic to those businesses which on IC for the creation of wealth and to maintain a competitive position in the market First, the centrality of IC assets to competitiveness has made the man increasingly attractive target for all competitors, but particularly those with more capabilities in production and fewer in research and development (R&D). An extreme case is that of software piracy in which programs that required millions in R&D to produce can be duplicated for a few cents per CD-ROM.
A second aspect of state-sponsored economic espionage is the difficulty of bringing legal remedies to bear against the perpetrators of the crime. As subsequent sections of the paper will argue, conventional law enforcement is predicated on the identification of individuals responsible for committing the crime and for their extradition to the USA to face charges if they are outside the physical jurisdiction of the courts. The theft of IC by sovereign states makes this model problematic in practice due to the likelihood that responsible individuals will be shielded from investigation by the sponsoring state and likelihood that the sponsoring state will bar extradition even in the event that specific perpetrators are discovered. Since the primary beneficiary of the crime is the state itself rather than the individual perpetrators, prosecution of individuals is unlikely to deter future thefts. Even worse, they may operate under the protections of diplomatic immunity and escape criminal responsibility altogether.
The conduct of business, particularly electronic commerce (e-commerce), has further facilitated the ease with which IC can be targeted. The nature of e-commerce requires remote, electronic access to company resources to pace, pay for and track the progress of shipments. Moreover, the expansion of customer management services allows and even encourages outside users to access company files to update individual data. While protections against intrusion can be built into e-commerce systems, the conduct of e-commerce creates access to a firm's IC assets that would have been unprecedented even ten years ago. Moreover, the trend is likely to increase in the future as customers demand greater services and access to information.
Unlike tangible assets, there is no limit to the number of usable copies that can be made from IC. The distinction may seem obvious, but it has a number of important implications in the context of IC theft, among which are those below.
Unlike cash or paintings, which require the criminal to enter a vault or museum and subsequently carry off the stolen objects, IC requires only that the criminal make a copy. Historically, even this may have inhibited theft and increased the likelihood of detection. For example, when IC was available primarily in the form of documents, theft required the copying and/or carrying away of bulky paper files. For example, Jose Lopez, a former Executive at General Motors, was indicted in 1993 by a Detroit Grand Jury for the theft of numerous paper documents and computer discs. Such a charge is unlikely to be made today when the same amount of information can easily fit on a portable data drive.
Lopez' crime, in fact, is largely a thing of the past. Since IC usually has no tangible embodiment, it is not necessary to be in physical contact in order to steal it, nor does it occupy anything but a negligible physical space. As noted above, the "flat world" of cyberspace has created an operational space in which physical proximity is unnecessary to effect a theft of IC. The ease with which IC can be stolen is further exacerbated by the increasing connectivity required to conduct business.
The classic remedy in cases of theft is to return the property to its original owner. This has the two-fold outcome of preventing the asset's use by the thief and restoring exclusive use to the rightful owner. An automobile, for example, can be driven by only one person at a time. Nor must the asset always be in a tangible form for the restoration towork. Restoring cash, even in a digitized form, prevents a competitor from using the asset.
In the case of productive business assets, denying the use of the asset by a competitor may be as important as the return of the asset itself. The concept, in fact, really has no application outside intangible assets. A competitor, for example, could not simultaneously return and continue to use stolen machinery. However, since copies of IC are often as useful as the originals, there is little benefit in simply restoring the stolen information to its original owner. Anyone with copies of the IC can still use the assets for competitive advantage.
A simple example of the use/but return problem can be seen in the theft and subsequent piracy of intellectual property such as music or movies. The pirated copies can be produced at a low cost by manufacturers with no initial investment to recoup even if the originals remain in the possession of their legal owners. Patent and copyright law offer relatively sparse protection, particularly since many nations have official or unofficial policies of using pirated IC with little or no legal protections against its unauthorized use.
A situation with even less legal recourse might result from the disclosure of unpatented research-in-progress. When a firm has patented its research, it obtains legally enforceable intellectual property rights. However, research has value long before it becomes patentable. The research itself might not be at a stage in which it was possible to claim intellectual property rights, but could still be valuable to competitors as an indication of new avenues of research. Nothing would prevent competitors from pursuing successful parallel research once they were aware of its underlying concepts.
The frequency and virulence of economic espionage attacks has increased markedly over the last ten years and will almost certainly continue to grow as the importance of IC grows and as criminals (both private and state-sponsored) increase in number and sophistication. As this paper as previously noted, the traditional, reactive model of law-enforcement has not proven effective in reducing the frequency of economic espionage or in mitigating the damages of such crimes. And while statutes such as the EEA have provided improved legal remedies in cases of IC theft, they are clearly insufficient to control the burgeoning industry of economic espionage. This really leaves only one venue to control the problem, prevention, but how best to implement it?
The conventional wisdom to date has been to allow firms that own IC to protect it voluntarily. Given the rising tide of identity theft and related security breaches, this has clearly been an unworkable strategy. Mandating compliance, however, is nearly as challenging since it adds an additional layer of policing. Given that the number of potential victims is even greater than the number of potential attackers, this is hardly more effective than simply increasing the number of investigators. A more effective strategy under the circumstances is to devolve both the responsibility for protecting valuable and liability for losing it on the owners.