As we celebrate World Intellectual Property Day today on 26 April, let’s remember all the innovation that has been stolen.
While innovators have had their intellectual property stolen for centuries, in modern times they face an avalanche of cyber-enabled attempts at theft of their knowhow. Hacking groups, typically operating with consent from state authorities, exploit vulnerabilities in information and communication technology to grab copious amounts of trade secrets and other business information for commercial gain.
These attacks are increasing in scale. Between 30 and 40 identified state-sponsored espionage campaigns affected or targeted private entities globally in 2021–22. They involve sectors of the economy across commercial value chains and industrial development priorities. And they’re affecting IP-intensive businesses in advanced economies and emerging economies alike. In 2020, 56 percent of cases struck economies in Southeast Asia, Middle East, Africa, South Asia and Latin America.
State-sponsored theft of IP via cyber means—a practice known as economic cyber-espionage for commercial gain—is an international problem. It still lacks an adequate effort to halt it.
When the leaders of the G20 met in Turkey in 2015, they agreed that no state would support or conduct the theft of IP via cyber means with the aim of providing local companies with a competitive advantage. A few years before, in 2013, all UN member countries had already agreed that international law applied to state conduct in cyberspace.
Since then, international talks on cyber have progressed insofar as it has concerned international peace and stability. For instance, more detailed agreements were reached on the protection of critical information infrastructure and on understanding how and when international humanitarian law applied in cyber operations.
But, if international law applies to state conduct in cyberspace, as the UN member states continue to affirm, then international trade law also should apply to state conduct in cyberspace.
The existing trade regime—administered through World Trade Organisation (WTO) agreements as well as various World Intellectual Property Organisation (WIPO) conventions—requires states to adhere to non-discrimination. So entities should be able to freely conduct business without the risk of trade secrets and sensitive business information being stolen and leaving them without recourse to legal settlement. Under the TRIPS Agreement, states must maintain minimum standards of IP protection, and they have access to a dispute settlement mechanism.
The problem today, however, is that some states operate in cyberspace with the intention to misappropriate trade secrets, innovations and technological knowhow from others, or to create an environment in which this is tolerated or encouraged. Existing trade law does not account for this state-sponsorship element nor for cyberspace as a conduit to engage in unfair competition.
While trade law prohibits stealing of any kind, perpetrators of economic cyber-espionage are protected by the inability or unwillingness of their national authorities to investigate and prosecute cases. Current WTO IP protection rules have a territorial-centric focus. This means that malicious cyber activities conducted by one state against another, and with harms materialising on the victim’s territory, are not taken into account. So there’s no incentive for states to take cases of cyber-enabled theft of IP to the WTO.
Counterintelligence and law enforcement authorities face other technical challenges, such as the establishment of evidence beyond reasonable doubt and the risk of revealing sources and methods.
But these constraints should not be considered a reason for inaction by the international trade community. The foundations of international political and economic stability lie in respect for sovereignty and the principle of non-intervention. Yet the very notion of economic sovereignty is under attack by state and non-state actors misusing the cyber domain to gain unfair commercial advantages for economic and strategic gain.
There is a growing apprehension among members of the international community of this threat. The Five Eyes countries, the EU, its member states, Japan and even China have all declared that their knowledge- and innovation-intensive industries are vulnerable to economic cyber-espionage by other states.
Today, on World IP Day, we’re looking at the WTO and WIPO. What can these bodies do to strengthen international cooperation, and above all to strengthen IP protection in this digital age?
First, the WTO and WIPO should require their member states to declare that they are not using cyber tools or proxies to gain an unfair competitive advantage. While this is implied in existing international agreements, the global cybersecurity and economic security environment warrant a more explicit commitment. Government leaders declaring that they are not involved in and do not support IP theft would be the first step in building accountability.
Second, state-related issues of cybersecurity should get a firm place within WTO and WIPO forums—for instance, in the council for trade-related aspects of IP rights. The WTO and WIPO should establish a specific group to facilitate dialogue between member states, provide opportunities for the sharing of good practices in building resilience and, most fundamentally, provide opportunities to raise, challenge and dispute cyber operations affecting their economies and fair competition.
Finally, the WTO and WIPO should harness the UN secretary-general’s roadmap for digital cooperation. They should invest in building coalitions and operational collaboration between trade authorities, representatives of IP-intensive industries and the cybersecurity sector. This could also involve revisiting WIPO PROOF, a service that was established in 2020, but discontinued shortly thereafter, that provided assurances against tampering of digital files.
Additionally, they should build repositories of governmental best practices in protecting IP-intensive industries from sophisticated cyber-attacks, thereby establishing a standard, and offer national regulators and policymakers access to data, resources, capacity building, tools and expert networks. Similar to the International Telecommunication Union, which hosts the Global Artificial Intelligence for Good summit, the WTO and WIPO could offer a regular platform for national experts on cybersecurity, international trade, IP and economic development to come together.
The international trade regime was designed to enable states to compete fair and square, while allowing international collaboration and innovation to prosper. When gross violations of this responsible state behaviour remain unaddressed, then the very integrity of the international rules are at stake. States must intervene domestically to protect IP-intensive industries in a first line of defence, but the WTO, the WIPO and other regional trade bodies need to step in now, too, and address the cybersecurity-related shortcomings of the current IP protection regime.