The art of cui bono and frowning upon conclusions

MG, an acquaintance, writes:

Tim, the reality is that China remains a society held captive to the Chinese Communist Party, who is committed to stealing intellectual property from American entrepreneurs and companies. Doing business with the Chinese is extremely costly and a strategic mistake for most US companies.  My comments are directed to the broader issues of doing business in China and the Chinese government’s posture on its domestic economic policies, its foreign trade practices, and its unprecedented role in global intellectual property theft. These issues have been the subject of a great deal of analysis here in Washington DC (some of which we’ve engaged in).

Ignoring the agitprop boilerplate about the Party (it exists, it will continue to exist), I mention some of those IP issues in a couple different places and explain to the reader that they should talk with an experienced attorney and IT security specialist before setting up shop on the mainland: see Chapter 10 (legal services) and Chapter 13 (internet security).  In fact, there are several cases discussed in detail in Chapter 13 but rather than rehashing those statements, MG raises a problematic issue here: financial disclosure.

For instance, this past week Bloomberg published a story entitled, “Cybersecurity Lobby Surges as Congress Considers New Laws.”  While cybersecurity is a real, present danger for every firm in any country there is a Latin phrase that summarizes the conflict of interest in MG’s position: cui bono (who benefits).  As Bloomberg notes:

There were 513 filings by consultants and companies to press Congress on cybersecurity by the end of 2012, up 85 percent from 2011 and almost three times as many as in 2010, according to U.S. Senate filings. Twelve firms have submitted new registrations this year on behalf of companies including Google Inc. (GOOG)’s Motorola Mobility unit, Symantec Corp. (SYMC), United Parcel Service Inc. (UPS) and Ericsson Inc., the U.S. subsidiary of Stockholm-based Telefonaktiebolaget LM Ericsson.

“Cybersecurity is a lobbyist’s dream,” Rogan Kersh, provost at Wake Forest University in Winston-Salem, North Carolina, who researches political influence, said in an interview.

How do we know there is a conflict of interest in this segment?  CISPA, or Cyber Intelligence Sharing and Protection Act, is a proposed law which would enable government agencies to monitor and share private electronic communication (similar to SOPA).  This past week, Representative Mike Rogers, Chairman of the House Intelligence Committee accidentally tweeted and then deleted that the “House Intelligence Committee received 15 times more from pro-CISPA groups than anti-CISPA orgs.”  This is another example of cui bono as the same organizations lobbying for the bill are the same ones that will financially gain if it is passed.  Similarly, MG works at a firm that gains financially due to the hype and theater surrounding this issue.

This is not to say that hacking and cybersecurity are not real problems that firms and entrepreneurs should ignore.  Rather consider what General Electric Vice Chairman, John Rice recently said, “Despite hacking and other issues in China, foreign companies need to be there, due to the country’s potential as the world’s biggest marketplace.  The greater risk lies in staying away.”

Thus it comes down to who you want to trust: MG, a contractor who financially gains from hyping a purported threat or John Rice, who is willing to weigh risks and potentially capitalize off knowledge and technology arbitrage (e.g., bringing specific technological know-how to .the mainland).

Experienced expat response

Last night I spoke with David Veksler, CEO of CryptAByte and a cybersecurity professional in China who I interviewed for Chapter 13.  He told me in an email exchange that:

“Doing business in China is no doubt risky.  But betting your company’s future on a stagnating domestic markets is risky too.  Every business must balance the risk of IP theft and broken contracts against opportunities from the world’s biggest consumer market and low cost suppliers.

While Chinese companies are well known for intellectual property theft, we must keep in mind that there is no monolithic entity, even within the Party.  There are many competing interests, and each case is different.  By doing their due diligence, it is quite possible to protect one’s interests and secrets while being successful in China.  To claim otherwise is to say that information security is futile.

In the long run, industrial secrets may be impossible to keep, but in any dynamic industry competitive advantage and profits are made in the near future.  Businesses that substitute innovation with copying the competition will not succeed in a competitive market.”

Unconventional analysis

I also reached out and spoke with a patent attorney about the issues MG raises and spoke with Stephan Kinsella (the same attorney in Chapter 7).  Here is what Kinsella wrote in an email exchange yesterday:

“There may be a grain of truth in the complaint about Chinese companies not respecting Americans’ IP, insofar as some Chinese companies seem less willing or able to abide by contractual restrictions designed to keep certain information proprietary. But this danger exists for businesses in all societies, even in the US, especially as employee mobility increases and employees move back and forth between employers, taking ideas with them.

But the bulk of the complaint seems to be focused on American-style IP law, namely patent and copyright, and to assume that patent and copyright are legitimate types of property rights. This is what permits the author to refer to competition by Chinese companies as “stealing”: he has accepted the IP mentality. But copying and emulating others in the process of competing with them is part of the free market. Patent and copyright are anti-property, anti-market systems designed to protect companies from competition.

Thus, the author here is siding with protectionism and against the market, and Chinese companies who compete with American companies because they have relatively fewer IP laws to shackle them, more more capitalistic. It is true that some American companies whose business model depends on the protection from competition afforded to them by IP law would prefer that other countries, like China, also offer them protections from competition. But this does not mean that such laws make sense.”

Secret central plans

Tangentially related to cybersecurity and hacking is the myth of the secret plan hidden somewhere.  Or rather, the myth that hackers in other countries have of the US — that there is a super secret master plan that directs all activities of the federal government.  This was humorously brushed aside last month by Ezra Klein at the Washington Post, who explained that:

I almost feel bad for the Chinese hackers. Imagine the junior analysts tasked with picking through the terabytes of e-mails from every low-rent think tank in Washington, trying to figure out what matters and what doesn’t, trying to make everything fit a pattern. Imagine all the spurious connections they’re drawing, all the fundraising bluster they’re taking as fact, all the black humor they’re reading as straight description, all the mundane organizational chatter they’re reading.

This weekend Reuters published a story about a cybersecurity program at Jiao Tong university with PLA connections (the same PLA unit in the Mandiat report that made headlines earlier this year).  While formal ties with this college may exist, to be even handed, we should keep in mind that Stuxnet and Flame were designed by the NSA and Israel, to take out Siemens-designed software systems located in Iran.1 However, this raises a number of questions (e.g., when is state-sponsored cyber espionage justified) that detract from the immediate issue at hand.

Some cybersecurity threats are real, others imagined.  Before investing in any domicile be sure to do your due diligence for security threats (even the old-fashioned variety) and speak to a lawyer or risk assessment expert to qualify potential threats.  For more on this hype and cybersecurity, be sure to follow Techdirt and Bruce Schneier.

Send to Kindle
  1. See Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload from Wired and Resource 207: Kaspersky Lab Research Proves that Stuxnet and Flame Developers are Connected from Kaspersky Lab []

Leave a Reply

Your email address will not be published.