Brain Drain: China’s Campaign of Intellectual Property Theft

Here is the report’s Introduction:

Introduction

The United Kingdom (U.K) is belatedly waking up to the broad gambit of threats posed by the People’s Republic of China (PRC). The Chinese Communist Party (CCP) uses influence and infiltration operations against its adversaries, including the U.K. These operations include the deployment of tactics that fall short of traditional armed conflict in an effort to overtake the West and become the world’s foremost power. Central to its efforts is the theft and drainage of intellectual property (IP).

In its 2017 updated report, the United States-based independent and bipartisan Commission on the Theft of American Intellectual Property (IP Commission) estimated that IP theft cost the United States (US.) economy anywhere between $225 and $600 billion annually.(1) This figure is equivalent to 1.3% to 3% of the Gross Domestic Product (GDP) of the US.. In contextual terms, were the economic cost of IP theft to be commensurate with a nation’s GDP, it would mean the cost to the U.K of IP theft is in the region of $34 billion (£23 billion) to $82 billion (£61 billion). Comparably, in 2016–17, the U.K spent just £46 billion on its entire defense budget, £29 billion on transport, and £24 billion on industry, agriculture and employment.(2)

In its report, the IP Commission was clear as to where the blame lay, stating unequivocally that China is “the world’s principal IP infringer.”(3) The rapid acquisition of intellectual property is central to both the CCP’s ‘Military-Civil Fusion’ (MCF) doctrine and its “Made in China 2025” strategy.(4) Like the US., the U.K is a target for this activity. In December 2018, the National Cyber Security Centre (NCSC) announced that a group of Chinese hackers “known as APT10 acted on behalf of the Chinese Ministry of State Security [MSS] to carry out a malicious cyber campaign targeting intellectual property” in the U.K.(5) In its advisory note, the NCSC revealed that the U.K was a “significant” target of APT10.(6)

The APT10 campaign targeted a diverse range of entities, including companies, government bodies, non-governmental organizations, and educational institutions. Far from being the exception, such diversity is the norm. In the US., where a series of indictments for IP-related crime have been brought over recent years, targets have varied in sector, structure, and nature. Of these targets, however, universities stand out as a particularly frequent focus. In the first nine months of 2020, 14 individuals at US. universities have been indicted over charges connected to foreign interference.

British universities themselves acknowledge the existence of this risk. In a 2018 submission to the House of Commons’ Foreign Affairs Select Committee (FASC), Universities U.K (the representative body for British universities) said its “working assumption is that the most significant threat from hostile state actors is misappropriation of research output, including the seizing of research data and intellectual property.”(7) Speaking in January 2019 in response to news that Oxford University was suspending new investments from Chinese technology companies given concerns that they might constitute a spying threat, the Chairman of the FASC, Tom Tugendhat MP, said that Oxford was “right to be concerned about the issue” of IP theft.(8)

Universities are, by their very nature, engaged in large quantities of original research, including within many of the areas most attractive to the Chinese State. Her Majesty’s Government (HMG) has published detailed advice for the university sector on how to abate the risk of IP theft. The guidance, called ‘Trusted Research’ (TR), covers, in broad terms, four key themes of risk: cyber-hacking, human-conducted theft, research partnerships, and the admission of overseas individuals. Of these, cyber-hacking and more conventional theft are – as a matter of law – already criminal offences in almost all circumstances.

However, research partnerships and the enrolment of overseas-nationals are – in the majority of cases – not merely lawful but, as the TR guidelines make clear, positively encouraged.(9) These forms of international academic engagement – as well as countless others, such as the recruitment of overseas academic staff – offer considerable benefit to British universities in both financial and academic terms. However, these benefits give rise to an obvious tension between the not-insubstantial advantages of international engagement and the very real security concerns that accompany it.

The bulk of advice provided by the TR guidance concerns research collaborations between British and overseas institutions at a corporate level. This matches much of the public debate in which detailed coverage has been afforded to relationships between Chinese-linked entities (particularly Huawei) and British universities or Confucius Institutes based within them. Far less attention has been afforded to security risks associated with foreign-national students and staff. In many ways, this is unsurprising. Until recently, no Western nation had a bespoke policy arrangement to preclude IP drainage by foreign-nationals at their respective universities. That changed in May 2020 when Donald Trump issued a Presidential Proclamation banning graduates of Chinese universities linked to the People’s Liberation Army (PLA) from studying in the US.. While, in February 2020, Christopher Wray, the Director of the Federal Bureau of Investigation (FBI), said that the CCP “use some Chinese students in the US. as non-traditional collectors of our intellectual property.”(10)

These events have thrown a sudden light on the security arrangements adopted by the allies of the US., including the U.K. And on this issue, the U.K is well behind the curve. The Academic Technology Approval Scheme (ATAS), the regulatory framework that is used to face the threat of IP theft, emerged from the Voluntary Vetting Scheme (VVS) which was created in the 1990s as a mechanism to prevent Saddam Hussein, the then dictator of Iraq, from acquiring expertise in the development and delivery of weapons of mass destruction (WMD).(11) Administered by the then Foreign and Commonwealth Office as a counter-proliferation policy, ATAS was designed to preclude the capture of a relatively narrow range of technologies by nationals from a relatively small number of countries. To this day, its formal mission is limited to preventing only the proliferation of WMDs and their means of delivery.

The challenge of IP theft, however, is much broader and more complex in nature. Driven by economic as well as military interests, the range of targeted technologies are far more diverse than those sought by previous strategic adversaries. Moreover, the MCF doctrine means potential acquirers of IP are drawn from a much wider range of backgrounds. The emergence of the Thousand Talents Program (TTP) in 2008 transformed IP theft into an industrial-scale problem. This begs the question of whether the U.K’s current frameworks are capable of managing the conflicting interests of the proper desire to encourage overseas students to study here and the need to mitigate the risk of IP drainage.

This paper argues that serious questions need to be asked about our existing mechanisms and frameworks of reference. Hundreds of Chinese students are presently studying in the U.K whose risk profile is such that they would be barred from admission to the US. under the May 2020 ban. A significant proportion of these students study the most sensitive subjects possible. Despite concerns having been raised repeatedly about the threat of IP theft, it is striking that no prosecutions have ever been brought for offences connected to the Intangible Transfer of Technology (ITT). While this paper does not for a moment seek to suggest that all, or even some, Chinese students in the U.K are engaged in such activity – or that U.K institutions are even unintentionally aiding such an eventuality – it does conclude that there are national security concerns inherent in current U.K systems that need to be tightened up to mitigate risks that have already been pointed out.

In addressing this situation, the U.K need not reinvent the wheel, however. One advantage of facing a common threat with its allies is that the U.K can take elements of best practice from them. Doing so will not eliminate the threat of IP drainage. It will, however, give the security services a fighting chance in limiting its impact.

1) ‘Update to the IP Commission Report; The Theft of American Intellectual Property: Reassessments of the Challenge and United States Policy’, The Commission on the Theft of American Intellectual Property (2017), available at: ipcommission.org/report/IP_Commission_Report_Update_2017.pdf , last visited: 2 September 2020, p.1.

2) ‘Budget 2016’, HM Treasury and The Rt Hon George Osborne (2016), available at: assets.publishing.service.gov.uk/ government/uploads/system/uploads/attachment_data/file/508193/HMT_Budget_2016_Web_Accessible.pdf, last visited: 2 September 2020, p.5.

3) ‘Update to the IP Commission Report; The Theft of American Intellectual Property: Reassessments of the Challenge and United States Policy’, The Commission on the Theft of American Intellectual Property (2017), p.2.

4) ‘“Made in China 2025” Industrial Policies: Issues for Congress’, Congressional Research Service (2020), available at: fas.org/sgp/crs/row/IF10964.pdf, last visited 2 September 2020; ‘Military-Civil Fusion and the People’s Republic of China’, US. Department of State (2020), available at: www.state.gov/wp-content/uploads/2020/05/What-is-MCF-One-Pager.pdf, last visited: 2 September 2020.

5) ‘U.K and allies reveal global scale of Chinese cyber campaign’, Foreign and Commonwealth Office, National Cyber Security Centre and the RT Hon Jeremy Hunt MP, 20 December 2018, available at: www.gov.uk/government/news/uk-and-allies-revealglobal-scale-of-chinese-c…, last visited: 2 September 2020.

6) ‘APT10 continuing to target U.K organizations’, National Cyber Security Centre, 20 December 2018, available at: www.ncsc.gov.uk/news/apt10-continuing-target-uk-organisations, last visited: 2 September 2020.

7) ‘Written Evidence from Universities U.K’, Parliament U.K, October 2019, available at: data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/foreign-affairs-committee/autocracies-and-uk-foreign-policy/written/106141.html, last visited: 2 September 2020.

8) ‘Oxford University ‘right to be concerned’ over China trade secrets theft, MP warns’, The Telegraph, 18 January 2019, available at: https://www.telegraph.co.uk/technology/2019/01/18/oxford-university-righ…, last visited: 2 September 2020.

9) ‘Trusted Research Guidance for Academics’, National Cyber Security Centre (2020), available at: www.cpni.gov.uk/system/files/Trusted%20Research%20Guidance%20for%20Acade…, last visited: 2 September 2020.

10) Wray, C. ‘Responding Effectively to the Chinese Economic Espionage Threat’, Department of Justice China Initiative Conference, Center for Strategic and International Studies, 6 February 2020, available at: www.fbi.gov/news/speeches/responding-effectively-to-the-chinese-economic…, last visited: 2 September 2020.

11) ‘What is ATAS?’, Foreign and Commonwealth Office, July 2009, available at: webarchive.nationalarchives.gov.uk/20090704101923/http://www.fco.gov.uk/en/fco-in-action/counter-terrorism/weapons/atas/atas-what/, last visited: 2 September 2020.