Digging Into the USTR’s “2023 Special 301 Report” on Intellectual Property (IP) Theft

Security
Security

American Intellectual Property (IP) Theft is up this year. Luckily, there’s a watchdog for that, and this year, they had a lot to say.

Every year, the Office of the United States Trade Representative (USTR) publishes an update on trade barriers to U.S. companies due to intellectual property (IP) laws. Known as the Special 301 Report, it’s been around since 1989 and lists its “Priority Foreign Countries”, or countries judged to be a threat due to inadequate intellectual property laws.

Let’s dig into the issue of American IP Theft and what this 2023 report brings to the table.

The State of American IP Theft in 2023

The National Intellectual Property Rights Coordination Center (IPRCC) reported that:

  • Cases against IP Theft are up by 21%
  • Indictments increased by 99%
  • Convictions are up by 29%

And on the whole, domestic IP Theft has gone from costing us (only) $ 822.3 million to a whopping 1.12 billion. That’s an increase of 36%.

It doesn’t take another annual report to put the pieces together. We’re in the spike of the digital revolution, taking on more hyper-distributed environments, hybrid work ecosystems, and computing complexity than ever before. The attack surface has blown up. Zero Trust is the new watchword, and data protection is more critical than ever.

Amid all this confusion, our trade secrets – critical in many ways not only to our bottom line but to National Security – are getting stolen from right under our noses. Here’s how.

How IP Theft Works

According to data security company Cyberhaven, IP Theft happens in the following ways;

  1. Unauthorized Access | Hackers break into a business’ information systems – the center of data and data management – by compromising access credentials. It is then that they carefully exfiltrate sensitive information, like trade secrets. However, sometimes proprietary information is publicly accessible (and the company doesn’t even know it). That’s why all the data doors need to be watched.
  2. Misappropriation of Disclosures | It’s often beyond the bounds of the law to disclose sensitive information to third parties, such as in a business deal or bidding war. Not everyone honors the law.
  3. Misuse by Employees | Good employees can go bad, especially under economic pressure. External threat actors prey on workers who have recently experienced layoffs, and internal discontent can lead to those closest divulging a company’s secrets.

Now that we know what’s being done, let’s discover this year’s top offenders.

Key Points of the 2023 Special 301 Report

The 2023 Special 301 Report documents the USTR’s findings of more than 100 trading partners and represents intensive global research and cross-collaboration.

Who Made the Priority List?

By law, the USTR must provide a list of countries that do not provide “adequate and effective” protection of intellectual property rights or “fair and equitable market access to United States persons that rely upon intellectual property rights“. Countries that made this year’s watchlist include:

  • Argentina
  • Chile
  • China
  • India
  • Indonesia
  • Russia
  • Venezuela

And 18 more, enumerated in the report.

This is the equivalent of a diplomatic nudge to “get on the ball” in terms of IP regulation and enforcement. As stated on the official USTR website, “These countries will be the subject of particularly intense bilateral engagement during the coming year.” Not doing so could lead to potentially damaging economic outcomes down the road.

Now, let’s dig into some of the highlights of the report.

Concerns Over Online Piracy

Ongoing concerns over both online and broadcast piracy listed in the report included illicit streaming devices (and related piracy apps), stream-ripping, pirated content being distributed by cable providers, and illegal Internet Protocol television (IPTV) services. Stakeholders in the entertainment industry and other creative sectors continue to underscore that sales of their content are intrinsic to their livelihoods. No trade secrets here, but illicit IP capture all the same – as well as a dent to the nation’s economy and the world’s largest industry.

Major Legal Reforms

Thailand gets kudos for amendments to the Copyright Act, in force as of August 2022. Vietnam receives similar praise for its own amendments to the IP Code, in effect as of this past January. And Nigeria ranks highly for adopting the Copyright Act, 2022 in March of 2023. For all the “one step(s) back”, this is surely “two steps forward”. Or three.

China Draws Concern

IP protection and enforcement is touch-and-go when it comes to our (typically) highest trading partner. Right holders have expressed concern over the adequacy and effectiveness of laws securing intellectual property, such as in China’s handling of the Copyright Law, Patent Law, Criminal Law, and IP protections in general. Concerns also abound about “long-standing issues” like counterfeiting, technology transfer, trade secrets, bad faith trademarks, and the like.

Bulgaria Makes the List

Bulgaria failed to properly investigate and prosecute instances of online piracy cases, allowing criminal investigations and even prosecutions to proceed with just a subset of the available evidence. They also failed to properly address these shortcomings. For that reason, they made the 2023 Priority List, with the USTR set to review them further to see if they make any progress towards compliance.

Belarus Legalizes Illegal Activity

In Belarus, you can now legally use certain copyrighted works unlicensed if the right holder belongs to a foreign state “committing unfriendly actions”. This is open for interpretation, which makes it such a sandpit. Additionally, it allows the Belarusian government to keep any royalties from said unlicensed usage and divert them to their general coffers (or the Lukashenka regime). They are also on the Watch List as a sanction for supporting Russia in their unprovoked invasion of Ukraine.

IP Theft, Cybersecurity, and Commerce

Now in its 34th year, the USTR’s Special 301 Report provides another finger on the pulse of (what is now) digital crime. Perhaps the stuff of manila envelopes and illicit meetings in the report’s early years, the war on IP Theft is now fought largely on the battleground of digital dark alleyways.

And that moves cybersecurity up to a position of prominence, if not supremacy. Once a “key part of business”, cybersecurity – data protection, IP theft monitoring and detection, malware prevention, and the like – is now business itself.

Now, a modern company cannot do business without a digital presence. Now, a company’s ability to stay viable for the next year (let alone 30) is based on its ability to secure its assets in cyberspace. And now, it’s understandable that countries whose economies rely largely on multinational corporations would only want to play ball with those willing to play by the same rules.

Author Bio:

An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire and many other sites.