OPINION — The massive looting of the U.S. economy via Chinese state-sponsored intellectual property (IP) theft has risen almost to the level of common knowledge. Former NSA Director Keith Alexander famously testified to the U.S. Senate that China’s theft constituted the greatest transfer of wealth in history. FBI Director Christopher Wray has repeatedly made similar points. Despite these well publicized assessments, U.S. businesses continue to underestimate their risks of IP loss to the People's Republic of China (PRC). One significant reason for this is that both the U.S. government and private sector rely on grossly understated values of total annual losses due to IP theft by China. It is not $225-$600 billion, as commonly asserted. It is likely at least $5 trillion.
How do we know? The $225-$600 billion range is derived from IP losses that companies detect and report; but most IP theft is never detected or reported. This is because IP theft is espionage, which by design is not supposed to be discovered. Even when firms discover thefts, they rarely report them because managers prefer not to share such events with investors, competitors, customers and regulators. Another reason current estimates of total losses are so low is that companies do not account for the value of internally generated IP in their balance sheets. Valuing IP is notoriously difficult, but the consequence of failing to even try is that unmeasured assets are not noticed when lost.
A math problem
The question then becomes how to account for undetected, unreported thefts, and to arrive at a more accurate value of what the PRC steals. The only direct source of that information is the government of the PRC, and it is unlikely to supply it. However, we can derive the approximate value of stolen IP by comparing it to stolen secrets of another kind.
We have sources that provide information on intelligence operations that were known to the perpetrators of the espionage, but not originally to their targets.Records from the Soviet Union, and specifically the information contained in declassified sources from state espionage, like the Mitrokhin Archive, and the Venona papers, do just that. We can usethese Soviet records toprovide the missing number for the ratio of detected cases of theft to undetected cases.
This methodology is imperfect. We are deriving an estimated dollar value of undetected/unreported stolen IP from information on state espionage, which does not value secrets in monetary terms. We therefore assume that the same ratio of unknown to known events holds true for known and unknown dollar value of IP the PRC has stolen. However, an imperfect estimate of IP theft is better than no estimate at all, which is the current state of knowledge.
How, then, does the methodology arrive at $5.6 trillion for the value of stolen IP? A very conservative cursory count of known-to-unknown cases yields a ratio of about 25 undetected, unreported intelligence operations for every one that was known by the victim of the espionage. That number could be much higher. It is unlikely to be lower. If we assume the same 25:1 ratio also holds for the dollar value of stolen IP, then we can infer that the PRC steals $5.6 trillion from the U.S. (i.e., 25 undetected and unreported dollars multiplied by $225 billion detected and reported dollars).
$5.6 trillion may be difficult to accept at first, as it constitutes 20 percent of U.S. annual GDP for 2023. However, a more appropriate standard is not annual GDP but the equity value of businesses. This is the pot from which China purloins U.S. IP. Let’s calculate the equity value of U.S. businesses: as of June 2024, the total equity value of publicly traded companies was $55 trillion; and we should include privately held companies as well, because the PRC certainly does. No reliable figures exist for total equity value of private companies, but as they outnumber public firms by almost eight to one, it is reasonable to assume their value at least equals the $55 trillion of their publicly-traded counterparts.
Thus, the pool from which the PRC steals is at least $110 trillion. Losses of $5.6 trillion out of $110 trillion means that China is siphoning off about five percent of total U.S. equity value every year. Given the scale of theft Alexander and Wray described, and given that 11 percent of surveyed companies report inadvertent disclosures via cyber intrusions alone – which is only one of many theft vectors – then $5.6 trillion becomes even more plausible.
What’s not plausible, given the scale of theft described by Wray and Alexander, are the most common estimates of losses between $225-$600 billion. These numbers are absurdly low, bordering on inconsequential.
No responsible government would assess its risk of espionage based only on what it learned from foreign spies it caught or even knew everything about. Yet, this is how the U.S. private sector is viewing that risk. Operating on faulty or at least incomplete data, managers of U.S. companies collectively misconceive the scale of the problem, underestimate their risk, and fail to act. Even profitable companies are leaving money on the table and subsidizing PRC competitors’ R&D. As a consequence, they hemorrhage trillions of dollars every year in forfeited market share, revenue, and profit. Thus, investing more effort on tracking and defending their IP is not just sound counterintelligence; it’s good business.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
