If you are reading this article, odds are China has already stolen your personal data.
In 2017, Chinese military-backed hackers infiltrated the computer systems of the credit report agency Equifax, making off with the personal information of over 150 million people. Another Chinese group successfully hacked the federal Office of Personnel Management three years earlier.
And while four Chinese citizens were eventually indicted on charges including the Equifax theft, China and its cybercrime network has never stopped stealing from U.S. firms. On a daily basis, they target healthcare providers, utilities, universities, software companies, manufacturers… Anyone who has anything of value online is a target for Chinese theft, and it is a multilayered policy of China to steal every bit of tech and data they can get their hands on.
These hacks are not random crimes. They are just one part of a much larger plan for technological dominance. China’s 14th five-year plan includes a “Made in China 2025” project that identifies a dozen technologies China wants to be the world leader in, including artificial intelligence, biotechnology, semiconductors, quantum information systems, and drones.
Not all of China’s technology procurement efforts come from outright theft. They also use the allure of their large domestic markets to trick companies into transferring their technology to Chinese firms.
For example, a wind turbine manufacturer was told that in order to do business in China, 70% of each wind turbine installed in China had to be manufactured in China. Significant resources were then made building factories, training employees, and building the technological capacity to build these turbines. This technology was then transferred to other companies throughout China, and now, China is the world’s largest supplier of wind turbines.
Other technology transfers between seemingly private sector companies are less consensual. Chinese firms that are in negotiations with American firms to license technology can and often do turn to Chinese intelligence services for help in just stealing the desired technology. It would be like if a U.S. firm wanted to buy some French nuclear technology and, halfway through the negotiations, the U.S. firm just turned to the NSA and asked them to steal it instead (the French also do this to the U.S.!)
China also eagerly ships its own scientists to universities and research labs throughout the U.S. in hopes of obtaining U.S. secrets. Chinese researchers have been arrested for stealing vials from cancer labs in Boston and missile technology from UCLA. These scientists are not always willing participants in the theft. Often, China will blackmail Chinese scientists in the U.S. by threatening to harass or harm their families back home.
For all the money Congress is about to spend on research and development specifically to counteract the threat of China’s technological ambitions, not nearly enough was done to put teeth in the legislation to punish Chinese firms that steal U.S. technology.
Any unauthorized transfer of technology to any Chinese entity should come with automatic felony criminal penalties and heavy fines. In addition to punishing the individuals involved, the Chinese entity involved should be banned from all transactions with any American counterpart anywhere in the world, including through third parties. And U.S. cybersecurity agencies need to step up their own efforts to hack China’s computer systems. Deterrence is fast proving to be the best way to achieve a semblance of cybersecurity.
China steals an estimated $600 billion of intellectual property from the U.S. every year. Former National Security Agency Director Keith Alexander has called this “the greatest transfer of wealth in human history.”
Our government and our largest corporations need to do far more to stop this theft, even if it means doing less business in China.