“Every day, China, Russia, Iran and others are blatantly stealing reams of information from U.S.-owned computers. This unprecedented heist, at an estimated cost of $1 trillion per year worldwide, includes the theft of the crown jewels of our economy: intellectual property created by American ingenuity and housed on corporate computer networks across our nation.” (Reps. Mike Rogers, R-Mich., and Dutch Ruppersberger, D-Md., writing in Politico)
Is the $1 trillion figure Rogers and Ruppersberger cite just another big number, or is it something more?
It might be something less.
This $1 trillion loss can’t be nailed down. We can’t even be sure what it represents. “Gen. Keith Alexander, head of Cyber Command and the National Security Agency, has estimated that the U.S. has lost $1 trillion in intellectual property,” Colin Clark writes at AOL Defense. Wait. The congressmen said “worldwide.”
“Recent studies indicate that the federal government and U.S. companies lose about $1 trillion a year in intellectual property and other proprietary information taken by cyberthieves,” writes Matthew Hansen at the Omaha World-Herald. He cites no such studies.
If there is such a study, I can’t find it, and I’m pretty good at finding stuff. FTI Forensic and Litigation Consulting, in an advertising flier, cites a Federal Reserve report when it says “United States businesses today invest as much in intellectual property and other intangible assets, about $1 trillion, as they do in equipment, factories and other physical investments.” The report, by Leonard I. Nakamura for the Federal Reserve Bank of Philadelphia, does say that, but it’s 10 years old. So today, we are expected to believe that the U.S. (or worldwide; who knows?) loss from intellectual-property theft is as much as the total U.S. investment. That seems unlikely in the absence of documentation.
Keep following the number. Eventually it will lead you to a post by Robert Richardson, director of the Computer Security Institute, who apparently was as curious as I was about where the $1 trillion came from. He thinks the source is a report from the computer security firm McAfee, even though the figure can’t be found there, either. The McAfee CEO came up with it in interviews about the report.
So, when a couple of congressmen write an opinion piece for you that includes an unsubstantiated number, do you let it slide? Politico did. You shouldn’t.