China’s Espionage and Cyber Attack Strategy

An excellent article about the “recent discovery of Chinese cyber warfare attacks on foreign computers, on communication computers of visiting dignitaries, and espionage activities to assist a friendly country is building weapons of mass destruction (WMDI)” entitled China’s Silent Warfare at BLOg Source INTelligence reveals a lot about China’s espionage and cyber attack strategy.

Copyright as an Asset – Canada

In Canada, one does not have to register your copyright to have protection, but when you register with the Copyright Office, you receive a certificate which can be used to your advantage in the event that your work is infringed. Formal registration of a work is not required. An author or the author’s employer usually enjoys copyright protection automatically on creation of the work.

Registration of a copyright is done by completing an application and sending it to the Copyright Office. A copy of the work is not sent along with application. Under the Library and Archives of Canada Act, two copies of every book published in Canada, and one copy of every sound recording manufactured in Canada that has some Canadian content must be sent to the National Library and Archives within one week of publication.

Library and Archives Canada
Legal Deposit
395 Wellington Street
Ottawa ON  K1A 0N4
Tel.: 819-997-9565
Fax: 819-953-8508

When a publication is deposited, a brief description is entered in AMICUS, Library and Archives Canada’s database. They are also catalogued and listed in Canadiana, the national bibliography, which began in 1950 and is widely circulated in Canada.

Copyright as an Asset – UK

A copyright may represent a substantial asset for a person or company. The UK does not have a formal copyright registration process as in the U.S.A. — in the UK, creating the work creates the copyright.

The British National Bibliography (BNB) is the single most comprehensive listing of UK titles. UK and Irish publishers are obliged by law to send a copy of all new publications, including serial titles, to the Legal Deposit Office of the British Library; hence, the BNB is a list of copyright registrations. The British National Bibliography, was originally a weekly catalog which which became a  reference for book selection, cataloging, and for retrieval.

A Free BNB Web service to be launched in January 2009 will make the BNB available through the British Library Integrated Catalogue web pages. At that time, the CD-ROM version of BNB will be withdrawn. The current consolidated catalogues available on the BL website certainly correspond to a large part to the BNB. The British Library Automated Information Service (BLAISE), allowed a BNB search back to 1950, but I do not know if those catalogue records were transferred to the current BL website’s Integrated Catalogue, but it appears that the the new Web service will include these records.

The Intellectual Property Shuffle

Subsidiaries seem to be the bane of my existence lately. The following story is getting old.

A company has what seems like a good idea. It gets people to invest.

The intellectual property (IP) is registered to, or transferred to, a subsidiary, which is then spun-off. The newly independent company then transfers the IP to an off-shore company. The off-shore company then licenses the IP to the original firm.

Secrets are Secret, unless you work in the UK Cabinet Office

By now you have heard of the secret intelligence files left on a commuter train in England.

Keith Vaz MP, chairman of the powerful Home Affairs select committee told the BBC: “Such confidential documents should be locked away…they should not be read on trains.”

This should be a reminder to the private sector regarding trade secrets.

Trade Secrets

A trade secret is not protected by a Patent, Trademark, or Industrial Design. A trade secret is confidential and proprietary information that you protect because of its commercial value and the competitive advantage that it produces for your company.

Competitive Intelligence

Exposing a trade secret in public by working on a critical document on an airplane, leaving a trade secret on a commuter train, or exposing it in an proposal, may eliminate the confidential nature of the data, and once you do that, you have, by definition, given up protecting it, therefore, it is not a trade secret that you can claim as proprietary — your former trade secret moves into the public domain for all to see and use.

As a competitive intelligence practitioner, I often find former trade secrets loose in the public domain due to irresponsible security practices. If the owner does not protect the trade secret, it ceases to be confidential and proprietary data, and is likely to become somebody else’s competitive advantage, or worse still, it might become a standard practice for an entire industry.

On-line Fences

The US Government Accountability Office says that stolen sensitive military items have been purchased by undercover government officials on Craigslist and eBay. However, this is like the kettle calling the pot black. The same subcommittee determined that the Defense Department sold chemical protective suits and biological warfare laboratory equipment to the public.

While it is easy to see an element of fear mongering in this, it does remind us that private sector businesses should be checking eBay and Craigslist for their own product and counterfeits. Doing so may reveal a problem with theft, grey marketing, or counterfeiting.

Dangers of Outsourced Software Development

Nigel Stanley, at Bloor Research article entitled Ounce Labs weighs into rogue code about the dangers of outsourcing software development. The most interesting part of the article follows:

Industrial espionage, or good old fashioned spying, is as alive and well today as it has ever been. In fact, a lot of time and effort from the security agencies is tied up in dealing with this issue, and contacts have assured me it is worse now than it has ever been as developing countries try to steal a march (maybe even literally) against the developed world. Spying between developed nations is also a problem, with some larger European countries having a dreadful reputation for trying to obtain industrial secrets from so called allies. Software development is an obvious target…

The downside of this approach is that decision makers get seduced by green lights whilst their developers look for even more creative ways of inserting malicious code. No sensible person will ever declare that a product such as Ounce 5 will guarantee that your code is 100% secure…