Cybercrime, patent-theft numbers are total bullshit

In case there was any doubt in your mind, the alleged $1T cost to America from cyberwar and the $250B cost to America from "cyber-theft of Intellectual property" are both total bullshit. Pro Publica breaks it down.

One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property theft — was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.

McAfee’s trillion-dollar estimate is questioned even by the three independent researchers from Purdue University whom McAfee credits with analyzing the raw data from which the estimate was derived. "I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large," said Eugene Spafford, a computer science professor at Purdue.

Spafford was a key contributor to McAfee’s 2009 report, "Unsecured Economies: Protecting Vital Information" (PDF). The trillion-dollar estimate was first published in a news release that McAfee issued to announce the report; the number does not appear in the report itself. A McAfee spokesman told ProPublica the estimate was an extrapolation by the company, based on data from the report. McAfee executives have mentioned the trillion-dollar figure on a number of occasions, and in 2011 McAfee published it once more in a new report, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF).

In addition to the three Purdue researchers who were the report’s key contributors, 17 other researchers and experts were listed as contributors to the original 2009 report, though at least some of them were only interviewed by the Purdue researchers. Among them was Ross Anderson, a security engineering professor at University of Cambridge, who told ProPublica that he did not know about the $1 trillion estimate before it was announced. "I would have objected at the time had I known about it," he said. "The intellectual quality of this ($1 trillion number) is below abysmal."

Does Cybercrime Really Cost $1 Trillion? (via /.)


  1. One time, I had a sleeve of CDs  that was stolen. I estimate the loss at $1.27 trillion dollars.

    1. Naaah don’t be crazy! That’s way too high. According to official record industry figures you can only value a stolen song at 150.000 dollars. Now, say you had 10 CD’s in the sleeve and about twelve songs on each CD, that’s 10*12*150.000  equalling only a meagre eighteen million in damages.

      Really you must stop exaggerating like this.

      1. But punitive damages, pain and suffering, patent infringement fines, penalties for unsanctioned international trade, post-facto tariffs and lawyer fees put it back to the 1.27 trillion, plus adjustment for inflation and wire transfer fees.  @forwardourmoto: if you advance me $128,000.00USD, I will handle the case for you.

          1. We have their names and will sell them to you for $750,000,000.00.  The list can’t be subpoenaed because it’s locked in a secret vault offshore.  We will also sell you back your CDs, since by now with all the publicity, they are collectors’ items, and would likely fetch about $250,000,000.00, but we will settle for $150,000,000.00 as well as retaining the movie rights and ability to use them in the soundtrack.  Also, your mom.

  2. In case there was any doubt in your mind

    Not a shred of it. Though I appreciate the fact that you’re helping people fine-tune their bullshit detectors. That’s got to be worth a few billion media-bux, at least. ;)

  3. Did Symantec and McAfee get their numbers from the same place as the Recording Industry Association of America?

  4.  Alright folks, this is a hypothetically leaked private chat between Cary Sherman and Chris Dodd. It is said to be highly erotic, and that one highly motivated intern died immediately of hyper-orgasmic over-stimulation upon accidentally reading it. To normal humans, it looks repugnant and absurd.

    Dodd: “Say something dirty.”

    Sherman: “Norton”

    Dodd: “Oh yeah. You too pirate baby.”

    Sherman: “McAfee”

    Dodd: “Oooooh. Now pretend we’re smoking crack together, like we used to.”

    Sherman: “Because each Linux user has potentially displaced one or more Windows operating-system, we must immediately sue all Linux users for losses caused to Microsoft. Every Linux ISO must bare a minimum cost from which the equivalent cost of premium editions of Windows will be payed to Microsoft in royalty fees. Furthermore, it is now forbidden for any self-duplicating product, whether digital or material, to be distributed in any shape or form.”

    Dodd: “I am wearing PirateBay underoos.”

    Sherman: “Nothing can stop us.”

    Dodd: “….am ..removing them”

    Sherman: “Oh god, …say something statistical!”

    Dodd: “Too, ..ex ..cited, to cal …cu …late. Po ..tent …entially, they a.. a.. all owe us some …thing.”

    Sherman: “Exaggerate, EXAGGERATE! Harder, ….HARDER!”

    Dodd: “I’m going to …”

    And that is where the intercepted AOL chat ended.

  5. “Intellectual property” != “patents,” in the same way that “polygons” != “hexagons.”

    I’m surprised and disappointed that, with the frequent grousing about various IP
    issues here and elsewhere, confusion is still frequent over something as basic as the *types* of intellectual property.

    Whenever you hear a figure about “intellectual property theft,” it’s guaranteed that they’re talking about copyright, in the form of digitally distributed works and copied media. It’s probably coupled with a bit of trademark infringement, in the form of counterfeit goods. Patents aren’t part of this.

    Why don’t you ever see statistics about “global patent theft?” Because the mechanics of patent infringement are extraordinarily different from copyright infringement – so different, in fact, that the term “global patent theft” is meaningless.

    Copyrights are asserted by a united industry against a gigantic body of individuals. It’s very easy to estimate aggregated (and often incredible… as in, not credible) statistics of the scale of activity and to put a dollar figure on it. And then the whole industry, this gigantic body of publicists, broadcasts this number as “theft,” with no coherent rebuttal of the millions of individuals accused of a single instance of it.

    Patents, on the other hand, are asserted *by one company* *against another company*. It’s a *very* fact-driven process, such that no one can say for sure whether that specific instance actually is or isn’t theft: it has to be proven in court, followed by a very fact-intensive determination of damages. Every case is completely unique and unpredictable, and for every company saying “that’s theft,” you have an equivalent company saying, “no it’s not.” It’s impossible to reach a consensus estimate of which acts constitute infringement, let alone the value of them.

    It’s like the difference between speeding violations and reckless driving. It’s easy estimate the amount of speeding on a particular road as an aggregate average – but recklessness is highly subjective and fact-specific.

    Anyway – my point is that “patent trolling” has nothing to do with this article.

  6. Oh I doubt that, who you thinks behind most viruses and bugs malware ect…? The Anti-virus companies of coarse. They even corrupt and crash computers so you’ll think you’ll need to go buy a newer model. I think we all know to well a big part of cyber crimes are inside jobs. I say they need to cut the crap. I think a lot of you know what I’m getting at.

Comments are closed.