On July 21, the U.S. Department of Justice formally accused two Chinese hackers of stealing information regarding the research into and production of a vaccine for the COVID-19 pandemic. This comes in the immediate wake of accusations that Russian hackers have tried to steal vaccine data from British, Canadian, and American researchers. According to the DOJ, these attacks have come from well-known advanced persistent threat groups (APTs), and have used techniques honed by years of cyberespionage against Western technology firms. The accusation comes more than two months after the United States warned China, Russia, and Iran against efforts to attempt to steal U.S. vaccine data.
Why go to the trouble of stealing vaccine data? As they remain to some degree locked out of certain levels of data and technology sharing with the West, both Russia and China may be concerned that in the current geopolitical environment the United States and its allies may use a potential COVID-19 vaccine as a political weapon. They may also worry that the development of a successful vaccine in the West would be an unacceptable blow to their prestige, particularly given the pandemic’s origin in China.
But why not simply give the Russians and Chinese as much data as they want? It’s worth noting that the wisdom and morality of serious intellectual property enforcement during a pandemic are uncertain. Chinese or Russian efforts to steal vaccine information from U.S. firms do not prevent, preclude, or even slow vaccine research; indeed, there is much to say for an extremely open system of scientific sharing. It is not obvious how Russian or Chinese covert activity could set back research efforts, unless hackers engaged in active sabotage rather than simply in theft of information, and as of yet, the DOJ has made no such accusations.
Julian Barnes suggests in the New York Times that the attacks could result in damage to certain datafiles, or in additional security protocols that limit sharing of information and encumber researchers, but both of these problems could be resolved by a more open process in the first place. As Barnes notes, the chief threats seem to be commercial in nature; the firms that develop the vaccine cannot count on reliable profit streams if Russia and China steal and duplicate their research.
The global response to the COVID-19 pandemic has already shown a distressing lack of global solidarity, especially as China and the United States have determined to trade barbs rather than share data. It may also show that the system of intellectual property protection that the United States and the international pharmaceutical industry have designed may work as an impediment, rather than an enabler, of aggressive action in a public health emergency.