United States: Only You Can Prevent Economic Espionage Liability: Limiting Corporate Exposure Under the Economic Espionage Act of 1996

The Billion Dollar Hit

Imagine the following scenario: Two project managers from your most lucrative research and development programs have successfully recruited a top engineer from one of your primary competitors, who has recently been terminated from his position. This engineer formerly worked on proposals for a group of government contracts for which your company is also currently competing, and you are assured that his targeted expertise will be enormously valuable as your project managers prepare your company’s proposals. Sure enough, your company is awarded 19 of the total 28 government contracts, while your primary competitor is only awarded nine. Flush with excitement over this major victory, you hire additional personnel to manage the demands of this contract workflow, purchase significant equipment assets, and contract with other companies to bring key technical aspects of this project to fruition. Nearly a year later, one of your employees overhears the project manager boast that he had offered your primary competitor’s engineer his position in exchange for all of the competitor’s government contract proposals. This conversation is reported to your competitor, who immediately contacts your in-house counsel for answers.

According to allegations made by the Department of Justice and related court documents, the Boeing Co. ("Boeing") faced this precise scenario during an Air Force commercial and military satellite launch procurement. Although Boeing reportedly fired the project managers and the senior engineer almost immediately after discovering the extent of their alleged conduct, the Air Force ultimately withdrew more than $1 billion in launch vehicle contracts with Boeing, and suspended the company from performing launch contracts for nearly two years. While federal officials did not bring criminal charges against Boeing for incorporating the allegedly stolen secrets into its proposal, one of the two project managers and the senior engineer in question were not so lucky. According to court documents, these two individuals were charged on June 25, 2003, with criminal violations of the Economic Espionage Act of 1996 ("EEA") for their actions, and each is facing maximum penalties under the EEA of more than $500,000 and 10 years imprisonment. Jury trial is scheduled for both of these individuals in June 2006.

In 1996, researchers estimated that economic espionage alone accounted for the loss of as much as $260 billion per year by U.S. corporations, and the loss of anywhere from one to six million U.S. jobs annually. Despite this significant impact, prior to 1996 no federal statute explicitly criminalized the theft of commercial trade secrets, although a patchwork of state statutes worked to fill the void. Out of a concern that both foreign powers and domestic industries, through a variety of means, were actively involved in stealing critical technologies from U.S. companies for their economic benefit, Congress enacted the Economic Espionage Act of 1996 ("EEA"), effective October 11, 1996.

The EEA contains two separate provisions which criminalize the theft or misappropriation of trade secrets. Both provisions generally prohibit the theft or unauthorized use of trade secret data, including any attempt or conspiracy to commit a theft, and also apply to the knowing receipt of stolen trade secret data in any form. The first provision carries fines of up to $500,000 or 15 years imprisonment for individuals, and fines of up to $10 million for corporations. This provision is directed at combating foreign economic espionage, and requires that the theft of the trade secret be done with the specific intent or knowledge that the offense will benefit any foreign government, foreign instrumentality, or foreign agent. The second provision of the EEA restricts the same activities as the first provision, but does not require that the theft of trade secrets be conducted for the benefit of a foreign entity. Instead, this provision imposes fines of up to $250,000 and 10 years imprisonment for individuals and up to $5 million for corporations for any theft, attempted theft, or conspiracy to steal trade secrets, with the following limitations: (1) the trade secret must be related to a product in interstate or foreign commerce; (2) the theft must be for the economic benefit of someone other than the trade secret owner; and (3) the thief must intend or know that the theft will injure any owner of the trade secret.

Although the EEA has primarily been used to target domestic economic espionage, the EEA’s legislative history indicates that lawmakers were primarily concerned with stopping foreign economic espionage when they proposed this legislation. An ideal example of the kind of foreign economic espionage this statute was designed to target is found in a recent Department of Justice enforcement action against two U.S. nationals who formed a company in the United States called Supervision, Inc. According to the indictment, these two individuals had created Supervision as a subsidiary of their Chinese company for the purpose of obtaining Chinese government funding for their U.S.-based technology development efforts. Unfortunately, these development efforts consisted of moving through a series of research and development positions at four of the top high-tech companies in Silicon Valley, where they compiled mountains of trade secret data through their work responsibilities. In addition, these individuals attempted to recruit skilled U.S. engineers to work for Supervision on technical projects which would benefit the Chinese integrated circuit market. These two individuals were ultimately apprehended prior to boarding a flight for China, and extensive trade secret data was discovered in their luggage and at their respective homes and offices.

The definition of the term "trade secret" under the EEA is very broad. It includes all types of information, however stored or maintained, where the following are true: (1) the information is actually secret, in that it is not generally known or readily ascertainable through proper means by the public; (2) the owner has taken reasonable measures to keep the information secret; and (3) the information derives independent economic value from its status as secret.

Secrecy: A primary difficulty under this definition is determining whether a piece of information is actually "secret." In some cases, information that a company regards as its proprietary "crown jewels" trade secret data is commonly known in the industry and, therefore, not protected. Taking an extreme example on the other side of the coin, if a skilled scientist with experience in the industry is able to duplicate a trade secret formula based on information from publications only after many hours of laboratory testing and analysis, the publication of such articles would not necessarily obviate trade secret protection, since the scientist’s work would not qualify as "reasonably ascertainable by the public." Furthermore, a trade secret can include a combination of elements that are publicly available, so long as that trade secret constitutes a unique, effective, successful and valuable integration of the publicly available information. Finally, note that information retains its status as secret even if the owner discloses the information to its licensees, vendors, or authorized third parties for limited purposes.

Courts have struggled over the application of the Internet to the EEA’s definition of secrecy. Although some courts have ruled that once a trade secret is posted on the Internet its status is instantly destroyed, other courts have taken the opposite approach. This latter position is based on a concern that allowing the destruction of trade secret data by third-party publication on the Internet would actually serve to encourage would-be data thieves to steal trade secrets and disseminate them on the Internet as quickly and widely as possible. The Department of Justice weighed in on the issue on November 9, 2004, when it announced the arrest of an individual known online as "illwill" under the EEA for online sales of the Microsoft Windows NT 4.0 and Windows 2000 source code, despite the fact that the source code had been misappropriated by other individuals and previously posted on the Internet.

Reasonable Measures: Trade secrets are also fundamentally different from other forms of property in that the owner of a trade secret must take reasonable measures under the circumstances to keep the information confidential. For example, while a person can be convicted for stealing a car if the owner left the keys in the car and parks it in front of the thief’s house, a trade secret owner who carelessly leaves files containing its propriety data on a park bench has no recourse against the person who makes use of this data. Trade secret security need not be absolute, but should be reasonably tailored to the circumstances of the data to be protected, the need for employee access, and the extent to which the information is used on a regular basis. Case law has provided the following general examples of reasonable measures taken by companies:

• Advising employees of the existence of a trade secret and marking all files and documentation accordingly;

• Limiting access to the information to a "need to know basis";

• Requiring employees to sign confidentiality agreements;

• Keeping secret documents under lock and key;

• Requiring non-disclosure agreements from all authorized recipients of the information; and

• Providing only partial informationto authorized recipients of the information.

Independent Economic Value: Finally, as mentioned above, the trade secret must derive independent economic value from not being generally known to the public. Because the EEA does not provide a minimum value threshold for the application of the statute, this requirement is rarely challenged in EEA jurisprudence.

The EEA affects corporations in three primary ways: (1) it can be a useful tool for corporations which fall victim to trade secret theft to work with the government to seek punishment for the infringing party; (2) it can be a potential source of liability to companies which do not have proper compliance programs in place governing their human resources, research and development, sales, and contracting operations; and (3) enforcement actions against business partners and joint ventures can create contract performance and business viability problems for unwary third-party corporations.

The EEA as a Tool: When a company becomes a victim of trade secret theft, it has several options from which to choose. Some companies have historically opted not to report the theft at all, rather than risk alarming shareholders and affecting company profits. Many companies choose to pursue civil action against the wrongdoers. While this option allows the company to potentially recover monetary damages related to the trade secret theft, and to generally maintain control over the litigation, civil litigation alone is generally insufficient to fully satisfy the needs of a victim of trade secret theft. For example, civil litigation does not offer some of the investigatory tools, such as wiretapping, undercover agents, and surveillance that are available to federal enforcement authorities under the EEA. In addition, civil litigation alone often does not provide effective relief to a company, even when the data thief is a known entity, because of the difficulty of finding a "deep pockets" defendant who knowingly profited from the misappropriation. Finally, the company may choose to report the theft to federal authorities, either to complement or in place of a separate civil action. While this option can muster the resources of the Department of Justice and the Federal Bureau of Investigation in pursuit of the data thief, it has the disadvantages of not providing monetary relief to the owner of the trade secret, and cedes total control of the litigation to frequently overworked federal prosecutors, who may or may not decide to pursue criminal prosecution. Companies may choose any of these options, or a combination of the three, depending on the specific circumstances surrounding the theft. For example, the first option may be preferable if the theft was minor in nature and the impact can be relatively contained. The second option may be preferable if the thief is a known entity and has readily attachable assets in the United States. Finally, the third option can serve a company’s interests in cases where the thief is unknown or does not have sufficient assets to compensate for a company’s loss.

Compliance Procedures: Company exposure to liability for internal violations can be curtailed through the implementation of company policies and procedures which address trade secret security and possible liability under the EEA. One of the most striking aspects of the Boeing example, as documented in the civil case, is that a significant number of employees became aware of the misappropriated information over the course of its use, but either did not know how to take corrective action or took corrective actions that were not effective. Much of this liability exposure could have been offset by a compliance program with effective internal controls. Some examples of effective internal control procedures include the following:

• A rigid company policy should be put in place regarding the disclosure or use of competitor trade secret information;

• Any recruiting brochure, new employee training program, or offer letter extended to employees should include language indicating that new employees who are hired from a competitor are being hired for their general background and professional expertise, and not because of their knowledge of confidential information obtained through prior employment;All new employees should be screened for prior access to competitor trade secrets, and where new employees have had access to competitor trade secrets, the employment contract should include provisions which restrict the disclosure of confidential or proprietary information of any former employer;

• New employees should be instructed on the consequences of trade secret infringement, and should not be placed in positions where the use or disclosure of competitor trade secret information will be necessary or encouraged;

• Communications and contributions by employees with active knowledge of a former employer’s trade secrets should be actively monitored for signs of trade secret information;

• Any trade secret information which is inadvertently used or revealed by an employee or obtained by any other means should not be used and should be purged from company records;

• A training program should be put in place to educate new and existing employees regarding the company policy and the potential individual and corporate liabilities surrounding the misappropriation of trade secrets;

• EEA concerns should be incorporated into regular company audits to determine whether training, new employee procedures, and research and development controls are being adhered to; and

• A fixed reporting structure (to persons other than those supervising the respective employees) should be instituted for any questions by new and existing employees regarding whether particular information would be considered confidential to a competitor, as well as for the reporting of potential violations.

An additional element of practical advice to minimize internal trade secret infringement is to develop a program to aggressively monitor the conduct of terminated employees both before and after their termination. As with the Boeing example provided above, many EEA enforcement cases result from "disgruntled" employees who have been recently terminated from their positions, and are allowed to copy company-proprietary files, software, and documents.

Second-Hand Impact: In both the Boeing and Supervision case examples provided above, the victims of trade secret infringement included not only the trade secret owners, but their contract and joint-venture partners as well. In the case of Boeing, the subcontractors under Boeing’s prime contract were likely left without remedy for their subcontracting losses after Boeing forfeited more than $1 billion in Air Force contracts. Prime contractors generally "flow down" provisions to all subcontractors which allows for the termination of the subcontract should the government exercise its contract right to terminate the prime contract. In addition, as in the case of Supervision, the customers and business partners of the Silicon Valley companies which were victims of the trade secret theft lost the value of the premium they paid for the use of exclusive trade secret technology. Finally, any companies in China or in the United States who contracted with Supervision or its foreign parent to provide supposedly legitimate integrated circuit technology lost the value of their investment in Supervision’s products and services.

While criminal conduct by third parties is not generally foreseeable, a company’s exposure to liability for internal criminal activity, or its exposure to damage because of the criminal actions of third parties, can generally be assessed through consistent due diligence of business partners. In the case of Boeing, the company went from being eliminated from consideration for any of the Air Force launch vehicle contracts to winning the majority of the contracts over the favored proposal put forward by their primary competitor. This dramatic reversal of fortunes could have reasonably indicated a cause for concern to subcontractors and other business partners. In the case of Supervision, customers and business partners of the Silicon Valley victim companies could have made inquiries into the economic espionage policies of these companies, and could have specifically requested whether the kind of background screens that would have caught the Supervision principals’ actions were being conducted. Finally, where red flags indicate potential trade secret infringement by a business partner, such as the discovery of the name or patent information belonging to someone other than the business partner in software code or technical plans, companies are responsible to conduct a reasonable investigation into the matter and take appropriate action. While such due diligence may not have prevented all of the second-hand impacts discussed above, it may have provided an earlier warning in each case and helped both the primary and second-hand victims to address the economic espionage on a pro-active basis.

Intellectual property has emerged as a primary business asset in the current world marketplace. The dynamic nature of the technology market is such that patent or copyright protections are not always effective at maintaining the viability of a company’s assets. In this vacuum of traditional formalized intellectual property protections, trade secrets play an increasingly important role in the ongoing viability of modern business enterprises. However, this increased reliance on trade secret protections to secure company assets makes it imperative that companies understand how to use the EEA to their advantage, and how to prevent their employees from damaging the company through their failure to comply with its provisions.

^{1. Codified at 18 U.S.C. § 1831(a).}

This article is presented for informational purposes only and is not intended to constitute legal advice.