Managing the New “Trade Secrecy” Risks in Global Sourcing: Criminal Theft, Criminal Negligence, Espionage, Bribery, Antitrust and Cross-Border Law Enforcement

April 30, 2010 by

Trade secrecy risks arise whenever an enterprise shares confidential business information with a supplier, service provider, joint venturer or customer.  Trade secrecy protection measures should be planned and implemented through appropriate non-disclosure covenants by the third party and possibly even its employees and others in the value chain.  Current trade secrecy are reflected in three seemingly disparate events: the Rio Tinto employee economic espionage and bribery case in China, the U.S. Department of Justice’s investigation into the anticompetitive use of non-competition covenants (“non-competes”) by high-tech companies and the Algerian-U.S. Mutual Legal Assistance Treaty (“MLAT”).

These three current events suggest that both enterprise customers and their service providers take a second look at their current practices for protecting trade secrets.   At the end of this article, we offer a series of questions that need answers before any kind of outsourcing – indeed, any cross-border data flow — can take place.  Such questions offer a basic refresher course, with “James Bond-compliant” updates, on challenges of trade secret protections in global operations.

I.  The Current Context of Trade Secrets at Risk

Item #1:  Bribery and Espionage in China (the Rio Tinto employee case). On March 28, 2010, China convicted a local sales employee of a British-Australian mining company named Stern Hu, a Chinese-born Australian citizen, and other Chinese-resident employees of Rio Tinto (but not Rio Tinto itself) of bribery and theft of trade secrets relating to price negotiations of iron ore for sale to Chinese state-owned companies.  The trial was conducted largely in secret.  Rio Tinto had previously rejected an investment offer from Chinalco that involved some Australian national security issues.  Some analysts suggested the case was a political retaliation for that rejection and an abuse of  judicial authority.   Others suggested that the case leaves open the question of whether there was any rule of law or was this merely the use of judicial power to punish foreign business that used aggressive means of driving hard bargains. The case attracted global attention to the concept in Chinese law that identifies non-public commercial information of a Chinese state-owned enterprise as a “state secret.”   Rio Tinto initially defended the employees but then said they had acted outside the scope of their operations and authority.  The employees were convicted and sentenced to 7 to 14 years in prison plus financial penalties.

On March 25, 2010, China’s State-Owned Assets Supervision and Administration Commission issued regulations on commercial secrets, but did not disclose them until the Rio Tinto employee verdict.  Those regulations remain somewhat vague, leaving foreign companies (and Chinese companies that are not state-owned enterprises, or “SOE’s”) to interpret them at their peril.  See www.outsourcing-law.com/jurisdictions/countries/china.

Item #2:  Anti-Terrorism and Cybercrimes under a Mutual Legal Assistance Treaty. On April 7, 2010, the U.S. and Algeria signed a mutual legal assistance treaty to combat international crime and terrorism.   According to the press release:

The mutual legal assistance treaty, or MLAT, will be an effective tool in the investigation and prosecution of terrorism, cybercrime, white collar offenses and other crimes. Among other tools, the treaty will help law enforcement officials from the two countries obtain testimonies and statements; retrieve evidence, including bank and business records; provide information and records from governmental departments or agencies; and provide a means of inviting individuals to testify in a requesting country.

The U.S. has approximately 50 such MLAT’s.   Such agreements could be used to enforce criminal prosecutions of misappropriation of trade secrets, assuming such misappropriation is a criminal act in the relevant jurisdictions.  The press release announcing the MLAT did not link to any copy of the treaty, and the Justice Department website does not publish a copy either.  Interested parties will need to do some further investigation then in how such a treaty might be used to enforce trade secret protections.

Item #3:  Hiring Practices by Global Services Providers. Now, enterprise customers have to be worried about the legality of hiring practices – at least in the United States – of their outsourcing service providers.  Since July 2009, the U.S. Department of Justice has been investigating the hiring practices of Google, Intel, IBM, Apple and IAC/InterActiveCorp., according to the Wall Street Journal and other news reports in April 2010.  The reports claim that the U.S. Government could challenge, or chill, the use of non-competition covenants in industries, such as high-tech, where innovation drives comparative advantage and non-competes might constitute illegal collusion on cost management, thereby depriving knowledge workers of a market for their skills.  The investigation appears inspired by cases where innovators are hired away and the former employer seeks to enforce a non-competition covenant, particularly where the new employer claims that the litigation lacks a valid legal basis and thus is anticompetitive.  (Such a case happened in 2005 when Google hired a Microsoft engineer in China, and Google claimed that Chinese law did not permit enforcement in China of a non-competition covenant).  Enterprise customers should now be concerned with compliance by their service providers with antitrust concerns.

II. The Law of Trade Secrecy

All these recent events underscore the need for prudent trade secrecy practices in the global supply chain.  Trade secrets are now at risk due to potential civil and criminal espionage, bribery, cybercrime, and antitrust prohibitions on abusive and illegal anticompetitive practices.  Further, the area of trade secrecy is now engulfed in national security and public policy considerations, underscoring the importance of a stable political environment for assuring the predictability of legal rights and enforcement actions in the various jurisdictions where trade secrets are shared and used in an outsourcing business relationship.

Trade Secrets. It is a best practice in outsourcing contracts, to protect the enterprise customer’s trade secrets.  The customer wants to know how this is done.  Such protections can be applied to individual employees under non-disclosure agreements and maybe even non-competition covenants.   NDA’s are generally enforceable but are generally construed in a manner to avoid depriving an employee (or service provider) of “general skill and knowledge” in the industry.

NDA’s are essential to enable any outsourcing, resourcing (retro sourcing back in-house) and transfer sourcing (to a new service provider on expiration or termination).  As a matter of public policy under national laws, NDA’s are critical.  The WTO protections of trade secrets are not very strong, based instead on non-secret intellectual property rights such as patents, trademarks and copyrights.

Non-Competition Covenants. Non-compete covenants are unenforceable in California as a matter of law and possibly in the BPO provider’s service delivery jurisdiction.  Non-competes deprive employees of a right to be hired by competitors.  They are unenforceable in some jurisdictions, and where enforceable they must be limited to reasonable scope in time, territory and subject matter.  Employers can make the arguments, in an antitrust context, that non-competition covenants:

  1. are not anti-competitive in practice;
  2. do not deny employees the right to find work in non-competitive companies;
  3. are widespread across industries and countries; and
  4. are used by companies across many industries to maintain good business relationships by promoting exchanges of information across the full spectrum of personnel (not just through a narrow channel, like a chaperone of trade secrets), and as a result collaboration between technology-based companies is promoted by such practices.

An antitrust enforcer might argue that non-compete agreements distort access by skilled workers to mobility and job choice, thus depressing competition for skilled workers and depressing wages.

Risk Management: Knowing Your Service Provider’s Hiring Practices. Based on this antitrust activity, enterprise customers should investigate the employment practices of their service providers to understand clearly the contractual framework and legal enforceability of employment practices in the relevant jurisdictions.  The legal framework for protecting trade secrets, or allowing them to be disclosed to the local government without judicial review with open adversarial procedure, should also be explored and fully appreciated.  Thus, trade secrecy risks should be assessed in the selection of service providers, the scoping of the functions to be outsourced and the use of encryption and decryption before data transfers.

Compliance: Knowing Yourself and the Law. These recent events raise questions that compliance officers and legal departments, as well as product managers and CEO’s, should answer before any kind of outsourcing takes place:

1.    What does the enterprise customer do today to identify and protect its trade secrets internally?

a. Identify types of non-public information from all sources that needs to be maintained as non-public.

i.    Securities (risk of liability for securities fraud)
ii.    Financial information (risk of loss of advantage in pricing negotiations; risk of securities liability for failure to comply with Regulation FD or other “fair disclosure” rules)
iii.    Human capital information (governed by labor laws and privacy laws)
iv.    Technical data, such as designs, processes, formulae, manufacturing techniques (risk of loss of patent rights or loss of competitive advantage)
v.    Marketing information (customer names and related business information relating to the enterprise’s customer relationship)
vi.    Sales information (the existence of RFP’s and the contents of offers and other responses to RFP’s)

2.    How much data does the enterprise need to have to accomplish its mission?

a.    Avoid excessive collection and preservation of unencrypted

i.    personally identifiable information (“PII”) of individuals in any business relationship.
ii.    healthcare information.
iii.    credit card information.

b.    Avoid collection of non-public information from third parties who might be under a duty of non-disclosure, or who cannot explain how they legitimately obtained the non-public information.

3.    How does the enterprise ensure that it has the legal right to know the non-public information?

a.    Obtain written confirmation from the disclosing party that it has the authority to make the disclosure.
b.    Identify non-disclosure agreements and categorize the information so that it can be accessed, stored, retained and destroyed in accordance with the non-disclosure agreement.
c.    Limit access by persons having a legitimate “need to know.”
d.    Use the non-public information only as necessary to perform a legal and permitted business activity.
e.    Avoid use of bribery, coercion, theft and other illicit means of acquiring non-confidential information.

4.    How does the enterprise identify and protect the trade secrets of third parties with whom it does business.

a.    Identify source of non-public information.
b.    Identify the duration of any holding period for non-public information under any non-disclosure agreement.

5.    What measures does the enterprise take to train and audit its employees for compliance with trade secrecy policies?
6.    Does the enterprise identify special duties and special risks.

a.    Take special measures to identify, segregate and protect “commercial secrets” or “state secrets” when dealing with a foreign state-owned enterprise (“SOE”)?

7.    How are trade secret rights recognized and enforced under local law?  Are such rights clearly protected, or must a company rely upon contract or criminal prosecution?
8.    What are the best ways to protect trade secrets from a practical viewpoint?

a.    Divide work flows or discrete functions across suppliers, countries and sources to avoid having one person or supplier know too much.
b.    Retain competitive information in-house.
c.    Segregate sales and marketing functions from non-public information in internal technical, financial and human resources departments.

9.    What is the history of trade secret enforcement in the country?

a.    Risk of inadvertent criminal liability, including vicarious liability of senior executives for misdeeds of employees (See China’s Criminal Law, article 219).
b.    Risk of investing in new products or services that cannot be exploited due to misappropriation.
c.    Identify any history of data security breaches and remediation activities.

10.    Does the enterprise customer’s country have a “mutual legal assistance treaty” or other agreement with the service provider’s country to prosecute “cyber-crime”, so that evidence can be exchanged and used in international abuses of trade secrets?
11.    What policies, practices and contractual measures does the service provider take to protect trade secrets?  Are such measures a violation of antitrust law and therefore unenforceable?

Related topics:

Outsourcing Law & Business Journal™: April 2010

April 29, 2010 by

OUTSOURCING LAW & BUSINESS JOURNAL (™) : Strategies and rules for adding value and improving legal and regulation compliance through business process management techniques in strategic alliances, joint ventures, shared services and cost-effective, durable and flexible sourcing of services.  www.outsourcing-law.com. Visit our blog at http://blog.outsourcing-law.com for commentary on current events.

Insights by Bierce & Kenerson, P.C., Editors.  www.biercekenerson.com

Editor’s Note:

Three recent events conspired to produce our article about trade secrecy risks in this month’s newsletter; they were the conviction of a Rio Tinto employee in China, the signing of a mutual legal assistance treaty between the U.S. and Algeria, and the on-going investigations of hiring practices of tech companies, using non-competition covenants, by the U.S. Dept. of Justice.  As a result, we are providing you with a checklist of questions that you need answers to before your company shares confidential business information during the course of contract negotiations.  Read on…

Vol. 10, No. 4 (April 2010)
_______________________________

1.  Managing the New “Trade Secrecy” Risks in Global Sourcing:  Criminal Theft, Criminal Negligence, Espionage, Bribery, Antitrust and Cross-Border Law Enforcement. Trade secrecy risks arise whenever an enterprise shares confidential business information with a supplier, service provider, joint venturer or customer.  Trade secrecy protection measures should be planned and implemented through appropriate non-disclosure covenants by the third party and possibly even its employees and others in the value chain.  Current trade secrecy are reflected in three seemingly disparate events: the Rio Tinto employee economic espionage and bribery case in China, the U.S. Department of Justice’s investigation into the anticompetitive use of non-competition covenants (“non-competes”) by high-tech companies and the Algerian-U.S. Mutual Legal Assistance Treaty (“MLAT”).

These three current events suggest that both enterprise customers and their service providers take a second look at their current practices for protecting trade secrets.   At the end of this article, we offer a series of questions that need answers before any kind of outsourcing – indeed, any cross-border data flow — can take place.  Such questions offer a basic refresher course, with “James Bond-compliant” updates, on challenges of trade secret protections in global operations. For more on trade secrets, go to http://www.outsourcing-law.com/2010/04/managing-the-new-trade-secrecy/

2.  Trade Secrets. Chinese Criminal Law, Article 219, imposes criminal liability for improper conduct relating to “commercial secrets.” The Criminal Law has only a vague definition of “commercial secrets.”….On March 25, 2010, the State-owned Assets Supervision and Administration Commission (“SASAC”) adopted regulations on commercial secrets applicable to approximately 120 state-owned enterprises (“SOE’s”)….The regulations were announced on April 26, 2010, shortly after the convictions of certain Rio Tinto employees of bribery and theft of commercial secrets.  For the complete article, go to  http://www.outsourcing-law.com/2010/04/trade-secrets/

3.  Humor.

MLAT, n.  (1)  mutual legal assistance treaty; (2) milk-flavored coffee latte; (3) multi-legal aptititude test.

Trade secret management, n.  (1)  Hear no evil, see no evil, speak no evil; (2) keeping secret how you keep your secrets.

SOE, n. (1) state-owned enterprise; (2) social oriented environmenta; (3) sorry out of energy.

4.  Conferences.

May 10-12, IQPC’s 7th Annual HR Shared Services and Outsourcing Summit, Chicago, Illinois. This event will be a gathering for corporate HR & shared services executives from companies across North America to exchange ideas, develop new partnerships and discuss the latest tools, technologies and strategies being employed in the profession to enhance departmental efficiencies and propel corporate growth. The event will focus on the most current topics in the HR shared services industry including metrics, automation, outsourcing, globalization, compensation & rewards, benefits and an overall focus on the new strategic role of HR shared services.how to tackle change management, analyze current and future projects and further develop the instrumental key areas within HR shared services.  Visit their website at http://www.hrssoutsourcing.com/Event.aspx?id=270796 to register and get more information.

May 17-19, IQPC presents its Information Retention & E-Disclosure Management Summit, London, UK. This is Europe’s premier event in this field, designed to help you steer your organisation successfully through lawsuits and regulatory inquiries.  Topics include:

  • Fast track your understanding of the Civil Litigation Costs Review: Hear directly from Lord Justice Jackson and engage in debate with our acclaimed international Judge’s panel
  • Develop a legally defensible and technically sound Information Retention policy with a multidisciplinary approach with insights from Debra Logan of Gartner plus Pfizer, and Kleinwort Benson
  • Reduce risk, cost, time and complexity of eDisclosure with critical updates on advances in technology
  • Ensure compliance by sanity checking your strategy with the FSA and ICO

For more information, visit their website at http://www.informationretention.co.uk/Event.aspx?id=262244i

June 6-8, 4th Annual IQPC Shared Services Exchange™, Austin, Texas, United States, an elite event for shared services executives who are looking to develop new strategy, solve challenges and source partners that will allow them to create efficiency and drive more value out of their shared services centers.

This event will continue IQPC Exchange’s ongoing tradition of offering cutting-edge, strategic networking and learning opportunities for senior level shared services executives, combining conference sessions, one-on-one business meetings and numerous networking functions to allow executives to speak with their peers. With pre-scheduled one-on-one advisory meetings and personalized itineraries, the Share Services Exchange™ provides the opportunity to create an agenda that directly reflect the goals and initiatives of participating executives.

To request a complimentary delegate invitation or for information on solution provider packages, please contact: exchange@iqpc.com, call 1-866-296-4580 or visit their website at http://www.sharedservicesexchange.com/

July 14-16, 2010.  IQPC Presents Shared Services for Finance and Accounting, Chicago, Illinois. The SSFA 2010 Summit brings together leading financial shared services experts to network, benchmark and learn through keynote presentations, interactive roundtables, case studies and discussion panels. This program will help you improve internal accounting processes, maximize your efficiency with less resources, make smarter sourcing decisions, and drive continuous value through your financial services.  For more information, visit http://www.sharedservicesfa.com/Event.aspx?id=314126

September 26-28, 2010.  IQPC Shared Services Exchange™ Event, 2nd Annual, to be held in The Hague, Netherlands.  Shared Service Centres have long been seen as the cost saving centre of HR, Finance & Accounting and IT processes, but with changing employment trends and global challenges facing organisations, how can SSC’s continually offer service value?

Unlike typical conferences, the Shared Services Exchange™ , which will be co-located with the Corporate Finance Exchange™,  focuses on networking, strategic conference sessions and one-on-one meetings with solution providers. The Exchange invites strategic decision makers to take a step back from their current operations, see what strategies and solutions others are adopting, develop new partnerships and make investment choices that deliver innovative solutions and benefits to their businesses.

To request your complimentary delegate invitation or for information on solution provider packages, please contact: exchangeinfo@iqpc.com, call +44 (0) 207 368 9709, or visit their website at http://www.sharedservicesexchange.co.uk/Event.aspx?id=263014

******************************************

FEEDBACK: This newsletter addresses legal issues in sourcing of IT, HR, finance and accounting, procurement, logistics, manufacturing, customer relationship management including outsourcing, shared services, BOT and strategic acquisitions for sourcing. Send us your suggestions for article topics, or report a broken link at: wbierce@biercekenerson.com The information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: wbierce@biercekenerson.com . Edited by Bierce & Kenerson, P.C. Copyright (c) 2010, Outsourcing Law Global LLC. All rights reserved.  Editor in Chief: William Bierce of Bierce & Kenerson, P.C. located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.

Trade Secrets

April 29, 2010 by

Chinese Criminal Law, Article 219, imposes criminal liability for improper conduct relating to “commercial secrets.” The Criminal Law has only a vague definition of “commercial secrets.” Conduct is criminally improper if one:

o   Obtains a commercial secret by stealing, luring, coercion, bribery or other improper means,
o   Uses or allows another to use a commercial secret obtained by such improper means,
o   Discloses commercial secrets in violation of a non-disclosure agreement (“NDA”) or against the request of the rightful holder of the commercial secret, or
o   Obtains, uses or discloses a commercial secret that one should have known (or actually knew) was improperly obtained.

On March 25, 2010, the State-owned Assets Supervision and Administration Commission (“SASAC”) adopted regulations on commercial secrets applicable to approximately 120 state-owned enterprises (“SOE’s”). SOE’s dominate many sectors of the Chinese economy, including iron and steel, which are politically sensitive. Foreign companies and non-SOE’s should thus regard “commercial secrets” of SOE’s as if they were “state secrets” impacting “national security.” The regulations were announced on April 26, 2010, shortly after the convictions of certain Rio Tinto employees of bribery and theft of commercial secrets.

Under the SASAC regulations, “commercial secrets” cover management methods and business models and include:

”management information like strategic plans, management methods, business models, reform and stock market listing, M&A and restructuring, property transactions, financial information, investment decisions and financing, production plans, purchase and sale, resource reserves, client information, bidding information and technical information like designs, programs, product specifications, production techniques, production methods, and technical know-how etc.”

The SASAC regulations require SOE’s to separate “core commercial secrets” (that can last forever) from “standard commercial secrets” (that have a limited useful life as secrets). Under the regulations, SOE’s must set a sunset period for expiration of any claim to “commercial secret” status of “standard commercial secrets.”

As of late March 2010, China’s legislature was reviewing proposed amendments to the Law on Guarding State Secrets that would impose direct obligations on telecommunications carriers and Internet hosting providers. Reuters referred to the China Daily (on April 27, 2010), as stating that, under the draft, “a State secret is defined as information concerning national security and interests that, if released, would harm the country’s security and interests.”

The Chinese legal system adopts a unique approach to protection and enforcement of rights in “commercial secrets” and “state secrets”:

o   The State expressly demands that all commercial secrets be disclosable to the State from telecommunications carriers and Internet hosting providers. (While this may occur in other countries including the United States, the U.S. procedure includes judicial review.)
o   Enforcement is done through the criminal process.
o   Company management can be vicariously liable for the criminal acts of employees.
o  “Commercial secrets” of SOE’s can be deemed to be “state secrets,” and thus protected by national security interests and breach may result in potentially severe criminal prosecution, particularly if the “commercial secrets” were obtained by bribery.

This approach suggests that caution is still required before a foreign company considers establishment and operation of captive service centers and outsourcing of business processes and knowledge processes in China, particularly involving the use of any company-confidential information that supports competitive advantage. It also suggests that private Chinese enterprises should adopt the same geographical diversification model that the Indian BPO providers have adopted to avoid dependency on one legal regime that remains “sui generis”.

Related reading:

o Protecting Trade Secrets

Insider Theft of Trade Secrets in India: Employee of Captive R&D Subsidiary Accused of Source Code Theft (and What You Need to Know About Protecting Your Trade Secrets Abroad)

October 9, 2009 by

In a global economy, which risks are greater: theft of trade secrets by a service provider or theft of trade secrets by an employee of a foreign subsidiary?  How can a global enterprise contain such risks in either case?  The story of theft of source code by an employee of an Indian research and development center highlights the need for proper strategies for risk mitigation in the face of the inherent risks of human nature.

Indian R&D Center, Site of Source Code Theft.

On August 4, 2004, Jolly Technologies, a division of U.S. business Jolly Inc., publicly reported that one of its employees at its Mumbai, India R&D center had misappropriated key ports of source code being developed along with confidential documents.   The trade secrets relate to one of its key products for the labeling and card software for the print publishing industry.

Profile of a Thief and a Theft.

Jolly Technologies was new to India.  Its center was established only three months prior to the trade secret theft.   The employee alleged to have stolen the trade secrets was a new hire.  The theft was done by simply uploading the source code to her Yahoo account.

Consequences to the R&D Center.

Jolly reportedly shut down its R&D center immediately to assess and contain the damage.  It also sought assistance from Indian police to deal with the matter as a criminal act.  The company’s investment may be a loss, and it may need to expend further resources to prevent the use by its competitors and other third parties of any stolen source code.

Security Precautions.

The theft shows how simple it is for any person with Internet access to misappropriate trade secrets.

  • Data Export Controls on Internet Access.
    Internet access may be essential to virtually all knowledge-economy employees, so management may consider that shutting off Internet access may be impossible.  The Affaire Jolly suggests that software development might need to occur in an environment that allows employees access to information but does not allow them to transfer certain types of information from a company computer to anyone via the Internet.   The advent of network administration software, XML metatags, html, virus sniffers and spam blockers may introduce technology that allows a company to prevent the transfer of source code to unauthorized Internet addresses.
  • Segregation of Function.
    Most software development projects start with modules and build into integrated suites of modules.  In the manufacturing sector, complex trade secrets may be protected by separating multiple manufacturing processes into separate functions and separating the component processes.  This can be done by either putting the component processes into different operations or by separating subassemblies from final assembly.  Software development could be structured similarly, though segregation of function reduces efficiency.
  • Background Checks.
    The new hire at Jolly Technologies might have been investigated for a possibly criminal background.  But background checks probably do not help with curious employees interested in studying stolen code or restructuring it for possible other purposes.

Legal Precautions.

The trade secret theft also highlights the weakness of national legal systems where, in the case of India, courts have historically taken a decade to decide civil disputes.  Whether establishing a foreign captive service subsidiary or hiring a foreign service provider, the legal environment and legal precautions are critical to risk management.

  • Statutory Protection for Trade Secrets.
    Most countries hosting R&D centers or outsourcing service centers are members of the basic international conventions on the protection of intellectual property.  Even China, by adhering to the World Trade Organization, now officially grants intellectual property rights under the WTO Agreement on Trade-Related Intellectual Property right (“TRIP’s”).  India has long been a member of the Paris Convention on Industrial Property and protects copyrights, patents and trade secrets.  As the Affaire Jolly demonstrates, it is not sufficient to have a legal right.  You need to have a credible forum for enforcing those rights.
  • Contractual Commitments.
    Well-advised enterprises require their employees by contract to abide by various policies and procedures, including respect for intellectual property rights and trade secrets of the employer and third parties doing business with the employer.  Contractual commitments are a basic requirement of any IPR protection.
  • Security Surveillance.
    Jolly’s security surveillance, by an internal audit, discovered the theft.  Pre-emptive security precautions cannot prevent fraud or theft, but surveillance can discover it.
  • Risk Mitigation after the Theft.
    After the horse has left the barn, how do you get it back into the barn?  In a global digital economy, the only solution might be to find some way to tag the digital works, just as ranchers did for their cows in the 1880’s.

    • Court Systems.
      Indian courts now have a commercial part that is intended to accelerate adjudication. It is not clear whether the Mumbai courts offer any real adequate forum, and even adjudication of civil liability does not automatically result in enforcement of a money judgment.  Access to court systems are so fundamental to investors and employers that the issue should become one of diplomatic entreaty (as the U.S. has done with China), investor due diligence, and recommendations by intermediaries such as trade associations (such as Nasscom and ITAA), venture capitalists, private equity funds and investors and multinational enterprises and their advisors such as international business lawyers and business process and sourcing consultants..  Ratings on access to judicial systems should be part of the due diligence in all international operations.

Other Measures.

Insurance may be available, but the consequential loss may be too high for a fair premium.

Conclusion.

In captives and outsourcing, IPR protection needs practical and legal protections.  Blatant misappropriation will continue as a matter of human nature, so risks can only be mitigated.   Effective methods of mitigation will continue to evolve.  Technology and IP lawyers should be consulted before international operations are launched.

Trade Secrets in Outsourcing

October 9, 2009 by

Summary.

The ability to develop and protect trade secrets is an essential requirement for the development and maintenance of an enterprise’s competitive advantage.  This commentary discusses some of the business, contractual and criminal issues involved in trade secrets in outsourcing.  At a minimum, both users and providers of outsourced services should understand the nature and scope of trade secrets being used in the delivery of the services.

Business Issues.

Benefits to Service Provider.

Trade secrets give economic benefits to businesses by creating barriers to entry by competitors, facilitating and accelerating business processes that can be delivered to customers, and allowing the business’ employees, contractors and customers to collaborate efficiently.  However, a trade secret loses its power if it becomes public.  As a result, any business that has or uses trade secrets should take steps to protect and preserve them.  Outsourcing service providers normally are keen to adopt and maintain appropriate measures to protect their trade secrets.

Risks to the Service Customer.

Trade secrets create risks for the customer.  The service provider might not be willing to allow the customer to use the provider’s trade secrets after the service agreement expires.  Well-advised customers adopt appropriate protections to ensure their ability to continue operations whether or not the same service provider continues to render the required services.

Contractual Issues.

Protection of trade secrets can be achieved by several methods:

  • non-disclosure agreements;
  • restrictions on access to persons within the business itself, such as preventing persons in one group from accessing confidential business processes in another group;
  • retention of the key information in a small group of senior managers.

Intellectual Property.

Most laymen believe that trade secrets are a form of intellectual property.    Actually, they are not owned, but only kept confidential.  Indeed, many businesses in the same industry might know and use the same trade secrets in delivering goods or services to customers.  However, none of them owns the trade secret, since the others that know it have the lawful right to use it.  This assumes each acquired the knowledge without wrongful access to another’s secrets.

Trade Secret is Not a Patent.
Parties to an outsourcing contract should understand the differences between patents and trademarks.  In general, a patent is a governmentally-granted monopoly, for a statutorily defined limited period,  to make, use or sell products or services using an idea or process.  In general, a trade secret is not exclusive, is not made public and may be continued in use for an indefinite period.  An example of a trade secret is the secret formula for making Coca-Cola®, but not the formula for making soap.

Misappropriation of Trade Secret under Common Law.
Misappropriation of a trade secret is a well-recognized tort under common law in England and other countries that adopt the common law system.  Anyone who acquires knowledge of the trade secret by a disclosure that is not authorized can be held liable for “misappropriation” of the trade secret.  Such misappropriation is a tort, or violation of a common law duty that causes damage that can be foreseen when the misappropriation occurs.

Statutory Protection of Trade Secrets.
Trade secrecy rights arise out of both common law and state and federal statutes, as well as foreign laws.   In the United States, trade secrets are also protected by laws adopted by states.

WTO.
Article 39 of the Agreement on Trade-Related Intellectual Property under the GATT Uruguay Round likewise protects trade secrets in member countries of the World Trade Organization.

Trade Secret.
Fundamentally, a trade secret has three components.

  • The secret is some form of knowledge that is used in a business.
  • The owner derives economic or business benefit from the fact that such information is secret.
  • The owner has taken reasonable measures to keep such information secret.

Criminal Issues.

Criminal Abuse of Trade Secrets under the U.S. Economic Espionage Act of 1996.

The U.S. Economic Espionage Act of 1996 amended the federal criminal statutes to impose criminal penalties on persons who engage in misappropriation of trade secrets, whether for private gain or for a foreign government.  Protection of private trade secrets is therefore a matter of public policy.

Definition of Trade Secret.
The Economic Espionage Act of 1996 defines trade secret consistently with the common law.  The owner must derive economic or business benefit from the secrecy.  The owner must take reasonable protective measures.  And the information that is the trade secret can be very broadly defined as:

all forms and types of financial, business, scientific, technical, economic or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled or memorialized physically, electronically, graphically, photographically, or in writing.”   18 U.S.C. 1839(3).

Economic Espionage.
In the case of espionage, the offense occurs when the misappropriation of trade secret is done “knowingly and without authorization,” while “intending or knowing that the offense will benefit any foreign government, foreign instrumentality or foreign agent.”   18 U.S.C. 1831(a).

“Economic espionage” occurs when such a person “steals, or without authorization, takes, carries away, or conceals, or by fraud, artifice, or deception, obtains a trade secret.”  18 U.S.C. 1831(a)(1).  Receipt of a stolen trade secret, attempted theft or attempted receipt, and conspiracy to do so, are also “economic espionage.”  18 U.S.C. 1831(a)(2), (a)(3), (a)(4) and (a)(5).

Theft of Trade Secrets.
Under the same law, the offense of “theft of trade secrets” occurs, when the same acts are undertaken “with intent to convert a trade secret…to the economic benefit of anyone other than the owner thereof” and “intending or knowing that the offense will injure any owner of that trade secret.”  18 U.S.C. 1832(a).  Similarly, receipt, attempted theft, attempted receipt and conspiracy are all predicate offenses for “theft of trade secrets.”

Penalties.
The penalties for espionage are more severe than for simple theft of trade secrets.  For economic espionage, individuals are subject to penalties of $500,000 and 15 years’ imprisonment per offense, while any “organization” that commits an offense is subject to a fine up to $10 million.    For theft of trade secrets, individuals are subject to fines and imprisonment of up to 10 years, while organizations are subject to fines up to $5 million.  18 U.S.C. 1831(b) and 1832(b).

Inapplicability to Trade in Services.
The Economic Espionage Act of 1996 does not necessarily protect trade secrets when there is a delivery or performance of services that use trade secrets in only one state in the Untied States, or where there is no resulting sale of a product.

Thus, in the case of “theft of trade secrets,” the offense exists only where the conversion (theft) of the trade secret “is related to or included in a product that is produced for or placed in interstate commerce or foreign commerce” of the United States.  18 U.S.C. 1832(a).  If the thief is in the business of providing services, then this statutory requirement would appear to fail.  Thus, customers that are consultants, advisors, or providers of intangibles (such as license rights, banking services, financial advice, etc.) would appear not to fall under this statute.

Place where Offense is Committed.
The Economic Espionage Act of 1996 covers conduct occurring anywhere in the world.  However, acts done outside the United States are only covered where either (1) the offender (a “natural person”) is a U.S. citizen or permanent resident alien or an “organization” organized under American law, or (2) an act in furtherance of the offense was committed in the United States.”  18 U.S.C. 1837.

Thus, economic espionage or theft of trade secrets could not occur if the act were done between non-resident aliens and there was no furthering act in the United States.

Criminal Abuse of Trade Secrets under the U.S. National Information Infrastructure Protection Act of 1996.

Similarly, the Economic Espionage Act of 1996 adopted a subtitle, the “National Information Infrastructure Protection Act of 1996,” that expands the scope of “protected” computers.  18 USC 1030.  Under prior law, private industry computers used in government and financial institutions enjoyed protection from unauthorized access.  The National Infrastructure Protection Act of 1996 expanded the scope of protection to include computers used in business.  The new law criminalized the act of making any unauthorized communication to third parties, or the unauthorized retention, of “information from any protected computer if the conduct involved an interstate or foreign communication.”  18 U.S.C. (a)(2)(C).   It is now illegal to attempt to extort “any money or thing of value” from any person, firm, governmental entity or other legal entity, by transmitting any communication (in interstate or foreign commerce of the United States) that contains a “threat to cause damage to a protected computer.”   18 U.S.C. 1830(a)(7).

Impact of Espionage Law on Outsourcing.
Outsourcing companies that manage “protected” computer networks for their clients must interpret this law.  Does it prevent an outsourcer from threatening to “damage” a computer in order to get paid the amount lawfully due under the contract?   The statute does not define “damage” to include consequential damage (where the client’s business is damaged but the client’s computers are not.  Rather, “damage” is defined as “any impairment to the integrity or availability of data, a program, a system or information” that where the impairment causes any one of three types of loss: (1) any loss of $5,000 or more in value during any one-year period “to one or more individuals,” (2) any actual or potential modification or impairment to “the medical examination, diagnosis, treatment, or case of one or more individuals, (3) any physical injury to any person, or (4) any threat to public health or safety.  18 U.S.C. (e)(8).

As a result, the National Information Infrastructure Protection Act of 1996 does prevent outsourcers from shutting down, or threatening to shut down, facilities or services that are used in providing medical, emergency or public safety services.

Criminal Prosecutions under the Espionage Act.
As of January 2003, only about 35 prosecutions had been filed against people accused of abusing trade secrets or threatening protected computers.   According to a January 2003 article by The Associated Press, prosecutors charged a college student with theft of hundreds of secret documents from a large national law firm where the student had worked as a summer clerk.  The student allegedly stole documents from files that his job required him to examine for purposes of litigation for the law firm’s client.  The student reportedly sent copies of such documents to three websites for posting, though he was not claimed to have done so in return for any money.  The trade secrets were owned by DirecTV, owned by Hughes Electronics Corp., which said that it had invested over $25 million in the development of its most recent “Period 4” anti-piracy access cards for viewer satellite TV signal descrambler boxes.   The recipient websites, none of which apparently solicited this particular set of secrets, reportedly were offering their readership information on how to obtain access to satellite television signals.

Lessons Learned from the Crimes of Others.
While this case focused on the prosecution of the allegedly rogue student, The Associated Press article did not discuss the vicarious liability of the national law firm that hired the student, or the liability of the national law firm for any negligence in the hiring or supervision of the student and the documents to which the student had access.

Service providers should adopt measures in the fields of document access, physical security of documentation and hiring and supervision of employees.  Ultimately, however, even a well-designed system to prevent “insider” abuses will not stop someone from abusing a trust.  However, even the independent abuse of trust by a rogue employee might not shield the employer.

International Outsourcing.

This U.S. legislation governs activity conducted in the United States.  It may cover foreign activity having an impact in the United States.  But extension of criminal jurisdiction one country’s laws into another country generally is treated as an infringement on sovereignty, and lacking in “comity” between nations, if there is no treaty or convention authorizing such extension.  Accordingly, contracting with foreign service providers  does not involve the same legal enforcement rights as a purely domestic American contract.