BLOGS: Trade Secrets Blog

Powered by Blogger
Add to Technorati Favorites

Friday, April 30, 2010, 4/30/2010 12:31:00 PM

San Jose Business Journal: "Trade Secret Theft By Rogue Employees On the Rise"

By Todd

This from today's San Jose Business Journal:
"Silicon Valley lawyers who specialize in this area of law say trade secret cases are on the rise. The improved economy, they say, has led to more people switching jobs ­— and more people getting accused of stealing valuable, confidential information from their old offices.

Roberta Hayashi, head of the litigation department and employment practice group at San Jose-based Berliner Cohen, is one such lawyer. Hayashi said she’s now involved with six trade secret cases, compared with only one between the fall of 2008 and mid-2009, when the economy was near bottom.

“People really didn’t have other jobs that they were moving to,” she said.

A trade secret has three characteristics: It’s a secret and not generally known; it’s commercially valuable because it’s a secret; and its owner makes reasonable efforts to guard its secrecy, said Gary Weiss, chair of Orrick Herrington's global intellectual property practice in Menlo Park.
Weiss and other lawyers said California law prohibits “non-compete” agreements, in which an employee would contractually agree to refrain from competing against a former employer for a given period of time. In addition, he said departing workers are allowed to use all “general skills and knowledge” at a new job, even if it means competing against their old offices.

But, he said, the law prohibits workers from stealing or using trade secrets held by their old employers, even if the information is in their head and not, say, in an electronic database.
“There’s all kinds of information that meet that test, and all kinds of ways to misappropriate it,” Weiss said.

Case in point

One recent case involves SOAPprojects, Inc., an accounting and financial consulting firm in Mountain View.

Kamal Gupta, a former employee, allegedly entered the firm’s office one day this January and told the front-desk receptionist he needed his old contact list. Gupta had quit a month earlier, but according to court documents, he told the woman that a partner at the firm had given him permission to get the contacts.

Gupta then took his old company laptop home and, before returning it the next day, allegedly stole confidential data, trade secrets and other proprietary information, which he now uses at his new job.

The firm’s partner, meanwhile, was in India when the alleged incident occurred.

SOAProjects filed a lawsuit on April 23 against Gupta and his new employer, Germany-based SCM Microsystems, Inc., a former SOAProjects client. The company is alleging computer fraud, breach of contract and misappropriation of trade secrets, among other things.

SOAProjects, which filed the complaint in U.S. District Court in San Jose, wants $1 million in damages and a jury trial. Harmeet Dhillon, the firm’s attorney, said she tried to reach a settlement with Gupta and SCM Microsystems but to no avail.

“They think it’s fine to steal the information and go with it,” she said. “It’s not gonna work here in America.”

Darby Dye, a spokeswoman for SCM Microsystems, declined to comment.

No industry is immune

Nevertheless, trade secret cases span a range of industries, from banking to electronics to title insurance, Hayashi said.

During an economic downturn, for instance, laid-off workers sometimes steal information to retaliate against their former employer, said Scott Frewing, a white-collar criminal partner at Baker & McKenzie in Palo Alto.

Other times, people take secrets because they developed the secret data and felt underappreciated at work, or they plan to develop a new product with the information and make money, he said.

“Profit and ego are probably the two most common motivations for people who do that,” said Frewing, a former federal prosecutor.

Still, there are measures companies can take to help limit the risk of trade secret theft, he said.

These include requiring workers to sign non-disclosure agreements, having an IT system that lets a company protect sensitive information, and “regularly tracking” whether an employee’s access to data is appropriate given their duties and authority.

But, he noted, companies can’t stop “a rogue employee” from acting inappropriately.

“Like banks have never been able to completely prevent bank robbery,” he said, “companies have never been able to fully prevent trade secret theft.""

Wednesday, April 28, 2010, 4/28/2010 09:26:00 AM

$25 Million Jury Verdict in Texas Drill Bit Secrets Case

By Todd



We start here with what the defendant said after the verdict:


“Varel wishes to express its sincere regret and apology to Baker Hughes for its use of a Baker Hughes roller-cone layout in 2004,’’ Varel said in a statement issued after the verdict was reached. “Varel acknowledges that its use of the document was wrong.’’


Well, a Texas jury found that Varel had, in fact, improperly used Baker Hughes' roller-cone layout trade secrets and it hit Varel pretty hard - $25 million. The jury found that Varel earned $5.9 million in profits from the trade secrets and avoided $1.5 million in research and development costs by copying the drill bit in 2004, according to the verdict posted today on the Houston court’s Web site. Jurors also awarded exemplary damages of $17.8 million, or triple the profit figure, after finding that Varel acted with malice.

Tuesday, April 27, 2010, 4/27/2010 07:30:00 AM

China Offers Guidance, Sort Of, About What Trade Secrets are Under Chinese Law


From The Australian, home country paper for the Rio Tinto executives who were convicted of stealing trade secrets in China, a story concerning China providing, apparently for the first time, a definition of what a trade secret actually is.


The Chinese state-owned Assets Supervision and Administration Commission issued what the paper said were “wide-ranging and vague” definitions that “may have done little to clarify matters.”


According to The Australian:

In its 34-clause notice, the commission said secrets range from financial information to strategic plans, from technology to mergers, procurement to restructuring - virtually anything that hasn't been publicly disclosed and could hold economic value to the company.


And, according to the story, “under the newly published rules, details of negotiations involving government-owned companies – such as iron-ore pricing talks – are considered commercial secrets.


Some American state laws about trade secrets are a little vague, we'll grant you, but vagueness and criminal convictions simply don't go together in our common law tradition.

Monday, April 26, 2010, 4/26/2010 02:10:00 PM

Interesting Piece on the Trade Secrets of Sports: Fans Want to Know How The Winners Win

By Todd

Ryan Thies has an interesting thesis: NASCAR is governed by such secrecy the fans don't really know why their favorite driver is so successful or so unsuccessful. Here's the key arguments in his piece:


"NASCAR more than any other sport is shrouded in secrecy. How is Jimmie Johnson so dominant? Your guess is as good as mine. I’ve watched every race and I can tell you that the 48 pit crew is one of the most mistake-free, I can tell you that Jimmie himself has an almost supernatural ability to avoid big wrecks, and I can tell you that Chad Knaus, his crew chief, is very good. The first two I know because I watch, the last one I know because of the box scores. Because I honestly can’t tell you what Knaus does. Even as the semi-star of “24/7” I still can’t tell you what he does. I know he wins, but I don’t know how.

In fact the 48 team shares a garage with Jeff Gordon’s team. They have the same car for all intents and purposes. Yet there are a great many races when one runs well and the other doesn’t. Why? Why are there aerospace engineers that leave Boeing to join NASCAR? Why does it take 30 people to design a car setup when NASCAR has tried to make them as uniform as possible?

I know that there is more to this sport than right-turns. These cars are a chess game...if you weren’t allowed to see the pieces move.

When HBO does their “Hard Knocks” series with the Jets this Summer it will be riveting. The Jets offseason additions mixed with Rex Ryan’s propensity for honesty will ensure that. But it won’t just be Braylon Edwards’ dropping passes, LT sulking, Antonio Cromartie impregnating women, Santonio Holmes doing drugs, and Mark Sanchez being poised. It will show us, at home, the real way the team is run. We will see special teams practices and coverage schemes that we will recognize again during the regular season; it will show us offensive plans (will they continue to run 30 times a game or will they use their two potential Pro Bowl wide receivers more often?) I’m not asking to know what Sanchez’s audibles are going to be or what plays they’ll run most often in the red zone, but if I watch 4 hours of (heavily edited) practices I’m going to expect to learn something about their strategy. Signing up for reality TV is giving up secrecy (read: potential success) for publicity (read: money) and everyone knows that going in.
Similarly when HBO’s 24/7 covers boxing, I don’t expect a fighter to give up all his secrets. But I do expect to learn something and sometimes in hindsight I’ll realize that I learned more than I first thought. During Pacquiao/Hatton’s 24/7, HBO actually showed Hatton’s team watching the previous week’s episode. They claim they gained nothing out of it, and Hatton’s performance would back that up. But if you have an extra 2 minutes in your day, re-watch that fight. You’ll notice that Pacquiao’s knockout punch came on an uppercut-and-dodge. If you re-watch 24/7 you see Freddy Roach and Manny doing that move a thousand times. It’s not a move he had used in any previous fight, it’s not something that HBO or Roach pointed out during the series, but they had a strategy, it was practiced repeatedly in front of cameras, and it worked to perfection.

Just because you show it doesn’t mean they’re going to be able to stop it. Football has shown that even if the other guys know what you’re going to do (and they know it because they have tens of hours of gametape to watch), you can still be successful if you execute.

The single best comparison for what NASCAR could gain out of this is to look at poker. Go back pre-Rounders, pre-WSOP-on-TV, and imagine the first time someone suggested to card-players that the TV cameras would record what cards they had. Obviously no one would see it live, but everyone could go back and see if you were bluffing. They could see for certain what you had and how you played it. Love the 7-10 off-suit? Everyone’s gonna hear about it. I honestly don’t know if the first person to suggest that got laughed at or beaten up, but surely everyone had to be scared of the concept right? Every trade secret, every little trick, shown for all the world to see? But imagine the game without it now.

Letting the viewer in is a way to get more viewers. Trade trade secrets for more success. Trade privacy for money. It’s what reality TV was built on."


The problem Mr. Thies doesn't recognize is that if NASCAR teams shared on TV how they do what they do - it certainly will deprive them of the advantage they currently have, if there is any, in that their competitors don't know what they do. But, admittedly, the losing teams want to know exactly what the winning teams are doing.

Friday, April 23, 2010, 4/23/2010 01:54:00 PM

Law Firm Convinces Court of Appeals to Reverse Sanctions For Bad Faith Trade Secrets Filing

By Todd

Courthouse News Service is reporting that Meisenheimer Herron & Steele won its appeal of massive sanctions against the firm for allegedly bringing a meritless trade secrets action. The firm represented BDT Products in a lawsuit accusing Lexmark, BDT's former partner, of swiping BDT's trade secrets for a printer tray.


The federal appeals court in Cincinnati pointed out that BDT's printer tray "was commercialized and sold before BDT even transmitted some of its information to Lexmark."


Thus, "BDT and its attorneys pursued a suit based at its heart on misappropriation of 'trade secrets' that were, in fact, not secret at all," the trial court ruled.


Finding the suit meritless, the district court imposed $5 million in sanctions on BDT, Meisenheimer and another firm.


Meisenheimer appealed the $1 million fine against it, arguing that courts can only sanction individual attorneys, not firms, and that Lexmark failed to prove that it had acted in bad faith.


The 6th Circuit agreed on both counts. Put this one in the "PHEW!!!" category for the law firm.


Though the claims were clearly meritless, the three-judge panel ruled, the lower court relied on a misstatement of 6th Circuit law in its bad-faith finding.


"Lexmark has simply been unable to point to any such evidence demonstrating that Meisenheimer acted in bad faith or with improper purpose," Judge David McKeague wrote.

Wednesday, April 21, 2010, 4/21/2010 01:38:00 PM

High Frequency Trader Accused of Stealing Societe Generale's Trade Secrets

By Todd

Courthouse News Service is reporting that a former trader with Societe Generale was arrested and charged with stealing the code from the bank's high-frequency trading program.


Samarth Agrawal worked with the high-frequency trade group, which uses a multimillion-dollar computer system to perform sophisticated securities trading within milliseconds.


"The company has taken several steps to protect the confidentiality of the code, including limiting access to only those employees whose jobs require it, and then to only those units of the code related to their job," according to the complaint. SG also monitors users, restricts electronic transfers and blocks computers from making portable electronic copies of the code.


Within months of his promotion to the group, Agrawal, a native of India, copied and printed out hundreds of pages of code, according to the complaint. Prosecutors say Agrawal's activities were captured by surveillance cameras, and his computer files were constantly monitored.


In November 2009, 1 month after printing out the code, Agrawal resigned. His contract prevented him from working for another employer until March, but in April he told an undercover FBI agent who was posing as a recruiter "that he had been interviewing with 'most of the big names' among New York financial firms," according to the complaint.


Prosecutors say that between March 16 and April 7, Agrawal made or received about 115 calls from six large financial institutions.


"[SG] further believes that, if competing firms were to obtain the code and use its features, the financial institution's ability to profit from trades using the code would be significantly diminished," according to the complaint.


Agrawal, 26, is charged with theft of trade secrets, which is punishable by up to 10 years in prison.

Monday, April 19, 2010, 4/19/2010 02:53:00 PM

Criminal Theft of Eaton Aerospace Trade Secrets Charges Stand - No Dismissal

By Todd

The Clarion-Ledger is reporting that a federal judge has refused to dismiss two pending criminal charges five former Eaton Aerospace engineers are facing after they were victorious in getting others thrown out.


"All motions to dismiss were denied," said Assistant U.S. Attorney John Dowdy, who heads the criminal division of the Southern District of Mississippi.

And once a civil case involving the former employees is done, the criminal trial will be held, Dowdy said.

In a seven-page order issued March 31, U.S. District Judge William Barbour Jr. allowed to stand the latest indictment of two counts of possession of trade secrets and one count of conspiracy to defraud the United States.

Barbour's decision includes many references to the dismissed charges but does not say why he is allowing the other charges to stand.

No trial date is set for Rodney Case, Kevin Clark, Mike Fulton, Douglas Murphy and James Ward.

In 2008, Barbour threw out most of the charges from a 2006 indictment of the former engineers, saying the charges of conspiracy to defraud the United States, two counts of theft of trade secrets and two counts of wire fraud were unconstitutionally vague.

Barbour also threw out two other counts involving theft of trade secrets, saying they were barred by the statute of limitations. That left only the remaining counts of conspiracy to defraud.
The 5th Circuit U.S. Court of Appeals upheld Barbour's decision.

In January 2009, the U.S. Attorney's Office in Jackson filed a new indictment changing the theft charge to possession of trade secrets. The indictment also included the conspiracy count.


The five engineers initially were accused of stealing secrets from Jackson-based Eaton Aerospace and of taking them to Frisby Aerospace in Clemmons, N.C., where they started working in January 2002. Frisby now is known as Triumph Actuation Systems.

Ed Blackmon Jr., of Canton, an attorney for the defense, has called the 2009 indictment a backhanded method by prosecutors to recapture dismissed charges.


We'll keep reporting on this one.

Thursday, April 15, 2010, 4/15/2010 11:48:00 AM

Philippines Tax Authority Wants to Publish Names of Biggest Taxpayers - But Their Tax Code Declares Identities a Trade Secret

By Todd

Interesting issue out of the Philippines. Leonard Vinz O. Ignacio has authored a piece noting that their Bureau of Internal Revenue has decided to publish, in honor, the names of the country's biggest taxpayers "to serve as a model for others to emulate and follow." Sort of a hall-of-fame list of taxpayers.


BUT, WAIT A MINUTE, says Mr. Ignacio - the code does not permit for this. He cites the following tax code paragraphs:


"SECTION 270. Unlawful Divulgence of Trade Secrets. -- Except as provided in Section 71 of this Code and Section 26 of Republic Act No. 6388, any officer or employee of the Bureau of Internal Revenue who divulges to any person or makes known in any other manner than may be provided by law information regarding the business, income, or estate of any taxpayer, the secrets, operation, style or work, or apparatus of any manufacturer or producer, or confidential information regarding the business of any taxpayer, knowledge of which was acquired by him in the discharge of his official duties, shall, upon conviction for each act or omission, be punished by a fine of not less than P50,000 but not more than P100,000, or suffer imprisonment of not less than two years but not more than five years, or both."

"SECTION 278. Procuring Unlawful Divulgence of Trade Secrets. -- Any person who causes or procures an officer or employee of the Bureau of Internal Revenue to divulge any confidential information regarding the business, income or inheritance of any taxpayer, knowledge of which was acquired by him in the discharge of his official duties, and which it is unlawful for him to reveal, and any person who publishes or prints in any manner whatever, not provided by law, any income, profit, loss or expenditure appearing in any income tax return, shall be punished by a fine of not more than P2,000, or suffer imprisonment of not less than six months nor more than five years, or both."

He argues the listing of the country's biggest taxpayers is an invasion of their privacy and an express violation of the tax code itself. Interesting argument - and we'd have to agree that the listed code sections make it seem as if their Bureau of Internal Revenue has got this one exactly wrong. We note we've never encountered this "tax information as trade secrets" issue before but learn something new all the time on this blog.

Wednesday, April 14, 2010, 4/14/2010 11:29:00 AM

Rep. Issa Accuses National Highway Transportation Safety Administration of Playing Politics With Documents

By Todd

POLITICO is reporting that Representative Darrell Issa is agitated the NHTSA is refusing to turn certain Toyota documents over to Republicans even though they've been provided to Democrats. According to the report, NHTSA won't turn them over to the Republicans on grounds that they contain trade secrets and, as such, "are only available to committee chairmen."


We can't discern whether the NHTSA is actually taking that position - but this is the first we've ever heard about such a claim. Even assuming the documents contain trade secrets - why would the committee chairmen receive them but non-chair members not? We'll investigate this report further and comment regarding what we find.

Tuesday, April 13, 2010, 4/13/2010 03:03:00 PM

Customer Lists as Trade Secrets? Not A Per Se Rule

By Todd

The Association of Corporate Counsel's website is an excellent resource for in-house and other attorneys. Today, they posted a question and answer exchange with a respected attorney from the Dorsey & Whitney firm - Roy Ginsburg.


We think Mr. Ginsburg has his analysis exactly right - there are generally not per se rulings that establish a customer list is, or is not, a trade secret under applicable state law. What we routinely say about these and other data compilations is that they may, under the right circumstances, constitute trade secrets.

Thursday, April 08, 2010, 4/08/2010 09:46:00 AM

San Francisco Chronicle Op-Ed: Data Espionage A Major Issue Facing U.S.

By Todd

This was an interesting op-ed piece published in the San Francisco Chronicle yesterday. We're glad this discussion is underway:

"The company's disclosure in January that it was attacked by China-based hackers -- and its subsequent decision to scale back operations there -- have stoked long-standing fears over the ability of cyber adversaries to penetrate commercial and government networks in the U.S.
If a full-fledged cyberwar were to break out, the nation's economy would be hit hard. Banks might not be able function, electricity, water and other utilities could be shut off, air travel would almost certainly be disrupted, and communications would be spotty at best -- in a word, chaos.

Few think that such a war is imminent. But damage has already been done by a slew of cyberattacks that, while well short of cyberwar, have still resulted in the theft of terabytes of intellectual property data, trade secrets and classified military and government information. That information is now in the hands of overseas groups, many of which are thought to be state-sponsored
.
It's not just data and secrets. Cyberthieves have also made off with billions of dollars from U.S companies and banks, and there are growing concerns that cyberattackers are making subtle changes to software source code. That way, they can create permanent windows into a company's operations for future mischief.

An 'existential threat'

Many see the attacks as evidence that the U.S. is already in the midst of an undeclared cyberwar, with attacks against government targets estimated to have more than doubled in the past two years. Just last week, a top FBI official called cyberattacks an "existential threat" to the U.S. On Friday, two U.S. senators now pushing cybersecurity legislation in Congress reiterated those sentiments.

And Mike McConnell the former director of the National Security Agency (NSA) and director of national intelligence during the Bush administration, recently said in a Washington Post column that the U.S is not only fighting such a war, it's also losing the battle.

That sentiment was echoed by U.S. Navy Admiral Robert Willard, who warned Congress about U.S military and government networks being hit by attacks that appeared to originate from China. The attacks are challenging the military's ability to "operate freely in the cyber commons," he said.

Those views are shared by security experts in both the government and the private sector who see the relentless probing and attacks on U.S agencies and commercial interests as a precursor to something more devastating. The concern is prompting action of sorts in Washington. In just the past month, two major cybersecurity bills have been proposed. One would tie U.S. financial aid to a country's willingness to fight cybercrime. The other would strengthen U.S. cybersecurity and require the president to work with private industry in responding to a cyber crisis. That's a forgone conclusion, given how much of the nation's cyber infrastructure is in private hands.

A cybersecurity ambassador?

Meanwhile, the U.S. State Department is rumored to be considering the creation of a cybersecurity ambassador for the U.N. That's important, since there's no settled definition of cyberwar, and various nations are already trying to figure out what a cyberwar entails and how it would be declared -- and fought.

The first step to formulating an organized response is to define cyberwar correctly, said Robert Rodriguez, a former Secret Service special agent and founder of the Security Innovation Network. Calling what's gone on in recent years a "cyberwar" only complicates things, he said.

"War connotes huge conflict at a grand level between nations and societies," Rodriguez said.
It also involves the use of military force to essentially destroy another nation's capabilities and will to resist, according to James Lews, director and senior fellow at the Center for Strategic and International Studies. The cyber equivalent of such a conflict would involve a nation using cyber means to attain political ends in another country, said Lewis, who led a commission that developed a set of cybersecurity recommendations for President Obama last year.

"When you look at the number of systems that have been Trojaned or compromised, you could say our cyberbattlefield has been prepped and can be used against us," admits Jerry Dixon, former director of the National Cyber Security Division at the U.S. Department of Homeland Security (DHS).

"However, the adversary has to decide if the intelligence they're getting from our systems and networks is more valuable than attacking them to take them offline," he said. "If they attack and take them offline, they will lose insight into what we're doing."

Making such distinctions is crucial from a strategic response standpoint. "Pronouncements that we are in a cyberwar or face cyberterror conflate problems and make effective response more difficult," Lewis said.

So if the attacks of recent years aren't warfare, what are they?

Spies or criminals?

A lot of what's going on is happening on two levels: cyberespionage and cybercrime on a massive -- and growing -- scale. They aren't new, said Patricia Titus, the former chief information security officer at the Transportation Security Administration who now holds a similar post at Unisys Corp. But the attacks on Google and other companies refocused attention on the scope of the problem, she said.

Many of the recent attacks tended to originate from china, though countries such as Russia and India are also suspect. Specific companies and government organizations are usually targeted through the use of social engineering tricks, advanced reconnaissance and sophisticated malware tools that can quietly penetrate networks and steal data. What's not always clear is whether this kind of economic and military espionage is state-sponsored or carried out by hactivists and opportunists.

Increasingly, there appears to be a nexus between the groups committing cybertheft and those doing cyberespionage, said Amit Yoran, former director of the National Cyber Security Division of the DHS and current CEO of NetWitness Corp. Many of the botnets, servers, malware tools and techniques now used in cybercrime are also being used for espionage. "Where traditionally a [state-run] intelligence service would execute their own operations, now they have ties with organized crime," he said.

Those kinds of connections -- loose, fluid and constantly changing -- make fending off cyberattacks difficult. As a result, a successful strategic response means that the intelligence community, the U.S Secret Service, FBI and other law enforcement agencies have to start collaborating more, security analysts say. And more information-sharing between the private and public sectors needs to take place.

The vast majority of the critical infrastructure in the U.S. is owned by the private sector. But most companies have little or no information about the wealth of threat data being collected by intelligence and other government agencies, Titus said. If they're unaware of the threats, they may be vulnerable.

At the international level, moves like the proposal to create a U.N. cyber ambassador who can negotiate cybersecurity matters and articulate U.S. policy are crucial, Titus said. In fact, she wants the State Department to consider installing cyber attachés at U.S. embassies in key countries such as China, India and Russia. That way, the U.S government could quickly communicate with the appropriate authorities in other countries during a cybercrisis. It also gives U.S firms operating in countries such as India and China -- think Google -- a place to turn to immediately when a crisis flares, she said.

The government also needs to focus on continuous monitoring and situational awareness by creating an early-warning system that could sniff out attacks, said Karen Evans, former de facto federal CIO under the Bush administration. Getting a jump on an attack would allow government agencies to respond in a coordinated fashion, she said.

No national policy

Evans believes the time has come for the government to formalize a national policy for dealing with cyberthreats. Such a policy should clearly define the thresholds beyond which cyberattacks will be considered an act of war, establish who's in charge among the different federal agencies that would respond to a cyber crisis, and spell out when they are allowed to use that authority.

Few doubt that the U.S. Department of Defense and the NSA could launch crippling cyberoffensives of their own in response to a cyberattack. But a policy framework needs to be in place defining when such an offensive is appropriate, Yoran said. Whether that retaliation means a cyber-counteroffensive or a more conventional military one needs to be figured out as part of U.S. cyberpolicy before a crisis, Yoran said,

"Just as we would respond to a terrorist attack, there needs to be some sort of a response capability," Titus said."

Wednesday, April 07, 2010, 4/07/2010 02:24:00 PM

Forrester Report on Corporate Secrets: Too Much For Compliance, Not Enough For Security

By Todd

Forrester Research, Inc. in Cambridge, Massachussetts has published a report on corporate secrets in Western economies and it identifies some interesting conclusions, identified below:


(1) Secrets comprise two-thirds of the value of firms’ information portfolios. Despite the increasing mandates enterprises face, custodial data assets aren’t the most valuable assets in enterprise information portfolios. Proprietary knowledge and company secrets, by contrast, are twice as valuable as the custodial data. And as recent company attacks illustrate, secrets are targets for theft.


(2) Compliance, not security, drives security budgets. Enterprises devote 80% of their security budgets to two priorities: compliance and securing sensitive corporate information, with the same percentage (about 40%) devoted to each. But secrets comprise 62% of the overall information portfolio’s total value while compliance-related custodial data comprises just 38%, a much smaller proportion. This strongly suggests that investments areoverweighed toward compliance.


(3) Firms focus on preventing accidents, but theft is where the money is. Data security incidents related to accidental losses and mistakes are common but cause little quantifiable damage. By contrast, employee theft of sensitive information is 10 times costlier on a per-incident basis than any single incident caused by accidents: hundreds of thousands of dollars versus tens of thousands.

(4) The more valuable a firm’s information, the more incidents it will have. The “portfolio value” of the information managed by the top quartile of enterprises was 20 times higher than the bottom quartile. These high value enterprises had four times as many security incidents as low-value firms. High-value firms are not sufficiently protecting data from theft and abuse by third parties. They had six times more data security incidents due to outside parties than low-value firms, even though the number of third parties they work with is only 60% greater.

(5) CISOs do not know how effective their security controls actually are. Regardless of information asset value, spending, or number of incidents observed, nearly every company rated its security controls to be equally effective — even though the number and cost of incidents varied widely. Even enterprises with a high number of incidents are still likely to imagine that their programs are “very effective.” We concluded that most enterprises do not actually know whether their data security programs work or not.


This is very interesting report. We'll report back as we digest the findings and data.

Tuesday, April 06, 2010, 4/06/2010 09:57:00 AM

Lockheed Martin's $37 Million Trade Secrets Verdict Against L-3 Communications Tossed: New Trial Ordered Based on Allegedly Withheld Evidence

By Todd

We first reported this massive misappropriation of trade secrets verdict here: http://wombletradesecrets.blogspot.com/2009/05/lockheed-martin-wins-3728-million-trade.html.


Law.com is reporting that a federal judge has tossed out a $37.3 million trade secrets verdict for Lockheed Martin Corp. and ordered a new trial after finding that the aircraft company failed to turn over to a defendant competitor documents critical to the case. This is a major-league trade secrets story, folks, including the rejection of Lockheed Martin's $16 million fee request. The basis for the court's order is outlined below in bold - but the court apparently believed that evidence exists proving that Lockheed Martin did not treat the information L-3 allegedly stole as a trade secret because it permitted a competitor to utilize that information without necessary licensing or contractual protections in place.

U.S. District Judge Charles A. Pannell Jr. on March 31 ordered the new trial at the request of Texas military contractor L-3 Communications, the defendant in the five-year-old case. Pannell said it was "probable" that the outcome of the trial would have been different if the jury had been given access to the information that Lockheed withheld.

In his order, Pannell also tossed out Lockheed's motion for more than $16 million in legal fees.
Five years ago, in a race to the courthouse, Lockheed sued L-3 in U.S. District Court in Atlanta over what it claimed was a misappropriation of trade secrets associated with the design and construction of Lockheed's anti-submarine bomber, which is used by navies around the world. Lockheed has large aircraft plants in Marietta and Warner Robins.

L-3, in turn, filed a separate antitrust suit against Lockheed in U.S. District Court in Dallas, claiming that Lockheed had filed the Atlanta suit to stifle competition. That case is pending.
The dueling cases are the result of a high-stakes feud between the two international defense contractors over a growing international market: the refurbishment of military aircraft, many of them originally designed and built by Lockheed, that are owned by governments around the world.

In May 2009, after a three-week trial, a federal jury in Atlanta $37 million and unspecified "reasonable" legal fees and litigation expenses. The jury found that L-3 -- a subsidiary of L-3 Communications Corp., the sixth-largest defense company in the United States -- had misappropriated proprietary information belonging to Lockheed while it was a subcontractor for Korean Aerospace Industries. The jury also found that L-3 breached licensing contracts with Lockheed through which L-3 had been given access to some of the proprietary data at the heart of the suit.

The allegations against L-3 involved a $427 million contract awarded to L-3, over Lockheed, by the South Korean government to refurbish eight of the Lockheed planes.

L-3 lawyers first accused Lockheed of intentionally withholding evidence critical to its defense last August, claiming the violation "undoubtedly changed the outcome of the trial."

The evidence that forms the basis of L-3's allegations are apparently detailed in 12 pleadings and more than 100 exhibits, including the defendant's initial motion to dismiss the case and Lockheed's response, that have all been filed under seal.

The only information available to the public as to why Pannell ultimately overturned the $37 million verdict is in his 8-page order issued this week.

On Thursday, however, the judge issued another order saying that he had "received an inquiry from the media as to [the] basis for the sealing of the motion, the briefs in support and in opposition, and all the exhibits filed in relation to this motion." That inquiry was from the Daily Report.

Pannell gave Lockheed and L-3 lawyers 10 days to show cause as to why the pleadings and all attachments that led to his new trial order should not be unsealed by the court.

"The court recognizes the need for maintaining alleged trade secrets under seal," Pannell wrote in the order. "However, much of what is filed with regard to the motion for new trial could not be considered trade secret."

Lockheed counsel William H. Boice, a partner at Kilpatrick Stockton in Atlanta, declined comment Thursday on the new trial order, saying, "The company has a policy of not commenting on ongoing litigation."

Boice co-counsel James F. Bogan III, who could not be reached for comment Thursday, told the Daily Report last October, after the new trial motion was filed, that he could not talk about the issue because, "There is a protective order in place."

Neither a Lockheed spokesman nor lead defense counsel Martin E. Rose, a partner at Rose Walker in Dallas, could be reached for comment.

NEW EVIDENCE?

But in an emergency motion filed last August that was not sealed, Martin and his co-counsel contended that long after the May verdict, they had uncovered "critical evidence ... that directly contradicts Lockheed's witnesses' sworn testimony."

The new evidence was obtained from Lockheed in response to a discovery request in the ongoing Dallas case, according to the emergency motion.

In a housekeeping motion filed Sept. 28, L-3 lawyers contended that the newly discovered evidence "goes to the core of the issues raised at trial and undermines the foundation for the jury's award."

In Wednesday's order, Pannell outlined the allegations against Lockheed, saying it was "undisputed" that Lockheed had failed to turn over certain documents that would have shown that Lockheed knowingly allowed a competitor -- CASA-EADES, known as CASA -- to use its proprietary data without a license in performing a contract for Brazil to upgrade P-3 aircraft, the Lockheed bomber at the heart of the trade secrets case.

"Evidence that Lockheed allowed another company to utilize its proprietary data is important because failure to maintain the secrecy of such data results in the termination of trade secret status," Pannell wrote. "The main thrust of L-3's defense in this case was that the data it utilized was no longer a trade secret because it had not been properly protected by Lockheed."

According to Pannell's order, L-3 also contended that internal company e-mails Lockheed withheld would have shown that a letter of assurance from CASA that Lockheed relied on at the trial "was actually meaningless and was created by Lockheed to cover the fact that it had allowed its trade secrets to be used without compensation. Lockheed used this letter at trial to buttress its claims that it had taken all necessary steps to protect its trade secrets."

Pannell noted in his order that "the fact that Lockheed, not CASA, drafted the letter is an important fact that L-3 could have presented to the jury in arguing that the steps Lockheed took to protect its trade secrets had been all form and no substance."

What the e-mails at issue showed, according to the judge's order, was that "at some point, Lockheed employees knew or believed that CASA was planning to illegally utilize Lockheed's data and that Lockheed intended to allow this to happen."

Lockheed contended it did not produce the e-mails in question because "they were not clearly responsive" to L-3's discovery requests.

Pannell disagreed. But he declined to dismiss the case entirely, saying L-3 had not made the case that a lesser sanction -- in this case a new trial -- would fail to repair the harm caused by Lockheed's abuse of the discovery process.

"While the court is puzzled by the fact that Lockheed provided certain emails related to the P-3 data rights with respect to the Brazil program and even emails within the same email 'tree' while withholding the emails at issue here, the court is hesitant to find that the documents at issue were intentionally withheld for the purpose of obtaining an advantage in this litigation, particularly in light of the voluminous amount of documents that were exchanged in this matter," the judge wrote in his order.

Although L-3 lawyers have argued that the jury's verdict would have been different if the e-mails had been presented at trial, Pannell found that such a determination "is very difficult to make in hindsight."

But, he added, "The point is that L-3 should have had the opportunity to make these arguments to the jury. ... Therefore, the court concludes that it is more than possible, and is even probable, that the outcome of the jury trial would have been different in this case if Lockheed had properly turned over the documents."

We'll continue reporting on this one for you. This is perhaps the most interesting trade secrets story of 2010.

Friday, April 02, 2010, 4/02/2010 11:12:00 AM

Australians Complain: Chinese Law of Trade Secrets Undefined

By Todd

The Australian has published an interesting piece focusing on the claim of "theft of commercial secrets" in the Rio Tinto criminal prosecutions and convictions. We thought you'd like to see it - you can click on the title to this post or read the most interesting portions copied below:


"In an extraordinary twist, it now appears the men were originally picked up solely on charges of stealing state secrets -- and this was why the State Security Bureau, or secret police, was involved. There is a murky line in China between state and commercial secrets in industries where government monopolies mean the big players are all state-owned.

The bribery charges were laid during questioning but that has not surprised anyone familiar with a sector in China that is rife with graft. "It's not clear where the line is between legitimate information-gathering and criminal commercial-secret stealing," said two international experts on Chinese law, Jerome Cohn and Yu-Jie Chen of New York University.

The Chinese government had a chance to clarify that line in this trial, but chose to shroud it in secrecy.

Only one of the four men, Liu Caikui, admitted the allegations of stealing trade secrets. Rio, which sacked the men after the sentences were handed down, describing the bribery allegations as "deplorable", privately insists that nothing it received from Hu and others could be classified as a trade secrets.

But the verdict, obtained and translated by The Weekend Australian, lists eight separate instances where Rio employees obtained commercial information that the court determined were "secrets".

Some of the claims go back as far as 2005 to a CISA conference in the city of Wuxi, where Wang Yong, another of the jailed Rio workers, obtained information from Fang Zeshan, the international trade department director of Shandong Shiheng Special Steel company.

The meeting with Tan is the only instance where Hu is accused of physically obtaining information himself. In other cases, he is accused of "instructing" others. He argued in court that he had a "passive" role in dealing with the so-called secrets.

His lawyer says the current evidence also can't prove the theft of secret information cost the Chinese steel industry 1 billion yuan -- as claimed, but not explained, by the Shanghai No 1 People's Intermediate Court.

So far Tan is the only person on the other side of the bribery and secrets charges in the Chinese steel sector who is known to have been charged. He was sentenced the same day as Hu and his colleagues by the same judge, Liu Xin, but the result was not published and remains unknown.


But the court made it clear that everyone from the steel mills and trading houses involved in the case will be subject to legal action.

Chen says the verdict claims that, on one occasion, Rio's "Singapore headquarters asked the employees in China to gather more about the production situation of the Chinese clients".

"But it is not clear whether Rio asked their employees to collect the information beyond legal means," she adds, "so one cannot claim Rio instructed the employees to conduct illegal activities by only these testimonies."

But she also posed questions still being asked by many. Did Hu's Rio superiors instruct the Shanghai office to collect the information? Who received it? How high did it go? And what did they do with it?

What is remarkable is that Rio's widely touted audit of its processes did not pick up the bribery. Still, Rio did tacitly admit its processes in China were flawed.

The arrest of the Rio Four came on the back of Rio's rejection of a $US19.5 billion alliance with Chinalco, which already held a 9 per cent stake in the Anglo-Australian miner.

The rejection was slammed by the state-owned Chinalco and the state-owned Chinese media. Shortly afterwards the annual iron ore price talks collapsed -- or, according to this week's court verdict, Rio pulled out.

Beyond the top-level diplomatic spat, Chinalco and Rio themselves did not talk for several months. Gradually, though, contact began again and former US secretary of state Henry Kissinger was engaged on the basis of his longstanding and extremely high-level connections in China to act as a go-between.

Rio has upgraded the China country division to its own office -- it was formerly run out of Singapore -- and placed Chinese speaker Ian Bauert in charge. It has also employed Stephen Bradley, a former British Foreign Office employee, as a special China adviser to chief executive Tom Albanese. These men now make up "team China" at Rio.

Rio is still working through the verdict but believes all the information it received was obtained legally. It is still unsure what else it will say. After all, having mended its bridges and having certainty about its four employees being corrupt, why would it risk being put in the commercial doghouse by China once more -- even it was the right thing to do?
back to top