September 25, 2017

Don’t Click Here: You May Violate the Computer Fraud and Abuse Act

I will be giving a webinar on June 4, 2013, hosted by Bloomberg BNA on the status of the Computer Fraud and Abuse Act (CFAA) and whether you too may have committed a federal crime by breaching the Terms of Use of an online agreement. While this may be somewhat of an overstatement, the recent suicide of Aaron Swartz, who was facing a lengthy prison term for downloading academic journals from a website in breach of the site’s terms of use and the Justice Department’s stated willingness to prosecute such crimes has made this more than a purely academic exercise. Further, in response to this concern and the increased risks posed by computer hackers to our critical infrastructure and to the intellectual property of U.S. corporations, Congress is again considering amending the CFAA and a number of bills have been introduced that would increase the penalties for violations of the Act.

If you would like to learn more about this very important topic and how you and your organization can avoid running afoul of both the criminal and civil provisions of the CFAA you should attend my webinar. You can do so at a discount level by following the steps below:

1. Navigate to the registration page for the program on the Bloomberg BNA website: http://www.bna.com/computer-fraud-abuse-w17179873598/.

2. Choose “Live webinar” from the drop-down menu and add it to the cart. (At this point they may be asked to create an account if they don’t have an existing one from having purchased other Bloomberg BNA products. If so, please ask them to be sure to complete all required fields.)

3. Type the promo code LGAUEBR3 into the specified field. The dollar amount will be decreased by 20 percent. An automatically-generated email will soon arrive at the email address entered during the account creation process mentioned above containing the connectivity information to be used the day of the program

Computer Fraud and Economic Espionage

I gave two speeches on computer crime, theft of trade secrets and economic espionage this week. First, I lectured to 36 judges from Thailand, including a number of justices from the Thai Supreme Court at a program at Boalt Law School in Berkeley, California. Boalt has recently begun a program of hosting foreign judges for two weeks to learn about U.S. law, in general, and electronic commerce in particular. While the subject of my four hour lecture on cyber crime was very different from other lecture topics, the judges appeared very interested, and after overcoming an initial reluctance, asked a number of interesting and thought provoking questions. Hopefully, they will take away an understanding of the importance of cyber security to electronic commerce.

Next, I spoke at the spring meeting of the American Intellectual Property Law Association in Seattle, Washington, on the Administration’s Strategy on Mitigating the Theft of U.S. Trade Secrets. The strategy, which was launched in February of this year contains five action items including (1) increased focus on diplomatic efforts to protect trade secrets; (2) encouraging domestic voluntary best practices by private industry to protect trade secrets; (3) enhancing domestic law enforcement operations; (4) improving domestic legislation; and (5) raising public awareness and stakeholder outreach. With regard to item 4, the intellectual property enforcement coordinator published a request in the Federal Register on March 19, 2013, for comments/recommendations that would enhance enforcement against, or reduce the risk of, the misappropriation of trade secrets for the benefit of foreign competitors or foreign governments. Submissions were due by April 22, 2013. A copy of my comments is available here.

My speech emphasized that while the action items certainly represent a step in the right direction, ultimately, the success will depend on whether the government actually follows through with action. Moreover, even if the government does implement the programs and increase protection of trade secrets, the government can only do so much, especially in this era of government cutbacks. And, ultimately, businesses must do more to protect their valuable intellectual property. Please click here for a copy of my presentation.

Read My Federal Register Comments on Existing Laws Related to the Enforcement of Trade Secrets

Here are my comments to the request by the U.S. Intellectual Property Enforcement Coordinator (IPEC) for public input on existing laws related to the enforcement of trade secrets.

Docket No: IPEC-2013-XXX
RE: Trade Secret Theft Strategy Legislative Review
Submitted by: Peter J. Toren, partner, Weisbrod, Matteis & Copley, PLLC, 1900 M Street, Washington, D.C. 20036, (202) 499-7900, ptoren@wmclaw.com

This is being submitted pursuant to the request by the U.S. Intellectual Property Enforcement Coordinator (IPEC) for public input and participation to determine if legislative changes that would enhance enforcement against, or reduce the risk of, the misappropriation of trade secrets for the benefit of foreign competitors or foreign governments.

In order to reduce the risk of misappropriation of trade secrets for the benefit of foreign competitors or foreign governments, Congress should first amend the Economic Espionage Act to include a section that specifically covers the transmission of a stolen trade secret to a company or entity located outside of the United States. As discussed in more detail below, at present, where the government cannot establish that the defendant knew that the theft was intended for the benefit of “any foreign government, foreign instrumentality, or foreign agent,” the defendant cannot be charged with economic espionage but can only be charged with violating § 1832 of the EEA, which punishes general trade secrets theft. By amending the EEA as proposed, a defendant who transmitted a valuable trade secret to a foreign corporation or entity that was not under the control of a foreign government could still face harsher punishments and such an amendment would also better reflect Congress’ intent.

Second, Congress should enact a civil counterpart to the EEA. I have conducted the most detailed study of the government’s prosecutions to-date under the EEA and based on this study have concluded that the number and type of prosecutions the EEA are unlikely to deter economic espionage. See Peter J. Toren,  An Analysis of Economic Act Prosecutions: What Companies Can Learn From it and What the Government Should Be Doing About It!, BNA’s Patent, Trademark & Copyright Journal, (Vol. 84, No. 2081) (hereinafter “Toren Analyis”). In an era of limited government resources this is unlikely to change.

[Read more…]

How Law Firms Can Help Clients Prevent Cyber-Espionage

If you’ve been reading all the recent articles about cyber-crime in the news these days—and you’re curious about how your firm can protect itself from these threats, especially from China, then you’ll want to listen to this podcast I did recently with Thomson Reuters

Chinese Corporate Spying Case is Just the Tip of the Iceberg

Bloomberg Law released on March 19, 2012 my interview regarding the Economic Espionage Act.

Big News: Federal Civil Trade Secrets Bill is Introduced

Big News! After years of speculation and talking, it’s finally happened.  Congress is seriously considering amending the criminal theft of trade secrets law (referred to as the Economic Espionage Act) to include a private cause of action.  Soon, you too may be able to sue for theft of trade secrets in federal courts.

Last week, Senators Herb Kohl (D-Wis) and Christopher  Coons (D-DE) introduced an amendment to the Currency Exchange Rat Oversight Reform Act that would amend the Economic Espionage Act to include a provision that would give private litigants the right to sue in federal court for the theft of trade secrets.  Currently, the EEA is strictly a criminal statute and civil claims for trade secret theft must be brought in state courts, unless there is another basis for asserting federal jurisdiction.  Since the EEA was enacted in October of 1996, the federal government has brought approximately 60 cases under the EEA.  The amendment would enable victims of trade secret theft to seek injunctive relief and compensation for actual damages.

The proposed bill would amend 18 U.S.C. section 1836 to provide that “[a]ny person aggrieved by a violation of section 1832(a) may bring a civil action under this subsection.’   In turn, in order to prove a violation of section 1832 as it presently reads, the government must prove (1) the defendant stole or without authorization of the owner, obtained, destroyed, or conveyed information; (2) the defendant knew this information was proprietary; (3) the information was in fact a trade secret; (4) that the defendant acted with intent to convert a trade secret to the economic benefit of a third party; and (5)  that the defendant act intending or knowing that the offense will injure any owner of that trade secret.  To read a copy of the bill, please click on the following link for the Civil EEA.

My book, Intellectual Property & Computer Crimes,”  (Law Journal Press 2003) contains a very detailed and up to-date analysis of the EEA, including a description of all cases that the government has brought to-date.  (To purchase my book click here).   In addition, as a federal prosecutor with the Computer Crime & Intellectual Property Section of the United States Department of Justice in the 1990s, I advised Congress on the EEA and my law review article, The Prosecution of Trade Secrets Thefts Under Federal Law, 22 Pepperdine L.Rev. 59 (1994), was cited in the legislative history in support of the EEA.  Finally, I also was the lead prosecutor in one of the first cases, United States v. Four Pillars, ever brought under the EEA.

Please post a comment about what you think of the proposed law.

 

Avoiding/Reducing Corporate Criminal Exposure for IP Violations

All it takes are the acts of one rogue employee for the federal government to open a criminal investigation of the company.  In the intellectual property arena, companies have found themselves to be the subject of a federal investigation, for example, by  hiring employees from a competitor and who bring with them to their new company the trade secrets and other confidential information from their old company.  Avoiding exposure to liability for criminal theft of trade secrets under the Economic Espionage Act requires that businesses take a close look at all their procedures involving confidential information.  Standards of contracting authority and rules for entering into nondisclosure agreements should be reviewed to control the process of assuming, tracking, and enforcing confidentiality obligations to third parties.  Hiring practices should be reviewed to avoid hiring tainted employees and consultants and to emphasize respect for intellectual property rights as part of a company’s training program.  Perhaps most importantly, a company must examine its business relationships to determine the procedures and behaviors of those who may create vicarious liability under the EEA.
[Read more…]

Are You Ready To Be Hacked?

A number of the largest ever computer security breaches have occurred over the past several months.  For example, at the end of March, computer hackers stole the names and email addresses of customers of Barclayscard US, Capital One and other large firms from the email provider Epsilon.  Then in April, 2011, reports suggest that hackers obtained credit card information and other personal identifiable information of potentially 77 million Sony Playstation users in 59 countries.  There have also been a number of other large scale attacks since then. While it is extremely difficult to measure with precision the total costs and damages caused by a security breach, especially for ones as large as these, it is estimated that Epsilon and Sony may be out tens of millions of dollars.  According to one estimate, the average cost to respond to a breach in 2010 was more than $300 per affected customer.  Thus, if the estimates are correct, Sony could be facing a bill of more than $20 billion just for notifying affected customers.
[Read more…]