Burdensome Secrets: A Comparative Approach to Improving China’s Trade Secret ProtectionsEric D. EngelmanNOTE - Fordham Intellectual Property, Media & Entertainment Law Journal
22138
portfolio_page-template-default,single,single-portfolio_page,postid-22138,ajax_fade,page_not_loaded,,select-theme-ver-3.3,wpb-js-composer js-comp-ver-4.12,vc_responsive

Burdensome Secrets: A Comparative Approach to Improving China’s Trade Secret Protections
Eric D. Engelman
NOTE

  The full text of this Note may be found by clicking the PDF link on the right.

 

 

 

INTRODUCTION

 

[I]

nformation and know-how are crucial for businesses in developing and maintaining a competitive advantage in today’s economy.1 The important role of trade secrets has grown over the past few decades with the emergence of the global information society.2 Intellectual property and other intangible assets account for as much as 75% of most organizations’ value and sources of revenue.3 Trade secrets are unique among intellectual property rights because they are highly pervasive and relevant for virtually all businesses; businesses frequently use trade secrets regardless of their industry or size, and trade secrets are crucial for maintaining competitive advantages.4 Each year, trade secret theft costs multinational companies billions of dollars.5 However, the exact cost of trade secret theft for US companies is uncertain because many of the victims do not become aware of the crime until years later.6 Additionally, companies may not report the theft or intrusion because announcing a breach could tarnish a company’s reputation and endanger its business relationships.7 The increase in technology use—both by companies and the actors responsible for stealing trade secrets—is one factor contributing to the exponential in-crease in trade secret litigation that has occurred over the past few decades.8 Additionally, “[t]he storage of data overseas ‘has made intellectual capital theft more prevalent and prosecution much more difficult.’”9

 

A priority of the United States government is addressing the theft and transfer of innovative technology trade secrets overseas.10 According to the United States Intellectual Property Enforcement Coordinator (“IPEC”),11 trade secret theft and economic espionage against corporations based in the United States is accelerating.12 The foreign competitors of these corporations are recruiting current and former employees of United States corporations to steal trade secret information and some of these competitors have ties to foreign governments.13 Trade secret theft through cyber intrusion is affecting law firms, academia, and financial institutions in addition to United States corporations.14 The United States government is going to continue to apply diplomatic pressure on foreign governments to discourage trade secret theft and to encourage them to strengthen their enforcement against trade secret theft.15

 

As a trade policy tool, IPEC enlists the United States Trade Representative (“USTR”) to help promote international enforcement against trade secret theft in order to prevent unfair competition against United States companies.16 Every year, the USTR conducts a review of the intellectual property rights and state of intellectual property enforcement in trading partners around the world.17 The “Special 301” Report is published annually, reflecting the findings of the USTR’s review.18 The 2014 Special 301 Report again emphasized the need to protect trade secrets because the theft and other forms of economic espionage appear to be escalating.19 In particular, the report reflected the United States’ concern with the growth of trade secret theft in China and China’s gaps in trade secret protection and enforcement.20 The Special 301 Report stressed the difficulty of obtaining remedies for trade secret misappropriation under Chinese Law.21

 

The United States government is becoming increasingly concerned with trade secret theft occurring in China.22 According to a 2011 report to Congress on foreign economic collection and industrial espionage prepared by the Office of the National Counterintelligence Executive (“ONCIX”), “Chinese actors are the world’s most active and persistent perpetrators of economic espionage.”23 There has been a barrage of computer network intrusions originating in China.24 Although cybersecurity specialists and other American private-sector firms reported these intrusions, the intelligence community has been unable to confirm who is responsible for the attacks.25 Mandiant, an independent security firm, reported in 2010 that during the course of a business negotiation where a US Fortune 500 manufacturing company was seeking to acquire a Chinese firm, information was stolen from the company’s corporate servers.26 The US company lost sensitive data on a weekly basis and this may have helped the Chinese firm attain a better position in the negotiations.27 Mandiant concluded that “‘The Chinese government may authorize this activity, but there’s no way to determine the extent of its involvement.’”28

 

In February of 2013, Mandiant published a follow up report in which they changed their assessment and concluded that “the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.”29 According to the report, the Advance Persistent Threat, which Mandiant refers to as APT1, is likely a Chinese government-sponsored actor and a unit of the People’s Liberation Army known as Unit 61398 or the Second Bureau of the People’s Liberation Army General Staff Department’s Third Department.30 The report also identifies the persona “Ugly Gorilla” as a hacker in the unit and concludes that the person behind the persona is a man named Wang Dong.31 The report “details efforts by an arm of the People’s Liberation Army starting in 2006 to systematically infiltrate 141 companies in over twenty major industries, including 115 US companies.”32 Hundreds of terabytes of data, including all forms of trade secrets, were stolen from these US companies.33

 

In May 2014, the United States charged state actors with economic espionage for hacking into computers and stealing trade secrets for the first time.34 Five Chinese military hackers were indicted by a grand jury in the Western District of Pennsylvania on thirty-one counts, including economic espionage, trade secret theft, computer hacking, and other offenses against Westinghouse Electric Co., United States subsidiaries of SolarWorld AG (“SolarWorld”), United States Steel Corp (“US Steel”), Allegheny Technologies Inc. (“ATI”), the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (“USW”), and Alcoa Inc.35 These intrusions began as early as 2006 and in some of the cases, the information would have been particularly beneficial to Chinese companies at the time it was stolen.36 One of the five defendants named in the indictment is Wang Dong a.k.a. “UglyGorilla.”37 He and the other defendants worked for the People’s Liberation Army’s General Staff, Third Department in Unit 61398.38 The defendants sent “spearphishing”39 messages to trick the recipients into giving them access to their computers.40 Once the defendants had a foothold in a computer, they “performed a variety of functions designed to identify, collect, package, and exfiltrate targeted data.”41 However, it is unlikely that any of the defendants will actually face trial because China does not have an extradition treaty with the United States.42 Consequently, trade secret owners must be afforded viable enforcement options in China.

 

The Chinese government was also implicated in a civil suit that settled in 2012.43 Cybersitter LLC settled a $2.2 billion civil suit for an undisclosed amount.44 The suit alleged that several computer makers colluded with the Chinese government to develop webfiltering software using code that was stolen from Cybersitter.45 According to Cybersitter, the software that was allegedly stolen was the first filtering software to block both pornographic and violent online content.46 Researchers at the University of Michigan determined that the Green Dam program, which was part of a plan announced by the Chinese government to filter pornographic, violent, and political content on computers within China, copied roughly 3,000 lines of code from Cybersitter’s software.47 A group of the Chinese companies involved filed motions to dismiss for a lack of personal jurisdiction, forum non conveniens, and for failure to join a necessary and indispensable party, but all of the motions were denied.48 Default judgment was entered against the Chinese government because it did not appear and was not immune under the commercial activity exception to the Foreign Sovereign Immunities Act.49 Interestingly, one of the defendants in the case, Zhengzhou Jinhui Computer System Engineering Co., had ties to a research center for China’s military, the People’s Liberation Army University.50 Additionally, six days after the suit was filed, the law firm that filed the suit was hit with a similar cyber intrusion.51 A forensic analysis of the attack determined that it probably originated in China as well.52 After filing the suit, Brian Milburn, whose company owns the software, also experienced highly unusual activity on his company’s servers, which stopped two months after the parties reached a settlement agreement.53

 

Recent federal investigations and prosecutions indicate an emerging trend of trade secret theft and economic espionage on behalf of companies located in China.54 The Department of Justice (“DOJ”) prosecutes trade secret cases resulting from investigations by various government agencies, including the Homeland Security Investigations (“HSI”), the Federal Bureau of Investigation (“FBI”), the Department of Commerce’s Bureau of Industry and Science (“BIS”), and the Pentagon’s Defense Criminal Investigative Service (“DCIS”).55 Since 2008, a large number of these cases involved the theft of trade secrets from the United States to China.56 For example, in January of 2013, a Chinese business owner and his employee pleaded guilty for conspiring to steal trade secrets from the Pittsburgh Corning Corporation on how to produce a particular type of insulation.57 Both Ji Li Huang and Xiao Guang Qi were Chinese nationals and attempted to steal the secrets in order to compete with Pittsburgh Corning after Corning announced it would open a facility in China.58 Huang attempted to gather the information by trespassing at the plant, recording videos, taking photos, and asking employees specific information about the insulation.59 An advertisement was later published in the local newspaper soliciting someone with experience at Pittsburgh Corning to help develop a factory producing a similar in the Asian market.60 A confidential source working with the FBI corresponded via email with the contact in the advertisement about the Pittsburgh Corning’s confidential information.61 Huang and Qi were arrested after a meeting with the confidential source in Kansas City, where they intended to pay $100,000 in exchange for the trade secrets.62

 

The United States government is not alone in the growing concern over trade secret theft in China. In 2009, McAfee63 published a report about intellectual property vulnerabilities analyzing a survey conducted by the international research firm, Vanson Bourne.64 The firm surveyed more than one thousand senior IT decision makers from several countries, including the US and China.65 Exactly half of the respondents to the survey viewed China as the greatest threat to digital assets and 26% of the respondents surveyed had purposely avoided storing and/or processing data in China.66 Slightly over 30% of the respondents found the United States to be threatening to digital assets, placing the United States in the middle of the list out of the countries reported.67 Germany was perceived as the least threatening, with slightly less than 20% of respondents.68 The respondents to the survey were primarily concerned with both the lack of privacy and intellectual property protection in China.69 Two years later, McAfee published a follow up report and China, Russia, and Pakistan were still regarded as the least safe for data storage, while Germany and the United States continued to be perceived among the safest.70 This Note analyzes trade secret protections under Chinese Law and why, from a legal perspective, it is a growing area of concern. It will then compare China with the trade secret protections under the United States’ common-law system and Germany’s civil-law system. Finally, it will propose reforms to China’s current system, in order to change current perceptions on trade secret protections in China.

 


 

* Senior Articles Editor, Fordham Intellectual Property, Media & Entertainment Law Journal, Volume XXV; J.D. Candidate, Fordham University School of Law, 2015; B.A., Binghamton University, 2012. I would like to thank Professor Mark Cohen for introducing me to this subject and for his invaluable insight, guidance, and expertise; Carolin Brucker for her help and support; the IPLJ Volume XXV Editorial Board and Staff for their hard work throughout the editorial process; and my family and friends for their unconditional love and encouragement.

 


  1. Lorenzo De Martinis Et Al., Study on Trade Secrets and Confidential Business Information in the Internal Market 1 (Apr. 2013), available at http://ec.europa.eu/internal_market/iprenforcement/docs/trade-secrets/130711_final-study_en.pdf [http://perma.cc/QU6T-W6LY].

  2. See id.; see also Center for Responsible Enterprise and Trade, Trade Secret Theft: Managing the Growing Threat in Supply Chains 1 (2012) (“Over the past 30 years, international trade has increased more than sevenfold and represents a third of all global economic activity.”).

  3. Trends in Proprietary Information Loss, ASIS International, 37 (Aug. 2007), http://www.asisonline.org/newsroom/surveys/spi2.pdf.

  4. de Martinis et al., supra note 1, at 1.

  5. Center for Responsible Enterprise and Trade, supra note 2, at 1.

  6. Office of the Nat’l Counterintelligence Exec., Foreign Spies Stealing US Economic Secrets in Cyberspace 3 (2011) [hereinafter ONCIX], available at http://www.ncix.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf [http://perma.cc/ZC5G-2T77].

  7. Id.

  8. Center for Responsible Enterprise and Trade, supra note 2, at 6.

  9. Id. at 6 (quoting McAfee, Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency 5 (2011), available at http://www.ndia.org/Divisions/Divisions/Cyber/Documents/rp-underground-economies.pdf [http://perma.cc/7CWX-CTNP].

  10. U.S. Intellectual Prop. Enforcement Coordinator, 2013 Joint Strategic Plan on Intellectual Property Enforcement 9 (2013), available at http://www.whitehouse.gov/sites/default/files/omb/IPEC/2013-us-ipec-joint-strategic-plan.pdf [http://perma.cc/TUL7-HRXU].

  11. IPEC coordinates the work of the Federal government to prevent intellectual property theft. To accomplish this, IPEC works with “relevant Federal agencies, law enforcement organizations, foreign governments, private companies, public interest groups, and others to develop and implement the best strategies” to combat intellectual property theft. IPEC, About IPEC, http://www.whitehouse.gov/omb/intellectualproperty/ipec [http://perma.cc/T69E-WQQW] (last visited Jan. 29, 2015).

  12. U.S. Intellectual Prop. Enforcement Coordinator, Administration Strategy on Mitigating the Theft of U.S. Trade Secrets 1 (2013), available at http://www.whitehouse.gov/sites/default/files/omb/IPEC/admin_strategy_on_mitigating_the_theft_of_u.s._trade_secrets.pdf [http://perma.cc/3A2F-7ECS].

  13. Id.

  14. Id.

  15. Id. at 3.

  16. Id. at 4.

  17. Ambassador Michael B.G. Froman, Office of the United States Trade Representative, 2014 Special 301 Report 6 (2014), available at http://www.ustr.gov/sites/default/files/USTR%202014%20Special%20301%20Report%20to%20Congress%20FINAL.pdf [http://perma.cc/3MLQ-JK5Y].

  18. Id.

  19. Id. at 16 (“The theft of trade secrets and other forms of economic espionage, which imposes significant costs on US companies and threatens the security of the United States, appears to be escalating.”).

  20. Id.

  21. Id.

  22. See Froman, supra note 17 and accompanying text. China has been on the 301 Special Report Priority Watch List every year since 2005. See Int’l Intellectual Prop. Alliance, Chart of Countries’ Special 301 Placement (1989-2013) and IIPA 2014 Special 301 Recommendations (2014), available at http://www.iipa.com/pdf/2014SPEC301HISTORICALCHART.pdf [http://perma.cc/Q7N4-9F74].

  23. Office of the Nat’l Counterintelligence Executive, supra note 6, at i.

  24. Id.

  25. Id.

  26. Id. at 5.

  27. Id.

  28. Mandiant, APT1: Exposing One of China’s Cyber Espionage Units 2 (2013), available at http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf  [http://perma.cc/FEN6-YHZB] (citing Mandiant, M-TRENDS 2 (2010), available at https://dl.mandiant.com/EE/assets/PDF_MTrends_2010.pdf [http://perma.cc/ZR64-9R4B].).

  29. Mandiant, APT1: Exposing One of China’s Cyber Espionage Units 2 (2013).

  30. Id. at 2–3.

  31. Id. at 52, 55.

  32. Froman, supra note 17, at 33 (“The industries targeted have been listed as ‘strategic,’ emerging industries that need to be fostered and encouraged as part of China’s 12th Five Year Plan.”).

  33. Id. at 13.

  34. Press Release, U.S. Department of Justice, U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage (May 19, 2014), available at http://www.justice.gov/opa/pr/2014/May/14-ag-528.html [http://perma.cc/N2EK-V2QF].

  35. Indictment ¶¶ 5, 6(a)–6(f), 46, 55, 57, United States v. Dong, Crim. No. 14-118 (W.D. Pa. filed May 19, 2014). The indictment explains the particular intrusions and the events leading up to the intrusions against the six victims in further detail, with most of the victims having significant business interests relating to China. Id. ¶¶ 19-42.

  36. Id. ¶¶ 1–2.

  37. Id. ¶ 5.

  38. Id. The hacker Wang Dong a.k.a. “UglyGorilla” and Unit 61398 were mentioned in the 2013 Mandiant Report, which supports Mandiant’s conclusion that this group was responsible for other cyber intrusions and that the Chinese government is aware of them. See supra notes 28–31 and accompanying text.

  39. Spearphishing messages are designed to look like email messages from colleagues and other trustworthy senders and encourage the recipient to open an attachment or click on a link. These attachments and links are also disguised. However, once the attachment or link is opened, malware is installed in the computer, which creates a backdoor providing access to the recipient’s computer. Indictment, supra note 35, ¶ 11.

  40. Id.

  41. Id. ¶ 18.

  42. See 18 U.S.C. § 3181 (2012).

  43. Edvard Petersson, Lenovo, Computer Makers Settle Case Over Green Dam Software, Bloomberg (Feb. 8, 2012), http://www.bloomberg.com/news/articles/2012-02-08/lenovo-computer-makers-settle-copyright-lawsuit-over-green-dam-software [http://perma.cc/8CUC-QBES].

  44. Id.

  45. Id.

  46. Id.

  47. Id.

  48. CYBERsitter, LLC v. P.R.C., 805 F. Supp. 2d 958, 962–63, 977 (C.D. Cal. 2011).

  49. Id. at 974.

  50. Michael Riley, China Mafia-Style Hack Attack Drives California Firm to Brink, Bloomberg (Nov. 27, 2012), available at http://www.bloomberg.com/news/2012-11-27/china-mafia-style-hack-attack-drives-california-firm-to-brink.html [http://perma.cc/6R8Q-28F2].

  51. Id.

  52. Id.

  53. Id.

  54. United States Intellectual Prop. Enforcement Coordinator, 2011 U.S. Intellectual Property Enforcement Coordinator Annual Report on Intellectual Property Enforcement 30 (2012), available at http://www.whitehouse.gov/sites/default/files/omb/IPEC/ipec_annual_report_mar2012.pdf [http://perma.cc/G9U4-S9LM].

  55. U.S. Dep’t of Justice, Summary Of Major U.S. Export Enforcement, Economic Espionage, Trade Secret and Embargo-Related Criminal Cases (January 2008 to the Present: Updated March 26, 2014) 1 (2014), available at https://www.pmddtc.state.gov/compliance/documents/OngoingExportCaseFactSheet.pdf [http://perma.cc/W9ST-XNWK].

  56. See generally id. (providing summaries of select cases of export enforcement, economic espionage, trade secret theft, and embargo related prosecutions handled by the DOJ from January 2008 through March 2014).

  57. Id. at 26.

  58. Press Release, United States Attorney’s Office, Two Chinese Nationals Charged with Stealing Trade Secrets from Missouri Manufacturing Plant (Sept. 30, 1998), available at http://www.fbi.gov/kansascity/press-releases/2012/two-chinese-nationals-charged-with-stealing-trade-secrets-from-missouri-manufacturing-plant [http://perma.cc/U4WQ-DMTW].

  59. Crabtree Aff. in Support of App. for Criminal Complaint ¶¶ 10–14, United States v. Huang, Crim. No. 12-0156-SWH-01/02 (W.D. Mo. 2012).

  60. Id. ¶ 15.

  61. Id. ¶¶ 16–48.

  62. Id. ¶¶ 49–51.

  63. Founded in 1987 and now part of Intel Security, McAfee is a global computer security company protecting millions of consumers, ranging from government agencies to home users. McAfee, Corporate Factsheet 1 (2014), available at http://www.mcafee.com/us/resources/brochures/br-mcafee-fact-sheet.pdf.

  64. McAfee, Unsecured Economies: Protecting Vital Information 1–2 (2009), available at https://www.cerias.purdue.edu/assets/pdf/mfe_unsec_econ_pr_rpt_fnl_online_012109.pdf [http://perma.cc/T7DU-G5P5].

  65. Id. at 2.

  66. Id. at 12–13, 14.

  67. Id. at 12.

  68. Id.

  69. Id. at 14.

  70. McAfee, Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency 10 (2011), available at http://www.ndia.org/Divisions/Divisions/Cyber/Documents/rp-underground-economies.pdf [http://perma.cc/FAC4-7PKU].

Note by

Eric D. Engelman*

Vol 25 Book 2

25 <span style="font-variant: small-caps;">Fordham Intell. Prop. Media & Ent. L.J. </span>589

Full Text PDF