Matthew Werdegar, a partner with Keker, Van Nest & Peters in San Francisco, examines current US efforts to curtail China’s theft of trade secrets and considers whether and what additional steps companies should take to protect themselves.
The exact scope of the Chinese trade secret theft problem is not known, but few doubt that it is significant. In 2011, the US Office of the National Counterintelligence Executive reported that “Chinese actors are the world’s most active and persistent perpetrators of economic espionage”. In December 2018, then-Deputy Attorney General Rod Rosenstein disclosed that more than 90% of the Department of Justice’s (DoJ) economic espionage cases over the past seven years involved China, and more than two-thirds of the department’s cases involving theft of trade secrets were connected to China. In one of those cases, the theft of computer chip secrets from US-based Micron, the DoJ estimated that the stolen technology was worth as much as $8.75 billion. And a 2017 report by the bipartisan Commission on the Theft of American Intellectual Property estimated that IP theft cost the US economy between $225 billion and $600 billion annually, with China being the principal culprit.
Like the overall scale of the problem, the degree to which the Chinese government is coordinating and facilitating the theft of American trade secrets is not fully known. But, again, few doubt the Chinese government is involved. Critics of China’s intellectual policies and practices assert that it has made the misappropriation of American trade secrets an integral part of its national industrial development policy. They point to China’s “Made in China 2025” initiative as an official roadmap for unfair Chinese technology transfer efforts, including by means of trade secret misappropriation. Unveiled in 2015, the initiative is a Chinese government ten-year plan for achieving world leadership in ten strategic advanced technology manufacturing industries such as artificial intelligence, robotics, energy, and pharmaceuticals.
China critics also point to the DoJ’s May 2014 indictment of five People’s Liberation Army (PLA) officers for hacking the computer networks of US companies as evidence of the Chinese government’s role in trade secret theft. The indicted officers were members of a PLA cyber-warfare unit, Unit 61398, and the hacked companies, including Westinghouse, SolarWorld, and US Steel, operated in industrial sectors that the Chinese government had prioritised for development. According to the Trump administration, Unit 61398’s hacking activities are “illustrative of how China uses cyber theft as one of multiple instruments to achieve its state-led technology development goals”.
Citing its impact on the US economy and national security, the Trump administration has made curtailing the theft of American trade secrets by Chinese actors a centerpiece of its foreign policy. In 2017, the United States Trade Representative (USTR) launched a sweeping investigation of China’s IP-related policies and practices under Section 301 of the Trade Act of 1974. The USTR issued its findings in March 2018, concluding that China engaged in a variety of unfair and unlawful practices, including conducting and supporting “cyber intrusions into US commercial networks to gain unauthorised access to commercially-valuable business information”. Based on the results of that investigation, the US imposed new tariffs on billions of dollars of Chinese imports, sparking the ongoing trade war between the two countries.
Additionally, in November 2018, the DoJ launched a “China Initiative” with the goal of “countering Chinese national security threats,” including specifically China’s theft of American trade secrets. Since announcing this initiative, the department has made public a number of trade secret misappropriation indictments against Chinese actors. These include the indictment of Chinese telecommunications company Huawei for attempted theft of trade secrets, wire fraud, and obstruction of justice, and the indictment of China’s Fujian Jinhua Integrated Circuit company, its president, and other employees for stealing computer chip technology from Micron.
The Obama administration likewise took steps to address the problem of IP theft by China, albeit with less fanfare. It substantially increased the number and scope of federal trade secret misappropriation prosecutions. Indeed, many of the investigations underlying the Trump administration’s recent spate of indictments began under President Obama. And in 2015, the Obama administration negotiated a cybersecurity agreement with China that included a bilateral promise to refrain from conducting or supporting cyber-enabled theft of IP. But the Obama administration’s efforts did not eliminate the problem. China appears to have adhered to the 2015 no-hacking agreement for a time. Citing US cybersecurity experts, the Los Angeles Times reported that Chinese commercial hacks fell by as much as 90% in the months after the agreement was reached. Yet, according to the same experts, the trend has reversed since 2016, and China’s hacking efforts have become more sophisticated and harder to detect.
Whether the Trump administration’s current efforts will be more effective than its predecessor’s has been the subject of intense debate. The Trump administration’s use of Section 301 tariffs to punish China has been especially controversial. Supporters of the tariffs assert that other approaches have proven ineffective and that tariffs are the only way to force China to change its decades-long policy of unfair IP acquisition. Critics, on the other hand, argue that tariffs may actually discourage Chinese cooperation in protecting IP and impose unreasonable costs on US importers and consumers.
It remains to be seen which side in the tariff debate is correct. But increased criminal enforcement, as pursued by the Obama administration and as promised in the DoJ’s current China Initiative, can only address the tip of the iceberg. Although there are likely hundreds of acts of trade secret misappropriation each year, only a handful of federal criminal misappropriation cases are filed–nine in the first year of the Trump administration, which is essentially the same as the average annual number under President Obama.
The uncertain success of US government efforts to curtail trade secret theft through tariffs, and the necessarily selective and limited scope of federal criminal trade secret enforcement, means that companies with trade secrets to protect need to be prepared to defend themselves. This self-defence should include both developing and deploying best practices to prevent misappropriation in the first place and vigorously pursuing civil legal action to remedy any misappropriation that occurs despite a company’s best efforts at prevention.
The first step in protecting trade secrets is to identify what exactly needs protecting. In determining what information should be treated as a trade secret, companies should consider the value of the information to the company and its potential value to competitors, i.e., whether the information is valuable enough to justify the cost of protecting it. Companies also should consider whether the information is known outside the company or whether it can be ascertained from a public source, e.g., whether reverse engineering the company’s product (which is not unlawful) would reveal the information.
Once a company has identified its trade secrets, it must implement measures to protect them. Security measures are necessary not only as a practical matter to make misappropriation more difficult, but also because US law defines a trade secret as information that has been subject to reasonable efforts to maintain its confidentiality. If a company cannot prove that it made such efforts, it cannot prevail on a trade secret misappropriation claim.
A company’s efforts to protect its trade secrets should include developing a written trade secret protection policy that identifies the types of information the company considers to be trade secrets and how such information is to be handled. Access to trade secrets should be limited to employees and business partners with a legitimate, business-related need to know. Anyone with access to trade secrets should be required to sign non-disclosure agreements. And documents and files containing trade secret information should be prominently and consistently labeled as confidential.
A company also should take physical and electronic measures to secure its trade secrets from hacking and other forms of industrial espionage. Physical measures should include keeping tangible trade secrets in secure, restricted-access facilities. Electronic measures will vary depending on the nature and scale of a company’s computer systems, but they should be regularly reviewed and updated given the rapid pace of technological change. These measures can be very expensive, so companies need to balance them against the value of the trade secrets being protected and the harm their disclosure would cause the company.
While security measures can reduce the risk, even the most vigilant companies can be victims of trade secret misappropriation and need to be prepared to take legal action in response. There are two principal legal tools available to civil litigants under federal law to remedy trade secret misappropriation by foreign actors: a civil action under the Defendant Trade Secret Act (DTSA) and an unfair trade practices complaint with the US International Trade Commission (ITC) under Section 337 of the US Tariff Act.
The DTSA, which was enacted in 2016, provides a federal civil cause of action for trade secret misappropriation. Prior to the DTSA, misappropriation was only actionable under state law. The DTSA is modelled on the Uniform Trade Secrets Act and is similar to the trade secret laws of most US states. Both injunctive relief and monetary damages are available remedies under the act.
A key issue for addressing misappropriation by Chinese or other foreign actors is the DTSA’s extraterritorial reach. Courts that have considered the issue to date have concluded that the DTSA applies to foreign persons and organisations when an act in furtherance of the alleged misappropriation takes place on US soil. But what constitutes “an act in furtherance” is not defined in the statute and remains unsettled. In one recent case arising from the theft of trade secrets from Micron, Micron Technology v United Microelectronics (May 2019), a federal court ruled that it had jurisdiction because Micron’s DTSA claims involved actions that the defendant’s employees took at a job fair and meetings in California. In another recent case, Luminati Networks v BIScience (May 2019), a court held that damage occurring inside the US is not “an act in furtherance” and is not sufficient by itself to confer jurisdiction.
The other major legal response available to victims of trade secret misappropriation by foreign actors is through the ITC. Section 337 of the US Tariff Act authorises the ITC to exclude entry into the US of articles using misappropriated trade secrets. Exclusion by the ITC is available even where the misappropriation took place entirely overseas. In TanRui Group v International Trade Commission (2011), for example, the Federal Circuit upheld the ITC’s exclusion from the US of products made in China using trade secrets misappropriated from a US company, even though the acts of misappropriation took place entirely in China. However, monetary damages are not available in ITC actions. And the Federal Circuit has concluded that the ITC’s authority is limited to barring the importation of physical articles and does not extend to electronically transmitted digital information (ClearCorrect Operating v International Trade Commission, 2015).
Additionally, victims of trade secret misappropriation resulting from hacking may have a claim under the federal Computer Fraud and Abuse Act, which provides a civil cause of action against any person who intentionally accesses a computer without authorisation and obtains information or causes damage or loss, as well as under state tort laws. But these laws, like the DTSA and Section 337, all have limited extraterritorial reach. If Chinese actors misappropriate trade secrets entirely outside the US and no resulting products are imported into the US, companies will need to look to foreign legal systems, including potentially China’s, for relief.
In sum, companies should not expect the threat of trade secret misappropriation by China to go away any time soon, nor should they count on law enforcement to remedy misappropriations when they happen. Rather, companies – particularly those with cutting-edge technology in industries of interest to China – need to protect themselves through robust preventive measures. And they need to understand and be prepared to use the legal remedies available under existing law in the event that prevention is not sufficient.