P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
ii
This page intentionally left blank
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
Economic Espionage and Industrial Spying
In view of the recent revolution in information technology, this book inves-tigates the current state of industrial espionage, showing the far-reachingeffects of advances in computing and wireless communications. Synthesizingviews from leading national and international authorities, Professor HediehNasheri explains the historical and conceptual underpinnings of economicespionage, trade secret theft, and industrial spying. She shows how theseactivities have impacted society, and she tracks the legislative and statutoryefforts to control them.
Advance Praise for Economic Espionage and Industrial Spying :
“We criminologists and academic criminal lawyers have been slow to turn ourattention to non-traditional crimes and criminals, thereby missing extraordi-narily important developments. Hedieh Nasheri has given us a wake up call.Her work on theft of intellectual property should be incorportated into ourcourses and research agendas.”
– James B. Jacobs, New York University
“Hedieh Nasheri skillfully shows us the dimensions of economic espionagein this era of ever increasing interconnectedness and globalization. She pro-vides a fascinating account of the criminalization of economic espionage, andoffers a compelling analysis of the impact and possible evolution of impor-tant criminal statutes. Her book also raises complex issues about the use ofcriminal sanctions in an electronic environment, making it required readingfor anyone studying or fighting cyber crime today.”
– Alan J. Lizotte, The University at Albany
“This is a fascinating and timely account of the ways in which new technolo-gies are being employed to steal information in twenty-first century America.It provides a carefully-researched analysis of the appropriateness and effec-tiveness of criminalization of economic espionage, particularly under theEconomic Espionage Act 1996, and considers alternative approaches that mayyield greater benefits in terms of prevention and deterrence. An essentialreference work for cyber-criminologists and corporate regulators in the in-formation age.”
– Russell G. Smith, Australian Institute of Criminology
Hedieh Nasheri is Associate Professor of Justice Studies at Kent StateUniversity.
i
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
ii
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
Cambridge Studies in Criminology
EditorsAlfred Blumstein, H. John Heinz School of Public Policy and Management, Carnegie
Mellon UniversityDavid Farrington, Institute of Criminology, Cambridge University
Other books in the series:
Life in the Gang: Family, Friends, and Violence, by Scott Decker and Barrick Van WinkleDelinquency and Crime: Current Theories, edited by J. David HawkinsRecriminalizing Delinquency: Violent Juvenile Crime and Juvenile Justice Reform, by
Simon I. SingerMean Streets: Youth Crime and Homelessness, by John Hagan and Bill McCarthyThe Framework of Judicial Sentencing: A Study in Legal Decision Making, by
Austin LovegroveThe Criminal Recidivism Process, by Edward Zamble and Vernon L. QuinseyViolence and Childhood in the Inner City, by Joan McCordJudicial Policy Making and the Modern State: How the Courts Reformed America’s Prisons, by
Malcolm M. Freeley and Edward L. RubinSchools and Delinquency, by Denise C. GottfredsonThe Crime Drop in America, edited by Alfred Blumstein and Joel WallmanDelinquent-Prone Communities, by Don Weatherburn and Bronwyn LindWhite Collar Crime and Criminal Careers, by David Weisburd and Elin Waring, with
Ellen F. ChayetSex Differences in Antisocial Behavior: Conduct Disorder, Delinquency, and Violence in the
Dunedin Longitudinal Study, by Terrie Moffitt, Avshalom Caspi, Michael Rutter, andPhil A. Silva
Delinquent Networks: Youth Co-Offending in Stockholm, by Jerzi SarneckiCriminality and Violence Among the Mentally Disordered, by Sheilagh Hodgins and
Carl-Gunnar JansonCorporate Crime, Law, and Social Control, by Sally S. SimpsonCompanions in Crime: The Social Aspects of Criminal Conduct, by Mark WarrThe Criminal Career: The Danish Longitudinal Study, by Britta KyvsgaardGangs and Delinquency in Developmental Perspective, by Terence P. Thornberry,
Marvin D. Krohn, Alan J. Lizotte, Carolyn A. Smith, and Kimberly TobinEarly Prevention of Adult Antisocial Behaviour, by David P. Farrington and Jeremy W. CoidErrors of Justice, by Brian ForstViolent Crime, by Darnell F. HawkinsRethinking Homicide: Exploring the Structure and Process in Homicide Situations, by
Terance D. Miethe and Wendy C. RegoecziSituational Prison Control: Crime Prevention in Correctional Institutions, by Richard WortleyMarking Time in the Golden State: Women’s Imprisonment in California, by
Candace Kruttschnitt and Rosemary GartnerUnderstanding Police Use of Force, by Geoffrey Alpert and Roger Dunham
iii
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
iv
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
Economic Espionage andIndustrial Spying
Hedieh NasheriKent State University
v
Cambridge, New York, Melbourne, Madrid, Cape Town, Singapore, São Paulo
Cambridge University PressThe Edinburgh Building, Cambridge , UK
First published in print format
- ----
- ----
- ----
© Hedieh Nasheri 2005
2005
Information on this title: www.cambridg e.org /9780521835824
This book is in copyright. Subject to statutory exception and to the provision ofrelevant collective licensing agreements, no reproduction of any part may take placewithout the written permission of Cambridge University Press.
- ---
- ---
- ---
Cambridge University Press has no responsibility for the persistence or accuracy ofs for external or third-party internet websites referred to in this book, and does notguarantee that any content on such websites is, or will remain, accurate or appropriate.
Published in the United States of America by Cambridge University Press, New York
www.cambridge.org
hardback
paperbackpaperback
eBook (EBL)eBook (EBL)
hardback
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
To my parents
vii
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
viii
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
Contents
Preface page xi
Acronyms and Abbreviations xv
1 . Dimensions of Economic Espionage and the Criminalizationof Trade Secret Theft 1
2 . Transition to an Information Society – IncreasingInterconnections and Interdependence 30
3 . International Dimensions of Business and Commerce 49
4 . Competitiveness and Legal Collection Versus Espionage andEconomic Crime 72
5 . Tensions Between Security and Openness 95
6 . The New Rule for Keeping Secrets – The EconomicEspionage Act 124
7 . Multinational Conspiracy or Natural Evolution ofMarket Economy 170
Appendix A 185
Appendix B 189
Appendix C 190
ix
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
x
Notes 197
References 225
Index 261
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
Preface
The idea for this book developed in October 1996 on the eve of the pas-sage of the Economic Espionage Act (EEA) in discussions with a colleaguewho specialized in intellectual property law and had been practicing forsome 15 years, litigating patents, trade secrets, and infringement cases do-mestically and internationally in this area. We engaged in an ongoing de-bate with respect to factors that had contributed to the passage of this newlegislation. Our discussions were fruitful because we each had unique per-spectives, mine from an academic social science background and his froma practitioner’s legalistic point of view dealing with these issues, not on anabstract level, but rather day in and out handling disputes among corporateentities.
I began analyzing and interpreting the legislative actions at both stateand federal levels regarding past and postcriminalization efforts. Accord-ingly, the objective was to examine the available records on legislative evo-lution and legislative history that gave rise to the enactment of this statuteand Congress’ initiatives. I systematically began reviewing and tracing allprosecutions brought to date under the EEA legislation. Furthermore, I be-gan examining the impact of this law in the United States and related legalregimes in Central and Eastern Europe as well. My project in Central Europewas made possible through a research grant from the State Department ofthe United States, which provided me with an opportunity to analyze thistopic from a comparative perspective in order to gain a better understand-ing of what some European countries were doing with respect to these issuesand their potential impact on western nations. This analysis, however, is stillevolving and is not within the scope of the materials presented in this book.
For a number of years, I have been in close contact and collaborationwith government officials in the Department of Justice, Federal Bureau ofInvestigation, who play key roles in prosecution and investigation of these
xi
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
xii PREFACE
criminal activities under the EEA, as well as members of the private sector.Furthermore, members of the law enforcement and prosecutorial commu-nity were queried regarding their activities related to these types of crimes.This provided an enriching opportunity for understanding the enforcementinitiatives that have been taking place in the United States in the past andthe present.
The criminalization of trade secret theft raises several important impli-cations for future research and theorizing about the formation of laws atnational and international levels. However, any opinions, findings and con-clusions, or recommendations expressed in this book are those of the authorand do not necessarily reflect the views of any government officials or grant-ing entities.
My research results for the past 10 years have addressed the trends in crim-inal activities in connection with the rapid growth of computing and com-munications technologies and the increasingly global nature of commerceand business, both of which have caused an increase in technologically so-phisticated criminal activity as well as international economic espionage.My work has concentrated on issues related to economic and industrial es-pionage. My research has revolved around the following question: Shouldthe taking of information be criminalized as it has been in the United Statesby the EEA? The U.S. Congress enacted the EEA in 1996, which meant toestablish a comprehensive approach to economic espionage, facilitating in-vestigations and prosecution. This enactment raises complex issues aboutthe use of criminal sanctions and civil penalties in the rapidly changingworld of technology. Federal criminal prosecution is a powerful weapon,and one that should not be taken lightly. Criminal penalties imposed forthe misappropriation of trade secrets under the EEA are far more severethan any other criminal liability for violations of other intellectual propertyrights. Persons engaged in misappropriation in the United States will nolonger have their liability limited to civil remedies and damages imposedfor such misconduct.
Economic espionage can be characterized as a new form of white-collarcrime that includes technology-related crimes and/or cybercrimes. It hasbeen argued that this will be a defining issue of the twenty-first century forpolicy makers – as defining as the Cold War was for the twentieth century. Mywork concentrates on issues related to technology changes. For example, theInternet itself provides opportunities for various kinds of theft, ranging fromonline banks to intellectual property. However, it also offers new means ofcommitting old crimes, such as fraud, and offers new vulnerabilities relatingto communications and data that provide attractive targets for extortion, acrime that has always been a staple of criminal organizations. The synergy be-tween organized crime and the Internet is not only very natural, but it is alsolikely to flourish and develop even more in the future. The Internet provides
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
PREFACE xiii
both channels and targets for crime and enables them to be exploited forconsiderable gain with a very low level of risk. For organized crime figuresand white-collar criminals, it is difficult to ask for more.
This topic has generated debate among policy makers, the courts, law-makers, and the intelligence community worldwide. Criminologists, how-ever, acknowledge that economic espionage is an important topic in thecontext of cybercrimes and transnational crimes, but very few have evenaddressed crimes that arise out of electronic communications such as eco-nomic espionage. Peter Grabosky points out that the basic principles of crim-inology apply to computer-related crime no less than they do to bank robberyor to shoplifting. As James Finckenauer pointed out, the whole panoply of so-called cybercrimes are almost by definition transnational crimes because cy-berspace is not constrained within borders. Accordingly, Finckenauer notedthat ignoring the transnationalization of crime would be akin to adoptinga “head in the sand” strategy. Criminologist David Wall asserted that crimi-nologists have been slow to explore these emerging fears and new criminalbehaviors, and to engage in debate about them in order to develop usefulbodies of knowledge that could enlighten the public and provide the basisfor informed policy. In the criminologists’ defense, however, Wall arguedthat there is wisdom in exercising caution and in waiting for reliable trendsof behavior to emerge. He further pointed out that the time has arrivedto address these issues. Most recently, Peter Drahos and John Braithwaiteargued against expansion of intellectual property rights as a form of “infor-mation feudalism” that entrenches economic inequalities. They chronicleexamples that, in their view, show an improper balance being struck betweenindividual property rights in knowledge and the interests of society. It is in-evitable that social scientists, including criminologists, economists, politicalscientists, and the like, will need to analyze and address these topics.
My book is designed to provide an analytic overview and assessment of thechanging nature of crime in the burgeoning information society, where sig-nificant technological advances have revolutionized the nature of criminalactivity across national borders, and increasing interconnections and inter-dependence have created new risks. Bringing together views from leadingnational and international authorities, it explains the historical and theo-retical background surrounding issues of economic espionage, trade secrettheft and industrial spying, and its impact on society. It looks at legislativehistory, the progression of electronic and corporate criminal behavior by in-troducing the concept of information theft and computer crimes, exploringits definition, its identification, and its development within criminology.
Currently, no countries have enacted legislation similar to the EEA of theUnited States. The most basic question that Congress and the EEA face is towhat extent the legislation will extend in “extraterritorial” application. Thebook examines issues such as whether expansive extraterritorial legislation
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
xiv PREFACE
will likely irritate many countries, including those that are not involved inthe theft of sensitive materials. One of the main objectives of the book is tolay out the legislative initiatives that the United States has taken to combatcriminal activities that fall under the EEA. I hope that discussions on theseand related issues will provide insight for legislatures and policy makers inother countries to examine similar issues that they encounter and to providethem with some basis for assessment of their existing laws or lack thereof.
The research for this book was made possible, in part, by a grant fromthe International Center at the National Institute of Justice on intellectualproperty as part of its research agenda on transnational crime, and througha Research Fellowship at the Institute of Advanced Legal Studies (IALS)at the University of London. The institute’s reputation and emphasis oneconomic crime and commercial criminal law were an ideal match for myresearch agenda and interest. I want to acknowledge, too, the help of a num-ber of people and institutions. I want to thank the anonymous reviewers fortheir helpful comments on the preliminary draft of this project. Specialthanks go to the staff at the IALS Library at the University of London forproviding assistance with research materials and I thank Kent State Univer-sity for allowing me the time for my research in the U.K. I am indebted to mycolleagues Jay Albanese, James Finckenauer, Peter Grabosky, Henry Pontell,and David Wall for their expertise, insight, and support as this manuscriptwas progressing. Finally, I am grateful to David Farrington whose guidanceand encouragement was invaluable in shaping my thinking.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
Acronyms and Abbreviations
ARPA Advanced Research Projects AgencyASIS American Society of Industrial SecurityCCIPS Computer Crime and Intellectual Property SectionCERT/CC Computer Emergency and Response Team Coordination
CenterCFAA Computer Fraud and Abuse ActCHIP Computer Hacking and Intellectual PropertyCIA Central Intelligence AgencyCOE Council of EuropeCSI Computer Security InstituteCSIS Canadian Security Intelligence ServiceDCI Director of Central IntelligenceDHS Department of Homeland SecurityDIS Defense Investigative ServiceDoD Department of DefenseDOE Department of EnergyDSS Defense Security ServiceEC European CommissionECPA Electronic Communications Privacy ActFOIA Freedom of Information ActGATT General Agreement on Tariffs and TradeIFCC Internet Fraud Complaint CenterITSPA Interstate Transportation of Stolen Property ActMID Military Intelligence DepartmentNACIC National Counterintelligence CenterNAFTA North American Free Trade AgreementNCCS National Computer Crime SquadNIPC National Infrastructure Protection Center
xv
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
CB764-FM CB764-Nasheri-v1 February 17, 2005 15:2
xvi ACRONYMS AND ABBREVIATIONS
NSA National Security AgencyNSPA National Stolen Property ActOECD Organization for Economic Cooperation and DevelopmentOIA Office of International AffairsSCIP Society of Competitive Intelligence ProfessionalsSEC Securities and Exchange CommissionTRIPS Trade-Related Aspects of Intellectual Property RightsUTSA Uniform Trade Secrets ActWIPO World Intellectual Property OrganizationWTO World Trade Organization
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
C H A P T E R O N E
Dimensions of Economic Espionage and theCriminalization of Trade Secret Theft
we live in a world in which the economic health of nations and the com-petitiveness of businesses are determined largely by the ability to develop,commercialize, and capture the economic benefits from scientific and tech-nological innovations. As the Internet and technological advances continueto reshape the way we do business in government and industry, and as com-petition and economic pressures create quicker and more efficient ways todo business, the reality of increased economic crimes has a serious impact.The connectivity of the Internet has made the concept of borders and ju-risdictions an incredible challenge in combating this problem. Organizedgroups of criminals can easily commit economic crimes and avoid sanctionsacross what were once clearly defined jurisdictions, necessitating increasedcooperation among the global criminal justice agencies. A greater under-standing of how technology, competition, regulation, legislation, and glob-alization interact is needed to successfully manage the competition betweeneconomic progress and criminal opportunity.
The reach of criminal sanctions has expanded in the realm of technology.The revolution in information technologies has changed society fundamen-tally and will continue to do so in the foreseeable future. The developmentof information technology has given rise to unprecedented economic andsocial changes, which also have a dark side. The new technologies challengeexisting legal concepts. Information and communications flow more easilyaround the world. Borders are no longer boundaries to this flow. Criminalsare increasingly located in places other than where their actions producetheir effects.
Today’s information age requires businesses to compete on a worldwidebasis, sharing sensitive information with appropriate parties while protectingthat information against competitors, vandals, suppliers, customers, and for-eign governments. Lawmakers are increasingly resorting to criminal codes
1
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
2 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
to establish economic and social policies regarding the use and dissemi-nation of technology. Many fear that technological advances are makingcorporate spying and theft of “intellectual capital” both easier and cheaper.In the global economy, there is less distinction between the need to protectthe interests of the state and the need to protect commercial interests. Anation’s economic status makes up a large part of its national security. Thiseconomic status is dependent on a nation’s ability to compete effectively inthe world market.
Intellectual property crimes are serious crimes in their own right, notbecause they inflict physical injury or death upon a person, but rather be-cause they steal a creative work from its owner. Intellectual property theft isrampant, but largely silent, so corporations and law enforcement alike havetrouble grasping its enormous impact on profitability – not to mention onnational economies. Although civil remedies may provide compensation towronged intellectual property rights holders, criminal sanctions are oftenwarranted to ensure sufficient punishment and deterrence of wrongful ac-tivity. Indeed, because violations of intellectual property rights often involveno loss of tangible assets and, for infringement crimes, do not even requireany direct contact with the rights holder, the rights holder often does notknow it is a victim until a defendant’s activities are specifically identified andinvestigated.
In the United States, Congress has continually expanded and strength-ened criminal laws for violations of intellectual property rights specificallyto ensure that those violations are not merely a cost of doing business fordefendants. However, domestic laws are generally confined to a specificterritory. Thus, solutions to the problems posed must be addressed by in-ternational law and international cooperation, necessitating the adoptionof adequate international legal procedures. Law enforcement officials inthe United States, apparently viewing the U.S. economy as the most likelytarget, have begun to focus on this new form of crime and the U.S. Congresshas handed them a new enforcement tool in the Economic Espionage Act(EEA). This law, although relatively new, has far-ranging international impli-cations. It is a trap for unwary foreign competitors who compete aggressivelywith U.S.-based companies. It also may serve as a model that will be followedby other nations with similar legislative or law enforcement initiatives. Inthose countries where the government plays a role in encouraging indus-trial activity, the conflict between economic nationalism and internationalcompetition will be an ongoing problem. It remains to be seen whether U.S.initiatives in this area are the start of an international trend or whether theUnited States will stand alone.
The most obvious legislative deficiency with which law enforcement hasto deal is the absence of comprehensive legislation relating to offensescommitted in an electronic environment. Some countries have none at all,
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 3
some have adopted measures that have been integrated awkwardly into ex-isting legislation, but relatively few have adequately updated their penalcodes. Even after legislation is introduced at the national level, many prob-lems will remain unless governments at the same time address the transna-tional nature of high-tech crime, which may originate in one country andhave consequences in a second, while the evidence may be spread throughmany more. At present, there are no guidelines concerning which country’slaws should prevail in pursuing an offense, how court decisions can be en-forced if defendants reside abroad, and which protocols govern cross-borderinvestigations.
Criminal Consequences of Trade Secret Theft
The American people have had contradictory views of economic crimes forsome time, seeing these crimes as either a minor issue or a major crisis.Since the mid-1980s, there have been times when they have been in thelimelight because of a financial crisis (e.g., the savings and loan scandaland the insider trading problems in the 1980s). Usually, they have taken abackseat to a strong national focus on more conventional crimes, specificallyviolent crimes.
For example, even a cursory evaluation of internal corporate securityoperations and protection procedures demonstrates that U.S. corporationsview the issue of security as one of protecting people and tangible, physicalassets rather than intellectual property. Given such a traditional approach tosecurity, this particular attitude is not readily adaptable to providing protec-tion against economic espionage. Many companies do not even recognizethe significant loss that is suffered when trade secrets are pilfered by foreignintelligence services; they may simply view it as a process that is going tooccur regardless of what they do.
Economic espionage and trade secret theft are considered white-collaroffenses. The phrase white-collar crime was coined in 1939 during a speechgiven by Edwin Sutherland to the American Sociological Society. Sutherlanddefined the term as “crime committed by a person of respectability and highsocial status in the course of his occupation.” Although there has been somedebate as to what qualifies as a white-collar crime, the term today generallyencompasses a variety of nonviolent crimes usually committed in commer-cial situations for financial gain. Many white-collar crimes are especiallydifficult to prosecute because the perpetrators are sophisticated criminalswho have attempted to conceal their activities through a series of complextransactions. According to the Federal Bureau of Investigation (FBI), white-collar crime is estimated to cost the United States more than $300 billionannually. However, the protection of trade secrets is considered to be in-creasingly important to the competitiveness of the world’s industrial sector.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
4 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
At the same time, the world has been undergoing a computer revolution.Since at least the beginning of the 1990s, the power of information technol-ogy has grown exponentially, resulting in increasingly powerful means forthe theft and transfer of protected information. This technological evolu-tion in open societies facilitates the emergence of certain kinds of criminaland subversive activities, such as economic espionage. Thus, security (botheconomic and physical) in light of the recent evolution in technology andchanges in geopolitical tensions is the broader topic surrounding this book.
The central focus of this book revolves around the following questions:Should the taking of information be criminalized as it has been, for exam-ple, in the United States by the EEA? Does the prospect of the threat ofprosecution serve as a true deterrent for corporate espionage under theEEA? How can economic espionage be made less appealing? Which wouldbe more effective, prosecution or heavier fines? For example, should vio-lator companies be sanctioned internationally, whereby they cannot reapany benefits from the stolen information? Are criminal laws in this areaindispensable to competitiveness? Is it unnecessary? Or is it perhaps evencounterproductive? The book’s focus on economic espionage reflects anunderlying belief in the importance of industrial policy as a topic in thebroader context of national and international security concerns.
Furthermore, the lack of agreed-upon definitions regarding economicand high-tech crimes has resulted in a paucity of data and information onthe size and scope of the problem. There are no national mechanisms, suchas the Uniform Crime Reports, for the reporting of economic crimes by lawenforcement. Academics have not been able to agree on definitions andhave, for the most part, continued to focus on white-collar crime. How-ever, although most social scientists acknowledge that economic espionageis a major problem, especially in the digital age, the topic remains under-represented in the social science literature, including criminological andsociological literature.
This book brings together a wide variety of materials that deal with the fre-quently neglected criminological dimension of economic espionage. Thebook’s purpose is twofold: first, to present an assessment of the state ofeconomic espionage activities within a criminological context and, second,based on that assessment, to address areas where additional research, legisla-tive action, training, cooperation between law enforcement and the privatesector, and international cooperation are required.
The data presented in this book are a result of years of interaction withpractitioners, industry representatives, and government officials prosecut-ing and investigating these types of crimes. The data presented provide thebasis for a discussion to address the topic of economic espionage, both asa crime and as a national security issue. It points out the challenges thatlie ahead in today’s contemporary global economy for the law enforcement
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 5
community, policy makers, and legislators. There is a need for a criticaldiscussion about the definition of this problem, the source of the prob-lem, and the purpose behind the enactment of the EEA legislation. Thematerial presented here is intended to encourage a dialogue about what ismeant by criminalization of intellectual property crimes, such as informa-tion theft and trade secret theft, whether information should be considered“property,” and the role of law enforcement in policing economic espionageactivities. Beyond these concerns, the book draws attention to a variety ofissues raised by economic espionage and technological development. Manyof these problems are derived from an environment in which there is littleface-to-face interaction and identification of the perpetrator is difficult toestablish. It is not only the environment that poses problems for law enforce-ment but also the technology itself. The discussions address the need for theeducation and training of law enforcement personnel who deal with theseproblems. Such educational initiatives should be extended to effect changein the attitudes of the judiciary and the wider public concerning preventionof information theft and technology crimes.
Economic espionage is not merely an intelligence issue; it involves fun-damental questions about a nation’s economic interests, which in turn arepart of its national security. For example, the arrest of the senior FBI officialRobert Hanssen in February 2001 reminded America of the dangers of for-eign spying against U.S. national security interests.1 As the legislative historyto the EEA stated: “typically, espionage has focused on military secrets. Butas the Cold War came to an end, this classic form of espionage evolved. Na-tions around the world recognize that economic superiority is increasinglyas important as military superiority.”
Theoretical Perspectives
One philosophical rational for regarding knowledge as property is the laborreward theory, a theory that finds foundation in the work of John Locke.2
Locke, in his famous Two Treatises of Government, stated: “Whatsoever thenhe removes out of the State that Nature hath provided, and left it in, hehath mixed his Labor with, and joined to it something that is his own, andthereby makes it his Property.”3 This reasoning applies to the creation ofnew scientific knowledge.
Two prominent and competing theories, retribution and utilitarianism,might justify the punishment of information thieves as criminals. Both re-tributive and utilitarian arguments are useful in understanding the conflictthat seems to have arisen between two sets of social values: those who seekto protect private rights by means of the criminal justice system and thosethat argue that society benefits more with the basic principles of freedomfrom interference, freedom of information, freedom of expression, and
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
6 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
the like. The question then becomes whether either traditional retributiveor utilitarian theory provides a justification for the imposition of criminalpunishment.
Proponents of retribution argue that, regardless of the effects of punish-ment, society is always justified in imposing criminal sanctions on those whoviolate the moral order. All retributive arguments in favor of punishmentassume that we can define the moral order we seek to protect. In light of util-itarian theories of punishment, the question becomes what kind of behaviordo we want to deter and what kind of behavior do we want to encourage toarrive at utilitarian gain?
In a civil suit, the issue before the court is usually how much harm theplaintiff has suffered at the hands of the defendant and what remedies, if any,are appropriate to compensate the victim for his or her loss. The goal of civillitigation is compensation. By contrast, a criminal case requires the court todetermine whether and to what extent the defendant has injured society.The result of criminal conviction is a sentence designed to punish. Criminallaw seeks to punish because society recognizes that we cannot adequatelyrespond to certain courses of action merely by rendering compensation tothe victim.
Legal theories about the justification for punishment can be groupedinto two main categories: retributionism and utilitarianism. Retribution isan ancient concept. Opponents of the theory have argued that it is an out-moded, even barbaric, idea, inappropriate in an enlightened society.4 Theclassic, modern statement of the concept of retributive justice is found inKant’s The Philosophy of Law :
Juridical punishment can never be administered merely as a means of pro-moting another good, either with regard to the Criminal himself or to CivilSociety, but must in all cases be imposed only because the individual onwhom it is inflicted has committed a Crime. . . . The Penal Law is a Categor-ical Imperative; and woe to him who creeps through the serpent-windingsof Utilitarianism to discover some advantage that may discharge him fromthe Justice of punishment, or even from the due measure of it, accordingto the Pharisaic maxim: “It is better that one man should die than that thewhole people should perish.” For if Justice and Righteousness perish, humanlife would no longer have any value in the world.5
Most utilitarian arguments on the value of punishment can be categorizedas a theory of deterrence, restraint, or reformation. According to JeremyBentham, punishment serves the purpose of deterring socially undesirablebehavior due to a “spirit of calculation” we all possess:
Pain and pleasure are the great springs of human action. When a man per-ceives or supposes pain to be the consequence of an act, he is acted upon insuch a manner as tends . . . to withdraw him . . . from the commission of that
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 7
act. If the apparent magnitude, or rather, value of that pain be greater thanthe apparent magnitude or value of the pleasure or good he expects to be theconsequence of the act, he will be absolutely prevented from performing it.6
Jeremy Bentham formulated the principle of utility as part of such a theoryin Introduction to the Principles of Morals and Legislation in 1789. An actionconforms to the principle of utility if and only if its performance will bemore productive of pleasure or happiness, or more preventive of pain orunhappiness, than any alternative. Instead of “pleasure” and “happiness”the word “welfare” is also apt: The value of the consequences of an action isdetermined solely by the welfare of individuals.
A characteristic feature of Bentham’s theory is the idea that the rightnessof an action entirely depends on the value of its consequences. This is whythe theory is also described as consequentialist. Bentham’s theory differsfrom certain other varieties of utilitarianism (or consequentialism) by itsdistinctive assumption that the standard of value is pleasure and the absenceof pain, by being an act-utilitarian, and by its maximizing assumption thatan action is not right unless it tends toward the optimal outcome.
These theories provide useful tools for examining the topics of this book.They are reexamined in connection with some of the conclusions in the finalchapter, where policy choices are analyzed. These theories provide justifi-cation for the move toward criminalization of certain intellectual propertytheft.
Spies Target Our Know-How
Trade secret theft, or economic espionage as it is often called, commonlyoccurs in one of two ways: (1) a disgruntled employee misappropriates thecompany’s trade secrets for his or her own financial benefit or to harmthe company or (2) a competitor of the company or a foreign nation mis-appropriates the trade secret to advance its own financial interests.7 Themanner in which these thefts occur ranges from the complex (computerhacking, wire interception, spy devices) to the mundane (memorization,theft of documents, photocopying).
There are many varieties of spies. Some of the more common interna-tional snoops include competitors, vendors, investigators, business intelli-gence consultants, the press, labor negotiators, and government agencies.8
Espionage employees are often talented people with highly analytical skillswho excel at quickly collecting and synthesizing significant quantities ofinformation.9 Some countries hire individuals, rather than large organiza-tions or intelligence agencies, to do their spying for them.10 Other countrieshire teams of individuals to enter foreign companies and steal ideas. Thetools of the espionage community include scanning trade-show floors,11
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
8 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
combing through web sites,12 reviewing filings with regulatory agencies,13
eavesdropping in airline terminals and on airline flights,14 taking pho-tographs of factories and business offices,15 using data-mining softwareto search the Internet at high speeds for information,16 using “shadowteams,”17 stealing laptop computers,18 tuning in to computer monitors froma nearby location using surveillance equipment,19 attending competitors’court trials,20 and even “dumpster diving.”21 However, in all instances, theowner – who often has invested hours of hard work and millions of dollarsin developing the trade secret – is deprived of the commercial advantage heor she would have obtained by keeping the trade secret unavailable to hisor her competitors and the public.
Economic Espionage Becoming Big Business
A number of factors have contributed to the increase in trade secret theftin recent years, such as the end of the Cold War, increased access to anduse of computer technology, greater profitability, and the lack of companyresources to investigate and pursue such theft.22 The increasing impor-tance of economic factors in defining a nation’s security has resulted in thewidespread theft of proprietary information in the form of trade secrets.The level of trade secret theft appears to have skyrocketed in recent years,and it includes more capers than the celebrated Amazon.com–Wal-Martemployee poaching case,23 the improper use of the Sabre computer systemby an American Airlines employee,24 and the Oracle–Microsoft “dumpsterdiving” case.25 Realistically, no business is immune from economic espi-onage. Targets include two main forms: industry and proprietary businessinformation.26 Government and corporate financial and trade data are alsostolen on a regular basis.
The United States leads the world in developing new products and newtechnologies.27 Per capita, the United States produces the majority of theworld’s intellectual property capital, including patented inventions, copy-righted material, and proprietary information.28 Within the United States,economic espionage occurs with the greatest frequency in regions with highconcentrations of technology and research and development activities. TheFBI has reported that at least twenty-three foreign governments actively tar-get the intellectual property of U.S. corporations.29 Another FBI study alsofound that of 173 countries, 100 were spending resources to acquire U.S.technology.30 Of those 100 countries, 57 were engaging in covert opera-tions against U.S. corporations.31 According to the FBI study, the followingcountries allegedly are extensively engaged in espionage activities againstAmerican companies: France, Israel, Russia, China, Iran, Cuba, the Nether-lands, Belgium, Germany, Japan, Canada, India, and several Scandinaviancountries.32 Examples of the most targeted regions for spying include Silicon
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 9
Valley, Detroit, North Carolina, Dallas, Boston, Washington, DC,33 and thePennsylvania–New Jersey area,34 where many pharmaceutical and biotech-nology companies are headquartered.35 Silicon Valley, according to someexperts, is the most targeted area. It offers an ideal setting for economic es-pionage because of its concentration of electronics, aerospace, and biotech-nology industries; its national ties to the Far East; and its mobile, multina-tional workforce. In Silicon Valley alone, more than twenty FBI agents areassigned full time to investigations of trade secret theft. In particular, high-tech businesses, pharmaceutical companies, manufacturing firms, and ser-vice industries are the most frequent targets of corporate spies.36 The mostfrequently targeted industries appear to include aerospace, biotechnology,computer software and hardware, transportation and engine technology,defense technology, telecommunications, energy research, advanced ma-terials and coatings, stealth technologies, lasers, manufacturing processes,and semiconductors.37 Victims are not just the naıve and unsophisticated –they include such corporate giants as General Motors, Intel, LockheedMartin, and Hughes Aircraft.38 Further, it is not just “high-technology” in-formation that is a target. Proprietary and confidential business informationsuch as customer lists and information, product development data, pricingdata, sales figures, marketing plans, personnel data, bid information, manu-facturing costs analyses, and strategic planning information are also soughtout by intelligence agents.39 Japan, Taiwan, South Korea, China, the formerSoviet Union, and the Russian Republic have devoted the most resources tostealing Silicon Valley technology.40 Nearly every major U.S. company nowhas a competitive intelligence office that is designed to discover the tradesecrets of competitors.41 Some firms, such as Motorola, have intelligenceunits located around the world.42
Computers Spark Surge in Trade Secret Theft
No single reason can be given for the increase in trade secret theft. How-ever, one reason for the dramatic increase is undoubtedly the world’s ever-expanding use of the computer. Increasing public use and access to com-puters has allowed people who harbor criminal intentions to copy sensitiveinformation or to enter confidential areas to which they previously had noaccess. For example, a disgruntled employee who wants to take the com-pany’s most attractive new plan or product to his or her next employer nolonger needs to spend hours clandestinely duplicating documents. He orshe can now download the plans, schematics, or documents to a 3.5-in. com-puter disk in a matter of seconds.43 Every time a new computer is linkedto a network, or a company network is linked to the Internet, the points ofentry through which a hacker may gain access to a company’s confidentialsystem are increased. Each new addition increases the chance that someone
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
10 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
will not follow the proper security instructions or will allow access to anunauthorized user.44
Not only has confidential and proprietary business information becomeeasier to steal, but stealing it is also potentially very lucrative.45 For example,a group of Russian computer hackers stole $10 million from Citibank byinfiltrating its computer network.46 One businessman has stated: “if I wantto steal money, a computer is a much better tool than a handgun . . . it wouldtake me a long time to get $10 million with a handgun.”47
Proprietary Information
Generally, such information concerns business and economic resources,activities, research and development, policies, and critical technologies. Al-though it may be unclassified, the loss of this information could impedethe ability of a nation to compete in the world marketplace and could havean adverse effect on its economy, eventually weakening its national secu-rity. Commonly referred to as “trade secrets,” this information typically isprotected under both state and federal laws in the United States. A misap-propriation of trade secrets, or industrial espionage, occurs when a tradesecret is obtained by a breach of a confidential relationship or through im-proper means, when such information is used, and when such use causesthe trade secret owner to sustain damages.
Global Competition and Intellectual Property Rights
Economic espionage especially threatens intellectual property rights(IPRs), which have become the most valuable asset of global business.48 IPRscan be owned or stolen for profit and are a vital issue in today’s competitivemarket economy. IPRs have become an area of international interest andcontroversy as the rate and cost of technological progress have increasedand as national borders have become ever more transparent. Intellectualproperty refers to the legal rights that correspond to intellectual activity inthe industrial, scientific, and artistic fields.49 These legal rights, most com-monly in the form of patents, trademarks, and copyright, protect the moraland economic rights of the creators, in addition to the creativity and dissem-ination of their work.50 Industrial property,51 which is part of intellectualproperty, extends protection to inventions and industrial designs.
The costs of product development in the innovation and expression in-dustries are high. For example, filmmaking, music producing, and research-oriented pharmaceuticals manufacturing are risky businesses that survivewith three successes out of ten tries. In contrast, the costs of product im-itation (or outright theft) are relatively low. The theft in question is not,
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 11
of course, of the actual pills themselves (i.e., the tangible asset), but of thecreative idea that produced them, in other words, the invention, which issomething intangible.
The following incidents further demonstrate this point. In 1995, an em-ployee of high-technology giant Intel attempted to steal blueprints for thePentium processor developed through years of research and development atgreat cost.52 Mr. Ow, 31, a resident of Sunnyvale, California, and a citizen ofMalaysia, was originally indicted by a federal grand jury on March 29, 2000.A superseding indictment was filed on March 14, 2001, which charged himwith three counts of theft of trade secrets in violation of Title 18, U.S. Code,Sections 1832(a)(2) and (a)(3); one count of computer fraud in violationof Title 18, U.S. Code, Section 1030(a)(4); and one count alleging the crim-inal forfeiture pursuant to Title 18, U.S. Code, Section 1834(a)(2). He pledguilty on September 14, 2001, to a superseding information charging himwith the copying of a trade secret in violation of Title 18, U.S. Code, Section1832(a)(2), and he admitted to the criminal forfeiture.
According to the information and plea agreement, Mr. Ow copied com-puter files relating to the design and testing of the Merced microprocessor(now known as the Itanium microprocessor). At the time, Mr. Ow knew thatthe materials contained trade secrets belonging to Intel Corporation. Hecopied the trade secret information with intent to convert it to his own eco-nomic benefit by using it at his then-new employer, Sun Microsystems. Healso knew at the time that his act would injure Intel Corporation, in that he –as a former employee of Intel – possessed Intel’s extremely valuable trade se-cret information without its knowledge. He also agreed that the informationhe copied was in fact a trade secret and that it was related to a product thatwas produced for and later placed in interstate and foreign commerce. TheItanium microprocessor was under joint development by Intel and Hewlett-Packard Co. since 1994 and was released in 2001. Mr. Ow also agreed to thecriminal forfeiture of his interest in the computer system that was locatedat his residence and that he used to commit and facilitate the commissionof the copying. Prior to imposing the 2-year prison sentence, Judge Fogelstated that the key point in a case such as this is the gravity of what happenswhen people steal intellectual property of such enormous value.
Although this employee was arrested prior to transmitting the data toan Intel competitor, he could have provided the information necessary tocreate an identical competing product and put a billion-dollar company outof business.53 In recent years, Microsoft’s network was invaded by industrialhackers using a computer virus that allowed them to steal pending Microsoftproducts; the hackers were traced to an electronic mail (e-mail) address inRussia.54 These attacks against two sophisticated technology giants demon-strate that all businesses are vulnerable to economic espionage.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
12 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
What Is Industrial Espionage ?
The key difference between economic espionage and industrial espionageis that the former involves a government’s efforts to collect information.55
Spying remains irresistible to leaders and fascinating to the public. It isoccasionally of spectacular value, particularly in wartime. Opposing sides inWorld War I searched for secret weapons, knowing that such weapons wouldbe available in a foreign country’s industrial sector. Spies gained informationon how to create weapons such as poison gas.56 Spying saved countries timeand financial resources that they would have spent developing poison gas ontheir own. The spies stole the secret from the Germans, and shortly afterwardmany countries used poison gas against each other during warfare.57
The practice commonly known today as “industrial espionage,” includingstate-sponsored espionage, has been carried out for centuries. Proof of thiscan be found in the 1474 laws of the Republic of Venice. The leaders ofVenice understood that new technologies were being developed through-out the civilized world that were not yet available in Venice. If enterprisingVenetians could be encouraged to travel the world and bring these inven-tions back home, Venice would prosper. To promote such espionage, Veniceenacted a form of monopoly law that would reward the enterprising adven-turers. Under the law, if a man brought a new machine or process to Venicefrom another land, only that man could use the machine or process withinthe boundaries of Venice for a number of years; all others were excluded.In this manner, that man prospered and Venice gained new technology.
Patents and copyrights were devised by the Venetians to stimulate innova-tion and expression in a city-state that was losing its trade hegemony in theeastern Mediterranean and the capacity to compete with Florence and othercity-states. The institutions gradually spread northward, developing certaindistinctive characteristics in France, Germany, and England. The author-itarian French government came to view patents and copyrights as royalfavors to be bestowed at whim. Eighteenth-century French revolutionariesestablished instead that they were “natural rights” of the creative process ofinnovation and expression and were not to be subject to government inter-vention other than ratification. Early seventeenth-century English reformersreacted to the perversion of the patent and copyright into royal monopo-lies by codifying into law that these were rights bestowed by government tostimulate innovation and expression. Thus, the institutions in England keptto the original Venetian intent.
The framers of the U.S. Constitution rejected the French assumptions infavor of the British, and laws regarding patents and copyrights were promul-gated by the new Congress during George Washington’s first presidentialterm through the leadership of Thomas Jefferson on patents and NoahWebster on copyrights. The aim of U.S. intellectual property policy has
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 13
always been to promote public welfare; private property rights have beenthe means toward that end.58
Traditionally speaking, espionage was the way in which spies acquired anenemy’s military secrets. Some famous incidents of espionage in a militarycontext included England’s use of spies to acquire military information indefeating the Spanish Armada in 1588; other examples were the Allies’ useof spies during World War II in defeating the Axis powers and the formerSoviet Union’s use of spies in stealing atomic bomb secrets from the UnitedStates and Great Britain.59
Today, an example of industrial espionage would be a South Koreancompany eavesdropping on Intel’s communications. If, however, the SouthKorean government supplied the listening equipment or owned the com-pany, then the Korean company’s activities would be considered economicespionage. Despite some overlap, economic, industrial, and traditional es-pionage, in theory, are mutually exclusive terms, although their usage in theliterature is inconsistent.60
According to the U.S. Department of Justice, industrial espionage is de-fined “as activity conducted by a foreign . . . government or by a foreign com-pany with the direct assistance of a foreign government against a privateUnited States company for the sole purpose of acquiring commercial se-crets.” This definition does not extend to the activity of private entities with-out foreign government involvement, nor does it pertain to lawful effortsto obtain commercially useful information, such as information availableon the Internet. As demonstrated in later chapters, although some open-collection efforts may be a precursor to clandestine collection, they do notconstitute industrial espionage. Some countries have a long history of tiesbetween government and industry; however, it is often difficult to ascer-tain whether espionage has been committed under foreign governmentsponsorship.61
Contrary to many media reports, commercial enterprises and individu-als account for the bulk of international industrial espionage activity. Forexample, in the defense industry, 58% of industrial espionage is practicedby corporations and individuals, whereas only 22% is attributed to foreigngovernment-sponsored efforts, according to the FBI’s 2001 Annual Reportto Congress on Foreign Economic Collection and Industrial Espionage. Thesignificance surrounding the classes of parties involved in economic espi-onage is twofold. First, friendly and allied nations commit espionage againstone another. In the world of economic espionage, there are no true friendlyrelations, largely due to the fact that countries that engage in the activityare vying for a rung on the global market ladder.62 As former French intelli-gence chief Pierre Marion pointed out, “it is an elementary blunder to thinkwe’re allies. When it comes to business, it’s war.”63 Second, developing na-tions are heavily involved in the trade, due to recent political developments,
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
14 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
especially the decline of communism. Formerly communist states strive toquickly catch up with the West, and economic espionage often providesan avenue to do just that. Without communism, intelligence agents fromEastern bloc countries are unemployed and available in the open market.The involvement of Eastern bloc agents is threatening because their intel-ligence activities are not restricted by traditional notions of internationalbusiness ethics.64 Therefore, such agents may go to any lengths to acquirethe information they seek.
Many foreign nations dedicate significant resources to gathering intel-ligence about other governments or elements thereof, and to gatheringcounterintelligence information to protect against other nations’ intelli-gence activities. The problem of foreign economic espionage has grownsignificantly since the end of the Cold War. A 1994 Report to Congress onForeign Acquisition of and Espionage Activities Against United States Crit-ical Technology Companies reported that the intelligence organization ofone ally ran an espionage operation that paid a U.S. government employeeto obtain U.S. classified military intelligence documents. Citizens of that allywere found to be stealing sensitive U.S. technology used in manufacturingartillery gun tubes within the United States. Other agents of that ally stoledesign plans for a classified reconnaissance system from a U.S. companyand gave them to a defense contractor in their home country. A companybased in the territory of the ally was suspected of surreptitiously monitor-ing a Defense Department telecommunications system to obtain classifiedinformation for the intelligence organization of its government. Citizensof that country were investigated for passing advanced aerospace designtechnology to unauthorized scientists and researchers.
According to the 1994 report, another country that did not maintainits own intelligence service relied on private companies to do that kind ofwork. Those firms operate abroad and collect data for their own purposes,but also gather classified documents and corporate proprietary informationfor use by their government. For example, electronics firms from that nationdirected their data-gathering efforts at U.S. firms in order to increase themarket share of companies in that country in the semiconductor industry.
In 1993, Peter Schweizer aroused considerable interest with his book,Friendly Spies: How America’s Allies Are Using Economic Espionage to Steal OurSecrets. Appearing in the wake of a number of sensational cases, Schweizer’sbook began to make the American public and industry aware of a grow-ing problem. Schweizer offered a broader perspective on the subject ofeconomic espionage, from Pierre Marion, a longtime senior official of theFrench Intelligence Service:
I think you have to separate very clearly what are the fields which are coveredby an alliance and the fields which are not covered by an alliance. It’s clear that
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 15
when you are allies, you have certain sectors. I’m speaking of the armaments.I’m thinking of diplomatic matters where normally you should not try togather intelligence. But in all of the other fields, being allied does not preventthe states from being competitors. Even during the Cold War, the economiccompetition between the states is moving from the political-military level tothe economic and technological level. In economics we are competitors, notallies. I think even during the Cold War getting intelligence on economic,technological, and industrial matters from a country with which you are alliedis not incompatible with the fact that you are allies.65
Peter Schweizer exposed the fact that U.S. allies are targeting U.S. in-dustry and stealing trade secrets to benefit their countries. He implicatedFrance, Israel, Germany, South Korea, and Japan and asserted that these“friendly” nations have been involved in economic and technological espi-onage against the United States for the past 45 years.
Schweizer’s revelations were recognized by the U.S. government in Au-gust 1996, when the Central Intelligence Agency (CIA) accused Americanallies, including France and Israel, of engaging in economic espionage. Theaccusation was the result of a list compiled by the National Counterintel-ligence Center (NACIC) that included only those countries they believeare extensively engaged in economic espionage.66 The CIA made the ac-cusation in written answers to questions by members of the Senate Intelli-gence panel. The Senate report is a rare public endorsem*nt of the CIAcharges and was the first time the U.S. government had ever publicly con-firmed Israel’s involvement.67 This revelation about Israel touched a sensi-tive area, given the historic close ties between the United States and Israeland the periodic allegations that Israel targets U.S. military and commer-cial secrets.68 The report also included testimony by a General AccountingOffice national security specialist, David E. Cooper, before the committee.He reported that “according to the Federal Bureau of Investigation and in-telligence agencies, some close United States allies actively seek to obtainclassified and technical information from the United States through unau-thorized means.” The agencies determined that foreign intelligence activi-ties directed at U.S. critical technologies pose a significant threat to nationalsecurity.69
Although the report only uses terms such as “Country A” and “CountryB,” the descriptions of the countries and the incidents overwhelmingly sug-gest that Country A is Israel and Country B is France.70 According to thereport, Israel “conducts the most aggressive espionage operation against theUnited States of any United States ally.” The report declares that classifiedmilitary information and sensitive military technologies are high-prioritytargets for Israel’s intelligence agencies. The report also documented howFrance began an aggressive and massive espionage effort against the UnitedStates. The lessening of East–West tensions in the late 1980s and early 1990s
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
16 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
enabled French intelligence services to allocate greater resources to collectsensitive U.S. economic information and technology. France’s “governmentorganization that conducts these activities does not target United States na-tional defense information such as war plans, but rather seeks United Statestechnology.”
The information concerning France’s espionage activities was nothingnew to the U.S. intelligence community. According to CIA and FBI officials,French agents have gone as far as bugging seats on Air France to listen toconversations of American businessmen as well as ransacking their hotelrooms.71 In 1993, the CIA warned American defense contractors againstattending the Paris Air Show because French operatives were lying in waitto steal their trade secrets.72
The NACIC’s Annual Report submitted to Congress in March 2001 con-firmed a number of new trends in the way economic espionage is practicedin the United States by foreign companies, individuals, businessmen, andindeed government agencies. The NACIC survey was based on reports fromthe leading American intelligence agencies and a handful of specializedunits, such as the U.S. Air Force’s Office of Special Investigations, the StateDepartment’s Bureau of Diplomatic Security, or the Naval Criminal Inves-tigative Service. The survey established that most bids to dig out commercialor financial information were instigated by private persons or companies. In-deed, some 58% of economic intelligence collected in the United States wasthe work of firms and/or individuals acting on their own initiative, whereas22% was instigated by government agencies and 20% by state-owned orstate-run establishments (research centers, universities, and the like). Withregard to the method of collection, NACIC underlined the increasing useof software that specializes in processing open sources. The report cited“highly assertive open source collection” conducted under programs thatcan analyze output from hundreds of discussion groups or screen price lists,catalogues, annual reports, patent data, and marketing materials.73 In pin-pointing the problem, the NACIC implied that U.S. intelligence agencieshad found ways of monitoring the software in question, which is in wide useamong business intelligence professionals. However, the report also wentinto some detail about illegal collection of data through the open theft oftrade secrets, acquisition of export-controlled technologies, and the recruit-ment of U.S. nationals as spies.
Economic Espionage
Economic espionage has been defined as one nation collecting economicdata about another nation.74 Simply put, economic espionage is the “out-right theft of private information.”75 It is a widespread form of attack that isconducted by employees against their own employers, by competing private
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 17
companies, and by governments seeking to protect or expand their nationaleconomies.76 Economic data may include such information as national grossdomestic product and inflation rate figures, which may be obtained frompublished sources, or more privileged information such as budgetary allo-cations for defense and national research and development expenditures,which are usually acquired through illicit means. Technological espionageinvolves one nation collecting data about another’s technological devel-opment programs, usually those of critical industries such as electronics,aerospace, defense, or biotechnology.
A different and somewhat more definitive description comes from theCanadian Security Intelligence Service (CSIS). According to CSIS, economicespionage is “illegal, clandestine, coercive or deceptive activity engaged in orfacilitated by a foreign government designed to gain unauthorized accessto economic intelligence, such as proprietary information or technology,for economic advantage.”77 Still another, far more complex definition iscontained in the United States’ EEA,78 one of the few forms of legislationenacted to help suppress economic espionage. Economic espionage entailsthe unlawful compilation and use of data with economic consequences,although technological developments can, on occasion, obscure the dis-tinction between economic and military targets.79
An important concept related to economic espionage is economic intelli-gence. According to CSIS, economic intelligence is “policy or commerciallyrelevant economic information, including technological data, financial, pro-prietary commercial and government information, the acquisition of whichby foreign interests could, either directly or indirectly, assist the relativeproductivity or competitive position of the economy of the collecting or-ganization’s country.” Those who conduct economic espionage specificallytarget this class of information.
In Japan, the ministry for international trade and industry identifies for-eign high-tech companies that are likely to produce significant products inthe near future. The ministry supplies crucial information to Japanese com-panies, leading them toward purchasing the foreign companies throughfront organizations, false flag operations, or overt means.80 In another case,a firm in the United States lost a contract bid for international electronics.Shortly thereafter, it learned that a European intelligence agency some-how intercepted its pricing information. The European agency turned thiscritical data over to another company, which eventually won the contractbid. In still another incident, the CSIS discovered that a handful of “flightattendants” on Air France were actually agents of the French intelligenceservice, strategically positioned to spy on companies’ executives and gathertheir trade secrets. These present-day examples, together with the aforemen-tioned historical evidence, illustrate a crucial point that economic espionagehas been and continues to be on the rise.81
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
18 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
Trolling for Secrets Past and Present
Although the end of the Cold War seemingly brought a surge of economicespionage activity, stealing the ideas of a business competitor is not a newgame in the world market. Indeed, economic espionage is a practice thathas existed for thousands of years. An early instance of economic espi-onage occurred more than 1,500 years ago and involved the secret of silk. AChinese princess traveled abroad, wearing a flowered hat. She hid the silk-worms in the flowers and gave them to a man in India. Thus, through eco-nomic espionage, the secret of silk escaped from China.82
In the eighteenth century, China again lost a secret because of economicespionage. After China had spent centuries making high-quality porcelainthrough a process known only to its alchemists, the French Jesuit, Fatherd’Entrecolles, visited the royal porcelain factory in China, where he learnedthe secrets of porcelain production and described the process in writingshe sent to France.83
In his book, War by Other Means: Economic Espionage in America, John Fialkaintroduces the readers to the subject by reciting the story of Francis CabotLowell of Massachusetts, who traveled to Great Britain in 1811 and returnedwith the secrets of the Cartwright loom. This act of economic espionage rev-olutionized the New England textile industry and greatly enriched Lowell.From these early roots, technology theft has evolved with the changes intechnology. Fialka further points out:
Spies are normally associated with wartime and the theft of military technol-ogy. In the vast popular literature, there is hardly a mention of the peacetimeindustrial spy. One reason may be because spy stories tend to blossom whenwars end. War is relatively clear-cut; there is a winner and an eventual loser, abeginning and an end. The end is normally the signal for the memoir writersto begin, but the economic struggle that attracted Lowell’s stealthy genius isnot clear-cut. Winners win quietly, and losers are often unconscious of loss,or too embarrassed to admit it. And it is a war that does not end. The stage forthe studiously low-key dramas of economic espionage is set, as one perceptiveFrench writer puts it, in a kind of perpetual limbo, where there is “neitherwar nor peace.”84
The early twentieth century and the reality of worldwide conflict led tosignificant incidents of economic espionage, proving that economic andmilitary intelligence were equally important. Perhaps no other companyhas been targeted by foreign intelligence agents as many times as Interna-tional Business Machines (IBM). A leader in both computer hardware andsoftware, IBM produces many products of strategic interest to other gov-ernments. According to IBM’s internal documents, foreign agents illegallysought to acquire business secrets twenty-five times over a 10-year period.85
A retired French spymaster has even admitted to spying on IBM.86
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 19
The most famous attempt to steal trade secrets from IBM mirrored thatof an old Soviet operation. In 1980, an IBM employee stole some of theAdirondack Workbooks, a series of valuable books containing computerspecifications and strategic planning, and sold them to Hitachi, a Japanesecomputer maker.87 Not content with a partial set of the workbooks, Hitachisought the remaining workbooks and other confidential material from othersources. Over the next 2 years, the FBI, in conjunction with IBM, set upan elaborate sting operation. In the end, Hitachi’s efforts were thwarted,the conspirators were arrested, the Japanese government’s involvement wasrevealed, and Hitachi paid IBM a considerable out-of-court settlement. Still,the conspirators did not receive any jail time, and Hitachi greatly benefitedfrom the workbooks.
Cold War’s End and Spies Shift to Corporate Espionage
As Cold War structures – from NATO to the KGB and the CIA – seek toredefine themselves and to assume new roles and new functions, economicespionage is an attractive option. During the Cold War, both intelligence88
and counterintelligence89 focused on military and political targets.90 For ex-ample, a typical case of espionage might involve an American scientist sellingmilitary technology to the Soviet Union or an Eastern European nation.91
Increasing state involvement in modern economies also has blurred the tra-ditional lines between the private and public sectors. Many businesses arestate owned, state financed. Many businessmen double as politicians, andnumerous politicians serve on corporate boards.92 With the end of the ColdWar, nations have refocused domestic and foreign policies and programs toincrease economic standards for their citizens.93 Economic superiority hasbecome as important as military superiority, and the espionage industry hasbeen retooling with this in mind.94 In a recent decision by the U.S. Court ofAppeals95 for the Third Circuit, the court echoed this notion, stating that“the end of the Cold War sent government spies scurrying to the privatesector to perform illicit work for businesses and corporations and by 1996,studies revealed that nearly $24 billion of corporate intellectual propertywas being stolen each year.”96
Shift in Espionage Trends
With the fall of communism, the U.S. intelligence community was forced toredefine its mission and role in order to meet the new realities of the post–Cold War climate. Different forms of espionage evolved. Now, espionageactivities have largely shifted to concentrate on technology, manufacturingprocesses, and other trade secrets that sometimes have dual use, but oftenonly civilian applications.97
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
20 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
Foreign intelligence services have increasingly devoted their resourcesto stealing U.S. technology.98 Shortly after CIA officer Aldrich “Rick” Amesbegan selling secrets to the Soviet KGB in 1985, a scientist named RonaldHoffman also began peddling classified information. Ames, the last knownmole of the Cold War, received $4.6 million for names of CIA informantsbefore he was apprehended in early 1994. Hoffman, a project manager fora company called Science Applications, Inc., made $750,000 selling com-plex software programs developed under secret contract for the Strate-gic Defense Initiative. Hoffmann, who was caught in 1992, sold his waresto Japanese multinationals – Nissan Motor Company, Mitsubishi Electric,Mitsubishi Heavy Industries, and Ishikawajima-Harima Heavy Industrieswanted the information for civilian aerospace programs.
Ames received the more dramatic and sensational coverage, as he shouldhave, given that his betrayal led to the loss of life. However, the Hoffman caserepresents the future of intelligence. Although one spied for America’s chiefmilitary rival, the other sold information to a major economic competitor.99
Economic Intelligence – A New Battlefront
Economic and technological strength are the keys to power and influ-ence.100 Trade talks have replaced arms control as the most critical formof diplomacy.101 Government agencies now have a growing role in surrep-titious data collection. Perhaps most surprising about this trend is that theperpetrators are often longtime U.S. allies.102 These countries steal U.S. eco-nomic and technological information, despite their friendly diplomatic andcultural relations with the United States. Taking advantage of their accessto U.S. information, many U.S. allies have obtained valuable confidentialinformation with more success than the United States’ traditional enemies.Ironically, the U.S. intelligence community often trained and supplied thevery services now spying on the United States.
Even during the Cold War, countries that were formally allied with theUnited States spied on U.S. corporations.103 Some U.S. allies adopted a “two-track” approach under which they worked with the United States against theSoviet Union while stealing trade secrets from U.S. corporations.104 In fact,the practice of economic spying by allied intelligence services was an opensecret among many FBI and CIA professionals during the Cold War. TheU.S. government did not consider espionage from friendly countries to be aserious national security concern.105 The U.S. intelligence community keptthese activities secret to ensure that allied intelligence services continued tospy on the Soviet Union. Victimized U.S. companies rarely revealed the theftof their confidential information. Thus, few people outside of the counter-intelligence community were aware that many U.S. allies stole informationfrom U.S. corporations.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 21
As economic competition replaces military confrontation in many globalaffairs, spying for high-tech secrets will continue to grow.106 How the UnitedStates elects to deal with this troubling issue will not only determine thedirection of the American intelligence community, but also set the tone forcommercial relations in the global marketplace.107
With such significant national effects of economic espionage, intelligenceagencies have had to confront the issue vigorously. This has led to anotherkind of arms race in which some national intelligence agencies spend bil-lions of dollars each year in their economic espionage efforts, and counterin-telligence agencies spend billions of dollars trying to thwart those efforts.108
Episodes of Intelligence Failures
Since the fall of the Soviet Union, the U.S. intelligence community hasexperienced some embarrassing failures. These include the expulsion ofCIA operatives from France and Germany, the failure to warn of Indiannuclear tests, the bombing of the Chinese embassy in Belgrade due to faultydata provided by the CIA, and computer failures that disrupted intelligenceprocessing operations.109
In February 1995, the French government went public with its requestthat five CIA operatives, allegedly caught stealing economic and political se-crets in Paris, leave the country.110 The French Foreign Ministry summonedthe U.S. Ambassador Pamela Harriman to the Quai d’Orsay to demand therecall of several CIA officers who allegedly had been involved in clandestineoperations targeted against French government officials. The officials hadaccess to information on telecommunications issues, including France’s ne-gotiating strategy and its international telecommunications structure. Twoofficials approached by the CIA reported their overtures to the Directionde la Surveillance du Territoire, the French security service.111 U.S. officialsresponded angrily to France’s public reaction to the spying. One U.S. offi-cial was quoted as saying that “this is not the way allies treat each other.” TheFrench officials claimed that the U.S. citizens were trying to bribe govern-ment officials to obtain French technology and trade secrets.112
Another CIA agent allegedly paid Henry Plagnol, an aide to then-FrenchPremier Edouard Balladur, 500 francs each time he provided information onFrench positions on matters being negotiated in ongoing General Agree-ment on Tariffs and Trade (GATT) talks.113 Two other CIA agents askedcommunications ministry officials for information about GATT and intelli-gence on telecommunications and audiovisual policy.
Although the five agents were eventually allowed to remain in France,114
French Premier Edouard Balladur asked for the United States to respectFrance’s “national interest” and suspended the CIA’s long-standing liaisonwith French intelligence.115 This suspension was particularly harmful as the
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
22 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
relationship between the United States and France is crucial for joint opera-tions, such as tracking terrorists. To make matters worse, one top Americanofficial stated that the information obtained was worthless.
The next failure occurred in the summer of 1995, during critical Japan–United States automobile trade talks. U.S. trade representative MickeyKantor and his team of negotiators came to the table armed with infor-mation that the CIA and the National Security Agency (NSA) had gath-ered. During the talks in Geneva, the CIA’s Tokyo station and the NSA wereeavesdropping on the Japanese delegation, including Japan’s Prime MinisterRyutaro Hashimoto.116 The high-level trade negotiations were over possibletariffs on Japanese luxury cars and for better access to Japan’s markets forAmerican cars and car parts. Each morning, Kantor was briefed with de-scriptions of conversations between Japanese bureaucrats and auto execu-tives from Toyota and Nissan. The surveillance was legal under U.S. law butsparked controversy and criticism from Congress.
Another incident involved the American intelligence agents “hacking”into the European Parliament and European Commission as part of aninternational espionage campaign aimed at stealing economic and politicalsecrets.117 Security experts at the European Union’s (EU’s) Luxembourgoffices said they found evidence that American agents had penetrated thee-mail that links 5,000 EU elected officials and bureaucrats and used theinformation they obtained during the GATT trade talks.118 The breach wasdetected after officials began to suspect that American negotiators had beengiven advance warning of confidential EU positions. Lord Plum, leader ofthe British Tory Members of the European Parliament, was shocked andvoiced his disgust to the American ambassador to the EU.119
In 1997, the German government also ordered a CIA officer to leavethe country. Although an initial account suggested the officer had beentrying to recruit senior German officials to provide information on high-tech projects, a later report suggested that the officer was seeking to gatherinformation on a third country – probably Iran – and was expelled becausethe operation had not been cleared with the German government.
In May 1998, the Indian government conducted multiple nuclear tests,fulfilling the pledge made by the recently elected Bharatiya Janata Partyduring the Indian election campaign. The tests, which were quickly followedby Pakistani nuclear tests, came as a surprise to both the U.S. intelligencecommunity and policy makers. George Lauder, the director of the CIA’sNon-Proliferation Center, was first informed of the test on May 11, when hewas handed a wire service report by an aide. At first, Lauder believed it tobe a joke.120
On May 7, 1999, during Operation “Allied Force,” the Chinese embassyin Belgrade was bombed under the mistaken belief that it was the YugoslavFederal Directorate for Supply and Procurement (FDSP). The FDSP had
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 23
been nominated as a target by the CIA. Lacking the precise geographiccoordinates needed for a bombing mission, a CIA contract officer usedland navigation techniques and a street address to try to determine theprecise location of the directorate – techniques that the Director of CentralIntelligence (DCI) George Tenet later characterized as ones that “shouldnot be used for aerial targeting because they provide only an approximatelocation.” That error, plus the fact that multiple intelligence communityand Defense Department databases indicated the old, pre-1996, locationfor the Chinese embassy, resulted in the embassy, rather than the FDSPheadquarters, becoming the target. Three were killed in the attack, andthe U.S. embassy in Beijing became the site of angry demonstrations. Thealready difficult relations between Beijing and Washington were strainedfurther – with the People’s Republic of China claiming that the attack onthe embassy had been deliberate.121
In January 2000, computer problems struck U.S. imagery and signalsintelligence (SIGINT) systems. A “Y2K” fix, intended to allow the uninter-rupted and complete processing of advanced KH-11 satellite imagery datareceived at the Ft. Belvoir, Virginia, ground station, failed. As a result, im-agery interpreters were forced to operate at less than full capability.
Late in January 2000, during heavy snowstorms, the computers at theNSA also failed. The failure did not restrict the NSA’s massive collectionoperations, but it did make it impossible to retrieve the data collected. Twodays later the storm abated, and NSA employees who had not been on dutythe night of the failure returned to work and were told by the agency’s newdirector, Lieutenant General Michael Hayden, of the failure and the needto keep it secret. “American lives were at stake,” General Hayden cautionedthem. It was only on the morning of Friday, January 27, that the NSA beganto get some capability back. On Saturday, the story first appeared in news-papers, but by Friday night full capability had been restored. Fortunately,the United States escaped any damage due to the temporary collapse of akey component of its SIGINT system.122
To some extent these incidents are symptoms of deeper problems, such asthe mismatch between intelligence collection and processing and analysis,and the emphasis on support to military operations. They are also indicativeof the dramatic changes that have occurred since the mid-1990s – in the in-ternational political and economic system, in the availability of information,and in the nature of international communications.
Big Brother Named Echelon
Reports by France and Italy of industrial espionage by the United Statessparked an inquiry in the European Parliament as to the actions of the CIAand its use of information from the Echelon system.123 The Echelon system
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
24 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
dates back to the Cold War and is generally believed to be able to interceptalmost every modern form of communication. According to intelligencespecialists, Echelon is a massive network of eavesdropping stations capa-ble of monitoring billions of private phone conversations, e-mail, and faxtransmissions around the world. It is a powerful tool, obviously, in the intel-ligence war against terrorism and other threats.124 Echelon is an automatedglobal interception and relay system reportedly operated by intelligenceagencies in five nations: the United States, the United Kingdom, Canada,Australia, and New Zealand. It has been suggested that Echelon may inter-cept as many as 3 billion communications every day, including phone calls,e-mail messages, Internet downloads, and satellite transmissions. There hasbeen a global response to the Echelon system, resulting in counter techno-logical systems and code designed to attract the attention of the Echelonsystem. Many countries have also expressed concern regarding the parame-ters that participants in the Echelon system will follow in deciding whetherto disclose information gathered by the system to third parties. The UnitedStates denies that it ever passes intercepted information to U.S. companies.Yet, Europeans note that officials in Washington have acknowledged thatU.S. intelligence data about possible bribery figured in Saudi Arabia’s deci-sion to cancel a big airliner contract with Airbus Industries, the Europeanconsortium. The order eventually went to Airbus’s U.S. competitor, BoeingCompany.
The European Parliament, reflecting growing mistrust on the issue, votedin July 2000 to investigate whether the United States is spying on Euro-pean businesses. A committee was appointed to scrutinize the Echelon spysystem.125
Keeping Secrets
Trade secrets have been common to shaman priests in preliterate societies,and the concept has been intellectually rooted in Western thought in respectfor individual liberty, confidentiality of relationships, common morality, andfair competition.126 Trade secret law grows more out of the concepts ofcontract and trust than of property because information maintained as atrade secret may be legally safeguarded against misappropriation, but notagainst independent discovery or accidental leakage.127
Legal protection for trade secrets derives from two theories that are onlypartly complementary. The first is utilitarian in nature and is sometimes as-sociated with the view that information is a form of property. Under this view,protecting against the theft of proprietary information encourages researchinvestments. The second theory emphasizes deterrence of destructive actsand is therefore like a tort theory. Under this theory, the aim of trade secret
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 25
law is to punish and prevent behavior that is offensive to reasonable stan-dards of commercial behavior.
Although trade secret law is new by common law standards, it comes withrespectable credentials.128 Holders of trade secrets have sought the protec-tion of common laws since the eighteenth century,129 and a Massachusettscourt recognized limited rights in secret information in 1837.130
The theory behind trade secrets maintains one core hypothesis: Inno-vators would not be inclined to spend labor, money, and equipment tocreate if the law did not give them some assurance that they could profitfrom their labors.131 Based on this theory, the foundation of trade secretlaw is supported by three core public policies. First, trade secret law main-tains commercial morality – an enforced standard of business ethics – sobusinesses can enter into good faith transactions, form stable business rela-tionships, and share confidential information to gain assistance in productdevelopment.132 Second, trade secret law encourages research by ensuringthat innovators are the first on the market with their creations. Finally, tradesecret law punishes industrial espionage by protecting the right of privacyof the trade secret owner.133
At common law, employers had a property right in their trade secrets,and the disclosure of such confidential information in violation of an em-ployment relationship was a tort. Section 757 of the Restatement of Torts,entitled Misappropriation of Trade Secrets, continues to be cited as theguide to the law of trade secret misappropriation. According to the Restate-ment, misappropriation occurs once a secret is acquired either by impropermeans or with notice of its mistaken disclosure.134
The theft of corporate trade secrets135 has largely been protected throughthe remedies provided in civil litigation.136 However, for numerous reasons,these remedies fail to provide the equivalent deterrent of criminal laws.137
First, the purpose of criminal sanctions is punitive and seeks to deter sociallyundesirable activity.138 Criminal sanctions seek to provide a penalty with thegoal of preventing the behavior from occurring in the future, while punish-ing the past behavior. In contrast, civil law sanctions serve the purpose ofcompensation and returning the party to a preexisting status quo. Second,criminal and civil sanctions produce different remedies. Criminal sanctionsplace an inherent stigma on the individual, with punishment being theconventional device for the expression of resentment and indignation.139
Civil sanctions remedy the problem in an entirely different manner, mostnotably through monetary disbursem*nts.140 Criminal law serves as a proac-tive approach to deterring the problem before it occurs, whereas civil lawonly serves to compensate the victim for activity that has harmed the indi-vidual. For these reasons, civil litigation serves important interests in thisarea other than deterrence.141 However, compared with other intellectual
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
26 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
property laws, civil trade secret laws have the potential to provide more effec-tive and comprehensive legal protection.142 This dichotomous relationshiphas the potential to adequately protect corporations and businesses fromtheft and misappropriation of trade secrets through separate but relatedremedies. Civil trade secret laws provide an effective defensive approach,whereas criminal trade secret laws provide a powerful proactive deterrentto combat the growing simplicity and ease of theft. However, although statecivil trade secret laws and remedies in this area provide an effective defensiveresponse, current state criminal trade secret laws fail to provide an effectivedeterrent to the theft and misappropriation of trade secrets.
Although civil remedies that may provide compensation to wronged in-tellectual property rights holders are available, criminal sanctions are oftenwarranted to ensure sufficient punishment and deterrence of wrongful ac-tivity. Indeed, because violations of intellectual property rights often involveno loss of tangible assets and, for infringement crimes, do not even requireany direct contact with the rights holder, the rights holder often does notknow it is a victim until a defendant’s activities are specifically identified andinvestigated. Criminal penalties imposed for the misappropriation of tradesecrets are far more severe than any other criminal liability for violations ofother intellectual property rights. Persons engaged in misappropriation inthe United States no longer will have their liability limited to civil remediesand damages imposed for such misconduct. Federal criminal prosecutionis a powerful weapon, one that should not be taken lightly.143
A New Code of Commercial Conduct
Discouraged by the failure of civil remedies to prevent trade secret theft,the inability of prosecutors to effectively use other criminal statutes, and fre-quent efforts by foreign governments to obtain trade secrets from Americancompanies, the U.S. Congress made the theft of trade secrets a federal crimeby enacting the EEA in October 1996.144
The EEA criminalizes145 activity by anyone who:
intending or knowing that the offense will benefit any foreign government,foreign instrumentality, or foreign agent, knowingly – (1) steals, or withoutauthorization appropriates, takes, carries away, or conceals, or by fraud, arti-fice, or deception obtains a trade secret; (2) without authorization copies, du-plicates, sketches, draws, photographs, downloads, uploads, alters, destroys,photocopies, replicates, transmits, delivers, sends, mails, communicates, orconveys a trade secret; (3) receives, buys, or possesses a trade secret, knowingthe same to have been stolen or appropriated, obtained, or converted with-out authorization; (4) attempts to commit any offense described in any ofparagraphs (1) through (3); or (5) conspires with one or more other persons
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 27
to commit any offense described in any of paragraphs (1) through (3), andone or more of such persons do any act to effect the object of the conspiracy.(See Appendix A.)
A powerful example of the need for an economic espionage law is theexperience of Dr. Raymond Damadian, who holds the first U.S. patent for acommercial magnetic resonance imaging (MRI) device. In testimony beforethe House Committee on the Judiciary Subcommittee on Crime on May 9,1996, Dr. Damadian described how his Fonar Corporation frequently hadbeen under attack from foreign competitors. Damadian told the committeehow the absence of a law to repel the invasion of economic espionage costFonar a valuable advantage:
[A] gypsy service company servicing medical equipment hired Fonar serviceengineers, thereby acquiring a full set of our top secret engineering drawingand multiple copies of our copyrighted software. We obtained a temporaryrestraining order from a federal judge ordering this group not to use Fonar’sschematics or software in the service of scanners. They ignored the judge’sorder. Through a modem connection we secured hard proof of them loadingour diagnostic software on our scanner in violation of the judge’s order.He cited them for contempt of court. When we complained there were nosanctions beyond the citation, the judge said, “What do you expect me todo, put them in jail?” The irony is if it had been someone’s automobileinstead of millions of dollars of technology, incarceration would have beenautomatic.146
One of Fonar’s competitors, Toshiba Corporation, also lured a companyengineer away so that he could provide technical data on Fonar products.The engineer’s contract specified that he could not work for a competitor fora 2-year period after leaving Fonar.147 Damadian soon learned that Toshibawas paying all the engineer’s legal bills to fight Fonar’s action to enforce thecontract.
Damadian also testified that Fonar kept its magnet installation proce-dures behind locked doors in an effort to protect its most precious tech-nology. An executive of Siemens, a German company, told Damadian thatthese precautions were easily overcome. The executive told him that thecompany had taken a technician out to dinner, filled him with alcoholicbeverages, and thereby secured an invitation to enter the room and inspectthe scanner, which they did, for as long as they wanted.148
Today, MRI is a multibillion-dollar industry. Even though the MRI is anAmerican invention, only two of the eight companies selling in the Americanmarket today are American. Fonar is now, by far, the smallest of the ninecompanies that dominate the industry.149 Most of the profits and thousandsupon thousands of high-paying technical jobs created by this invention have
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
28 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
gone to companies in Japan and Germany. Fonar’s experience is a goodexample of the shortcomings of civil remedies in preventing the harm ofeconomic espionage.
The EEA provides for criminal prosecution of an individual who “appro-priates, takes, carries away, or conceals, or by fraud, artifice, or deceptionobtains a trade secret.” Using a computer to download a trade secret withoutauthorization or, alternatively, destroying a trade secret so as to make it nolonger available to the bona fide owner, violates the statute. Appropriationalone – absent commercial use or even disclosure – may trigger criminal li-ability. In enacting the EEA, Congress created a trade secret law that differsfrom the common law by broadening both the kind of information coveredand the type of conduct prohibited. The EEA thus expands and strengthensthe rights of those who hold the trade secrets.
Congress has continually expanded and strengthened criminal laws forviolations of IPRs specifically to ensure that those violations are not merelya cost of doing business for defendants. In addition, Congress is concernedwith providing adequate protections for both foreign and domestic ownersof intellectual property. Indeed, the U.S. government has committed, in anumber of international agreements, to protecting IPR holders, includingforeign rights holders, from infringement in the United States.150
Some misuse of intellectual property has not been criminalized. For ex-ample, infringement of a patent is not a criminal violation. Likewise, the lawsprotecting personally identifiable information do not generally provide forcriminal penalties except in the most narrow of circ*mstances.151
Although the EEA addresses and criminalizes domestic economic espi-onage, such as one domestic firm misappropriating the trade secrets of an-other or a disgruntled employee stealing his or her employer’s trade secrets,the single most important reason it was passed was to address the problemof foreign economic espionage.152 Foreign economic espionage, where aforeign government or company targets the trade secrets of an Americanfirm, was and continues to be viewed as more insidious, complex, and diffi-cult to discover and track. Furthermore, prior to the passage of the EEA, theprevailing wisdom was that existing state and federal laws, not to mentionthe extraterritoriality and enforcement issues, made it virtually impossibleto effectively prosecute foreign economic espionage.153
A problem with the current U.S. philosophy regarding economic espi-onage is that our European and Asian competitors have little separationbetween business and government. The EEA has nevertheless filled a signif-icant gap in the protection of trade secrets and has been an important andpositive step forward in the battle against trade secret theft. It will be inter-esting to see if over time the U.S. government loosens the leash on the actand becomes more aggressive in its enforcement efforts, such as by bring-ing actions under section 1831 (the foreign activity section). Should that
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c01 CB764-Nasheri-v1 February 17, 2005 7:51
DIMENSIONS OF ECONOMIC ESPIONAGE 29
occur, it will be yet another reason for American companies to familiarizethemselves with the EEA.
The last decade of the twentieth century was marked in most countries ofthe world with a rising wave of terrorist acts, globalization, and transnationalunification of criminal groups. In addition, the last decade was characterizedby widespread economic and high-tech crimes, such as unauthorized accessto computer networks, industrial and economic espionage, and informationtheft. These events have increased the importance of establishing a worldstage to unify the efforts in combating threats, such as the dissemination ofhigh-tech weaponry, international terrorism, transnational organized crime,and threats to the orderly development of countries and regions of theworld.154
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
C H A P T E R T W O
Transition to an Information Society – IncreasingInterconnections and Interdependence
modern society is increasingly dependent on networked computer sys-tems. The development of information technology in cyberspace haschanged our societies, commerce, and lifestyle. These information networkshave led to numerous advances in the quality of life by improving the pro-vision of vital services such as power, medicine, and public safety.1
The information age is enabled by computing and communicationstechnologies, known as information technologies, whose rapid evolutionis almost taken for granted today. Computing and communications systemsappear in virtually every sector of the economy and, increasingly, in homesand other locations. These systems focus economic and social activity oninformation gathering; analyzing, storing, presenting, and disseminatinginformation in text; and numerical, audio, image, and video formats as aproduct itself or a complement to physical or tangible products. Scienceand technology have further revolutionized geopolitical strategy, interna-tionalized markets, created new possibilities for environmental or nucleardestruction, undermined totalitarian governments, and changed the con-duct of warfare and the basis of economic and political power.
For some time, it has been clear that advances in science and technologyare outdistancing the capacity of existing international organizations to dealwith them. A glance at the daily newspaper is enough to convince even themost casual observer that there are international dimensions to almost everyaspect of science and technology. These dimensions go well beyond the cus-tomary international teamwork that characterizes today’s massive researchand development projects. There are scientific or technical issues woven intothe political, economic, and social concerns of international relations. Thecomplexity of the issues at stake not only defies simplification or reduction,but it also challenges distinctions long held to be true between domestic and
30
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
TRANSITION TO AN INFORMATION SOCIETY 31
foreign, between national and international, and finally among the political,the social, and the economic.
Science and technology transform international relations by presentingproblems requiring new strategies for decision making, new choices, andnew assessments of risk. Not long after the fall of the Berlin Wall and com-munism, a Carnegie Commission Report called for the need “to adapt to aworld in which the border between domestic and foreign affairs is crossedeverywhere and most particularly by science and technology.”2
From the end of World War II until the end of the Cold War, interna-tional issues in science and technology largely concerned arms and energy.The panoply of issues in science and technology that impact internationalaffairs today is much broader. Traditional issues in arms control and energyproduction are still important, but they have been joined by new conceptsof intelligence and security, by new technologies in international communi-cations and information networks, and by expanding financial markets andinternational trade. Modern networked societies are challenged by increas-ingly complex, diffuse, and global threats. The world’s economic globaliza-tion has intensified competition in every industrial sector, and with that hascome a corresponding rise in industrial espionage.
The Rapid Growth of Computer Technology
As the world’s most advanced countries enter into what has been termedthe information age,3 this new epoch is defined by the use of computers,particularly computers grouped into the network form4 and used to facilitatehuman interactions. The 1980s saw the rapid development of computertechnology, and with it the digitization of most forms of information. Inthe 1990s, this computerization trend led to the expansion of the Internet,which makes the distribution and transportation of information possiblewith the click of a button. The ability to digitize information and transportit worldwide with the click of a computer key creates a fertile ground for themovement of information protected by intellectual property laws.
For example, Intel, the computer chip maker, has revolutionized thecomputer industry through the invention of a single product, the Intaniummicroprocessor.5 Intel developed this product through years of research,development, and modification.6 However, through the unscrupulous actsof one person, the company’s competitors could have obtained the infor-mation necessary to produce an identical product for a fraction of the cost,effort, and time, threatening to put Intel out of business.7 Lye Ow, an em-ployee at Intel, decided to steal the blueprints for a new processor. In 1998,Ow attempted to download the files about the design and testing of Intel’sMerced microprocessor, now know as the Intanium processor, to a remote
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
32 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
site, his home computer. Although the computer files could be viewed re-motely by authorized people, Intel’s internal computer system would notallow these critical files to be downloaded. However, this safeguard failed todeter Ow. Rather than giving up, Ow displayed the files on the computer andproceeded to videotape each screen. With the information stored on tape,Ow possessed the information necessary to exactly duplicate the company’sflagship product after only spending minimal amounts of money, time, andeffort.8 Although Ow was arrested prior to transmitting this information to athird party, this narratives illustrates the rapidly growing threat of economic,corporate, and industrial espionage on the welfare of corporations aroundthe world.9
New Crimes of the Information Age
The growth of the information age and the globalization of Internet commu-nication and commerce have significantly impacted the manner in whicheconomic crimes are committed, the frequency with which those crimesare committed, and the difficulty in apprehending the perpetrators. Itmight start with a photo of a hot-looking convertible from Miami, promisedthrough an Internet auction and never delivered, or an e-mail from aNigerian businessman, offering a fat paycheck in return for a person’s bankaccount number.10
Technology has contributed to that increase in four major respects –anonymity, security (or insecurity), privacy (or the lack of it), and globaliza-tion. In addition, technology has provided the medium or opportunity forthe commission of traditional crimes. Criminals in an electronic world canignore international boundaries because they can send information and ex-ecute commands via worldwide networks. Requiring no physical presenceand facilitated by the presence of the Internet, electronic crimes are readilysuited for international commission.
Although computer hacking is one good example of an internationalcrime in cyberspace, there are many other crimes that are facilitated by com-puter networks, such as forgery and counterfeiting, transmission of threats,fraud, copyright infringement, theft of trade secrets, transmission of childp*rnography, interception of communications, and transmission of harass-ing communications. The computer hacking cases have repeatedly raisedissues that will be of concern in all international electronic crime cases. Inaddition to their inability to prevent such attacks, both law enforcement andthe private sector lack effective enforcement tools and remedies to bring theperpetrators to justice.
The widespread use of technology and the Internet, as well as the con-fluence of anonymity, security, privacy, and globalization, have exposed thepublic and private sectors to a new array of cyberattacks. Privacy protections
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
TRANSITION TO AN INFORMATION SOCIETY 33
enable thieves to take advantage of anonymity, thus hampering the efforts oflaw enforcement and private sector fraud investigators to track the thieves.Anonymity enables the criminal to submit fraudulent online applications forbank loans, credit card accounts, insurance coverage, brokerage accounts,and health care coverage. Anonymity also enables employees to pilfer cor-porate assets. For example, bank employees can embezzle money throughelectronic fund transfers and employees of credit card issuers can captureaccount numbers and sell them to outsiders, electronically transferring theaccount numbers to the co-conspirators. A survey conducted by the GartnerGroup of 160 retail companies selling products over the Internet revealedthat the amount of credit card fraud was twelve times higher online thanin the physical retail world.11 There is no reason to believe that this figureis unique to the credit card industry. Another study found that the numberof search warrants issued by the U.S. federal government for online datahad increased 800% over the past few years.12 Further, anonymity providesenhanced opportunities for two types of perpetrators – the organized crimemobster and the teenage hacker. Last, the Internet enables communicationand commerce to occur beyond or without borders, presenting significantproblems in the prevention, investigation, and enforcement of those crimes.Organized groups of criminals can easily commit economic crimes and avoidsanctions across what were once clearly defined jurisdictions, necessitatingincreased cooperation among the global criminal justice agencies. Otherthreats include the loss of credibility with world partners, the transferenceof proceeds of economic crime to conventional crimes, such as drug traf-ficking and gun running, and threats to the national security by increasedvictimization from assaults based in foreign jurisdictions.13
Internet Is Making It Easy
Crime knows few limits when greed is at stake and technology is a weapon.14
The rise of new media, especially the Internet, has brought with it a hostof new legal and ethical issues. Although these issues are variations on tra-ditional legal themes, they require fundamentally new approaches.15 Thepopularity of the Internet as a form of communication has placed a spotlighton the need to protect original ideas from improper use. Ironically, com-puter technology has also made it much easier for information to be stolen.In the case of computer crime or cybercrime, the need for legislation toprevent unauthorized access to data or information is more important thanever. Only a few years ago, stealing customer information was a cumbersometask. A prime example is Jose Lopez, the former General Motors executivein the United States who was indicted by a federal grand jury in Detroit forwire fraud for allegedly stealing boxes of confidential and proprietary infor-mation in 1993 from General Motors and transferring them to his new job
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
34 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
at Volkswagen. Today, there is no need to steal the boxes; the informationcontained in those boxes is now stored on computers. Such informationcan be instantly sent anywhere in the world via the Internet. In fact, with themore recent trend of employees being permitted to work at home on theirown personal computers, there may not even be a need to use the Internetto accomplish such a theft.
The connectivity of the Internet has made the concept of borders andjurisdictions an incredible challenge in most situations and meaninglessin others. Laws, policies, and procedures that were once the purview ofsovereign states are now becoming the focus of the world community. Inthe United States, both civil and criminal laws are now adapting to thisreality.
Cybercrimes Are More Real
Most economic crimes have a cyberversion today. With computer networksnow spanning the globe, law and law enforcement agencies must addressthe international dimensions of crimes in cyberspace. These cybercrimes of-fer more opportunities to the criminals, with larger payoffs and fewer risks.Web sites can be spoofed and hijacked. Payment systems can be compro-mised and electronic fund transfers to steal funds or launder money occurat lightning speeds. Serious electronic crimes and victimization of the pub-lic have caused consumer confidence to waiver. These issues have also leadto growing privacy concerns and demands.16 For example, preventing andprosecuting cybercrime requires government agents to ascertain the iden-tity of criminals in cyberspace. This is typically accomplished by tracing theInternet protocol (IP) address of each node along the path of the user’s elec-tronic trail and has been called the “fingerprint of the twenty-first century,”only it is much harder to find and not as permanent as its more traditionalpredecessor. Surveillance technology makes such identification possible bysearching networks for specific types of data, and by providing “backdoors”into suspect’s systems and widescale monitoring of communications.
Hackers are employed to deface or disable web sites, attack networks, ordisrupt programs by adding code;17 this also allows competing companiesto identify security weaknesses that are then used to gain access to more sen-sitive data.18 Despite these attacks, information losses are not consistentlyreported to U.S. federal or state law enforcement agencies. This is primarilydue to (1) the perception that intellectual property theft is a low prioritycompared with more violent crimes, (2) the fear of adverse publicity or arequired disclosure of trade secrets to the defendant, and (3) the desireto pursue civil remedies.19 Many of these fears are well-founded becauseinformation loss incidents are difficult to investigate. Without complete co-operation of the injured party, trained staff of both the business and the
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
TRANSITION TO AN INFORMATION SOCIETY 35
law enforcement agency, and a timely response, investigations are severelyhindered.
Law Enforcement’s Response in the United States
Changes to the criminal laws were made in response to technologicalchanges that have created serious problems for protecting industrial prop-erty rights. Some countries do not value protecting IPRs as much as theUnited States does. Thus, it is possible that large-scale violations of U.S.copyright could take place in a foreign country without any prosecutablecrime arising under that country’s laws. The changes to criminal laws werealso made in response to strong lobbying by the affected industries. In theUnited States, it was frequently the owners of trademarks and copyrightedworks that brought the inadequacies of existing industrial property laws tothe attention of Congress. In testimony before Congress and in press re-leases, industry groups warn of huge losses and dire consequences fromcounterfeit goods. Recognizing the importance of enforcement of indus-trial property crimes, the Department of Justice (DOJ) formed the Com-puter Crime and Intellectual Property Section (CCIPS) in 1995. The CCIPSis part of the DOJ’s Criminal Division. Its responsibilities include dealingwith a variety of computer-related crimes as well as “the coordination of thefederal criminal enforcement of intellectual property rights.”20
U.S. law enforcement already has substantial experience with one kind ofinternational electronic criminal – hackers.21 Perhaps the most well-knownexample of international computer crime was described by Clifford Stollin his book The Cuckoo’s Egg.22 In 1986, Stoll had just started working on acomputer system at the Lawrence Berkeley Laboratory near San Franciscowhen he noticed a $.75 discrepancy between the charges printed by two ac-counting programs responsible for charging people for machine use. Whathe first believed was a bug turned out to be the beginning of a chase thatled him from California to West Germany via the FBI, the CIA, and the NSA,which led to the arrest of a group of German hackers who had been scouringAmerican military systems for material to sell to the KGB.
Markus Hess, the hacker Stoll was tracking, exploited a variety of simpleloopholes in computer security systems to break into machines belongingto both the military and civilian defense contractors through the Internet, anetwork created by the U.S. government that links thousands of academic,industrial, and (unclassified) military computers.
Once Stoll realized he was dealing with a tenacious intruder, rather thana casual amateur out for a joyride, he contacted his local FBI office. Theattitude he encountered was to plague him throughout his chase: Noth-ing had been stolen, no one had been kidnapped, and there was less than$1 million at stake, so the FBI could not help, although they wanted to be
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
36 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
kept informed. The CIA could not help either, although they also wanted tobe kept informed. The NSA’s National Computer Security Center (whoseresponsibility was how to design secure computers, not investigating holesin existing ones) and the Air Force Office of Special Investigation gave thesame answers – no one organization, it seemed, was responsible for com-puter security. However, many individuals within those organizations under-stood and feared the erosion of the trust upon which computer networksare built that hacking was causing. Federal law enforcement authorities ini-tially showed no interest in the case in the absence of a clear monetaryloss. Thus, Stoll launched his own investigation, which eventually led to theconviction of three hackers in Germany. The investigation revealed that thehackers used access to the Lawrence Berkeley computers to obtain accessto many other U.S. computers. The hackers had obtained sensitive infor-mation – such as munitions information, information on weapons systems,and technical data – and then sold it to the KGB. This case demonstratedthe importance of confidentiality of information on computer systems andthe difficulty of determining a loss figure for a computer intrusion case at thebeginning of an investigation.
Technological Challenges and New Vulnerabilities
For years, national security experts have warned of the dangers posed byforeign and domestic terrorists or government-sponsored hackers that mayattempt to exploit vulnerabilities in the relatively insecure, bug-ridden soft-ware that dominates the companies that safeguard the national infrastruc-ture. A General Accounting Office report warns that cyberterrorists could“severely damage” national security and the nation’s power and telecommu-nications networks. Now, companies recognize that their computer networksmay very well become the objects of attacks by terrorist groups or others asthe nation responds to the attacks against it.23 However, even more mundaneattacks, through self-propagating viruses, extortion threats, e-mail bombs,and malicious programs, may cause substantial damage and create ongoingdaily risks for businesses in our interconnected society.24
Economic security affects our national security. Economic intelligencereporting helps us expose activities that may support terrorism, narcoticstrafficking, proliferation, and gray arms dealing.25 Technical innovationprovides new ways to resolve international problems, but also creates newforeign policy headaches. For example, satellite surveillance can help ver-ify compliance with arms control treaties, but the commercial market inhigh-resolution imagery and global positioning data also can provide roguenations or terrorist groups with critical intelligence. Advanced databasemanagement techniques can be used to track and deter terrorist groups
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
TRANSITION TO AN INFORMATION SOCIETY 37
such as al-Q’aeda, even as these techniques have triggered a dispute be-tween the United States and the European Commission (EC) regardingdata privacy.
Technical innovation has fundamentally challenged the way foreign pol-icy is conducted. Recombinant DNA techniques hold out the promise ofresolving the world’s food crisis, but they also caused a major trade blowupbetween the United States and the EC regarding transgenic food exports. Inthe wrong hands, these same genetic engineering techniques can turn thealready dangerous smallpox variola into an unstoppable “killer germ.” Morepositively, the communications revolution of the Internet has enabled non-state actors to erode governments’ monopoly over interstate arms controlmeasures, as advanced monitoring techniques allowed university seismolo-gists to debunk the alleged Novaya Zemlya nuclear test and nongovernmen-tal organizations to rally support for the Land Mine Convention.
As worldwide usage of the Internet has increased, so too have the vast re-sources available to anyone online. Search engines and similar technologieshave made arcane and seemingly isolated information quickly and easilyretrievable to anyone with access to the Internet. Although society is enter-ing an era abounding with new capabilities, many societal practices todayremain similar to those of the earlier decades; they have not always evolvedto reflect the introduction of personal computers, portable computing, andincreasingly ubiquitous communications networks. Thus, even though peo-ple continue to relinquish control over substantial amounts of personalinformation through credit card transactions, proliferating uses of social se-curity numbers, and participation in frequent buyer programs with airlinesand stores, these organizations implement trivial or no protection for pro-prietary data and critical systems, trusting legal policies to protect portablestorage media or relying on simple passwords to protect information.
As the availability and use of computer-based systems grows, so too doestheir interconnection. The result is a shared infrastructure of information,computing, and communications resources that facilitate collaboration ata distance, geographic dispersal of operations, and sharing of data. Withthe benefits of a shared infrastructure also comes costs. Changes in thetechnology base have created more vulnerability, as well as the potentialto contain them. For example, greater access for bona fide users implieseasier access for unauthorized users. The design, mode of use, and natureof a shared infrastructure create vulnerabilities for all users. Among the in-formation available to Internet users are details on critical infrastructures,emergency response plans, and other data of potential use to persons withcriminal intent. For national institutions such as banks, new risks arise asthe result of greater public exposure through such interconnections. Forexample, a criminal who penetrates one bank interconnected to the world’s
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
38 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
banking system can steal much larger amounts of money than are stored atthe one bank. Reducing vulnerability to breaches of security will depend onthe ability to identify and authenticate people, systems, and processes andto assure with high confidence that information is not improperly manipu-lated, corrupted, or destroyed.
Information Warfare
Dependence on information networks also places those countries reliant onthem in a position of vulnerability.26 If vital information networks stoppedfunctioning, an information age society would be paralyzed and couldquickly collapse into chaos. Attacks on information networks, or informa-tion warfare (IW), could inflict damage rivaled only by other weapons ofmass destruction. A concerted IW attack could devastate a modern societyby crippling the information networks crucial to providing power, trans-portation, national defense, and medical services. The destructive capa-bility of IW presents a significant threat to the international communityand creates a need for consideration of a mechanism to respond to IWattacks.27
IW is especially troublesome for the international community because rel-ative to chemical, biological, or nuclear weapons, the technology requiredto attack information networks is simple to acquire. Information networkscan also be sabotaged via the manufacture of purposely defective equip-ment and, given the wide manufacturing base for computers, there existssignificant opportunity for such sabotage to occur.28 The United States andseveral European countries have recognized the potential threat posed byIW and are developing their own IW capabilities in answer to the threat.29
As Alvin Toffler pointed out in his book Powershift: Knowledge, Wealth andViolence at the Edge of the 21st Century:
The 21st century will be marked by information wars and increased economicand financial espionage. All sorts of knowledge will become strategic intelli-gence in the struggle for power and dominance. The race for information ofall kinds will be motivated not only by a desire to lead, but will be requiredto avoid obsolescence. It is information that will be the moving force in the21st century.30
Information wars will drag businesses into the fray, causing massive loss notonly of business, but also of sensitive information and the businesses’ criticalinformation infrastructure. To name a few, among them are
� The continued increase and globalization of the Internet, and theconnections to the businesses’ and government agencies’ intranets fore-commerce
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
TRANSITION TO AN INFORMATION SOCIETY 39
� The increasing threats of Netspionage� The increasing threats of technocriminals� The concern and potential threats of IW.
Hacktivism
Hacking is well-known – it means getting unauthorized access to a computer.Sometimes the hacker will use spyware or key-logging software to capturepassword information in order to gain entry to a system. When a hackergets access, he or she may do something destructive and/or leave a “callingcard.” It may be difficult to tell that the system has been breached. Thefollowing incidences illustrate the extent of destructive harm that can beaccomplished by launching an attack.
Danish Hackers Attack Weather Computers
In 1993, the National Weather Service in Maryland detected hacker activityin its systems. Because air traffic and shipping operations rely on NationalWeather Service data, this attack threatened to cause substantial damage.The intrusion was traced back to computers at the Massachusetts Instituteof Technology (MIT) and then back to Denmark. U.S. and Danish investi-gators identified thirty-two U.S. systems as well as systems in other countries,including Denmark, that hackers had penetrated. Danish authorities madeseven arrests, including two juveniles. Six convictions resulted in Denmark,for attacks on both Danish and U.S. computer systems.31
Vladimir Levin’s Bank Fraud from Russia
Between June and October 1994, a theft ring headed by a computer hackerin St. Petersburg, Russia, broke into a Citibank electronic money transfersystem and attempted to steal more than US $10 million by making approx-imately forty wire transfers to accounts in Finland, Russia, Germany, theNetherlands, the United States, Israel, and Switzerland. All these transfers,except US $400,000, were recovered by Citibank.32 The leader, VladimirLevin, was arrested in London, England, and successfully extradited to theUnited States 2 years later. In February 1998, Levin was sentenced to 3 years’imprisonment and was ordered to pay US $240,000 in restitution to Citibank.Several accomplices were also convicted.
Julio Cesar Ardita’s Intrusion from Argentina
From August 1995 until February 1996, the U.S. Naval Criminal Investiga-tive Service and the FBI investigated a hacker who successfully obtained
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
40 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
unauthorized access to multiple military, university, and other private com-puter systems, many of which contained sensitive research.33 The hackeracquired unlimited access to those systems, including the ability to read thesensitive materials stored in them.
U.S. authorities tracked the hacker to Argentina and notified a localtelecommunications carrier. The telecommunications company contactedlocal law enforcement, which began its own investigation. An Argentineinvestigating judge authorized the search of the hacker’s apartment and theseizure of his computer equipment as the first step in an investigation of hispotential criminal violations of Argentine law. The hacker was first identifiedto law enforcement by his user name “griton” (Spanish for “screamer”) andeventually identified as Julio Cesar Ardita.
Ardita was investigated by the Argentineans for his intrusions into Argen-tine telecommunications systems, but Argentine law did not extend to coverhis crimes against computers in the United States. For those crimes, only theUnited States could prosecute him. In the absence of an extradition treatywith Argentina for these offenses, Ardita eventually agreed, in May 1998, tocome to the United States and plead guilty to felony charges of unlawfullyintercepting communications and of damaging files on U.S. Department ofDefense (DOD) and National Aeronautics & Space Administration (NASA)computers. He was fined US $5,000 and sentenced to 3 years of probation.
Florida 911 Attack from Sweden
In February 1996, the FBI investigated suspicious phone calls placed tothe Northern Florida Emergency 911 system. The hacker had been ableto obtain direct telephone numbers that corresponded to the lines usedto receive 911 calls for eleven counties. He used them to tie up emergencylines and harass operators. A trace initiated by one affected phone companyidentified a potential suspect in Sweden. Swedish authorities, cooperatingwith the Washington, DC, Field Office of the FBI, executed a search warranton the residence of the subject, who turned out to be a minor. The hacker wasconvicted of a misdemeanor in Sweden and given a suspended sentence.34
Miami Internet Service Provider Takeover from Germany
In July 1996, a hacker gained complete control over an Internet serviceprovider in Miami, Florida, and captured credit card information of theservice’s subscribers.35 He threatened to destroy the system and distributethe credit card numbers unless the victim provider paid US $30,000. Fol-lowing investigation by the U.S. Secret Service, German authorities arrestedthe hacker, Andy Hendrata, when he tried to pick up the money at a postoffice box. A 27-year-old Indonesian computer science student, Hendrata
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
TRANSITION TO AN INFORMATION SOCIETY 41
was prosecuted and convicted in Germany. He was given a 1-year suspendedsentence and a US $1,500 fine.
Ehud “The Analyzer” Tenebaum’s Pentagon Penetration from Israel
On March 18, 1998, the Israeli National Police arrested Ehud “The Analyzer”Tenenbaum, an Israeli citizen, for illegally accessing computers belongingto the Israeli and U.S. governments, as well as hundreds of other commercialand educational systems in the United States and elsewhere.36 The arrest ofTenenbaum led to several weeks of investigation into a series of computerintrusions into U.S. military systems that occurred in February 1998. As partof this investigation, the U.S. DOJ formally requested legal assistance fromthe Israeli Ministry of Justice, and U.S. law enforcement agents traveled toIsrael to present Israeli law enforcement officials with evidence. As part ofthis evidence, U.S. investigators also presented the Israelis with evidence ofTenenbaum crimes against Israeli computer systems.
On February 9, 1999, Tenenbaum was indicted by an Israeli court, alongwith four accomplices. They were charged with illegal entry into computersin the United States and Israel, including U.S. and Israeli academic institu-tions and the Israeli Parliament.37
The Electronic Disturbance Theater
Since the mid-1990s, several politically minded groups have used a varietyof hacking tools that they program themselves or download from the In-ternet to shut down or disrupt their opposition online. One such group,the Electronic Disturbance Theater (EDT), is best known for its supportof the Zapatista insurgency in Mexico. The EDT produced an “electroniccivil disobedience” device called Flood Net, URL-based software used toflood and block an opponent’s web site. As a Java applet reload function,this software acts in much the same way as manually striking the reloadkey of the targeted web site – the more people that log on to the web siteat a particular time and do this, the more likely the web site is going tocrash or be “blockaded.”38 In the tradition of civil disobedience protests,they encourage mass participation and use their real names. The softwarethey use to attack web sites disrupts Internet traffic, but does not destroydata. Targets have been Mexican President Ernesto Zedillo and the UnitedStates Department of Defence. Stefan Wray, one of its founders, asserts thatsuch tactics are “a form of electronic civil disobedience . . . transferring thesocial-movement tactics of trespass and blockade to the Internet.”39 In 1998,EDT members organized a number of “virtual sit-ins” against the web sites offinancial and government institutions, including the Pentagon, which theybelieve were sympathetic to the Mexican crackdown against the rebels.
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
42 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
A Need for International Cooperation
Although the development of cyberspace offers much promise for inter-national interaction and growth, it also facilitates the commission of inter-national crime. By identifying the critical international issues relating tocrimes in cyberspace and addressing them, countries can try to maintainfor their citizens the same security in the information society that they havetraditionally enjoyed.
The global interconnection of vulnerable computer systems may re-quire a uniform transnational legal framework for addressing multinationalcomputer-related crimes. A large step toward such a transactional frame-work took place in 1998, when Britain, Canada, France, Germany, Italy,Japan, Russia, and the United States agreed to coordinate efforts to inves-tigate and prosecute Internet crimes.40,41 In addition to increased multina-tional governmental cooperation, international organizations and privatecorporations are also working to combat international computer crimes.42
International organizations have contributed to the drive to harmonize na-tional legislation.
Conflicting Laws and Investigatory Challenges
Substantive criminal law may actually conflict between various countries.What is criminal activity in one country may be specifically protected inanother. Although such differences arise without the involvement of com-puters, the often-recognized tendency of computer networks to make theworld seem “smaller” can exacerbate these differences and bring them intoconflict.43
Until more recently, computer crime has not received the emphasis thatother international crimes have engendered. Even now, not all affected na-tions recognize the threat that computer crime poses to public safety or theneed for international cooperation to respond effectively to the problem.Consequently, many countries have weak laws, or no laws, against computerhacking, and they may decline to assist other countries on the basis of lackof dual criminality.44 Although the Internet knows no borders, criminal lawand law enforcement agencies are constrained by the limits of their author-ity. Those limits are usually reached at national borders. Even if relevantsubstantive laws have been enacted in all the jurisdictions where a personperpetrates electronic crime, the precise scope and application of those lawscan be as complex as the underlying technology. Because the substantive lawsare sure to vary, the “dual criminality” requirement discussed previously isnot necessarily satisfied by dual enactment of relevant criminal provisions.Those laws must incorporate the precise crime particularly at issue. Forexample, even if two countries have criminal copyright infringement laws,
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
TRANSITION TO AN INFORMATION SOCIETY 43
copyright infringement without a commercial motive may be a crime in onecountry, but not in another.
Jurisdictional Constraints
Although limitations related to national sovereignty are often describedas “jurisdictional,” these jurisdictional limitations arise in many differentforms. A criminal can perpetrate an electronic crime against a victim with-out ever entering the country. Applying the domestic law of a country wherethe victim is located against a non-national perpetrator who has never evenvisited the country and may not even have known where his or her vic-tim was located raises questions about the extraterritorial reach of nationallaws. International law can permit extraterritorial reach of criminal law un-der an “effects test” – where the non-national has engaged in extraterritorialconduct with the intention or the likelihood that it will have effects in thecountry whose law is to be applied or, possibly, where a crime is commit-ted against a nation’s citizens.45 Whether extraterritorial reach of a nation’ssubstantive law is permitted depends on the particular law at issue, the par-ticular nation’s jurisprudence, and most important, the particular facts ofthe case.46,47 Substantive laws may apply to domestic activity only, and evenif they are given extraterritorial effect, cooperation from a foreign coun-try is more likely with regard to activity that violates its own domestic law.Although some countries, such as Denmark, Israel, and Sweden, may prose-cute criminals for attacks on foreign victims, other countries may be limitedby their legal authority to do so, as Argentina was in the Ardita case.48 Pro-cedural laws, such as those provisions that permit tracing of telephone callsor other communications, have clear jurisdiction over domestic processesonly. At the operational level, law enforcement agents only have jurisdictionto investigate domestic crime.
A single electronic crime case can often raise a comprehensive set of inter-national issues. When international legal assistance, such as extradition, issought, it is not necessarily sufficient that a victim country’s laws criminalizethe conduct at issue, even if they are capable of extraterritorial application.Rather, it is frequently necessary that the substantive law of the other coun-try where investigative support is sought criminalizes the conduct in its ownlaws. Such parallelism is called “dual criminality” (or “double criminality”).Unless the dual criminality condition is present, a nation may be unwill-ing to extradite an individual to the victim country, or may be unwilling toexecute searches or take other investigative steps.
The complexity and rapid development of technology can give riseto complex or evolving laws that govern electronic crimes. Electroniccrime statutes from various countries are, of course, subject to their ownevolution.49 Consequently, it is predictable that such laws will differ in scope.
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
44 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
For electronic violations that occur in countries where no similar laws havebeen enacted, the crime may not be prosecutable. Consequently, with theUnited States at the forefront of the information age, it makes sense thatCongress adapts federal law to technological development far earlier thanthe legislatures of some foreign countries.
Thus, problems created by the ease of commission of international elec-tronic crimes are exacerbated by a variety of jurisdictional constraints on lawenforcement in protecting the public against such crime. This confluencefacilitates and indeed invites commission of international crime because ofthe reduced risk of penalty. Commentators and criminals have recognizedthe ability to exploit safe havens. These concerns demand a coherent re-sponse from the public agencies that are charged with protecting publicsafety by enforcement of the criminal laws.
A detailed framework of procedural laws can be valuable to investigations,create powers and limits, and provide clear guidance for collection of evi-dence by law enforcement agents. In addition, they can ensure for the pub-lic both an appropriate level of protection against unwarranted governmentintrusion and an expectation of regularity in government action. For exam-ple, the United States has a relatively detailed statutory scheme governinglaw enforcement’s access to stored wire and electronic communications.50
This statute provides direct guidance in investigations relating to any crimeswhere such data are stored by third parties. Many other countries do nothave such a detailed framework.
Other differences in national procedural laws also can impede investiga-tion of a computer crime case. These differences arise due to differencesin national policy or history and idiosyncrasies related to the history of thelaws governing procedure, among other reasons. For example, whereas cer-tain evidence or certifications may be necessary in one country to obtain anorder to trace a telephone call, entirely different showings may be requiredin another country.51 Obtaining the necessary information to procure a for-eign court order to trace a transmission may be very difficult if domesticauthorities do not know what information will be needed in a foreign court.
As more companies take advantage of computer networks to operateinternationally, those companies increasingly become subject to the lawsof multiple nations. As more investigations of crime committed over thosenetworks are conducted – and as the laws regulating privacy of electronicdata evolve – more conflicts are sure to arise.
Even procedures to obtain information domestically may have interna-tional implications. For example, a search of computer data on a domesticbranch of a foreign corporation may be authorized pursuant to a search war-rant. Upon executing the search, however, the law enforcement officers maydiscover that the data are actually stored on a file server in the home countryof the corporate headquarters (or some other country). The foreign search
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
TRANSITION TO AN INFORMATION SOCIETY 45
might also take place without the officers’ recognizing that the data arestored abroad. Either way, investigations of international electronic crimecan give rise to unusual questions of national sovereignty without a lawenforcement agent ever leaving his or her home country’s soil. It may belegitimate and important for law enforcement to be allowed to conduct aremote search of computers in a foreign country. At present, however, thereis no way to know how often such searches take place, and the laws governingthem are uneven and conflicting.52
An investigation that uncovers substantial crime in a victim country andsuccessfully identifies a perpetrator in a foreign country may neverthelessbe subject to certain limits. For example, a home country may be unwillingor unable to extradite its national for many crimes, particularly becausethere is substantial variation regarding enforcement and punishment ofelectronic crimes.53 Even if a country is willing to extradite a criminal, itcan extradite him or her to only one country at a time. This is problematicbecause a criminal in cyberspace could have committed crimes in manycountries without leaving home.
Law enforcement officers are hampered in investigating such attacks dueto nonexistent laws, lack of jurisdiction, difficulty in getting cooperationfrom law enforcement officers of other countries because of politics, anddifferent laws. As noted previously, what may be illegal in Indonesia may notbe illegal in the Netherlands. Therefore, extradition would not be possible,as the citizen of the Netherlands violated no law of their home country.The investigation processes of technocrimes are complicated enough. Whenthey are internationally accomplished, it is almost impossible to bring thesecriminals to justice.
Operational Challenges
In addition to the formal concerns related to substantive laws and proce-dural laws, international computer crime investigations are hampered by avariety of operational issues. Among these concerns are expertise and co-ordination, communication, and timeliness. Communication is essential tocooperative electronic crime investigations. Law enforcement agents can bestymied by language barriers and time differences that do not necessarily de-ter criminals in cyberspace. The common language of the Internet is English(and, to a lesser extent, Unix), and networked computers are often in oper-ation 24 hours a day, 7 days a week. With the Internet, instantaneous accesscan be achieved with ease, regardless of the target computer’s locale. Thus,a criminal from an English-speaking country could easily commit a crimeon a victim in a Spanish-speaking, Chinese-speaking, or Hebrew-speakingcountry (or vice versa) located on the other side of the world. For law en-forcement agents to respond to such an attack effectively would require
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
46 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
communication among people of two or more different languages at oddhours. Many countries are not yet well-equipped to meet this challenge.
In traditional physical world crimes, law enforcement is not often askedto respond with such speed. One commentator has observed that com-puter crime requires law enforcement to be coordinated at a speed andto a degree never before maintained “or even envisioned.”54 Law enforce-ment specialists are not necessarily available 24 hours a day. Moreover, legalrequirements, such as those for the issuance of a search warrant, and lawenforcement policies are not designed to initiate an immediate law enforce-ment investigation. Investigations of international cases, which can some-times move at the speed of the slowest country, are particularly prone todelay.
Investigators in computer crime cases rely heavily on third-party commu-nications providers to provide information regarding both computer con-nections and content. This information is often provided only in responseto court orders issued pursuant to established criminal procedures. Suchcourt orders can give law enforcement the ability to search stored data, toaccess e-mail, to trace the source and destination of communications, and tointercept communications in real time. Procedures to obtain information,and procedural safeguards to restrict access to information, are not avail-able in computer cases in some countries, and such processes may vary fromcountry to country. However, procedures to obtain information domesticallymay result in transborder searches with international implications.
Each of these circ*mstances aggravates the others. The time spent find-ing and informing the technically literate law enforcement personnel in aforeign country who are authorized to address the crime under investigationmakes it more difficult for law enforcement to combat crime quickly. Thetechnical nature of the subject heightens the potential for problems arisingbecause of language barriers. Those language barriers can further slow lawenforcement response to computer crime. Differences in language, culture,and national interests create situations ripe for misunderstandings to arise.For all these reasons, operational issues are among the most intractable thatarise in the course of an international computer crime case.
Resources and Technical Training
Law enforcement’s response to the rapid evolution of the Internet tech-nocriminals has been slow. In large part, this is because of the prevalence ofother, according to some, more serious crimes. So, the public’s priority hasbeen to use the limited, budgeted resources for fighting gangs, drugs, andviolent crimes. It is beyond dispute that economic and electronic crime in-vestigations require specialized training and experience on the part of law
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
TRANSITION TO AN INFORMATION SOCIETY 47
enforcement agents and prosecutors. Investigators must understand howthese types of crimes effect specific industries. Without an understandingof how specific industries function, it is difficult to investigate or prosecuteeconomic and electronic crimes. Substantial computer equipment and re-sources are needed. In the United States and in numerous other developedcountries, the need for such training and resources has been recognizedfor some time.55 Elsewhere, comparatively fewer law enforcement agentsand prosecutors are trained to address such crimes.56 In certain cases, itmay be crucial to find the law enforcement personnel in another countrywho have been trained or who have experience in computer cases. Withoutwell-developed coordination, this task can be difficult.
Threat of a New World Disorder
The world has also shifted dramatically toward a more computer networkedenvironment. Thus, financial transactions, electrical power, communica-tions systems, health services, air traffic control, record-keeping functions,and many other aspects of modern day life are largely controlled by or inter-act with computer systems and computer networks. Therefore, the potentialimpact of failing to protect the intellectual property and information infras-tructure upon which this world-leading economy is increasingly dependentposes potentially serious risks.
Internet criminals will become more sophisticated as the computers be-come more sophisticated. Threats to valuable business and public assetsare increasing while the public demands more time spent pursuing violentcrimes, allowing less time to be spent pursuing technocriminals.
Netspionage, high-technology crimes, and frauds are considered victim-less and thus receive a low priority. This priority order will continue forthe foreseeable future. Preventing, detecting, investigating, and prosecut-ing economic crimes must become a priority, in an effort to lessen theirimpact on the economy and the public’s confidence. However, both law en-forcement and the private sector, as it stands now, is in danger of slippingfurther behind the highly sophisticated criminals. A greater understandingof how technology, competition, regulation, legislation, and globalizationinteract is needed to successfully manage the balance between economicprogress and criminal opportunity.
The enactment of international laws is far behind the technology, mak-ing it extremely difficult to identify, apprehend, and prosecute Internetcriminals across national boundaries. There have been some successes, forexample, in the international fight against child p*rnography. However, themore sophisticated, financially based, Internet crimes will grow in numberdue to the lack of security professionals to prevent them and the lack of
P1: KPP/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c02 CB764-Nasheri-v1 February 17, 2005 8:17
48 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
capabilities of the law enforcement professionals to investigate and appre-hend the technocriminals.
The international focus for the next two decades must be directed towardInternet crime and cybercrime. That focus cannot be limited to procedu-ral remedies. Many countries lack substantive laws specifically designed tocombat computer and Internet crimes. For example, the alleged perpetra-tors of the “Love Bug” virus in the Philippines could not be charged with acrime because that country had no computer crime laws. The internationalcommunity must establish a more aggressive and comprehensive approachto cybercrime, including treaties that provide for uniform laws on cyber-crime and cyberterrorism. That approach should be inspired and led by theUnited States.
Adapting to an Information Society
New technologies promise many advances for human development. Genetherapy could tackle diseases such as cystic fibrosis and cancer. Geneticallyaltered crops could reduce the need to use polluting herbicides and pesti-cides. The information and communications industry could provide entrypoints for developing countries into producing for the knowledge-intensiveeconomy.
The Internet will continue its rapid growth and expansion around theworld. It will play a major role in changing nations, societies, business, andtechnology, as well as changing the responsibilities of corporate managers,security, and law enforcement professionals. Nations around the world mustcreate a framework for understanding the relationship among technology,law, and policy in this networked world. Although the development of cy-berspace offers much promise for international interaction and growth, italso facilitates the commission of international crime. By identifying thecritical international issues relating to crimes in cyberspace and addressingthem, countries can try to maintain the same security for their citizens inthe information society that they have traditionally enjoyed.57 Nations mustwork together to identify their weaknesses, propose viable solutions, andrise to meet the challenges that face the increasingly connected society.58
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
C H A P T E R T H R E E
International Dimensions of Business and Commerce
business firms increasingly operate in a global environment, obtaininggoods and services from companies worldwide, participating in a global vir-tual corporation, and working as part of international strategic alliances.One key dimension of increasing globalization has been the dismantling ofbarriers to trade and investment. From the 1950s to 1993, for example, worldtrade grew at an average compound rate of 10% annually. Investment alsohas grown rapidly in recent decades, stimulated by the removal of restric-tions and by international rules that provide assurances to investors againstdiscriminatory or arbitrary treatment.
A second international dimension is the enormous growth in recent yearsof multinational enterprises. Such firms operate across national boundaries,frequently in multiple countries. Therefore, in today’s global marketplace,it may be difficult to decide, for example, what constitutes an Americancompany. Is Chrysler an American company or a foreign company? Is a U.S.-based multinational company that derives more than one-half its revenuesand profits from operations outside U.S. borders an American company?Just because a company is incorporated in Delaware does not make it an“American” company. Such a company may be principally doing businessoutside U.S. borders and for the benefit of foreign nations. All these changescomplicate the problems of economic espionage.
Effects of the New Technology and Threats toBusiness Interests
Global markets are increasingly affected by issues of trade secret protection.1
Safeguarding intellectual property has become an increasingly visible re-sponsibility in more recent years,2 largely because the Internet allows thetransfer of information at high speeds.3 Increasing numbers of countries
49
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
50 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
have seen large portion of their gross domestic product comprised increas-ingly of information-related products and services. This includes computersoftware, sound recordings, films, and the like. International computer net-works have evolved into one of the primary tools of virtually every sector ofthe world economy. Both “new economy” e-commerce businesses and “oldeconomy” brick and mortar operations are now largely dependent on suchnetworks for any number of their core business functions, from providingsecure reliable customer service, to conducting billing, payment, or otherfinancial transactions, or to interface with employees, suppliers, consumers,and business partners on a global scale.
Communications technologies have substantially shortened the time tomarket in virtually every sector of the economy. Companies around theworld are increasingly forced to share critical proprietary information withcustomers, suppliers, contractors, consultants, and strategic partners duringthe early stages of product development.
In the face of the rapid development of computer and telecommunica-tions technology, it is imperative that the business community at all levels,from the chief executive officer to the sales force, have an understandingof the security issues associated with international networking and the le-gal ramifications of security breaches. Whereas perimeter controls such asfirewalls were the primary form of network security in the mid-1990s, compa-nies now must balance the business risk with the need to share informationfreely in order to expedite production. For example, merchants conductingbusiness in the online environment must face not only the emerging tech-nological attacks such as hacking and infrastructure failures, but also thetraditional fraud schemes that have plagued the industry since the inceptionof credit card transactions. As corporations continue to expand their globalreach through complex integrated networks, the identification of points ofcompromise and methods of exploitation becomes an increasingly difficulttask. The cellular telephone industry is a primary example of an industrythat was faced with a significant information security vulnerability, in theform of cellular cloning activity, which threatened to reduce the integrityof the wireless system. Identification of the source of information securitycompromise incidents is increasingly difficult in light of the evolution ofwireless communication technologies. From external attacks to abuse by in-ternal employees, companies have a difficult task in the protection of datavital to corporate interests. As businesses become more dependent on theirinterfaces to global networks as the backbone for their businesses, there willbe greater and greater risks to their businesses.
There are many reasons why these risks have been created. They include:
� Global economic competition where economic espionage can be con-ducted with little risk of being caught
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 51
� Increase in local area networks (LANs) and wide area networks (WANs)and client-server systems – all of which rely more on the users to protectthe systems and information than a professional staff of systems personnel
� The focus on customer service by management and network staff as thehighest priority – with technical staff being unfamiliar with their securityrole
� Security technology will always continue to be a step or two behind theattackers
� Lack of management support to provide better security as a higherpriority.4
An environment that is open to everyone is not secure, whereas an en-vironment that is closed to everyone is highly secure but less useful. Anumber of trends in business today tend toward less security. For example,competitive strategies emphasize openness to interactions with potentialcustomers and suppliers. Such strategies also offer potential adversaries agreater chance of success because increasing ease of access often facilitatesthe penetration of security protections.
As another example, many businesses today emphasize decentralizedmanagement that pushes decision-making authority toward the customerand away from the corporate hierarchy. Yet security often is approachedfrom a centralized perspective. For example, access controls are necessarilyhierarchical (and thus centralized) if they are to be maintained uniformly.
Many businesses rely increasingly on highly mobile individuals. When keyemployees were tied to one physical location, it made sense to base securityon physical presence (e.g., to have a user present a photo ID card to anoperator at the central computer center). Today, mobile computing andcommunications are common, with not even a physical wire to ensure theperson claiming to be an authorized user is accessing a computer from anauthorized location or to prevent passive eavesdropping on unencryptedtransmission with a radio scanner.
The amount of downtime has edged up, with more companies facing out-ages for longer periods. In 2001, 28% of U.S. companies suffered no down-time from attacks, whereas in 2003 only 16% avoided downtime. About 45%of companies were back up within 8 hours, a number similar to 2002. How-ever, 39% had downtime of 8 hours or more – a 13% increase from 2002.5
Much of the improvement in combating attacks came from smaller com-panies getting their IT security in order with relatively quick fixes such asadding firewalls and antivirus tools. Larger companies, the preferred targetsfor hackers, fared worse than smaller companies. Only one-fourth of busi-nesses with more than $500 million in annual sales escaped without securitybreaches in 2002, and 43% indicate that they suffered downtime that lastedmore than 8 hours.6
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
52 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
For many companies, security and control over their operations and assetsare vital to their success, and thus reporting breaches in that security ispotentially damaging to future business. As one commentator noted, whowants to do business with a company whose unstable network security isbeing splashed across the front page? For example, Citibank’s reward forreporting the $10 million stolen from its allegedly secure computer networkwas seeing its top twenty customers wooed by rival banks, all claiming theircomputer systems were more secure. Companies are also reluctant to reportsuch thefts because they can spawn unwanted attention from the Securitiesand Exchange Commission and shareholder derivative suits. Probably thegreatest reason why trade secret theft is not prosecuted more often is thefailure of victim companies to report such thefts to government authorities.Companies are reluctant to report such crimes because of concern over aloss of public trust and public image.
Gaining Strategic Advantage ThroughEconomic Intelligence
Globalization, increasing competition, and the growing importance of in-tellectual property have heightened temptations to steal corporate secrets,both by domestic employees and foreign spies.7 The desire of states to pos-sess the most modern industries and technologies possible is not an unrea-sonable one. Modernized states have a better understanding of the over-all economic development, self-sufficiency, and political autonomy thando undeveloped states.8 To become more modernized, states with lesser-developed economies are tempted to import foreign technologies by what-ever means are available, including economic espionage. Successful nations,as well as Third World countries and former communist states, who do nothave the financial resources to buy or build themselves quickly to pros-perity, are stealing technological, scientific, and commercial secrets fromothers.9,10
A wide range of companies operating internationally are threatened byforeign information collection efforts. No business is immune from eco-nomic espionage. Companies around the world have become more vulner-able to trade secret theft for several reasons. First, the end of the Cold Warmade available intelligence resources that were previously devoted to secur-ing military technology.11 Second, disagreements between countries withinthe Western alliance are no longer of major strategic importance.12 Third,intangible property,13 which is often easier to steal than tangible property,has become more common.14 Fourth, more employees have access to tradesecrets than in the past.15 Fifth, employees have greater opportunities to gainfrom knowledge of trade secrets, either by changing jobs or by becomingself-employed. Sixth, computer hackers have the ability to steal information
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 53
from corporate computer systems thousands of miles away. Finally, advancesin communications have made collection of trade secrets easier.16
A New Niche for Government Spies
Nations have been reshaping their intelligence agencies and investigativeresources to be more responsive to the competitive and global needs ofbusinesses.17 However, this global economic environment fosters a power-ful incentive for corporations, individuals, and foreign governments to useimproper and illegal means to gain the competitive advantage and marketshare necessary to survive and prosper.18 Furthermore, as technology ad-vances, the methods for stealing corporate trade secrets and proprietaryinformation are becoming highly sophisticated, less expensive, and easierto implement.
A nation’s economic status makes up a large part of its national security.19
This economic status is dependent on a nation’s ability to compete effec-tively in the world market. Because of this, economic competition “must bemore carefully balanced with traditional military and intelligence concernsin determining policy to protect national security.”20,21 Lawmakers are in-creasingly resorting to criminal codes to create and implement economicand social policies.
Because of the threat of economic espionage, many countries make eco-nomic security a priority, enacting laws that purport to deter the intelligencegatherers.22 Prior to the end of the Cold War, many international relation-ships were defined according to military alliances. These relationships arechanging significantly due to a shifting international focus from a militaryto an economic outlook, and allies now see one another as competitors inthe global economy.23 Under this new arrangement, industrialized coun-tries striving to maintain their standards of living, and developing nationseager to improve such standards, face enormous pressure to succeed. Thecompeting nations will pursue any and all means that bear the potential toensure their productivity and economic security. When economic objectivesbegin to play a more dominant role in defining national security, the interestin economic espionage expands. The end result for today’s society is thateconomic espionage is the front line of a new world economic war.24
Nations also commit economic espionage because it is an area in whichmany of them are capable of success. Many countries already have the abil-ity to carry out economic espionage because they have sufficient funds andapparatus to do so. A U.S. Congressional Intelligence Committee Reportin 1994 stated that “reports obtained since 1990 indicate that economic es-pionage is becoming increasingly central to the operations of many of theworld’s intelligence services and is absorbing larger portions of their staffingand budget.”25 In addition, many countries use their leftover Cold War
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
54 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
spying apparatus, such as giant computer databases, scanners for eavesdrop-ping, spy satellites, and bugs and wiretaps, to conduct economic espionageactivities.26 Peter Schweizer pointed out, “that so many states practice eco-nomic espionage is a testament to how profitable it is believed to be.”27
Some countries gain financial profit as well as technology from economicespionage. In Australia, for example, economic espionage is estimated tobe worth $2 billion per year.28 France acquired a $2 billion deal with Indiafor airplanes because of the economic espionage activities of the DirectionGenerale de la Securite Exterieure.29,30
Getting the means of production is often more important for some coun-tries than acquiring the actual technology.31 The manufacture of a particularproduct, ballbearings for example, may not be a secret, but the means bywhich it is done takes years to develop. Countries that steal this informationare therefore able to cut down the amount of time it would take to developeffective manufacturing processes on their own. In sum, the supported phi-losophy is that it is quick and cheap to steal – crime pays.32 Economic espi-onage appeals to these states because it saves them the time and financialresources they would have spent to develop the technologies on their own.33
Nations that are actively pursuing economic and technological intelli-gence do it for three reasons: (1) to strengthen their industrial base, (2) tosell or trade the information with other countries, and (3) to obtain alter-native sources of arms and intelligence.34 The struggle among nations fora global economic advantage has forged a consensus in the United Statesthat there is a definite need for economic intelligence activities.35
Race for Competitive Intelligence
A front line is no longer the one that divides East and West, but the onedefined by technological innovations. Innovation, a significant factor ineconomic growth, requires a substantial investment of time, money, andhuman resources.36 The battle line lies in research and development. Thegenerals are being replaced with chief executive officers (CEOs) and thebottom line is not ideological, but financial. Some multinational companiesare increasingly treating business like an economic war. Resources designedand previously used exclusively for military intelligence gathering are nowbeing expanded to gather intelligence on mergers, investments, and other fi-nancial transactions. Those who develop a competitive advantage over theirrivals stand to make millions from their innovations. That profit is enoughfor some to seek an unwarranted advantage of their own by indulging incorporate espionage as a quick-fix solution to their creative deficienciesand their inability to remain competitive in their field.
In the United States, intellectual property is an increasingly importantpart of the economy. For example, it is estimated that such misappropriation
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 55
of trade secrets is costing American corporations billions of dollars annu-ally. In 1996, the U.S. creative industries accounted for 3.65% of the grossdomestic product, which is equivalent to $278.4 billion.37
The security of these trade secrets is essential to maintaining the vital-ity of the economy. The exploits of companies such as Toshiba, Procter &Gamble, ABB, Microsoft, Nike, and Frito-Lay are frequently highlighted inthe business press. With ever-increasing diligence, these organizations aremonitoring and investigating their competitors. They are deploying vast re-sources to beat their current or future competition both domestic or inter-national. Alert companies such as Sony, have a competitor-focused businessstrategy and armies of employees sensitized to the competitive intelligencetheme. These successful and stable organizations have tirelessly interwoventhe philosophies and practices of competitive intelligence into their market-ing, research and development, production, and human resources systemsfor years.
Global Risk and Cost of Economic Espionage
When economic objectives begin to play a more dominant role in definingnational security, the interest in economic espionage expands. The endresult for today’s society is that economic espionage is the front line of anew world economic war. The increasing value of trade secrets in the globaleconomy and the simultaneous proliferation of technology have increasedthe opportunities and methods for conducting economic espionage.
Generally, any country that competes in the world market has a motivationto spy on its foreign competitors.38 Economic espionage, however, is mostprevalent in the world’s most economically competitive nations and regions,including the United States, Asia, and Western Europe. Economic espionagehelps nations to maintain economic and technological competitiveness39
and to gain an edge on a competitor because it helps to provide technolog-ically limited countries with the modern devices they need.40 If companieslose valuable secrets to industrial espionage, they cannot profit by usingtheir competitive advantage.41 In turn, if they are unable to recoup theirinvestments in research and development, they lose their motivation to in-novate and bring new products or services to consumers. The consequencesinclude higher prices charged to consumers,42 as well as a decrease in newtechnologies, creative inventions, and improvements.43 Furthermore, thevery concept of privacy “is threatened when industrial espionage is con-doned or is made profitable.”44
The same technologies that connect and empower corporations can ex-pose their vital proprietary information to unwanted discovery and rev-elation, presenting alluring and sometimes irresistible opportunities forunscrupulous competitors, disgruntled employees, or malicious snoops.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
56 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
According to the American Society of Industrial Security (ASIS), “the In-ternet and associated technologies are perceived as significant threats toevery company’s ability to protect the confidentiality of their proprietaryinformation.”45,46 Further, as the Senate Judiciary Committee in the UnitedStates noted:
What State law there is protects proprietary economic information only hap-hazardly. The majority of States have some form of civil remedy for the theftof [proprietary] information – either adopting some version of the UniformTrade Secrets Act, acknowledging a tort for the misappropriation of the in-formation, or enforcing various contractual arrangements dealing with tradesecrets. These civil remedies, however, often are insufficient. Many compa-nies chose to forgo civil suits because the thief is essentially judgement proof –a young engineer who has few resources – or too difficult to pursue – a so-phisticated foreign company or government. In addition, companies oftendo not have the resources or time to bring the suit. They also frequently donot have the investigative resources to pursue the case. Even if a companydoes bring suit, the civil penalties often are absorbed by the offender as acost of doing business and the stolen information retained for continueduse. Only a few States have any form of criminal law dealing with the theftof this type of information. Most such laws are only misdemeanors, and theyare rarely used by State prosecutors.47
Facing these challenges, responsible companies are devoting corporateattention and resources to the reaction and maintenance of effective infor-mation security regimes. Nevertheless, each technological security innova-tion contains the seeds of new circumvention, making it difficult for even themost vigilant company to avoid the damaging impact of a major computerintrusion. Businesses have long been concerned about the tension betweenopenness and security.
Today, an item of trade secret information (e.g., computer source code,a biochemical formula, technical schematics) can be as valuable to a com-pany as an entire factory was even several years ago. Computers now makeit extremely easy to surreptitiously copy and transfer this valuable trade se-cret information. An employee can now download trade secret informationfrom the company’s computer on a diskette, take it home and scan the in-formation on the hard drive of a home computer, and then upload it to theInternet where it can be transmitted within minutes to any part of the world.The receiving party, in turn, can do the same thing within minutes. Withindays, a U.S. company can lose complete control over its trade secret rightsforever.48
In the aftermath of September 11, 2001, security has become a criticalconcern in the operating environment for global business. Mainstreamingthe security function is imperative if management is to rise to the challengeposed by recent events. This means that senior executives must become
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 57
knowledgable about security issues in order to fulfill their responsibilitiesto their employees, customers, shareholders, and communities. The crisisthat began on September 11 has raised the status of corporate security man-agement to a core business function. What has changed? The simple answermight be “everything.” However, from a business planning and implemen-tation perspective, the specific factors include
� Domestic security in the territorial United States can no longer be as-sumed.
� War is being waged by, and against, nonstate actors.� The potential scale of disaster has expanded from single buildings to entire
business districts.� Biological weapons are now a reality.� Major disruptions in transportation systems and supply chains have oc-
curred.� Major disruptions in telecommunications and mail systems have occurred.� Information management systems and the Internet are potentially vulner-
able.� Employees, customers, and communities have become extraordinarily
sensitive to security issues.
What are the implications? Security is now everybody’s business. The risksare clearly much greater than before – they are also much more difficultto anticipate, quantify, and plan for. Companies must now recognize thatmaintaining security is a core mission and a broadly based responsibility.
The complexities involved in responding to this problem were succinctlynoted by the Canadian delegation to an early effort by the Organization forEconomic Cooperation and Development (OECD) to confront computercrime:
There are two critical challenges to Western society in respect of informa-tion. The first relates to the ability to devise new legal, economic and socialarrangements that will ensure both the creation and the effective and prof-itable utilization of new information and technology. The second challengefor a liberal society is to protect its basic political and human values fromunwise applications, withdrawals or restrictions of that new knowledge.49
Meeting the challenge will likely require increased cooperation among gov-ernmental, private, and international entities. However, the response neednot necessarily be bound up entirely in new national or international legalnorms:
[W]e should not overestimate the capacity of the law to define and regulateevery aspect of life in the information age. We know that attempts to createany kind of “curtains” are not effective, and possibilities for control and
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
58 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
restriction will apparently continue to diminish in the future. In this context,education and promotion of ethics acquire a renewed significance. . . .50
Many scholars and reporters attempt to estimate economic espionage’sfinancial burdens to society. Such costs are difficult to determine, due tothe fact that international industry is generally reluctant to discuss them.A significant amount of economic espionage and trade secret theft goesundetected.51 Victims of trade secret thefts are often faced with a dilemmawhen deciding whether to report the matter to law enforcement author-ities. Generally, victims do not want the thief to go unpunished, but areconcerned that if they report the matter, the trade secret will be disclosedduring discovery or during the criminal trial. No company wants to admitit has suffered significant financial loss from foreign spies, as noted earlier,especially when it depends on shareholder support that may discontinue ifshareholders believe the company is faltering.52
An exception to this was IBM, when it reported and discussed its losses.In 1992, IBM Vice President Marshall Phelps told a U.S. Congressionalcommittee that his company suffered billions of dollars in losses due totheft of proprietary information.53 This calculation supports the estimatesof economists who claim that individual companies and firms lose billionsof dollars annually through economic espionage.
A survey released by American Society of Industrial Security (ASIS) noteda 323% increase in economic espionage between 1992 and 1996.54 A 1993survey found that the number of thefts of proprietary information had in-creased 260% since 1985; those involving foreign governments increasedfourfold.55 A 1988 National Institute of Justice study found that 48% ofhigh-tech companies surveyed had been the victim of trade secrets theft.56
Of 1,300 companies surveyed by ASIS, more than 1,100 had confirmed in-cidents of economic espionage, whereas 550 had suspected incidents ofespionage but were unable to prove them.57 ASIS conducted an intellectualproperty loss survey of Fortune 1000 companies and 300 fastest growing com-panies. Despite just a 12% response rate, responding companies recorded$44 billion in known and suspected losses over a 17-month period during1997. ASIS found that foreign nationals were identified in 21% of incidentsinvolving intellectual property loss where the nationality of the perpetratorswas known.58 In 1994, seventy-four U.S. companies reported a total of 446incidents of suspected targeting by foreign governments, either domesticallyor abroad.59 In early 1996, the FBI was investigating approximately 800 casesof economic espionage, double the figure from 1994. Different sources esti-mated the monetary loss to U.S. industry resulting from economic espionageactivities to be between $1.8 billion and $100 billion per year.60 Estimatesof losses from economic espionage in the United States range from $2 bil-lion to $260 billion per year.61 Including overseas operations of Americancorporations, the estimates rise to $400 billion per year. The number of jobs
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 59
lost as a result of such activities was estimated to be between 1 million and6 million.62
In 1996, the Office of Science and Technology Policy estimated that 6 mil-lion U.S. jobs had been lost in the first 6 years of the 1990s due to economicespionage. However, it is difficult to assess the dollar loss as a result of eco-nomic espionage and the theft of trade secrets. The U.S. intelligence com-munity has not systematically evaluated the costs.
Another study sponsored by ASIS estimated that Fortune 1000 compa-nies alone lost more than $45 billion from theft of trade secrets in 199963
and, in 2000, American companies lost in excess of $1 trillion overall.64 ASISput the loss to the American economy from economic espionage at $300billion a year – triple what it was a few years ago. Other studies suggest thatespionage costs U.S.-based businesses more than $200 billion annually inintellectual property losses, in addition to at least several tens of billions ofdollars in related damages. The business community estimates that, in cal-endar year 2000, economic espionage cost from $100 billion to $250 billionin lost sales. More than 1,000 documented incidents of economic espionagetranspired in 2001, and major companies reported at least 500 suspectedepisodes.65
The cost of industrial espionage is staggering stated a report to the U.S.Congress in 2001. The National Counterintelligence Executive claimed eco-nomic espionage could be costing the nation’s business community up to$250 billion a year once lost sales are taken into account.66 As noted ear-lier, the greatest loss to U.S. companies involves information concerningmanufacturing processes and research development.67
According to the 2002 Computer Crime and Security Survey, 90% ofrespondents – mostly large companies and government agencies – expe-rienced computer security breaches in 2001. About 80% of respondentsacknowledged financial losses because of those breaches, according to thesurvey by the Computer Security Institute (CSI) and the FBI. The surveyalso found that more respondents – 74% – cited their Internet connectionas a frequent point of attack, rather than internal network systems. Althoughmore companies are reporting such intrusions to law enforcement, the num-ber remains low at about 34%.68
Many companies are getting more skittish about revealing informationtechnology security flaws, in large part to avoid becoming a more visibletarget for hackers. About one in five companies stated that they would reporta security breach to government authorities. Almost one-half – 47% – statedthat they would not tell anyone outside the company.69 According to somesecurity experts, it is nearly impossible to thwart a corporate spy from swipingcomputer disks or e-mailing trade secrets overseas.70
In addition, individual companies that are considered American iconscould be targeted for industrial or economic espionage operations designedto ruin the company economically or cause its customers to feel uneasy about
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
60 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
doing business with them online or otherwise. According to a February 2002study by the University of Texas in Dallas, a compromised company tendsto lose approximately 2.1% of its market value within 2 days after disclosingan Internet security breach.71 In response, organizations are wrestling withthe challenge of managing secure access to information and applicationsscattered across a range of computing systems, as well as how to provideaccess to a growing number of users, all without diminishing security orexposing sensitive information.72
Quantifying the Risks
Quantifying the risks is difficult because we simply do not have the data.Most of what we know is anecdotal, and what statistics we have are difficultto generalize. In summary, cyberattacks are very common on the Internet.Corporations are broken into regularly, usually by hackers who have nomotivation other than simple bragging rights. There is considerable pettyvandalism on the Internet, and sometimes that vandalism becomes large-scale and systemwide. Crime is rising on the Internet, both individual fraudand corporate crime. We know that this is occurring because surveys, cor-porate studies, and anecdotal evidence confirm it. However, we just do notknow the exact numbers.73
For the past 8 years, the CSI has conducted an Annual ComputerCrime Survey of U.S. corporations, government agencies, and other organ-izations.74 The details are a bit numbing, but the general trends are thatmost networks are repeatedly and successfully attacked in a variety of ways,the monetary losses are considerable, and there is not much that technologycan do to prevent it. In particular, the 2003 survey found the following:
� Fifty-six percent of respondents reported “unauthorized use of computersystems” in the last year; 29% said that they had no such unauthorizeduses, and 15% said that they did not know. The number of incidents wasall over the map, and the number of insider versus outsider incidentswas roughly equal. Seventy-eight percent of respondents reported theirInternet connection was a frequent point of attack (this has been steadilyrising over the past 6 years), 18% reported remote dial-in as a frequentpoint of attack (this has been declining), and 30% reported internal sys-tems as a frequent point of attack (also declining).
� The types of attack range from telecommunications fraud to laptop theft tosabotage. Thirty-six percent experienced a system penetration, and 42% adenial-of-service attack. Twenty-one percent reported theft of proprietaryinformation and 15% financial fraud. Twenty-one percent reported sab-otage. Twenty-five percent had their web sites hacked (another 22% didnot know), and 23% had their web sites hacked ten or more times (36%
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 61
of the web site hacks resulted in vandalism, 35% in denial of service, and6% included theft of transaction information).
� One interesting thing highlighted by this survey is that all these attacks oc-curred despite the widespread deployment of security technologies: 98%have firewalls, 73% an intrusion detection system, 92% access control ofsome sort, and 49% digital IDs. It seems that these much-touted securityproducts provide only partial security against attackers.
Unfortunately, the CSI data are based on voluntary responses to surveys.The data only include information about attacks that the companies knewabout, and only those attacks that they are willing to admit to in a survey.Undoubtedly, the real numbers of attacks are much higher. Further, thepeople who complete the CSI survey are those experienced in security;companies who are much less security-savvy are not included in this survey.These companies undoubtedly experience even more successful attacks andeven higher losses.
Another source of data is the Honeynet Project. This is an academicresearch project that measures actual computer attacks on the Internet.According to their statistics published in 2001, a random computer on theInternet is scanned dozens of times a day.75 The average life expectancy ofa default installation of a Linux Red Hat 6.2 server – that is, the time beforesomeone successfully hacks it – is less than 72 hours. A common home usersetup, with Windows 98 and file sharing enabled, was successfully hackedfive times in 4 days. Systems are subject to hostile vulnerability scans dozensof times a day, and the fastest time for a server being hacked was 15 minutesafter connecting to the network.
Nearly all experts agree that the theft of America’s economic secrets isgrowing. U.S. intelligence officials estimate that more than fifty countries –many of them, as previously mentioned, traditional allies of the UnitedStates – are actively engaged in economic espionage against Americanbusinesses.76
The monetary losses from the theft of corporate secrets are difficult toestimate. U.S. intelligence agencies have not studied in-depth the losses dueto economic espionage. Private sector surveys have been criticized for beingbased on small, unrepresentative samples that have emphasized domesticholdings. Companies often prefer not to disclose that they have been thevictims of industrial or economic espionage.77 An admission can embar-rass the company, lower stock prices, scare away investors and customers,78
and reduce market share.79 There is not likely to be a corresponding gainfrom revealing the misappropriation. An even greater problem is that mostmisappropriations are probably undetected.
In spite of the difficulties of determining exact costs of economic es-pionage, two notions are clear, the fact that intelligence agencies spend
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
62 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
billions of dollars each year in their espionage efforts, and counterintelli-gence agencies spend billions of dollars each year trying to thwart thoseefforts.80 In addition to direct financial loss, companies face other damagesresulting from economic espionage, such as loss of jobs and contracts.81
Information Is Power
In an age where power stems from wealth, there is an ever-increasing fearthat acquisition of economic information will lead to the breakdown of in-ternational security, with economic foes of today becoming military foes oftomorrow. Society therefore lives in fear of economic espionage. Economicespionage can further destroy the incentive to innovate. Innovation, a signif-icant factor in economic growth, requires a substantial investment of time,money, and human resources.82 If companies lose valuable secrets to indus-trial espionage, they cannot profit by using their competitive advantage.83
In turn, if they are unable to recoup their investments in research and de-velopment, they lose their motivation to innovate and bring new productsor services to consumers. The consequences include higher prices chargedto consumers84 as well as a decrease in new technologies, creative inven-tions, and improvements.85 No one wants to create new ideas if there is astrong likelihood that the ideas will be stolen, used, and sold by competitors.Not only will competitors take credit for ideas that belong to the originalcreators, but they will also profit from them financially, while the originalcreator will be left with nothing. This greatly discourages creativity. As longas countries continue to conduct economic espionage activities, there willbe serious implications for the world economy.
At the core of this issue is the rapidly escalating financial value of researchand its results. For more than two decades, since a 1980 law encouragedscientists to patent discoveries from federally financed studies, universitiesand researchers have pushed with increasing intensity to commercializetheir work. For example, in 2000, American universities collected morethan $1 billion in licensing fees, according to a survey from the Associationof University Technology Managers. The institutions reported more than10,800 discoveries and had more than 3,270 patents issued by the U.S. PatentOffice.86 The circ*mstances can be even murkier when the theft is notthe intent. The realities are that with the financial stakes so high, behaviorthat might once have been standard operating procedure – such as takingresearch materials home at night – might be construed as an attempt to stealthe material and the intellectual property that undergirds it.87 The EEAwas enacted to increase the value of information.88 The worth of productsdepends more on ideas than the materials from which products are made.Richard Heffernon and Dan Swartwood estimated in 1996 that about $24
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 63
billion in corporate intellectual property is stolen each year.89 Passage ofthe EEA was also triggered by a perception that state and federal schemeswere inadequate to stem the mounting problem of trade secret theft.90
Do They Know What You Know
Foreign collection continues to focus on U.S. proprietary economic andtechnical information and products. Further, programs associated with dual-use technologies, those that can be used for both military and civilian ap-plications, are consistent targets for both foreign government and foreigncommercially sponsored collection activity.
A 1996 Defense Investigative Service (DIS) summary of foreign contactsindicated that numerous foreign countries displayed some type of suspi-cious interest in one or more of the eighteen technology categories listedin the Military Critical Technology List (MCTL), which is published by theDepartment of Defense. These major technology categories include
� Aeronautics systems� Armaments and energetic materials� Chemical and biological systems� Directed and kinetic energy systems� Electronics� Ground systems� Guidance, navigation, and vehicle control� Information systems� Information warfare� Manufacturing and fabrication� Marine systems� Materials� Nuclear systems� Power systems� Sensors and lasers� Signature control� Space systems� Weapons effects and countermeasures
The majority of the technologies included in the MCTL are dual use. Asa result, the loss or compromise of proprietary or embargoed informationconcerning these technologies can affect both the economic and nationalsecurity of the United States.
According to the Department of Energy (DOE), foreign researchers havegained fully sanctioned access to numerous sensitive technologies duringpreapproved visits and assignments to DOE facilities.91
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
64 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
Renaissance Software
In the early part of the 1990s, Marc Goldberg and Jean Safar, both Frenchnationals, were arrested for trying to sell proprietary computer source codesof their employer, Renaissance Software.92 Both men were working withthe company under an official French government program that allowedcitizens to opt out of required military service if they agreed to work atAmerican high-tech companies.
Science Applications, Inc.
In 1992, Ronald Hoffman was caught selling software to Japanese industrialfirms.93 He had obtained the software through his position as a projectmanager for Science Applications, Inc., which had developed the pro-grams under a secret contract with the Strategic Defense Initiative. Hoff-man had been selling confidential information to Japanese companies since1985.
British Petroleum
British Petroleum (BP) received a tip that a Taiwanese competitor was seek-ing to procure equipment from U.S. suppliers to build a $100 million chem-ical plant in Taiwan using BP’s proprietary chemical process technology foracetic acid. BP had spent millions of dollars on a research program andyears of effort to develop and commercialize this process, which gave it aleading position in the global marketplace.94 BP brought a court action inthe United States and eventually traced the technology theft to a formerlicensing executive. The executive admitted that he had sold BP secrets tothe Taiwanese company, but denied that he had taken the secret documentsfrom BP. He claimed instead that he purchased them in Moscow from anagent of the Russian government in a “technology bazaar” in the early 1990s.BP previously licensed the technology to the Soviet government, which builta plant using the BP process in Russia.95 BP won, obtaining money damagesand an injunction against the former employee and a settlement with theTaiwanese company. The case was a testament of how the trade secret litiga-tion landscape has changed, sometimes involving international corporateespionage more elaborate than a Robert Ludlum spy novel.96
Supervision, Inc.
In November 2001, FBI and U.S. Customs agents were waiting at the SanFrancisco Airport when Fei Ye and Ming “Andy” Zhong checked in for their
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 65
1:30 p.m. United Airlines flight to China. In their luggage, agents found doc-uments labeled “Transmeta Corporation – Confidential and Proprietary”and “Sun Proprietary Need-to-Know.” Investigators were acting on a tip fromSun Li, one of their partners in a startup called Supervision Inc. The com-pany received $2 million in funding from the local Chinese governmentsof Hanzhou and Guanzhou to develop a next-generation computer chip,according to court records. According to Li, Ye had told his partners thathe had stolen trade secrets and proprietary information from current andformer employers. Ye had worked for Transmeta Corporation, Sun Microsys-tems, Trident Microsystems, and NEC Electronics Corporation. Zhong hadworked for Transmeta and Trident.97
In January 2003, Ye, 36, of Cupertino, and Zhong, 35, of San Jose, Califor-nia, were indicted on ten counts, including conspiracy, economic espionage,ad possession of stolen trade secrets.98 Lawyers for Ye and Zhong contendthat the documents were not trade secrets and were background informa-tion for the engineers. Zhong said he was shocked when the FBI stoppedhim at the airport. “It was like a movie,” said Zhong. “Basically, I think I’man average Joe, and those things happen to 007.”99
Lax Attitudes
The best-known example of lax attitudes in more recent years on guardingsecrets ironically comes from the U.S. government, when the former CIADirector John Deutsche took the nation’s most highly classified secrets tohis home on a laptop computer and left the computer on his kitchen table,open to access by nongovernment personnel, including his foreign maid.There are also reported instances of State Department employees who losttheir laptops, containing classified information, in airports.
The same lax attitude and insensitivity to secrets is relatively commonin the business world. A senior marketing executive was traveling on anairplane and noticed an individual seated in front of him diligently creatinga marketing plan on his computer. Without straining his eyes, the marketingexecutive immediately recognized the plan on the computer screen as onebelonging to his most significant direct competitor. Without moving fromhis seat, he had a bird’s-eye view of his competitor’s future marketing plan.
There are a variety of situations in which confidential information is in-advertently communicated: a casual conversation outside the office, a jobinterview in which a prospective employee highlights his or her job accom-plishments, a confidential project in which consultants and temporary work-ers are hired without restrictions to maintain secrecy, and discovery providedin response to lawsuits or confidential information unwittingly disclosed infilings required by regulatory agencies.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
66 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
The Nature of Employer–Employee Relationships inToday’s Global Economy
Since the mid-1970s, a growing number of federal and state courts in theUnited States have wrestled with employers’ concerns regarding the disclo-sure of trade secrets in an attempt to develop a coherent approach to thedoctrine of inevitable misappropriation. Unfortunately, the result has beenan inconsistent patchwork of legal standards. For example, a former execu-tive of Borland International, a software company, was accused of e-mailingtrade secrets to a competitor, which happened to be his new employer, be-fore he quit Borland. Criminal charges were filed but eventually dropped,and the civil dispute was quietly settled.100
In Frasier v. Nationwide Insurance,101 Nationwide searched its file server andlocated e-mail communications that revealed its employee, Richard Frasier,had e-mailed correspondence critical of Nationwide’s business practices toa competitor. Soon after discovering this, Nationwide terminated Frasier.Frasier sued, alleging that Nationwide had unlawfully intercepted his e-mailfrom storage in violation of stored communication laws.102 The federal dis-trict court for the Eastern District of Pennsylvania rejected both contentions,first, because there was no “interception” and, second, because the employerhad lawfully accessed its own equipment and “stored” e-mail to obtain theinformation.103
There is no question that the nature of the relationship between em-ployers and employees has dramatically changed in recent years.104 Theturmoil of downsizing and restructuring, and the intensity of global compe-tition, have changed the nature of the employer–employee relationship.105
With more employees switching their employers at a greater pace than inthe past, there has been a dramatic increase in ex-employees departing withtheir employers’ trade secrets. Employees no longer have to photocopy doc-uments surreptitiously; they can simply download reams of data to disk, CD,or DVD, or even e-mail the information to a competitor with the click of amouse. A career with a single company has become the exception, not thenorm.106
Today’s employees also often have greater access to their company’s se-crets than in the past.107 Thus, employees have greater opportunities to ben-efit from the knowledge of trade secrets, either by becoming self-employedor changing jobs.108,109 Employees can become disgruntled with their cur-rent employers, pursue better offers, and valuable information ends up go-ing out the door.110
Employers have argued that under certain conditions, employees wholeave an employer to work for a competitor will inevitably disclose or usetheir former employers’ trade secrets in the course of their new employ-ment. This argument is known as “inevitable misappropriation.” These
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 67
employer-plaintiffs have brought suit under common law as well as statelaw versions of the Uniform Trade Secrets Act (UTSA).111
In her article, Katherine V. W. Stone analyzes the shifting expectationsof loyalties behind employment-based trade secret law. According to Stone,nineteenth-century employers adopted mechanisms that served to bind em-ployees to companies. Loyalty was encouraged through hierarchical verticallabor structures that provided for step-by-step progress up a career ladderwithin companies and rewarded loyalty. Training was assumed under the um-brella of the company itself, and promotion took place in orderly fashion.Most important, there was often an implied promise of job security.
Stone argues that a new psychological contract, which emerged in thelate 1970s, has recently altered employment practices. The labor shortageof the U.S. postwar boom years, which encouraged lifetime employment,was replaced by free trade and highly competitive international businessmarkets that demanded agile hiring to meet needs. In addition, compa-nies retreated from investing in the layered managerial structures requiredto organize internal labor markets. Rather, the skills required for the newinformation economy demanded flexible individuals who brought experi-ence from elsewhere. Large corporations no longer held out the impliedpromise of lifelong employment. Instead, employment relationships be-came contingent and the relationship marked by employees migrating fromone opportunity to another with different employers. In lieu of job security,employees were provided with training in order to ensure their employ-ability. Employers gain by having an increasingly flexible, highly skilledworkforce; employees gain through the investments companies make intheir human capital.
Such a new psychological contract has important implications for thequestion of who owns trade secrets after the termination of employment.In addition to the express contracts of covenants not to compete, whichmight define postemployment relations, there are also implied psychologi-cal contracts full of subtle exchanges of productivity for training, of flexibleemployment with the risk of termination for the accumulation of skills thatmight make an ex-employee employable by another enterprise.
American criminal law provides that corporations may be held liable forthe acts of their agents or employees acting, at least in part, on the corpo-ration’s behalf. Under the doctrine of collective knowledge, the requisiteintent to commit the crime can be imputed to a corporation, even if nosingle employee violated the law, because the prosecution can establish suf-ficient intent by piecing together the acts of a group of employees or agents.Consequently, the disgruntled employee is the most difficult kind of threatto protect against. It may be difficult to stop the knowledgeable, maliciousformer information technology employee who is intent on causing damageor stealing data.112
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
68 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
Fortunately, the EEA’s legislative history indicates that it was not intendedto prevent a person from using general business knowledge to competewith a former employer.113 For example, it provides that employees “whochange employers or start their own [company] should be able to applytheir talents without fear of prosecution.”114 Moreover, “it is not enough tosay that a person has accumulated experience and knowledge during thecourse of his or her employ” and that the individual is inappropriately us-ing such knowledge.115,116 However, the enhanced property rights in tradesecrets and the threat of criminal sanctions could produce unintended con-sequences that undermine public policies encouraging competition, em-ployee mobility, and the effective use of information products.
Reverse Engineering
Reverse engineering is generally defined as “a method of industrial engi-neering in which one begins with a known finished product and worksbackward to divine the processes and specifications involved in the prod-uct’s development and manufacture.”117 It can also involve “looking at ortesting a lawfully acquired product in order to determine its content.”118,119
The purpose of intellectual property protection is to provide incentivesto invest to advance the collective knowledge. Therefore, the law recognizesexceptions that allow for the study of, and improvement upon discoveriesthat have been committed to the public domain, in all realms of intellectualproperty protection.120 Reverse engineering is one of these exceptions. Re-verse engineering is the process of studying an item in hopes of obtaininga detailed understanding of the way in which it works.121 Reverse engineer-ing is used to create duplicate or superior products without the benefit ofhaving the plans for the original item.
It is important, however, to understand that reverse engineering is notjust a scheme to allow copying under the guise of research.122 Reverse engi-neering, although it may involve copying, entails a detailed study of the itemin question. Even in cases where the end product is a near duplicate of theoriginal item, the purpose of the reverse engineering activities must havebeen to understand the item sufficiently to allow the accused party to re-design the product without resorting to step-by-step replication.123 Because,as in the case of computer chips, any differences between the original andthe new product may be infinitesimal, courts typically rely on the existenceof a paper trail to prove that the product was reverse engineered, ratherthan simply copied.124
Depending on the nature of the item under study, reverse engineeringmay take many forms. For mechanical devices such as turbines or cargocontainers, reverse engineering may consist of taking measurements, mak-ing detailed sketches, or disassembling the device.125 In the case of computer
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 69
chips, the process involves stripping away each layer of the chip to study thestructure of the layer. To ensure the reverse engineering process is accurate,a duplicate may be made.
Protecting Trade Secrets from Dumpster Diversand Other Snoops
The U.S. economic welfare depends on increased efficiency, productivity,and technological advancement gained through the development and im-plementation of new processes, products, and services.126 Concern for pro-moting scientific progress by protecting inventions and other forms of in-tellectual property is so deeply rooted in American jurisprudence that theframers of the U.S. Constitution included patenting as one of Congress’senumerated powers.127 Corporate trade secrets and proprietary informa-tion represent the most valuable economic and business resource for gainingcompetitive advantage and market share in the U.S. free market economy.128
Corporations put their faith in trade secret law, which has its foundation incommon law and equity.129 A company that can keep a secret can con-tinue to profit from its rivals’ inability to duplicate the company’s processor formula.130 Well-known and publicized is Coca-Cola’s success in keepingits formula stashed in an Atlanta bank vault for nearly 100 years. KentuckyFried Chicken hides its recipe of eleven herbs and spices in a time capsuleguarded day and night at a secret location.
The U.S. criminal law addresses the growing importance and significanceof protecting trade secrets and proprietary information. In more recentyears, U.S. corporations have become concerned about the misappropria-tion of trade secrets.131 Civil trade secret litigation has grown enormouslysince the mid-1980s, and trade secret law has become more popular amonglegal practitioners.132 In light of these concerns, corporations may find thatthe EEA is well suited for pursuing disgruntled employees who steal or at-tempt to steal the company’s trade secrets. Although such a defendant willlikely have few resources with which to reimburse the company, prosecutionwill send a strong message to current and prospective employees that thecompany will not tolerate trade secret theft.
Recognizing the value of their trade secrets, corporations are increasinglyseeking criminal sanctions to protect their private information.133 In May2000, a grand jury in Detroit indicted a senior vice president of General Mo-tors, who had accepted a position with Volkswagen, on various charges forstealing trade secrets.134 In January 2001, the recording industry threateneda Princeton professor with criminal charges.135 The tactic led the professorto forego release of the research he and others had done, and thwarted a dis-cussion of the results. In July 2001, the FBI arrested a Russian computer soft-ware designer for writing a program that enabled consumers to circumvent
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
70 ECONOMIC ESPIONAGE AND INDUSTRIAL SPY ING
an encryption device.136 The program did not infringe any copyright, but itdid violate a federal law that makes it a crime to design software that mightbe used to infringe a copyright.
Although these disputes implicate a host of legal doctrines, commonthreads tie the stories together. The disputes involve intangible objects –songs, photos, and confidential or secret business information – that are all,at bottom, based on knowledge or information. Most basically, the storieshighlight a persistent and perhaps irreconcilable problem, that is, how toprotect interests in information without reducing too much the public’saccess to that information. Although failing to protect such interests maydiscourage innovation, limited public access may ultimately reduce produc-tion of new knowledge and ideas.
The American economy is increasingly integrated with the world’s econ-omy. More and more, U.S. companies develop products and ideas domesti-cally, and produce or manufacture them overseas. This means that the U.S.economy and the success of many companies are increasingly dependent onideas and other intangible assets, rather than industrial facilities and man-ufacturing ability. Protecting these intangible assets, therefore, whether inthe form of patents, trademarks, copyrights, or trade secrets (known collec-tively as intellectual property or IP), is a major concern for businesses. Asnoted in the previous chapters, theft of trade secrets is as old as business it-self. However, with huge sums to be made stealing the latest technology, thepast decade has witnessed a dramatic upswing in the theft of proprietary in-formation from corporate America.137 Trade secret theft may be the largestobstacle faced by the United States in its worldwide business.138 The increasein trade secret theft has place the technologies of U.S. companies, rangingfrom simple textile formulas to complex defense technology, at great risk.Pricing data, customer lists, information on product development, basic re-search, sales figures, and marketing plans appear to be the most coveteditems.139
Facts Fight Fiction in Security Circles
The ever-expanding global information infrastructure underpins the globaleconomy. Both business and government must adjust to a borderless worldof unrestricted transactions and communications.
Many major infrastructure industries, particularly telecommunicationsand electricity, are being affected by deregulation and are restructuring.Organizations have harnessed information technology to accelerate theirdelivery of goods and services, improve the efficiency of their processes,and shed excess inventory and unused reserve capacity. Many businessesare so tightly balanced in their “just-in-time” processes that recovery fromeven a minor disruption would prove difficult.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c03 CB764-Nasheri-v1 February 17, 2005 8:21
INTERNATIONAL DIMENSIONS OF BUSINESS AND COMMERCE 71
Technology and change produce better service at lower cost, new mar-kets, and more efficient processes. As a result, we depend more than everon infrastructure services. However, at the same time, market forces resultin a diffusion of accountability and responsibility, less research and develop-ment investment, and a reduction in reserve capacity. Today’s infrastructureprocesses may be more efficient, but they lack the redundant characteristicsthat gave their predecessors more resilience.
In today’s economy, it becomes more critical for companies to securetheir information databases to avoid the millions of dollars lost annually tocybercrime and information theft. For many companies, information is themost important resource available. Many executives only realize the value oftheir corporation’s secrets when these secrets are stolen and disclosed to acompetitor, resulting in huge economic losses.140 Companies must managecritical economic information in such a way as to reduce the possibility ofa security breach. Corporate management must recognize the value of pro-prietary information and undertake physical steps to safeguard knowledgeas a bank protects bullion on deposit.
The increasing strategic value of technology in all industries, even thosetraditionally perceived as low-tech, puts a premium on corporate security.Yet, the collapse of corporate loyalty, even in the executive suite, and the ac-celerating traffic of employees among competitors means an ever-increasingpotential for the transfer of information of all kinds.
In more recent years, corporations and governments have rushed to con-struct network firewalls, add antivirus software, and set up intrusion detectorsystems, but none of those security tools can stop the determined insiderfrom stealing company secrets or diverting funds or stock.141 Yet, more thanone-third of all corporate computer crime is the result of unauthorizedaccess by insiders, according to the 2002 survey by the CSI and FBI.142 Al-though the percentage of computer crime committed by insiders has fallenas the attacks from outside hackers via the Internet has grown, the CSI warns“the insider threat is still very real and very costly.”143 Some of the majorU.S. companies such as General Motors, Fruit of the Loom, Avery DennisonCorporation, Disney, and scores of others have become embroiled in high-profile cases of corporate espionage, many with an international dimen-sion. Such cases are now an increasingly common feature of the high-tech,information-age economy.144 In this environment, companies need to thinkdifferently about their most valuable information resources.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
C H A P T E R F O U R
Competitiveness and Legal CollectionVersus Espionage and Economic Crime
gathering and using information to advantage is the underlying theoryof business intelligence systems. These systems attempt to bring to businessthe information gathering and analyzing methods of government intelli-gence agencies, much in the same way that military strategic planning tac-tics shifted into business practice after World War II. The difference is thatthe tool for gathering and analyzing information and distributing it to theproper decision makers is not a network of spies, but a LAN of personalcomputers. This approach combines pieces of data from multiple disparatesources and creates the key nuggets that comprise “intelligence.” The datacan come from structured (e.g., databases) or unstructured (e-mail, webpages, broadcasts, and other dissemination media) sources, and can origi-nate as text, video/image/icons, and even as auditory or other “signal” datastreams.
What Is Competitive Intelligence?
Structural analysis of industries, commonly known as the Harvard BusinessSchool1 method, investigates industry competition through the study ofrivalry among competitor firms, bargaining relationships between buyersand suppliers, substitutability of products and services, and potential newentrants to competition. The sources of competitive advantage are analyzedby investigating the nature of rivalry within the industry, including the num-ber of firms and their market shares, the pace of growth in the industry,the extent of product or service differentiation, and the barriers to entryand exit. The analysis of entry barriers examines variables such as prod-uct differentiation and brand identification, capital requirements, accessto distribution channels, scale economies, learning and experience curves,government regulation, and proprietary product knowledge or technology.
72
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 73
It is the last of these that is of special interests to the study of competitionbased on intellectual property.
Competitive intelligence (CI)is “a systematic and ethical program forgathering, analyzing and managing information that can affect a company’splans, decisions, and operations.” After gathering and analyzing this re-search, one should be able to understand a competitor and its environment,strategies, capabilities and operations, and long-term goals.2 On a global ba-sis, CI is in use on every industrialized continent. CI practitioners are foundin virtually every form of enterprise, including educational and nonprofitentities. CI gathering differs from industrial espionage, at least in theory, inthat it is meant to consist of legal and ethical activities.
CI consists of two facets. First, the use of public sources to develop data(raw facts) on competition, competitors, and the market environment. Sec-ond, the transformation, by analysis, of that data into information (usableresults) to support business decisions. Understanding CI today requires anunderstanding of what is meant by “public.” If the term is to be taken in itsbroadest sense, it encompasses more than studies that the U.S. Departmentof Labor releases or what is reported in The New York Times. In CI, “public”is not equivalent to published. It is significantly broader in concept. Here,“public” means all information that can legally and ethically be identified,located, and then accessed. This ranges from a document filed by a com-petitor as part of a local zoning application to the text of a press releaseissued by a competitor’s marketing consultant describing the client’s pro-posed marketing strategy, while the marketing firm extols the specifics of itscontributions to the design of a new product and the related opening of anew plant. It includes the webcast discussions between senior managementand securities analysts, as well as the call notes created by the organization’sown sales force. It is the common principle of the use and analysis of publiclyavailable information to assist in the effective management of a companythat links the variations of CI.
Thousands of companies have set up CI operations around the world.There is a professional association in Alexandria, Virginia, the Society ofCompetitive Intelligence Professionals (SCIP), which has about 7,100 mem-bers. SCIP has established a code of ethics to guide the CI community.3
Drug and chemical makers, aerospace manufacturers, and defense contrac-tors make up big parts of SCIP’s membership.
There are generally two types of sensitive business information. One isintellectual property, which consists of ideas, concepts, and inventions, in-cluding product recipes or formulas. The second type is operation infor-mation, such as detailed production and marketing data, including thingssuch as the production volume of a particular manufacturing facility, its mar-ket share, the changing compositions and locations of production, and thelike.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
74 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
The vast majority of business and competitive information may be ob-tained legally and ethically from newspaper articles, trade publications, Se-curities & Exchange Commission (SEC) filings, specialized databases, andmaterials readily available at trade shows.
Not all economic and financial data collection by competitors or repre-sentatives of foreign powers is illegal. Abundant data are available from suchopen sources as newspapers, the electronic media, books, and the Internet,which are examples of legal collection methods. Sensitive or restricted datainclude financial information, manufacturing processes, customer lists, andother information not normally shared with those outside a business. Com-mercial databases, trade and scientific journals, computer bulletin boards,openly available U.S. government data, and corporate publications are justsome of the readily available sources of information on employees, com-panies, new products, and new manufacturing techniques. The use of theFreedom of Information Act (FOIA) has become quite popular with for-eign governments and corporations. Not wanting to alert U.S. counterin-telligence agencies, some foreign governments seek open-source materialcovertly.4
Economic intelligence gathering – usually based on open sources – isboth legitimate and indispensable, especially considering the wealth of in-formation now available via the Internet. Activities involving the acquisitionof information by theft, bribery, or coercion are illegal and, hence, prop-erly termed espionage.5 The Internet has made the gathering of competitivebusiness intelligence considerably easier and more effective. Clues to com-petitors’ intellectual property development and strategic plans beckon fromprivate sector and government web sites, news groups, chat rooms, and otherpublic gathering spots of the information age.6
Often, a competitor’s economic edge depends on its ability to stay onestep ahead of its competitors. Rapid changes in technology are temptingmany companies to acquire trade secrets in unscrupulous ways, thus circum-venting the huge costs of independent development. More sophisticatedglobal communications – cell phones, voice message, e-mail, and transmis-sion of data over the Internet – make this type of espionage easier thanbefore.7
The Modern Art of Competitive Intelligence
Why engage in CI? There can be great commercial advantage to getting aparticular product into the market first, to producing an equivalent productat lower cost, or securing patent or other rights before a competitor does.As mentioned earlier, the advantages are so substantial that they have led tothe generation of an entire industry of CI professionals. It borrows tools andmethods from strategic planning, which takes a broad view of the marketand how a particular company hopes to position itself.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 75
In 2002, Business Week reported that 90% of large companies have CI staffand that many large U.S. businesses spend more than a $1 million annuallyon CI. Also, according to Business Week, corporations find it most necessaryand beneficial to do CI during recessionary times. This function at times isoutsourced to law firms that are knowledgeable about all levels of a corpo-ration’s business.8 Now, with businesses more complex and the economicclimate so uncertain, corporations are becoming far more sophisticated atscrutinizing the competition.
CI relies on techniques such as recruitment, tactical surveillance, pro-filing of corporate personnel, information assurance, and elicitation train-ing to destabilize a competitor’s ability to maintain or gain market share.According to John Nolan, a former U.S. government intelligence official,competing organizations are keen on profiling business leaders and othersthat influence the market. CI involves legal methods of data collection andanalysis, some of which were mentioned earlier. This practice is differentfrom corporate espionage – the theft of trade secrets through illegal meanssuch as wiretaps, bribery, and cyberintrusions. Still, some intelligence gath-erers step over the ethical line. There is a fine line between the collection,through open sources of information, of economic treads for policy-makingpurposes and the covert theft of proprietary business information for dis-semination to competing corporations.9
CI, as practiced today, may be divided into four different yet overlappingtypes:
1. Strategy-Oriented Competitive Intelligence. This CI role means providinghigher levels of management with information on the competitive, eco-nomic, legal, and political environments in which an organization andits competitors operate now and in the future. It may also involve de-veloping CI on candidates for potential mergers and acquisitions, aswell as for alliances and partnerships. Most CI practiced in the 1980sand early 1990s, including much of what fell into the category knownthen as “business intelligence,” can be considered as strategy-orientedCI.
2. Tactics-Oriented Competitive Intelligence. In a real sense, tactics-oriented CIis a child of the computer age. It encompasses much of what has previ-ously been called “market” or “sales and marketing” intelligence. Firmsincreasingly are tracking what is going on “in the trenches,” that is, wherecompetitors face off for customers and consumers with tactics-orientedCI. In turn, according to a Competitive Intelligence Review article by JohnCain, this type of CI permits organizations to fine-tune marketing efforts,including field-force support, to respond faster.
3. Technology-Oriented Competitive Intelligence. Technology-oriented CI encom-passes much of what has been referred to as technology intelligence orcompetitive technical intelligence. Technology-oriented CI, supporting
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
76 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
technology strategies as well as research and development (R & D), hasbecome a growth area within CI.
4. Target-Oriented Competitive Intelligence. It is most often used when CI effortsare best focused on a small number of competitors that a firm faces inseveral market niches. It encompasses elements of what is sometimescalled “business intelligence” or “competitor intelligence.”
Business Counterintelligence
Likewise, business counterintelligence is the set of proactive measures takenby a business to identify and neutralize actual and potential disclosures ofintellectual property assets through employees (including former employ-ees, temporary employees, consultants, and others with temporal legitimateaccess to company information), or by means of another company or gov-ernment’s CI program.
For example, the FBI initiated an Economic Counterintelligence Pro-gram in 1994 that serves in a defensive role by protecting U.S. nationalsecurity. Kenneth Geide, the head of the Economic CounterintelligenceUnit at the time, explained that one of the methods that foreign govern-ments often use is to hide their economic collection activities within theirlegitimate activities.10
Competitive Intelligence Is Not Corporate Espionage
Such intelligence gathering is so easy, it is almost criminal, but when is itcriminal? CI or corporate intelligence becomes illegal espionage when itinvolves the theft of proprietary information, materials, or trade secrets.The distinction becomes difficult to ascertain given the potential to drawlines on ethical and legal grounds. In reality, practitioners are unlicensed,and the lines separating CI activities from those more commonly associatedwith unlawful industrial espionage are blurred.
In the United States, the answer lies, among other things, in the EEA of1996. As outlined in Appendix A, the act defines trade secrets broadly andprotects them with two central provisions. The first, Section 1831, appliesonly to individuals and entities sponsored by foreign governments. The sec-ond provision, Section 1832, criminalizes economic espionage, regardlessof who benefits. The U.S. DOJ takes these matters seriously. A whole host ofcases have been brought under EEA that provide more evidence of the DOJ’smounting efforts to criminalize intellectual property disputes. Appendix Cprovides a list of cases that have been prosecuted as of December 2003. Howdoes an individual, a company, or its corporate officers avoid being caughtin the crosshairs of the EEA?
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 77
Unfortunately, CI and its historical variants have caused, and will continueto cause, confusion. Competitive advantage may be deemed as an unfairadvantage if the methods employed to obtain information fall outside thelegal boundaries.
As with government intelligence operations, corporate analysis some-times borders on the clandestine. But competitive intelligence professionalsand many CEOs insist that effective intelligence gathering can be done bothlegally and ethically. They say the potential benefits are so great that oper-ating without a CI capability is like entering the boxing ring with one handtied behind your back. In fact, most academic business programs incorpo-rate seminars or courses on topics related to business intelligence into theircurriculum. These courses are designed to explore economic espionage andmethods to protect an organization’s assets. SCIP’s Code of Ethics, for in-stance, asks members to follow all laws, to properly identify themselves whengathering information, and to respect requests for confidentiality. Many or-ganizations have even more stringent guidelines.
CI is not (nor should not be) James Bond-type spying or unlawful cor-porate espionage. It does not involve the use of phone taps or computerhacking, or the payment of bribes.11 For example, a detailed report fromthe Occupational Safety and Health Administration – available under theFreedom of Information Act – can provide extraordinary amounts of infor-mation about the inside of a plant, including the numbers of people workingon the production line, the products coming through, and the actual toolsor machinery being used.12
There are no agreed-upon definitions of economic or industrial espi-onage as mentioned in earlier chapters. For example, the U.S. AttorneyGeneral defined economic espionage as “the unlawful or clandestine tar-geting or acquisition of sensitive financial, trade, or economic policy infor-mation, proprietary economic information, or critical technologies.” Thisdefinition excludes the collection of open and legally available informationthat constitutes a significant majority of economic collection. Aggressive in-telligence collection that is entirely open and legal may harm a nation’sindustry, but is not considered illegal espionage. However, it can help for-eign intelligence services identify information gaps and in some cases, maybe a precursor to economic espionage. In the modern, competitive businessworld, billions are spent on the research and development of products andideas. In addition, millions are spent on CI information gathering.
Corporate Spy Wars
Corporations, no less than countries, have been gathering informationabout one another for ages. Among nations, it is called spying and may in-volve sophisticated techniques, a lot of money, specially trained personnel,
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
78 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
and undercover methods. Businesses spying on other businesses is nothingnew. Companies have done it for decades – from “shoppers” hired to com-pare prices at discount giants Kmart and Wal-Mart to the top floors of globalconglomerates in New York City.13
As alluded to earlier, massive amounts of corporate spying are accom-plished with increasing ease through advances in communication such as theInternet, satellites, and cellular phones. Computer hackers access propri-etary information from corporate computer systems and decode encryptedmessage from offices located in other countries.14 Computer hacking andtelecommunication interceptions are common, especially where systems arenot fully protected against such instructions.15 Easy targets are cellular andcordless telephones. Hacking and interceptions can provide much infor-mation to intelligence gatherers, including trade secrets and other formsof competitive information.16 In one case, it was suspected that a host gov-ernment was intercepting telephone conversations between an executiveabroad and his Canadian company headquarters. Canadian executives dis-cussed detailed negotiation information, including a specific minimum bid.This minimum bid was the immediate counteroffer put forward by the hostcompany the following day.
Domestic companies also face potential theft of trade secrets by Americanemployees looking to sell information to foreign competitors. Kodak expe-rienced this situation when a 28-year engineering veteran retired, started hisown consulting company and, according to Kodak, sold confidential doc-uments, blueprints, and records to Minnesota Mining and ManufacturingCorporation (3M).17 The following examples illustrate some of the mostcommon means of economic intelligence gathering.
Maytag
In late 1993, Maytag announced that it was planning to develop a moreenergy-efficient and environmentally friendly washing machine known as a“front loader” or “horizontal axis” washer.18 Although Maytag announcedits intention to develop the new washer, it did not disclose details abouthow the washer would function. Maytag spent tens of millions of dollarsto develop, manufacture, and market this new line of washers and madestrenuous efforts to protect its investment.
Maytag’s competitors have reportedly engaged in CI in an effort to obtainmore information about these “front loader” washing machines.19 Maytagwas besieged by spies using a variety of methods to gather information. It hasreceived phone calls from “college students” asking for information aboutthe new washer for “term papers” that they were writing. One Maytag mar-keting executive received a phone call from someone who falsely claimedto be a fellow Maytag employee from another unit requesting the namesof people in Maytag’s front loader division.20 On another occasion, a man
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 79
who claimed to be from the local waterworks appeared at the door of tworesidents of Newton, Iowa. He requested permission to measure their laun-dry room, but abandoned his request when the homeowner began askingquestions. The homeowner happened to be one of the local townspeopletesting a model of the new machine.
To protect its investment in the development of this new product (es-timated at $50,000,000), Maytag held “secrecy seminars” for its employeesgiving advice on how to detect and deal with suspicious callers. The coverof the company newsletter asks, “Who is really on the line?” and warns of“modem pirates.” Maytag workers received orange telephone stickers thatread, “Loose lips sink ships.” Maytag claims to be aware of several attemptsto breach its security and confirmed that an unnamed major competitor hashired a firm to find out everything it could about Maytag.
Maytag estimates that these modem pirates are inflicting billions of dol-lars worth of damage each year on American companies in missed sales,wasted research and development costs, and trade secrets lost to competi-tors. However, even Maytag admits to having conducted a little CI of itsown.21 For example, Maytag executives admit that they knew all about therecently introduced machine by its competitor, Frigidaire, before the ma-chine first appeared in stores.
Qualcomm
In September 2000, Irwin Jacobs, founder and chairman of Qualcomm, Inc.,gave a speech in a hotel to the Society of American Business Editors andWriters in Irvine, California, and stepped away from the podium talking withmembers of the audience. He soon discovered that his laptop computer wasgone. Although local police considered it to have been a commonplace theftof a $4,000 piece of equipment, Jacobs told The Wall Street Journal that theinformation on the portable’s hard drive could have been far more valuableto foreign governments. Jacob’s laptop was protected by nothing more thana basic Windows password.22
Microsoft
In October 2000, Microsoft Corporation discovered that for 3 months some-one had been breaking into the corporate network and accessing the sourcecode of products under development. It is not known how many other docu-ments were also accessible to the hacker, but those items could have includedcontracts, e-mail, marketing documents, and other key components of thecompany’s business strategy and operations.
Microsoft officials are certain that this break-in was an act of industrialespionage. The incident was a reminder that breaking into networks hasbecome a useful tool for illegally cutting corners. Obviously, the protection
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
80 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
was not ironclad, but Microsoft’s security team is considered top-notch andfew corporations have more resources or greater incentive to maintain theintegrity of their networks.23
Spy in the Gray Flannel Suit
Unlike their shadowy images in Hollywood films, the spies are not skulkingabout in trench coats. The new breed of corporate operatives blend intobusiness settings. They are well educated in engineering, finance, market-ing, and the sciences. They are trained in interviewing techniques that drawout valuable information. Many are knowledgeable about computer hack-ing and computer forensics. Some intelligence gatherers pose as techniciansand repair persons to get to confidential information.24 Others volunteer forpositions that get them close to sensitive information. Some have even beenknown to pose as documentary camera crew members to gain access. Oth-ers roam corporate campuses and trade shows, using state-of-the-art spyingtools, such as $10,000 laser microphones that pick up indoor conversationsfrom 100 yards away by recording the sound vibrations on windows.25
There is no specific person who qualifies as an intelligence gatherer.However, some of the more common international snoops include com-petitors, vendors, investigators, business intelligence consultants, the press,labor negotiators, and government agencies.26 Some countries hire individ-uals, rather than large organizations or intelligence agencies, to do theirspying for them. When students study abroad, some governments ask themto acquire economic and technical information about their host countries.Common perpetrators are graduate students who serve professors as re-search assistants free of charge. In research positions, the foreign graduatestudents gain access to the professor’s research, learning technological ap-plications that they can then relay to their home governments. Foreign in-telligence agencies sometimes hire information brokers and freelance spies.Freelance spies are attractive to intelligence agencies because they often spe-cialize in certain fields and allow the agencies to insulate themselves fromcounterintelligence.27 Others have been known to hire teams of individualsto enter foreign companies and steal ideas.28
Foreign corporations and nations also try to recruit employees of thesame ethnicity, appealing to their love of the native homeland. Or they mayset up small companies or consulting firms that work closely with a particularnation’s businesses, quietly pilfering patents and documents over the years.
Moles
A foreign government’s best source of information is an employee of thetarget company, often called a “mole.” “Moles” are spies that are put into
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 81
seemingly legitimate positions in a competitor’s company. Such “moles”have been known to take documents from offices and hotel rooms. Theyroutinely infiltrate businesses in disguise to obtain access to secret informa-tion. Graduate students are also used to infiltrate research plants, universi-ties, and businesses.29 Many intelligence gatherers rely on trusted workerswithin companies or organizations to provide them with proprietary andclassified information.30 These employees’ value lies in their direct and le-gitimate access to desired information. Counterintelligence agents reportthat recruitment of moles is relatively easy in the United States. Intelligencecollectors target both high-ranking employees and support staff. Intelli-gence agencies favor international scientific conferences, trade shows, andair shows for recruiting moles because these events draw many scientists andengineers.
A study by the ASIS concluded that “trusted insiders pose the greatestrisk” to the divulgence of trade secrets. Lower-ranking employees, such assecretaries, computer operators, or maintenance workers, are regularly re-cruited because they often have desirable access to information and areeasily manipulated by intelligence agencies due to their lower pay and sta-tus within their respective companies.31 With few exceptions, all real-lifeJames Bonds get their information exactly the same way.32 According to the1999 survey sponsored by the ASIS International and PricewaterhouseCoop-ers, onsite contract employees and original equipment manufacturers areperceived by firms to represent the greatest threat to corporate proprietaryinformation.
Espionage and Other Illegal Operations
Traditional clandestine espionage methods, such as agent recruitment, U.S.volunteers and co-optees, surreptitious entry, theft, SIGINT intercept, com-puter penetration, and other specialized technical operations, continue tobe used by foreign intelligence services targeting U.S. interests. Foreigngovernments increasingly use sophisticated data gathering techniques. Themost effective means of economic espionage are specialized technical op-erations. These include breaking into computers, intercepting communi-cations, and decoding encrypted messages. The increasing use of satellites,microwaves, and cellular phones makes interception easy and detectiondifficult.33 Japan’s Ministry of International Trade and Industry allegedly lis-tens to the phone lines of American firms in Japan under an agreement withthe Japanese national phone company.34 Debriefing citizens after foreigntravel is popular in some countries. Travelers are asked for any informationacquired during their trips abroad. The debriefing sessions are consideredoffensive to some travelers, whereas others accept them as part of travelingabroad.35
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
82 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Practitioners of economic and industrial espionage seldom use onemethod of collection; rather, they combine a number of collection tech-niques into a concerted collection effort that combines legal and illegal,traditional, and more innovative methods.36 Foreign governments employtraditional espionage methods, as well as specialized economic collectionmethods, to pilfer trade secrets. For example, former heads of the CIA andthe FBI have stated that the French and Russian intelligence services nowuse the same methods to spy on U.S. corporations as they used to spy oneach other during the Cold War.37
Consistent with traditional espionage operations, significant foreign in-telligence collection efforts are often conducted legally and openly as men-tioned previously. These collection efforts often serve as precursors to eco-nomic espionage.
Collection Methods
Intelligence gatherers may break into their competitors’ offices outrightand steal the information they want. Many incident reports describe stolenlaptop computers, disks, and confidential files. For example, “one commonmethod of stealing laptops at airports is for the thief’s accomplice to getinto line at the x-ray machine just in front of the victim. While the accom-plice slowly empties his pockets of keys and loose change, the thief takesyour laptops off the conveyor on the other side of the machine and spirits itaway.”38 In addition, hotel rooms and safes are regular targets. Some spiesbribe hotel operators to provide access to the hotel rooms, which is knownas a “bag op.” During bag ops, gatherers search unattended luggage andconfiscate or photograph anything they think may be valuable to them.39 Inone instance, the former chief of the French intelligence service admittedin 1991 that his agency made it a habit to spy on U.S. business executivestraveling to France by bugging first-class seats on Air France and breakinginto hotel rooms to search attache cases.40 Another method is dumpsterdiving, which is part of a larger industrial espionage problem. Also knownas trash trawling, waste archaeology, and trashing, dumpster diving is the actof rummaging through a competitor’s garbage to obtain information. Somebelieve it is the number one method of business and personal espionage.41
Dumpster diving is one of the easiest and safest ways of gathering confiden-tial information,42 and yields secrets ranging from corporate executives’travel itineraries to descriptions of company merger plans.43 The predatorynature of dumpster diving is demonstrated by the case of an internationalshipping company that got started by dumpster diving for the telex spools ofan established company, then used customer lists on the spools to lure awayclients.44 Some companies even specialize in combing trash for valuableitems and information,45 and may privately contract with trash collectors to
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 83
obtain “recycled” computer paper and whatever is printed on it. Althoughdumpster diving may not always yield trade secrets directly, sophisticated cor-porate spies employ trash searches as part of larger collection campaigns.As the value of intangible information rises exponentially, so too does thesophistication of modern-day spies.
Information available through electronic databases continues to expandas the number of databases and electronic bulletin board systems availableto the public continues to grow dramatically. Bulletin board systems, someof which track sensitive U.S. government activities or provide informationon proprietary activities performed by government contractors, have grownrapidly on the Internet.
In addition to traditional espionage and other illegal activities, foreigngovernments, instrumentalities, and agents gather economic intelligencevia numerous other methods. These methods involve legitimate practicesthat do not constitute illicit activity. Although foreign governments andtheir entities have been known to turn legitimate transactions and businessrelationships into clandestine collection opportunities, often the overt col-lection of economic information is practiced for legitimate purposes. Eventhough some of these legal activities may be a precursor to clandestine orillegal collection, they do not of themselves constitute evidence of illegalactivity.
There are numerous ways in which countries carry out economic espi-onage, and many of these methods require little effort on the part of theperpetrators.46 Foreigners seeking to acquire U.S. proprietary economicand industrial information often engage in the following types of illegalactivities.
Theft of Trade Secrets and Critical Technologies
U.S. businessmen traveling overseas are increasingly becoming targets offoreign collection activities. There are numerous examples of briefcases orlaptop computers showing evidence of unauthorized access after being leftunattended in hotel rooms. In addition, there is evidence of travelers beingphotographed during business meetings in foreign countries for future tar-geting. Business class seats on airlines, offices, hotel rooms, and restaurantsare regularly bugged and tapped by spies. In a specific incident, a Europeanairline bugged its entire business class section, while spies posed as flightattendants.47
Although most industry associations with foreign entities are in fact eco-nomically advantageous to the United States, a DIS summary of 1996 suspi-cious contacts that were reported by defense contractors, indicated that for-eign entities employ a variety of legitimate collection methods in attemptingto acquire U.S. proprietary economic information. Despite the legitimate
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
84 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
nature of these collection practices, they may be an important element ina broader, directed intelligence collection effort. Last, the legitimate col-lection of economic information, in addition to clandestine methods thatconstitute economic espionage, depicts the broad scope of a successful for-eign economic intelligence collection program.
Open-Source Collection
The openness of American society and the wealth of technical, scientific,political, and economic information available through the open media pro-vide U.S. adversaries with a vast amount of detailed, accurate, and timelyinformation. The use of open-source information as an intelligence sourcehas a number of benefits. It is relatively cheap to obtain, legal in the majorityof instances, and makes up the greatest volume of information accessibleto an intelligence collector. Because of these benefits, open source infor-mation has increasingly been exploited by many foreign entities, to includeforeign intelligence services in an attempt to target the United States.48
Defense industry reporting continues to reflect increasing trends of for-eign collection activity. As reported by DIS, foreign intelligence services andforeign private industries, which may or may not be sponsored by a foreigngovernment, employ the following legal collection methods.
Unsolicited Requests for Information
According to DIS, the most frequently reported method of operation usedby foreign entities is the unsolicited request for information. This methodis simple, low cost, nonthreatening and low risk. A reported majority ofsuspicious unsolicited requests for information involved data covered underthe International Traffic in Arms Regulations that could not be lawfullyexported without a license. A growing number of incidents involve mail, fax,phone, and Internet requests from a foreign entity to a cleared contractor.
According to the Defense Security Service (DSS), in 2000, these kinds ofsuspicious activities accounted for 41% of total reported collection efforts.Not surprisingly, there has been a dramatic rise in the use of the Internet forthese kinds of collection activities. DSS reported that the use of the Internetby foreign entities collecting U.S. technology and technical informationaccounted for 27% of all suspicious contacts.
Solicitation and Marketing Services
Foreign collectors have also employed the use of marketing surveys to so-licit information that often exceeds generally accepted terms – surveys maysolicit proprietary information concerning corporate affiliations, market
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 85
projections, pricing policies, purchasing practices, and types and amountsof U.S. government contracts. One of the most popular tactics used to gainaccess to U.S. research and development facilities is to have foreign scientistssubmit unsolicited employment applications. In 2000, facilities that were thetargets of this kind of solicitation were working on such technologies as elec-trooptics, ballistics, and astrophysics. Other approaches included offers ofsoftware support, internships, and proposals to act as sales or purchasingagents. In addition, of growing importance is the greater use of foreign re-search facilities and software development companies located outside theUnited States to work on commercial projects related to protected pro-grams. Any time direct control of a process or a product is relinquished, thetechnology associated with it is susceptible to possible exploitation.49
Foreign individuals with technical backgrounds may be solicited by, ormay themselves seek to, market their services to research facilities, academicinstitutions, and even cleared defense contractors. In addition, U.S. techni-cal experts may be requested by foreign entities to visit a foreign country andshare their technical expertise. Usually associated with alleged employmentopportunities, there is also an increasing trend involving “headhunters”who solicit information from targeted employees. In these instances, suchsolicitation may be a ploy to access and gather desired information.
Acquisition of Export-Controlled Technologies, Joint Ventures,and Front Companies
Joint ventures, joint research, and exchange agreements potentially offersignificant collection opportunities for foreign entities. Joint efforts placeforeign personnel in close proximity to U.S. personnel and afford poten-tial access to science and technology (S&T) programs and information.Through joint venture negotiations, U.S. contractors may reveal unneces-sarily large amounts of technical data as part of the bidding process. Inaddition, a number of governments use front companies to gather intelli-gence and provide cover for intelligence operations.
This is of special concern when foreign employees are in place for longperiods of time. Some examples of suspicious activity in joint ventures in-clude foreign workers seeking access to areas or information outside thepurview of their work agreement, enticing U.S. companies to provide largequantities of technical data as part of the bidding process, and foreign orga-nizations sending more representatives than reasonably necessary for par-ticular projects.50
The unlawful acquisition of export controlled technologies by foreigncollectors remains a considerable concern. Methods of operation employedto circumvent the export control process include using front companieswithin the United States and overseas, illegally transporting products to an
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
86 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
undisclosed end user by using false end user certificates, and purchasingproducts that have been modified during the manufacturing processes tomeet export-controlled specifications.
Acquisition of Technology and Companies
Foreign corporations use corporate mergers and acquisitions on very rareoccasions to collect intelligence on competitors. For instance, in 1988, sev-eral French companies, in conjunction with Airbus, attempted to purchase asubcontractor of Boeing Company.51 If the acquisition had succeeded, Air-bus would have known an enormous amount about [Boeing Company’s]production processes, capabilities, costs, specifications, and future plans.
However, acquisitions were greatly on the rise in 2000. This is the lat-est manifestation of an increased trend to acquire sensitive technologiesthrough purchase. According to DSS reporting, 88% of all reported sus-picious acquisition activities involved third parties. Third parties are notthe actual entities acquiring the technology, but are the ultimate end users.Third-party acquisitions are often an indicator of a possible technology trans-fer or diversion because, when the ultimate recipients are determined, theyare often countries that are on embargoed lists for the acquired items. Onemethod that is commonly used involves setting up a freight forwarder, thatis, a cooperating U.S.-based company that will provide the ultimate foreignrecipient with a U.S. address to subvert U.S. export control laws.52
Exploitation of Visits to U.S. Companies, Commercial Markets,and Technology Transfers
To acquire technology, some governments use graduate students studyingor researching in the United States. For example, the weak link that couldcompromise national security, according to authorities, is “dual use” tech-nology – information or equipment that has a civilian use as well as a militaryapplication. For example, the U.S. Navy spent millions of dollars to developTerfenol-D in the early 1980s, and intelligence experts estimate that thePeople’s Republic of China (PRC) has devoted extensive resources to try tosteal it.53
Those who have worked with this exotic material call it almost magical.Until recently, Etrema was the only U.S. company authorized by the Navyto work with Terfenol-D, following its development at the DOE’s Ames Lab-oratory. According to scientists and engineers, Terfenol-D is a technologyof the future with many commercial and industrial uses. However, the Navyhas its own uses for Terfenol-D, including high-tech sonar devices in U.S.submarines to detect and track enemy vessels.54
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 87
Yet, a burgeoning demand from commercial markets for the material hascaused Terfenol-D to be classified as a “dual-use technology.” Because theDepartment of the Navy invented it, the Department of Defense (DoD) isallowed to say who can use it. So, in order for a U.S. company to exporta product that contains even a tiny amount of Terfenol-D, that companymust have permission from the DoD in the form of an export license. Evenif such a license is granted, the DoD places strict limits on the exporter toensure absolute control of the material. Although possession of some of thematerial would not by itself reveal the process, the DoD wanted to limit anyopportunity for a potentially hostile government to get close inspection ofthe substance.55
Despite the U.S. government’s best efforts to keep secret the processthat creates Terfenol-D, the PRC was able to obtain enough information todevelop a crude version according to some U.S. officials. China was able toobtain information about the secret process by placing “students at IowaState University to work in and around the Ames Laboratory.”56
Government officials are oconcerned that technology transfers are occur-ring in the context of academic exchanges between scientists and studentsworking to solve scientific problems. It is during such “problem-solving dis-cussions” that students from China or elsewhere are able to gain informationthat they take back “to their home countries and advance technologies therethat often wind up in weapons systems.”57
During the past several years, efforts continued by foreigners to exploittheir visits to U.S. facilities. Inappropriate conduct during visits was the sec-ond most frequently reported modus operandi (MO) associated with foreigncollection activity. Once in a facility, collectors may attempt to manipulatethe visit to satisfy their collection requirements. For example, visitors mayask questions or request information that is outside the scope of the ap-proved visit. Unchecked, this MO usually results in the loss of technology,and is therefore considered to be a damaging form of collection activity.Some examples of exploitation techniques include the following:
� Wandering around facilities unescorted, bringing unauthorized camerasand/or recording devices into cleared facilities, or pressing their hosts foradditional accesses or information
� Adding last-minute and/or unannounced persons as part of the visit� Arriving unannounced and seeking access by asking to see an employee
belonging to the same organization as the visitor� Hiding true agendas, for example, by trying to shift conversations to topics
not agreed upon in advance� Misrepresenting a visitor’s importance or technical competency to secure
visit approval58
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
88 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Intelligence agencies may recruit students before, during, or after study-ing abroad. Some countries allows students to study abroad and gather for-eign business and technological data instead of performing compulsorymilitary service. For example, the Japanese government has ordered someJapanese graduate students in the United States to report on scientific de-velopments or face having their scholarships terminated. China’s conductis perhaps even more brazen. They are suspected of routinely sending vis-iting scholars, business delegates, and students to the United States in anorchestrated effort to infiltrate companies and eventually bring back valu-able information and trade secrets to China.59 Predictably, Chinese officialsconsistently deny charges of economic espionage. Dismissing such allega-tions as untrue, a spokesperson for the Chinese embassy in Washingtonhas declared that “all of China’s relations with other countries have beenconducted in compliance with international norms and the laws of thosecountries.” Although China is only one of many nations suspected of spyingon the United States, U.S. officials are so worried about the loss of intellec-tual property to Chinese agents that they have raised this concern in regardsto China’s efforts to join the World Trade Organization (WTO).60
Co-Opting of Former Employees and Cultural Commonalties
Foreign intelligence services and government-sponsored entities continueto use traditional clandestine espionage methods to collect U.S. trade se-crets and critical technologies. These methods include agent recruitment,U.S. volunteers, and co-optees.61 Incidents involving the co-opting of for-mer employees who had access to sensitive proprietary or classified S&Tinformation remains a potential counterintelligence concern. Frequently,foreign collectors will exploit cultural commonalties to establish rapportwith their target. As a result, foreign collectors specifically target foreignemployees working for U.S. companies. Likewise, U.S. defense contractoremployees working overseas may be particularly vulnerable to foreign offersof employment as their contracts expire.
Conferences
International exhibits, conventions, and seminars are rich targeting oppor-tunities for foreign collectors. These functions directly link programs andtechnologies to knowledgeable personnel. International seminar audiencesoften include leading scientists and technical experts, who pose more of athreat than intelligence officers due to their level of technical understand-ing and ability to exploit immediately the intelligence they collect. At thesevenues, foreign collectors target U.S. scientists and businessmen to gaininsights into U.S. products and capabilities. Consequently, U.S. defense
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 89
industry reporting indicates that collection activity at these events is usu-ally expected, is commonplace, and most often involves overt open sourceintelligence gathering.
The counterintelligence community reporting indicates that, duringseminars, foreign entities attempt subtle approaches such as sitting nextto a potential target and initiating casual conversation. This activity oftenserves as a starting point for later exploitation. Membership lists of interna-tional business and/or technical societies are increasingly used to identifypotential U.S. targets. One of the most common targeting techniques isto use collectors who have common cultural backgrounds with the targetsuch as origin of birth, religion, or language.62 For example, the counter-intelligence community has increasingly sought to make the private sectoraware of the foreign collection threat and has conducted threat awarenessbriefings prior to such international symposia. Specific examples includecounterintelligence and security awareness briefings for U.S. industry rep-resentatives who planned to attend or support the Paris and FainboroughInternational Air Shows.
Internet Activity (Cyberattack and Exploitation)
This category addresses cyberattack and exploitation via Internet-based re-quests for information. The majority of Internet endeavors are foreignprobes searching for potential weaknesses in systems for exploitation. Oneexample was a network attack that, over the period of a day, involved severalhundred attempts to use multiple passwords to illegally obtain access to acleared defense facility’s network. Fortunately, the facility had an appropri-ate level of protection in place to repel this attack. This example reflects theextent to which intelligence collectors are attempting to use the Internet togain access to sensitive or proprietary information.63
Who Is Spying on American Industry?
It is a known fact that virtually every traditional espionage method usedduring war is employed in today’s business world. The openness of Americangovernment, industry, and society makes information fluid and accessible.64
The United States has the most sought-after technology and many of thebest research facilities in the world; no other country produces as muchintellectual property as the United States.65 In addition, few industrial spiesin the United States were ever arrested.
Economic espionage directed at the U.S. government is focused on a fewkey areas. According to the FBI, over the past several years foreign govern-ments have sought the following information: U.S. economic, trade, andfinancial agreements; U.S. trade developments and policies; U.S. national
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
90 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
debt levels; U.S. tax and monetary policies; foreign aid programs and exportcredits; technology transfer and munitions control regulations; U.S. energypolicies and critical materials stockpiles data; U.S. commodity policies; andproposed legislation affecting foreign firms operating in the United States.
Some estimate that “seventy foreign governments regularly eavesdrop onU.S. corporate communications being transmitted on telephone systemsoverseas.”66 Many governments use surveillance and surreptitious entry aseffective and inexpensive means of intelligence. Agents have stolen papers,computers, and computer disks from company offices and from the hotelrooms of executives traveling abroad. The following sections demonstratesome examples of international economic espionage activities.
People’s Republic of China
Two businessmen, one a Chinese national who is the president of a Beijing-based firm, and the other a naturalized Canadian citizen, pleaded guilty tocharges of illegally exporting fiberoptic gyroscopes to the PRC without therequired State Department permits. Export of these gyroscopes to the PRCis prohibited. The two men bought the gyroscopes from a Massachusettscompany and planned to export them to the PRC via a Canadian subsidiaryof the Beijing-based firm. The gyroscopes can be used in missile and aircraftguidance systems as well as smart bombs.
Two naturalized U.S. citizens were convicted of conspiring to illegallyexport weapons parts to their native China. They used their exporting com-pany to purchase surplus U.S. missile, aircraft, radar, and tank parts fromthe Defense Reutilization and Marketing Service and then ship them to thePRC. The exported items were on the U.S. Munitions List that prohibitedthem from being shipped without a license from the State Department.
Two Chinese scientists and a naturalized U.S. citizen who was born inChina were arrested for stealing product designs from a major U.S. telecom-munications firm and passing them to a Chinese government-owned com-pany in Beijing. Both Chinese scientists had received technical degrees fromU.S. universities before being employed by the U.S. firm.
A Chinese company based in Orlando, Florida, was charged with ille-gally exporting radiation-hardened integrated circuits to Chinese missileand satellite manufacturers in the PRC without the required Departmentof Commerce licenses. The affidavit prepared by the Department of Com-merce described three illegal diversions of the missile microchips. Accord-ing to weapons proliferation specialists, the microchips have military appli-cations and could be used by the Chinese military to improve their long-range missile-targeting capabilities.
A naturalized Chinese national was arrested for attempting to smuggle adefense-grade Radiance high-speed (HS) infrared camera to the PRC. Since
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 91
the Radiance HS camera is on the U.S. Munitions List, companies mustfile with the Department of State to legally export such items. The cam-era was destined for the Chinese State Ship Building Corporation, a state-owned conglomerate of fifty-eight companies that is based in Beijing andShanghai.67
Pakistan
U.S. Customs Service agents arrested two Pakistani brothers and chargedthem with conspiring to smuggle sophisticated cameras for military intelli-gence gathering to a Pakistani government laboratory. One of the brotherswas a naturalized U.S. citizen, whereas the other, a Pakistani citizen, hadrecently completed requirements for a master’s degree in engineering at aU.S. university. A U.S. aerospace company alerted the U.S. Customs Serviceto the suspicious activities of the brothers after they attempted to purchasethe cameras despite being denied an export license by the State Department.
A British citizen pleaded guilty to violating the Arms Export Control Actby trying to ship night-vision goggles and blueprints for C-I 30 aircraft toPakistan. He was acting on behalf of a firm located in Islamabad. The C-130aircraft is used for a variety of military purposes, including troop transport,surveillance, and gunships.68
Iran
A 20-month federal investigation culminated in the arrest by the U.S. Cus-toms Service of a naturalized Canadian from Iran and a Malaysian citizenfor conspiring to illegally export aircraft parts for the F-14 Tomcat, F-S Tiger,and F-4 Phantom to the Iranian Air Force. In addition, a naturalized U.S.citizen from Iran pleaded guilty to violating the Arms Export Control Actby trying to smuggle F-14 parts into Iran.69
Guarding Secrets
As mentioned earlier, because of the threat of economic espionage, manycountries make economic security a priority, enacting laws that purport todeter would-be intelligence gatherers.70 Although laws in individual coun-tries may help protect economic secrets of the country’s nationals, suchlaws do not solve the problem of economic espionage internationally. Partof the trouble may stem from the history that some states do not respect theintellectual property rights of other states. Historically, patent law in somenations encouraged economic espionage abroad as seen per earlier exam-ples. For example, one of the earliest patent laws, developed in France, gave“to whomsoever shall be the first to bring to France a foreign industry thesame advantages as if he were inventor of it.” France has since amended its
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
92 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
patent law to exclude such encouragement, but the fact that it once existedonly supports the idea that when a nation’s economy is threatened, ethicswill not necessarily keep it from protecting itself in any way possible.71
The number of countries engaging in economic espionage against U.S.corporations is staggering. An FBI’s study of 173 countries found that100 had spent money to acquire U.S. technology,72 and that 57 of thosehad engaged in covert operations against U.S. corporations. According tothe former CIA Director Robert Gates, “governments in Asia, Europe, theMiddle East and, to a lesser degree, Latin America – nearly 20 governmentsoverall – are involved in intelligence activities that are detrimental to oureconomic interests.”73 A 1996 declassified CIA report on national securitythreats listed countries that are extensively engaged in economic espionageagainst the United States; among them were France, Israel, China, Russia,Iran, and Cuba.74 Notably absent from the list was Japan, a country viewed bymany as possessing one of the most brazen and efficient intelligence servicesworldwide.75 The CIA report concluded, however, that Japanese efforts arelargely limited to legal data gathering and hiring “well-placed” consultants.
Yet, according to a survey, the worst offenders are Asian governments, withwestern European governments following closely.76,77 Other offenders canbe found in various businesses throughout the United States, as indicated ina 1997 survey by the Futures Group, “[a] full 82 percent of companies withannual revenues of more than $10 billion have an organized intelligenceunit.”78 However, economic espionage is not carried out exclusively by thefirst world powers. “Countries that heretofore have not been consideredintelligence threats account for much of the economic collection currentlybeing investigated by law enforcement communities.”79 In general, any na-tion that competes in the world market and has enough motivation to spywill engage in economic espionage.80
The significance surrounding the classes of parties involved in economicespionage is twofold. First, friendly and allied nations commit espionageagainst one another. In the world of economic espionage, there are no truefriendly relations, largely due to the fact that countries that engage in the ac-tivity are vying for a rung on the global market ladder.81 As the former Frenchintelligence chief Pierre Marion pointed out, “it is an elementary blunder tothink we’re allies when it comes to business, it’s war.”82 Second, developingnations are heavily involved in the trade due to more recent political devel-opments, especially the decline of communism. Formerly communist statesmust quickly catch up with the West, and economic espionage often pro-vides an avenue to do just that. Without communism, intelligence agentsfrom Eastern bloc countries are unemployed and available in the openmarket.83 The involvement of Eastern bloc agents is threatening becausetheir intelligence activities are not restricted by traditional notions of inter-national business ethics.84 Therefore, such agents may go to any lengths toacquire the information they seek.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
COMPETITIVENESS AND LEGAL COLLECTION 93
Primary Targets
The primary targets of foreign intelligence agencies are high-technologyand defense-related industries; however, even nontechnology-intensive in-dustries are at risk of theft.85 The industries targeted by foreign agents tendto be of strategic interest to the United States for three reasons: (1) theyproduce classified products for the government, (2) they provide productsused in both the military and the private sector, and (3) they are critical tomaintaining economic security. The most frequently targeted industries in-clude aerospace, biotechnology, telecommunications, computer hardwareand software, transportation technology, defense and armaments technol-ogy, automobiles, energy research, semiconductors, advanced materials, ba-sic research, and lasers.86 Intelligence agents seek not only technology, butalso proprietary business information from their targeted industries. Pricingdata, customer lists, product development data, basic research, sales figures,and marketing plans are stolen more often than advanced technology.87 For-eign governments also seek development plans, propriety information re-ports, personnel data contract bids, manufacturing cost analyses, proprietysoftware, and strategic planning.88
The Cox Report
In 1999, the U.S. House of Representatives released the Report of the SelectCommittee on U.S. National Security and Military/Commercial Concernswith the People’s Republic of China. Otherwise known as the “Cox Report,”it detailed PRC espionage against U.S. military technology. The report lists“rare-earth metals” and “special-function materials” as “exotic materials” thatare “the key areas of military concern” about PRC espionage targets. Thereport also states that “professional intelligence agents from the Ministry ofState Security (MSS) and Military Intelligence Department (MID) accountfor a relatively small share of the PRC’s foreign science and technologycollection.” Rather, the report explains, “the bulk of such information isgathered by various nonprofessionals, including PRC students, scientists,researchers and other visitors to the West.”89
A graduate student from the PRC who is known to have worked on a secretmilitary project in China should not be doing research at a U.S. universitywith defense research projects, according to national security specialistsfamiliar with the way the PRC conducts espionage. And especially not ona high-tech material related to that on which he or she focused in Beijing.“The MSS recruits students” as espionage agents, reported John Fialka inhis 1997 sworn testimony before the Joint Economic Committee Hearingson Economic Espionage, Technology Transfers and National Security. Withas many as 50,000 Chinese nationals entering the United States each year,the agencies tasked with being on the lookout for espionage cannot handle
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c04 CB764-Nasheri-v1 February 17, 2005 8:22
94 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
the workload. “While the FBI makes an effort to watch foreign students andbusinessmen, China’s flood has simply overwhelmed the bureau,” notedFialka.90
China’s so-called Sixteen Character Policy, codified in 1997, calls for “blur-ring of the lines between state and commercial entities, and military andcommercial interests,” according to the report. Fialka noted that “in thisgame China is a dragon with two heads.” That is, its commercial companiesoften are part of the PRC’s military research, development, and procure-ment. The Cox Report states the “main aim for the civilian economy [inChina] is to support the building of modern military weapons and to sup-port the aims of the People’s Liberation Army (PLA).”91
In another incident in July 2002, according to federal law enforcementauthorities, security officials at Hanco*ck International Airport in Syracuse,New York, found more than 100 vials, test tubes, and petri dishes containingan unknown biological substance in the carry-on luggage of a former CornellUniversity postdoctoral researcher and his family. They were preparing toboard a flight to China via Detroit. The researcher, Qianqiang Yin, wascharged with stealing biological materials and attempting to transport themto China.92
Incidents such as these highlight the expanding scope of economic espi-onage. The need to address this will only increase in the future.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
C H A P T E R F I V E
Tensions Between Security and Openness
the u.s. information and communications infrastructure sector generatesmore revenue than most nations produce. Far more than any other nation,the potential of new technologies has enabled the United States to reshapeits governmental and commercial processes. All countries that make use ofcomputer technology and especially those connected to the Internet are vul-nerable, although the level to which the United States has incorporated newtechnologies and the highly networked nature of its infrastructure makes itthe most vulnerable.1
Some experts have questioned whether such an open and flexible globalinformation infrastructure is still in the best interests of the United Statesand the world in light of the growing threats from information warfare,information terrorism, and cybercrime. One must keep in mind this state ofthe world in assessing the efficacy of any proposed international agreementthat portends to address the serious and far-reaching effects of informationwarfare, information terrorism, and cybercrime.
Growing Vulnerability in the Information Age
President Clinton chose his commencement address to the 1998 graduat-ing class of the U.S. Naval Academy as a forum for highlighting the es-calating threat posed by information warfare, information terrorism, andcybercrime:
Our security is challenged increasingly by nontraditional threats from ad-versaries, both old and new, not only hostile regimes, but also internationalcriminals and terrorists who cannot defeat us in traditional theaters of battle,but search instead for new ways to attack by exploiting new technologies andthe world’s increasing openness.2
95
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
96 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Disruption of any infrastructure is always inconvenient and can be costlyand even life-threatening. Major disruptions could lead to major losses andaffect national security, the economy, and the public good. Mutual depen-dence and the interconnectedness made possible by the information andcommunications infrastructure lead to the possibility that our infrastruc-tures may be vulnerable in ways they never have been before. Intentionalexploitation of these new vulnerabilities could have severe consequencesfor our economy, security, and way of life.
Technologies and techniques that have fueled major improvements inthe performance of our infrastructures can also be used to disrupt them.The United States, where close to one-half of all computer capacity and60% of Internet assets reside, is at once the world’s most advanced and mostdependent user of information technology. More than any other country,the United States relies on a set of increasingly accessible and technologicallyreliable infrastructures, which in turn have a growing collective dependenceon domestic and global networks. This provides great opportunity, but italso presents new vulnerabilities that can be exploited. It heightens risk of
Profile of Electric Power System
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 97
cascading technological failure, and therefore of cascading disruption inthe flow of essential goods and services. Computerized interaction withinand among infrastructures has become so complex that it may be possibleto do harm in ways we cannot yet conceive.
A New and Challenging Environment
Alvin and Heidi Toffler pointed out in their book, The Third Wave, that thehistory of the world can largely be portrayed as three waves.3 The first wasthe agricultural wave, the second was the industrial wave, and the third isthe information wave. Not all countries have progressed to this third waveor even the second, nor is any country necessarily characterized by only onewave. The recognition that parts of the world have progressed into the thirdwave, however, calls for new thinking, new paradigms, and innovation.
Our dependence on information and communications technologies hascreated new vulnerabilities, which we are only beginning to understand. Inaddition to the possible disruption of information and communications,nations in the third wave also face the possibility that someone will be ableto actually mount an attack against other kinds of infrastructures becauseof their dependence on computers and telecommunications.
Interdependence New Risks and Vulnerabilities
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
98 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Information and Communications
All critical infrastructures are increasingly dependent on information andcommunications. The most important impact and vulnerability for this sec-tor is the increasing interdependency of the public telecommunication net-work (PTN) and the Internet. The Internet depends heavily on the PTN. ThePTN, in turn, depends on electrical power for operations and on telephonelines and fiberoptic cables that often run along transportation routes.The PTN is increasingly software driven, and managed and maintainedthrough computer networks. Deregulation of the telecommunications in-dustry will increase the number of access points, increasing opportunities forattack.
The Internet
The Internet is a global network of networks interconnected via routers thatuse a common set of protocols to provide communications among users.Internet communications are based on connectionless data transport. Inother words, the IP does not establish a circuit between communicatingparties during the lifetime of the communication. Instead, each messageis divided into small packets of data that contain routing information in apacket header. Routers forward the packets to other routers closer to thepacket’s destinations based on address information in the packet headers.To maximize efficient use of the network, the routers may send each packetof a message over a different path to its destination, where the message isreassembled as the packets arrive.
The Internet and the PTN are not mutually exclusive because significantportions of the Internet, especially its backbone and user access links, relyon PTN facilities. Current trends suggest that the PTN and the Internetwill merge in the years ahead: By 2010, many of today’s networks will likelybe absorbed or replaced by a successor public telecommunications infras-tructure capable of providing integrated voice, data, video, private line, andInternet-based services.
The Internet originated in 1968 by the then Advanced Research ProjectsAgency (ARPA), now known as the Defense Advanced Research ProjectsAgency. The project was to determine how to build resilient computer net-works that could survive physical attacks or malfunctions in portions of thenetwork. The ARPAnet, as it was called, was not designed as a secure net-work, but depended for security on a small number of users who generallyknew and trusted one another.
Commercialization of the Internet in the early 1990s, boosted by theworld wide web, caused incredible growth. Government and the privatesector began to seize the advantages of the Internet as an alternative to other
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 99
unclassified means of communication. The Internet continues to expandglobally at a rapid pace.
Key Factors in the Current State of Internet Security
Threats to the Internet are of primary concern because we are becoming in-creasingly dependent on it for communications. This includes governmentand military communications, commerce, remote control and monitoringof systems, and a host of other uses. In addition, the Internet is inherentlyinsecure.
The current state of Internet security is the result of many factors. Achange in any one of these can change the level of Internet security and sur-vivability. Because of the dramatically lower cost of communication and easeof connecting to the Internet, use of the Internet is replacing other formsof electronic communication. As critical infrastructure operators strive toimprove their efficiency and lower costs, they are connecting formerly iso-lated systems to the Internet to facilitate remote maintenance functions and
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
100 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
improve coordination across distributed systems. Operations of the criticalinfrastructures are becoming increasingly dependent on the Internet and,therefore, are vulnerable to Internet-based attacks.4
Most threatening of all is the link between cyberspace and physical space.Supervisory control and data acquisition systems and other forms of net-worked computer systems have for years been used to control power grids,gas and oil distribution pipelines, water treatment and distribution sys-tems, hydroelectric and flood control dams, oil and chemical refineries,and other physical systems. Increasingly, these control systems are beingconnected to communications links and networks to reduce operationalcosts by supporting remote maintenance, remote control, and remote up-date functions. These computer-controlled and network-connected systemsare potential targets of individuals bent on causing massive disruption andphysical damage. This is not just theory; actual attacks have caused majoroperational problems. For example, attacks against wastewater treatmentsystems in Australia led to the release of hundreds of thousands of gallons ofsludge.5
As the technology is being distributed, the management of the technol-ogy is often distributed as well. In these cases, system administration andmanagement often fall on people who do not have the training, skill, re-sources, or interest needed to operate their systems securely.6 The rush tothe Internet, coupled with a lack of understanding, is leading to the expo-sure of sensitive data and risk to critical systems. Just one naive user with aneasy-to-guess password increases an organization’s risk.7
There is little evidence of improvement in the security features of mostproducts. Developers are not devoting sufficient effort to apply lessonslearned about the sources of vulnerabilities. The Computer Emergencyand Response Team Coordination Center (CERT/CC) routinely receivesreports of new vulnerabilities. In 1995, CERT received an average of 35new reports each quarter, 140 for the year. By 2002, the number of annualreports received had skyrocketed to more than 4,000. Technology evolvesso rapidly that vendors concentrate on time to market, often minimizingthat time by placing a low priority on security features. Until their cus-tomers demand products that are more secure, the situation is unlikely tochange.8
When vendors release patches or upgrades to solve security problems,organizations’ systems often are not upgraded because it may be too time-consuming, too complex, or just at too low a priority for the system admin-istration staff to handle. With increased complexity comes the introductionof more vulnerabilities. Because managers often do not fully understandthe risks, they neither give security a high enough priority nor assign ade-quate resources. The problem is made worse by the fact that the demandfor system administrators with strong security skills far exceeds the supply.9
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 101
Engineering for ease of use is not being matched by engineering forease of secure administration. Today’s software products, workstations, andpersonal computers bring the power of the computer to increasing num-bers of people who use that power to perform their work more efficientlyand effectively. Products are so easy to use that people with little technicalknowledge or skill can install and operate them on their desktop computers.Unfortunately, it is difficult to configure and operate many of these productssecurely. This gap leads to increasing numbers of vulnerable systems.10
As we face the complex and rapidly changing world of the Internet, com-prehensive solutions are lacking. Among security-conscious organizations,there is increased reliance on quick and easy solutions, such as firewallsand encryption. These organizations are lulled into a false sense of securityand become less vigilant, but single solutions applied once are neither fool-proof nor adequate. Solutions must be combined, and the security situationmust be constantly monitored as technology changes and new exploitationtechniques are discovered.11
Information Theft and Computer Crimes
“No area of criminal activity is more on the cutting edge or has greaterglobal implications than crime involving technology and computers,”12 sostated former Attorney General Janet Reno in an address to an elite groupof experts from the G-8 countries convened to discuss transnational orga-nized crime. Unfortunately, the way in which such crimes are committed haslargely frustrated efforts to investigate and prosecute such crimes. Cyberat-tacks are cheap, easy to launch, difficult to trace, and hard to prosecute.Cyberattackers are using the connectivity to exploit widespread vulnerabili-ties in systems to conduct criminal activities, compromise information, andlaunch denial-of-service attacks that seriously disrupt legitimate operations.
Reported attacks against Internet systems are almost doubling each yearand attack technology will evolve to support attacks that are even more vir-ulent and damaging. Our current solutions are not keeping pace with theincreased strength and speed of attacks, and our information infrastruc-tures are at risk. Although some attacks require technical knowledge – theequivalent to that of a college graduate who majored in computer science –many other successful attacks are carried out by technically unsophisticatedintruders. Technically competent intruders duplicate and share their pro-grams and information at little cost, thus enabling novice intruders to dothe same damage as the experts. In addition to being easy and cheap, Inter-net attacks can be quick. In a matter of seconds, intruders can break into asystem; hide evidence of the break-in; install their programs, leaving a “backdoor” so they can easily return to the now-compromised system; and beginlaunching attacks at other sites.13
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
102 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Attackers can lie about their identity and location on the network. Infor-mation on the Internet is transmitted in packets, each containing informa-tion about the origin and destination. Senders provide their return address,but they can lie about it. Most of the Internet is designed merely to forwardpackets one step closer to their destination with no attempt to make a recordof their source. There is not even a “postmark” to indicate generally wherea packet originated. It requires close cooperation among sites and up-to-date equipment to trace malicious packets during an attack. Moreover, theInternet is designed to allow packets to flow easily across geographic, admin-istrative, and political boundaries. Consequently, cooperation in tracing asingle attack may involve multiple organizations and jurisdictions, most ofwhich are not directly affected by the attack and may have little incentiveto invest time and resources in the effort. This means that it is easy for anadversary to use a foreign site to launch attacks at U.S. systems. The attackerenjoys the added safety of the need for international cooperation in orderto trace the attack, compounded by impediments to legal investigations. Wehave seen U.S.-based attacks on U.S. sites gain this safety by first breakinginto one or more non-U.S. sites before coming back to attack the desiredtarget in the United States.14
Accurate statistics on the extent of this phenomenon have provenelusive15 because of the difficulty in adequately defining computer crimes.16
The statistics are also untrustworthy due to victims’ failures to report inci-dents because of (1) fear of losing customer confidence17 and (2) lack ofdetection. The aggregate annual losses to businesses and governments, how-ever, are estimated to be in the billions of dollars.18
The fastest-growing computer-related crime is theft, and the most com-mon object stolen is information. Thieves often target intellectual propertiesthat include things like a new product patent, new product description, mar-ket program plans, a list of customers, and similar information. Previouslythieves obtained such properties through employees, photocopying docu-ments, and burglaries. Now the MO has changed and thieves would preferstealing from the computers because it provides extensive access to moreusable information.19
In the summer of 1996, hackers attached the worldwide web site of theU.S. DOJ, replacing official information with adult pictures, a photo ofHitler, and a swastika. Months later hackers gained entry to the CIA’s website, relabeling it “The Central Stupidity Agency.” In December of 1996, theDefense Department shut down eighty sites on the global computer net-work after hackers inserted a sexually explicit video clip on the Air Forceweb site.20 More recently, assessments by the House Government ReformCommittee’s Subcommittee on Technology revealed that the federal gov-ernment does a poor job on security (see Appendix B).
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 103
Computer crime, also known as cybercrime, is a growing and increasinglycostly phenomenon.21 Computer crimes can be divided into three broadcategories: (1) crimes where a computer is a tool, (2) crimes where a com-puter is the target, and (3) crimes where a computer is incidental.22 In thefirst category, the computer is used as a tool to commit offenses. This grouplooks upon the computer as one of the instruments for committing crimeslike fraud, embezzlement, and other related crimes. The second categorycontains crimes in which the computer itself or the stored information isthe target.
First, a computer may be the “object” of a crime: The offender targetsthe computer itself. This encompasses theft of computer processor timeand computerized services. Second, a computer may be the “subject” of acrime: A computer is the physical site of the crime, the source of, or reasonfor unique forms of asset loss. This includes the use of “viruses,” “worms,”“Trojan Horses,” “logic bombs,” and “sniffers.” Third, a computer may be an“instrument” used to commit traditional crimes in a more complex manner.For example, a computer might be used to collect credit card informationto make fraudulent purchases.
Computer theft offers distinct advantages to the cybercriminal. It allowsthe criminal to pilfer large amounts of money without having to face lockedsafes, foreign premises, or, most important, armed security guards. A heistcan be done safely and efficiently through a few strokes on a computerkeyboard. Moreover, although a gun offers a thief protection and controlover his or her victims, a computer eliminates this need and supplementsthe thief’s arsenal with anonymity and an unlimited range of victims. As onecommentator accurately stated, “if I want to steal money, a computer is amuch better tool than a handgun. . . . It would take me a long time to get$10 million with a handgun.”23
As the Citibank heist24 illustrates, a cybercriminal’s reach is internationaland his or her crimes can often be committed without anyone knowing whenit was done, how it was done, or who the culprit was. It is for these and otherreasons that theft and fraud offenses committed with the aid of computersand other electronic media will soon become leading international crimes.There are no visa or passport requirements, no security checkpoints, andno physical barriers. Perhaps, most important, such crimes require littlemanpower and resources.25
Although the Citibank heist involved the stealing of U.S. currency, themodern-day criminal is now focusing his or her computer’s attention onstealing something that is often more valuable, the corporate trade secret.The cybercrook has realized that stealing the next version of the Coca-Colarecipe or Windows software is worth more than a $10 million heist. More im-portant, the trade secret – unlike the $10 million in cash – can be duplicated
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
104 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
and downloaded without the true owner ever knowing that the trade secrethas been stolen. The owner still has a copy; unfortunately, the cybercrookdoes, too.
High-Tech Thieves
Criminal groups who view computers as targets have been placed in three cat-egories: (1) hackers, (2) those who break the systems to intentionally causeharm or mischief to data or programs, and (3) financially motivated offend-ers who use a “specialized skill” to steal or damage information containedin computer storage banks.26 There is no “typical” computer-related crimeand no “typical” motive for committing such crimes, although common mo-tives including exhibiting technical expertise, highlighting weaknesses incomputer security systems, punishment or retaliation, computer voyeurism,asserting a belief in open access to computer systems, or sabotage.27 Com-puter criminals can be youthful hackers, disgruntled employees and com-pany insiders, or international terrorists and spies. Because of the vast varietyof computer-related crimes and motives, computer-related crimes are clas-sified according to the computer’s role in the particular crime.
Analysis of computer crimes suggests that threats of such crime generallycome from employees. Studies reported on computer crimes have shownthat primary threats come from full-time employees, followed by part-timeand contract employees, and with computer hackers a close third. Thereis normally a close correlation between theft and access to computers, butthe important thing to recognize is that as networking becomes widespread,access is also becoming easier.28
The Morris Case
Perhaps the most infamous Internet crime ever committed was the 1988 caseof United States v. Morris.29 Robert Tappan Morris was a 23-year-old first-yeargraduate student in Cornell University’s computer science Ph.D. programwho, through various jobs, had acquired significant computer experience.Morris was given an account on his school’s computer and soon began workon a computer program, later known as the Internet “worm” or “virus.”Morris intended to release the worm into university, government, and mili-tary computers around the country in order to demonstrate the inadequa-cies of current security measures on those computer networks. “The wormwas supposed to occupy little computer operation time, and thus not inter-fere with normal use of those computers.”30
After releasing his “harmless” worm, Morris soon discovered that it wasactually infecting machines, ultimately causing computers at more than6,00031 educational institutions and military sites around the country to
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 105
“crash” or cease functioning.32 With the help of a friend, Morris then sent outan anonymous message instructing programmers how to kill the worm andprevent reinfection. However, “because the network route was clogged, themessage did not get through until it was too late.” Morris was found guilty ofviolating the Computer Fraud and Abuse Act, Section 1030(a)(5)(A), whichprohibited intentional unauthorized access to federal computers. “He wassentenced to three years of probation, 400 hours of community service, afine of $10,050, and the costs of his supervision.”33
There is a common agreement that cybercrimes exist, but little overallagreement as to what they are other than they involve the use of the com-puters in some way. The term is most frequently used to describe eithertraditional or familiar forms of offending that use the Internet, or else toillustrate the more dramatic forms of offending via technological daring-do.Computer crime may be the subject of the biggest cover-up since Watergate.As such, it has proved difficult to give an accurate reliable overview of theextent of losses and the actual number of criminal offences.
Cybercrime – Computer Crime Defined
Although the term computer crime includes traditional crimes committed witha computer, it also includes novel, technologically specific offenses that ar-guably are not analogous to any noncomputer crimes. Computer crime rep-resents the activity most likely to be confused with IW.34 The phrase “com-puter crime” is itself a nebulous term covering a gamut of actions rangingfrom releasing a supposedly benign virus or hacking into computers to lookat information,35 to causing the computers that run the alarms at a chem-ical plant to malfunction. To further muddle the definition, many normalcrimes are now committed with the assistance of computers.36 The diver-sity of computer-related offenses, however, rendered any narrow definitionuntenable.
Although “computer crime” remains loosely defined, most industrializedcountries have amended their legislation to address four needs created bycomputer crimes: (1) protection of privacy, (2) prosecution of economiccrimes, (3) protection of intellectual property, and (4) procedural provi-sions to aid in the prosecution of computer crimes.37 Worldwide, nationalgovernments are adopting computer-specific criminal codes that addressunauthorized access and manipulation of data, similar to the ComputerFraud and Abuse Act of 1996 in the United States. Criminalization of copy-right infringements are also gaining momentum around the world.38
Criminal actions that target or are facilitated through the use of com-puter systems are called cybercrimes. Cybercrime can be divided into two cat-egories: (1) crimes that are “located” entirely in cyberspace and (2) crimesthat have a physical component that merely are facilitated in cyberspace.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
106 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
There has been a great deal of debate among experts on just what consti-tutes a computer crime or a computer-related crime. The term “computercrime” also includes intelligence collection activities, which is conductedby all advanced states.39 Even after several years, there is no internationallyrecognized definition of this term. The head of the U.S. DOJ’s ComputerCrime unit echoed this sentiment and indicated that the term “computercrime” has no precise definition.40
In 1983, the OECD defined computer crime and computer-related crimeas “any illegal, unethical, or unauthorized behavior involving automatic data-processing and/or transmission of data.”41 Including “unethical” behaviorwithin the criminal definition without more amplification would likely bestruck down as unconstitutionally vague.
Interestingly, the United Nations Manual on Computer-Related Crime statedthat annoying behavior must be distinguished from criminal behavior inlaw.42 Although such would seem to be a fairly noncontroversial statement,it seems considerably more contentious in the area of computer crime. Forinstance, a group of hackers, allegedly a Mexican group known as the zapatis-tas, intended to bring down a U.S. DoD site to bring attention to their cause.They chose as their MO the use of a computer to repeatedly “hit” the site inorder to cause an overload and thereby render it inoperable, or cause it tocrash outright. Obviously, trying to “hit” a site should not be a crime becausethat is the purpose of web sites. Even trying to repeatedly hit a site wouldnot normally be thought of as criminal. Only the intentional overloading ofa site would be criminal, which will involve line-drawing issues hinging onintent and possibly outcome, to the extent intent can be properly inferredfrom it.43
An early definition of computer crime proposed by the U.S. DOJ quitebroadly included “any violations of criminal law that involve a knowl-edge of computer technology for their perpetration, investigation, orprosecution.”44 Such a definition would appear to reach too far becausetoday’s technologically oriented prosecutorial and investigative agenciesemploy computers to prosecute and investigate even mundane traditionalcrimes.45 Some experts have suggested that DOJ’s definition could encom-pass a series of crimes that have nothing to do with computers. For exam-ple, if an auto theft investigation required a detective to use “knowledge ofcomputer technology” to investigate a vehicle’s identification number in astate’s department of motor vehicle database, under DOJ guidelines, autotheft could be classified as a computer crime. Although the example maystretch the boundaries of logic, it demonstrates the difficulties inherent inattempting to describe and classify computer criminality.46
Even though several individual states have attempted to define computercrimes or regulate within subfields of this area,47 there have been onlythree significant international efforts – one by the OECD48 and two by theCouncil of Europe (COE). Both the OECD and the COE define “computer
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 107
crime,” but leave it to individual states.49 Nevertheless, both bodies put forthproposed standards to provide a common denominator for what shouldconstitute computer crimes in each of their member nation-states.50 It isinstructive to assess and trace the development of these first internationalefforts to define computer crimes in order to obtain a better idea of how thelaw is developing in this area. All nations continue to struggle with definingcomputer crime and developing computer crime legislation that is applica-ble to both domestic and international audiences.51
Preparing for a New Cyberwar
The threat from computer crime and other information security breachescontinues unabated and the financial toll is mounting at an alarming rate –with theft of proprietary information continuing to be the number onethreat to information systems.52 “Although there has never been accuratenationwide reporting of computer crime, it is clear from the reports whichdo exist . . . that computer crime is on the rise.”53 As a matter of fact, betweenJanuary 1998 and December 1998, the CERT/CC54 received “41,871 e-mailmessages and 1,001 hotline calls reporting computer security incidents orrequesting information.”55 In addition, they received 262 vulnerability re-ports and handled 3,734 computer security incidents, affecting more than18,990 sites during this same period.56
With expanding computer-controlled infrastructure came an increase inthe severity of computer hacker attacks.57 Where a decade ago computerswere relatively isolated and performed specialized tasks, today as mentionedearlier, computers control general, widespread systems that form the back-bone of modern life.58
Computer crime is a global problem; many computer crimes are sim-ply old-fashioned crimes of theft or fraud or vandalism, simply perpetratedin the electronic medium. Purely domestic solutions are inadequate be-cause cyberspace has no geographic or political boundaries. Many com-puter systems can be easily and surreptitiously accessed through the globaltelecommunications network from anywhere in the world.59 Internationalfinancial institutions are common targets for computer fraud and em-bezzlement schemes.60 The development of sophisticated computer tech-nology has also enabled organized crime groups to bypass governmentdetection and enter the international realm of drug trafficking and moneylaundering.61 In addition, the specter of computer terrorism calls for aninternational strategy to preserve global security.
It seemed like a sequel to the 1983 movie “War Games.” From the comfortof his own home, a hacker intentionally disabled one of NASA’s communi-cations uplinks to the Atlantis space shuttle, while another acquired “supe-ruser” status, allowing a 24-year-old from Denver to control all of NASA’s118 computer systems and read all users’ e-mail. Another hacker in Phoenix
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
108 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
gained control of all U.S. water canals south of the Grand Canyon, whereasstill another tapped into a local air traffic control system while toying witha municipal phone network.62
Unlike nuclear weapons, which require highly sophisticated parts andtightly regulated materials, information weapons consist of common pro-gramming commands arranged in a variety of ways to produce maliciouscode. This code can be delivered over the Internet, by conventional mail,fax, or phone in the exact same way that innocent commercial or personalcommunications are transmitted. Thus, information weapons are not sub-ject to customs checks or other safeguards against international transportand, because of the volume of information transmitted in these ways, couldnot reasonably be so subjected. Testing of information weapons cannotbe detected with seismographs or satellite sensors. Although the damagedone by some information weapons might be readily apparent, studies indi-cate only an exceptionally small portion of users who are attacked by hackersare even aware of the attack.
Attackers include national intelligence organizations, information war-riors, terrorists, criminals, industrial competitors, hackers, and aggrievedor disloyal insiders. Although insiders constitute the single largest knownsecurity threat to information and information systems, controlled testingindicates that large numbers of computer-based attacks go undetected, andthat the unknown component of the threat may exceed the known compo-nent by orders of magnitude.
Adversaries can employ a variety of methods against the infrastructure,including traffic analysis, technical security attacks, physical attacks, andcyberattacks. Physical and cyberattacks pose the greatest risk. They have in-creased rapidly in sophistication and disruptive potential, while the infras-tructure’s vulnerability has grown. The availability of truck bombs, chemi-cal agents, and biological agents has increased the disruptive potential ofphysical attacks. At the same time, the vulnerability of the information andcommunications (I&C) infrastructure to physical attack has increased.
Tools to remotely access, change, or destroy information in vulnerablesystems and to control, damage, or shut down the systems themselves havebecome more sophisticated, easier to use, and more widely available. TheU.S. DoD tests and exercises, together with the rising incidence of docu-mented intrusions and cyber-related losses over recent years, indicate thatnetworked computers are highly vulnerable to these techniques. A broadarray of adversaries, including a sizable number of foreign governments, arecurrently capable of conducting cyberattacks.
The introduction of numerous third parties, including foreign compa-nies, operating in partnership with U.S. companies or on their own, intoevery aspect of network operations will alter the trust relationship on whichcurrent network architecture is based. The security measures needed to
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 109
compensate for the loss of trust will take years to develop. During this time,attacks to gain unauthorized access to sensitive data and functions will beeasier to accomplish on a widespread basis than at any previous time in thehistory of telecommunications.
Today’s level of threat and degree of vulnerability present two risks fornational policy to address. The first is the cumulative risk generated by manysmall-scale attempts to steal information or money through cyberattack.The vulnerability of individuals and enterprises to cybertheft damages thenation’s competitiveness. Losses undermine both the bottom line and publicconfidence in emerging information technology. For the I&C infrastructureto realize its full potential as a medium for commerce, government, andmilitary operations, users must have confidence that transactions will beconfidential and protected.
The numerous security vulnerabilities in today’s I&C infrastructure af-ford little basis for such confidence, and the trends are not encouraging.In the meantime, the payoff for successful exploitation is increasing. Withcommerce growing exponentially over a medium with minimal protection,criminals and hackers can be expected to develop original and profitablenew methods of operation. With larger and larger quantities of imperfectlyprotected information residing on networked systems, intelligence servicesand industrial competitors can be expected to find increasingly sophisti-cated ways to break in.
The second and more critical risk is that presented by cyberattacks andphysical attacks intended to disrupt the U.S. I&C infrastructure and thecritical societal functions that depend on it. With network elements increas-ingly interconnected and reliant on each other, cyberattacks simultaneouslytargeting multiple network functions would be highly difficult to defendagainst, particularly if combined with selected physical destruction of keyfacilities. The possibility that such disruption could cascade across a substan-tial part of the PTN cannot be ruled out. No one knows how the networkwould react under coordinated attack.
To address the risk posed by the mounting incidence of cybertheft andother small-scale attacks, national policy must encourage a cooperative ap-proach to strengthening security. National and international policies mustensure that there is an effective national and international capability todetect and defend against large-scale attacks on the I&C infrastructure.
The ability to communicate with large numbers of hackers and thewidespread availability of tools to carry out a break-in exacerbate the prob-lem. Relatively unsophisticated computer users are now able to quickly ac-cumulate premade tools and detailed instructions on how to anonymouslyattack a target.63 This makes it easier to stay ahead of law enforcement.
Furthermore, the Internet was not designed with security in mind.64
By promoting connectivity over security, users are able to travel through
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
110 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
multiple computers all over the world. Tracing the hacker is difficult. Onlyone computer along the hacker’s route need be insecure, lack adequate logsof users, or reside in an uncooperative foreign jurisdiction for law enforce-ment to fail in tracking the intruder.
Weapons of Mass Disruption
In the online world, we often face a problem with criminal actions thatare not treated as crimes. Although our society does not tolerate peoplebreaking into homes and businesses, we seem to have more tolerance forcomputer break-ins. Yet, breaking into computers is just as much a crimeand both break-ins harm innocent people and weaken businesses.
In the last few years, we have realized that the issues posed by criminalhackers are real and costly. The “ILOVEYOU” virus of 2000 slowed downworldwide e-mail systems. The Ramen and Lion worms attacked Linux soft-ware to deface web sites and extract sensitive information such as passwords.The Code Red worm exploited Windows server software to infect servers andattack other web sites. The Trinoo attacks exploited vulnerabilities in theSolaris operating system to mount denial of service attacks against severalprominent web sites. Estimated damage in these attacks runs into the billionsof dollars.65
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 111
Cyberattacks, Information Theft, and Online Shakedown
Cyberattacks are frequently in the news, but far more go unreported. Eachyear the CSI and the FBI publish a study that demonstrates the number ofcompanies that reportedly suffered some form of unauthorized computerintrusion. Each year, the percentage creeps closer to 100%. In a more re-cent study,66 92% of the companies surveyed reported that they sufferedsome form of attack to or misused computer systems during the 2002–2003year. Some forms of disruptive practice are on the increase, and the esti-mated damage to business is usually estimated in the hundreds of millionsor billions of dollars.
Potential cyberthreats and associated risks range from recreational hack-ers to terrorists to national teams of IW specialists. Insiders are repeatedlyidentified as the most worrisome threat. Other malefactors may make useof insiders, such as organized crime or a terrorist group suborning a willinginsider or making use of an unwitting insider.
Many financial institutions have been contacted by cyberterrorists threat-ening to penetrate and destroy their computer systems unless they receivehuge sums of money. Many banks around the world have been victimizedand have paid millions of dollars as extortion money to keep their systemsintact. Such cyberterrorism is becoming a matter of concern and exposes na-tional security systems, banking or communication networks, and financialand commercial transactions to grave dangers.67
Five examples of new types of attack described below help illustrate theway commonplace cybertools can be used to do harm.
A Cyberattack on the Specific Database of an Owner/Operator
In the case of unauthorized entry into a network or system for the purposeof illegal financial transfers, stealing proprietary information, disruptingrecords, or merely “browsing,” owners and operators have a responsibilityfor prudent and sufficient security systems, such as firewalls and passwordsand qualified personnel to detect anomalies that indicate a successful entry,so further isolation or deflection measures can be taken to foil the attack.
A Cyberattack for the Purpose of Gaining Access to a Network
If a particular system or network is discovered to have low security standardsand to be interconnected to other networks of interest to the attacker, theattacker will use the most weakly defended pathway to access the targetedsystem. Thus, operators need to consider establishing security standards forthose with whom they are connected.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
112 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
A Cyberattack for the Purpose of Espionage
Intellectual property is vulnerable to theft in entirely new ways. The threatmay come from a witting or unwitting insider, an unscrupulous competitor,or the intelligence service of a foreign power. Competitive advantage maybe lost without knowing it was even at risk. This is true in business as well asin government.
A Cyberattack for the Purpose of Shutting Down Service
Attacks by flooding communication lines have denied emergency servicein some communities and shut down e-mail service to major users. Denial-of-service attacks are of concern to all institutions that depend on reliablecommunications.
Another form of computer attack is the distributed denial-of-service(DDoS) attack (commonly referred to as a DDoS attack). The DDoS at-tacker uses multiple compromised systems to attack a single target, therebycausing denial of service for users of the targeted system.68 The flood ofincoming requests to the target system essentially forces it to shut down,thereby denying service to legitimate users. DDoS threats have been es-calating and future attacks may target routers, key hubs of the Internet’sinfrastructure, instead of individual web sites.69 Denial-of-service attacksand viruses cause the most downtime to business applications, e-mail sys-tems, and networks. In January 2003, CloudNine Communications, a UKInternet service provider, indicated that it had to close its doors aftera series of denial-of-service attacks prevented its 2,500 customers fromconnecting to the Internet and cut access to the web sites of its hostingcustomers.70
A denial-of-service attack is an attack or intrusion designed for use againstcomputers connected to the Internet, whereby one user can deny serviceto other legitimate users simply by flooding the site with so much uselesstraffic71 that no other traffic can get in or out. In fact, the “hacker” is notnecessarily trying to break into the system or steal data, but rather just pre-vent users from accessing their own network72 for reasons only the hackerknows.73 A denial-of-service attack is considered to take place only whenaccess to a computer or network is intentionally blocked as a result of somemalicious action.74 Sharing information about the tools used in these attacksand techniques to deflect or defeat them is therefore of interest to a widerange of public and private institutions.
A Cyberattack for the Purpose of Introducing Harmful Instructions
An attacker can plant a virus or leave behind a program that will give theattacker critical information, such as passwords that can be used to log in
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 113
to other networks. A virus may be transmitted within a LAN or passed onto an external network. “Logic bombs” and “Trojan horses” are designed,respectively, to destroy software at a preselected time and to enable futureaccess. Given the rate of development of viruses, it is essential that all inter-connected users adopt a high level of virus detection.
Vulnerability of the United States
The potential impact of failing to protect the intellectual property and infor-mation infrastructure on which this world-leading economy is increasinglydependent poses potentially serious risks. Almost all the Fortune 500 cor-porations have been penetrated electronically by cybercriminals. The FBIestimates that electronic crimes are running at about $10 billion a year. How-ever, only 17% of the companies victimized report these intrusions to lawenforcement agencies because their main concern is protecting consumerconfidence and shareholder value.75
A spectrum of malicious actors can and do conduct attacks against theUnited States’ critical information infrastructures. Of primary concern is thethreat of organized cyberattacks capable of causing debilitating disruptionto the nation’s critical infrastructures, economy, or national security. Therequired technical sophistication to carry out such an attack is high, whichmay explain the lack of a debilitating attack to date.
Shared Responsibility
The government and private sector share substantially the same national in-formation infrastructure. Both have been victims of unauthorized computerintrusions, theft, and disruption. The line separating threats that apply onlyto the private sector from those associated with traditional national secu-rity concerns must give way to a concept of shared threats. Shared threatsdemands a shared response, built from increased partnership between gov-ernment and the owners and operators of our infrastructures.
In general, the private sector is best equipped and structured to respondto an evolving cyberthreat. There are specific instances, however, wherefederal government response is most appropriate. A government role incybersecurity is warranted where high transaction costs or legal barrierslead to significant coordination problems.
Public–private engagement is key. This is true for several reasons. Public–private partnerships can usefully confront coordination problems and en-hance information exchange and cooperation. Public–private engagementwill take a variety of forms. It will address awareness, training, technologicalimprovements, vulnerability remediation, and recovery operations.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
114 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Threat Spectrum
Federal actions to secure cyberspace are warranted for purposes includ-ing forensics and attack attribution, protection of networks and systems crit-ical to national security, indications and warnings, and protection againstorganized attacks capable of inflicting debilitating damage to the economy.Federal activities also should support research and technology developmentthat will enable the private sector to better secure privately owned portionsof the nation’s infrastructure.
Domestic and International Legislative Responses
Does computer crime pose a serious threat to a nation’s national secu-rity? More recent highly publicized computer virus attacks have shownthat computer crime has become an increasing problem. Defining crim-inal phenomena is important because it allows police officers, detectives,prosecutors, and judges to speak intelligently about a given criminal of-fense. Furthermore, generally accepted definitions facilitate the aggrega-tion of statistics, which law enforcement need to analyze to reveal pre-viously undiscovered criminal threats and patterns.76 The absence of astandard definition for computer crime, a lack of reliable criminal statistics
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 115
on the problem, and significant underreporting pose problems for policeagencies.77
Law enforcement organizations cannot determine exactly how manycomputer crimes occur each year. No agreed-upon national or internationaldefinition of terms, such as computer crime, high-tech crime, or informa-tion technology crime, exists. Thus, as a class of criminal activities, computercrime is unique in its position as a crime without a definition, which preventspolice organizations from accurately assessing the nature and scope of theproblem.78
Legislative bodies define criminal offenses in penal codes. Crimes suchas murder, rape, and aggravated assault all suggest similar meanings to lawenforcement professionals around the world. But what constitutes a com-puter crime? As mentioned earlier, the term covers a wide range of offenses.For example, if a commercial burglary occurs and a thief steals a computer,does this indicate a computer crime or merely another burglary? Does copy-ing a friend’s program disks constitute a computer crime? The answer toeach of these questions varies among different jurisdictions.79
There is increasing cooperation between the United States and Europein this area. In September 2000, the United States sponsored a meetingof the G8’s Senior Law Enforcement Experts on Transnational Crime todiscuss international intellectual property crime. The meeting focused onthe involvement of organized criminal groups in counterfeiting and pirat-ing merchandise, but the delegates also discussed the possibility of mutuallegal assistance and extradition agreements in the area of intellectual prop-erty crime. The Lyon Group endorsed various recommendations, includingsharing strategic intelligence concerning organized criminal groups andsponsoring an annual meeting on trends in intellectual property crime andmember countries’ enforcement activities.
Since the early 1990s, several international organizations, such as theUnited Nations, the OECD, the COE, the G-8, and Interpol, have workedto combat the problem of computer crime. Despite their efforts, no singledefinition of computer crime has emerged. Although many state and federallaws in the United States define terms, such as “unauthorized access to acomputer system” and “computer sabotage,” neither the federal nor any ofthe state penal codes provide a definition for the term computer crime.80
The U.S. DoD’s Defense Information Systems Agency (DISA) completedan in-depth investigation on computer crime. From 1992 to 1995, DISAattacked their own DoD computer systems using software available on theInternet. Of the 38,000 attacks perpetrated, 96% of the successful attackswent undetected. Furthermore, of the detected attacks, only 27% were re-ported. Thus, approximately 1 in 140 attacks were both detected and re-ported, representing only 0.7% of the total. If the detection and reporting
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
116 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
of computer crime is less than 1% in the nation’s military systems, how oftenmight these crimes go unreported when the intended victim is an individualor a small business owner?81
An annual report compiled by the CSI in San Francisco, California, andthe FBI provides statistics on computer crime by surveying computer secu-rity practitioners. The anonymity provided to the survey respondents maycontribute to the accuracy of their responses. The report does not directlypoll law enforcement organizations about the number of computer crimesreported to police. No single governmental body maintains responsibilityfor asking police forces about the prevalence of computer crimes reportedand investigated.82
An analysis of penal legislation in nearly fifty nations suggests that at leastone-half of those countries surveyed had laws in place or legislation pend-ing that prohibited crimes affecting the confidentiality, integrity, and avail-ability of a computer. A variety of international organizations also supportlegislative efforts prohibiting computer crimes. Groups such as the UnitedNations, the G8, the COE, the OECD, and Interpol each have delineatedconfidentiality, integrity, and availability offenses as forming the minimumbasis of proscribed computer crime behavior. The Council of Europe, theforty-one-nation body of which the United States is an observer, has beenworking on a draft treaty on cybercrime for several years. If adopted as cur-rently drafted, the treaty would ensure that confidentiality, integrity, andavailability offenses were outlawed in all signatory nations.
Cybercriminals have forced law enforcement agencies to learn to dealwith complex computer issues to solve many of the crimes perpetratedtoday.83 In the United States, to patrol the Internet and to enforce newInternet laws, the FBI established “computer crime teams” in each of itsfield offices.84 To coordinate the efforts of each team, the Washington, DCfield office has a National Computer Crime Squad, which both investigatesand provides a national resource for computer crime issues.85
The Department of Homeland Security (DHS) was created in 2002. Thisnew cabinet-level department unites twenty-two federal entities for the com-mon purpose of improving the homeland security of the United States. TheSecretary of DHS has important responsibilities in cyberspace security. TheDHS guideline document outline an initial framework for both organiz-ing and prioritizing efforts. It provides direction to the federal governmentdepartments and agencies that have roles in cyberspace security. It alsoidentifies steps that state and local governments, private companies and or-ganizations, and individual Americans can take to improve their collectivecybersecurity. The documents highlight the role of public–private engage-ment. The document provides a framework for the contributions both pub-lic and private sectors can make to secure cyberspace. The dynamics of cyber-space will require adjustments and amendments to the strategy over time.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 117
The DOJ also has a computer crime component, centralized in the Crim-inal Division.86 In 1991, the Computer Crime Unit was established in theGeneral Litigation and Legal Advice Section.87 In 1996, it was transformedinto the CCIPS section of the Criminal Division. It directly attacks cyber-crime by litigating cases and providing litigation support for U.S. attorneys.In addition, CCIPS comments on proposed legislation and tries to coordi-nate both federal and international efforts to respond to computer crimeand the tracking of computer criminals.88
In 1998, President Clinton by presidential directive established the Na-tional Infrastructure Protection Center (NIPC), in an effort to have a morecomprehensive, joint effort between the Justice Department, the FBI, theDoD, and the private sector.89 Led by FBI officials, the NIPC was establishedto provide early warning to private industry about imminent threats to theirnetworks.90 Although it has more than 100 workers, its 2000 budget was only$18.5 million, not enough to enable it to be effective.91
Various other computer security agencies exist, but they lack the abilityand resources to prosecute cybercriminals. The Commerce Department,for example, has its own computer security agency, but it lacks any law en-forcement powers. In addition, CERT only attempts to warn industry aboutpotential security threats it sees. At the local levels, some efforts are in place.In each federal district, the U.S. Attorney’s Office has designed an agentcalled the “Computer and Telecommunication Crime Coordinator.”92 Atthe state level, some states, such as Massachusetts and New York, have created“high-technology crime units,” where state police and investigators pursuecomputer-related offenses.93
Prosecution and Enforcement Efforts
Because of the flood of new Internet crime cases, law enforcement at alllevels is losing the battle. The government catches about 10% of those whobreak into government-controlled computers and far fewer of those whobreak into computers of private companies.94 There are several reasons forthis. Most significantly, because of the explosion in computer crimes, lawenforcement simply does not have the resources or technical support to stopany significant number of cyberthieves. For example, the NIPC’s caseloadrose 300% from 200 investigations in 1996 to more than 800 in 1999. Also,the rise in the number of networked computers makes it much easier forhackers to penetrate and control vast numbers of computers with one break-in, rather than being forced to break in to each computer individually.95
Finally, the trend toward computer networking has also provided more av-enues for intruders to search for the “weakest link” in a large chain ofpotential access points, enabling a cleverly programmed computer to me-thodically test for vulnerabilities in a network.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
118 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Cybercrime can be a lucrative business. In 2001, the Internet Fraud Com-plaint Center (IFCC) received 49,711 complaints of Internet fraud. The49,711 people were hit by cybercriminals for about $17 million, accordingto a report released by the IFCC. Those numbers only reflect crimes that areconsidered Internet fraud; other crimes such as child p*rnography, identitytheft, and computer intrusion are immediately reported to other agencies.96
The first half of 2002 saw a 28% increase in Internet attacks, with morethan 180,000 of them successful.97 In a more recent study, the FBI andthe CSI98 reported that 90% of corporate and other respondents detectedsome type of computer breach in the prior year.99 Although only 44%of these respondents specified a loss amount, the quantified losses fromcomputer security breaches exceeded $455 million.100 There were approxi-mately 73,000 computer-related complaints referred to the Carnegie MellonSoftware Engineering Institute from January 2002 to September 2002, a237% increase over the same time period in 2001. Florida ranked no. 2 inthe United State in 2002 behind California for the number of computerfraud complaints that were reported to the IFCC, a web site run in part bythe FBI and the nonprofit National White Collar Crime Center. Roughly,42.8% of the complaints received by the IFCC in 2001 were auction fraud,followed by nondelivered merchandise at 20.3%, Nigerian letter fraud at15.5%, and credit/debit card fraud at 9.4%.101
Although their number has fallen, virus and worm attacks remain themost prevalent security breach, followed by denial-of-service attacks, whichalso trended down slightly, to 12% in 2002 from 15% in 2001’s report. Manybusinesses felt the sting, with Code Red and Nimda worms infecting thou-sands of companies’ Internet servers. The number of companies claimingless than $10,000 in damages is slightly lower, but those saying such breachescost them between $10,001 and $100,000 rose to 13% in 2002 from 9% in2001. In North America, about 6% of companies indicated that they lostmore than $100,000, although more than one-third indicated that they didnot know the financial damage. Companies that could boast no breach-related expenses fell to 21% from 26%.102
Obtaining the evidence to prosecute cybercrimes and information ter-rorism generally requires promptly trapping certain evidentiary data thatmay have been left by the suspect and also tracing the perpetrator backthrough the system to its source. Once the perpetrator breaks the con-nection with the computer being used as the target of the criminal activ-ity, identifying the perpetrator becomes significantly more difficult, and insome cases impossible. The speed with which computer connections canbe made and dropped usually requires action within seconds or minutes,not the hours or days that may be required for traditional search warrants,especially those sought in foreign jurisdictions. As such, perhaps the mostimportant advantage to be gleaned by entering into a multilateral treaty on
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 119
cybercrime would be mutual cooperation and assistance in the investigativeprocess.
Of course, in today’s largely interdependent world community, the gen-eral sentiment has been that cybercrime is not the first class of offensesto require international cooperation. Money laundering, insider trading,and the illegal smuggling of drugs, weapons, and technology have all ledthe United States to internationalize its criminal law enforcement efforts.103
Indeed, the Drug Enforcement Agency, the FBI, the Customs Agency, theSecret Service, and the Commerce Department collectively operated out of140 offices in fifty-one different foreign countries.
Interestingly, the Office of International Affairs (OIA) of the DOJ hastaken the position that, “U.S. law enforcement agencies such as the FBIhave worldwide investigative authority that would apply to investigations ofcrime carried out against or with the aid of computer systems.”104
Most computer-detection techniques are time-consuming and costly. Be-cause the Internet allows one to “travel” from one computer to anotherso easily, a clever hacker can cloak his or her identity by simply directinghis or her path through one computer with inadequate tracking or loggingdevices.105 For example, Wind River Systems, a publicly traded Internetcompany in Alameda, California, had its computers broken into by Germanhackers.106 However, Wind River’s technology manager could not determinewhat the hackers stole or even how the hackers were able to infiltrate thesystem.
Yet, even when the intruder is an insider, obtaining satisfactory evidenceis often beyond the capability of law enforcement. In 1992, software com-pany Borland International contacted the Santa Clara District Attorney’soffice because they suspected Eugene Wang, a former vice president, oftransferring trade secrets to Symantec Corporation, a major competitor.107
The District Attorney’s Office was willing to prosecute, but told Borlandthat it did not have the resources or expertise to obtain proof. Borland In-ternational decided to subsidize the District Attorney’s investigation; it paidfor a private company to investigate and obtain proof leading to Wang’sprosecution.
Furthermore, the private sector lacks confidence in government becausecompanies view law enforcement agencies as intrusive and inflexible. PhilKarn, a well-known Internet researcher, explained that the Internet industrywas rushing to develop software to locate, trace, and block denial-of-serviceattacks that recently crippled Yahoo! and a host of other popular web sites,in large part because it feared government intervention. Karn observed thefollowing about the DOJ’s efforts: “when the only tool you have is a hammer,the whole world starts to look like a nail.”
Private industry also is reluctant to report intrusions because it sees theFBI as insensitive to business needs. An FBI agent in San Francisco indicated
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
120 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
that executives fear calling authorities because they fear it will hinder theirbusiness, while the FBI investigates the computers. Alan Paller, researchdirector of the Bethesda, Maryland-based Sans Institute, also confirms this:“They won’t share because they’re concerned that either their computerswill be confiscated, or enough parts of the computers will be confiscatedthat their systems will have to stop.”
Even when police already know of an attack, private companies frequentlyrefuse to cooperate. In 1992, when Chemical Bank discovered a high-techdevice called a “Van Eck”108 aimed at its credit card processing plant inManhattan, the bank turned down a police offer to help. Instead, they usedjamming equipment to stop the thieves. According to their security consul-tant, “[We] just wanted the problem to go away.”
Private companies also are not convinced that the FBI is attentive to theirneeds because they believe that the FBI has displayed a lack of sensitivity inthe area of encryption regulation. Moreover, the FBI has urged Congressto place limits on the “strength” of computer data encryption available toprivate companies because strong levels of data encryption could limit theFBI’s ability to intercept and decode the data communication it needs to stopterrorist plots.109 The IT industry claims, however, that strong encryption isalready widely available outside the United States, and is a vital element inprotecting business and retail transactions over the Internet and in ensur-ing the privacy of e-mail. The FBI’s opposition has made many companiessuspicious that the FBI does not have their interests at heart. A networkmanager at MIT indicated that the FBI has “completely compromised itselfon giving advice on security, because every time the FBI has weighed in onthis issue, it’s been to weaken it.”
Other private companies distrust the FBI because the NIPC refuses torelease the source code of programs it writes. When the NIPC released soft-ware it wrote to help companies monitor their networks, many companiesrejected the software because it feared the FBI would use the software to spyon their companies. Qualcomm, Inc., for example, rejected the softwarebecause the FBI refused to allow Qualcomm to inspect the source code.
Some companies are reluctant to report because they want to employthe hacker instead. Morty Rosenfeld, for instance, was convicted in 1992 forstealing almost 200 credit reports from TRW. When he was released fromprison, he was quickly hired by Panasonic to monitor security. Rosenfeld alsogets free Internet access from his local service provider because they believethat it “is better to have them on your side than against you.” Other hack-ers are also widely sought for their talents: Hacker Kevin Poulsen joinedSecurityFocus.com, a provider of intelligence services for businesses;110
Kevin Mitnick was employed by a college he broke into years before; and thehacker who briefly controlled the southern U.S. water canals was employedas a security consultant.
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 121
The majority of laws currently in place clearly were not written withthe Internet in mind. The imperfections are believed to stem from thewidespread perception that existing statutes are limited to “the ancientcommon-law paradigm of one’s neighbor’s livestock.” For example, larcenystatutes are premised on depriving someone of lawful possession. Theytherefore implicitly do not apply to information, because the victim re-tains possession as well as the thief. The problems, however, are less in-tractable than widely perceived and more easily correctable by altering ex-isting statutes than by writing new ones.111 Because the laws were writtento protect physical property, not electronic property, cyberthieves and elec-tronic vandals have been able to evade prosecution for their reckless or ma-licious acts.112 The shift to a fast-moving, borderless electronic environmentmeans that even small imperfections in the law, whether due to inadequatebreadth or imprecise drafting, are likely to have disastrous consequences.
Legal Exposure and Cybercrime
Cybercrime is a far-reaching problem, often harming parties other thanthe company targeted by the attack. Employees, customers, business part-ners, investors, and others may be indirectly victimized by the same act ofcybercrime. For a targeted company, the costs of cybercrime include notonly the loss of business, but also the expense of defending against lawsuitsbrought by indirect victims seeking to recover their own related losses. Tar-geted companies in certain industries may also confront additional costsfrom cybercrime, including risk of governmental actions for failure to takeadequate security precautions to prevent the harm to others.
Although few lawsuits in this context have emerged to date,113 the in-centives for bringing such claims are clear: Targeted companies are moreeasily identified than cybercriminals, they are much less likely to be judg-ment proof, and the party seeking to recover can almost always argue thatthe company could have taken some additional security measure that wouldhave prevented the loss. These claims appear imminent, creating significantlegal exposure for companies that have failed to develop and implementcomprehensive cybersecurity plans.
Legal Avenues to Combat Cybercrime
The emergence of new technology generally provokes the creation of newlaws.114 The new technology threatens to disrupt social relations in twoarenas.115 The first concerns the possibility that some new technology willdisrupt existing economic relations. The potential for conflicting signalsover radio airwaves, for example, precipitated the creation of a licens-ing system for radio stations to determine who had the right to specific
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
122 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
frequencies.116 The technology for photographic reproduction broughtabout new laws of copyright to establish the legal rights of both those whoowned this new technology and those whose images might be captured by theuse of photography.117 In both cases, new forms of value – radio frequenciesand photographic images – had to be defined within the established systemon property rights before these problems could be resolved.
The second problem concerns the potential for new technology to disruptestablished economic patterns. For example, the steam locomotive reducedthe powers of individual states to control and regulate economic relationswithin their borders. Technological innovation remains troublesome untilit is firmly lodged within the established patterns of economic relationshipsand social authority.
There are a variety of civil and criminal legal weapons to help companiescombat cybercrime, hacking, and the online shakedown. In addition totraditional common law claims of trespass, fraud, unfair trade practices,and theft of trade secrets, there are several federal laws that specificallycontemplate and condemn computer-related crimes.118
Statutory Provisions in the United States
Law enforcement authorities have only more recently begun to respond tocomputer crime and crimes committed through the use of a computer.119
The current U.S. legal structure presents a disjointed view of what is consid-ered computer crime. Congress responded to the flood of computer andInternet crimes by passing the Computer Fraud and Abuse Act (CFAA),120
which duplicated much of existing law, but left unaddressed several injus-tices that spurred the bill’s passage.121 The CFAA makes it unlawful for anyperson to access a protected computer “without authorization.”122 It alsoforbids a person who has a legitimate and authorized right of access from“exceeding the authorized access.” If either type of access results in theperson’s obtaining information from the protected computer and the con-duct involves interstate or foreign communication, then a violation of theCFAA is established. The CFAA also prohibits activities such as the dissem-ination of malicious software123 and trafficking in stolen passwords. TheCFAA allows any person who suffers damage or loss by reason of a viola-tion of the statute to maintain a civil action to obtain compensatory dam-ages and injunctive relief or other equitable relief.124 The legislative flawsstem from Congress’s erroneous belief that computers are fundamentallydifferent from everything else. Statutes such as the CFAA represent clearattempts to respond to computer crime. Other statutes, such as the MailFraud and Copyright Statutes,125 are used to prosecute normal crimes suchas fraud and copyright violations if they are committed through the use of acomputer. The statutes targeting computer criminals have been written with
P1: KPB/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c05 CB764-Nasheri-v1 February 17, 2005 11:7
TENSIONS BETWEEN SECURITY AND OPENNESS 123
the intent of prosecuting individuals, not nation-states. The U.S. statutes alsocriminalize invasions of privacy that occur via information networks.126
In the United States, the “interruption of computer services to authorizedusers” involves a violation of a series of federal and state computer-relatedcriminal laws that are designed to protect the authorized users of computersystems. Because most of these laws have only more recently been legislatedand because few people have ever actually been charged with such violations,there is little history or case law in this area. However, as computer-relatedcrimes continue to escalate, these statutes could prove to be a positive forcein efforts to catch the electronic criminals of the future.
The chief problem with the U.S. Federal Mail and Wire Fraud Statutes –which prohibit any scheme involving the use of the mail or wires to obtainproperty by false pretenses – is the need to prove a “scheme to defraud.”Because a trade secret thief often only copies information, he or she doesnot necessarily “defraud” the company permanently of the information.Moreover, much trade secret theft occurs without the use of the mail orwires.
Three principle federal statutes prohibit computer hacking and otherunauthorized uses of computers and computerized information: CFAA, theElectronic Communications Privacy Act, and the EEA. Although none com-pletely addresses the full range of computer crimes, most cybercrimes fallwithin the scope of one or all these laws.
The threat posed by cybercrime and information theft will require thosewho increasingly rely on computers and the Internet to become more vig-ilant. It will also require effective laws that can be used to prosecute thosewho attempt to disrupt cyberactivities. The legislatures of several nation-states have already passed computer crime laws of varying effectiveness. Ascybercriminals have become progressively more sophisticated and interna-tionalized, the ability of a single state to effectively prosecute those whoattack it from and through other states has become increasingly complex.In today’s highly networked world, states’ borders pose no obstacles to cy-bercriminals, but do create hurdles for prosecutors and law enforcement.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
C H A P T E R S I X
The New Rule for Keeping Secrets – TheEconomic Espionage Act
although the dominance of technological developments has made tradesecrets more valuable, warranting greater protection, the rise of globaliza-tion has made them harder to protect. Intellectual property – inventionsand innovations in products and processes – has been the engine drivingeconomic growth. Because controlling the use of inventions, innovations,and other business-enriching information is essential to competitive success,trade secrets have become increasingly valuable.
At the same time, globalization of the economic system has increasedworldwide demand for these inventions and innovations. As demonstratedearlier, globalization, the decline in customer and employee loyalty, theavailability of venture capital, and improved information flow all makestrade secrets less secure.
Legal Initiatives in the Earlier Days
In an 1868 U.S. case involving trade secret litigation, the MassachusettsSupreme Court stated: “it is the policy of the law, for the advantage of thepublic, to encourage and protect invention and commercial enterprise.”1
The principle articulated by the justice was that “if a man establishes a busi-ness and makes it valuable by his skill and attention, the good will of thatbusiness is recognized by the law as property.” This case began the evolutionof trade secret law in the United States, which has now been in existence formore than a century.
The U.S. Congress enacted the first criminal law protecting intellectualproperty in 1909.2 The law covered only copyright violations and only at aminimal level. Since then, Congress has gradually and consistently expandedthe role of federal law enforcement in this area, by imposing felony penal-ties for unlawfully reproducing or distributing motion pictures or sound
124
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 125
recordings in 1982,3 by broadening the protection to all types of copyrightedworks in 1992,4 by making a copyright violation a “specified unlawful activ-ity” for money laundering in 1994,5 by including copyright violations aspredicate offenses under RICO in 1996,6 and, most recently, in 1997, bypassing the No Electronic Theft Act (NET), which criminalizes copyrightinfringement even in certain circ*mstances where the infringer does not actfor commercial purpose or private financial gain.7 Copyright infringementmay now constitute a felony under federal law if ten copies of a copyrightedwork or works with a total retail value of at least $2,500 or more are repro-duced or distributed.8
In more recent years, Congress has also chosen to protect other forms ofintellectual property with criminal sanctions. In addition to criminalizingtrademark infringement in 1984, Congress in 1996 criminalized the theftof trade secrets by passing the EEA, which became effective on October 11,1996.9 In his remarks the day that the Senate passed the EEA, Senator ArlenSpector expressed concern “with the threat posed to American economiccompetitiveness in a global economy by the theft of intellectual propertyand trade secrets.”10
International Initiatives for Protectionof Intellectual Property
The Paris Convention
The Paris Convention11 was the first international agreement protectingintellectual property. The Paris Convention requires signatory nations toextend to foreign nationals the same intellectual property protections thatare provided to their own citizens. It has been revised by successive ne-gotiations and has established the international standards for patents andtrademarks.12 It is the foremost industrial property law treaty and has exten-sive membership. Parties to the Paris Convention make up a union that pro-tects industrial property. The union consists of several administrative bodies:the Assembly (the chief governing body under Article 13 of the convention),the Executive Committee (a smaller body elected from the Assembly underArticle 14), and the International Bureau of the World Intellectual PropertyOrganization (a body that performs the union’s administrative tasks underArticle 15). The Convention sets forth uniform rules by which member statesmust abide with respect to industrial property rights. The Paris Conventionwas designed to be flexible and allow signatory countries to have some dis-cretion in implementing national legislation.13 The Paris Convention doesnot, however, specifically address economic espionage. Article 10 on un-fair competition only prohibits “any act of competition contrary to honestpractices in industrial or commercial matters.”14
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
126 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
World Intellectual Property Organization
The World Intellectual Property Organization (WIPO) was established bya convention at Stockholm in 1967. It administers international unions re-lated to intellectual property, including the Paris Convention for the Pro-tection of Industrial Property, first signed in the 1880s. Its main purpose isprotecting the interests of intellectual property worldwide. More than 175countries belong to WIPO. WIPO’s intent is to build cooperation regardingintellectual property and to improve the administration and protection ofindustrial property and intellectual property.15 The WIPO Convention de-fines intellectual property broadly to include rights related to any inventions,any industrial property and designs, protection against unfair competition,and “all other rights resulting from intellectual activity in the industrial,scientific, literary or artistic fields.”16
General Agreement on Tariffs and Trade
On April 15, 1994, an agreement resulted from the Uruguay Roundof GATT, establishing the WTO and promulgating several trade-relatedagreements.17 The Trade-Related Aspects of Intellectual Property RightsAgreement (TRIPs Agreement), another product of the Uruguay Round,requires member countries to protect against acquisition, disclosure, or useof a party’s trade secrets “in a manner contrary to honest commercial prac-tices.” Although the TRIPs Agreement specifically refers to “confidentialinformation” rather than “trade secrets,” it defines such information as hav-ing commercial value, not being in the pubic domain, and being subject to“reasonable steps under the circ*mstances” to maintain its secrecy.18 Theagreement allows for injunctions and damages, as well as provisional reme-dies to prevent infringement and to preserve evidence.
Trade-Related Aspects of Intellectual Property Agreement
The most extensive multilateral protection of intellectual property wasestablished by the TRIPS Agreement.19 It requires member countries toprotect against acquisition, disclosure, or use of an individual party’s undis-closed information. Specifically, it protects “confidential” information hav-ing commercial value. The TRIPS Agreement also protects trade secrets,not as individual intellectual property, but as a prohibition against un-fair competition.20 It also enhances IPRs through improved enforcementmechanisms and remedies. The TRIPS Agreement provides a broad excep-tion, however, permitting members to adopt contrary national laws if nec-essary to protect “sectors of vital importance to their socio-economic and
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 127
technological development. . . .”21 This exception may allow countries toavoid specific prohibitions against economic espionage.
The North American Free Trade Agreement
Another significant multilateral treaty protecting trade secrets is the NorthAmerican Free Trade Agreement (NAFTA) between the United States,Canada, and Mexico.22 NAFTA, which entered into effect on January 1,1994, is significant because it is the first international agreement to expresslyprovide protection for trade secrets. Under Article 1711, trade secret pro-tection of parties is perpetual, as long as the information remains secretand unknown to the general public. NAFTA also requires the U.S. gov-ernment to maintain the secrecy of confidential data submitted to it. Thisprovision helps to close a source of information to foreign governmentsand industrial spies who previously could explore U.S. government reportsand records for information. However, under NAFTA, a misappropriationof proprietary information is only actionable if the acquiring party knew, orwas grossly negligent in failing to know, its actions were illegal.23
U.N. Resolution 1236 and Resolution 2131
Two U.N. Resolutions indirectly relate to the problem of economic espi-onage. “Peaceful and Neighborly Relations Among States” is the title ofResolution 1236, passed in 1957.24 It addresses the duty of noninterventionin other states’ internal affairs and calls upon states to settle their disputesin a peaceful manner.
A second resolution, Resolution 2131, was passed in 1965 and is entitledthe “Declaration on the Inadmissibility of Intervention in the Domestic Af-fairs of States and the Protection of Their Independence and Sovereignty”(the “Declaration on Inadmissibility”). It resolves that “no state has theright to intervene, directly or indirectly, for any reason whatever, in theinternal or external affairs of any other State.”25 It condemns armed in-tervention as well as “all other forms of interference or attempted threatsagainst the personality of the State or against its political, economic, andcultural elements.” This resolution, however, probably was intended todeal more with economic sanctions than with theft of private commercialsecrets.
Both resolutions could be construed as indirectly condemning economicespionage because a nation’s economy is part of its internal affairs. Eco-nomic espionage, after all, is an activity by which one nation intervenes inanother nation’s economic affairs. These resolutions have been ineffectiveagainst economic espionage. Because these resolutions are persuasive and
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
128 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
not binding materials, some states tend to ignore them. The end result isthat, in spite of U.N. resolutions that are seemingly against it, economicespionage continues.
The Convention on Combating Bribery of Foreign Public Officials
Bribery of employees or government officials is a common way of con-ducting economic espionage.26 More recently, multilateral efforts havesought to discourage this practice. The Convention on Combating Briberyof Foreign Public Officials in International Business Transactions (OECDConvention)27 became effective in February 1999. This multinational treaty,which was formulated by the OECD,28 obligates signatory countries to makebribery of foreign public officials a criminal act.29 The U.S. Congress ratifiedand implemented the OECD Convention by adopting amendments to the1977 Foreign Corrupt Practices Act.
Economic Espionage War and the European Union
The EU is one of the largest trading partners of the United States, and theEU’s intellectual property laws directly impact the U.S. market.30 The EUevolved from the Treaty Establishing the European Economic Community(the Rome Treaty),31 which was enacted on March 25, 1957 to enhanceeconomic coordination among western European nations. The Rome Treatygenerally referred to the protection of industrial and commercial property,but did not create a central authority to protect IPRs. Without a centralauthority, member states were left to regulate their own national intellectualproperty laws subject to EU “guidance.” Over time, however, the EU soughtto directly protect IPRs through competition laws.32 Under Article 36 of theRome Treaty, the IPRs granted by any member state and are afforded thefull force of law.33
Trade secrets are only indirectly recognized as an IPR in the EU.34 Ar-ticle 81(3)35 of the Rome Treaty is the provision under which the EU hasestablished most intellectual property regulations. EU regulations and di-rectives indirectly recognize and protect “know-how” defined as “a pack-age of non-patented practical information, resulting from experience andtesting, which is secret, substantial and identified.”36 The three necessaryelements of know-how are further defined as follows: “secret,” which meansthat the know-how is not generally known or easily accessible; “substan-tial,” which means that the know-how includes information that is indis-pensable for the manufacture of the contract products or the application ofthe contract processes; and “identified,” which means that the know-how isdescribed in a sufficiently comprehensive manner so as to make it possible to
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 129
verify that it fulfills the criteria of secrecy and substantiality. In 1989, the EUgranted an exemption from competition rule for pure know-how licensingagreements.37 In 1996, this regulation was incorporated into the TechnologyTransfer Regulation38 that exempts the licensing of patent and know-howand “ancillary provisions” regarding other IPRs.
U.S. Initiatives for Protection of Intellectual Property Assets
In the late 1980s and early 1990s, the United States found itself facing anincreasingly weak competitive position as an industrial power. As explainedearlier, it turned to a series of multilateral treaties, such as the TRIPS compo-nent of GATT, in order to police intellectual property piracy and to securepotential markets for its intellectual property assets. The United States alsoclaimed that a strengthening of international IPRs would serve as an eco-nomic engine on a global basis.39
The United States was concerned with trademark, patent, and, especially,copyright. However, corporations were soon to adopt the idea that intellec-tual property might play a leading role in asserting their economic worth toinvestors. Consultants remind companies that their major assets often arenot in real estate or industrial equipment, but in the knowledge requiredto run businesses. The Brookings Institute has estimated that 50% to 85%of the value of a business may reside in its intangible assets, including trade-marks and trade secrets.40
Since the mid-1990s, intellectual property assets have become frequenttopics for seminars.41 Rust-belt industrial corporations42 as well as informa-tion economy businesses turned to valuing their knowledge assets to attractinvestors. In part, the idea of trade secrets as assets was fostered by newstart-ups, and especially biotechnology companies, which chose to createportfolios of trade secrets rather than pursue the much more expensiveroute of protection through patents.
Comprehensive Scheme to Protect ProprietaryEconomic Information
From its inception, the EEA has attracted attention in various circles andhas resulted in multiple prosecutions. These cases provide initial insightsinto the operation of this law.
The EEA is the first federal criminal law in the United States designedto protect trade secrets. Although the title of the act suggests its primarypurpose is the protection of the proprietary information of American com-panies against foreign theft, it also has a significant impact against the do-mestic theft of trade secrets. The EEA created two federal crimes: economic
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
130 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
espionage and theft of trade secrets.43 Under the EEA, economic espionageconsists of stealing, copying, or receiving a trade secret with the intent ofbenefiting a foreign government or entity. The EEA also makes it a crimeto attempt to conspire to commit espionage, if the defendant intendedto benefit a foreign government. The statute not only specifically targetsagents of foreign governments who steal trade secrets for the benefit ofthose governments; it also criminalizes the theft of trade secrets when thereis no foreign government involvement. The type of benefit intended (e.g.,theft for idealistic reasons rather than pecuniary motives) is irrelevant. Foreconomic espionage, as defined by the EEA, one of the offenses must becommitted knowing it will benefit a foreign government, foreign instru-mentality, or foreign agent. Trade secret theft under the EEA requires adifferent intent: an intent to convert a trade secret to the economic bene-fit of anyone other than its rightful owner, knowing the conversion of thetrade secret will injure the rightful owner. If the stealing of the trade se-cret is for the benefit of a foreign government, the U.S. prosecutor doesnot need to prove any other intent. If the theft was not for the benefit of aforeign government, the prosecutor must prove that the trade secret mis-appropriator intended to injure the owner of the trade secret and confereconomic benefit on another, and that the person accused knew the con-sequences of his or her actions. Penalties for economic espionage includefines of up to half a million dollars and imprisonment up to 15 years44 (seeAppendix A).
The legislative history indicates that at the time the bill was under con-sideration, the FBI was “investigating reports and allegations of economicespionage activities conducted against the United States by individuals or or-ganizations from 23 different countries.”45 Although the main selling pointfor this legislation was combating foreign “espionage,” a survey found thatforeigners had been identified in 21% of incidents involving intellectualproperty loss where the nationality of the perpetrators was known. In casesnot involving a foreign government or a company, the perpetrator was anindividual with a trusted relationship with the company, often an employeeor former employee, retiree, contractor, vendor, supplier, consultant, orbusiness partner.
Prior to the passage of this legislation, the U.S. espionage statutes andother federal criminal statutes did not cover many economic intelligence-gathering operations. Because no federal statutes directly addressed eco-nomic espionage or the protection of proprietary economic informationin a thorough, systematic manner, investigators and prosecutors attemptedto combat the problem by using existing laws. These other U.S. criminallaws were deemed inadequate to protect valued private company informa-tion from theft. In addition, the laws failed to provide confidentiality forthe information in question during criminal and other legal proceedings.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 131
If confidentiality is lost during legal proceedings, then the value of the in-formation is greatly diminished.
Large gaps in trade secret law needed to be filled.46 Companies failedto prosecute thefts of trade secrets due to fear of disclosing confidentialinformation at trial, loss of public trust and image, and the inability ofprosecutors to deal with foreign espionage.47 Before the passage of theEEA in the United States, there was only one very limited federal statutethat prohibited the theft of trade secrets.48 There were also limited meansof redress for companies that faced theft of their trade secrets and at-tempted to prosecute. Until the EEA was passed, no federal statute directlydealt with economic espionage or the misappropriation of trade secretsand intellectual property. That statute provides for criminal penalties forthe unauthorized disclosure of trade secrets by a government employee.49
However, due to the narrow applicability of this law, victims of espionageand trade secret theft were forced to resort to a variety of other statutes.Prosecutors often relied on the Interstate Transportation of Stolen Prop-erty Act (ITSP), Mail Fraud and Wire Fraud statutes, or various state lawsbased on either the Uniform Trade Secrets Act (UTSA) or Restatement ofTorts.
Two major hearings were held to consider the need for federal legislationto prevent the theft of trade secrets as a result of economic espionage. Thefirst, held on February 28, 1996, was a joint hearing before the Senate Se-lect Committee on Intelligence and the Senate Judiciary Subcommittee onTerrorism, Technology, and Government Information.50 The second hear-ing was held before the Subcommittee on Crime of the House JudiciaryCommittee on May 9, 1996.51 The lead witness in both hearings was formerFBI Director Louis J. Freeh. A number of industry leaders, primarily rep-resenting Silicon Valley and aerospace companies, supported Freeh’s con-tention that federal legislation was necessary to combat the growing surgeof economic espionage by both domestic and, especially, foreign agents andentities.52
The hearings documented the two major underpinnings of the legisla-tion. First, foreign governments, through a variety of means, were activelyinvolved in stealing critical technologies, data, and information from U.S.companies or the U.S. government for the economic benefit of their ownindustrial sectors. Second, federal laws then on the books were of limiteduse in prosecuting acts of economic espionage.
Hearings were held in 1996 on “business intelligence” to address the topicof economic espionage both as a crime and as a national security issue.53
Trade association and business representatives spoke to highlight their con-cerns for a comprehensive federal effort to curb industrial espionage.54 Theinventor of MRI technology testified that both German and Japanese firmssystematically spied on his company.55 The former president of a defunct
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
132 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
software business described how his firm had been driven out of the marketafter Chinese agents stole confidential software information. As a result ofthe perceived need for stronger measures against industrial espionage, theEEA was designed to criminalize the misappropriation of trade secrets andencourage and preserve investments in innovation.56
Prosecution of Trade Secret Theft Prior to EEA
Before the passage of the EEA, federal prosecutors sometimes were left tostrained readings of existing statutes to establish criminal intellectual prop-erty theft cases. United States v. Hanco*ck57 illustrates this point. Mr. Hanco*ckrepresented a California company and offered an AT&T engineer in Atlanta$10,000 to provide blueprints for a manufacturing device to be used todevelop plants abroad. The engineer reported the attempted bribe to hissuperiors, and the company called in the FBI. Under the watchful eye ofthe FBI, the engineer agreed to negotiate a deal and carry the blueprintsto California. The FBI arrested Mr. Hanco*ck for the attempted theft upondelivery.
The government had difficulty in proving that the blueprints were “prop-erty” as defined by the statute, and the blueprints were never actually “stolen”because AT&T still had them. Ultimately, the prosecutor proceeded with thecase as an interstate transportation in aid of racketeering, using a Califor-nia commercial bribery statute as the predicate offense for the attemptedracketeering. To say the least, this was a circuitous route to prosecute a casethat today would fit within the EEA.58
Before the EEA, the government sometimes sought to prosecute tradesecret theft under the National Stolen Property Act (NSPA).59 However, theNSPA was drafted before computers, biotechnology, or copy machines ex-isted, and a growing body of case law held that it could not cover intellectualproperty theft. State laws also were inadequate. Although many states hadlaws on the books concerning trade secret theft, few resources were devotedto prosecute corporate espionage. And civil lawsuits under state law are ex-pensive and are frequently hampered by people who are “judgment proof”or beyond the jurisdiction of the state courts.60
The legislative history of the EEA shows the problems with prosecutingthe theft of trade secrets under federal criminal law, which often led theU.S. Attorney’s Office to decline matters that involved employees of U.S.corporations attempting to sell proprietary information to foreign govern-ments. Legislators realized that the only practical way to protect critical U.S.corporate information from theft by foreign governments and unscrupu-lous competitors was to enact a single comprehensive federal law that couldbring federal resources to bear against defendants who steal proprietaryinformation.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 133
The Legislative Intent
An analysis of the legislative history indicates that the EEA is not intendedto apply to individuals who seek to capitalize on personal knowledge, skill,or abilities.61 Moreover, the statute is not meant to be used to prosecute em-ployees who change employers or start their own companies using generalknowledge and skills. Rather, the goal of the EEA is to preserve fair compe-tition by making sure that corporate spies do not illegally take the fruits oftheir employment in order to compete with their prior employer.”62
Prosecution of Trade Secret Theft Under the EEA
Trade secret theft under the EEA does not require an intent to benefit aforeign government. Trade secret theft under the EEA involves three signif-icant elements of proof.
First, a defendant must have intended to convert the trade secret foreconomic benefit of someone other than the owner. So a defendant musthave a pecuniary goal on behalf of someone. In civil law, that requirementis not needed.63 Second, the defendant must intend to injure the owner ofthe trade secret. It is sufficient that the defendant knew his or her actionswould injure the owner. Again, this requirement is absent from traditionalcivil trade secret liability. Third, the secret must be related to or includedin a product that is either produced for or used in interstate or foreigncommerce64 (see Appendix A).
Civil or Criminal
A civil statute may be particularly useless to small businesses that may not beable to afford a civil suit against a much larger competitor engaging in tradesecret theft.65 The civil statute is also fairly ineffective in curbing industrialespionage schemes implemented by foreign culprits. A corporation based inNorth Carolina, for example, is not likely to recover from one of its formerengineers, a Korean citizen who has relocated to Korea after disclosingcompany secrets to a Korean company. Finally, a civil statute does not ensurethe confidentiality of the information at issue will be preserved in the courseof a trial. Without such guarantees, civil litigation can do more harm thangood.
Consequently, legislative reform was needed to provide a stronger de-terrent and to address the modern concerns of instant communication, adecrease in employee loyalty, a shift from an economy based on manufactur-ing to one based on intellectual property, and a shift of espionage resourcesby foreign countries to economic targets. As the U.S. Supreme Court notedyears ago, “existing trade secret law provides far weaker protection in many
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
134 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
respects than the patent law.”66 Therefore, it became increasingly clear thata federal criminal statute would better protect U.S. companies. A federalcriminal statute would allow small businesses to ride the coattails of fed-eral prosecutors who perform investigations, gather evidence, and build arecord.
Civil laws also do not offer the same remedies as criminal sanctions. TheUTSA67 applies to civil disputes and various trade secret concepts, but onlyprovides for damages and injunctive relief to punish violators. In contrast,the EEA includes criminal sanctions that raise the stakes well above theprospect of civil damages.68
What Is a Trade Secret?
As society advances into the information age, businesses are increasingly af-fected by issues of trade secret protection. For example, in the United States,this area of intellectual property law can impact a wide array of commercialactivities.69 Trade secret laws protect commercially beneficial secrets fromwrongful misappropriation with one notable caveat: Trade secrets are onlyprotectable if they are indeed treated as “secrets” by their owners.70 Tradesecret law serves as a system of regulation to encourage research, innova-tion, and development of new ideas of a useful nature.71 Trade secrets are akey part of industrial power, representing assets that are a requirement forcompetitiveness in any given market.
It is not easy to define the term “trade secret.” The improper and unethi-cal procurement of information constituting a trade secret was addressed in1939 when the original Restatement of Torts was drafted and published.72
In the United States, the comments to Section 757 of The Restatement ofTorts stated:73
A trade secret may consist of any formula, pattern, device or compilation ofinformation which is used in one’s business and which gives him an oppor-tunity to obtain an advantage over competitors who do not know or use it.It may be a formula for a chemical compound, a process of manufacturing,treating or preserving materials, a pattern for a machine or other device, ora list of customers. Generally, it relates to the production of goods, as, forexample, a machine or formula for the production of an article. It may, how-ever, relate to the sale of goods or to other operations in the business, suchas a code for determining discounts, rebates or other concessions in a pricelist or catalogue.
The Restatement lists a set of factors that are important in determiningwhether a trade secret exists:
� The extent to which the information is known outside the business� The extent to which it is known by employees and others involved in the
business
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 135
� The extent of measures taken by the business to guard the secrecy of theinformation
� The value of the information to the business and its competitors� The amount of effort or money expended by the business in developing
the information� The ease or difficulty by which the information could be properly acquired
or duplicated by others74
For example, the prices that a company charges for its products are gener-ally not trade secrets because this information can normally be obtained sim-ply by making a few phone calls. However, where a company has a complexformula for setting prices, the formula may be a protected trade secret.75
Trade secrets do not necessarily have to be created within the company.For example, the report of an outside consultant regarding proposed prod-uct improvements might qualify as a trade secret. Many companies aretempted to label nearly all corporate documents as confidential, but thisis generally not a good practice. When material marked “confidential” isroutinely given to members of the public, the designation loses its credibil-ity. Thus, the “confidential” label should be reserved for items that truly arekept secret.
The more modern76 Restatement (Third) of Unfair Competition definestrade secrets as “any information that can be used in the operation of abusiness or other enterprise and that is sufficiently valuable and secret toafford an actual or potential economic advantage over others.”77 To qualifyfor trade secret protection, the item in question must truly be secret. Acompany who regularly disseminates the material through advertisem*ntsor web sites will be unable to establish trade secrets.78
It is possible for a trade secret to exist even when some of the elementsare known by the public. When, for example, known chemical compoundsare put together in carefully determined percentages to produce a newand desirable result, a trade secret has been created.79 Customer lists mayor may not be trade secrets, depending on the type of list and how it wascompiled. For example, if the list is derived from canvassing a large numberof prospective customers, and the list is the result of years of time and effortand the expenditure of a considerable sum of money, courts are more likelyto grant trade secret protection. However, when the names of customers arereadily ascertainable in the trade, courts are more likely to find that the listsare not trade secrets.80
Even if the names of customers are well known, the particular needs ofcustomers are not. When a defendant can demonstrate that the customerneeds can easily be obtained just by calling up the customers’ respective pur-chasing managers, courts probably will reject the trade secret claim. How-ever, when a company keeps a database of highly specialized and complexcustomer requirements, some courts may find that trade secrets exist.81
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
136 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
For an item to qualify as a trade secret under the EEA, the owner ofthe information must not only take “reasonable measures” to keep it se-cret, but it must also have value.82 The act requires that the informationmust derive “independent economic value, actual or potential, from notbeing generally known to, and not being readily ascertainable throughproper means by, the public.”83 There are three generally accepted meth-ods used for appraising the value of a trade secret: (1) the market approach(which compares the sales price of similar assets to the assets being valued),(2) the cost approach (which uses replacement cost as the indicated ofvalue), and (3) the income approach (which measures the value of antici-pated future economic benefits to be derived from the use of the asset inquestion).84,85
In the past, the theft of trade secrets has been litigated in the civil, as op-posed to criminal, forum.86 Today, however, companies are becoming moreand more vulnerable to the theft of their proprietary information by roguenations and foreign competitors. Consequently, corporations, recognizingthe value of their trade secrets, are increasingly seeking criminal and civilsanctions to protect their private information.87
Patents Versus Trade Secrets
It is important to recognize the difference between trade secrets and patents.Patents protect inventions.88 To qualify for a patent, the device must meetthe statutory requirements of novelty89 and nonobviousness.90 Under thenovelty requirement, the patent applicant must show that he or she was thefirst in a WTO country to invent the claimed subject matter of the appli-cation without subsequently abandoning, suppressing, or concealing it.91
The patent law also requires that the inventor promptly apply for patentprotection. Consequently, if the device is publicly used in this countrymore than 1 year before the filing of the patent application, the inven-tion will be considered to be part of the public domain and the patent willbe denied.92
If a patent is granted, the owner has the right to exclude others from mak-ing the product, extending from the issue date to 20 years after the date ofthe initial application.93 This also gives the patent holder the right to excludeothers from using, selling, or importing any product covered by the patent.Infringers are subject to civil damages that may cover the patentee’s lostprofits or reasonable royalties for the product.94 Willful infringement canresult in treble damages. In determining infringement, the patent owner isheld to the definitions of the property that were given in the “claims” portionof the approved patent application.95 Items that are not within the patentclaims generally will not be found to infringe the patent. Furthermore,the patent law does not provide criminal sanctions for infringing a patent.96
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 137
Uniform Trade Secrets Act
The UTSA requires three general elements to establish a trade secret: (1)the secret must possess actual or potential economic value, (2) the ownermust take reasonable measures to guard secrecy and preserve confidential-ity, and (3) the trade secret’s information must not be capable of beingacquired by competitors or the general public without undue difficulty orhardship.97 Many states in the United States have adopted the UTSA. Al-though thirty-eight states and the District of Columbia have enacted tradesecret statutes, often modeled after the UTSA, these state laws have not beeneffective, primarily because the resources need to prosecute trade secretcases are usually not available at the state government level.98 Furthermore,because most states modified the UTSA when they drafted their own statelaws, resulting in a lack of uniformity, the statutory framework provided bystates is inefficient and unpredictable.99 To complicate things further, statessuch as New York, Pennsylvania, and Texas have wholly adopted the Restate-ment approach to trade secret theft, ignoring the UTSA and contributingfurther to the creation of an unstable and unstructured statutory regime.As a result, companies do not know in advance of the trade secret theftwhich state’s law will govern. In other words, company executives have noway of knowing where a stolen trade secret will be disclosed or where it willbe used after disclosure, leaving executives unable to tailor confidentialityand compliance programs to a specific region or statutory regime. In moststates, trade secret theft is not even a felony. Commentators agree that auniform trade secret regime is much more useful to avoid these choice oflaw issues in litigation.100 With modern technology resulting in a fountainof information, a uniform federal system of law designed to protect tradesecrets is better suited to combat industrial espionage than fifty conflictingstate legal systems. This argument is bolstered by the fact that internationaltrade is a uniquely federal concern.101
The UTSA constituted the first attempt at comprehensive national legis-lation of trade secrets theft.102 The UTSA defines misappropriation similarlyto the Restatement, but provides examples of what “improper means” in-clude, namely, “theft, bribery, misrepresentation, breach or inducement ofa breach of duty to maintain secrecy, or espionage through electronic orother means.”103 The main advantage of the UTSA over the common law isthat it allows an aggrieved party to use and recover from a third party thathas accepted stolen information, which often turns out to be a foreign com-pany with deeper pockets than the culprit.104 The USTA also provides forcivil remedies for the theft of trade secrets, including both injunctive reliefand recovery of monetary damages. Although damages include lost profits,the cost of investment in research and development, loss of reputation inthe business community, and loss of the value of the trade secret, many of
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
138 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
the businesses engaging in these offenses view the potential damages as anecessary risk, the cost of doing business, and a way to gain an economicadvantage over competitors. In other words, for many companies and in-dividuals involved in stealing competitors’ secrets, the penalties are not adeterrent.105
The UTSA defines the term “trade secret” and provides remedies formisappropriation.106 Trade secret means information, including a formula,pattern, compilation, program, device, method, technique, or process thatderives independent economic value, actual or potential, from not beinggenerally known to, and not being readily ascertainable by proper meansby other persons who can obtain economic value from its disclosure or use,and is the subject of efforts that are reasonable under the circ*mstances tomaintain its secrecy.107 Improper means include theft, bribery, misrepresen-tation, breach or inducement of a breach of a duty to maintain secrecy, orespionage through electronic or other means. Misappropriation means ac-quisition of a trade secret of another by a person who knows or has reasonto know that the trade secret was acquired by improper means, or disclosureor use of a trade secret of another without express or implied consent, by aperson who used improper means to acquire knowledge of the trade secret,or at the time of disclosure or use, knew or had reason to know that his orher knowledge of the trade secret was derived from or through a personwho had used improper means to acquire it; acquired under circ*mstancesgiving rise to a duty to maintain its secrecy or limit its use; or derived from orthrough a person who owed a duty to the person seeking relief to maintainits secrecy or limit its use; or before a material change of his or her position,knew or had reason to know that it was a trade secret and the knowledge ofit had been acquired by accident or mistake.108
A Trade Secret under EEA
The EEA defines trade secret broadly to include all forms and types of scien-tific or technical information. The term trade secret means all forms and typesof financial, business, scientific, technical, economic, or engineering infor-mation, including patterns, plans, compilations, program devices, formulas,designs, prototypes, methods, techniques, processes, procedures, or codes,whether tangible or intangible, and whether or how stored, compiled, ormemorialized physically, electronically, graphically, photographically, or inwriting, if (1) the owner thereof has taken reasonable measures to keep suchinformation secret; and (2) the information derives independent economicvalue, actual or potential, from not being generally known to, and not beingreadily ascertainable through proper means by, the public.109,110
If the owner of the trade secret makes reasonable efforts to keep the in-formation secret, and the information is not generally known or readilyascertainable to the public, it meets the EEA’s definition. Some people
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 139
contend that this definition is too broad. Many state law provisions requirethat the trade secret remain generally unknown or ascertainable to com-petitors. Competitors obviously have greater knowledge and capability on aparticular subject than the general public has, and that restricts many statedefinitions of a trade secret.111
To qualify under Section 1832, trade secrets must be “related to or in-cluded in a product that is produced for or placed in interstate or foreigncommerce.”112 Because trade secrets must explicitly be embodied in a prod-uct in the stream of commerce, protection is limited if the trade secret relatesto a rendering of services rather than a produced ware that contains or usesthe secret. As noted by some commentators, “this means that the EEA ar-guably does not cover either ‘negative know-how’ or information discoveredbut not [currently] used by a company.”113
The owner of the information must take “reasonable measures” to keepit secret.114 According to the legislative history of the EEA, “if the owner failsto attempt to safeguard his or her proprietary information, no one can berightfully accused of misappropriating it.”115 The critical question becomes:What constitutes a “reasonable measure” under the EEA? There is, of course,no definitive answer.116 The drafters of the EEA stated that “what constitutesreasonable measures in one particular field of knowledge or industry mayvary significantly from what is reasonable in another field or industry.”117
Although no “heroic or extreme measures” are necessary,118 the owner ofthe material “must assess the value of the material it seeks to protect, theextent of a threat of the theft, and the ease of theft in determining howextensive their protective measures should be.”119,120
The Territorial Reach of the EEA
The EEA has a very broad territorial reach,121 extending beyond the bordersof the United States. Section 1837 provides that the EEA applies not only toacts conducted entirely within the United States, but also to foreign schemesso long as any “act in furtherance of the offense was committed in theUnited States.”122 A trade secret theft involving the electronic transfer (byany means) of the secret through the United States on its way to anotherforeign locale would constitute a violation of the act.123 Further, the EEAapplies to foreign acts of trade secret theft if the defendant is a “naturalperson who is a citizen or permanent resident alien of the United States.”124
For example, “if a United States citizen residing abroad steals a Russian tradesecret on behalf of the Chinese government, that act is in violation of the EEAeven though there is no other connection between the misappropriationand the United States.”125,126
The territorial reach of the EEA is intentionally broad and includes aprovision that explicitly addresses “conduct outside the U.S.” This provi-sion rebuts “the general presumption against the extraterritoriality of U.S.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
140 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
criminal laws” and makes “it clear that the Act is meant to apply to the spec-ified conduct occurring beyond U.S. borders.” It is designed to provide theJustice Department “with broad authority to prosecute international theftand will prevent willful evasion of liability for trade secret misappropriationby using the Internet or other means to transfer the trade secret informationoutside the country.”127
Jurisdictional Hooks
The EEA has several jurisdictional hooks. The EEA applies to “conduct oc-curring outside the United States” if (1) the offender is a citizen or perma-nent resident alien of the United States, (2) the offender is an organizationorganized under the laws of the United States or any state or political sub-division of the United States, or (3) “an act in furtherance of the offensewas committed in the United States.”128 The first two standards are easy toapply, but the third probably will produce diverging opinions of the properjurisdictional scope of the EEA. For example, suppose a computer hacker inFrance uses IBM’s computer network in New York to break into a company’ssystem in Canada. Was an act “in furtherance of the offense” committed inthe United States such that jurisdiction exists?
The jurisdictional puzzle is particularly perplexing because the Internetis not one computer “superhighway” and there is no centralized storagelocation for information, no central control point, and no singular com-munications channel.129 Rather, the Internet is hundreds of thousands ofcomputer networks linked together.
Examples of Economic Espionage Activities
When the EEA was signed into law in 1996, predictions varied widely over itspotential impact. Some predicted a flood of new court cases, whereas othersdismissed the event as much ado about nothing. The 8-year history showsthat the pace of criminal prosecutions of intellectual property crimes contin-ues to build. The cases illustrate that understanding trade secret law in theUnited States may be particularly important for foreigners from countriesthat do not have such broad criminal laws protecting intellectual property. Inmany cases, actions that are regarded merely as aggressive business practicein their home country may be flatly illegal in the United States.
First Trial under the EEA – Pin Yen Yang and Hwei Chen Yang
Although the legislative history of the statute clearly indicates that the EEAwas created mainly to fight international spies who have shifted their re-sources toward economic intelligence since the end of the Cold War,130
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 141
the first prosecution under the statute demonstrated that federal prosecu-tors will also be using the EEA for domestic cases involving strictly Ameri-can interests.131 David E. Green, the Principal Deputy Chief of the CCIPSof the Criminal Division of the U.S. DOJ, was the lead prosecutor on thefirst EEA case that went to a jury verdict in April 1999, U.S. v. Four Pillarset al.132
On September 5, 1997, Dr. Ten Hong Lee, an employee of the AveryDennison Corporation in Concord, Ohio, was arrested when an FBI surveil-lance team captured him rummaging through a colleague’s files, which con-tained confidential documents. The Yangs wanted to obtain Avery’s tradesecrets from the employee, who worked at Avery Dennison Corporation’sfacility in Concord, Ohio. After his arrest, Lee cooperated with officials toobtain the indictment of the chairman of Four Pillars, Pin Yen Yang and hisdaughter, Hwei Chen Yang, an employee of Four Pillars. Lee had reportedlyreceived between $150,000 and $160,000 from Four Pillars–Pin Yen Yang forhis involvement in causing the transfer of Avery Dennison Corporation’sproprietary manufacturing information and research data over an 8-yearperiod.133 Pin Yen Yang and his daughter, Hwei Chen Yang, were arrested onSeptember 4, 1997 at Cleveland’s airport as they were about to embark ona trip to New York.
On October 1, 1997, a federal grand jury returned a twenty-one-countindictment charging Four Pillars, Pin Yen Yang, and Hwei Chen Yang withthe theft and attempted theft of trade secrets, mail fraud, wire fraud, moneylaundering, and receipt of stolen property. Lee pled guilty to one count ofwire fraud.
Mr. Yang, age 70 at the time, was the president of Four Pillars EnterpriseCompany, Ltd., of Taiwan. The company manufactures and sells pressure-sensitive products in Taiwan, Malaysia, the PRC, Singapore, and the UnitedStates.134 Sally Yang, Mr. Yang’s daughter, a Ph.D. chemist, was believed tohave had a dual citizenship in the United States and Taiwan. Sally Yang wasan officer of the company, which has more than 900 employees and annualrevenues of more than $150 million.
The sting operation was prompted as a result of information given toAvery Dennison Corporation by a Four Pillars employee who sought em-ployment with Avery Dennison Corporation. Federal prosecutors estimatedthat Avery Dennison Corporation’s research and development costs to de-velop the information obtained by the Yangs were between $50 million and$60 million.
The Yangs were originally indicted on twenty-one counts of variouscharges. They did not testify at trial, and their attorney argued that Mr. Leetook Avery Dennison Corporation’s trade secrets on his own and that theYangs never ordered him to steal them. To bolster its case that the Yangsintentionally stole Avery Dennison Corporation’s trade secrets, prosecutors
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
142 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
played a tape that showed the Yangs clipping confidential markings off pa-pers they had received from Lee.
By the end of the proceedings, nineteen of the twenty-one charges againstthe Yangs were dropped (e.g., the mail and wire fraud charges).135 However,the two EEA charges (1832(a)(4) and (5)) remained, and after deliberatingover 3 days for 18 hours, the jury convicted the Yangs on both charges.136
Pin Yen Yang was sentenced to 6 months’ home confinement and a $250,000fine, and Hwei Chen Yang was fined $5,000 and received 1 year’s probation.
Takashi Okamoto and Hiroaki Serizawa
A grand jury in Cleveland, Ohio, returned a four-count indictment againstTakashi Okamoto and Hiroaki Serizawa on May 8, 2001, charging them withconspiracy to commit the following violations: two counts of violating theEEA, one count of interstate transportation of stolen property, and makingfalse statements to the government. These are the first charges setting forthviolations of the EEA in the United States. Serizawa, 39, at the time residedin Kansas City, Kansas, whereas Okamoto, 40, at the time was believed toreside in Japan.
The indictment charged that Okamoto, from in or about January 1997 toon or about July 26, 1999, was employed by the Lerner Research Institute ofthe Cleveland Clinic Foundation (CCF) to conduct research into the causeand potential treatment for Alzheimer’s disease. Serizawa, from on or aboutDecember 16, 1996, was employed by the Kansas University Medical Cen-ter (KUMC) in Kansas City, Kansas. According to the indictment, Serizawawas a close friend and peer of Okamoto from the time they met in Boston,Massachusetts, in the mid-1990s. The first count of the indictment chargedthat Okamoto and Serizawa, from January 1998 to September 1999, con-spired to misappropriate from the CCF certain genetic materials calleddioxyribonucleic acid (DNA) and cell line reagents and constructs, whichwere developed by researchers employed by the CCF, with funding providedby the CCF and the National Institutes of Health, to study the genetic causeof and possible treatment for Alzheimer’s disease. Alzheimer’s disease af-fects an estimated 4 million people in the United States alone and is themost common cause of dementia.
The indictment charged that, as an object of this conspiracy, Okamotoand Serizawa, and others known to the grand jury, would and did confera benefit upon Riken, an instrumentality of the government of Japan, byproviding Riken with the DNA and cell line reagents and constructs thatwere misappropriated from the CCF. According to the indictment, the In-stitute of Physical and Chemical Research (Riken) was a quasipublic corpo-ration located in Saitama-Ken, Japan, which received more than 94% of itsoperational funding from the Ministry of Science and Technology of the
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 143
government of Japan. The Brain Science Institute of Riken was formed in1997 as a specific initiative of the Ministry of Science and Technology toconduct research in the area of neuroscience, including research into thegenetic cause of, and possible treatment for, Alzheimer’s disease.
According to the indictment, in or about April 1999, Riken offered anddefendant Okamoto accepted a position as a neuroscience researcher tobegin in the fall of 1999. The indictment charged that from on or aboutthe late evening hours of July 8, 1999, to on or about the early morninghours of July 9, 1999, Okamoto and a third co-conspirator known as “Dr. A”misappropriated DNA and cell line reagents and constructs from Laboratory164, where Okamoto conducted research at the CCF. Also during this time,the indictment charged that Okamoto and Dr. A destroyed, sabotaged, andcaused to be destroyed and sabotaged, the DNA and cell line reagents andconstructs that they did not remove from Laboratory 164 at the CCF. Theindictment further charged that, on or about July 10, 1999, Okamoto storedfour boxes containing the stolen DNA and cell line reagents at the Cleveland,Ohio, home of “Dr. B,” a colleague at the CCF, with whom Okamoto wasresiding temporarily. On or about July 12, 1999, Okamoto then retrievedthe boxes of stolen DNA and cell line reagents and constructs from Dr. B’shome and sent them from Cleveland, Ohio, by private interstate carrierto defendant Serizawa in Kansas City, Kansas. On or about July 26, 1999,defendant Okamoto resigned from his research position at the CCF and,on or about August 3, 1999, started his research position with Riken inJapan. Okamoto returned to the United States and, on or about August16, 1999, retrieved the stolen DNA and cell line reagents and constructsfrom Serizawa’s laboratory at KUMC, in Kansas City, Kansas. The indictmentcharged that, before Okamoto left for Japan, he and Serizawa filled smalllaboratory vials with tap water and made meaningless markings on the labelson the vials; Okamoto instructed Serizawa to provide these worthless vialsto officials at the CCF in the event they came looking for the missing DNAand cell line reagents. The indictment charged that on or about August 17,1999, Okamoto departed the United States for Japan and carried with himthe stolen DNA and cell line constructs reagents. The last overt act chargedin the conspiracy was that, in or about September 1999, Serizawa providedmaterially false, fictitious, and fraudulent statements in an interview withspecial agents of the FBI, who were investigating the theft of the DNA andcell line reagents from the CCF.
Count two charged that the defendants committed economic espionageby stealing trade secrets that were property of the CCF, specifically, tenDNA and cell line reagents developed through the efforts and researchof researchers employed and funded by the CCF and by a grant from theNational Institutes of Health. Count three also charged a violation of theEEA against Okamoto and Serizawa for, without authorization, altering and
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
144 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
destroying trade secrets that were the property of CCF, specifically, DNA andcell line reagents developed through the efforts of researchers employedby and funded by the CCF and by a grant from the National Institutes ofHealth. The last count of the indictment charged Okamoto and Serizawawith Transporting, Transmitting and Transferring in Interstate and ForeignCommerce, DNA and cell line reagents developed through the efforts ofresearchers employed and funded by the CCF and by a grant from the Na-tional Institutes of Health, knowing that such goods were stolen, converted,and taken by fraudulent means.
This case was prosecuted by Robert E. Wallace, Senior Trial Attorney fromthe Internal Security Section, Criminal Division, U.S. DOJ, and Christian H.Stickan, Assistant U.S. Attorney for the Northern District of Ohio. The casewas investigated by the FBI, in Cleveland, Ohio; Kansas City, Kansas; Boston,Massachusetts; and New York, New York, with the assistance of the U.S.Attorney’s Office for the District of Kansas.
Harold Worden
Retired Eastman Kodak manager Harold Worden pleaded guilty in 1997 toselling trade secrets to Kodak officials who were working undercover, posingas Chinese agents.137 He agreed to pass on Kodak’s formulas, drawings, andblueprints to undercover agents.138 Because he agreed to cooperate in acontinuing investigation, he was able to negotiate a plea bargain, which re-sulted in a 1-year prison sentence, including 3 months of home confinementwith a monitoring bracelet, and a fine of $30,000.139 In sentencing him, U.S.District Judge Telesca denounced him for disclosing trade secrets to “not justany foreign national, but China,” a longtime adversary of the United Stateswith a poor human rights record.140 The company alleged in its complaintthat Strobl, a current employee, was selling the documents to Worden, whoin turn found third-party buyers. When FBI agents conducted a search ofWorden’s home in Santee, South Carolina, they found nearly 40,000 docu-ments, many of them related to Kodak trade secrets. Mr. Worden had takenearly retirement from Kodak in 1992 after a 28-year career and openeda consulting business, Worden Enterprises, Inc. Worden allegedly had re-cruited about sixty former Kodak employees in order to obtain key docu-ments containing proprietary trade secrets.141 While Mr. Worden workedfor Kodak, he was responsible for what was then referred to as the “401machine,” a piece of Kodak equipment that made film base. The base cre-ated by the machine was then lined with emulsions according to a formulathat was one of Kodak’s most closely guarded trade secrets, with compa-rable formula secrets being similarly guarded by competing photographycompanies. The characteristics of the formula in question greatly enhancedcolor resolution and sensitivity to air exposure, thereby affecting the total
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 145
quality of a photograph’s resolution. The plan to begin work on the “401machine” was initiated in 1987 by Kodak, and Worden was among the fewpeople within the company aware of the plans.
Between 1993 and 1995, Mr. Worden acted aggressively to expand hisconsulting firm, and, in mid-1995, he confided to a friend that he was suspi-cious that perhaps Kodak was concerned as to whether he may be selling itstrade secrets.142 At that time, Worden was unaware that Kodak employeeswere posing as representatives of a Chinese company from Shantou, China,and they asked Mr. Worden to provide information about his consultingservice and his associates. Worden provided this information and later onJuly 18, 1995, he met individuals in New York City who claimed to be theChinese officials with whom he had been corresponding and had agreedto have a follow-up meeting. The first meeting lasted for 4.5 hours, duringwhich Worden discussed considerable confidential and secret informationthat related to Kodak’s film processing equipment, especially the secret“401 machine.” Just 4 days after the meeting, telephone calls were placed toMr. Worden at his South Carolina home, to which he responded by sendinga written communication to the alleged Chinese clients detailing the ser-vices that his firm would provide to build a new film manufacturing plantin China.
What makes the Worden case even more interesting is that through 1995,Kodak acted independently. It did not approach federal prosecutors untilafter the New York City meeting; subsequently, the FBI secured a searchwarrant, which was executed in May 1996, in South Carolina. This is whenthe agents took the previously mentioned documents, some of them markedconfidential and some appearing to be copies of blueprints and drawings.
In August 1997, Worden pleaded guilty in the U.S. District Court to sell-ing Kodak’s trade secrets to competitors, and he received a 1-year prisonsentence. At the sentencing hearing on November 13, 1997, the judge hadsome special remarks prepared for Mr. Worden regarding his criminal con-duct. The remarks were particularly striking in that the judge indicated thathis personal preference was for an upward departure from the Federal Sen-tencing Guidelines; however, he would accede to the lesser terms of theplea agreement as long as Worden agreed to completely cooperate withthe investigation that was ongoing regarding damage done to the Kodakcompany.
In December 1997, Kodak concluded that putting Mr. Worden behindbars was not sufficient, and accordingly, the company filed a lawsuit against3M and one of its Italian subsidiaries, and the Imation Corporation, whichhad purchased some of 3M’s film-making secrets and assets during the timethat Worden Enterprises, Inc., was actively selling Kodak trade secrets tothem. When the lawsuit was filed, officials of 3M and Imation refused tocomment on the allegations of federal racketeering laws that had been
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
146 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
allegedly violated by and through Worden’s company, especially issues re-garding technology transfer of the development of the “401 machine.”
Kai-Lo Hsu
Kai-Lo Hsu, a Taiwanese national, was a technical director for Taiwan’s YuenFoong Paper Company.143 Chester Ho, also a Taiwanese national, was abiochemist and professor at Taiwan’s National Chiao Tung University. Thesetwo individuals were arrested in June 1997 at the Four Seasons Hotel inPhiladelphia as a result of an FBI sting operation.144
Hsu was allegedly trying to obtain secret information on how to makeTaxol, a powerful anticancer drug manufactured by Bristol-Myers SquibbCompany that grossed $800 million for Bristol-Myers in 1996, so his com-pany could expand into pharmaceuticals.145 One of Hsu’s associates, JessicaChou, on June 7, 1995, contacted an undercover FBI agent posing as atechnology broker with the intent of purchasing secret information from apurportedly corrupt Bristol-Myers scientist. Ms. Chou worked as a mid-levelmanager for a Taiwanese company. She met with the “information broker”a number of times to discuss acquisition of information concerning the pro-duction and distribution of Taxol. This ultimately culminated in a meetingbetween a higher-ranking manager of the foreign company, a meeting inwhich the Taiwanese openly discussed their interest in acquiring the Taxoltechnology. Further, when told that it was unlikely that Bristol-Myers wouldpart with such a valuable commodity freely, the foreign company represen-tative acknowledged that the firm was ready to bribe employees to acquirethe proprietary information that was needed.
A meeting was arranged in Philadelphia in June 1997, at which the govern-ment contended that representatives of the Taiwanese company attemptedto illegally purchase the Taxol technology. Bristol-Myers had cooperatedwith prosecutors by providing real documents to make the sting operationlook authentic. During the meeting, Hsu asked the agent to locate a Bristol-Myers employee willing to sell information on the anticancer drug. Bristol-Myers agreed to provide an employee to pose as a corrupt engineer. De-fendants Hsu and Chester S. Ho, a biochemist and professor at a Taiwanuniversity, examined scientific documents that contained some of the
trade secrets and discussed the technology with the undercover agent and“corrupt” employee. Reportedly, about $400,000 in cash, stocks of a Tai-wanese company, and royalties from the sale of the drug were offered forthe information.146
Although the case was brought against foreign nationals, it was broughtunder section 1832 of the EEA (the domestic activity section), not section1831 (the foreign activity section, which targets defendants working on be-half of a foreign government or instrumentality). Specifically, the indictmentcharged violations of sections 1832(a)(4) (the EEA’s attempt provision) and
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 147
1832(a)(5) (the EEA’s conspiracy provision). The indictment did not allegethat the defendants ever received the secret Taxol information. Hence, theindictment was attempt and conspiracy based. Hsu was also indicted on sixcounts of wire fraud, one count of general conspiracy, two counts of for-eign and interstate travel to facilitate commercial bribery, and one count ofaiding and abetting.
On March 31, 1999, Hsu pled guilty to one count of conspiring to com-mit trade secret theft. He was sentenced to 2 years’ probation and fined$10,000.147 All other charges against him were dropped. In early 1999, thegovernment dropped all charges against Chester Ho.148 Chou, the personwho allegedly sought out the secret Taxol information for Hsu, remains thesubject of a federal arrest warrant.149 It is believed that she now resides inTaiwan, but cannot be extradited because Taiwan does not have an extradi-tion treaty with the United States.
Patrick and Daniel Worthing
On December 7, 1996, the first arrest under the EEA was made in Pittsburgh,Pennsylvania.150 Patrick Worthing and his brother, Daniel, were arrested byFBI agents after agreeing to sell Pittsburgh Plate Glass (PPG) proprietaryinformation for $1,000 to an FBI undercover agent posing as a represen-tative of Owens-Corning. Patrick Worthing, a maintenance supervisor inPittsburgh-based PPG Industries’ fiberglass research center, contacted theCEO of Corning Glass, a competitor,151 and offered to sell PPG’s tradesecrets, including computer disks, research, and blueprints. The Corn-ing Glass executive promptly contacted PPG, which called the FBI.152
An undercover operation was planned in which an agent, posing as aCorning employee, met with Worthing to exchange money for the tradesecrets.
The government alleged that Worthing solicited Owens-Corning’s CEOunder an assumed name in a letter that stated: “Would it be of any profit toOwens-Corning to have the inside track on PPG?” The Owens-Corning exec-utive, in turn, provided the letter to PPG executives, who then contacted theFBI. Both defendants were charged under 18 U.S.C. Section 1832. PatrickWorthing admitted to stealing documents, blueprints, photographs, andproduct samples from PPG. He pled guilty and was sentenced to 15 monthsin jail and 3 years of probation. His brother also pled guilty to conspiracy toviolate the EEA, for which he received 5 years of probation.153 PPG estimatedthat the stolen secrets were worth up to $20 million.
Hai Lin and Kai Xu
Two Chinese nationals working in high-level technical positions at LucentTechnologies, Inc., in Murray Hill, New Jersey, were charged on May 3, 2001
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
148 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
with conspiring to steal source code and software associated with an industry-leading Internet server developed exclusively by Lucent, and to transfer it toa Chinese state-owned company. The two Chinese nationals – both of whomwere working at Lucent on business visas – and a third co-conspirator, anaturalized Chinese-American, sought to use the stolen technology to createthe leading data networking company in the PRC – “the Cisco of China.”Hai Lin, 30 at the time, of Scotch Plains, and Kai Xu, 33 at the time, ofSomerset, New Jersey, were arrested at their homes by special agents of theFBI. Also arrested was Yong-Qing Cheng, 37 at the time, of East Brunswick,New Jersey, a naturalized American citizen and vice president of VillageNetworks, an optical networking vendor in Eatontown. Cheng was arrestedat Village Networks. Simultaneous to the arrests, the FBI executed searchwarrants at the defendants’ homes.
In the e-mails, the defendants and representatives of the Chinese-ownedcompany allegedly planned the theft and transfer of Lucent’s technologyto create a server identical to Lucent’s PathStar Access Server. Both menwere experts in the source code, software, and entire design of Lucent’sPathStar system – the highly advanced and profitable technology that Lin,Xu, and Cheng allegedly conspired to steal and transfer out of the UnitedStates.
Each of the defendants was charged with conspiracy to commit wire fraud.Charged in the same complaint was ComTriad Technologies, Inc., a NewJersey corporation that was founded in January 2000 by the defendants.Beginning with a July 2000 trip by Cheng to Beijing, ComTriad started ne-gotiations for a joint venture with Datang Telecom Technology Companyof Beijing, a company that is majority-owned by the Chinese government.Subsequent to that trip, according to the complaint, the defendants and rep-resentatives of Datang exchanged e-mail and visited in China and the UnitedStates to negotiate the joint venture. Ultimately, the Lucent technology –the PathStar source code and software – was stored in its entirety on apassword-protected web site created by ComTriad and established with aweb hosting company. The source code and software were stored on thatweb site – www.comtriad.com. The defendants transferred the data earlierin 2000 to Datang for use in developing a ComTriad system – the CLX1000 – that was identical to Lucent’s PathStar Access Server, according tothe complaint.
The Datang–ComTriad joint venture, funded with $1.2 million fromDatang, was named DTNET, and was approved by the Datang board ofdirectors on or about October 28, 2000, according to intercepted e-mailsdescribed in the complaint. Datang was engaged in the development, man-ufacture, and sale of telecommunications products in the PRC, includingcomputer hardware and software to facilitate voice transmissions over theInternet. The PathStar access system for transmitting voice communications
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 149
over the Internet was recognized as a unique product in the industry, de-signed to facilitate low-cost voice and data services over the Internet. In themarket for telephony and packet networking integration, the PathStar sys-tem commanded a 93% share, according to the complaint, and generateda revenue of approximately $100 million for Lucent in fiscal year 2000. Lin,Xu, Cheng, and ComTriad planned to go public in a joint venture withDatang through initial public offerings of stock in the United States andChina.
Following their arrests, bail was set by U.S. Magistrate Judge Stanley R.Chesler in the amount of $900,000 (actually requiring the equivalent of$1.8 million in real estate equity). Cheng was released under a court rulingrequiring only a $900,000 bail to be secured in full by real estate equity.Xu was released after posting a $900,000 bond secured by approximately$680,000 in real estate equity and the posting of $12,000 from one individualin a court escrow account. Also, as a further condition, Xu, his wife, andthree others were to cosign and personally guarantee the $900,000 bond.Lin also had bail set at $900,000, to be secured by approximately $400,000in real estate equity and two individuals posting $50,000 in a court escrowaccount. Lin, his wife, and two others would also be required to cosign andguarantee the $900,000 bond. Magistrate Judge Chesler further conditionedthe release of each defendant on house arrest with electronic monitoring;confinement to the residence except, with prior approval of Pretrial Services,meetings with counsel or court appearances; the signing of an irrevocablewaiver of extradition; and the surrender of passports by the defendants andtheir wives.
Several more criminal charges have been leveled against the two formerLucent employees for allegedly stealing the New Jersey company’s trade se-crets and turning them over to a Chinese company, according to the U.S.Attorney’s Office in Newark. United States v. Lin et al., No. 01-CR-00365, super-seding indictment was issued on April 11, 2002. The superseding indictmentfiled in U.S. District Court for the District of New Jersey further details thealleged plan by Lin and Xu to steal the software and hardware for Lucent’sPathStar Access Server. According to the prosecutors in this case, Lin and Xuwere originally indicted for the trade secret theft on May 31, 2001. The newindictment alleges that Lin and Xu formed ComTraid Technologies, Inc., inNew Jersey to market a product based on the stolen PathStar data. Accordingto prosecutors, the indictment alleges that Lin and Xu demonstrated theirnew CLX-1000 product to a representative of Beijing-based Datang TelecomTechnology Company in July 2000, and that the Chinese company gave thetwo defendants $500,000 to begin a joint marketing venture. Later, accord-ing to prosecutors, Lin and Xu tried to conceal their interest in ComTriadand the CLX-1000 to hide their former Lucent employment and relation-ship to the PathStar program. According to the new indictment, victims
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
150 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
of the theft include companies that had licensed software to Lucent thatwas used in the PathStar program and was allegedly incorporated into theCLX-1000.154
Federal prosecutors identified those companies as Telnetworks, a sub-sidiary of Next Level Communications in Rohnert Park, California; Net-Plane Systems, Inc., a subsidiary of Dedham, Massachusetts-based Mind-speed Technologies, Inc.; Hughes Software Systems Ltd., a subsidiary ofHughes Network Systems, Inc., of Gurgaon, India; and Zia Tech Corp., asubsidiary of California-based Intel Corp.155
Mylene Chan
An employee of the SEC was forced to resign after it was discovered thatshe had sent sensitive data on American computer companies to China,according to U.S. officials.156 Mylene Chan, a computer and online serviceanalyst with the SEC for 10 months, left the commission in July 2002 af-ter co-workers discovered she had compromised sensitive information bysending it to Shanghai. A co-worker in the computer office discovered thatdatabase files had been corrupted and that several e-mails to Miss Chanfrom China were discovered in a computer after she had used the databaseservice. The case was covered up by the SEC and never reported to the FBI.Numerous U.S. companies whose proprietary information was handled byMiss Chan also were never informed that their information may have beencompromised.157
Within the commission, a CTR is a confidential treatment request, secretreports provided by U.S. companies to the SEC that contain proprietaryand other sensitive information that companies do not want disclosed tothe public or to competitors. The confidential information contained inthe reports includes financial data and other information about a publiccompany’s financial status and operations. According to SEC documents,the number of CTRs handled by the commission grew from about 540 in1992 to more than 1,000 in 1996. The disclosure that the SEC shared sen-sitive corporate data with China is the latest problem for the commissionthat is charged with monitoring the securities industry. Several of the com-panies whose data were compromised are engaged in security-related workand are contractors for U.S. defense and intelligence agencies. The CTRsthat Miss Chan handled during her employment included sensitive datafrom Acclaim Entertainment, which makes video game software for Sony,Nintendo, and Sega, and Interplay Entertainment, another major gamingsoftware producer. Miss Chan also had access to security-related companies,including Verint Systems, which produces analytic software “for communi-cations interception, digital video security and surveillance, and enterprisebusiness intelligence,” according to the Verint web site. She also had accessto data from Citadel Security Software, which produces “security and privacy
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 151
software” for computer networks, and Ion Networks, another computer se-curity firm that does business with the government.158,159
Fei Ye and Ming Zhong
Two California men with ties to the PRC have been indicted for economicespionage by a San Jose, California, federal grand jury. The grand jury inSilicon Valley on December 4, 2002 indicted Fei Ye, 36 at the time, of Cuper-tino, and Ming Zhong, 35 at the time, of San Jose, California, for allegedlyconspiring to steal computer chip trade secrets from Sun Microsystems,NEC Electronics, Trident Microsystems, and Transmeta.160 Fei Ye and MingZhong were arrested November 23, 2001, at the San Francisco Airport whileallegedly trying to smuggle trade secrets from Transmeta Corporation andSun Microsystems in their luggage. Both men had worked for Transmeta andTrident Microsystems, and Ye had also worked at Sun and NEC ElectronicsCorporation. More trade secrets belonging to Sun, NEC, and Trident were al-legedly found at Ye’s home. Zhong also had trade secrets from Trident in hisTransmeta office and residence, according to the indictment. Ye and Zhongwere on their way to China, where the indictment alleged they were planningto use the stolen documents from the Silicon Valley companies to produceand sell microprocessors for Supervision Ltd., aka Hangzhou ZhongtianMicrosystems Company Ltd., or Zhongtian Microsystems Corporation.
The indictment charges the thefts would benefit China’s government be-cause Supervision was involved in a joint venture to raise China’s ability todevelop superintegrated computer circuits and was working with the city ofHangzhou and Zejinang University, both instrumentalities of China, and wasseeking funding from a Chinese government program. There is no allega-tion against China in the indictment. The counts against Ye and Zhong wereone count of conspiracy in violation of 18 U.S.C. Sections 371, 1831(a)(5),and 1832 (a)(5); two counts of economic espionage in violation of 18 U.S.C.Section 1831(a)(3); two counts of foreign transportation of stolen prop-erty in violation of 18 U.S.C. Section 2314; and five counts of possession ofstolen trade secrets in violation of 18 U.S.C. Section 1832(A)(3). The con-spiracy and economic espionage counts carry the same maximum penalties,15 years, and a fine of $500,000 (or twice the gross gain or loss, whicheveris greatest) plus restitution where appropriate. The counts for possession ofstolen trade secrets and foreign transportation of stolen property both carrymaximum 10-year sentences and a fine of $250,000 (or twice the gross gainor loss, whichever is greater) plus restitution where appropriate.161
Igor Serebryany
A University of Chicago student was charged under federal EEA with dis-tributing hundreds of secret documents over the Internet that could help
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
152 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
television owners steal signals from a leading satellite TV provider. IgorSerebryany, 19 at the time, lived in Los Angeles.
Serebryany was accused of stealing blueprints of DirecTV, Inc.’s latest“P4 access card” technology, a device that prevents free access to digitaltelevision signals by the company’s 11 million subscribers. The informationon the design and architecture of the technology, which cost the companyabout $25 million to develop, allegedly was distributed by Serebryany toseveral Internet sites that cater to hackers. However, apparently no hackerswere able to crack the code of the technology.162
Serebryany came across the information while working with his uncle,who was employed by a document-copying service, according to court doc-uments. That firm in turn was hired by Jones Day – one of the nation’stop law firms – which represented DirecTV in a civil dispute over whatit claimed was misappropriation of company secrets. In September 2002,DirecTV sued NDS in federal court alleging fraud, breach of contract, andmisappropriation of trade secrets. DirecTV at one point had contracted withNDS for its “smart” card technology, but has since moved its encryption tech-nology in-house. According to court documents, DirecTV delivered abouttwenty-seven boxes of confidential material related to the case to the JonesDay law firm in August 2002. To help its lawyers manage all the documents,Jones Day hired an outsourcing firm, Uniscribe Professional Services of Nor-walk, Connecticut, a company founded in 1998 that does imaging work forlaw firms, accounting firms, investment banks, universities, and museums.Because the documents were so sensitive, Uniscribe set up a special imagingcenter at the law firm’s offices to which only a few people had access. Oneof those, according to court documents, was Michael Peker, Serebryany’suncle and a Uniscribe employee. Without the law firm’s approval, Pekerbrought in his nephew and paid him to help with the workload after thefirm ordered that the pace be increased, according to court documents.163
Serebryany, who was born in Ukraine, was released in January 2003 by afederal judge on a $100,000 bond put up by his parents. He was orderednot to use the Internet, but was given some e-mail access so he could keepup with his studies. It was not known what Serebryany is studying, althoughhe has done work as a computer technician on the University of Chicago’sInternet Project. The allegations against him carry penalties of up to 10 yearsin prison and a $250,000 fine.
Kenneth Branch and William Erskine
Federal officials in Los Angeles on June 25, 2003 charged two former BoeingCompany managers with conspiring to steal Lockheed Martin trade secretsconcerning a multibillion-dollar rocket program for the U.S. Air Force. Ina criminal complaint filed on June 25 in U.S. District Court in Los Angeles,
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 153
Kenneth Branch and William Erskine were each charged with conspiracy,theft of trade secrets, and violating the Procurement Integrity Act. Branch,64 at the time, and Erskine, 43 at the time, both residents of Cape Canaveral,Florida, are former managers of Boeing Company’s Evolved ExpendibleLaunch Vehicle (EELV) program, which was based in Huntington Beach,California, and had facilities in Cape Canaveral. The EELV is a rocket launchvehicle system, such as the Atlas or Delta rocket system, which is used forthe transportation of commercial satellites into space. EELVs are also usedto launch government satellites into space. Branch was a Lockheed MartinEELV engineer who in 1996 was recruited by Erskine, a Boeing CompanyEELV engineer, to bring proprietary Lockheed Martin EELV documents toBoeing Company. In exchange for the proprietary Lockheed Martin doc-uments, Branch would receive employment at Boeing Company as well asa higher salary. Branch left Lockheed Martin in January 1997 and beganworking at Boeing Company on Boeing Company’s EELV project.
In 1997, the Air Force announced that it wanted to procure EELV ser-vices from both Boeing Company and Lockheed Martin, and that it wantedboth aerospace companies to invest their own money in the EELV programbecause there was a potential for substantial profits to be made by usingEELVs to launch private communication satellites. The Air Force agreedto provide both Boeing Company and Lockheed Martin $500 million eachfor development costs associated with their respective EELV programs, andboth Boeing Company and Lockheed Martin agreed to pay any additionaldevelopment costs.
On July 20, 1998, Boeing Company and Lockheed Martin submitted bidsfor twenty-eight EELV contracts being awarded by the Air Force. The totalvalue of the contracts was approximately $2 billion. On October 16, 1998,based largely on price and risk assessment, Boeing was awarded nineteenout of the twenty-eight contracts, and Lockheed Martin received the othernine EELV contracts.
In mid-June 1999, according to the affidavit, Erskine told another BoeingCompany employee that “he had hired defendant Branch because defen-dant Branch, while still working at Lockheed Martin, came to defendantErskine with an ‘under-the-table’ offer to hand over the entire LockheedMartin EELV proposal presentation to aid in Erskine’s proposal work in ex-change for a position at Boeing if Boeing Company won the United SatesAir Force EELV contract award.”
Later in June 1999, a Boeing Company attorney assigned to inter-view Branch and Erskine regarding allegations that they possessed propri-etary Lockheed Martin documents conducted a search of Erskine’s andBranch’s offices and, according to the affidavit, found a variety of documentsmarked “Lockheed Martin Proprietary/Competition Sensitive” in their of-fices. In early August 1999, Branch and Erskine were terminated by Boeing
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
154 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Company. Air Force personnel familiar with the EELV competitive-biddingprocess examined the Lockheed Martin documents recovered fromBranch’s and Erskine’s workspaces at Boeing Company. The investigationdetermined that 141 documents, consisting of more than 3,800 pages,which appeared to belong to Lockheed Martin, were recovered from theworkspaces of Branch and Erskine in June 1999; thirty-six of the documentswere labeled “Lockheed Martin Proprietary or Competition Sensitive”; six-teen of the documents appeared to be related to the manufacturing cost ofLockheed Martin’s EELV and, in the opinion of the U.S. Air Force EELVstaff, possession of these proprietary documents by a competitor could havehad a “medium” or moderate chance of affecting the outcome of a com-petitive bid; and seven of the documents appeared to be related to themanufacturing costs of the Lockheed Martin EELV and, in the opinion ofthe U.S. Air Force EELV staff, possession of these proprietary documentsby a competitor could have had a “high” or significant chance of affectingthe outcome of a competitive bid. The U.S. Air Force EELV analysts deter-mined that, had they known that Boeing Company EELV personnel hadpossession of proprietary Lockheed Martin EELV documents in 1997, theywould have immediately suspended the competition and conducted a thor-ough investigation into whether the procurement competition should beterminated.
If convicted of all three counts in the complaint, both Branch and Erskineface a maximum possible penalty of 15 years in federal prison and fines ofup to $850,000. The charges against Branch and Erskine are the result ofan investigation conducted by the Defense Criminal Investigative Service.
Robert R. Keppel
John McKay, U.S. Attorney for the Western District of Washington, andCharles Mandigo, Special Agent in Charge, FBI, announced that formerVancouver, Washington, resident Robert R. Keppel entered a guilty plea onAugust 23, 2002 to theft of trade secrets, in violation of Title 18, UnitedStates Code, Section 1832(a)(2).
Beginning sometime in January 2001, Robert R. Keppel began to pur-chase, from an individual in Pakistan, actual copies of the Microsoft MCSEand MCSD exams and answers, which that individual obtained by pho-tographing and/or videotaping the actual tests at a site in Pakistan. BetweenJuly 2000 and October 17, 2001, Robert R. Keppel marketed numerouscopies of MCSE and MCSD exams and answers via his web site, www.cheet-sheets.com, selling them to persons throughout the United States, includingpersons residing in the Western District of Washington.
Microsoft Corporation has certification programs for network engineers,called Microsoft Certified Systems Engineer (MCSE) and Microsoft Certified
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 155
Solution Developer (MCSD), which involve passing approximately twenty-eight exams that test expertise in different Microsoft (MS) software areas.Many of these areas include MS operating systems, databases, and network-ing issues. MS has this certification program so that when a third-party userof their software hires an individual who is certified as a MCSE or MCSD,that individual will have a known level of expertise in order to properly ad-minister the MS system. The MCSE and MCSD certifications are difficult toacquire, but once an individual has the certification, that individual is highlymarketable to companies that use MS products, and just having the MCSEor MCSD certification usually raises salaries substantially. These exams areadministered on Microsoft’s behalf worldwide.
When the tests are administered, there are two separate “banner” pagesthat the test taker encounters before the test starts. These “banner” pagesrequire the test taker to agree to certain terms regarding the test mate-rial, including an agreement not to copy or release the test material. Bythe terms of its contracts with the testing sites, MS does not allow thetest material outside the testing locations for any reason. Consequently,the sale and distribution of Keppel’s “cheat sheets” violated MS copyrightand constituted a conversion of MS proprietary information for personalgain. MS’s development costs for each test are approximately $100,000.In addition, when companies hire people who have obtained MCSE andMCSD certificates by cheating, but who, in fact, cannot install and main-tain the systems correctly because they have neither experience nor exper-tise in the MS products commensurate with the certificates, those compa-nies tend to blame the MS product and become reluctant to buy furtherproducts.
U.S. Bankcorp bank records reflect that there were three bank accountsand one credit card listed for Robert Keppel and Keen Interactive, includinga personal checking account and a money market account, both in the nameof Robert R. Keppel and a merchant account listed in the name of KeenInteractive. The U.S. Bank records reflect that among the Internet billingcompanies that were disbursing funds into the merchant account was Nova, acompany that does billing for Visa and MasterCard. Nova records reflect thatan account was opened by Robert R. Keppel, as owner of Keen Interactive, onor about July 6, 2000. Since the Nova account was opened, there was a total ofapproximately $756,633.03 deposited into the merchant account. All thosefunds constitute proceeds from the sale of MCSE and MCSD exams andanswers, as well as other exams that were proprietary information belongingto Microsoft Corporation, Cisco, and other businesses, in violation of Title18, United States Code, Section 1832(a)(2), and Section 2. In addition,during the time period covered by the Information, Robert R. Keppel causednumerous transfers of monies from the merchant bank account to Keppel’spersonal checking account and savings (money market) account. In total,
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
156 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Keppel transferred $200,200 to his personal checking account and $167,000to his money market account.
The U.S. Bank documents also reveal that, on September 14, 2001,Keppel opened a new merchant account number in the name of CheetSheets. The ensuing deposits into this account were from credit card re-ceipts constituting proceeds from the sale of MCSE and MCSD exams andanswers, as well as other exams that were proprietary information belongingto Microsoft Corporation, Cisco, and other businesses, in violation of Title18, United States Code, Section 1832(a)(2), and Section 2.
On February 26, 2001, Keppel wrote a check number drawn on his moneymarket account, to Lexus of Portland, in the amount of $38,703.40, for anew, white Lexus RX300. This vehicle was purchased with proceeds fromKeppel’s sale of trade secrets, in violation of Title 18, United States Code,Section 1832(a)(2) and Section 2.
On or about July 27, 2001, Keppel caused a wire transfer in the amountof $112,000, to be made from his U.S. Bank money market account to thecredit of Premier Financial Services, in payment for a 1997 Ferrari 355Spider. This vehicle was purchased with proceeds from Keppel’s sale of tradesecrets, in violation of Title 18, United States Code, Section 1832(a)(2) andSection 2.
As part of his plea agreement with the United States, Robert R. Keppel hasagreed to forfeit his interest in the 2001 Lexus RX300 and the 1997 Ferrari355 Spider referenced previously, and more than $56,000 seized from thevarious bank accounts referenced previously.
Jiangyu Zhu and Kayoko Kimbara
U.S. Attorney Michael J. Sullivan and Charles S. Prouty, Special Agent inCharge of the FBI in New England, announced on June 16, 2002 that JiangyuZhu, a/k/a “Jiang Yu Zhu,” age 30 at the time, and Kayoko Kimbara, age 32 atthe time, both residents of San Diego, California, were charged in a criminalcomplaint with conspiracy, theft of trade secrets, and interstate transporta-tion of stolen property. The charges arose out of the alleged theft of cer-tain trade secrets belonging to Harvard Medical School, including reagentsmade and used by Harvard Medical School to develop new immunosup-pressive drugs to control organ rejection and also to study the genes thatregulate calcineurin, an important signaling enzyme in the heart, brain, andimmune systems. It is alleged that Zhu and Kimbara stole the trade secretsand then transported them from Boston, Massachusetts to San Antonio,Texas.
It is alleged that, on or about February 27, 1997 until on or aboutDecember 31, 1999, Zhu was employed as a research fellow in the Harvardlaboratory, and that, on or about October 1, 1998 until on or about
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 157
December 31, 1999, Kimbara was also employed as a research fellow inthe Harvard laboratory. According to the affidavit filed in support of thecomplaint, Zhu and Kimbara were working in Harvard Medical School’sDepartment of Cell Biology (Harvard) as postdoctoral research fellows on aresearch project in a lab under the direction of a professor of cell biology atHarvard. The complaint alleged that using information, reagents, and tech-nology developed by the Harvard professor and working under his direction,Zhu and Kimbara were involved in screening drugs, genes, and proteins tofind new agents that would block calcineurin, an immune cell constituentthat when activated can cause organ transplant rejection. Further researchand analyses by Zhu and Kimbara from February 1999 through September1999 showed that in addition to binding tightly to calcineurin, the two genesblocked the activity of calcineurin. These findings offered a potential meansof treating a number of diseases affecting the immune, cardiovascular, andnervous systems and, therefore, had significant commercial potential. It isalleged that Zhu and Kimbara each signed a Participation Agreement uponcoming to Harvard in which they agreed that all rights to any invention ordiscovery conceived or first reduced to practice as part of, or related to,their university activities were assigned to Harvard, and that their obliga-tions would continue after the termination of their Harvard employment.Researchers in the laboratory funded in part by the National Institutes ofHealth and the American Cancer Society, used information, technology, andchemical reagents previously developed by the Harvard professor to screendrugs, proteins, and genes in an effort to determine those drugs that mightcontrol organ rejection, and those genes that might control calcineurin.The lab was kept locked and considered secure.
According to the complaint, by January or February 1999, Zhu andKimbara began working from approximately 11:00 p.m. to approximately9:00 a.m., thus enabling them to work without direct supervision from theHarvard professor and to conceal their activities from him. It is alleged thatover time, the Harvard professor was able to determine that Kimbara wasdoing work that she was not sharing with him. It is alleged that, althoughZhu and Kimbara reported the discovery of four genes as a result of thegenetic screenings performed by them in the Harvard professor’s lab, that,between February 1999 and August 1999, at least seven additional genes hadbeen derived from preliminary genetic screenings performed by Zhu andKimbara. On October 22, 1999, Harvard filed a provisional patent on the twogenes and their products. It is alleged that, despite their legal and contrac-tual obligations, Zhu and Kimbara took and conspired to take proprietaryand highly marketable scientific information, belonging to Harvard, withthem to Texas, with the intention of profiting from such information bycollaborating with a Japanese company in the creation and sale of relatedand derivative products or otherwise capitalizing on the information.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
158 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
It is alleged that beginning no later than December 27, 1999 to on orabout January 1, 2000, Zhu and Kimbara removed, without permission orauthorization, at least twenty cartons, including some Styrofoam containerscommonly used to ship perishable biological materials, from the Harvardprofessor’s laboratory in the very early morning hours or at night. It is al-leged that between approximately December 22, 1999 and January 1, 2000,Zhu and Kimbara made arrangements to ship more than thirty boxes of bi-ologicals, books, and documents to the University of Texas, unbeknownst toHarvard or the Harvard professor and without permission or authorization.It is alleged that beginning on approximately January 3, 2000, other Harvardlaboratory personnel observed that significant amounts of biological mate-rial, equipment, and scientific documentation were missing from the lab.
It is alleged that on approximately January 11, 2000, Zhu and Kimbaramet with officials from Harvard, including the Harvard professor. Duringthat meeting, Zhu and Kimbara denied removing reagents, materials, andprimary data from the lab and also denied hiding the results of work con-ducted while they worked in the lab. Zhu and Kimbara announced theywere resigning their positions at Harvard and relocating to other researchpositions. They further stated that they had turned over all the primary datafor the research they conducted, and they denied that they took anythingfrom the laboratory other than personal belongings.
According to the complaint, in approximately June 2000, a significantpercentage of the materials taken from Harvard by Zhu and Kimbara wererecovered from their workspace at the University of Texas. However, manyof the materials allegedly taken by Zhu and Kimbara from the Harvardprofessor’s laboratory have not yet been recovered.
On December 13, 1999, Zhu received an offer of employment from theInstitute of Biotechnology at the University of Texas, San Antonio (Univer-sity of Texas). It is alleged that the day after receiving the offer, and while stillemployed at Harvard, Zhu sent an e-mail to a biochemical company in Japanin which he stated his intent to collaborate with another researcher after heleft Boston to commercialize the antibodies suggested by the research donein the Harvard laboratory. It is alleged that Zhu sent three new genes toJapan for the purpose of the Japanese biochemical company making anti-bodies against them, without the knowledge or authorization of the Harvardprofessor and in direct violation of the Participation Agreement signed byboth Zhu and Kimbara. It is alleged that the Japanese company did in factproduce antibodies against two of the genes and shipped these antibodiesto Zhu at the University of Texas between February and May 2000.
Zhu accepted the position with the University of Texas, both to run hisown lab and to teach. Kimbara was also hired to work in the University ofTexas laboratory.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 159
Tse Thow Sun
The U.S. Attorney’s Office for the Northern District of California announcedthat Tse Thow Sun pled guilty on April 9, 2003 to theft of trade secrets.Mr. Sun, 32 at the time, a citizen of Singapore, was indicted by a federalgrand jury on April 9, 2002. He was charged with theft of trade secrets, inviolation of 18 U.S.C. Section 1832(a)(3); attempted theft of trade secrets,in violation of 18 U.S.C. Section 1832(a)(4); and interstate transportationof stolen goods, in violation of 18 U.S.C. Section 2314. Under the pleaagreement, Mr. Sun pled guilty to theft of trade secrets.
In pleading guilty, Mr. Sun admitted that in early 2002, he was employed asan IT specialist with Online Interpreters in Chicago, Illinois. The companywas in the business of providing real-time translation services over the phonefor a variety of clients who had non-English-speaking customers. Mr. Sunadmitted that in March 2002, he approached the president of a competingbusiness located in Northern California with an offer to sell confidentialinformation about Online Interpreters. Mr. Sun demanded $3 million forthe information. At a meeting on March 29, 2002, Mr. Sun delivered a laptopcomputer and a hard drive that contained trade secrets and confidentialpropriety information about Online to the competitor. Mr. Sun admittedthat he stole this information from his employer.
John Berenson Morris
Colm F. Connolly, U.S. Attorney for the District of Delaware, announcedthat John Berenson Morris of Mt. Kisco, New York, entered a guilty pleato one count of attempting to steal and transmit trade secret informationbelonging to Brookwood Companies, Inc., a textile company based in NewYork, New York. Morris was prosecuted under the EEA, which makes thetheft of trade secrets a federal criminal offense. He faces up to 10 years’imprisonment and a fine of up to $250,000 on this charge.
During July and August 2002, Morris attempted to sell Brookwood’sproprietary pricing information to one of its competitors, Newark-basedW.L. Gore & Associates, Inc. This pricing information related to a then-outstanding multimillion-dollar U.S. DoD solicitation for bid for the pro-duction of certain military fabric products. From July 26, 2002 to August 5,2002, Morris placed a series of phone calls to a man he believed to be aGore employee, in which Morris offered to sell Brookwood’s trade secretsfor $100,000. What Morris did not know at the time, however, was that thisman was actually an undercover DoD agent. The phone calls culminatedin a meeting at a rest stop on the New Jersey Turnpike on August 5, 2002,where Morris was arrested.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
160 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
W.L. Gore contacted federal law enforcement shortly after Morris placedhis first phone call to Gore to propose the illegal sale of information. Thisaction enabled law enforcement to arrange for the undercover special agentto receive and respond to Morris’ subsequent overtures.
The case was investigated by agents with the DoD, Office of the AssistantInspector General for Investigations, Defense Criminal Investigative Service.The case was prosecuted by Assistant U.S. Attorney Keith M. Rosen.
Mikahel K. Chang and Daniel Park
The U.S. Attorney’s Office for the Northern District of California announcedthat Mikahel K. Chang pled guilty on December 4, 2001 to theft of a tradesecret and criminal forfeitures. Also, Daniel Park pled guilty to aiding andabetting criminal copyright infringement.
Mr. Chang, 32 at the time, and Mr. Park, 33 at the time, both of SanJose, California, were indicted by a federal grand jury on June 14, 2000.Both defendants were charged with one count of theft of a trade secret inviolation of Title 18, United States Code, Sections 1832(a)(1) and (a)(3).Mr. Chang was charged with two counts of criminal forfeiture pursuant toTitle 18, United States Code, Sections 1834(a)(1) and (a)(2). Mr. Park wascharged with one count of criminal forfeiture pursuant to Title 18, UnitedStates Code, Section 1834(a)(2).
Under the plea agreements, Mr. Chang pled guilty to all three countsand Mr. Park pled guilty to a superseding information charging the criminalcopyright infringement violation. In pleading guilty, Mr. Chang admitted tohaving received, possessed, and without authorization appropriated stolentrade secret information belonging to Mr. Chang’s former employer, SemiSupply, Inc., of Livermore, California, knowing such information to havebeen stolen, obtained, and converted without authorization. Specifically,Mr. Chang admitted to having received, possessed, and appropriated withoutauthorization customer and order information in databases relating to SemiSupply’s sales.
In pleading guilty, Mr. Park admitted to having aided and abetted thewillful infringement of a copyright for purposes of commercial advantageand private financial gain. Mr. Park admitted to having aided and abettedthe willful infringement of a copyright by accessing a FoxPro database pro-gram, which he knew had been copied without authorization and which hadbeen infringed for the purposes of commercial advantage and private finan-cial gain. Specifically, Mr. Park admitted that the FoxPro database programwas used to access the stolen trade secret information belonging to SemiSupply.
The maximum statutory penalty for a violation of the theft of trade se-crets statute is 10 years’ imprisonment, and a fine of $250,000 or twice the
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 161
gross gain or twice the gross loss (whichever is greatest), plus restitution ifappropriate. However, the actual sentence will be dictated by the FederalSentencing Guidelines, which take into account a number of factors, andwill be imposed at the discretion of the court.
The prosecution was the result of an investigation by agents of the HighTech Squad of the FBI, which was overseen by the Computer Hacking andIntellectual Property (CHIP) Unit of the U.S. Attorney’s Office.
Xingkun Wu
On July 31, 2001, Special Agent in Charge Peter J. Ahearn, Buffalo Division,FBI, announced the filing of a federal criminal complaint and the issuanceof a federal arrest warrant against Mr. Xingkun Wu, age 40 at the time, ofLos Angeles, California. The complaint and arrest warrant were the resultof an investigation conducted by FBI Special Agents assigned to the Elmira,New York, Resident Agency, with the assistance of the New York State Police,the FBI’s Los Angeles Division, and Corning Incorporated.
The Criminal Complaint, which was issued on July 30, 2001, charged Wu,a former employee of Corning Incorporated, with violations of Title 18,United States Code, Section 1832, which pertains to theft of trade secrets.The Criminal Complaint alleged that on or about March 10, 2000, andMay 4, 2000, in the Western District of New York, Wu knowingly attemptedto convert a trade secret to the economic benefit of someone other thanits owner (Corning Incorporated), knowing that the offense would injureCorning Incorporated as the owner of the trade secret. Investigation by theLos Angeles Division of the FBI has developed information that Wu mayhave returned to his native country, China.
Junsheng Wang and Bell Imaging Technology Corporation
The U.S. Attorney’s Office for the Northern District of California announcedthat Junsheng Wang and Bell Imaging Technology Corporation pled guiltyon April 26, 2001 to theft and copying of the trade secrets of AcusonCorporation.
Mr. Wang, age 53 at the time, of Fremont, and Bell Imaging TechnologyCorporation, a California corporation based in Fremont, were charged ina criminal information filed in federal court on April 19, 2001. Mr. Wangwas charged with theft of trade secrets in violation of Title 18, United StatesCode, Section 1832(a)(1), and Bell Imaging Technology Corporation wascharged with copying of trade secrets in violation of Title 18, United StatesCode, Section 1832(a)(2). A related company, Belson Imaging TechnologyCompany Limited, a joint venture based in the PRC, was also charged in theinformation with copying trade secrets, and that charge remains pending.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
162 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
In pleading guilty, Mr. Wang and Bell Imaging Technology Corporationadmitted that prior to August 24, 2000, Mr. Wang took without authorizationand copied for Bell Imaging Technology Corporation a document provid-ing the architecture for the Sequoia ultrasound machine that contained thetrade secrets of Acuson Corporation. According to Mr. Wang’s plea agree-ment, he had been able to obtain access to the Acuson trade secret materialsbecause his wife was employed as an engineer at that company and becauseshe had brought that document into their home. After Mr. Wang had copiedthe document, he took it with him in the year 2000 on business trips to thePRC for Bell Imaging Technology Corporation. According to Bell ImagingTechnology Corporation’s plea agreement, it is a California corporation in-volved in the manufacture and distribution of ultrasound transducers, andhas been a partner with Henson Medical Imaging Company, a Chinese com-pany, in Belson Imaging Technology Company Limited, the final defendantin this case. Mr. Wang was arrested carrying the Acuson trade secret doc-uments at San Francisco International Airport as he was about to board aflight for Shanghai, PRC, in August 2000.
The prosecutions were the result of an investigation by agents of the FBIwith cooperation from agents of the U.S. Customs Service.
Fausto Estrada
A five-count complaint unsealed on March 21, 2001 in Manhattan federalcourt charged Fausto Estrada with theft of trade secrets, mail fraud, andinterstate transportation of stolen property. According to the complaint,Estrada was a contract food services employee working at MasterCard’s head-quarters in Purchase, New York. The complaint charged that in February2001, Estrada, using the alias “Cagliostro,” mailed a package of informationhe had stolen from MasterCard to Visa’s offices located in California. Estradaallegedly offered to sell to Visa sensitive and proprietary information that hehad stolen from MasterCard’s headquarters and allegedly offered to recordhigh-level meetings within MasterCard if Visa paid Estrada and providedhim with recording equipment. According to the complaint, among theitems Estrada offered to sell to Visa was a business alliance proposal valuedin excess of $1 billion between MasterCard and a large U.S. entertainmentcorporation.
As part of a sting operation conducted by the FBI’s Computer Intrusionand Intellectual Property Squad, an FBI agent posed as a Visa representativeand negotiated for the purchase of the MasterCard documents in Estrada’spossession. These negotiations culminated in a covert meeting at which anundercover FBI agent met with Estrada in a hotel room to exchange moneyfor the stolen proprietary documents.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 163
Peter Morch
The U.S. Attorney’s Office for the Northern District of California announcedthat Peter Morch, a resident of San Francisco and a citizen of Canada andDenmark, was arrested on March 21, 2000 pursuant to a criminal complaintcharging him with theft of trade secrets in violation of Title 18, United StatesCode, Section 1832.
According to an affidavit filed in support of the criminal complaint,Mr. Morch resigned from his position as a software engineer at Cisco Systemsin Petaluma, California. While at Cisco, Mr. Morch was a team leader for aresearch and development project pertaining to voice-over and optical net-working. The day before his final date of employment at Cisco, Mr. Morchwas alleged to have burned onto CDs numerous proprietary documents, in-cluding but not limited to Cisco project ideas, general descriptions, require-ments, specifications, limitations of design, and procedures to overcome thedesign difficulties for a voice-over and optical networking software product.Shortly after, Mr. Morch started working at Calix Networks, a potential com-petitor with Cisco.
Steven Craig Hallstead and Brian Russell Pringle
Two California men, Steven Craig Hallstead, 29 at the time, and Brian Rus-sell Pringle, 34 at the time, were sentenced to prison terms on December 4,1998 in federal court in Sherman, Texas, for attempting to sell trade secretsthat belonged to the Intel Corporation. The two pled guilty to attemptingto sell several prototype computer central processing units (CPUs) that be-longed to the Intel Corporation, to the Cyrix Corporation, a competitor ofIntel. The men were convicted under the EEA. According to prosecutors,approximately five of the prototype CPUs, known at Intel as “Slot II” CPUs,were stolen in a burglary in California in April 1998. The Slot II CPUs, whichcontained various trade secrets, were in the prototype stage and were notscheduled to be released on the public market until June of that year. InMay 1998, Hallstead, identifying himself on the telephone only as “Steve,”contacted a representative of the Cyrix Corporation in Richardson, Texas,offering to sell the Slot II CPUs to Cyrix. Hallstead told the officials at Cyrixthat the CPUs were being developed by Intel and that they would be valuableto Cyrix. Cyrix immediately contacted law enforcement officials to reportthe incident. At the request of the FBI, Cyrix officials cooperated with theFBI in carrying out a sting operation to identify the individual who was at-tempting to sell the sell the Slot II CPUs to Cyrix. Cyrix officials permittedan FBI agent to pose as a Cyrix employee and, through a series of telephoneconversations, Hallstead offered to sell five of the Slot II CPUs to Cyrix for atotal of $75,000. FBI agents in Dallas, working with FBI agents in California,
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
164 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
were able to identify and locate Hallstead and his business partner, Pringle,in California. Hallstead arranged for Pringle to travel from California toRichardson to deliver two of the Slot II CPUs to the Cyrix offices in Richard-son on May 15, 1998. Pringle was arrested on that date when he arrived atthe Cyrix offices and delivered the CPUs to FBI agents who were posing asCyrix employees. Hallstead was arrested later that day in California.
Mayra Justine Trujillo-Cohen
On July 30, 1998, James H. DeAtley, the U.S. Attorney for the SouthernDistrict of Texas, announced that Mayra Justine Trujillo-Cohen, 46 at thetime, pled guilty to superseding criminal information, charging her withtheft of trade secrets, a violation of 18 United States Code, Section 1832,and one count of wire fraud, a violation of 18 United States Code, Section1343. This case was the first economic espionage case to be brought in theSouthern District of Texas.
Trujillo-Cohen pled guilty to taking a proprietary SAP ImplementationMethodology, considered to be intellectual property, from her employer,ICS, Deloitte & Touche, and then attempting to convey that methodology asher own creation for personal financial gain, after she had been terminatedfrom ICS, Deloitte & Touche.
Trujillo-Cohen also pled guilty to wire fraud. She admitted to develop-ing a scheme wherein she was able to use an insurance company’s bankaccount to pay her American Express credit card bill through wire trans-fers. Over a period of several months, Trujillo-Cohen transferred approxi-mately $436,000 from the insurance company’s bank account to her Amer-ican Express account, which she used to purchase such big-ticket items as aRover sports utility vehicle; furniture; and jewelry, including several Rolexwatches.
Steven L. Davis
Steven L. Davis, 47 at the time, pled guilty on January 27, 1998 to federalcharges that he stole and disclosed trade secrets of the Gillette Company.
At the plea hearing, a federal prosecutor told the court that in Februaryand March 1997, Davis stole and disclosed trade secrets concerning thedevelopment of a new shaving system by the Gillette Company, which isheadquartered in Boston, Massachusetts. Davis, was employed as a processcontrols engineer for Wright Industries, Inc., a Tennessee designer of fab-rication equipment, which had been hired by Gillette to assist in the de-velopment of the new shaving system. The new shaving system project wasextremely confidential and was treated so by both Gillette and Wright In-dustries. Davis told the court that in anger at a supervisor and, fearing that
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 165
his job was in jeopardy, he decided to disclose trade secret information toGillette’s competitors. The disclosures were made to Warner-Lambert Com-pany, Bic, and American Safety Razor Company.
This case was investigated by the Boston office of the FBI with assistancefrom the FBI’s Nashville office. The case was being prosecuted in Tennesseeby Assistant U.S. Attorney Jeanne M. Kempthorne, Deputy Chief of Stern’sEconomic Crimes Unit, with the assistance of Assistant U.S. Attorney WendyGoggin, of the U.S. Attorney’s Office in Nashville.
Jack Shearer and William Robert Humes
In December 1999, the Honorable U.S. District Judge Sidney A. Fitzwa-ter sentenced Jack Shearer, age 54 at the time, of Montgomery, Texas, to54 months’ imprisonment and ordered him to pay $7,655,155 in restitu-tion. William Robert Humes, age 60 at the time, of Arlington, Texas, wassentenced to 27 months’ imprisonment and ordered to pay $3.8 millionin restitution. Corporate defendants Tejas Procurement Services, Inc.; TejasCompressor Systems, Inc.; and Procurement Solutions International, L.L.C.were each sentenced to 5 years’ probation and ordered, jointly and severally,to pay $7,655,155 in restitution.
Jack Shearer pled guilty in December 1999 to two counts of an Informa-tion, which charged him with conspiracy to steal trade secrets, in violationof Title 18, United States Code, Section 1832(a)(5). William Robert Humesalso pled guilty to one count of conspiracy to steal trade secrets, in violationof Title 18, United States Code, Section 1832(a)(5).
Three corporations founded by Jack Shearer – Tejas Procurement Ser-vices, Inc.; Tejas Compressor Systems, Inc.; and Procurement Solutions In-ternational, L.L.C. – pled guilty, by their duly appointed representatives, inDecember 1999 to federal charges of conspiracy to steal trade secrets. Tejas’revenues from the stolen trade secrets were in excess of $7 million.
Shearer admitted that he stole intellectual property, or proprietary tradesecrets, from his former employer, Solar Turbines, Inc. (Solar), headquar-tered in San Diego, California. After receiving the proprietary information,Jack Shearer used this information for his own economic benefit as wellas the benefit and private commercial advantage of his companies, Tejasand Procurement Solutions International, L.L.C. (PSI), an oil and gas partscompany Shearer founded in the fall of 1998 to compete with Tejas. Headvised his employees to “sanitize” the Solar plans, drawings, designs, andschematics by removing Solar’s proprietary warnings and transferring theinformation to third-party machine shops. However, in some cases, JackShearer transferred the Solar plans, drawings, designs, and schematics tothird-party machine shops with Solar’s proprietary warnings still affixed andclearly visible. Solar parts have a specialized form, fit, and function, and plans
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
166 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
depicting Solar parts are readily identifiable as Solar proprietary plans andspecifications.
Over the years, Tejas developed a collection of Solar plans that num-bered in the many hundreds, and Tejas provided various third parties withtrade secret manufacturing information contained in these plans pertain-ing to hundreds of Solar parts. Various third-party machine shops receivedSolar’s trade secrets and began to manufacture counterfeit Solar parts atShearer’s direction. Because the counterfeit parts produced by these ma-chine shops were not manufactured to Solar’s safety standards, their useraises serious safety concerns.
Once these third-party machine shops had manufactured the counterfeitSolar parts, the parts were either shipped directly from the machine shops orto Tejas for Shearer’s customers. Jack Shearer acknowledges that he knewthe sale of the counterfeit Solar parts would injure Solar, the true ownerof the trade secrets. This trade secret information could only be obtainedfrom Solar and was not available to be purchased by the general public.Jack Shearer and Tejas instructed its sales employees to falsely represent tocustomers that the counterfeit Solar parts made by the third-party machineshops were in fact genuine. Using the Solar drawings as a guide, Jack Shearerand Tejas instructed its employees to place identical Solar parts numbers onthe counterfeit manufactured parts in order to deceive Tejas customers.Jack Shearer and Tejas also instructed its employees to create “Certificatesof Compliance” for the counterfeit parts that were similar to genuine Solarcertificates. These certificates were created specifically for Tejas customersthat requested proof of genuine Solar parts.
Shearer would also, on behalf of PSI, purchase stolen Solar trade se-cret information, specifically information on Solar fuel control valves forits top-of-the-line turbine engine, from Jack Edward Nafus in return forcash payments. From January to May 1999, PSI paid Nafus at least $6,500 incash for the stolen Solar trade secret information. Shearer and PSI passedthe trade secret information to a machine shop in order to manufacturecounterfeit Solar valves for Tejas’ main customer, an Iranian national busi-nessman who operated an oil and gas parts broker business in Uppsala,Sweden. This businessman placed millions of dollars of orders per year withTejas, and orders he placed were designed for oil field applications andpainted desert beige. Solar designs and manufactures industrial gas turbineengines and turbo machinery systems for the production and transmissionof crude oil, petroleum products, and natural gas; generating electricity andthermal energy for a wide variety of industrial applications; and for the fastferry marine market. Solar’s equipment, distributed worldwide, was usedto provide electrical power for industrial operations such as oil drilling op-erations. Solar, with approximately 5,100 employees worldwide, is a wholly
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 167
owned subsidiary of Caterpillar, Inc., the world’s leading manufacturer ofconstruction and mining equipment, diesel and natural gas engines, andindustrial gas turbines.
Shearer worked for Solar for 26 years until his employment was termi-nated in 1992. While he was employed at Solar, Shearer lived overseas andserviced a sales territory that included Libya, Jordan, Syria, Lebanon, Iraq,Iran, and Saudi Arabia. When Shearer was terminated from Solar, he startedTejas Compressor Systems, Inc., and Tejas Procurement Services, Inc., head-quartered in Conroe, Texas, in order to compete with his former employer.
Shearer obtained Solar’s trade secret information and used that informa-tion to manufacture counterfeit Solar parts through Tejas. Shearer obtainedthis confidential trade secret information through at least three individu-als, defendant William Robert Humes and defendant Jack Edward Nafus, aswell as a third named individual, now all former employees of Solar. Defen-dant Jack Edward Nafus, age 51, of River Ridge, Louisiana, also pled guiltyin December 1999 to conspiracy to sell trade secrets. Tejas, at Shearer’sdirection, paid each of these Solar employees to provide Solar drawings,plans, and schematics that included confidential specifications describingthe dimensions and manufacturing details of Solar parts. Shearer was awarethat these payments constituted unlawful transactions and knew that stealingthis proprietary trade secret information would injure Solar.
Tejas and a number of its employees became suspicious that the parts or-dered by this Iranian national businessman were going to prohibited coun-tries, such as Iran. One of Tejas’ suppliers refused to manufacture partsfor Tejas because it determined, based merely on the type of gear soughtto be manufactured, that it was a proprietary Solar part of a Solar turbineengine located in Iran. Among other reasons, the manufacturer refused tomanufacture the part for Tejas because it was in violation of the PresidentialOrder for selling such parts to prohibited countries such as Iran. In anotherinstance, a Tejas employee called Jack Edward Nafus to inquire about a pricequote for an order placed by this Iranian national businessman and learnedfrom Nafus the type of shaft she was inquiring about and trying to procurebelonged to a turbine unit located in Iraq. Nafus refused to provide theinformation to Tejas unless Tejas could provide verification that the shaftwas not destined to a customer in an embargoed country.
The use of Solar’s confidential information to manufacture counterfeitSolar parts was profitable for Tejas and, in fact, the substantial revenue gen-erated from this activity became the predominant source of Tejas’ income.By 1998, Tejas revenues were in the $8 million to $9 million range. Of thatamount, the substantial majority was based on procurement activity includ-ing, in substantial part, the manufacture of counterfeit Solar parts usingSolar’s confidential and proprietary information.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
168 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
What Do These Cases Tell Us So Far?
Criminal activity involving sophisticated technology or economic espionagehave attracted attention in recent years. Eight years have passed and justforty cases have been prosecuted under the EEA. Is the EEA being effectivelyused? Given the reported severity of the foreign trade secret theft problemthat drove the passage of the EEA, one might wonder why the number ofprosecutions is not higher. One of the fears surrounding the passage of theEEA was that publicly traded companies might be hesitant to report thetheft of their trade secrets for fear that doing so might adversely affect theirstock prices.164,165 Have the cases so far proven that to be true?
A number of important lessons can be learned from the cases to date.The cases confirm that the government will, in fact, devote significant re-sources to the investigation, prosecution, and enforcement of the EEA.166
The amount of resources that the government has invested thus far illus-trates that it takes the EEA seriously. Many of these cases arose out of FBIsting operations where extensive evidence was accumulated.167 There waslittle dispute in any of the cases as to whether the defendant had the requisitecriminal intent to satisfy the act.168 No defendant could credibly argue thathe or she had acted “inadvertently,” “negligently,” or “unintentionally” indisclosing trade secrets.169
In several cases, the indicted individuals and/or important players wereoutside agents, independent contractors, or temporary employees, not full-time regular employees.170 This is consistant with an ASIS report that suchindividuals often pose the greatest threat to a company’s trade secrets.
For those in the competitive intelligence industry, there was fear thatthe risk of prosecution under the EEA would have a large impact on howcompetitive intelligence professionals conduct their activities.171 However,in light of the cases the government has filed thus far, this fear appears tohave been misplaced.172
Most of the cases involved section 1832 (the domestic activity section),not section 1831 (the foreign activity section). Thus, we have yet to seemore section 1831 cases brought by the government, even though that wasthe single most important reason behind the passage of the EEA.173
A New Solution for Guarding Secrets
The EEA is a comprehensive device to combat trade secret misappropri-ation. It has significantly raised the stakes with respect to protecting tradesecrets. In light of its penalties, businesses must take careful notice of its pro-visions. Under the act, businesses have three major responsibilities: (1) es-tablish reasonable safeguards to protect company trade secrets, (2) preventthe contamination of the firm through the inadvertent misappropriation
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c06 CB764-Nasheri-v1 February 17, 2005 8:28
THE NEW RULE FOR KEEPING SECRETS 169
of the trade secrets of others, and (3) institute measures to prevent employ-ees from intentionally stealing the trade secrets of others.
Businesses must take a close look at their procedures involving confiden-tial information. Rules for entering into nondisclosure agreements shouldbe implemented to control the process of assuming, tracking, and enforc-ing confidentiality obligations to third parties. Hiring practices should bereviewed to avoid improper hiring of trained employees and consultantsand to emphasize respect for IPRs as part of a company’s training program.Perhaps most importantly, a company must examine its business relation-ships to determine the procedures and behaviors of those who may createvicarious liability under the EEA.
Overall, the EEA should prove to be a substantial improvement in the bat-tle against industrial espionage. It has created a national standard governingtrade secret misappropriation, supplementing the multitude of federal andstate laws that were previously used to prosecute trade secret misappropria-tors with only mild results. In so doing, the EEA has filled a significant gapin the protection of trade secrets in the global information age.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
C H A P T E R S E V E N
Multinational Conspiracy or Natural Evolution ofMarket Economy
modern technology has facilitated a dramatic rise in economic espi-onage committed by private companies, criminal organizations, and na-tional governments.1 Enterprises are faced with unprecedented risks associ-ated with the pervasive infusion of technologies into virtually every cornerof their operations. Today’s managers are faced with a daunting arrayof technology-driven risks to navigate. Economic espionage, privacy, em-ployee productivity, regulatory compliance, and systems integrity are buta few of these issues that cut across all areas of operation. These issues,if not properly handled, can have devastating consequences to an enter-prise’s viability. Unfortunately, far too many enterprises have failed to graspthe severity of these risks and take the necessary measures to mitigatethem.
The focus on economic espionage ultimately reflects an underlying be-lief in the need for industrial policy on a worldwide basis. Information is avital asset of the global economy and is vulnerable to economic espionage ifnot adequately protected by national laws and international agreements.Trade secret protection is becoming a common form of IPR and mustreceive heightened and explicit recognition in bilateral and multilateralagreements.
Despite the increasing importance of trade secrets to world economies,there is no global law on trade secrets or even a universal definition of a tradesecret. Patents, copyrights, and trademarks are addressed in comprehensiveinternational legal treaties, but trade secrets are not fully included. Whatcan be protected as a trade secret differs from country to country, and,in some nations, trade secrets have no legal standing at all. Internationalintellectual property law does not help because it is quite weak in this area.At the present time, it does not provide much protection to countries thatare regular victims of economic espionage.2
170
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
MULTINATIONAL CONSPIRACY OR NATURAL EVOLUTION 171
In response to these trends, the United States enhanced its civil andcriminal trade secret protection in federal laws.3 An increase in intellec-tual property crimes, combined with the lack of deterrence associated withcivil remedies, led the federal government and most states to enact statuteswith criminal provisions designed to prevent the theft of intellectual prop-erty rights. Was this a good idea, and should other nations follow thislead?
U.S. Emphasis on Protection of Intellectual Property
In more recent years, the U.S. Congress has taken an especially strong in-terest in intellectual property crimes as well as intellectual property law gen-erally. The protection of intellectual property is firmly rooted in Americanjurisprudence.4 The federal interest in intellectual property is no recent ortransitory development.5 Rather, the protection of U.S. intellectual propertyboth domestically and internationally has been a major policy objective ofthe U.S. government for years.
Intellectual property crimes were formally designated a “priority” byDeputy Attorney General Eric Holder on July 23, 1999.6 In announcingan Intellectual Property Rights Initiative, Deputy Attorney General Holderstated that the Department of Justice, the FBI, and the U.S. Customs Servicehad concluded that they must make investigating and prosecuting intel-lectual property crime “a major law enforcement priority.” In making theannouncement, he noted that:
[a]s the world moves from the industrial age to the information age, theUnited States’ economy is increasingly dependent on the production anddistribution of intellectual property. Currently, the U.S. leads the world inthe creation and export of intellectual property and IP-related products.7
Deputy Attorney General Holder also observed that “[a]t the same timethat our information economy is soaring, so is intellectual property theft.”Because intellectual property theft undermines the federally establishedlegal systems, it is especially appropriate that investigation and prosecutionof these crimes are a federal law enforcement priority.
The United States has consistently pushed for international agreementsto protect intellectual property, as well as the extension of state and federalremedies for the theft of trade secrets.8 Global “harmonization” of intellec-tual property laws has been a top American policy priority in more recentyears, but trade secrets are still at a disadvantage. Germany and Japan re-quire public trials for lawsuits, for example, and anyone seeking redressmust first reveal his or her trade secret. In other countries, confidentialdata are revealed when submitted for government review. In the interna-tional arena, the United States has regularly pressed for stringent protection
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
172 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
and enforcement of intellectual property rights in the world.9 The UnitedStates hopes to compel other nations to provide stronger protection for U.S.innovations.10
International Espionage for Commercial Advantage
Economic espionage will continue to rise unless nations make joint efforts todeal with the problem. As foreign corporate ownership becomes widespread,as multinationals expand, as nation-states dissolve into regions and coalesceinto supranational states, traditional concepts of ownership are fading. How-ever, the notice of “proprietary information” is here to stay, and theft willnever cease as long as there is profit to be made.11
Because of the dramatic changes to the world’s military and economicdivisions caused by the end of the Cold War, the probability is great thatnations will continue to commit economic espionage against one another.Illicit gathering of competitor nations’ economic information is what allowsmany nations to compete effectively in the world market. Those who takepart in economic espionage will not be readily willing to stop, especiallyif it means losing any clout they have as members of the global economy.World leaders recognize that economic power is fundamental to nationalpower. If nations persist in placing their domestic priorities above interna-tional norms, the international economy will suffer. For the world to achievestable economic conditions, individual governments must be willing to putaside their short-term parochial interests and begin harmonizing businesspractices, along with their legislative initiatives, with one another. It is vitalthat global leaders form an agreement on economic espionage. The world’seconomic future depends on it.
Cyberterrorism – An Emerging Threat
Terrorist groups are increasingly computer-savvy, and some are probablyacquiring the ability to use cyberattacks to inflict isolated and brief disrup-tions. Due to the prevalence of publicly available hacker tools, many of thesegroups already have the capability to launch denial-of-service and other nui-sance attacks against Internet-connected systems. As terrorists become morecomputer-savvy, their attack options will only increase.12
Terrorists worldwide have ready access to information on chemical, bi-ological, radiologic, and nuclear weapons via the Internet. Attacks againsthigh-tech businesses would cripple IT and jeopardize thousands of jobs. Thefinancial sector now depends on telecommunications for most of its trans-actions. Disruption of critical telecommunications nodes can create severehardships until services are restored. The results of sabotage could persist
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
MULTINATIONAL CONSPIRACY OR NATURAL EVOLUTION 173
for longer durations, creating difficult repairs and recovery and intensifyinguncertainty and economic losses.13
Adapting to a Changing Culture
In 1908 in the United States, to answer the need for a federal investiga-tive body, Attorney General Charles Bonaparte established a group of spe-cial agents within the DOJ now known as the FBI.14 During the organiza-tion’s early days, its agents delved into violations involving fraud, bankruptcy,and antitrust crime. When the Mann Act was passed in 1910, the bureau’ssleuthing expanded into investigating criminals who evaded state laws, buthad no other federal violations. World War I brought more responsibilitywith draft violations, espionage, sabotage, and sedition. The National MotorVehicle Theft Act, passed in 1919, gave the bureau even more to do.15
During Prohibition and the gangster era, the United States witnessed thepassage of federal criminal and kidnapping statutes, and special agents weregiven authority to carry firearms and make arrests. World War II broughtincreased growth to the bureau’s size and jurisdiction, and, with the emer-gence of the atomic age, background checks into security matters for theexecutive branch of the government became its responsibility.16 Jurisdictionover civil rights violations and organized crime followed in the 1960s; white-collar crime, drugs, violent crimes, and counterterrorism in the 1970s and1980s; and computer crimes, health care fraud, economic espionage, andthreats from weapons of mass destruction in the 1990s.17
Today we recognize that punishment of financial and economic crimesis vital, both to the prosperity of a nation’s economy and to people’s faithin the criminal justice system. Although crimes of violence and routineproperty crimes will always be with us, the criminal justice system is poorlyequipped to address the dramatic increases in crimes perpetrated with acomputer or the Internet. Too few law enforcement departments in theUnited States even know of the legal requirements for obtaining a searchwarrant for a computer, and even fewer have personnel with expertise tocapture the data sought. Most prosecutors lack the training and experienceto provide guidance. The debate over the proper venue for a computer-based crime poses other problems. The ease with which computers crossjurisdictional boundaries means law enforcement agencies, often proudof their independence, must learn better cooperation. When more than100 bank account records are finally obtained, who has the time and ex-pertise to find the “smoking gun” buried within them? When a dispatcherreceives a call about identity theft, does he or she even recognize the natureof the call and know how to aid the victim and properly route the problem?These issues must be addressed as the criminal justice system ventures intothe new millennium.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
174 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Criminalization of Trade Secret Misappropriationin the United States
Criminalizing misappropriation of trade secrets implicitly treats the interestat issue as property. When the focus of a criminal law is to punish certainconduct, the property approach is implicated; condemning conduct that in-volves some interest inevitably sweeps that interest into a protected category.In the case of the EEA, however, U.S. Congress’s adoption of the propertybasis was more explicit.
History demonstrates that many infringers will not be deterred by civilliability, which can be treated as a cost of doing business. For example, evenwhen a permanent injunction or consent decree is in force, they do notnecessarily deter some defendants. Some defendants may respond to suchcivil remedies by changing the item upon which they are infringing, suchas counterfeiting shirts bearing marks of Major League Baseball teams afterbeing the subject of an injunction obtained by the National Football League.Others close shop only to quickly reopen under a different corporate iden-tity. Criminal prosecution can better deter a violator from repeating thecrime.
Criminal prosecution of intellectual property crimes also is importantfor general deterrence. Many individuals may commit intellectual prop-erty crimes not only because they can be relatively easy to commit (e.g.,copying music), but also because they believe they will not be prosecuted.Criminal prosecution plays an important role in establishing public expec-tations of right and wrong. Even relatively small-scale violations, if permit-ted to take place openly and notoriously, can lead other people to believethat such conduct is acceptable. Although some cases of counterfeiting orpiracy may not result in provable direct loss to the holder of the IPR, thewidespread commission of intellectual property crimes with impunity canbe devastating to the value of such rights. Industry groups representingvictims of intellectual property crimes are acutely aware of their need forlaw enforcement protection for intellectual property. These victims widelypublicize successful prosecutions to send a message. The resulting pub-lic awareness of effective prosecutions can have a substantial deterrenceeffect.
Although the EEA prohibits a broad range of behavior, the United Statesdoes not appear to have been motivated by a desire to maintain commercialmorality or to prevent unfair competition. Rather, in the view of the UnitedStates, trade secrets are much like any other property.18 The United Stateseffectively gave owners the right to control any use of the information.19
The person or entity holding a trade secret can authorize certain uses,and an unauthorized use undertaken with the requisite mental state is acrime.20
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
MULTINATIONAL CONSPIRACY OR NATURAL EVOLUTION 175
Value of Lost Information
The United States’ stated goal in passing the EEA was to promote the gen-eral economic well-being of the nation. The United States was undoubtedlyinfluenced by the value of secret information and its importance to the econ-omy, and may have equated value with property. The concern over value,however, is problematic for two reasons. In this specific case, the estimatedfinancial value of lost information cannot be considered as entirely reliable,in part because the estimates vary so wildly. The estimates of lost value areoften based on an assumption that infringers would have purchased the ob-ject if it was not otherwise available, and there after is no evidence of that.21
Moreover, self-interested parties provide the estimates of losses, and theirconclusions should be viewed skeptically.
Another more general problem is that relying on value to determinewhether an object is property is circular: An object has market value in largepart because legislators or courts have given some individual or entity theright to exclude others from using it.22 Even if value were a valid standardfor deeming an object worth protecting, criminal law does not guard everyvaluable interest.23
Some have argued that criminalizing trade secret takings is a double-edged sword because, although the EEA may deter such takings, unintendedconsequences of enforcement may very well undermine the goal of eco-nomic growth. In other words, protecting trade secrets in order to encour-age innovation is not costless. One cost of enhanced rights in trade secretsis that exercising those rights impedes the ability of employees to take jobsin other firms or to start new businesses. Loss of employee mobility leads toanother cost, or inefficiency, by affecting regional economic performance.However, there is no evidence in any of the cases that would support predic-tions that the EEA was “designed to employ foreign spies”24 or that it would“destroy employee mobility.”25
The passage of the EEA marks a significant milestone in the prosecu-tion of global economic crime. The United States and foreign citizens, aswell as foreign governments, who attempt to steal their way into unearnedprofits now face substantial monetary penalties and jail time. The use ofthe EEA also greatly increases the likelihood that victims will obtain justcompensation for their injuries and will further allow courts to ensure theconfidentiality of U.S. companies’ most valuable economic assets. Finally,the international cybercriminal who specializes in surreptitious computertheft can no longer feel secure that his or her conduct will go undetected orthat he or she can escape liability because he or she is not a U.S. citizen ornot physically located in the United States. These new laws, and increasedemphasis on federal enforcement and prosecution, certainly will help theowners of valuable intellectual property protect their assets.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
176 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
Challenges to Overcome for Public–Private Partnership
Marketing the concept to corporations that the federal government canand will play an active role in assisting with the protection of proprietarytrade secrets hinges on convincing corporate executives that the economicespionage threat is real and is growing steadily. Historically, many barriershave impeded the public–private partner relationship. Many of these barri-ers are attitudes from a bygone era of mistrust and bad interactions betweenthe government and businesses. Today’s fluid marketplace and vulnerabilityto terrorism in a post-9/11 world demand a new, more cooperative set ofattitudes and relationships.
There remain many challenges to overcome in ensuring cooperation,but it is important to recognize that these challenges and roles are often dif-ferent for industry and the government. Because most of America’s criticalinfrastructure is owned or operated by the private sector, these businessesand companies face a greater degree of threat than the government, andshould therefore feel a greater incentive to engage in increased protectionand security. However, this is not the same for the rest of the industrializedworld.
The private sector is driven by profits, consumer and shareholder confi-dence, and market forces, which are strong incentives for increased security.However, a change in focus is necessary for this process to succeed. Thethreat cannot be countered with the prevailing reliance on the researchand development of new product lines as the main defense against corpo-rate espionage. Such an approach will eventually drain corporate assets tounacceptable levels because inefficient economies of scale will be realizedfrom each generation of products. In addition, very few corporate execu-tives have any type of experience in security measures or with intelligenceservices. This creates an environment in which the corporation has a naturaltendency to distance itself from the federal government rather than seekingassistance.
Yet, civil remedies may be futile under various circ*mstances. For ex-ample, intellectual property crimes are unusual because they generally arecommitted without the victim’s knowledge, even after the fact. The victimusually has no direct relationship with the infringer – before, during, or afterthe commission of the crime. If a victim is unaware of a violation by a par-ticular defendant, civil remedies will generally be unavailing. Furthermore,without criminal sanction, infringers or counterfeiters might treat the rarecase of the victim’s civil enforcement of its rights as a cost of doing business.
Finally, more laws on the books do not necessarily increase the level of pro-tection. The real key is investigation, enforcement, and prosecution of thelaws. There are at least two problems with the increased criminalization of in-tellectual property violations. First, it makes the threat of criminal sanctions
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
MULTINATIONAL CONSPIRACY OR NATURAL EVOLUTION 177
an attractive litigation tool. A plaintiff could easily refer, or threaten torefer, a case of willful counterfeiting, infringement, or trade secret misap-propriation to government prosecutors. Although there are many reasonsnot do this, the mere threat of a criminal investigation could provide addi-tional leverage in a civil case. This may create a second problem by turningborderline behavior into criminal behavior. In most cases, these criminalstatutes criminalize the same basic behavior that is also punishable civilly.This means that virtually any infringement could be criminalized, and avindictive litigant could refer a case to prosecutors as a competitive tool orlitigation strategy.
The Need for International Cooperation
There is presently much debate, both within nations and internationally,about the ways in which economic espionage should be controlled. Inter-nationally, there is a push to harmonize criminal laws in the new economyarea. There are three international organizations looking at some of theseissues: the G-8 subgroup on high-tech crime, the UN, and the COE.26 Thedebate revolves around unilateral and multilateral action.27 Industrializedcountries are the leaders in implementing this action. They are attemptingto reach agreements that would prohibit bribes and other corrupt practicesin doing business abroad.28 Corrupt business practices are illegal in all in-dustrialized countries. Hence, the proposed agreement will simply extendthat prohibition to activities abroad, potentially leading to higher ethicalstandards in developing countries where corruption runs rampant.
States must come to terms with what specifically constitutes the key ele-ments of unjustifiable, unreasonable, or discriminatory conduct with respectto economic espionage, thereby defining the problem in explicit detail.29
States must recognize what is and what is not economic espionage if they areto combat it. The first step is to identify laws that address the problem of eco-nomic espionage. Unfortunately, international laws and courts are still tooweak in enforcement to provide much help. It may be possible to construeeconomic espionage as a violation of customary law or of Article 2 of theUN Charter, as a “threat or use of force against the territorial integrity . . . ofany state, or in any manner inconsistent with the purposes of the UnitedNations” if the spying moves from passive observation to proactive influ-encing of economic events within the nation.30 Again, however, enforce-ment would probably reduce to general political pressure from the victim’sgovernment, which is quite unpredictable. International agreements mayactually point a plaintiff back to individual countries for recourse, though.Under NAFTA, “member countries must protect trade secrets from unau-thorized acquisition, disclosure or use.”31 GATT/TRIPS provides that samemisappropriation remedies requirement for member countries.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
178 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
States also must incorporate existing law, both national and international,that may apply to economic espionage, and propose new law where exist-ing law fails to control economic espionage.32 On the “supply side” of theeconomic espionage problem, states must make efforts to control their ownexports and heighten individual corporate security.33 On the “governmentside” of the economic espionage problem, states need to take advantage ofexisting governments and intelligence agencies of individual nations to curbeconomic espionage through law enforcement mechanisms. States need tospecify the roles that individual nations will play in identifying and coun-tering the threats that economic espionage imposes on the industry of allnations, paying special attention to the manner in which such functionsand roles are coordinated.34 States must identify what constitutes the indus-trial threat, by discussing the threat to the nations’ industry of economicespionage and any trends in that threat, including the number and identityof the governments conducting economic espionage, the industrial sectorsand types of information and technology targeted by such espionage, andthe methods used to conduct such espionage. Finally, states need to worktogether toward an international criminal law solution, discussing the pos-sibility of creating a coherent, modem body of international criminal lawthat deters and/or penalizes economic espionage.35
The Japanese authorities have long been irritated by accusations of eco-nomic espionage leveled against Japanese corporations. Several scandals inthe new technology field and mainly in the United States, where Japaneseengineers found themselves charged under the EEA, have convinced Japanto take some action in this regard. The economic and industrial ministryhas submitted a bill to the parliament making it a crime to steal industrialsecrets. The bill, which will bring Japan’s laws into line with those practicedin the United States, France, Germany, and other industrialized countries,is being debated in the Diet. But some have criticized the bill because itallows only civil legal action against violators.36 The bill, which would revisethe Unfair Competition Prevention Law, is aimed at protecting corporatesecrecy to strengthen the international competitiveness of Japanese com-panies. Japan wants to keep pace with other nations in protecting its com-panies’ proprietary industrial information. France, Germany, and other in-dustrialized nations consider industrial espionage a matter of criminal law.Unfair Competition Prevention Law prohibits the theft, leakage, or misuseof such corporate secrets by labeling these acts as “unfair competition.” Withthe rapid growth of IT and biotechnology, the Japanese ministry believed itwas necessary to draft a criminal law to cover cases of misuse of confidentialbusiness information. The ministry also plans to revise the Unfair Competi-tion Prevention Law to relax its stricter provisions under which companieswhose information was stolen should verify specific damages so victims canproperly be compensated for the damage caused.37
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
MULTINATIONAL CONSPIRACY OR NATURAL EVOLUTION 179
What Have We Accomplished?
In passing the EEA, the U.S. Congress tightened a seam in the existingpatchwork of federal criminal laws that helps safeguard intellectual property.Although there certainly will be many important cases prosecuted underthe new act, and although great care must be taken in the defense andprosecution of these cases, the government likely will be very selective inundertaking prosecutions and usually will handle only the most egregiouscases that send an appropriate message to private industry and would-betrade secret thieves.
Ultimately, the EEA’s greatest importance will probably be the role itplays in heightening the awareness of the seriousness of trade secret theft.The potential punitive stakes now include civil and criminal remedies, anda new code of commercial conduct in the area of intellectual property isemerging as a result. As long as corporations and other owners of tradesecrets adhere to that code and appropriately weave the provisions of theact into their compliance programs, business dealings, and employmentpractices, greater trade secret protection in the private sector undoubtedlywill result, often with no direct involvement by the government whatsoever.
Nations whose profits depend on trade secrets typically consider theirworkers a potential threat to the nation’s interests. Indeed, one would notbe wrong in concluding that the historical impetus for trade secret law wasto restrain employees from competing with their employers. Although theincongruent interests of employees and employers are well understood,38
the trade secret issue raises a special application that involves a societal in-terest. Nations have an interest in maintaining their competitive advantageby keeping trade secrets and business information from their competitorsabroad. Employees, however, want the freedom to work for whichever busi-ness values them most highly.39 Not so obviously, the community has anindependent interest in a sound and growing economy that may be alignedwith either interest.
Overall, the importance of states working together to combat economicespionage cannot be stressed enough. This already occurs between somestates, and others must follow such a lead. For example, some FBI agentsin the United States regularly make contact with Scotland Yard or with theFrench police and work collectively in attempting to stop international crim-inals who are being investigated by both countries.40 This kind of activitymay open doors for creating relationships at a higher level, such as mu-tual legal assistance treaties for dealing with economic espionage crimes.The U.S. DOJ already has such treaties, which provide procedures to shareevidence and facilitate cooperative law enforcement with many countriesthroughout the world. However, it does not presently have such treatieswith any of the countries of Eastern Europe or the former Soviet Union,
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
180 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
which began increasing their economic espionage activity with the end of theCold War.
Setting the Stage for a New Code of Commercial Conductin the Global Marketplace
Some critics, such as Vandana Shiva,41 argue that imperial power has alwaysbeen based on a convergence of military power used in the defense of trade.She argues that this convergence was at the heart of the gunboat diplomacyduring colonialism. A similar convergence is now taking shape around thedefense of trading interests in a period of globalization and free trade. This,she argues, can be seen in the EEA legislation passed by the U.S. Congressin 1996, which views IPRs as vital to national security. It can be interpretedas criminalizing the natural development and exchange of knowledge as itempowers U.S. intelligence agencies to investigate the activities of ordinarypersons worldwide in an effort to protect the intellectual property rights ofU.S. corporations.
There are deep differences in the positions and attitudes of developedand developing countries to the protection of intellectual property by legis-lation. Developed countries and particularly the most industrialized amongthem see intellectual property as the fruit of the creative capacity and intel-lectual effort of their individual citizens and companies and as the legitimatebasis for these individuals and companies to earn trading advantage. Suchadvantage cannot be exercised unless the intellectual property concerned isgiven protection against use by others. They believe, in the absence of suchprotection and the promise of later reward, research and development thatleads to inventions and new products of value to all would simply not takeplace.
Developing countries have a different perspective. They do not in generaldispute the case for patent and copyright protection. However, their individ-ual citizens and companies have little intellectual property of their own toprotect, and they do not see reason to give support to international standardsof protection that would require them to pay large sums to use technology.These matters, which are of domestic interest to developing countries interms of right to health and right to development, are perceived as issues oftrade by northern corporations that are seeking new global markets.
The lack of international legislation addressing intellectual propertycrimes is understandable in the context of yesterday’s technology. How-ever, as society becomes ever more dependent on new technology, individ-ual countries and the international community must address intellectualproperty crimes. Individual countries must enact laws to address both thenational and international aspects of these types of crimes and likewise,the international community must form an international agreement thatenables the successful enforcement of such laws.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
MULTINATIONAL CONSPIRACY OR NATURAL EVOLUTION 181
The central question is whether the taking of information or knowledgeought to be criminalized. In analyzing this problem, it is useful to remindourselves of some basic truths. First, few would dispute the notion that theadvancement of scientific knowledge is by far the most important source ofincreasing wealth and prosperity in human history. If you just look at theevolution of technology over the past two centuries alone, no one can doubtthat the standard of living of most people on earth has improved in termsof quality of medicine, health, food, comfort – all the positive values thatJeremy Bentham’s utilitarian view of law and society say should be maximizedfor the good of the whole.
Second, it is hard to dispute that, in a free market economy, intangible as-sets such as knowledge and technological advancements must be accordedsome form of property right; otherwise, there will be insufficient individ-ual incentive to develop those advancements. The failure of communismand other economic systems to provide individual property rights shouldbe proof enough that there is good justification for recognizing propertyinterest in knowledge.
A property right also finds support in the philosophical theories devel-oped by John Locke. Under his labor theory of property, there is an inherentjustification to recognizing property rights in knowledge and informationdue to the fact that it was brought about through human effort and invest-ment. So the question is not whether there should be a property interest orsome form of ownership in the fruits of one’s intellectual labor, but ratherthe question is how powerful should that property interest be since there isa countervailing societal interest in the dissemination of knowledge for thebenefit of all.
In an ideal world, every increment of greater knowledge would be mea-sured separately and accorded sufficient property rights to compensate itscreator for the labor and investment that was needed to bring it into exis-tence. That would be the ideal measure of the property interests neededto preserve the incentive to create and expand knowledge, while imposingthe least societal cost. That, however, is impossible to accomplish. Thus, thelegal regimes surrounding intellectual property must use other yardsticksto protect new knowledge.
In the case of patents, for example, the lifetime of that property inter-est has been set, somewhat arbitrarily, at 20 years. In some cases, that mayresult in a pharmaceutical company, for example, reaping vastly excessiveeconomic rewards from a new drug far beyond its research investment and,at the same time, deprive sick people in less developed countries of ac-cess to that medical discovery. Conversely, the scope of the protection ofa patent might be insufficient to prevent very close imitation and therebyfail to provide adequate return on investment. Both of these outcomes arethe consequence of uniform laws. On balance, we need to strike the righttrade-off between adequate property protection and the interest of the world
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
182 ECONOMIC ESPIONAGE AND INDUSTRIAL SPYING
community in reaping the benefits of technological advancement at a rea-sonable cost.
One of the factors that has changed in more recent history that influencesthis balance is the widespread growth of IT. As we have seen in the discussionin this book, the rapid proliferation of IT worldwide has made it easier forthe institutions that generate knowledge and technological advancementsto have the benefits of that work taken away. This is due to the increasedportability of information, the rapid development of information networksspanning vast geographic regions, and the increased mobility of the means ofproduction. In other words, the developer of a new technology can no longerrely on difficulties of travel or access as a barrier to imitation. This increasedportability means that the potential for information theft is riskier todaythan ever before. In addition, the procedural and geographic difficultiespresented to an intellectual property owner whose valuable informationhas been misappropriated thousands of miles from his or her home maketraditional civil remedies all the less effective.
One way to counteract these effects is to increase the deterrence effectfrom the laws surrounding intellectual property. The most effective way todo that, given the nature of these crimes and the actors who engage inthem, is through criminal sanctions. This raises the liability stakes and theaccountably. As Jeremy Bentham recognized with his utilitarian “spirit ofcalculation” theory of criminal justice, the nature of the actors are suchthat they will rationally choose not to engage in prohibited behaviors if thepotential sanction is high enough to outweigh the potential gain of themisconduct. In another words, there must be some higher price to paythan simply restitution to the knowledge creator; there must be seriousconsequences to deter misappropriation. This would seem to be especiallytrue where the scheme is promoted or fostered by competing governments.Otherwise, all nations run the risk of an escalating race toward technologicalespionage.
Theft of trade secrets through corruption and bribery has serious eco-nomic consequences. Corruption makes economies less competitive be-cause it undermines investment and leads to capital outflows.42 Further-more, the more resources the U.S. government and U.S. companies spendon measures to perpetuate or defend against foreign espionage, the lessmoney is available for public projects or tax incentives that might enhanceprivate research and development.43 Therefore, greater protection of tradesecret rights through international and bilateral agreements and decreasedoffensive economic espionage would protect citizens and private companiesand foster economic growth throughout the world.
Judge Posner contended that “the distinctive doctrines of the criminallaw can be explained as if the objective of that law were to promote eco-nomic efficiency,” and has argued specifically that “[t]the major function
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
MULTINATIONAL CONSPIRACY OR NATURAL EVOLUTION 183
of criminal law in a capitalist society is to prevent people from bypassingthe system of voluntary, compensated exchange – the ‘market,’ explicit orimplicit – in situations where, because transaction costs are low, the marketis a more efficient method of allocating resources than forced exchange.”44
Judge Posner specifically noted that “the market-bypassing approach pro-vides a straightforward economic rationale for forbidding theft and otheracquisitive crime. . . .”45
Some sociologists have expressed the view that the existing legal regime al-ready tilts too heavily in favor of protection of IPRs, including the well-knownsociologist John Braithwaite in his book Information Feudalism, co-authoredwith Peter Drahos.46 In their view, new intellectual property regimes are en-trenching new inequalities. Although access to information is fundamentalto so much of modern life, Braithwaite and Drahos argue that IPRs havebeen used to lock up vital information. The result, they argue, will be aglobal property order dominated by a multinational elite, an elite that ex-propriates anything from AIDS drugs for Africa, to seeds for developingworld farmers, to information on the human genome.
The concerns of Vandana Shiva, Peter Drahos, and John Braithwaite donot so much apply to the issue here, however, because their concerns are pri-marily addressing patents, which by definition involve public disseminationof knowledge in the body of the patent document. In contrast, economicespionage involves nonpublic, secret knowledge. This is a different categoryof information.
No one disagrees, however, that some form of protection is needed tofoster the development of advancement of technology. It seems unlikelythat there is some vast conspiracy at work between the industrial sectors andWestern governments to bring about a new kind of feudalism. Experienceshows, in fact, that mistrust between the private sector and government isrampant and, consequently, there is insufficient cooperation between lawenforcement, legislators, and the private sector to rein in the increasinglevel of information theft. Such conspiracy theories seem highly unlikelywith all these disparate forces working in the marketplace.
As Peter Grabosky has noted, the burden of enforcement is too great to becarried by law enforcement alone. A mixture of law as well as technologicaland market-base solutions will emerge. Nonetheless, the better course ofaction would be for governments in developed nations worldwide to adopta uniform policy toward criminalizing misappropriation of knowledge. Onlythen can there be effective deterrence and can we avoid a decline into openintelligence warfare among nations.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828c07 CB764-Nasheri-v1 February 17, 2005 11:12
184
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxA CB764-Nasheri-v1 February 17, 2005 9:34
A P P E N D I X A
UNITED STATES CODETITLE 18 – CRIMES AND CRIMINAL PROCEDUREPART II – CRIMINAL PROCEDURECHAPTER 90 – PROTECTION OF TRADE SECRETS
Cite as the “Economic Espionage Act of 1996”
Sec.1831. Economic espionage.1832. Theft of trade secrets.1833. Exceptions to prohibitions.1834. Criminal forfeiture.1835. Orders to preserve confidentiality.1836. Civil proceedings to enjoin violations.1837. Conduct outside the United States.1838. Construction with other laws.1839. Definitions.
§ 1831. Economic espionage
(a) In General – Whoever, intending or knowing that the offense willbenefit any foreign government, foreign instrumentality, or foreign agent,knowingly –
(1) steals, or without authorization appropriates, takes, carries away, or con-ceals, or by fraud, artifice, or deception obtains a trade secret:
(2) without authorization copies, duplicates, sketches, draws, photographs,downloads, uploads, alters, destroys, photocopies, replicates, transmits,delivers, sends, mails, communicates, or conveys a trade secret:
185
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxA CB764-Nasheri-v1 February 17, 2005 9:34
186 APPENDIX A
(3) receives, buys, or possesses a trade secret, knowing the same to have beenstolen or appropriated, obtained, or converted without authorization:
(4) attempts to commit any offense described in any of paragraphs (1)through (3); or
(5) conspires with one or more other persons to commit any offense de-scribed in any of paragraphs (1) through (4), and one or more of suchpersons do any act to effect the object of conspiracy.
shall, except as provided in subsection (b), be fined not more than$500,000 or imprisoned not more than 15 years, or both.
(b) ORGANIZATIONS – Any organization that commits any offense de-scribed in subsection (a) shall be fined not more than $10,000,000.
§ 1832. Theft of trade secrets
(a) Whoever, with intent to convert a trade secret, that is related to or in-cluded in a product that is produced for or placed in interstate or foreigncommerce, to the economic benefit of anyone other than the owner thereof,and intending or knowing that the offense will, injure any owner of that tradesecret, knowingly –
(1) steals, or without authorization appropriates, takes, carries away, or con-ceals, or by fraud, artifice, or deception obtains such information;
(2) without authorization copies, duplicates, sketches, draws, photographs,downloads, uploads, alters, destroys, photocopies, replicates, transmits,delivers, sends, mails, communicates, or conveys such information;
(3) receives, buys, or possesses such information, knowing the same tohave been stolen or appropriated, obtained, or converted withoutauthorization;
(4) attempts to commit any offense described in paragraphs (1) through(3); or
(5) conspires with one or more other persons to commit any offense de-scribed in paragraphs (1) through (3), and one or more of such personsdo any act to effect the object of the conspiracy, shall, except as providedin subsection (b), be fined under this title or imprisoned not more than10 years, or both.
(b) Any organization that commits any offense described in subsection (a)shall be fined not more than $5,000,000.
§ 1833. Exceptions to prohibitions
This chapter does not prohibit –
(1) any otherwise lawful activity conducted by a governmental entity of theUnited States, a State, or a political subdivision of a State; or
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxA CB764-Nasheri-v1 February 17, 2005 9:34
APPENDIX A 187
(2) the reporting of a suspected violation of law to any governmental entityof the United States, a State, or a political subdivision of a State, if suchentity has lawful authority with respect to that violation.
§ 1834. Criminal forfeiture
(a) The court, in imposing sentence on a person for a violation of thischapter, shall order, in addition to any other sentence imposed, that theperson forfeit to the United States –
(1) any property constituting, or derived from, any proceeds the personobtained, directly or indirectly, as the result of such violation; and
(2) any of the person’s property used, or intended to be used, in any manneror part, to commit or facilitate the commission of such violation, ifthe court in its discretion so determines, taking into consideration thenature, scope, and proportionality of the use of the property in theoffense.
(b) Property subject to forfeiture under this section, any seizure and dis-position thereof, and any administrative or judicial proceeding in relationthereto, shall be governed by section 413 of the Comprehensive Drug AbusePrevention and Control Act of 1970 (21 U.S.C. 853), except for subsections(d) and (j) of such section, which shall not apply to forfeitures under thissection.
§ 1835. Orders to preserve confidentiality
In any prosecution or other proceeding under this chapter, the court shallenter such orders and take such other action as may be necessary and ap-propriate to preserve the confidentiality of trade secrets, consistent withthe requirements of the Federal Rules of Criminal and Civil Procedure,the Federal Rules of Evidence, and all other applicable laws. An inter-locutory appeal by the United States shall lie from a decision or orderof a district court authorizing or directing the disclosure of any tradesecret.
§ 1836. Civil proceedings to enjoin violations
(a) The Attorney General may, in a civil action, obtain appropriate injunctiverelief against any violation of this section.
(b) The district courts of the United States shall have exclusive originaljurisdiction of civil actions under this subsection.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxA CB764-Nasheri-v1 February 17, 2005 9:34
188 APPENDIX A
§ 1837. Applicability to conduct outside the United States
This chapter also applies to conduct occurring outside the United States if –
(1) the offender is a natural person who is a citizen or permanent residentalien of the United States, or an organization organized under the lawsof the United States or a State or political subdivision thereof; or
(2) an act in furtherance of the offense was committed in the United States.
§ 1838. Construction with other laws
This chapter shall not be construed to preempt or displace any other reme-dies, whether civil or criminal, provided by United States Federal, State,commonwealth, possession, or territory law for the misappropriation of atrade secret, or to affect the otherwise lawful disclosure of information byany Government employee under section 552 of title 5 (commonly knownas the Freedom of Information Act).
§ 1839. Definitions
As used in this chapter
(1) the term ‘foreign instrumentality’ means any agency, bureau, min-istry, component, institution, association, or any legal, commercial, orbusiness organization, corporation, firm, or entity that is substantiallyowned; controlled, sponsored, commanded, managed, or dominatedby a foreign government;
(2) the term ‘foreign agent’ means any officer, employee, proxy, servant,delegate, or representative of a foreign government;
(3) the term ‘trade secret’ means all forms and types of financial, business,scientific, technical, economic, or engineering information, includ-ing patterns, plans, compilations, program devices, formulas, designs,prototypes, methods, techniques, processes, procedures, programs, orcodes, whether tangible or intangible, and whether or how stored,compiled, or memorialized physically, electronically, graphically, pho-tographically, or in writing if –(A) the owner thereof has taken reasonable measures to keep such
information secret; and(B) the information derives independent economic value, actual or
potential, from not being generally known to, and not being readilyascertainable through proper means by, the public; and
(4) the term ‘owner’, with respect to a trade secret, means the person orentity in whom or in which rightful legal or equitable title to, or licensein, the trade secret is reposed.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxB CB764-Nasheri-v1 February 17, 2005 9:38
A P P E N D I X B
FEDERAL GOVERNMENT GETS ‘D’ ON SECURITY
GRADES
Agency 2003 2002Nuclear Regulatory Commission A CNational Science Foundation A− D−Social Security Administration B+ B−Labor Department B C+Education Department C+ DVeterans Affairs Departmenta C FEnvironmental Protection Agency C D−Commerce Department C− D+Small Business Administration C− fa*gency for International Development C− FTransportation Department D+ FDefense Departmenta D FGeneral Services Administration D DTreasury Departmenta D FOffice of Personnel Management D− FNASA D− D+Energy Department F FHealth and Human Services Department F D−Interior Department F fa*griculture Department F FHousing and Urban Development Department F FState Department F FHomeland Security Department F –Governmentwide average D F
a No independent evaluation from the inspector general.Source: House Government Reform Committee’s Subcommittee On Technology, Information Policy,Intergovernmental Relations, and the Census.
189
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxC CB764-Nasheri-v1 February 17, 2005 9:49
A P P E N D I X C
ECONOMIC ESPIONAGE ACT CASE CHART
Following is a summary chart of cases prosecuted under the Economic Espi-onage Act (EEA), 18 U.S.C. §§ 1831–9. This chart does not reflect ongoinginvestigations into the theft of trade secrets. This appendix also providesinformation about significant cases that involve allegations of trade secrettheft, but did not include or have not as of December 2003 resulted in aformal charge under the EEA. The table contains only those cases in whichcharges have been publicly filed as of 2003.
190
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxC CB764-Nasheri-v1 February 17, 2005 9:49
Eco
nom
icE
spio
nag
eM
eth
odof
Act
Cas
esV
iola
tion
sD
efen
dan
tsT
hef
tTr
ade
Secr
etPu
nis
hm
ent
Oth
er
EE
AC
omp.
Col
loqu
ialC
ase
Nam
eIn
trus
ion
(Dis
tric
t)IT
SPIn
side
rPr
ess
Rel
ease
Dat
eC
opyr
igh
tE
x-E
mpl
oyee
Type
ofIn
carc
erat
ion
Fin
eor
Dat
eof
Mos
tM
ailF
raud
Com
peti
tor
Info
rmat
ion
orPr
obat
ion
Forf
eitu
reR
ecen
tCou
rtA
ctiv
ity
Wir
eFr
aud
Ind.
Cor
p.O
utsi
der
Stol
enin
Mon
ths
Res
titu
tion
U.S
.v.S
ereb
ryan
y(C
.D.C
al.)
Sept
embe
r8,
2003
EE
A1
–In
side
rA
cces
sca
rdco
ntr
olin
form
atio
n
6014
6K
U.S
.v.B
ranc
h(E
rski
ne)
(C.D
.Cal
.)Ju
ne
25,2
003
EE
AC
onsp
irac
y2
–E
x-em
ploy
ee,
com
peti
tor
Com
peti
tor
prop
riet
ary
docu
men
ts
––
U.S
.v.G
arri
son
(N.D
.Cal
.)M
ay23
,200
3
Com
p.In
trus
ion
1–
Insi
der
En
gin
eeri
ng
draw
ings
and
data
––
U.S
.v.W
ooda
rd(N
.D.C
al.)
May
14,2
003
EE
A1
–E
x-em
ploy
eePr
opri
etar
yda
taba
ses
––
U.S
.v.S
un(N
.D.C
al.)
Apr
il11
,200
2
EE
A1
–In
side
rC
usto
mer
and
busi
nes
sin
form
atio
n
––
FBI
stin
g
(con
tinue
d)
191
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxC CB764-Nasheri-v1 February 17, 2005 9:49
(con
tinue
d)
Eco
nom
icE
spio
nag
eM
eth
odof
Act
Cas
esV
iola
tion
sD
efen
dan
tsT
hef
tTr
ade
Secr
etPu
nis
hm
ent
Oth
er
EE
AC
omp.
Col
loqu
ialC
ase
Nam
eIn
trus
ion
(Dis
tric
t)IT
SPIn
side
rPr
ess
Rel
ease
Dat
eC
opyr
igh
tE
x-E
mpl
oyee
Type
ofIn
carc
erat
ion
Fin
eor
Dat
eof
Mos
tM
ailF
raud
Com
peti
tor
Info
rmat
ion
orPr
obat
ion
Forf
eitu
reR
ecen
tCou
rtA
ctiv
ity
Wir
eFr
aud
Ind.
Cor
p.O
utsi
der
Stol
enin
Mon
ths
Res
titu
tion
U.S
.v.M
urph
y(N
.D.C
al.)
Apr
il2,
2003
EE
A,
Com
p.In
trus
ion
1–
Ex-
empl
oyee
Com
pute
rso
urce
code
––
U.S
.v.Y
e(N
.D.C
al.)
Dec
embe
r4,
2002
EE
AC
onsp
irac
y2
–E
x-em
ploy
eePr
ojec
tin
form
atio
n–
–
U.S
.v.M
orri
s(D
.Del
.)O
ctob
er17
,200
2
EE
A1
–E
x-em
ploy
eePr
opri
etar
ypr
icin
gin
form
atio
n
––
U.S
.v.K
issa
ne(S
.D.N
.Y.)
Oct
ober
15,2
002
EE
A1
–E
x-em
ploy
eeC
ompu
ter
sour
ceco
de24
–
U.S
.v.K
eppe
l(W
.D.W
ash
.)A
ugus
t23,
2002
EE
AC
opyr
igh
t1
–O
utsi
der
Test
mat
eria
l–
–
192
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxC CB764-Nasheri-v1 February 17, 2005 9:49
U.S
.v.Z
hu(D
.Mas
s.)
Jun
e19
,200
2
EE
AIT
SP2
–In
side
rG
enet
icsc
reen
ing
disc
over
ies
––
U.S
.v.D
orn
(D.K
an.)
Jun
e3,
2002
EE
A1
–In
side
r,ou
tsid
erC
usto
mer
info
rmat
ion
––
U.S
.v.O
kam
oto
(N.D
.Oh
io)
May
1,20
02
EE
AIT
SP2
–In
side
rD
NA
cell
line
––
Firs
tin
dict
men
tun
der
18U
.S.C
.§
1831
U.S
.v.C
omTr
iad
(D.N
.J.)
Apr
il11
,200
2
EE
AC
onsp
irac
y3
1In
side
r,ou
tsid
erC
ompu
ter
sour
ceco
de–
–
U.S
.v.D
addo
na(D
.Con
n.)
Mar
ch12
,200
2
EE
AC
omp.
Intr
usio
n
1–
Insi
der
En
gin
eeri
ng
plan
s5
hom
ede
ten
tion
36pr
ob.
Fin
e:4K
Res
t:10
KPl
edgu
ilty
to§
1832
viol
atio
nU
.S.v
.Rec
tor
(M.D
.Fla
.)Ja
nua
ry28
,200
2
EE
AC
omp.
Intr
usio
n
2–
Insi
der,
ex-e
mpl
oyee
Dru
gde
liver
ysy
stem
form
ulas
14–
FBI
stin
g
U.S
.v.S
ayL
yeO
w(N
.D.C
al.)
Dec
embe
r11
,200
1
EE
A1
–E
x-em
ploy
eeM
icro
proc
ess
orre
sear
ch24
–
U.S
.v.C
hang
(N.D
.Cal
.)D
ecem
ber
4,20
01
EE
A2
–In
side
rC
usto
mer
info
rmat
ion
1260
K
(con
tinue
d)
193
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxC CB764-Nasheri-v1 February 17, 2005 9:49
(con
tinue
d)
Eco
nom
icE
spio
nag
eM
eth
odof
Act
Cas
esV
iola
tion
sD
efen
dan
tsT
hef
tTr
ade
Secr
etPu
nis
hm
ent
Oth
er
EE
AC
omp.
Col
loqu
ialC
ase
Nam
eIn
trus
ion
(Dis
tric
t)IT
SPIn
side
rPr
ess
Rel
ease
Dat
eC
opyr
igh
tE
x-E
mpl
oyee
Type
ofIn
carc
erat
ion
Fin
eor
Dat
eof
Mos
tM
ailF
raud
Com
peti
tor
Info
rmat
ion
orPr
obat
ion
Forf
eitu
reR
ecen
tCou
rtA
ctiv
ity
Wir
eFr
aud
Ind.
Cor
p.O
utsi
der
Stol
enin
Mon
ths
Res
titu
tion
U.S
.v.P
etro
lino
(S.D
.Fla
.)N
ovem
ber
29,2
001
EE
AE
EA
Con
spir
acy
2–
Out
side
rSe
curi
ties
brok
ercu
stom
eran
dac
coun
tin
form
atio
n
––
U.S
.v.W
u(W
.D.N
.Y.)
July
31,2
001
EE
A1
–E
x-em
ploy
eeN
etw
ork
swit
chpl
ans
––
U.S
.v.W
ang
(N.D
.Cal
.)A
pril
26,2
001
EE
A1
1In
side
rU
ltra
soun
dm
ach
ine
blue
prin
ts
––
U.S
.v.E
stra
da(S
.D.N
.Y.)
Mar
ch21
,200
1
EE
AC
omp.
Intr
usio
nIT
SP
1–
Out
side
rC
onfi
den
tial
docu
men
ts–
–FB
Ist
ing
194
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxC CB764-Nasheri-v1 February 17, 2005 9:49
U.S
.v.D
ai(W
.D.N
.Y.)
Aug
ust2
3,20
01(s
ente
nci
ng)
Oth
er1
–E
x-em
ploy
eeC
ompu
ter
sour
ceco
de24
prob
.50
KPl
edgu
ilty
to§
2701
viol
atio
n
U.S
.v.M
orch
(N.D
.Cal
.)M
arch
21,2
001
EE
AC
omp.
Intr
usio
n
1–
Ex-
empl
oyee
Soft
war
ede
sign
docu
men
ts
36pr
ob.
–C
har
ged
unde
rE
EA
;pl
edto
§10
30vi
olat
ion
U.S
.v.C
orgn
ati
(S.D
.Fla
.)Ju
ne
12,2
000
(sen
ten
cin
g)
EE
A1
–O
utsi
der
Soft
war
e60
prob
.12
0K
U.S
.v.E
verh
art
(W.D
.Pa.
)M
arch
30,2
000
(sen
ten
cin
g)
EE
A1
–E
x-em
ploy
ee–
–
195
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828apxC CB764-Nasheri-v1 February 17, 2005 9:49
196 APPENDIX C
Glossary
For the purposes of the EEA Case Chart, the following words or phrases aredefined:
Violation – This category lists the U.S. Code provisions of the chargingdocument or offenses that were the basis of conviction.EEA – The Economic Espionage Act prohibits foreign economic espi-
onage and the theft of trade secrets, 18 U.S.C. §§ 1831–1839.Comp. Intrusion – The Computer Fraud and Abuse Act protects the con-
fidentiality, integrity, and availability of electronically stored data, 18U.S.C. § 1030.
ITSP – Interstate Transportation of Stolen Property, 18 U.S.C. § 2314.Copyright – Criminal copyright infringement, 18 U.S.C. §§ 2318–2319.Mail fraud – Prohibits use of the mails in furtherance of a scheme to
defraud, 18 U.S.C. § 1341.Wire fraud – Prohibits the use of interstate wires in furtherance of a
scheme to defraud, 18 U.S.C. § 1343.Defendants – This category lists the number and type of defendants (indi-
vidual and/or corporate).Method of theft – This category indicates the status of the defendant relative
to the victim.Insider – Crime and arrest occurred while defendant was employed by
the victim.Ex-employee – Crime may have occurred in part while the defendant was
employed by the victim, but arrest occurred after defendant left victim’semploy.
Competitor – Includes individuals or corporations that are in a competi-tive relationship with the victim.
Outsider – Includes individuals or corporations that steal trade secretsfor their own use or to sell to a third party.
Trade secret – This category provides a brief description of the stolentrade secret.
PunishmentIncarceration or probation (months) – Refers to number of months of
incarceration (prison, home confinement) imposed on the lead de-fendant or, if no incarceration was imposed, the number of months ofprobation.
Fine, forfeiture, restitution – The combined amount that the lead defen-dant must pay in fines, restitution, and forfeiture.
Other – This column to note unusual aspects of the case.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
Notes
Chapter One
1. Loeb et al. (2001), sec. A, p. 1.2. Martin (1995), 10.3. Locke (1884), Chapter V, Book II.4. See Ewing (1929); Walker (1980).5. Kant (1887), 195–6.6. Bentham (1843), 396, 402.7. The EEA was heavily supported by the U.S. Department of Justice and the
FBI, which jointly drafted the first version of the EEA for Congress’s consid-eration. Counterintelligence Executive Notes 13–96 (accessed 2004); NationalCounterintelligence Executive. “Annual Report to Congress on Foreign Eco-nomic Collection ad Industrial Espionage 2001.” Accessed June 2004. Availableat: <http://www.ncix.gov/docs/fecie fy01.pdf>. see House Report No. 104-788(1996), 6 (inapplicability of federal criminal laws). U.S. Congress. House of Rep-resentatives. Committee on the Judiciary. House Report no. 104-788 (to accom-pany H.R. 3723). Washington: GPO, 1996, reprinted in 1996 U.S.C.C.A.N. 402.
8. Murray (accessed 2003).9. King & Bravin, Call it Mission Impossible, Inc. – Corporate Spying Firms Thrive,
Wall St. J., July 3, 2000, at B1. “Revictimization . . . ” (2001).10. Fialka (1997), 18.11. King & Bravin (2000).12. Ibid.13. Ibid.14. Ibid.; see also Robbins, In the New World of Espionage, the Targets are Eco-
nomic, N.Y. Daily News, September 5, 1994 (“American business executives werestunned in 1991 when the former chief of the French intelligence service re-vealed that his agency had routinely spied on U.S. executives traveling abroad[and] that his agency had regularly bugged first-class seats on Air France so asto pick up conversations by traveling execs, [and] then [entering] their hotelrooms to rummage through attache cases.”).
197
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
198 NOTES TO PP. 8–9
15. King & Bravin (2000).16. Ibid.17. See Gomes (1999), sec. B, p. 1, noting how Microsoft has formed a shadow
team around Linux to better understand and anticipate the software and firmsoffering it.
18. See Wingfield (2000), sec. B, p. 1; see also Lisser (1999), sec. A, p. 1.19. McCarthy (2000), sec. A, p. 1.20. Bennett & Mantz (2000), sec. A, p. 34.21. See Bridis et al. (2000), sec. A, p. 1, noting Oracle sifting through Microsoft’s
trash.22. “Revictimization . . . ” (2001).23. See Nelson and Anders (1999), sec. A, p. 2.24. See McCartney (2000), sec. B, p. 1.25. See Bridis et al. (2000), sec. A, p. 1; Stone, B. (2000), 49.26. “Annual Report to Congress on Foreign . . . ” (1995).27. See Senate, S12201 S12207, 104th Cong., 2d sess., Cong. Rec. (2 October
1996), 142. Congressional Record. “Economic Espionage Act of 1996.” Ac-cessed October 2003. Available at: <http://thomas.loc.gov/cgi-bin/query/R?r104:FLD001:S62208-S62210>.
28. See Senate Report No. 104-359 (1996), 8.29. Freeh statement (1996).30. Schweizer (1996), 11.31. Ibid.32. See “CIA Fingers France . . . ” (1996), sec. A, p. 12; see also Jackamo (1992), 944,
citing Gertz (1992), sec. A, p. 1; Behar (1997), 64.33. See Berthelsen (1994), 28.34. Foley, T. D. (1994), 143; Dreyfuss, R. (1996), 39; Berthelsen (1994), 28; Alster
(1992), 200. “Revictimization . . . ” (2001).35. See Lowry, T. (1998), sec B, p. 1.36. Silicon Valley is probably the most targeted area due to the concentration of
electronics, aerospace, and biotechnological industries; its ties to Asia; and themobility and sophistication of its workforce. See Foley, T. D. (1994), 143. SeeAlster (1992), 200, 204.
37. Freeh statement (1996), 12; see Senate, S12208 S12211, 104th Cong., 2d sess.,Cong. Rec. (2 October 1996), Freeh, Louis. Statement. Economics Espionage:Joint Hearing Before the Select Comm. on Intelligence of the U.S. Senateand the Subcomm. on Terrorism, Tech., and Gov’t Info. of the Comm. onthe Judiciary of the U.S. Senate. 104th Cong., 2d Sess., (4 December 1996).Accessed June 2004. Available at: <http://thomas.loc.gov/cgi-bin/query/R?r104:FLD001:S62208-S62210>. 142; Burchette (1994), sec. F, p. 1; “EconomicEspionage – Spies Come . . . ” (1991), sec. A, p. 3.
38. Farnham (1997), 114.39. Yates (1993a), sec. C, p. 1; Freeh statement (1996), 14; Higgins statement (1996).40. Foley, T. D. (1994), 141–2.41. King and Bravin (2000), sec. B, p. 1.42. Ibid.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 9–16 199
43. A 3.5-in. computer disk can store approximately 720 pages of double-spaced type.Toren (1996). As one commentator summarized the problem: “An employee candownload trade secret information from a company’s computer to a diskette,transfer the information to the hard drive of a home computer and then upload itto the Internet, where it can be transmitted worldwide within minutes. . . . Withindays, a U.S. company can lose complete control over its trade secrets forever”Halligan (1996). See also Senate Report No. 104-359 (1996), 18.
44. Davis (1996), 42, 44.45. Foley, T. D. (1994), 143; Dreyfuss, R. (1996), 39; Berthelsen (1994), 28; Alster
(1992), 200.46. “Russians Arrest . . . ” (1995), sec. D, p. 5.47. Swartz (1997), sec. A, p. 1 (Statement of Daniel Greer, Director of Engineering
for Open Market). “Revictimization . . . ” (2001).48. Approximately 70% of the market value of a typical U.S. company is in IP assets.
See American Society of Industrial Security (1999) (accessed 2003).49. World Intellectual Property Organization (2003).50. Ibid.51. Ibid.52. Carey (1995), sec. A, p. 8; according to 2000 data, Intel Corp. spends approxi-
mately $3.9 billion on research and development annually. Intel Corp. (2000),“2000 Annual Report.”
53. Cole (1997), sec. B, p. 10.54. “Worming Out the Truth,” (2000), 89.55. Industrial espionage is a corporation’s use of illegal techniques to collect in-
formation, such as trade secrets, not voluntarily provided by the source. See,generally, Gilad et al. (1988).
56. Bergier (1969), 3.57. Jackamo (1992), 945.58. Ryan (1998).59. Fraumann (1997).60. See Specter statement (1996).61. USC, title 18, sec. 1831 (2000).62. Moyer (1994), 182.63. Kober (1998), 10.64. Moyer (1994), 182.65. Quoted in Schweizer (1993), 9.66. Bluestein (1996), sec. A, p. 28.67. “CIA: Israel Among Most ‘Extensive’ Economic Espionage” (1996), 16.68. Capaccio (1996), 1.69. U.S. General Accounting Office (1996), 1.70. Capaccio (1996), 171. Hirst and Breslan (1995), 34.72. Kaslow (1995), 1.73. “Shift in Espionage Trends” (2001).74. See Foley, T. D. (1994); Clark (1997).75. Schweizer (1996).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
200 NOTES TO PP. 17–20
76. Gallagher (1998).77. Canadian Security Intelligence Service, “1996 Public Report, Economic Secu-
rity” (accessed 2003).78. Economic Espionage Act of 1996 (U.S. Statutes at Large, 1996) USC, title 18, secs.
1831–1839 (1997).79. Keithly and Ferris (2002).80. Jackamo (1992), 945.81. Boadle (1994).82. Bergier (1969), 3.83. Ibid.84. Fialka (1997).85. See Schweizer (1993), 5.86. Burchette (1994), sec. F, p. 1.87. See Schweizer (1993), 5.88. Intelligence is categorized as strategic or tactical. See Watson (1990), xi. Strate-
gic intelligence is “information on events, threats, and individuals that createmajor problems for the federal government.” Id. Tactical intelligence is (1) in-formation used to assess military threats against the U.S. armed forces and(2) covert and clandestine operations used to collect information or to influ-ence events.
89. Counterintelligence “may include tracking suspected foreign intelligence op-eratives, passing on deceptive information to foreign spies, and working withindigenous industries to prevent infiltration by foreign intelligence services”Foley, T. D. (1994), 141–2.
90. See Freeh statement (1996); Fraumann (1997).91. See Jackamo (1992), 942.92. Vaknin (2002b).93. President Clinton stated: “Economic security is vital to U.S. interests. The col-
lection and analysis of intelligence related to economic development will playan increasingly important role in helping policymakers understand economictrends.” University of Lethbridge . . . Management Matters (1997).
94. Carr et al. (2000), 164; House Report No. 104-788 (1996), 5; Senate ReportNo. 104-359 (1996), 7.
95. United States v. Hsu, 155 F.3d 189 (3d Cir. 1998).96. Carr et al. (2000). “Revictimization . . . ” (2001).97. Keithly and Ferris (2002).98. See Congressional Record, 142d Cong., S12208, daily ed. 2 October 1996 (State-
ment of Sen. Specter).99. Fialka (1997).
100. Glickman (1994), 144. “With the end of the Cold War, Americans accept todaymore than ever the premise that economic strength defines national security.”
101. See Schweizer (1996), 13.102. See Cooper statement (1996).103. See Sherr (1994/1995), 59.104. See Schweizer (1993), 5.105. Ibid.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 21–25 201
106. Boren (1992), 854.107. Fialka (1997).108. See Desmet (1999), 98.109. Richelson (2000), 41–4.110. Waller (1995), 50.111. Richelson (2000), 41–4.112. Pincus (1996), sec. A, p. 18.113. Waller (1995), 50.114. “French Won’t Expel U.S. Diplomats” (1995), sec. A, p. 10.115. Sanger and Weiner (1995), sec. F, p. 1.116. Landers (1996), sec. D, p. 1.117. Kelsey and Leppard (1996).118. Morris et al. (1996), 26.119. Kelsey and Leppard (1996).120. Richelson (2000), 41–4.121. Ibid.122. Ibid.123. See Echelon, “Answers to Frequently Asked Questions About Echelon,” nn. 14,
16, 18, 25, & 28, and accompanying text (accessed 2003). Note that the NSAis actually the American intelligence agency behind Echelon, but the CIA isbeing implicated for use of the information derived from Echelon.
124. Matthews (2000).125. Drozdiak (2000), 4.126. Paine (1991), 250.127. Landes et al. (1991).128. Restatement (Third) of Unfair Competition, sec. 39, comment a (1995).129. Deutch (1997), listing English cases.130. Vickery v. Welch, 36 Mass. (1 Pick.) 523, 526 (1837).131. See Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 481–82 (1974), discussing the
broad policies supporting trade secret law.132. See Jager (1996), 1.03, 1–4; 1–8.133. Ibid.134. See Restatements of Torts, sec. 757 (1939): One who discloses or uses another’s
trade secret, without a privilege to do so, is liable to the other if (a) he discoveredthe secret by improper means, or (b) his disclosure or use constitutes a breachof confidence reposed in him by the other in disclosing the secret to him, or(c) he learned the secret from a third person with notice of the facts that it wasa secret and that the third person discovered it by improper means or that thethird person’s disclosure of it was otherwise a breach of his duty to the other,or (d) he learned the secret with notice of the facts that it was a secret and thatit* disclosure was made to him by mistake.
135. Restatement (First) of Torts, sec. 757 (1939).136. Band et al. (1997).137. Steiker (1997).138. Mann, K. (1992), 1807.139. Fisse (1983), 1147.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
202 NOTES TO PP. 25–33
140. Steiker (1997).141. Mossinghoff et al. (1997).142. See generally, Collins (1997).143. See Epstein (1995), 1–28.144. Economic Espionage Act of 1996 (U.S. Statutes at Large, 1996), 3488; see Moss-
inghoff et al. (1997), 191–5, discussing reasons for enactment of EEA.145. Economic Espionage Act of 1996 section 1831. Penalties for those convicted of this
activity include fines up to $500,000 or imprisonment for up to 15 years, orboth.
146. Damadian testimony (1996).147. Yates (1996), sec. C, p. 1.148. Damadian testimony (1996).149. Fialka (1996).150. The United States is a member of the World Intellectual Property Organization
(WIPO) and the World Trade Organization (WTO), both of which adminis-ter agreements that have established international IP standards. The WTO’sAgreement on Trade Related Aspects of Intellectual Property Rights (TRIPS),Sept. 27, 1994, is the most comprehensive agreement to date, and the first toinclude enforcement provisions.
151. See United States Code (USC), title 18, sec. 2710 (2000) (wrongful disclosure ofvideotape rental or sales records).
152. See Senate, testimony of Arlen Specter, S12207–08, 104th Cong., 2d sess., Cong.Rec. (2 October 1996), 142.
153. See Carr et al. (2000), 168–70. “Revictimization . . . ” (2001).154. “World Forum Designed . . . ” (2000), 35.
Chapter Two
1. See Gorelick testimony (1996), 150, 155, describing how technology generally,and information networks specifically, play critical roles in the functioning anddevelopment of these important areas.
2. Science and Technology in U.S. International Affairs (1992), 6.3. See Toffler and Toffler (1993), 19, discussing what they view as the “Third
Wave” of civilization.4. See Arquilla and Ronfeldt (1996), 33–5, explaining that the “network form”
involves large-scale use of interconnected groups of information storage andretrieval technologies such as computers.
5. Ramo (1997), 54.6. Carey (1995), sec. A, p. 8.7. Cole (1997), sec. B, p. 10.8. Carey (1995), sec. A, p. 8.9. See Winton (1995), sec. A, p. 1; “Man Charged . . . ” (1995), 8.
10. Simmonsen (2002), sec. A, p. 1.11. Rosecrance (2000), “News-Early” section, p. 20.12. Rodger (2000), sec. A, p. 1.13. The National Fraud Center, Inc. (2000).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 33–42 203
14. Young (1996), 70.15. See Bick (1998).16. The National Fraud Center, Inc. (2000).17. O’Reilly (accessed 2003).18. Lynch (accessed 2003).19. Approximately 70% of market value of atypical U.S. company is in IP assets.
American Society for Industrial Security (1999) (accessed 2003).20. Department of Justice Website (accessed 1999).21. Sciglimpaglia (1991), 245.22. See generally, Stoll (1989).23. “Cyber-Attacks, Information Theft . . . ” (2001).24. Ibid.25. Clark (1997).26. See Schwartau (1994), 308–10, describing how a concerted attack against critical
financial and communication networks could result in widespread panic andlead to a situation resembling anarchy.
27. Ibid.28. See Schleslinger testimony (1996), arguing that the break-up of the Soviet Union
and the Warsaw Pact caused the dissolution of the only military force capable ofchallenging the advanced “Western” countries on a global scale. The Gulf Warindicated the superiority of U.S. and European military forces over regionalpowers such as Iraq.
29. See Knowles (1997), describing how the U.S. Air Force is now conducting inten-sive studies of both offensive and defensive information warfare.
30. Toffler (1990).31. See, e.g., Seper (1993), sec. A, p. 5.32. See, e.g., Starkman (1998), sec. A, p. 6.33. See, e.g., Seper (1993), sec. A, p. 5.34. See, e.g., “911 Lines . . . ” (1997), sec. D, p. 4.35. See, e.g., McAllester (1997), sec. A, p. 41.36. See, e.g., “Israeli Teenager Questioned . . . ” (1998), sec. A, p. 4.37. See, e.g., “Israel Indicts Hackers” (1999), sec. A, p. 4.38. Wray (1999).39. Harmon (1998), sec. A, p. 1.40. See “Cybercrimes,” (1998) reporting that Britain, France, Germany, Italy, Japan,
Russia, and the United States have agreed to work together to ensure suffi-cient numbers of trained personnel are properly equipped to fight high-techcrime, ensure criminals may be prosecuted where they have fled in the absenceof an extradition treaty, ensure important information on computer networksis preserved and tampering is prevented, ensure each country’s legal systemwill support investigation and prosecution of computer crime, promote effortswithin the computer industry to detect and prevent computer crime, and permitwitnesses to testify through the use of new technologies.
41. See Geist (1998), 551–4, summarizing various countries’ policy papers onregulating Internet. Although the EC’s 1991 Software Directive is aimed atharmonizing European copyright laws rather than computer security per se,
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
204 NOTES TO PP. 42–51
it does mandate that member states adopt prescribed penalties for softwarepiracy and procedures for seizing illegally copied software, which is a first steptoward addressing broader issues raised by computer crimes. See Council Direc-tive 91/250/EEC. The Legal Protection of Computer Programs. O.J. (L122) (14 May1991), 42; 44–6.
42. See Basiouni (1990), 20.43. See Soma et al. (1997), 343–5.44. See Charney and Alexander (1996), 949.45. See Perritt (1996), 51–4.46. For example, the United Kingdom’s computer misuse act provides for broad
jurisdiction over crimes that take place on computer networks in the UnitedKingdom. Computer Misuse Act, (1990), ch. 18, secs. 4–9 (England).
47. See, e.g., Ferdinand (1998), sec. A, p. 23; “Argentine Hacker . . . ” (1997), sec. B,p. 10.
48. Ibid.49. See Beatty (1998), 375.50. See USC, title 18, sec. 2703 (1994 & Supp. 1997).51. See, e.g., USC, title 18, sec. 3123 (1994).52. See Part III. A. The G-8 is made up of Canada, France, Germany, Italy, Japan,
Russia, the United Kingdom, and the United States.53. See Soma et al. (1997), 343–5.54. See Heymann (1997), 390.55. For example, at the FBI, data forensics (i.e., extracting information from com-
puters) is coordinated by the Computer Analysis and Response Team (CART),which is headquartered in Washington, DC, with trained agents in offices na-tionwide. Similarly, for computer intrusion cases, FBI efforts are coordinatedby the National Infrastructure Protection Center (NIPC). See National In-frastructure Protection Center web site (accessed 2003). On the prosecutionside, these efforts are coordinated in Washington, DC, by the Departmentof Justice’s Computer Crime and Intellectual Property Section (CCIPS) andthroughout the country by Assistant U.S. Attorneys designated as Computer-Telecommunications Coordinators (CTC). See U.S. Department of Justice,CCIPS Introduction (accessed 2003).
56. See Goodman (1997), 489.57. See Shackelford (1992), 503.58. See Aldrich (2000).
Chapter Three
1. Yellen and Kalamajka (2002), 1.2. See U.S. Department of Justice, CCIPS Introduction (accessed 2003), mention-
ing increasing concern over intellectual property crime as societal reliance onintellectual property grows.
3. See Welsh et al. (2001); “Corporate Raiding: Handling, Preventing and Litigat-ing. . . ”(2001); Reno (accessed 2001).
4. “India: Netspionage Coming of Age . . . ” (2001).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 51–55 205
5. Hulme (2002), 36.6. Ibid.7. See U.S. International Trade Commission (1988), 4-1, 4-2.8. Gilpin (1987), 112.9. The Clinton Administration established the National Economic Council to give
economic issues the same importance the National Security Council gives na-tional security. See Kober (1998).
10. Nelan (1993), 29.11. See Freeh statement (1996).12. See Schweizer (1996), 13.13. Intangible property “has no intrinsic and marketable value, but is merely the rep-
resentative or evidence of value, such as certificates of stock, bonds, promissorynotes, copyrights, and franchises.” Garner (1999).
14. See Heffernan testimony (1996), noting a survey that found that intangible assetsof U.S. manufacturing companies rose from 38% to 62% of market value from1982 to 1992.
15. See Toren (1994), 60–1.16. Fraumann (1997).17. See Freeh statement (1996).18. Sennott (1997b), sec. F, p. 2.19. Barth (1998), 34, quoting John Schiman, special agent of the FBI in Los
Angeles.20. Ibid.21. Ibid.22. Sepura (1998).23. Ibid.24. Ibid.25. McGugan (1995), 99.26. Fialka (1997), 18.27. Schweizer (1996).28. “Trade in Secrets” (1994).29. Schweizer (1996).30. Ibid.31. Moyer (1994), 182.32. Jackamo (1992), 945.33. Fialka (1997), 18.34. See Clarke (1998), 21. Clark relates Israel’s motivations for engaging in eco-
nomic espionage. However, these motivations are equally applicable to all na-tions, whether emerging or already successful.
35. Crock (1997), 17.36. See G.S. Rasmussen & Assoc., Inc. v. Kalitta Flying Serv., Inc., 958 F.2d 896, 900
(9th Cir. 1992).37. U.S. Congress, Senate Report No. 105-190 (1998), 10.38. Sepura (1998), 131.39. Jackamo (1992), 945.40. “Trade in Secrets” (1994).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
206 NOTES TO PP. 55–60
41. See Intermedics, Inc. v. Ventritex, Inc., 822 F. Supp. 634, 642–643 (N.D. Cal. 1993),discussing, in part, the “continuing tort theory” and whether the various jurisdic-tions view “the principal interest protected by . . . trade secret law as ‘property’or as ‘confidential relationships.’”
42. See Winkler (1997), xvi.43. See Pace (1995), 436.44. Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 487 (1974), holding that state
protection of trade secrets does not operate to frustrate the achievement of thecongressional objectives served by the patent laws.
45. American Society of Industrial Security (2000) (accessed 2003), 28.46. “Revictimization . . . ” (2001).47. U.S. Congress, Senate Report No. 104-359 (1996), 11.48. See Veltrop (1997), 6 (“The new ‘Cold War’ revolves around the battle for tech-
nology.”), noting the burgeoning use of computers and the Internet to facilitatethe theft and transmission of confidential databases and technology.
49. OECD, Computer Related Crime . . . (1986), 25.50. Yushkiavitshus (1996), 51.51. See Moyer (1994).52. Boadle (1994).53. Canadian Security Intelligence Service, “1996 Public Report, Economic Security”
(accessed 2003).54. Heffernan and Swartwood (1996), 4.55. Senate, S12213, 104th Cong., 2d sess., Cong. Rec. (2 October 1996), 142.56. See U.S. Congress, Senate Report No. 104-359 (1996), 8.57. Nelson, J. (1998), sec. A, p. 1.58. See U.S. Congress, House Report No. 104-788 (1996), 5–6.59. See Dreyfuss, R. (1996), 37, 39 (statement of Frank Dudley Berry, Deputy Dis-
trict Attorney in the High Technology Unit of the Santa Clara District Attorney’sOffice) (“It’s nonsense. . . . There isn’t any [economic espionage]. It doesn’texist.”).
60. See, e.g., Toren (1994), 62.61. “House Judiciary Panel Backs . . . ” (1996) ($24 billion); “Economic Espionage:
The Corporate Threat” (accessed 1996) ($260 billion).62. See “U.S. Losing High-Tech Secrets . . . ” (1997).63. Cillufo (2001).64. See U.S. Department of Justice, CCIPS Introduction (accessed 2003).65. Keithly and Ferris (2002).66. “The Enemy Within” (2002), 9.67. Ibid.68. Parra (2002), Business Monday, sec. F, p. 6.69. Hulme (2002), 36.70. Iwata (2003), Money section B, p. 1.71. Parra (2002), Business Monday, sec. F, p. 6.72. “Proprietary Information Theft . . . ” (2002).73. Schneier testimony (2003).74. Computer Security Institute. Issues and Trends: 1998 CSI-FBI Computer Crime and
Security Survey (1998).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 61–64 207
75. Honeynet Project (accessed 2004).76. “Annual Report to Congress on Foreign . . . ” (2001).77. See Schweizer (1993), 5.78. Yates (1993a), sec. C, p. 1.79. See Senate, testimony of Arlen Specter, S12201–03, 104th Cong., 2d sess., Cong.
Rec. (2 October 1996), 142.80. Norton-Taylor (1997).81. Fialka (1997), 18.82. See G.S. Rasmussen & Assoc., Inc. v. Kalitta Flying Ser., Inc., 958 F.2d 896, 900 (9th
Cir. 1992).83. See Intermedics, Inc., v. Ventritex, Inc., 822 F. Supp. 634, 642–643 (N.D. Cal. 1993),
discussing, in part, the “continuing tort theory” and whether the various jurisdic-tions view “the principal interest protected by . . . trade secret law as ‘property’or as ‘confidential relationships.’” For example, if company Z develops a curefor AIDS at a high cost, it must be allowed to profit significantly from that inno-vation to recoup its investment and encourage other firms to invest in findingcures for illnesses in the hope of achieving similar profits. However, if companyA, a competitor of company Z, finds a comparatively inexpensive way to steal theformula for the AIDS cure from company Z, and subsequently manufactures itsown AIDS cure for a fraction of the cost company Z incurred while sharing thehumanitarian credit and financial windfall, it is likely that company Z will nolonger invest in research and development because its return on investment willbe quite low.
84. See Winkler (1997). However, see Senate, statement of Arlen Specter, S12207–08, 104th Cong., 2d sess., Cong. Rec. (2 October 1996), 142, positing that theabsence of development costs can lead to reduced prices; Petersen (1998),sec. C, p. 1, reporting that competitor lured customers away by using lowerprices.
85. Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 487 (1974), holding that stateprotection of trade secrets does not operate to frustrate the achievement of thecongressional objectives served by the patent laws.
86. Shoichet (2002), 32.87. Ibid.88. For additional background on the motivation and legislative history of the act,
see Pooley et al. (1997).89. Heffernan and Swartwood (1996), 4, 15.90. Howard (2002).91. A sensitive technology is an unclassified subject/topic identified by the DOE
that involves information, activities, and/or technologies that are relevant tonational security. Disclosure of sensitive subjects has the potential for enhancingforeign nuclear weapons capabilities, divulging military critical technologies, orrevealing other advanced technologies.
92. See Senate, statement of Senator Specter, S12201, S12210, 104th Cong., 2d sess.,Cong. Rec. (2 October 1996), 142, incorporating Schweizer (1996).
93. Ibid.94. Brockett (2002), 17.95. Ibid.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
208 NOTES TO PP. 64–68
96. Ibid.97. “Pair from Cupertino. . . ” Department of Justice press release (Dec. 4, 2002).98. Ibid.99. Ibid.
100. See Mathiason and Juarez (1995), 188, 189; see California v. Eubanks, 927P.2d 310 (Cal. 1996), as modified and rehearing denied, 1997 Cal. Lexis1016 (software company paid for services of two computer experts to assistprosecutor).
101. Fraser v. Nationwide Mut. Ins. Co.,135 F.Supp.2d 623 (E.D. Pa. 2001).102. Ibid.103. Ibid.104. Carr et al. (2000), 172.105. See Morse (1997), 8.106. Carr et al. (2000), 172.107. Toren (1994), 62.108. See also Foley and Dash (1999), 9, discussing the high degree of employee
mobility in today’s society; Tyler (1997), FT Weekend, 1 (“The problem is theloyalty – or lack of it – of employees in a world of short contracts, rapid turnoverand big inducements.”).
109. “Revictimization . . . ” (2001).110. See Morse (1997), 8.111. Uniform Trade Secrets Act sec. 2(a) (amended 1985), ULA, Title 14, Secs. 433–467
(Supp. 1998). The Uniform Trade Secrets Act has been passed by forty statesand the District of Columbia.
112. “Cyber-Attacks, Information Theft. . . ” (2001).113. Carr et al. (2000), 173.114. Senate, S12213, 104th Cong., 2d sess., Cong. Rec. (2 October 1996), 142.115. Band et al. (1997), 1.116. “Revictimization . . . ” (2001).117. Rockwell Graphics Sys., Inc. v. Dev Indus., Inc., 91 F3d 914, 917 n.3 (7th Cir. 1996)
(citation omitted).118. Pooley et al. (1997), 195.119. “Revictimization . . . ” (2001).120. See Milgrim (1999), 1.05[5], summarizing the legality of such study with respect
to patents, copyrights, and trade secrets.121. See Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 476 (1974), defining reverse
engineering as “starting with the known product and working backward todivine the process which aided in its development or manufacture.”
122. See Brooktree Corp. v. Advanced Micro Devices, Inc., 977 F.2d 1555, 1570 (Fed.Cir. 1992), finding the accused infringer to have copied, rather than reverseengineered, the maskwork.
123. See, e.g., USC, title 17, sec. 906(a) (Supp. 1998), providing a defense to in-fringement of a protected maskwork where the reproduction was “solely forthe purpose of teaching, analyzing, or evaluating the concepts or techniquesembodied”; see also Atari Games Corp. v. Nintendo of America Inc., 975 F. 2d 832,845 Fed. Cir. 1992, finding that the replication of unnecessary instructions in
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 68–77 209
the resulting computer code was evidence of copying, not independent cre-ation resulting from reverse engineering.
124. See Brooktree Corp. v. Advanced Micro Devices, Inc., 977 F.2d 1555, 1567 (Fed. Cir.1992), reviewing the requirements for a reverse engineering defense.
125. Pooley et al. (1997), 179–87.126. Nelson, J. (1998), sec. A, p. 1.127. See U.S. Constitution, article I, sec. 8, cl. 8.128. Weisner and Cava (1988).129. See Seidel (1984), 2.03.130. See Marriot (1997), sec. B, p. 6.131. See Heed (1996), 210–11, stating that, between 1985 and 1994, reported in-
cidents of misappropriated trade secrets rose 260% and tripled from 1993 to1995.
132. See Lowry, S. (1988), noting that “trade secret litigation is burgeoning.”133. See Toren (1994), 60–1.134. See Bradsher (2000), sec. C, p. 1.135. See Harmon (2001a), sec. C, p. 2.136. See Harmon (2001b), sec. C, p. 4. Senate Report No. 105-190 (1998), 10.137. Brockett (2002), 17.138. Dilworth (accessed 2003).139. Yates (1993a), sec. C, p. 1.140. See Powell (1994).141. Winter (2002), sec. D, p. 1.142. Ibid.143. Ibid.144. Brockett (2002), 17.
Chapter Four
1. Porter (1980).2. Meyerowitz and Fryer (2002), p. 5, col. 4.3. “Shedding the Trench Coat” (2001), Features, p. 70.4. “Annual Report to Congress on Foreign . . . ” (1995). The 1996 report “noted
little new in the origin of the threat, collection targets, or methods used ineffecting economic collection and industrial espionage.” “Annual Report toCongress on Foreign . . . ” (1996).
5. Keithly and Ferris (2002).6. O’Hearn and Sozio (2001).7. Brockett (2002), 17.8. Meyerowitz and Fryer (2002), p. 5, col. 4.9. See Schweizer (1997b), sec. G, p. 5. The critical question is whether economic
espionage is within the definition of economic intelligence, and hence withinthe act.
10. Pasternak and Witkin (1996), 45.11. Meyerowitz and Fryer (2002), p. 5, col. 4.12. Ibid.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
210 NOTES TO PP. 78–82
13. Elliott (2002).14. See Toren (1994). Rather than copying documents manually, a thief can down-
load information onto a computer disk, which is then easily removed from anoffice. In his comments to the Senate Select Committee on Intelligence, FBI Di-rector Louis Freeh stated: “Where hackers formerly may have been motivated bythe technical challenge of breaking into a computer system, the motivation maybe shifting more toward hacking for profit. As more and more money is trans-ferred through computer systems, as more fee-based computer services are in-troduced, as more sensitive proprietary economic and commercial informationis exchanged electronically, and as the nation’s defense and intelligence commu-nities increasingly rely on commercially available information technology, thetendency toward information threats emerging as national security threats willincrease.” Current and Projected Nat’l Sec. Threats to the U.S.: Hearings . . . (1998), 35.
15. U.S. General Accounting Office (1996).16. “Annual Report to Congress on Foreign . . . ” (1995).17. See Mills (1997), sec. C, p. 1.18. Ryberg (1997), 44.19. Stone, B. (1997), 53.20. Ibid.21. Ibid.22. Barth (2001).23. Ibid.24. U.S. General Accounting Office (1996).25. Iwata (2003), Money section B, p. 1.26. Fialka (1997), 18.27. See Schweizer (1993), 5.28. “Annual Report to Congress on Foreign . . . ” (1995).29. Fialka (1997), 149–60, explaining how Chinese and Japanese students flood
American schools and corporations.30. “Annual Report to Congress on Foreign . . . ” (1995).31. Ibid.32. Barth (1998), 34, quoting John Schiman, special agent of the FBI in Los Angeles.33. See Schweizer (1993), 5.34. Yates (1993a), sec. C, p. 1.35. Canadian Security Intelligence Service, “1996 Public Report, Economic Security”
(accessed 2003).36. See “Annual Report to Congress on Foreign . . . ” (1995); “Annual Report to
Congress on Foreign . . . ” (1996).37. Yates (1993a), sec. C, p. 1.38. Barth (1998), 34, quoting John Schiman, special agent of the FBI in Los Angeles.39. “Annual Report to Congress on Foreign . . . ” (1995).40. See Robbins (1994), sec. C, p. 10.41. Murray (accessed 2003).42. See Murray (1998).43. See DeYoung (1996), 12.44. See Coile (1994), sec. D, p. 1.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 82–92 211
45. See Novell, Inc. v. Weird Stuff, Inc., No. C92-20467 JW/EAI, 1993 U.S. Dist. Lexis6674, at 5 (N.D. Cal. May 14, 1993).
46. Fialka (1997), 18.47. Boadle (1994).48. “Annual Report to Congress on Foreign . . . ” (2001).49. Ibid.50. Ibid.51. See Schweizer (1993), 5.52. “Annual Report to Congress on Foreign . . . ” (2001).53. Wheeler (2002), 26.54. Ibid.55. Ibid.56. Ibid.57. Ibid.58. “Annual Report to Congress on Foreign . . . ” (2001).59. See Lowry, T. (1998), sec. B, p. 1.60. Ibid.61. “Annual Report to Congress on Foreign . . . ” (2001).62. Ibid.63. Ibid.64. See Schweizer (1993), 5.65. See U.S. Congress, House Report No. 104-788 (1996), 4. “The United States
produces the vast majority of the intellectual property in the world.”66. See Schweizer (1993), 5.67. “Annual Report to Congress on Foreign . . . ” (2001).68. Ibid.69. Ibid.70. Katsh and Dierks (1995). For example, Canada, China, Germany, Italy, Japan,
Korea, Mexico, the United Kingdom, and the United States have adopted expressstatutory protection for trade secrets.
71. Seita (1997), 486.72. See Schweizer (1996), 13.73. Yates (1993a), sec. C, p. 1.74. “CIA: Israel Among . . . ” (1996).75. See Schweizer (1993), 5.76. McGugan (1995), 99.77. Ibid.78. Hobson (accessed 1998). The Futures Group is a competitive intelligence con-
sultant in the United States.79. “Annual Report to Congress on Foreign . . . ” (1995).80. Canadian Security Intelligence Service, “1996 Public Report, Economic Security”
(accessed 2003).81. Kober (1998), 10.82. Moyer (1994), 182.83. Moyer (1994), 182; Jackamo (1992), 945.84. Murray (accessed 2003).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
212 NOTES TO PP. 93–103
85. See Jopeck and Sawka (accessed 1996).86. See Freeh statement (1996); Fraumann (1997).87. Yates (1993a), sec. C, p. 1.88. See Freeh statement (1996); Fraumann (1997).89. Wheeler (2002), 26.90. Ibid.91. Ibid.92. Shoichet (2002), 32.
Chapter Five
1. Molander et al. (1998), 34.2. Clinton (1998).3. Toffler and Toffler (1980).4. Pethia testimony (2003).5. Ibid.6. Ibid.7. Ibid.8. Ibid.9. Ibid.
10. Ibid.11. Ibid.12. Reno keynote address (accessed 2003).13. Pethia testimony (2003).14. Ibid.15. See Olivenbaum (1997), 574–5, arguing that “the protean difficulty of defining
computer crime,” victims’ reluctance to report it, and dual system of prosecutionhave made statistical figures suspect.
16. See Charney and Alexander (1996), 934, stating that term “computer crime”eludes precise definition.
17. See Friedman and Bissinger (1996).18. A joint study of the Business Software Alliance (BSA) and the Software & Infor-
mation Industry Association (SIIA) estimated that the global software industrylost $11 billion to software piracy in 1998; the loss for 1997 was estimated tobe $11.4 billion. See 1998 Global Software Piracy Report (1999). A WarRoomResearch study showed that of 236 corporations studied, 58% reported sufferingcomputer break-ins in the previous year. See Friedman and Bissinger (1996). Ofthose 58%, 66% incurred damages exceeding $50,000 and 18% suffered lossesin excess of $1 million.
19. Sen (2000).20. “Air Force Websites . . . ” (1996), 32.21. Most computer hacking that causes injury is penalized under one or more federal
or state statues. See, e.g., USC, title 18, sec. 1030 (2000).22. See Dillon et al. (1998), 543.23. Swartz (1997), sec. A, p. 1 (statement of Daniel Geer, director of engineering
for Open Market in Cambridge, Massachussets).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 103–106 213
24. “Russians Arrest . . . ” (1995), sec. D, p. 5.25. Bowman (1996), 1943.26. Sen (2000).27. See Branscomb (1990), 24–6.28. Sen (2000).29. United States v. Morris, 928 F.2d 504 (2d Cir. 1991), cert. denied, 502 U.S. 817
(1991).30. Ibid.31. “Computer Whiz Guilty of Planting Rogue Virus,” Chicago Sun-Times, Jan. 23,
1990, at 3, available in 1990 WL 4381438.32. United States v. Morris, 928 F.2d 504 (2d Cir. 1991), cert. denied, 502 U.S. 817
(1991).33. Ibid.34. See, e.g., United States v. Morris, 928 F.2d 504 (2d Cir. 1991), cert. denied, 502
U.S. 817 (1991). Robert Morris was convicted under the CFAA, USC, title 18,sec. 1030(a)(5)(A) (2000), for releasing a worm that eventually caused 6,000computers to crash. However, Morris did not have a criminal mens rea whenhe released the program. He merely wanted to prove his ability to write a pro-gram capable of accessing as many computer systems as possible without destroy-ing, damaging, or copying any data contained therein. He actually attemptedto warn potential victims about his program when he realized it was out ofcontrol.
35. See Costantini (1996).36. See Zuckerman (1996), sec. B, p. 4.37. See Sieber (1993), 69–70.38. Taiwan and South Korea have indicted companies for illegally copying software
for internal use. See Business Software Alliance (1991), BSA World-wide Report1990–1991. In Great Britain, software piracy carries prison terms up to 2 years.See Business Software Alliance, United Kingdom: Software Piracy and the Law. Simi-lar French laws also provide for restitution, doubled penalties for repeat offend-ers, and court-ordered business closings. See Business Software Alliance, France:Software Piracy and the Law. Singapore provides for up to five years’ imprisonmentfor illegally copying software. See Business Software Alliance, Singapore: SoftwarePiracy and the Law. See generally, the Intellectual Property Crimes section in thisReport.
39. See Park (1990), 433–4.40. Charney and Alexander (1996), 934.41. Sieber (1986).42. “United Nations Manual on Prevention . . . ” (accessed 2003), citing Carroll
(1996).43. Barton (1995), 469–76, citing definitional problems arising from application of
old statutes criminalizing communications to computer transmissions.44. Adams, J. (1996), 408, cited in Parker, D.B. (1989), 2.45. See Dillon et al. (1998), 543.46. Goodman (2001).47. See, e.g., Knoll (1996).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
214 NOTES TO PP. 106–111
48. The OECD is comprised of twenty-nine countries: Australia, Austria, Belgium,Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece,Hungary, Iceland, Ireland, Italy, Japan, Luxembourg, Mexico, The Nether-lands, New Zealand, Norway, Poland, Portugal, South Korea, Spain, Sweden,Switzerland, Turkey, the United Kingdom, and the United States. Although theOECD does not have legal powers, its guidelines, reports, and publications canhave a major policy impact on policy making for both member and non membercountries. The OECD’s Internet address is http://www.oecd.org.
49. “United Nations Manual on Prevention . . . ” (accessed 2003), citing Carroll(1996).
50. The British Misuse Act takes an approach simpler than either of those proposedby the international bodies, choosing to group all computer crimes under threebroad offenses: unauthorized access, unauthorized access with further crimi-nal intent, and intentional unauthorized modification. Computer Misuse Act(1990).
51. See Soma et al. (1997), 359–60, listing actions called for by United Nation’sresolution on computer-related crimes.
52. “Proprietary Information Theft . . . ” (2002).53. U.S. Department of Justice, CCIPS Introduction (accessed 2003).54. The Computer Emergency and Response Team Coordination Center
(CERT/CC) was formed by the Defense Advanced Research Projects Agency(DARPA), part of the U.S. Department of Defense, in November 1988 to workwith the Internet community in detecting and resolving computer security inci-dents as well as taking steps to prevent future incidents. CERT/CC is now part ofthe Survivable Systems Initiative at the Software Engineering Institute, a feder-ally funded research and development center at Carnegie Mellon University. SeeCarnegie Mellon Software Engineering Institute, CERT Coordination Center.
55. CERT Coordination Center 1998 Annual Report.56. Ibid.57. See Vistica (2000), 48, noting that attacks on computer systems has concerned
federal officials who fear penetration of U.S. computers by foreign countries.58. See Persico (1999), 155–6.59. See Shackelford (1992), 494, describing globalization of access to computer
systems.60. See Lange (1996), estimating that $800 million was lost by banks and other cor-
porations because of attacks on their computer systems, such as one perpetratedby Russian programmer Vladimir Levin, who tampered with Citibank’s com-puter system by transferring $10,000,000 to various bank accounts around theworld.
61. See, generally, Solomon (1995), 645, reporting on use of new computer technol-ogy as effective and dangerous mechanism exploited by international criminals.
62. See Nobel (1999), 48–52.63. Ibid.64. See Reno statement (accessed 2003).65. “Cyber-Attacks, Information Theft . . . ”(2001).66. Computer Security Institute. CSI-FBI Computer Crime Security Survey (2003).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 111–118 215
67. Sen (2000).68. For a description of various Denial of Service (DoS) attacks, see http://
searchsecurity.techtarget.com/sDefinition/O,,sid14 gci557336,00.html.69. See CERT Coordination Center, “Trends in Denial . . . ” (2001).70. Hulme (2002), 36.71. See Denial of Service (DoS) attack, PC Webopedia Definition and Links.72. See Dungan (accessed 2003).73. See Husman (accessed 2003).74. See CERT Coordination Center Research, “Denial-of-Service Incidents” (ac-
cessed 2003).75. Center for Strategic and International Studies (1998) (accessed 2003).76. Goodman (2001).77. Ibid.78. Ibid.79. Ibid.80. Ibid.81. Ibid.82. Ibid.83. Welch (2002), sec. C, p. 3.84. See Reno statement (accessed 2003).85. See FBI Press Room – “Congressional Statement for the Record of Charles L.
Owens. . . ” (accessed 1997).86. See Reno statement (accessed 2003).87. Ibid.88. Ibid.89. See Hatcher et al. (1999), 420–1.90. See Tillett (accessed 2003).91. See Piller (2000), sec. A, p. 1, providing an overview of the state of cybercrime
and associated concerns.92. See Rovella (2000), sec. A, p. 1, noting that one such position exists in each of
the nation’s ninety-three U.S. Attorney’s Offices.93. See Markey and Boyle (1999), 23, stating that the CFAA was enacted to help
stop computer abuse and has had many revisions in order to achieve semifunc-tioning.
94. See Vistica (2000), 48, noting that attacks on computer systems has concernedfederal officials who fear penetration of U.S. computers by foreign countries.
95. See, generally, Cilluffo et al. (1999), 130, 140, providing illustrative examplesof how vulnerable computer systems can become.
96. Welch (2002), sec. C, p. 3.97. See Barbaro (2002), sec. E, p. 5.98. To learn more about the CSI (a San Francisco-based international association
of computer security professionals) or its survey, visit the CSI web site.99. See CSI, “Cybercrime . . . ” (accessed 2002).
100. Ibid. The respondents who were capable of quantifying their losses said theylost close to $115.8 million due to financial fraud and $170.8 million from thetheft of proprietary information.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
216 NOTES TO PP. 118–125
101. Simmonsen (2002), sec. A, p. 1.102. Hulme (2002), 36.103. Nadlemann (1993), 1.104. Harris memorandum (1998).105. See Ford (2000), 1.106. See Behar (1997), 56, 66.107. See Nash (1993), 2, noting that the case actually involved prosecution against
two individuals, former Borland International Vice President Eugene Wangand Symantec CEO Gordon Eubanks.
108. See Behar (1997), 56, 66.109. See “Reno Opposes . . . ” (1999), noting, alternatively, the FBI proposes that
companies provide the FBI with a “key” to unlock the code.110. See O’Harrow (2000), sec. E, p. 1, recognizing former computer hacker Kevin
Poulsen as editorial director of a web site called SecurityFocus.com.111. See Olivenbaum (1997), 577–8, discussing federal legislation and the need to
consider new alternatives.112. Ibid.113. See James (2001), sec. C, p. 1, reporting consumer class action brought against
online companies for failing to secure consumers’ credit card data adequately;“Nike Sued . . . ” (2001), reporting threatened suit against Nike for loss of busi-ness resulting from Nike’s alleged failure to secure computers.
114. Latham (1979).115. Commons (1924); Friedman (1978), 300–6.116. Barnouw (1966).117. Edelman (1979).118. “Cyber-Attacks, Information Theft . . . ”(2001).119. See, e.g., Soma et al (1996), 226–30, positing that twenty-three different U.S.
Code sections criminalize certain conduct involving computers and informa-tion networks.
120. USC, title 18, sec. 1030 (2000).121. See Markey and Boyle (1999), 23, stating that the CFAA was enacted to help
stop computer abuse and has had many revisions in order to achieve semifunc-tioning.
122. USC, title 18, sec. 1030(a) (2000).123. USC, title 18, sec. 1030(a)(5)(A) (2000).124. USC, title 18, sec. 1030(g) (2000).125. USC, title 17, sec. 506 (1994).126. See Schwartau (1994), 308–10, describing how a concerted attack against crit-
ical financial and communication networks could result in widespread panicand lead to a situation resembling anarchy.
Chapter Six
1. Peabody v. Norfolk, 98 Mass. 452, 457 (Mass. 1868).2. See Act of 4 March 1909, U.S. Statutes at Large 35 (1909), 1082.3. See Public Law No. 97-180, U.S. Statutes at Large 96 (1982), 92.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 125–128 217
4. See Public Law No. 102-561, U.S. Statutes at Large 105 (1992), 4233.5. See Public Law No. 103-325, U.S. Statutes at Large 108 (1994), 2111.6. See Public Law No. 104-253, U.S. Statutes at Large 110 (1996), 1386.7. See Net Act (16 December 1997).8. See USCA, title 18, sec. 2319(b)(1) (West Supp. 1998).9. See Economic Espionage Act of 1996 (codified at USC, title 18, secs. 1831–1839
[Supp. II 1996]).10. Senate, statement of Senator Specter, S12207–08, 104th Cong., 2d sess., Cong.
Rec. (2 October 1996), 142.11. Paris Convention (1883).12. Paris Convention (1883), reprinted in Leaffer (1997), 20–43.13. Dreyfuss, R. C. (2001), 423.14. Paris Convention (1883).15. International Treaties on Intellectual Property 561 (Marshall A. Leaffer ed., BNA Inc.
2d ed. 1997).16. Convention Establishing the World Intellectual Property Organization, July 14,
1967, 21 U.S.T. 1749, 829 U.N.T.S. 3 [hereinafter WIPO Convention}, Availableat: http://www/wipo.org/members/convention/conl.html (last visited Oct. 14,2001).
17. Agreement on Trade-Related Aspects of Intellectual Property Rights (1994), 81.18. Katsh and Dierks (1995). For example, Canada, China, Germany, Italy, Japan,
Korea, Mexico, the United Kingdom, and the United States have adopted expressstatutory protection for trade secrets.
19. GATT (1993).20. Combeau (1996), 58.21. GATT (1993).22. “North American Free Trade Agreement (NAFTA),” (1992), 612, approved by
Congress on 8 December 1993, USC, title 19, sec. 3311(a) (2000).23. Restatement of Torts, sec. 757 cmt. b (1939).24. General Assembly Resolution 1236 (1957).25. General Assembly Resolution 2131 (1965).26. Palmer (1999), Business section, 16.27. Convention on Combating Bribery of Foreign Public Officials in International
Business Transactions (accessed 2003).28. The OECD is a Paris-based multilateral organization founded in 1960 with an an-
nual budget of approximately $200 million. It consists of thirty member countriesthat together produce two-thirds of the world’s goods and services and includesthe home countries of almost all large multinational enterprises. OECD, “AboutOECD” (accessed 2003).
29. “1998 OECD Convention . . . ” (2000).30. Hansen (1998), 1–1.31. “Treaty Establishing the European Economic Community” (1957).32. Waterschoot (1998), 2-1.33. “Treaty Establishing the European Economic Community” (1957).34. See Simensky et al. (1999), 25.10.35. The Treaty provisions have been renumbered. Article 81(3) was formerly 85(3).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
218 NOTES TO PP. 128–134
36. “Commission Regulation No. 2658/2000 . . . ” (accessed 2003).37. “Commission Regulation No. 566/89 . . . ” (1989), 1.38. “Commission Regulation No. 240/96 . . . ” (1996), 2.39. Aoki (1998), 22–23.40. Blair (2000), sec. B, p. 7.41. See, e.g., American Bar Association, “Section of Intellectual Property Law” (ac-
cessed 2003), listing upcoming intellectual property protection seminars.42. The “rust belt” is the “economic region in the NE quadrant of the United States,
focused on the Midwestern . . . states of Illinois, Indiana, Michigan, and Ohio,as well as Pennsylvania.” Encyclopedia.com (accessed 2003) (on file with theConnecticut Law Review).
43. Economic Espionage Act of 1996, USC, title 18, secs. 1831, 1832 (1997).44. Howard (2002).45. U.S. Congress, House Report No. 104-788 (1996), 5, reprinted in 1996
U.S.C.C.A.N. 4021, 4024.46. See Simon (1998).47. Tucker D. S. (1997), 1110. This intrusion can be attributed to intelligence re-
sources that were once used to secure military technologies now becoming avail-able.
48. Pooley et al. (1997), 179.49. USC, title title 18, sec. 1905 (1994 & Supp. IV 1998).50. See Mossinghoff et al. (1997), 196.51. See U.S. Congress, House Report No. 104-788 (1996), 12–13.52. See U.S. Congress, Senate Report No. 104-359 (1996), 6.53. See generally, Kerr (1997), 27–8, discussing lengthy discovery processes and
low-priority docket scheduling for noncriminal cases.54. Freeh statement (1996); see also Loeb (1998), sec. A, p. 1, reporting that the
CIA is recruiting candidates with technical skills to strengthen its espionage.55. See Cundiff (1997), 9, 22.56. See Economic Espionage Act of 1996.57. United States v. Hanco*ck, Crim. No. CR88–319A (N.D. Ga. 1988) (prosecuted by
Kent Alexander).58. United States v. Huang Dao-Pei, Crim No. 2:98m04090 (D.N.J. 1998).59. National Stolen Property Act (1940).60. Howard (2002).61. See U.S. Congress, House Report No. 104-788 (1996), 7, reprinted in 1996
U.S.C.C.A.N. 4021, 4025–26.62. Ibid.63. Howard (2002).64. Ibid.65. See generally, Kerr (1997), 27–8, discussing lengthy discovery processes and
low-priority docket scheduling for noncriminal cases.66. Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 489–490 (1974).67. Available at: <http:www.nsi.org/Library/Espionage/usta.html>.68. Slind-Flor (1997), sec. A, p. 11.69. “Reviewing . . . ” (2002), 1.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 134–137 219
70. Rush et al. (2000), 21.71. Chatterjee (1996), 856.72. See Restatement of Torts, sec. 757 (1939).73. “What Purchasing Managers . . . ” (2001).74. Ibid.75. Ibid.76. Restatement (Third) of Unfair Competition sec. 39 (1995).77. Ibid.78. “What Purchasing Managers . . . ” (2001).79. Ibid.80. Ibid.81. Ibid.82. Carr et al. (2000), 172.83. USC, title 18, sec. 1839(3)(B) (Supp. V 1999).84. See Fraumann and Koletar (1999), 64.85. “Revictimization . . . ” (2001).86. Toren (1994).87. Arkin (1996), 3.88. See USC, title 35, secs. 100–105 (Supp. 1998), outlining the requirements for
patenting an “invention.”89. USC, title 35, sec. 102 (1994), detailing the “novelty” requirement for
patentability.90. See USC, title 35, sec. 103 (Supp. 1998), detailing the “non-obvious subject
matter” requirement for patentability.91. See USC, title 35, sec. 115 (Supp. 1998), requiring the inventor to submit an
oath stating that he believes himself to be the first inventor.92. USC, title 35, sec. 102(b) (1994), denying patentability if an invention is
patented, described in a printed publication, publicly use, or placed on salemore than 1 year prior to the date of the application.
93. Chisum (2000), OV[1].94. USC, title 35, sec. 284 (1998), providing for damages not less than a reasonable
royalty, including interest and costs.95. Amstar Corp. v. Envirotech Corp., 730 F 2d 1476, 1481–82 (Fed. Cir. 1984), explain-
ing that patent infringement is determined by comparing the accused productand the patent claims, not by comparing the accused and patented products.
96. Chisum (2000), OV[1].97. See Epstein (1995), 1.03, 1–28.98. See Pace (1995), 436.99. See U.S. Congress, Senate Report No. 104-359 (1996), 11.
100. See Pace (1995), 446–447; Lao (1998), 1671–4.101. See Waller and Byme (1993), 7–8, noting that the United States has made
the enforcement a top priority, often conditioning trade concessions on theenforcement of IPRs by recipient nations.
102. See Samuels and Johnson (1990), 49–51.103. Uniform Trade Secrets Act, sec. 1, ULA, title 14, sec. 438 (1990). The UTSA defines
misappropriation as: (i) acquisition by improper means; or (ii) disclosure or
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
220 NOTES TO PP. 137–141
use of a trade secret of another without express or implied consent by a personwho (A) used improper means to acquire knowledge of the trade secret; or (B)at the time of disclosure or use, knew or had reasons to know that his knowledgeof the trade secret was (I) derived from or through a person who had utilizedimproper means to acquire it; (II) acquired under circ*mstances giving rise toa duty to maintain its secrecy or limits its use; or (III) derived from or througha person who owed a duty to the person seeking relief to maintain its secrecyor limits it use; or (C) before a material change of his [or her] position, knewor had reason to know that it was a trade secret and that knowledge of it hadbeen acquired by accident or mistake.
104. See Augustini (1994), 475.105. See Freeh statement (1996); Loeb (1998), sec. A, p. 1, reporting that the CIA
is recruiting candidates with technical skills to strength its espionage.106. “What Purchasing Managers . . . ” (2001).107. Ibid.108. Ibid.109. See Pooley et al. (1997), 200.110. “Revictimization . . . ” (2001).111. Howard (2002).112. See USCA, title 18, sec. 1832(a) (2000).113. See Pooley et al. (1997), 200.114. Carr et al. (2000).115. See U.S. Congress, House Report No. 107-788 (1996), 7.116. For more detailed discussion of how a company might satisfy this “reasonable
measures” hurdle, see Carr et al. (2000).117. See Senate, S12213, 104th Cong., 2d sess., Cong. Rec. (2 October 1996), 142.118. Ibid.119. Ibid.120. “Revictimization . . . ” (2001).121. Carr et al. (2000).122. 18 U.S.C. §1837(2).123. Carr et al. (2000).124. USC, title 18, sec. 1837(1) (2000).125. Pooley et al. (1997), 204.126. “Revictimization . . . ” (2001).127. Toren (1996), 648. As one commentator summarized the problem: An em-
ployee can download trade secret information from a company’s computer toa diskette, transfer the information to the hard drive of a home computer,and then upload it to the Internet, where it can be transmitted worldwidewithin minutes. . . . Within days, a U.S. company can lose complete control overits trade secrets forever. Halligan (1996), sec. B, p. 6; see also U.S. Congress,Senate Report No. 104-359 (1996), 20, available in 1996 WL 497065.
128. USC, title 18, sec. 1837 (1998).129. See Hodkowski (1997), 222.130. See U.S. Congress, House Report No. 104-788 (1996), 5–7, reprinted in 1996
U.S.C.C.A.N. 4021, 4023–26.131. See Crock and Moore (1997), 76, 77–8.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 141–168 221
132. Case No. 97-CR-288 (N.D. Ohio); see United States V. Yang, No. 1:97 CR 288,1999 WL 1051714 (N.D. Ohio, Nov. 17, 1999), denying the defendants’ motionfor a new trial or reconsideration of their motion for a mistrial.
133. United States v. Pin Yen Yang, Criminal No. 1:97MG0109 (N.D. Ohio 1997).134. See Starkman (1997), sec. B, p. 1, 4.135. See Arevalo et al. (1999).136. See FBI Press Release (accessed 1999).137. See “Business Watch Legal” (1997), sec. D, p. 3.138. See “Spies Step Up Attacks . . . ” (1998), 60.139. See “Ex-Kodak Employee Sentenced” (1997), sec B, p. 2, pt. A.140. U.S. Department of Justice Press Release (1997a, 1997b).141. Nelson, E., et al. (1996), sec. A, p. 1.142. Ibid.143. McMorris (1998), sec. B, p. 5.144. Halligan (accessed 2003), citing United States v. Kai-L Hsu, Criminal No. 97–323
(E.D. Pa. 1997).145. Rovella (1999), sec. B, p. 1.146. See United States v. Hsu, 982 F. Supp. 1022, 1022–23 (E.D. Pa. 1997).147. “EDPA Sentences . . . ” (1991), 7.148. Ibid.149. See also United States v. Kai-Lo Hsu, et al., 155 F.3d 189, 193 n.2 (1997).150. Halligan (accessed 2003), citing United States v. Worthington, Criminal No. 97–9
(W.D. Pa. 1996).151. See Schweizer (1997b), sec. A, p. 15.152. See Crock and Moore (1997), 76, 77–8.153. See United States v. Worthing, Crim. No. 97–9 (W.D. Pa., Crim. Complaint filed
Dec. 9, 1996).154. “Superseding Indictment . . . ” (2002).155. Ibid.156. Gertz (2002), sec. A, p. 1.157. Ibid.158. Ibid.159. “Veridian Targeted by Spy?” (2002).160. No. 02–20145-JW, indictment issued (N.D. Cal. Dec. 4, 2002).161. “Feds Charge Two . . . ” (2003), 5.162. Vrana (2003), 15.163. Ibid.164. See Carr et al. (2000).165. “Revictimization . . . ” (2001).166. See Sennott (1997b).167. See also Hosteny (1998).168. The Four Pilliars, Indexx Labs, and RAPCO cases.169. Seltzer and Burns (1999).170. E.g., the Worthing, Gillette, Deloite & Touche, and Vactec cases.171. See, e.g., Schweizer (1997), sec. A, p. 15.172. See Horowitz (1998).173. See Senate, S12207–08, 104th Cong., 2d sess., Cong. Rec. (2 October 1996), 142.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
222 NOTES TO PP. 170–179
Chapter Seven
1. Gallagher statement (accessed 2003).2. See Perry (1995).3. Brandes et al. (2000), 659.4. The U.S. Constitution grants Congress the power to “promote the Progress of
Science and Useful Arts, by securing for limited times to Authors and Inventorsthe exclusive right to their respective writings and discoveries.” U.S. Const. art.I, sec. 8, cl. 8.
5. See U.S. Const. art. I, sec. 8, cl. 8.6. Holder (accessed 1999).7. Ibid.8. See Augustini (1995), 476–81, discussing Allied espionage against American
business.9. Schmetzer (1995), 3.
10. See Augustini (1995), 476–81, discussing Allied espionage against Americanbusiness.
11. Vaknin (2002a).12. Mueller statement (1996).13. Ibid.14. Edsall (2002), sec. E, p. 10.15. Ibid.16. Ibid.17. Ibid.18. Pooley et al. (1997), 196–7.19. USC, title 8, sec. 1839(3)(A) (2000).20. See USC, title 18, sec. 1832 (a)(1)–(3) (1998), specifying acts taken “without
authorization.”21. Flaming (1993), 287.22. Hohfeld (1913), 21–3.23. See Feinberg (1984), 218–21.24. See Dreyfuss, R. C. (1998).25. See Goodin (1996).26. Ros-Lehtinen hearing (2000).27. Moyer (1994), 182.28. Seita (1997), 486.29. Moyer (1994), 182.30. See Kanuck (1996), 276, quoting UN Charter, art. II, para. 4.31. Halligan (accessed 2003), not citing the specific NAFTA provisions.32. “Annual Report to Congress on Foreign . . . ” (1995).33. Moyer (1994), 182.34. “Annual Report to Congress on Foreign . . . ” (1995).35. Fialka (1997), 18.36. “Japan Changes . . . ” (2002).37. “Govt Aims to Fight Industrial Espionage” (2002), 22.38. Rothstein et al. (1999), 642–70.39. Coffee (1988), 139.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
NOTES TO PP. 179–183 223
40. Shapiro (1995), 224.41. Shiva (2001).42. Sohmen (1999), 870.43. Clark (1997).44. Posner (1985).45. Ibid.46. Drahos and Braithwaite (2002).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828end CB764-Nasheri-v1 February 17, 2005 10:6
224
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
References
“Across the Nation.” Seattle Times, 21 August 2002.Adams, James. The Next World War: Computers Are the Weapons and the Front Line is
Everywhere. New York: Simon and Schuster, 1998.Adams, Jo-Ann M. “Comment, Controlling Cyberspace: Applying the Computer
Fraud and Abuse Act to the Internet.” Santa Clara Computer and High Tech-nology Law Journal, vol. 12 (1996). Cited in National Institute of Justice,U.S. Department of Justice, Computer Crime: Criminal Justice Resource Man-ual. Washington, DC: GPO, 1989.
Agre, Philip E. “Your Face Is Not a Bar Code: Arguments Against Automatic FaceRecognition in Public Places.” 9 September 2001. Accessed 9 September2003. Available at: <http://dlis.gseis.ucla.edu/people/pagre/bar-code.html>.
Agreement on Trade-Related Aspects of Intellectual Property Rights, 15 April,1994. “Marrakesh Agreement Establishing the World Trade Organization.”Annex 1C, Legal Instruments – Results of the Uruguay Round, vol. 31, Inter-national Legal Materials, vol. 33 (1994) [TRIPS Agreement]. Reprinted inInternational Treaties on Intellectual Property, edited by Marshall Leaffer. Wash-ington, DC: BNA Books, 1997.
“Air Force Websites Shut as Hackers Gain Access, Change Files.” Wall Street Jour-nal, 31 December 1996.
Akdeniz, Yaman, Clive Walker, and David Wall. The Internet, Law and Society.Harlow: Longman, 2000.
Aldrich, Richard W. “Cyberterrorism and Computer Crimes: Issues Surroundingthe Establishment of an International Legal Regime.” INSS Occasional Paper32, Information Operation Series (April 2000). USAF Institute for NationalSecurity Studies, USAF Academy, Colorado Springs, Colorado.
“How Do You Know You Are at War in the Information Age?” Houston Journalof International Law, vol. 22 (fall 1999).
Allen, Mary. “Secret Trader Gets Weekends in Jail.” News Journal (Delaware), 5February 2003.
225
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
226 REFERENCES
Alster, Norm. “The Valley of the Spies.” Forbes, 26 October 1992.American Bar Association. Section of Intellectual Property Law. American Bar
Association Homepage. Accessed 4 July 2003. Available at: <http://www.abanet.org/intelprop/home.html>.
“American Chemistry Council Statement on EPA Computer Security.” U.S.Newswire, 11 August 2000.
American Society of Industrial Security & Pricewaterhouse Coopers. “Trends inProprietary Information Loss Survey Report 1999.” Accessed 4 July 2003.Available at: <http://www.pwcglobal.com/extweb/ncsurvres.nsf/(ViewA-gentBy KeyDisplay)/all all us eng>.
“Trends in Proprietary Information Loss Survey Report 2000.” Ac-cessed 4 July 2003. Available at: <http://www.pwcglobal.com/extweb/ncsurvres.nsf/(ViewAgentByKey Display)/all all us eng>.
Amstar Corp. v. Envirotech Corp., 730 F 2d 1476, 1481-82 (Fed. Cir. 1984).“Annual Report to Congress on Foreign Economic Collection and Industrial
Espionage.” 1995. Accessed 3 July 2003. Available at: <http://www. fas.org/sgp/othergov/indust.html>.
1996. Accessed 3 July 2003. Available at: <http://www.apg.army. mil/tenants/902dmi/ARTICLES/Fy96rpt.htm>.
1998. Pacific Northwest National Laboratory.2001. Office of the National Counterintelligence. Accessed 20 July 2003. Avail-
able at: <http://www.ncix.gov/pubs/reports/fy01.htm>.Anthes, Gary H. “Target: Electronic Spies Beefing Up Corporate Computer
Security Alert Program.” Computer World, 28 October 1996.Aoki, Keith. “Neocolonialism, Anticommons, Property and BioPiracy in the
(Not-so-Brave) New World Order of International Intellectual Property Pro-tection.” Indiana Journal of Global Legal Studies, vol. 6 (1998).
Arevalo, Penny, Steve Andersen, and Bruce Rubenstein. “Circuit by Circuit.”Corporate Legal Times, July 1999. Available in Lexis-Nexis (Legal News).
“Argentine Hacker Who Invaded Pentagon Enters Guilty Plea.” Wall St. J., 8December 1997.
Arkin, Stanley S. “When Theft of an Idea Can Be a Crime.” New York Law Journal,11 April 1996.
Arquilla, John, and David Ronfeldt. The Advent of Net War. Santa Monica, CA:RAND, 1996.
Asbrand, Deborah. “Who’s Holding the Bag for the Hackers?” The Standard:Intelligence for the Internet Economy. Accessed 4 July 2003. Available at:<http://www.thestandard.com/article/0,1902,10840,00.html>.
Association for Computing Machinery. “Denial of Service.” University of Illinois,Urbana-Champaign. Accessed 5 July 2003. Available at: <http://www.acm.uiuc.edu/workshops/security/deny.html>.
Atari Games Corp. v. Nintendo of America Inc., 975 F. 2d 832, 845(Fed. Cir.1992).
Augustini, Jeff. “Note, From Goldfinger to Butterfinger: The Legal and PolicyIssues Surrounding Proposals to Use the CIA for Economic Espionage.”Law and Policy in International Business, vol. 26 (winter 1995).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 227
Band, Jonathan, et al. “The Economic Espionage Act: Its Application in YearOne.” Corporate Counsel, November 1997.
Barbaro, Michael. “Internet Attacks on Companies up 28 Percent, Report Says.”Washington Post, 8 July 2002.
Barkley, John. “Denial of Service.” Accessed 5 July 2003. Available at: <http://csrc.nist.gov/publications/nistpubs/800-7/node117.html>.
Barnouw, Erik. A History of Broadcasting in the United States, A Tower in Babel. NewYork: Oxford University Press, 1966.
Barth, Steve. “Protecting the Knowledge Enterprise; Knowledge ManagementTechniques and Theory.” Knowledge Management 4 (1 March 2001).
“Spy vs. Spy.” World Trade, 1 August 1998.Barton, Gene. “Taking a Byte out of Crime: E-Mail Harassment and the Inefficacy
of Existing Law.” Washington Law Review, vol. 70 (1995).Basiouni, Mammoud Cherif. “Effective National and International Action
Against Organized Crime and Terrorist Criminal Activities.” Emory Inter-national Law Review, vol. 4 (1990).
Bass, Kenneth C., III. “Relevant Intelligence in the Post-Cold War World.” Ac-cessed 13 January 1997. Available at: <http://199.34.61.2/govern/ fulltext.html>.
Beatty, Donna L. “Comment, Malaysia’s ‘Computer Crimes Act 1997’ Gets Toughon Cybercrime but Fails to Advance the Development of Cyberlaws.” PacificRim Law and Policy Journal, vol. 7 (1998).
Beck, Matthew E., and Matthew E. O’Brien. “Corporate Criminal Liability.” Amer-ican Criminal Law Review, vol. 36 (2000).
Behar, Richard. “Who’s Reading Your E-mail?” Fortune, 3 February 1997.Bennett, Johanna, and Beth Mantz. “Amgen’s Patent Infringement Trail Draws
Rivals’ Lawyers in Search of Data.” Wall St. J., 26 June 2000.Bentham, Jeremy. “Principles of Penal Law, Part II: Rationale of Punishment.”
In The Works of Jeremy Bentham, vol. 1, edited by John Bowring. Edinburgh:William Tait, 1843.
Bergier, Jacques. Secret Armies: The Growth of Corporate and Industrial Espionage.Translated by Harol J. Salemson. Indianapolis: Bobbs-Merrill Co., Inc.,1975.
Berthelsen, John. “Friendly Spies.” Far Eastern Economic Review, 17 February 1994.Bick, Jonathan D. “Why Should the Internet Be Any Different.” Pace Law Review,
vol. 19 (1998).Blair, Margaret M. “New Ways Needed to Assess New Economy.” L.A. Times, 13
November 2000. Lexis News Library, Lat File.Blake, Harlan M. “Employee Agreements Not to Compete.” Harvard Law Review,
vol. 73 (1960).Bluestein, Paul. “France, Israel Alleged to Spy on U.S. Firms.” Washington Post,
16 August 1996.Boadle, Anthony. “Canada Spy-Catcher Says High-Tech Firms Targeted.” The
Reuter European Business Report, 13 April 1994.Boren, David L. “The Winds of Change at the CIA.” Yale Law Journal, vol. 101
(1992).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
228 REFERENCES
Borrus, Amy. “Why Pinstripes Don’t Suit the Cloak-and-Dagger Crowd.” BusinessWeek, 17 May 1993.
Bowman, M.E. “International Security in the Post-Cold War Era: Can In-ternational Law Truly Effect Global Political and Economic Stability? IsInternational Law Ready for the Information Age?” Fordham InternationalLaw Journal, vol. 19 (1996).
Bradsher, Keith. “Former G.M. Executive Indicted on Charges of Taking Se-crets.” N.Y. Times, 23 May 2000.
Brandes, Ronnie Heather, et al. “Intellectual Property Crimes.” American Crimi-nal Law Review, vol. 37 (2000).
Branscomb, Anne W. “Rogue Computer Programs and Computer Rogues: Tai-loring the Punishment to Fit the Crime.” Rutgers Computer and TechnologyLaw Journal, vol. 16 (1990).
Brendel, Neal, and Lucas Paglia. “The Economic Espionage Act.” PennsylvaniaLaw Weekly, 7 July 1997.
Bridis, Ted, et al. “How Piles of Trash Became Latest Focus in Bitter SoftwareFeud.” Wall St. J., 10 July 2000.
Brockett, Daniel L. “Companies Need to Keep Sharp Eye on Trade Secrets.”Crain’s Cleveland Business, 15 July 2002.
Brooktree Corp. v. Advanced Micro Devices, Inc., 977 F.2d 1555, 1570 (Fed. Cir.1992).
Buckley, Neil, and Robert Graham. “Europe: MEP’s to Vote on Probe of US-UK“Spying’ Satellite.” Financial Times (London), 5 July 2000.
Burchette, Lloyd M., Jr. “Economic Espionage is a Big Threat to National Secu-rity.” Greensboro News & Record (North Carolina), 6 March 1994.
Burton, Mark. “Problems and Alternatives: Government Spying for Com-mercial Gain.” Accessed 2002. Available at: <http://www.odci.gov/csi/studies/unclass1994.pdf>.
Business Software Alliance. “1998 Global Software Piracy Report.” Accessed 4July 2003. Available at: <http://global.bsa.org/usa/press/newsreleases//1999-05-25.239.phtml>.
Business Software Alliance. 1998 Global Software Piracy Report. Washington,D.C.: International Planning and Research Corporation for the Busi-ness Software Alliance, May 1999. Business Software Alliance. SoftwarePiracy and the Law. Accessed July 2003. Available at: <http://global.bsa.org/usa/antipiracy/law/Piracy Law03.pdf>.
Business Software Alliance. Eighth Annual BSA Global Software PiracyStudy: Trends in Software Piracy, 1994–2002. June 2003. AccessedJuly 2003. Available at: http://www.bsa.org/globalstudy/loader.cfm?url=/commonspot/security/getfile.cfm &pageid=12927&hitboxdone=yes
BSA World-wide Report 1990–91. Washington, DC: BSA, United States, 1991.“Business Trends; Management.” Electronic Business, 1 January 2002.“Business Watch Legal.” Sun-Sentinel (Ft. Lauderdale), 14 November 1997.Campbell, Duncan. “Inside Echelon.” 25 July 2000. Accessed 2002. Available at:
<http://www.heise.de/tp/english/inhalt/te/6929/1.html>.Campbell, Duncan, and Paul Lashmar. “Revealed: 30 More Nations with Spying
Stations.” Independent (London), 9 July 2000.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 229
Canadian Security Intelligence Service. “1996 Public Report, Economic Secu-rity.” Accessed 7 July 2003. Available at: <http://www.csis-scrs.gc.ca/eng/publicrp/pub1996 e.html>.
Capaccio, Tony. “Report Highlights Espionage Threat from Israel, Allies.” De-fense Week, 26 February 1996.
Carey, Pete. “Software Engineer Charged in Theft of Pentium Plans from Intel.”Seattle Times, 24 September 1995.
Carnegie Endowment for International Peace. Website. Accessed 15 September2003. Available at: <http://www.ceip.org/>.
Carr, Chris, et al. “The Economic Espionage Act: Bear Trap or Mousetrap?”Texas Intellectual Property Law Journal, vol. 8 (winter 2000).
Carroll, John. Computer Security. 3rd ed. St. Louis, MO: Butterworth-Heinemann,1996.
Carter, Jimmy. “Amendments to the Manual for Courts-Martial, United States,1969 (Revised Edition).” Executive Order 12,233, 1 September 1980.
CCIPS, Introduction. Accessed 4 July 2003. Available at: <http://www.cybercrime.gov/ccips.html>.
CDT (Center for Democracy and Technology) “pages on wiretapping andsurveillance.” Accessed 15 September 2003. Available at: <http://www.cdt.org>. Policy Post 6.15.
Center for Strategic and International Studies (CSIS). Cybercrime . . .Cyberterrorism . . . Cyberwarefare . . . (1998). Accessed July 2003. Availableat: <http://www.csis.org>.
Central Intelligence Agency. Accessed 1 July 2003. Available at: <http://www.cia.gov>.
CERT Coordination Center. “CERT/CC Statistics 1988–2000.” Accessed 4 July2003. Available at: <http://www.cert.org/stats/cert stats.html>.
Computer Emergency Response Team 1995 Annual Report. Pittsburgh, PA: CarnegieMelon University, 1995.
CERT Coordination Center. Computer Emergency Response Team 1998 Annual Re-port. Pittsburgh, PA: Carnegie Melon University, 1998.
“Trends in Denial of Service Attack Activity” (October 2001). Accessed July2003. Available at: <http://www.cert.org/archive/pdf/DoS trends.pdf>.
CERT Coordination Center Research. “Denial-of-Service Incidents.” Accessed5 July 2003. Available at: <http://www.cert.org/research/JHThesis/Chapter11.html>.
CERT. “Home Network Security.” Accessed 15 September 2003. Available at:<http://www.cert.org/tech tips/home networks.html>.
CERT Coordination Center. CERT Coordination Center 1998 An-nual Report (Summary) (1999). Accessed July 2003. Available at:<http://www.cert.org/annual rpts/cert rpt 98.html>.
Cha, Ariana Eunjung. “Hackers Steal Subscriber Data from AOL Network.” Wash-ington Post, 17 June 2000.
Charney, Scott, and Kent Alexander. “Computer Crime.” Emory Law Journal,vol. 45 (1996).
Chatterjee, Neel. “Should Trade Secret Appropriation be Criminalized.” Hast-ings Communications and Entertainment Law Journal, vol. 19 (fall 1996).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
230 REFERENCES
Children’s Online Privacy Protection Act. Public Law 277, 105th Con., 2d sess.,(21 October 1998).
Chicago Lock Co. v. Fanberg, 676 F.2d 400, 404 (9th Cir. 1982).Children’s Online Privacy Protection Rule. 64 Federal Register 59888 (3 November
1999).Childs, Kelvin. “Feds Arrest Two for Newspaper Espionage.” Editor and Publisher
Magazine, 21 February 1998.Chisum, Donald S. Chisum on Patents. Albany, NY: Matthew Bender Publishing,
2000.“CIA Fingers France, Israel for Economic Espionage.” Orlando Sentinel Tribune,
15 August 1996.“CIA: Israel Among Most ‘Extensive’ In Economic Espionage.” Defense Week, 5
August 1996.Cillufo, Frank J. “Security Threats to Americans Overseas, Congressional Testi-
mony.” Federal Document Clearing House (3 April 2001).Cillufo, Frank J., et al. “Bad Guys and Good Stuff: When and Where Will
the Cyber Threats Converge?” DePaul Business Law Journal, vol. 12, no. 30(1999).
Clark, Michael T. “Economic Espionage: The Role of the United States Intelli-gence Community.” Journal of International Legal Studies, vol. 3 (1997).
Clarke, Duncan L. “Israel’s Economic Espionage in the United States.” Journalof Palestine Studies, vol. 27 (1998).
Clinton, William J. Commencement Address to the U.S. Naval Academy. May1998.
Coffee, John C. “Hush!: The Criminal Status of Confidential Information AfterMcNally and Carpenter and the Enduring Problem of Overcriminaliza-tion.” American Criminal Law Review, vol. 26 (1988).
Cohen, Jerry, and Alan S. Gutterman. Trade Secrets Protection and Exploitation.Washington, DC: BNA Books, 1998.
Coile, Zachary. “Better Shred Than Read.” San Francisco Examiner, 29 August1994.
Cole, Michelle. “Proliferation of High Tech Firms Fosters Espionage.” IdahoStatesman, 27 April 1997.
Collins, Cindy. “Trade Secrets: The Economic Espionage Act, Friend or Foe?”Inside Litigation, September 1997.
Combeau, Jacques. “Protection of Undisclosed Information.” In Intellectual Prop-erty and International Trade: A Guide to the Uruguay Round TRIPS AgreementParis, France, edited by Tania Saulnier et al. New York: International Cham-ber of Commerce, 1996.
Commission Regulation No. 240/96 of 31 January 1996 on the application ofArticle 81(3) of the Rome Treaty to Certain Categories Technology TransferAgreements. 1996 O.J. (L 31) 2.
Commission Regulation No. 566/89 of November 1988 on the application ofArticle 85(3) of the Rome Treaty to Certain Categories of Know-How Li-censing Agreements. 1989 O.J. (L 61) 1.
“Commission Regulation No. 2658/2000 of 29 November 2000 on the app-lication of Article 81(3) of the Treaty to Categories of Specialisation
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 231
Agreements.” Accessed 3 July 2003. Available at: <http://europa.eu.int/smartapi/cgi/sga doc?smartapi!celexapi!prod!CELEXnumdoc&lg=en&num doc=32000R2658&model=guichett>.
“Commission Regulation No. 2659/2000 . . .” (accessed 2003). [Office forOfficial Publications of the European Communities, Commission Reg-ulation (EC) No 2659/2000 of 29 November 2000, On the Applica-tion of Article 81(3) of the Treaty to Categories of Research andDevelopment Agreements, at http://europa.eu.int/eur-lex/en/consleg/pdf/2000/en 2000R2659 do 001.pdf (last visited July 2003).
Commons, John R. The Legal Foundations of Capitalism. Madison: University ofWisconsin Press, 1924.
Computer Misuse Act. (1990), ch. 18, secs. 4–9 (England).Computer Security Institute. “Cyber Attacks Rise From Outside and Inside
Corporations: Dramatic Increase in Reports to Law Enforcement.” Accessed5 March 1999. Available at <http://www.gocsi.com/prelea990301.htm>.
CSI-FBI Computer Crime and Security Survey, vol. 8. San Francisco: CSI, 2003.Issues and Trends: 1998 CSI-FBI Computer Crime and Security Survey. San Francisco:
CSI, 1998.Computer Security Institute web site. Accessed 4 July 2003. Available at:
<http://www.gocsi.com>.“Computer Whiz Guilty of Planting Rogue Virus.” Chicago Sun-Times, 23 January
1990, 3. Available in 1990 WL 4381438.Congressional Record. Washington, D.C.: GPO, 1996.Convention Establishing the World Intellectual Property Organization.
14 July 1967. Accessed 3 July 2003. Available at <http://www.wipo.int/treaties/convention/index.html>.
Convention on Combating Bribery of Foreign Public Officials in InternationalBusiness Transactions. 17 December 1997. Accessed 3 July 2003. Availableat: <http://ue.eu.int/ejn/data/vol c/9 autres textes/20nov1en.html>.
Cooper, David E. Statement before U.S. Senate Committee on Intelligence ofthe U.S. Senate and the Subcomm. on Terrorism, Tech., and Gov’t Info.of the Comm. on the Judiciary of the U.S. Senate. Economic Espionage: JointHearing Before the Select Comm. on Intelligence of the U.S. Senate and the Subcomm.on Terrorism, Tech., and Gov’t Info. of the Comm. on the Judiciary of the U.S. Senate.104th Cong., 2d Sess., (4 December 1996) [Cooper statement].
“Corporate Legal Times Roundtable: Protecting Trade Secrets Requires Multi-ple Approaches.” Corporate Legal Times, October 1998.
Corporate Raiding: Handling, Preventing and Litigating the Theft of Corporate Employeesand Information. New York: Practicing Law Institute, 2001.
Costantini, Peter. “Information Warriors Form New Army. International PressService, 9 August 1996. Available in 1996 WL 10768646.
Council Directive 91/250/EEC. The Legal Protection of Computer Programs. May 14,1991 O.J. (L122) 42; 44–46.
Council of Europe Criminal Law Convention. Accessed 3 July 2003. Availableat: <http://conventions.coe.int/treaty/en/Treaties/Html/173.htm>.
Crock, Stan. “Business Spies: The New Enemy Within?” Business Week, 10February 1997.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
232 REFERENCES
Crock, Stan, and Jonathan Moore. “Corporate Spies Feel a Sting.” Business Week,14 July 1997.
Cundiff, Victoria A. “The Economic Espionage Act and You.” In Third An-nual Institute for Intellectual Property Law, PLI Patents, Copyrights, Trade-marks, and Literary Property Course Handbook Series, No. G-490,1997.
Current and Projected Nat’l Sec. Threats to the U.S.: Hearings Before the Select Comm. onIntelligence of the U.S. Senate, 105th Cong., 2d Sess. 35 (1998).
“Cyber-Attacks, Information Theft, and the Online Shakedown: Preparing forand Responding to Intrusions of Computer Systems.” Electronic Banking Lawand Commerce Reporter, vol. 6 (October 2001).
“Cybercrime Bleeds U.S. Corporations, Survey Shows.” Accessed 7 April 2002.Available at <http://www.gocsi.com/press/20020407.htm>.
“Cybercrimes.” Cyberspace Law, vol. 3, no. 1 (1998).Daly, James. “Netherlands, Mexico Chase After Hackers.” Computerworld, 13 July
1992.Damadian, Raymond. Testimony before the House Comm. on the Judiciary Subcomm.
on Crime. Federal Document Clearing House, 9 May 1996. Available in 1996WL 10163734 [Damadian testimony].
Davis, Susan E. “Gangster Tech.” California Lawyer, June 1996.“Defense Commissary Agency.” Accessed 3 July 2003. Available at: <http://
www.commissaries.com/>.Denning, Dorothy E. “Cyberterrorism, Testimony before the Special Over-
sight Panel on Terrorism, Committee on Armed Services.” U.S. House ofRepresentatives. 23 May 2000. Accessed 2002. Available at: <http://www.cs.georgetown.edu/∼denning/infosec/cyberterror.html>.
Desmet, Thierry Olivier. “The Economic Espionage Act of 1996: Are We FinallyTaking Corporate Spies Seriously?” Houston Journal of International Law, vol.22 (1999).
Deutch, Miguel. “The Property Concept of Trade Secrets in Anglo-AmericanLaw: An Ongoing Debate.” University of Richmond Law Review, vol. 31(1997).
Deutsch, Andrew L. “Practice Tip; Protecting the Co.’s Trade Secrets.” Start-Up &Emerging Companies Strategist, vol. 3 (September 2002).
Devost, Matthew G., Brian K. Houghton and Neal A. Pollard. “InformationTerrorism: Political Violence in the Information Age.” Accessed 2002. Avail-able at: <http://www.terrorism.com/Denning.html>.
DeYoung, H. G. “Thieves Among Us: If Knowledge Is Your Most Important Asset,Why Is It So Easily Stolen?” Industry Week, 17 June 1996.
Dickson, Paul, and Joseph Goulden. Myth-Informed: Legends, Credos and Wrong-headed Facts We All Believe. New York, NY: Perigree Books, 1993.
Dillon, Sheri A., Douglas E. Groene, and Todd Hayward. “Computer Crimes.”American Criminal Law Review, vol. 35 (1998).
Dilworth, George “Toby.” “The Economic Espionage Act of 1996: An Overview.”Accessed 3 July 2003. Available at: <http://www.cybercrime. gov/usamay2001 6.htm>.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 233
Doane, Michael L. “The Uruguay Round Negotiations.” In International Intel-lectual Property Law, edited by Anthony D’Amato and Doris Estelle Long.London; Boston: Kluwer Law International, 1997.
Dobbs, Dan B. The Law of Torts. St. Paul, MN: West Group, 2001.Dolinar, Lou. “Spoofing Lets Hackers Hijack Computers, Officials Warn.” News
Tribune (Tacoma), 24 January 1995.“DoS attack.” PC Webopedia Definition and Links. Accessed 5 July 2003. Avail-
able at: <http://webopedia.internet.com/TERMS/D/DoS attack.html>.Drahos, Peter, and John Braitwaite. Information Feudalism Who Owns the Knowledge
Economy? London: Earthscan Publications Ltd, 2002.Dreyfuss, Robert. “Company Spies.” Mother Jones Mo Jo Wire. Accessed 30
October 1997. Available at: <http://www.mojones.com/motherjones/MJ94/dreyfuss.html>.
“Tinker, Tailor Silicon Spy.” California Lawyer, 16 May 1996.Dreyfuss, Rochelle Cooper. “Intellectual Property Challenges in the Next Cen-
tury.” Article an Alert to the Intellectual Property Bar: The Hague Judg-ments Convention 2001. University of Illinois Law Review, no. 1 (2001).
“Trade Secrets: How Well Should We Be Allowed To Hide Them: The Eco-nomic Espionage Act of 1996.” Fordham Intellectual Property and Media LawJournal, vol. 9 (1998).
Drozdiak, William. “U.S. Spy Agency Is Out in the Cold; Some Germans QuestionPresence of American Eavesdropping Site.” International Herald Tribune, 25July 2000.
Dungan, Sean. “Cybersabotage.” Infoworld. Accessed 5 July 2003. Available at:<http://ask.elibrary.com/login.asp?c=&host=ask%2Eelibrary%2Ecom&script=%2Fgetdoc%2Easp&query=pubname%3DInfoWorld%26puburl%3Dhttp%7EC%7E%7ES%7E%7ES%7Ewww%2Einfoworld%2Ecom%26querydocid%3D29132249%40urn%3Abigchalk%3AUS%3BLib%26dtype%3D0%7E0%26dinst%3D0%26author%3DSean%2520Dugan%2520%2520%26title%3DENTERPRISE%2520COMPUTING%2520%253A%2520Cyber%2520sabotage%2520%2520%26date%3D02%2F10%2F1997%26refid%3Dency%5Fbotnm&title=ENTERPRISE+COMPUTING+%3A+Cyber+sabotage++&pubname=InfoWorld&author=Sean+Dugan++&date=02%2F10%2F1997>.
Echelon. “Answers to Frequently Asked Questions about Echelon.” Accessed 1July 2003. Available at: <http://www.aclu.org/echelonwatch/faq.html>.
“Economic Espionage.” Pittsburgh Post-Gazette, 1 February 1997.“Economic Espionage of U.S. Companies on the Rise: Report.” Agence France-
Presse, 24 February 1996. Available in NEXIS, News Library.Economic Espionage Act of 1996. U.S. Code 18 (2000) § 1831.“Economic Espionage – Spies Come in From the Cold, Go After U.S. Business.”
Seattle Times, 6 November 1991.“Economic Espionage: The Corporate Threat.” Accessed 22 October 1996. Avail-
able at: <http://emporium.turnpike.net/IntlInt/econ.html>.Edelman, Bernard. Ownership of the Image: Elements for a Marxist Theory of Law.
Translated by E. Kingdom. London: Routledge and Kegan, Paul, 1979.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
234 REFERENCES
“EDPA Sentences Taiwanese Businessman to Probation in Taxol Theft Case.”Intellectual Property Litigation Reporter, 21 July 1991.
Edsall, Margaret Horton. “Away We Go, Investigate FBI Headquarters in DC.”The Capital, 11 August 2002.
Eells, Richard, and Peter Nehemkis. Corporate Intelligence and Espionage. NewYork, NY: Macillan, 1984.
“Electronic Intrusion Threats to National Security and Emergency Preparedness(NS/EP) Internet Communications.” National Communications Systems.December 2000. Accessed 2002. Available at: <http://www.infowarrior.org/strategy/nsepcomms.pdf>.
Elliott, Marci. “MBA Students Learn the Art of Corporate Spying.” Scripps HowardNews Service, 6 August 2002.
Elron Software. “The Year 2001 Corporate Web and Email Study.” Accessed 4 July2003. Available at <http://www.elronsoftware.com/pdf/nforeport.pdf>.
Encyclopedia.com. Accessed 4 July 2003. Available at: <http://www.ency-clopedia.com/searchpool.asp?target=@DOCTITLE% 20Rust%20Belt>.
“Enemy Within, The.” Engineer, 9 August 2002.Epstein, Michael A. Modern Intellectual Property. Gaithersburg, MD: Aspen Law &
Business, 1995.Evans-Pritchard, Ambrose. “Bored CIA Spies Go Moonlighting.” Sunday Tele-
graph (London), 24 November 1996.Ewing, A.C. The Morality of Punishment. London: Kegan Paul, Trench, Trubner &
Co., 1929.“Exclusive Interview with Charles Neal, Supervisory Special Agent, FBI Com-
puter Crime Squad.” E-Commerce Times. Accessed 10 February 2000. Avail-able at: <http://www.ecommercetimes.com/news/articles2000/000211-la.shtml>.
“Ex-Kodak Employee Sentenced.” Greensboro News and Record, 15 November 1997.Farnham, Alan. “How Safe Are Your Secrets?” Fortune, 8 September 1997.“FBI: Ethnic Targeting Common Tactic in Economic Espionage.” Defense Week,
25 March 1996.FBI Press Release. 28 April 1999. Accessed 13 December 1999. Available
at: <http:www.fbi.gov/pressrm/pressrel/avery.htm> (also on file with au-thors).
FBI Press Room – “Congressional Statement for the Record of Charles L.Owens, Chief Financial Crimes Section Federal Bureau of Investigation,Computer Crimes and Computer Related or Facilitated Crimes.” Accessed19 March 1997. Available at: <http://www.fbi.gov/congress/congress97/compcrm.htm>.
Federal Bureau of Investigation. Accessed 1 July 2003. Available at: <http://www.fbi.gov>.
“Feds Charge Two with Stealing Trade Secrets for China.” Intellectual PropertyLitigation Reporter, vol. 9 (7 January 2003).
Fein, David B., and Mark W. Heaphy. “Companies Have Options When SystemsHacked Same Technologies That Empower Corporation Can Expose Vi-tal Proprietary Information.” Connecticut Law Tribune, vol. 27 (15 October2001).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 235
Feinberg, Joel. The Moral Limits of the Criminal Law: Harm to Others 218–21(1984).
Ferdinand, Pamela. “Argentine Pleas Guilty to Hacking U.S. Networks: Wire TapLed Authorities to Arrest.” Washington Post, 20 May 1998.
Fialka, John J. “Stealing the Spark: Why Economic Espionage Works in America.”Wasington Quarterly (autumn 1996).
War by Other Means: Economic Espionage in America. New York: W.W.Norton & Co., Inc., 1997.
“Field Guide for Investigating Computer Crime.” Accessed 2002. Availableat:<http://www.securityfocus.com/cgi-bin/infocus.pl?head=Incidents:Forensics&id=1244>.
Fisse, Brent. “Reconstructing Corporate Criminal Law: Deterrence, Retribution,Fault and Sanctions.” Southern California Law Review, vol. 56 (1983).
Flaming, Todd H. “Comment, The National Stolen Property Act and ComputerFiles: A New Form of Property, A New Form of Theft.” University of ChicagoLaw School Roundtable (1993).
Florini, Ann M., and Yahya A. Dehqanzada. No More Secrets, Policy Implications ofCommercial Remote Sensing Satellites. Washington, D.C.: Carnegie Endowmentfor International Peace, July 1999.
Foley, Mark J., and Michael E. Dash, Jr. “Inevitable Disclosure Cases in the In-formation Age.” Legal Intelligencer (Philadelphia), 9 August 1999.
Foley, Timothy D. “The Role of the CIA in Economic and Technological Intel-ligence.” Fletcher Forum of World Affairs, vol. 18 (winter/spring 1994).
Fonseca, Brian. “IT Security Under the Gun” Infoworld. Accessed 4 July2003. Available at: <http://www.itworld.com/Sec/3832/itwnws010312security/>.
Ford, Peter. “New Cooperation in Taming the Wild Web.” Christian Science Mon-itor, 18 May 2000.
Fraser v. Nationwide Mut. Ins. Co.,135 F.Supp.2d 623 (E.D. Pa. 2001).Fraumann, Edwin. “Economic Espionage: Security Missions Redefined.” Public
Administration Review, vol. 57 (1997).Fraumann, Edwin, and Joseph Koletar. “Trade Secret Safeguards.” Security Man-
agement, March 1999.Freeh, Louis. Statement. See Cooper . . . Economic Espionage: Joint . . . (1996)
[Freeh statement].Freeh, Louis. Statement. Economic Espionage: Joint Hearing Before the Select
Comm. on Intelligence of the U.S. Senate and the Subcomm. on Terror-ism, Tech., and Gov’t Info. of the Comm. on the Judiciary of the U.S. Sen-ate. 104th Cong., 2d Sess., (4 December 1996). Accessed June 2004. Avail-able at: <http://thomas.loc.gov/cgi-bin/query/R?r104:FLD001:S62208-S62210>. . . . . . . . . . . . . . . . . . Loeb, Vernon. “Wanted: A Few GoodSpies; After Dry Spell, CIA Hiring Again.” Washington Post, 27November 1998, sec. A, p. 01. Accessed June 2004. Available at:<http://www.washingtonpost.com>.
“French Won’t Expel U.S. Diplomats.” Windsor Star, 28 February 1995.Friedman, Lawrence. A History of American Law. New York: Simon and Schuster,
1978.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
236 REFERENCES
Friedman, Marc. S., and Kristin Bissinger. “‘Infojacking’: Crimes on the Infor-mation Superhighway.” Computer Law, vol. 13 (1996).
Gallagher, Neil J. “Cybercrime, Transnational Crime, and Intellectual Prop-erty Theft: Hearing Before the J. Econ. Comm., 105th Cong. 2–4,”1998. Accessed 3 July 2003. Available at: <http://www.wiu.edu/library/govpubs/guides/intellect.htm> [Gallagher statement].
Gannon, John C. “Intelligence Challenges Through 2015.” National IntelligenceCouncil, 27 April 2000. See “Speeches and Testimony.” Accessed 2002. Avail-able at: <http://www.cia.gov/>.
Garner, Bryan A. Black’s Law Dictionary. 7th ed. St. Paul, MN: West Group, 1999.Geist, Michael A. “The Reality of Bytes: Regulating Economic Activity in the Age
of the Internet.” Washington Law Review, vol. 73 (1998).Gelber, Daniel S. Testimony before Permanent Subcomm . . . Security in Cyber-
space: Hearings Before the Permanent Subcomm. on Inv. of the Senate Comm. onGovernmental Affairs. 104th Cong., sess. 50 (1996) [Gelber testimony].
“General Agreement on Tariffs and Trade – Multilateral Trade Negotiations(The Uruguay Round): Agreement on Trade-Related Aspects of Intellec-tual Property Rights, Including Trade in Counterfeit Goods,” 15 December1993. International Legal Materials, vol. 33 [GATT].
Gertz, Bill. “SEC Aide Quits After Leak to Chinese; Threatened Firms, FBI Keptin Dark.” Washington Times, 11 November 2002.
“The New Spy: ‘90s Espionage Turns Economic.” Washington Times, 9 February1992.
“U.S. Spy Center to Track Economic Espionage.” Washington Times, 21 October1994.
Gibson, Steve. “The Strange Tale of the Denial of Service AttacksAgainst GRC.COM.” May 2001. Accessed 2002. Available at:<http://grc.com/dos/grcdos.htm>.
Gilad, Benjamin, and Tamar Gilad. The Business Intelligence System: A New Tool forCompetitive Advantage. New York: American Management Association, 1988.
Gilpin, Robert. The Political Economy of International Relations. Princeton, NJ:Princeton University Press, 1987.
Glickman, Dan. “Intelligence After the Cold War.” Kansas Journal of Law andPublic Policy, vol. 3 (1994).
Goller, Mimi C. “Is A Padlock Better Than a Patent? Trade Secrets vs. Patents.”Wisconsin Lawyer, May 1998.
Gomes, Lee. “Upstart Linux Draws a Microsoft Attack Team.” Wall St. J., 21 May1999.
Goodin, Dan. “Busting Industrial Spies.” Recorder 25 September 1996. Availablein Lexis-Nexis (Legal News).
Goodman, Marc D. “Making Computer Crime Count.” The FBI Law EnforcementBulletin, vol. 70 (1 August 2001).
“Why the Police Don’t Care About Computer Crime.” Harvard Journal of Lawand Technology, vol. 10 (1997).
Gordon, Sarah. “The Generic Virus Writer II.” Accessed 15 September2003. Available at:<http://www.research.ibm.com/antivirus/SciPapers/Gordon/GVWII.html>.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 237
Gore, Al. “Bringing Information to the World: The Global Information Infras-tructure.” Harvard Journal of Law and Technology, vol. 9 (1996).
Gorelick, Jamie S. Testimony . . . See Gelber . . . Security in Cyberspace: Hearings(1996) [Gorelick testimony].
“Govt Aims to Fight Industrial Espionage.” Daily Yomiuri (Toyko), 13 February2002.
Grabosky, Peter, and Russell G. Smith. Crime in the Digital Age: Controlling Telecom-munications and Cyberspace Illegalities. Leichhardt, N.S.W.: The FederationPress, 1997.
Grabosky, Peter, Russell G. Smith, and Gillian Dempsey. Electronic Theft: Un-lawful Acquisition in Cyberspace. Cambridge: Cambridge University Press,2001.
Graham, Robert. “Carnivore FAQ.” Accessed 2002. Available at: <http://www.robertgraham.com/pubs/carnivore-faq.html>.
G.S. Rasmussen & Assoc., Inc. v. Kalitta Flying Serv., Inc., 958 F.2d 896, 900 (9thCir. 1992).
Gutowski, Robert J. “The Marriage of Intellectual Property and InternationalTrade in the TRIPS Agreement: Strange Bedfellows or a Match Made inHeaven?” Buffalo Law Review, vol. 47 (1999).
Halligan, R. Mark. “Intellectual Property.” National Law Journal, 9 December1996.
“International Protection of Trade Secrets.” Accessed 5 July 2003. Availableat: <http://execpc.com/∼mhallign>.
Hansen, Hugh C. “Introduction to Part I: Current Developments in EuropeanUnion Intellectual Property Law.” In International Intellectual Property Lawand Policy, vol. 3, edited by Hugh C. Hansen. Yonkers, NY: Juris Publishing,1998.
Harmon, Amy. “Group Says It Beat Music Security But Can’t Reveal How.” N.Y.Times, 15 January 2001 [2001a].
“‘Hactivists’ of All Persuasions Take Their Struggle to the Web.” N.Y. Times,31 October 1998.
“New Economy.” N.Y. Times, 13 August 2001 [2001b].Harris, John E. Director, OIA. Memorandum to Scott Charney, Chief, Com-
puter Crime and Intellectual Property Section, 21 December 1998 [Harrismemorandum].
Hartstein, Larry. “Man Sentenced for Conspiracy.” Atlanta Journal & Constitution,4 June 1998.
Hatcher, Michael, et al. “Computer Crimes.” American Criminal Law Review, vol.36 (1999).
Health Insurance Portability and Accountability Act of 1996. Office ofthe Federal Register. Code of Federal Regulations, vol. 45 (1996) sec.164.530(c)(1).
Heed, Thomas P. “Comment, Misappropriation of Trade Secrets: The Last CivilRICO Cause of Action That Works.” John Marshall Law Review, vol. 30(1996).
Heffernan, Richard J. Testimony with Regard to Economic Espionage Before the HouseComm. on the Judiciary Subcomm. on Crime Subcomm. on Crime. Committee on
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
238 REFERENCES
the Judiciary, U.S. House of Representatives. Washington, DC: GPO, 9 May1996 [Heffernan testimony].
Heffernan, Richard J., and D.T. Swartwood. Asis Special Report: Trends in Intellec-tual Property Loss. Alexandria, VA: American Society for Industrial Security(ASIS), 15 March 1996.
Heller, Emily. “Stolen Plan No Big Secret, But Scheme Costs 90 Days.” FultonCounty Daily Report, 27 August 1998. Available in Lexis-Nexis (U.S. News,Southeast Regional Sources).
Heymann, Stephen P. “Legislating Computer Crime.” Harvard Journal on Legis-lation, vol. 34 (1997).
Higgins, John J. Statement. See Cooper . . . Economic Espionage: Joint . . . (1996)[Higgins statement].
Hirst, Michael, and Karen Breslau. “Closing the Deal, Trade Is the Main Focusof Bill Clinton’s Foreign Policy.” Newsweek, 6 March 1995.
Hitchens, Ralph. “Computer Network Security and Risk Management.”MultiTech Communications. Accessed 15 September 2003. Available at:<http://www.insurancetranslation.com/Language Perils/01general.htm#12a>.
Hobson, Katherine. “Corporate Intelligence Seen as a Necessity.” Accessed30 September 1998. Available at: <http://www.abcnews.com/sections/business/DailyNews/spy980924/index.html>.
Hodgson, Stephen S. “Trade Secrets, The U.S. Economic Espionage Act andYou.” Chemical Engineering, December 1998.
Hodkowski, William A. “Comment, The Future of Internet Security: How NewTechnologies Will Shape the Internet and Affect the Law.” Santa Clara Com-puter and High Technology Law Journal, vol. 13 (1997).
Hohfeld, Wesley Newcomb. “Some Fundamental Legal Conceptions as Appliedin Judicial Reasoning.” Yale Law Journal, vol. 23 (1913).
Holder, Eric. Deputy Attorney General. Remarks at Press Conference Announc-ing the Intellectual Property Rights Initiative. Accessed 23 July 1999. Avail-able at: <http://www.cybercrime.gov/dagipini.html>.
Honeynet Project. “Know Your Enemy: Statistics.” 22 July 2001. Accessed 18January 2004. Available at: <http://www.honeynet.org/papers/stats/>.
Horowitz, Richard. “The Economic Espionage Act: The Rules Have NotChanged.” Competitive Intelligence Review, vol. 9 (1998).
Hosteny, Joseph N. “The Economic Espionage Act: A Very Mixed Blessing.”Intellectual Property Today, February 1998. Available in Lexis-Nexis (LegalNews).
“House Judiciary Panel Backs . . .” (1996) ($24 billion); “Economic Espionage:The Corporate Threat” (accessed 1996) ($260 billion). Perry, Sam. “Eco-nomic Espionage: The Corporate Threat.” Accessed 22 October 1996. Avail-able at: <http://emporium.turnpike.net/IntlInt/econ.html>.
Howard, Liz. “Criminal Penalties for Theft of Biological Materials.” BioPharm,vol. 15 (1 June 2002).
Hudson, James E., III. “Trade Secret Theft Threatens Everyone with Corpo-rate Economic Espionage Escapades.” Houston Bus. J. Tech. Q. Accessed 1
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 239
October 1999. Available at:<http://www.bizjournals.com/houston/stories/1999/10/4/focus13.html>.
Hulme, George V. “Guarded Optimism – Even as Companies Plug More Holes,the Threats Grow More Sophisticated.” Information Week, 8 July 2002.
Husman, Hans. “Introduction to Denial of Service.” Accessed 5 July2003. Available at: <http://secinf.net/misc/Introduction to Denial ofService .html>.
Hyde, Alan. “The Wealth of Shared Information: Silicon Valley’s High-Velocity Labor Market, Endogenous Economic Growth, and the Law ofTrade Secrets.” Accessed 4 July 2003. Available at <http://andromeda.rutgers.edu/∼hyde/WEALTH.htm>.
“Independent Technical Review of the Carnivore System.” 8 December 2000.Accessed 2002. Available at: <http://www.usdoj.gov/jmd/publications/carniv final.pdf>.
“India: Netspionage Coming of Age – II: William Boni and Gerald L. Kovacichon Business, Crime and Security in the 21st Century Global Marketplace.”Global News Wire, 3 September 2001.
Institute for Security Technology Studies, Dartmouth College. “Cyber AttacksDuring the War on Terrorism: A Predictive Analysis.” September 22,2001. Accessed 15 September 2003. Available at: <http://www.ists. dart-mouth.edu/ISTS/counterterrorism/cyber attacks. htm>.
Intel Corp. “2000 Annual Report.” Accessed 3 July 2003. Available at:<http://www.intel.com/intel/annual00/>.
Inter-American Convention on Corruption. “Signatories.” Accessed 3 July 2003.Available at: <http://www.oas.org/juridico/english/sigs/b-58. html>.
“Interception Capabilities 2000.” European Parliament, Scientific and Techno-logical Options Assessment (STOA). Accessed 15 September 2003. Avail-able at: <http://www.cyber-rights.org/interception/stoa/interceptioncapabilities 2000.htm.>
Intermedics, Inc. v. Ventritex, Inc., 822 F. Supp. 634, 642-43 (N.D. Cal. 1993).“Internet Insecurity.” Time, 2 July 2001.“Israel Indicts Hackers.” Pittsburgh Post-Gazette, 10 February 1999.“Israeli Teenager Questioned in Pentagon Hacking Case.” L.A. Times, 19 March
1998.Iwata, Edward. “More U.S. Trade Secrets Walk Out Door with Foreign Spies.”
USA Today, 13 February 2003.Jackamo, Thomas J., III. “From the Cold War to the New Multilateral World
Order: The Evolution of Covert Operations and the Customary Interna-tional Law of Non-Intervention.” Virginia Journal of International Law, vol.32, no. 88 (1992). Citing Bill Gertz, “The New Spy: ‘90s Espionage TurnsEconomic,” Washington Times, 9 February 1992.
Jager, Melvin F. Trade Secrets Law. New York: Clark Boardman Callaghan & Co,1996.
James, Michael. “Small Thefts, Big Trouble.” Baltimore Sun, 22 January 2001.“Japan Changes Its Espionage Laws.” Intelligence Online, no. 423, 14 February
2002.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
240 REFERENCES
Jauvert, Vincent. “Espionage – How France Listens to the Whole World.” 5 April2001. Accessed 2002. Available at:<http://all.net/iwar/archive/2001Q2/0098.html>.
Java Security. “Denial of Service.” Accessed 5 July 2003. Available at:<http://java.sun.com/sfaq/denialOfService.html>.
Jopeck, Ed, and Ken Sawka. “Foreign Espionage: Is Your Business atRisk?” Accessed 25 September 1996. Available at: <http://www.scip.org/jan3.html>.
“Judge Convicts Man in Trade-Secret Case.” Milwaukee Journal Sentinel, 10December 1999.
Kalitka, Peter F. “Do They Know What You Know?” Security Management, vol. 44(1 September 2000).
Kant, Immanuel. The Philosophy of Law: An Exposition of the Fundamental Principlesof Jurisprudence as the Science of Right. Translated From German by W. Hastie,B.D. (Edinburgh: T. & T. Clark, 1887).
Kanuck, Sean P. “Information Warfare: New Challenges for Public InternationalLaw.” Harvard International Law Journal, vol. 37 (1996).
Kaslow, Amy. “Behind White House Role as Pitchman for U.S. Firms.” ChristianScience Monitor, 28 March 1995.
Katsh, Salem M., and Michael P. Dierks. “Globally, Trade Secrets Are All Overthe Map.” Journal of Property Rights, vol. 7, no. 11 (1995).
Keithly, David M., and Stephen P. Ferris. “U.S. Companies Exposed to In-dustrial Espionage; Point of View.” National Defense, vol. 87 (1 September2002).
Kelsey, Tim, and David Leppard. “American Spies Hack into Euro Computersto Steal Trade Secrets.” Sunday Times (London), 4 August 1996.
Kephart, Jeffrey, Gregory Sorkin, David Chess, and Steve White. “Fighting Com-puter Viruses. Scientific American, November 1997. Accessed 2002. Availableat: <http://www.sciam.com/1197issue/1197kephart.html>.
Kerr, Orin. “Internet Surveillance Law After the USA Patriot Act.” NorthwesternLaw Review, vol. 97 (2003).
Kerr, Thomas M. “‘Trade Secrets,’ i.e., Confidential Business Information orBusiness Intelligence.” Pittsburgh Legal Journal, vol. 145 (December 1997).
Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 481–82 (1974).King, Neil, Jr., and Jess Bravin. “Call It Mission Impossible, Inc. – Corporate
Spying Firms Thrive.” Wall St. J., 3 July 2000.“Corporate-Spying Firms Thrive: CIA Veterans, Dumpster-Divers Work in
‘Competitive Intelligence’: If the Trash is on the Curb, It’s Fair Game.”Wall St. J., 4 July 2000, Europe edition.
Klevorick, Alvin K. “Legal Theory and the Economic Analysis of Torts andCrimes.” Columbia Law Review, vol. 85 (1985).
Knoll, Amy. “Comment, Any Which Way But Loose: Nations Regulate theInternet.” Tulane Journal of International and Comparative Law, vol. 4(1996).
Knowles, J. “IW Battlelab to Go Operational This Month.” Journal of ElectronicDefense, 1 June 1997.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 241
Kober, Stanley. “Why Spy? The Uses and Misuses of Intelligence.” USA TodayMagazine, 1 March 1998.
Korah, Valentine. An Introductory Guide to EC Competition Law and Practice. 7th ed.Oxford: Hart Publishing, 2000.
Lamb, Robert. “Economic and Financial Issues in Intellectual Property.” In Inter-national Intellectual Property Law and Policy, vol. 3, edited by Hugh C. Hanson.Yonkers, NY: Juris Publishing, 1998.
Landers, Jim. “Foreign Spies Target Corporate Secrets.” Dallas Morning News, 7October 1996.
Landes, William, David Friedman, and Richard A. Posner. “Some Economics ofTrade Secret Law.” Journal of Economic Perspectives, vol. 5, no. 1 (1991).
Lange, Larry. “Trust a Hacker Under 30? You’d Better.” Elec. Engineering Times,19 August 1996.
Lao, Marina. “Federalizing Trade Secrets Law in an Information Economy.” OhioState Law Journal, vol. 59 (1998).
Latham, A. Copyright Law. New York: Rothman, 1979.Leaffer, Marshall A. International Treaties on Intellectual Property. 2nd ed. Washing-
ton, DC: BNA Inc., 1997.Leob, Vernon. “Wanted: A Few Good Spies.” Washington Post, 27 November 1998.Leob, Vernon, and Walter Pincus. “Invisible on the Inside; Knowing System
Helped Suspect Go Undetected, FBI Says.” Washington Post, 21 February2001.
Lisser, Eleena de. “Hearing and Seeing Business Travel Blab and Laptop Lapses.”Wall St. J., 8 November 1999.
“Local Man Pleads Guilty in Trade Theft Case.” Telegram & Gazette (Mas-sachusetts), 12 October 2002.
Locke, John. Two Treatises on Civil Government. Edited by H. Morley. London:George Routledge and Sons, 1884.
Lowry, Suellen. “Inevitable Disclosure Trade Secrets Disputes: Dissolutions ofConcurrent Property Interests.” Stanford Law Review, vol. 40 (1988).
Lowry, Tom. “Secrets at Stake, Fears of Chinese Spying Mount.” USA Today, 29January 1998.
Lynch, Ian. “EU Makes Blueprint for Echelon Inquiry.” Accessed 9 September2000. Available at: <http://www.vnunet.com/News/1110830>.
Overseas Offices Fall Prey to Crackers. Accessed 5 July 2003. Available at:<http://www.vnunet.com/News/1115279>.
MaCodrum, Donald, Hedieh Nasheri, and Timothy J. O’Hearn. “Spies in Suits:New Crimes of the Information Age from the United States and CanadaPerspectives.” Information and Communications Technology Law, vol. 10, no. 2(June 2001).
“Man Charged in Theft of Trade Secrets.” Des Moines Register, 26 September 1995.“Man Offering to Sell Secrets to Rival Newspaper Sentenced.” Associated Press
State & Local Wire, 25 August 1998. Available in Lexis-Nexis (Wire ServiceReports).
Mangel, John. “Economic Espionage Losses in the Billions Experts Say.” PlainDealer (Cleveland), 30 July 2001.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
242 REFERENCES
Mann, Charles C. “The Mole in the Machine.” The New York Times Magazine, 25July 1999. Accessed 15 September 2003. Available at:<http://www.nytimes.com/library/magazine/home/19990725mag-tech-secure-secrets.html>.
Mann, Kenneth. “Punitive Civil Sanctions: The Middleground Between Criminaland Civil Law.” Yale Law Journal, vol. 101 (1992).
Marcus, Jon. “Scientist Arrested Over Trade Espionage.” N.Y. Times, 30 August2002, Higher Education Supplement, no. 1553.
Markey, John K., and James F. Boyle. “New Crimes of the Information Age.”Boston Bar Journal, vol. 43 (May/June 1999).
Marriot, Anne. “Companies Gamble on Keeping Secrets.” Washington Times, 20March 1997.
Martin, Brian. “Against Intellectual Property.” Philosophy and Social Action, vol.21 (1995).
Mason, J. Derek, et al. “The Economic Espionage Act: Federal Protection forCorporate Trade Secrets.” Computer Law, vol. 16 (1999).
Mathiason, Garry G., and Roland M. Juarez. “The Electronic Workplace: AnOverview.” CEB’s California Business Law Reporter, 1995.
Matthews, Chris. “FBI Has Developed System for Monitoring the Internet.”Hardball with Chris Matthews, CNBC News Transcripts, 18 July 2000.
McAllester, Matthew. “Feds Aid Miami Company in Global Hunt for Hacker.”Newsday, 8 June 1997.
McCarthy, Michael. “The Pentagon Worries That Spies Can See Its ComputerScreens.” Wall St. J., 7 August 2000.
McCartney, Scott. “System Breach Is Stirring Up Airline Rivalry.” Wall St. J., 27June 2000.
McCurdy, Dave. “Glasnost for the CIA.” Foreign Affairs, vol. 73 (January/February1994).
McGugan, Ian. “The Spy Who Came in for the Gold.” Canadian Business, 1 May1995.
McMorris, Frances A. “Corporate-Spy Case Rebounds on Bristol.” Wall. St. J., 2February 1998.
“Men Sentenced for Trying to Sell Prototype Computers.” Associated Press Stateand Local Wire, 4 December 1998. Available in Lexis-Nexis (Wire ServiceReports).
Meyerowitz, Steven A., and Donna Fryer. “Competitive Intelligence: A New Rev-enue Stream for Firms Looking to Gain an Edge.” New York Law JournalNews, vol. 228, 20 August 2002.
Milgrim, Roger M. Milgrim on Trade Secrets. New York: Matthew Bender, 1999.Mills, Mike. “Testing the Limits on Trade Secrets; Kodak Lawsuit Is Likely to Have
Broad Impact on Use of Confidential Data.” Washington Post, 9 December1997.
Mock, Lois F., and Dennis Rosenbaum. A Study of Trade Secret Theft in High-Technology Industries. Unpublished manuscript on file with the National In-stitute of Justice, May 1988.
Molander, Roger, Peter Wilson, David Mussington, and Richard Mesic. “Strate-gic Information Warfare Rising.” Draft RAND Study. Santa Monica, CA:1998.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 243
Moore, David. “The Spread of the Code-Red Worm (CRv2).” Accessed 2002.Available at: <http://www.caida.org/analysis/security/code-red/>.
Moore, David, Geoffrey M. Voelker, and Stefan Savage. “Inferring InternetDenial-of-Service Activity.” 2001. Accessed 2002. Available at: <http://www.caida.org/outreach/papers/backscatter/usenixsecurity01.pdf>.
Morris, Nomi, et al. “The New Spy Wars: Canada Is a Key Target in the GlobalRace for Economic Secrets.” Maclean’s, 2 September 1996.
Morse, Paige Marie. “Protecting Trade Secrets.” Chemical and Engineering News,1 December 1997.
Mossinghoff, Gerald J., et al. “The Economic Espionage Act: A New FederalRegime of Trade Secret Protection.” Journal of the Patent and Trademark OfficeSociety, vol. 79 (1997).
Moyer, Marc A. “Section 301 of the Omnibus Trade and Competitiveness Actof 1988: A Formidable Weapon in the War Against Economic Espionage.”Northwestern Journal of International Law and Business, vol. 15 (1994).
Mueller, Robert S., III. Director, Federal Bureau of Investigation. Statementbefore the Senate Select Committee on Intelligence. International Terrorism:Hearing Before the Senate Select Comm. on Intelligence. 104th Cong., 2d sess.(1 August 1996) [Mueller statement].
Muller, Joann. “Raytheon Unit Is Accused of Industrial Espionage; FloridaFirm Alleges Foul in $450 Million Aircraft Pact.” Boston Globe, 22 January1997.
Murray, Kevin D. “Ten Spy-Busting Secrets.” Accessed 3 July 2003. Available at:<http://www.tscm.com/murray.html>.
Nadlemann, Ethan A. Cops Across Borders: The Internationalization of U.S. Crimi-nal Law Enforcement. University Park: Pennsylvania State University Press,1993.
Nash, Kim S. “Symantec Executives Charged with Stealing Borland Trade Se-crets.” Computerworld, 8 March 1993.
Nasheri, Hedieh. “Digital Crime.” Encyclopedia of Crime and Punishment, vol. 2(2002). Great Barrington, MA: Berkshire Publishing Group, 2002.
“The Intersection of Technology Crimes and Cyberspace in Europe: The Caseof Hungary.” Information and Communications Technology Law, vol. 12, no. 1(2003).
Nasheri, Hedieh, and Timothy J. O’Hearn. “Crime and Technology: New Rulesfor a New World.” Information and Communications Technology Law, vol. 7,no. 2 (June 1998).
“Hightech Crimes and the American Economic Machine.” InternationalReview of Law, Computers and Technology, vol. 13, no. 2 (November1999).
“The Worldwide Search for Techno-thieves: International Competition v. In-ternational Co-operation.” International Review of Law, Computers and Tech-nology, vol. 13, no. 3 (December 1999).
“The Worldwide Search for Techno-thieves: International Competition v. In-ternational Co-operation.” In Cyberspace Crime, ed. D.S. Wall (London: Ash-gate, 2002). First published in International Review of Law, Computers andTechnology, vol. 13, no. 3 (December 1999).
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
244 REFERENCES
National Counterintelligence Center. “Counterintelligence News & Develop-ments,” no. 1. Accessed 3 July 2003. Available at: <http://www.loyola.edu/dept/politics/hula/cind1.html>.
National Fraud Center, Inc., The, a LEXIS-NEXIS Company. “The GrowingGlobal Threat of Economic and Cyber Crime.” A white paper producedin conjunction with The Economic Crime Investigation Institute, UticaCollege, December 2000.
National Infrastructure Protection Center (NIPC). Accessed 3 July 2003. Avail-able at: <http://www.nipc.gov>.
National Legal Center for the Public Interest. Judicial Legislative Watch Report,vol. 19, no. 6 (June 1998).
National Stolen Property Act. United States Code. Title 18, sec. 2314 (1940).Nelan, Bruce. “A New World for Spies.” Time, 5 July 1993.Nelson, Carrington. “Ex-Engineer Jailed for Stealing Secrets.” Tennessean, 29
April 1998.Nelson, Emily, and George Anders. “Wal-Mart, Amazon.com Settle Fight Over
Recruitment and Trade Secrets.” Wall St. J., 6 April 1999.Nelson, Emily, George Anders, and Raju Narisetti. “How Kodak, Fearing Theft
of Trade Secrets, Mounted Its Own Sting.” Wall St. J., 25 November 1996.Nelson, Jack. “Spies took $300-Billion Toll on U.S. Firms in ’97.” L.A. Times, 12
January 1998.“Network Security: The Business Value Proposition.” The Consultant Reg-
istry. Accessed 15 September 2003. Available at: <http://www.consultant-registry.com/delivery/SWP2.pdf>.
“Nike Sued for Hacking Costs.” Newswire, 28 March 2001.Nimmer, Raymond T. The Law of Computer Technology. 3rd ed. St. Paul, MN: West
Group, 1997.“911 Lines Tied Up by Hacker – In Sweden.” Orlando Sentinel, 8 March 1997.1998 Global Software Piracy Report. International Planning and Research Corpo-
ration for the Business Software Alliance, May 1999.“1998 OECD Convention: An Impetus for Worldwide Changes in Attitudes To-
ward Corruption in Business Transactions.” American Business Law Journal,vol. 37 (2000).
No Electronic Theft (Net) Act, Pub. L. No. 105–147, 1997 U.S.C.C.A.N.(111 Stat. 2678). United States Code Congressional and AdministrativeNews, 105th Congress, First Session, 1997, vol. 2. St. Paul: West Group,1998.
No. 02-20145-JW, indictment issued (N.D. Cal. Dec. 4, 2002). [Indictmentby Ross W. Nadel (Assistant U.S. Attorney) against Fei Ye and MingZhong in USA v. Ye(before Judge James Ware); USDOJ press releaseathttp://www.cybercrime.gov/yeIndict.htm]
Nobel, Johan J. Ingles-le. “Cyberterrorism Hype.” Jane’s Intelligence Review, 1December 1999.
“North American Free Trade Agreement (NAFTA).” International Legal Materials,vol. 32 (17 December 1992).
Norton-Taylor, Richard. “Spooky Business.” Guardian (Manchester, GB),26 March 1997.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 245
“Note, Trade Secrets in Discovery: From First Amendment Disclosure to FifthAmendment Protection.” Harvard Law Review, vol. 104 (1991).
Novell, Inc. v. Weird Stuff, Inc., No. C92-20467 JW/EAI, 1993 U.S. Dist. Lexis 6674,at 5 (N.D. Cal. May 14, 1993).
Nyberg, Alix. “The Spy Who Bugged Me.” CFO, The Magazine for Senior FinancialExecutives, vol. 16 (1 September 2000).
Organization for Economic Co-operation and Development (OECD). “AboutOECD.” Accessed 3 July 2003. Available at: <http://www.oecd.org/EN/home/0,,EN-home-0-nodirectorate-no-no-no-0,FF.html>.
Computer Related Crime: Analysis of Legal Policy. Washington, DC: OECD, 1986.Office of the National Counterintelligence Executive. “Counterintelligence
Executive Notes 13–96.” Accessed 4 July 2003. Available at: <http://www.nacic.gov>.
O’Harrow, Robert, Jr. “Hacker Accesses Patient Records; Thousands of FilesEasily Downloaded.” Washington Post, 9 December 2000.
O’Hearn, Timothy, and Stephen Sozio. “Tech Secrets Can Be Troublesome, Eco-nomic Espionage Act of 1996.” Communications News, vol. 38 (1 September2001).
Olivenbaum, Joseph M. “Ctrl-Alt-Delete: Rethinking Federal Computer CrimeLegislaton.” Seton Hall Law Review, vol. 27, no. 4 (1997).
O’Reilly, John. “Online Propaganda the Corporate Way.” Accessed 5 July 2003.Available at: <http://www.vnunet.com/analysis/1114674>.
O’Sullivan, Sean. “N.Y. Man Pleads Guilty To Stealing Trade Secrets.” News Jour-nal, 18 October 2002.
Pace, Christopher Rebel J. “The Case for a Federal Trade Secrets Act.” HarvardJournal of Law and Technology, vol. 8 (1995).
Paine, Thomas. “The American Crisis.” In Heritage of American Literature Begin-nings to the Civil War, edited by James E. Miller, Jr. Fort Worth, TX: HarcourtBrace Jovanovich Collage Publisher, 1991.
“Pair from Cupertino and San Jose, California, Indicted for Economic Espi-onage and Theft of Trade Secrets from Silicon Valley Companies,” U.S.Department of Justice press release December 4, 2002.
Palmer, Caroline. “How to Spot Your Office Spy.” Observer (London), 17 October1999.
Pappalardo, Denise. “Avoiding Future Denial-of-Service Attacks.” Network WorldFusion, 23 February 2000.
Paris Convention of Industrial Property. United Nations Treaty Series, vol. 828 (20March 1883) [Paris convention].
Park, W. H. “The International Law of Intelligence Collection.” In National Se-curity Law, edited by John Norton Moore, et al. Durham, NC: CarolinaAcademic Press, 1990.
Parker, D. B. Computer Crime: Criminal Justice Resource Manual. Washington, DC:Department of Justice, National Institute of Justice, 1989.
Parra, Esteban. “The Enemy Is in the Internet.” The News Journal, 16 December2002.
Pasternak, Douglas, and Gordon Witkin. “The Lure of the Steal.” U.S. News andWorld Reports, 4 March 1996.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
246 REFERENCES
Peabody v. Norfolk, 98 Mass. 452, 457 (Mass. 1868).Perritt, Henry H. “Jurisdiction in Cyberspace.” Villanova Law Review, vol. 41
(1996).Perry, Sam. “Economic Espionage and Corporate Responsibility.” CJ Interna-
tional, March/April 1995.Persico, Brian A. “Under Siege: The Jurisdictional and Interagency Problems of
Protecting the National Information Infrastructure.” CommLaw Conspectus,vol. 7 (1999).
Petersen, Melody. “Lawsuits by Rivals Accuse Textile Maker of Corporate Espi-onage.” N.Y. Times, 13 October 1998.
Pethia, Richard. “Cyber Security – Growing Risk from Growing Vulnerability.”Testimony before the House Select Committee on Homeland Security Sub-committee on Cybersecurity, Science, and Research and Development.Hearing on Overview of the Cyber Problem – A Nation Dependent and Dealingwith Risk. 25 June 2003 [Pethia testimony].
Piirto, Rebecca. “Health, Competitive Intelligence; What You Don’t Know WillHurt You.” Marketing Tools, July/August 1996.
Piller, Charles. “Anti-Hacker Fights for Respect, Internet: Federal Agency Cre-ated to Combat the Rise in Cyber-crime Is Viewed with Distrust by Firms ItIs Supposed to Protect.” L.A. Times, 5 March 2000.
Pincus, Walter. “Agencies Debate Value of Being Out in the Cold: Spies Under“Nonofficial Cover” Are Among Most Sensitive Operations.” WashingtonPost, 12 January 1996.
Pitz, Marylynne. “Brothers Charged in Scheme to Sell PPG Trade Secrets; Com-petitor Offered Documents, FBI Says.” Pittsburgh Post-Gazette, 10 December1996.
Pollit, Mark. “Cyberterrorism – Fact or Fancy?” Accessed 15 September2003. Available at: <http://www.cs.georgetown.edu/∼denning/infosec/pollitt.html>.
Pooley, James H. A., et al. “Understanding the Economic Espionage Act of 1996.”Texas Intellectual Property Law Journal, vol. 5 (winter 1997).
Porter, Michael E. Competitive Strategy: Techniques for Analyzing Industries and Com-petitors. New York: Free Press, 1980.
“Portland Woman Faces Jail Term for E-mailing Company Secrets.” AssociatedPress State and Local Wire, 23 July 1999. Available in Lexis-Nexis (Wire ServiceReports).
Posner, Richard A. “An Economic Theory of the Criminal Law.” Columbia LawReview, vol. 85 (1985).
Powell, Daniel P. “An Introduction to the Law of Trade Secrets.” Colorado Lawyer,vol. 23 (1994).
Prentice, Robert A. “The Future of Corporate Disclosure: The Internet, Securi-ties Fraud, and Rule 10b-5.” Emory Law Journal, vol. 47 (1998).
Preston, Candace L. “Out-of-work Spies Find New Niche in Corporate Espi-onage.” Business First-Columbus, 28 November 1997.
“Proprietary Information Theft #1 Threat to Information Systems; Vanguard In-troduces ezRIGHTS, Ground Breaking Technology That Eliminates Risk.”Business Wire, 21 October 2002.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 247
Ramo, Joshua Cooper. “A Survivor’s Tale.” Time, 29 December 1997.Rathmell, Andrew. “Assessing the IW Threat from Sub-state Groups.” In Cyberwar
2.0: Myths, Mysteries and Reality, edited by Alan D. Campen and Douglas H.Dearth. Fairax, Virginia: AFCEA International Press, 1998.
“Relevant Intelligence in the Post-Cold War World.” Accessed 10 September1998, Available at: <http://www.venable.com/govern/fulltest.htm>.
Reno, Janet. Attorney General of the United States. Before the UnitedStates Senate Committee on Appropriations Subcommittee on Departments ofCommerce, Justice, State, the Judiciary, and Related Agencies, Cybercrime. Ac-cessed 4 July 2003. Available at <http://www.usdoj.gov/archive/ag/testimony/2000/reno21600.htm> [Reno statement].
Keynote address at the Meeting of the P8 Senior Experts’ Group onTransnational Organized Crime (Chantilly, VA). 21 January 1997. Ac-cessed 20 July 2003. Available at: <http://www.usdoj.gov/criminal/cybercrime/agfranc.htm> [Reno keynote address].
“The Threat of Digital Theft: Intellectual Property Theft Is Faster, Costlier,and More Dangerous Than Ever.” Accessed 21 November 2001. Availableat: <http://www.cybercrime.gov/Agdigitaltheft.htm>.
“Reno Opposes Eased Export Control.” Associated Press, 13 July 1999. Availableat 1999 WL 17823820.
Restatements of Torts, sec. 757 (1939): Chapter 36, § 757: “Liability for Disclo-sure or Use of Another’s Trade Secret – General Principle.” In Restatementof the Law of Torts: As Adopted and Promulgated by the American Law In-stitute at Washington, D.C., May 11, 1934. St. Paul: American Law InstitutePublishers, 1934–1939.
Restatement (First) of Torts, sec. 757 (1939). Chapter 36, § 757: “Liability forDisclosure or Use of Another’s Trade Secret – General Principle.” In Restate-ment of the Law of Torts: As Adopted and Promulgated by the AmericanLaw Institute at Washington, D.C., May 11, 1934. St. Paul: American LawInstitute Publishers, 1934–1939.
Restatement of Torts, sec. 757 cmt. b (1939). “Liability for Disclosure or Use ofAnother’s Trade Secret – General Principle,” in Chapter 36: MiscellaneousTrade Practices, Restatement of the Law of Torts: As Adopted and Promul-gated by the American Law Institute at Washington, D.C., May 11, 1934. St.Paul: American Law Institute Publishers, 1934–1939.
Restatement (Third) of Unfair Competition, sec. 39, comment a (1995). Sec-tion 39: “Definition of Trade Secret,” comment a. In Restatement (Third)of the Law, Unfair Competition: As Adopted by the American Law Insti-tute at Washington, D.C., May 11, 1993. St. Paul: American Law InstitutePublishers, 1995.
Restatement (Third) of Unfair Competition sec. 39 (1995). “Definition of TradeSecret” Restatement (Third) of the Law, Unfair Competition: As Adoptedby the American Law Institute at Washington, D.C., May 11, 1993. St. Paul:American Law Institute Publishers, 1995.
Restatement of Torts, sec. 757 (1939). “Liability for Disclosure or Use ofAnother’s Trade Secret – General Principle,” in Chapter 36: Miscella-neous Trade Practices, Restatement of the Law of Torts: As Adopted and
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
248 REFERENCES
Promulgated by the American Law Institute at Washington, D.C., May 11,1934. St. Paul: American Law Institute Publishers, 1934–1939.
“Revictimization of Companies by the Stock Market Who Report Trade Se-cret Theft Under the Economic Espionage Act, The.” Business Law, vol.57 (November 2001).
“Reviewing Current Issues on Trade Secrets.” New York Law Journal, 1 April 2002.Richelson, Jeffrey. “Examining US Intelligence Failures.” Jane’s Intelligence Re-
view, vol. 12 (1 September 2000).Robbins, Tom. “In the New World of Espionage, Targets Are Economic.” Houston
Chronicle, 11 September 1994.Rockwell Graphics Sys., Inc. v. Dev Indus., Inc., 91 F3d 914, 917 n.3 (7th Cir.
1996).Rodger, Will. “Warrants for Online Data Soar, Demands Served on Internet,
E-mail Providers Up 800%, Study Finds.” USA Today, 28 July 2000.Ros-Lehtinen, Ileana. U.S. Representative. Holding Hearing on Corporate
and Industrial Espionage and Its Effects. House International RelationsCommittee: Subcommittee on International Economic Policy and TradeHolds Hearing on Corporate and Industrial Espionage. FDCH Political Tran-scripts, Committee Hearing, 13 September 2000 [Ros-Lehtinen hearing].
Rosencrance, Linda. “Survey: Retail Fraud More Prevalent for Online Vendors.”ComputerWorld, 24 July 2000.
Rovella, David E. “Preparing for a New Cyberwar: Justice Dept. Seeks Lawyers,Revised Laws to Fight Net Crimes.” National Law Journal, 20 March 2000.
“Trail Nears for Untested Secrets Law.” National Law Journal, 8 March 1999.Rush, Mark A., Mark D. Feczko, and Thomas D. Manganello. “Protecting Trade
Secrets from Dumpster Divers and Other Snoops: The Law Protects ThoseThat Protect Themselves.” Mealey’s Litigation Report: Trademarks, vol. 8, no.12 (7 August 2000).
“Russians Arrest 6 in Computer Thefts.” N.Y. Times, 27 September 1995.Ryan, Michael P. Knowledge Diplomacy, Global Competition and the Politics of Intellec-
tual Property. Washington, DC: Brookings Institution Press, 1998.Ryberg, William. “New Washers Put Town on Spy Alert.” Chicago Sun-Times, 2
January 1997.Samuels, Linda B., and Brian K. Johnson. “The Uniform Trade Secrets Act: The
States’ Response.” Creighton Law Review, vol. 24 (1990).Sanger, David E., and Tim Weiner. “CIA Targets Allies But Still Misses.” Sacra-
mento Bee, 22 October 1995.Savage, Joseph R. Jr., and Lauren A. Stagnone. “Plot to Steal Trade Secrets
Alleged.” Record (Bergen County, NJ), 29 July 1998 [1998a].“You Can’t Hide Your Spying Eyes: EEA Issues Emerge.” Business Crimes Bulletin,
December 1998. Available in Lexis-Nexis (Legal News) [1998b].Schleslinger, James. Testimony before the Senate Select Committee on Intelli-
gence. International Terrorism: Hearing Before the Senate Select Comm. on Intelli-gence. 104th Cong., 2d sess. (1 August 1996) [Schleslinger testimony].
Schmetzer, Uli. “Optimism on Trade Accords; Agreements Could Open Mar-ket to U.S. Goods, Advance Human Rights.” Chicago Tribune, 14 March1995.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 249
Schneier, Bruce. Testimony before the House Select Committee on HomelandSecurity Subcommittee on Cybersecurity, Science, and Research and De-velopment. Hearing on Overview of the Cyber Problem – A Nation Dependent andDealing with Risk. 25 June 2003 [Schneier testimony].
Schuldt, Gretchen. “Man Charged with Selling Trade Secrets.” Milwaukee JournalSentinel, 9 September 1999.
Schwartau, Winn. Information Warfare: Chaos in the Electronic Superhighway. NewYork: Thunder’s Mouth Press, 1994.
Schweizer, Peter. Friendly Spies: How American Allies Are using Economic Espionageto Steal Our Secrets. New York: Atlantic Monthly Press, 1993.
“Hello, Cruel World: How to Succeed in Business.” News & Observer (Raleigh),9 March 1997 [1997a].
“New Spy Law Could Cramp Economy. USA Today, 20 November 1997 [1997b].“The Growth of Economic Espionage: America Is Target Number One.” For-
eign Affairs (January/February 1996).Science and Technology in U.S. International Affairs. Report of the Carnegie Com-
mission on Science, Technology, and Government, January 1992.Sciglimpaglia, Robert J., Jr. “Comment, Computer Hacking: A Global Offense.”
Pace Yearbook of International Law, vol. 3, no. 265 (1991).SecureWorks website. Accessed July 2003. Available at: <www.secureworks.
com>.See USC, title 18, sec. 2703 (1994 & Supp. 1997). Section Name: “Require-
ments for governmental access” Title 18: “Crimes and Criminal Procedure,”United States Code: Containing the General and Permanent Laws of theUnited States, in Force on January 4, 1995. 1994 ed., Washington: Govern-ment Printing Office, 1995–2000.
Seidel, Arthur H. What The General Practitioner Should Know About Trade Secrets andEmployment Agreements. Philadelphia: ALI-ABA, 1984.
Seita, Alex Y. “Globalization and the Convergence of Values.” Cornell InternationalLaw Journal, vol. 30 (1997).
Seki, Hoken S., and Peter J. Toren. “EEA Violations Could Trigger CriminalSanctions, Stiff Penalties are Intended to Deter Economic Espionage byForeign Companies in the U.S.” National Law Journal, 25 August 1997.
Seltzer, Mark D., and Angela A. Burns. “The Criminal Consequences of TradeSecret Misappropriation: Does the Economic Espionage Act Insulate YourCompany’s Trade Secrets from Theft and Render Civil Remedies Obsolete?”Software Law Bulletin, February 1999. Available in Lexis-Nexis (Legal News).
Sen, Sankar. “Cyber Crimes: Police Should Be Properly Equipped.” Statesman(India), 10 September 2000.
Senate, S12213, 104th Cong., 2d sess., Cong. Rec. (2 October 1996), 142.Congressional Record. “Economic Espionage Act of 1996. AccessedJuly 2003. Available at: <http://thomas.loc.gov/cgi-bin/query/F?r104:1:./temp/∼r104z29Vk0:e126131>.
Senate, S12207-08, 104th Cong., 2d sess., Cong. Rec. (2 October 1996),142. Congressional Record. “Economic Espionage Act of 1996.” AccessedJuly 2003. Available at: <http://thomas.loc.gov/cgi-bin/query/R?r104:FLD001:S62208-S62210>.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
250 REFERENCES
Senate, S12213, 104th Cong., 2d sess., Cong. Rec. (2 October 1996), 142. Con-gressional Record. “Economic Espionage Act of 1996.” Accessed July 2003.Available at: <http://thomas.loc.gov/cgi-bin/query/F?r104:1:./temp/∼r104z29Vk0:e126131>.
Senate, S12213, 104th Cong., 2d sess., Cong. Rec. (2 October 1996), 142.“Economic Espionage Act of 1996.” Congressional Record, availableat http://thomas.loc.gov/cgi-bin/query/F?r104:1:./temp/∼r104z29Vk0:e126131: (last visited ˙July 2003).
Sennott, Charles M. “Business of Spying.” Star Tribune (Minneapolis-St. Paul),4 February 1997. Available in Dow-Jones News (Publications Library).[1997a]
“Shadowy World of Spying.” Rocky Mountain News (Denver), 2 February 1997.[1997b]
Seper, Jerry. “4 Arrested in Denmark for Computer Hacker Scheme.” WashingtonTimes, 16 December 1993.
Sepura, Karen. “Economic Espionage: The Front Line of a New World EconomicWar.” Syracuse Journal of International Law and Commerce, vol. 26 (Fall 1998).
Shackelford, Steve. “Note, Computer-Related Crime: An International Problemin Need of an International Solution.” Texas International Law Journal, vol.27 (1992).
Shapiro, Howard M. “The FBI in the 21st Century.” Cornell International LawJournal, vol. 28 (1995).
“Shedding the Trench Coat; Despite a Cloak-and-Dagger Image, ‘CompetitiveIntelligence’ Operations are Winning Rave Reviews at Many TechnologyCompanies.” Electronic Business, 1 September 2001.
Sherr, James. “Cultures of Spying.” National Interest (winter 1994/1995).“Shift in Espionage Trends” Annual Report to Congress on Foreign Eco-
nomic Collection and Industrial Espionage 2001, prepared by theOffice of the National Counterintelligence Executive, available athttp://www.ncix.gov/docs/fecie˙fy01.pdf
Shipley, Greg. “Anatomy of a Network Intrusion.” Network Computing, 18 Oc-tober 1999. Accessed 2002. Available at: <http://www.networkcomputing.com/1021/1021ws1.html>.
Shiva, Vandana. Protect or Plunder? Understanding Intellectual property Rights. NewYork: Zed Books, 2001.
Shoichet, Catherine E. “Charges of Laboratory Theft Vex the Research World.”The Chronicle of Higher Education, 18 October 2002.
Sieber, Ulrich. “Computer Crimes and Other Crimes Against InformationTechnology: Commentary and Preparatory Questions for the Colloquiumof the Association Internationale de Droit Penal in Wuerzburg.” Revue In-ternationale De Droit Penal, vol. 64 (1993).
The International Handbook on Computer Crime: Computer-Related Economic Crimeand the Infringements of Privacy. New York: Wiley, 1986.
Silva, Jeffrey. “Legislative Relief Sought For Corporate Espionage Cases; High-Tech Companies Must Step Up Defenses.” Radio Comm. Report, 25 Septem-ber 2000.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 251
Simensky, Melvin, et al. Intellectual Property in the Global Marketplace. 2nd ed. Hobo-ken, NJ: Wiley, 1999.
Simmonsen, Derek. “Con Artists Take Scams Online; Computer FraudHeadache For Law Enforcement.” Stuart News/Port St. Lucie News, 16 De-cember 2002.
Simon, Spencer. “The Economic Espionage Act of 1996.” Berkeley Technology LawJournal, vol. 13 (1998).
Siri, Liraz. “The Internet Auditing Project.” Accessed 15 September 2003. Avail-able at: <http://www.viacorp.com/auditing.html>.
Slind-Flor, Victoria. “New Spy Act to Boost White-Collar Defense Biz.” NationalLaw Journal, 28 July 1997.
Sohmen, Helmut. “Critical Importance of Controlling Corruption.” InternationalLawyer, vol. 33 (1999).
Solomon, Joel S. “Forming a More Secure Union: The Growing Problem of Or-ganized Crime in Europe as a Challenge to National Sovereignty.” DickinsonJournal of International Law, vol. 13 (1995).
Soma, John T., et al. “Computer Crime: Substantive Statutes & Technical & LegalSearch Considerations.” Air Force Law Review, vol. 39 (1996).
“Transnational Extradition for Computer Crimes: Are New Treaties and LawsNeeded?” Harvard Journal on Legislation, vol. 34 (1997).
Specter, Arlen. Statement. See Cooper . . . Economic Espionage: Joint . . . (1996)[Specter statement].
Specter, Arlen. Senator [PA]. “Economic Espionage Act of 1996.” CongressionalRecord. Accessed October 2003. Available at: <http://thomas.loc.gov/cgi-bin/query/R?r104:FLD001:S62207,S62208>.
“Spies Step Up Attacks on U.S. Firms.” Irish Times, 16 January 1998.Staniford, Stuart, Vern Paxson and Nicholas Weaver. “How to Own the Inter-
net in Your Spare Time.” Accessed 2002. Available at: <http://www.cs.berkeley.edu/∼nweaver/cdc.web/cdc.pdf>.
Stanton, John. “Industrial Espionage Becoming ‘Big Business’.” National Defense,vol. 86 (1 July 2001).
Starkman, Dean. “Russian Hacker Enters Fraud Plea in Citicorp Case.” Wall St.J., 26 January 1998.
“Secrets and Lies: The Dual Career of a Corporate Spy.” Wall St. J., 23 October1997.
Steele, Robert David. “Private Enterprise Intelligence.” In Intelligence Analysisand Assessment, edited by David A. Charter, et al. London: Frank Cass & Co.,Ltd., 1996.
Steiker, Carol S. “Punishment and Procedure: Punishment Theory and theCriminal-Civil Procedural Divide.” Georgetown Law Journal, vol. 85 (1997).
Still, Torri. “A Lesson for the Valley: Thou Shalt Not Steal.” Recorder (California),7 October 1999.
Stoll, Cliff. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage.Edinburgh, Ireland: Pocket Books, 1989.
Stone, Brad. “Diving into Bill’s Trash.” Newsweek, 10 July 2000.“The Spy Who Scrubbed Me.” Newsweek, 24 February 1997.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
252 REFERENCES
Stone, Katherine V. W. “Knowledge at Work: Disputes Over the Ownership ofHuman Capital in the Changing Workplace.” Connecticut Law Review, vol.34 (2002).
“Superseding Indictment Adds Charges in Lucent Trade Secret Theft Case,Criminal Action.” E-Business Law Bulletin, vol. 3 ( June 2002).
Swartz, Jon. “Modern Thieves Prefer Computers to Guns Online Crime IsSeldom Reported, Hard to Detect.” San Francisco Chronicle, 25 March1997.
Tenet, George J. Director of Central Intelligence. Statement before Senate Se-lect Committee on Intelligence. “The Worldwide Threat in 2000: GlobalRealities of Our National Security.” 2 February 2000. See “Speeches andTestimony.” Accessed 2002. Available at: <http://www.cia.gov/>.
Testimony before the Senate Committee on Government Affairs, 24 June1998. Accessed 20 July 2003. Available at: <http://www.fas.org/irp/congress/1998 hr/980624-dci testimony. htm> [Tenet testimony].
“Theft of Trade Secrets May Bring Automatic Jail Time – California, In TheCourts.” Cyberspace Lawyer, vol. 7 ( July/August 2002).
Tillett, L. Scott. “DOJ, IT Industry Team to Fight Cybercrime.” Accessed 4July 2003. Available at: <http://www.cnn.com/TECH/computing/9903/23/crimefighters.idg/index.html>.
Toffler, Alvin. Powershift: Knowledge, Wealth and Violence at the Edge of the 21st Cen-tury. New York: Bantam Books, 1990.
Toffler, Alvin, and Heidi Toffler. The Third Wave. New York: Bantam Books, 1980.War and Anti-War. East-Maitland, Australia: Warner Books, 1993.
Toren, Peter J.G. “Internet: A Safe Haven for Anonymous Information Thieves?”St. John’s Journal of Legal Commentary, vol. 11 (1996).
Intellectual Property and Computer Crimes. New York, NY: Law Journal Press, 2003.“The Prosecution of Trade Secret Thefts Under Federal Law.” Pepperdine Law
Review, vol. 22, no. 3 (1994).“Trade in Secrets, The.” Bulletin, 29 June 1994.“Treaty Establishing the European Economic Community.” United Nations Treaty
Series, vol. 11 (25 March 1957).Tucker, Darren S. “The Federal Government’s War on Economic Espionage.”
University of Pennsylvania Journal of International Economic Law, vol. 18 (1997).Tucker, Robert L. “Industrial Espionage as Unfair Competition.” University of
Toledo. Law Review, vol. 29 (1998).“2 Charged with Trying to Steal Intel Trade Secrets.” Fort Worth Star-Telegram, 4
June 1998.Tyler, Christian. “The Enemy Within.” Financial Times (London), 12 April 1997.Uniform Trade Secrets Act. Uniform Laws Annotated, Title 14, sec. 433–467
(1990 & Supp. 2001).United Nations Association of the U.S.A. Science and Technology in an Era of Inter-
dependence. New York, NY: UNA-USA, 1975.United Nations General Assembly Press Release GA/DIS/3106, 9 October 1998.“United Nations Manual on Prevention and Control of Computer-Related
Crime.” International Review of Criminal Policy, vol. 24, nos. 43 and
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 253
44. Available at: http://www.uncjin.org/Documents/EighthCongress.html(accessed July 2003).
United States Code (USC), title 18, sec. 2710 (2000) Wrongful Disclosure ofVideo Tape Rental or Sales Records. U.S. Code 18 (2000) § 2710.
United States v. Morris, 928 F.2d 504 (2d Cir. 1991), cert. denied 502 U.S. 817(1991).
United Nations Treaty Series 993. 16 December 1966.United States Code (USC) (1994–2000).United States Code Annotated (USCA) (1991–1999).United States Code Service (USCS) (2000).United States Intelligence Community. Accessed 3 July 2003. Available at:
<http://www.intelligence.gov/>.United States International Trade Commission. Foreign Protection of Intellectual
Property Rights and the Effect on U.S. Industries and Trade, no. 2065, 1988.United States v. Hanco*ck, Crim. No. CR88-319A (N.D. Ga. 1988).“University of Chicago Student Charged in Enabling Theft of TV Signals.”
Chicago Sun-Times, 4 January 2003.University of Lethbridge (Alberta, Canada), Faculty of Management. Manage-
ment Matters, 1 February 1997. Available in WL 7489166.USA Patriot Act. Public Law No. 107-56. Congress. House Report 3162, 26 Oc-
tober 2001.U.S. Congress. House of Representatives. 104th Cong., H.R. 788. Washington, DC:
GPO, 1996.House of Representatives. 105th Cong., H.R. 2265. Washington, DC: GPO, 1997.Senate. 104th Cong., S.R. 359, Washington, DC: GPO, 1996.Senate. 105th Cong., S.R. 190, Washington, DC: GPO, 1998.House Permanent Select Committee on Intelligence. Staff Study. IC21: In-
telligence Community in the 21st Century. Washington, D.C.: GPO, 1996. Ac-cessed 2002. Available at: <http://www.access.gpo.gov/congress/house/intel/ic21/ic21 toc.html>.
United Nations General Assembly, G.A. Res. 1236, U.N. GAOR, 12thSess., Supp. No.18 (1957), at http://ods-dds-ny.un.org/doc/ RESOLU-TION/GEN/NR0/120/19/IMG/NR012019.pdf?OpenElement (last vis-ited July 2003).
United Nations General Assembly, G.A. Res. 2131, U.N. GAOR, 20th Sess.,Supp. No.14 (1965), at http://ods-dds-ny.un.org/doc/RESOLUTION/GEN/NR0/218/94/IMG/NR021894.pdf?OpenElement (last visited July2003).
United States v. Hsu, 155 F.3d 189 (3d Cir. 1998).United States v. Pin Yen Yang, Criminal No. 1:97MG0109 (N.D.Ohio 1997).United States v. Yang, No. 1:97 CR 288, 1999 WL 1051714 (N.D. Ohio, Nov. 17,
1999)United States v. Worthington, Criminal No. 97–9 (W.D. Pa. 1996).USC, title 17, sec. 506 (1994). Criminal Offenses. U.S. Code 17 (1994) § 506.
USC, title 17, sec. 506 (1994). Section Name: “Criminal offenses,” Title 17:Copyrights, United States Code: Containing the General and Permanent
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
254 REFERENCES
Laws of the United States, in Force on January 4, 1995. 1994 ed., Washing-ton: Government Printing Office, 1995–2000.
USC, title 17, sec. 906(a) (Supp. 1998). There was no changes to the 1998 Sup-plement. “Limitation on exclusive rights: reverse engineering; first sale”(Name of Section 906), Title 17: Copyrights, United States Code: Contain-ing the General and Permanent Laws of the United States, in Force onJanuary 4, 1995. 1994 ed., Washington: Government Printing Office, 1995–2000.
USC, title 18, sec. 3123 (1994). “Issuance of an order for a pen register or a trapand trace device” Title 18: “Crimes and Criminal Procedure,” United StatesCode: Containing the General and Permanent Laws of the United States,in Force on January 4, 1995. 1994 ed., Washington: Government PrintingOffice, 1995–2000.
USC, title 18, sec. 1030 (2000). 18 U.S.C. § 1030 (2000) “Fraud and relatedactivity in connection with computers.” Title 18: “Crimes and Criminal Pro-cedure” United States Code: Containing the General and Permanent Lawsof the United States, in Force on January 2, 2001. Washington: Govern-ment Printing Office, 2001-. [Note: This section was modified by PublicLaws 107–273 and 107–296 in 2002]
USC, title 18, sec. 1030 (2000). Fraud and Related Activity in Connection withComputers. U.S. Code 18 (2000) § 1030(a). Title 18: “Crimes and CriminalProcedure” United States Code: Containing the General and PermanentLaws of the United States, in Force on January 2, 2001. Washington: Gov-ernment Printing Office, 2001-. [Note: Section 1030 was modified by PublicLaws 107–273 and 107–296 in 2002.]
USC, title 18, sec. 1030 (2000). Fraud and Related Activity in Connection withComputers. U.S. Code 18 (2000) § 1030(a)(5)(A). Title 18: “Crimes andCriminal Procedure” United States Code: Containing the General and Per-manent Laws of the United States, in Force on January 2, 2001. Washington:Government Printing Office, 2001-. [Note: Section 1030 was modified byPublic Laws 107–273 and 107–296 in 2002.]
USC, title 18, sec. 1030(g) (2000). Fraud and Related Activity in Connectionwith Computers. U.S. Code 18 (2000) § 1030(g). Title 18: “Crimes andCriminal Procedure” United States Code: Containing the General and Per-manent Laws of the United States, in Force on January 2, 2001. Washington:Government Printing Office, 2001-. [Note: Section 1030 was modified byPublic Laws 107–273 and 107–296 in 2002.]
USCA, title 18, sec. 1832(a) (2000). [Section Name: ”Theft of trade secrets” Title18: “Crimes and Criminal Procedure,” United States Code: Containing theGeneral and Permanent Laws of the United States, in Force on January 2,2001. 2000 ed., Washington: Government Printing Office, 2001-.
USC, title 18, sec. 1837(1) (2000). Section Name: “Applicability to conduct out-side the United States” Title 18: “Crimes and Criminal Procedure,” UnitedStates Code: Containing the General and Permanent Laws of the UnitedStates, in Force on January 2, 2001. 2000 ed., Washington: GovernmentPrinting Office, 2001.”
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 255
USC, title 18, sec. 1839(3)(B) (Supp. V 1999). “Definition of ‘trade secret’” Ti-tle 18: Crimes and Criminal Procedure, United States Code: Containingthe General and Permanent Laws of the United States, in Force on Jan-uary 4, 1995. 1994 ed., Washington: Government Printing Office, 1995–2000.
USC, title title 18, sec. 1905 (1994 & Supp. IV 1998). “Disclosure of confidentialinformation generally,” Title 17: “Crimes and Criminal Procedure,” UnitedStates Code: Containing the General and Permanent Laws of the UnitedStates, in Force on January 4, 1995. 1994 ed., Washington: GovernmentPrinting Office, 1995”2000.
USCA, title 18, sec. 2319(b)(1) (West Supp. 1998). “Criminal infringement of acopyright” Title 18: “Crimes and Criminal Procedure” United States CodeAnnotated, 1994 ed., St. Paul: West Group, 1927-.
USC, title 35, secs. 100–105 (Supp. 1998), outlining the requirements for patent-ing an “invention.” Sections 100–105 are in Chapter 10: “Patentability ofInventions,” within Title 35: Patents United States Code: Containing theGeneral and Permanent Laws of the United States, in Force on January 4,1995. 1994 ed., Washington: Government Printing Office, 1995–2000.
USC, title 35, sec. 102 (1994), detailing the “novelty” requirement for patentabil-ity. Section 102: “Conditions for patentability; novelty and loss of right topatent” Title 35: Patents United States Code: Containing the General andPermanent Laws of the United States, in Force on January 4, 1995. 1994ed., Washington: Government Printing Office, 1995–2000.
USC, title 35, sec. 102(b) (Supp. 1998), denying patentability if an inventionis patented, described in a printed publication, publicly use, or placed onsale more than one year prior to the date of the application. Section 102:“Conditions for patentability; novelty and loss of right to patent” Title 35:Patents United States Code: Containing the General and Permanent Lawsof the United States, in Force on January 4, 1995. 1994 ed., Washington:Government Printing Office, 1995–2000.
USC, title 35, sec. 103 (Supp. 1998), detailing the “non-obvious subject matter”requirement for patentability. Section 103: “Conditions for patentability;non-obvious subject matter” Title 35: Patents United States Code: Contain-ing the General and Permanent Laws of the United States, in Force onJanuary 4, 1995. 1994 ed., Washington: Government Printing Office, 1995–2000.
USC, title 35, sec. 115 (Supp. 1998), requiring the inventor to submit an oathstating that he believes himself to be the first inventor. Section 115: “Oathof applicant” Title 35: Patents United States Code: Containing the Generaland Permanent Laws of the United States, in Force on January 4, 1995.1994 ed., Washington: Government Printing Office, 1995–2000.
USC, title 35, sec. 284 (1998), providing for damages not less than a reason-able royalty, including interest and costs. Section 284: “Damages” Title 35:Patents United States Code: Containing the General and Permanent Lawsof the United States, in Force on January 4, 1995. 1994 ed., Washington:Government Printing Office, 1995–2000.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
256 REFERENCES
18 U.S.C. § 1837(2). “Applicability to conduct outside the United States” Title18: “Crimes and Criminal Procedure,” United States Code: Containing theGeneral and Permanent Laws of the United States, in Force on January 2,2001. 2000 ed., Washington: Government Printing Office, 2001.
U.S. Department of Justice. “Computer Crime and Intellectual Property Sec-tion (CCIPS)” Accessed 3 July 2003. Available at: <http://www.usdoj.gov/criminal/cybercrime>.
“Introduction, Computer Crime and Intellectual Property Section.” Ac-cessed 4 July 2003. Available at: <http://www.cybercrime.gov/ipmanual/intro.htm>.
U.S. Department of Justice. Accessed July 2003. Available at: <http://www.usdoj.gov/>.
“U.S. Department of Justice Online.” Accessed 3 July 2003. Available at:<http://www.usdoj.gov/>.U.S. Department of Justice. Press Release. U.S.Attorney, Western Dist. of N.Y., 28 August 1997.
U.S. Department of Justice. Press Release. U.S. Attorney, Western Dist. of N.Y., 28August 1997 [1997a].
Press Release. U.S. Attorney, Western Dist. of N.Y., 13 November 1997 [1997b].“The National Information Infrastructure Protection Act of 1996 Legisla-
tive Analysis,” The Computer Crime & Intellectual Property Section.Accessed 4 July 2003. Available at: <http://www.usdoj.gov/criminal/cybercrime/1030 anal.html>.
U.S. Department of State Overseas Security Advisory Council. Guidelinesfor Protecting U.S. Business Information Overseas. Washington, D.C.: GPO,1992.
U.S. Department of Justice. Computer Crime and Intellectual Property Sec-tion (CCIPS). “What Does CCIPS Do?” Accessed July 2003. Available at:<http://www.usdoj.gov/criminal/cybercrime/ccips.html>.
Use of Electronic Media for Delivery Purposes. U.S. Securities and Exchange Com-mission, Docket 1091, File No. S7-31-95, no. 22 (6 October 1995).
U.S. General Accounting Office. “Economic Espionage: Information on Threatfrom U.S. Allies.” GAO/T-NSIAD-96-1141, 28 February 1996.
“U.S. Losing High-Tech Secrets to ‘Student’ Spies: FBI.” Straits Times (Singa-pore), 8 April 1997.
USSID (United States Signals Intelligence Directive)18. “Procedures forNSA collection of data on US persons.” Accessed 2002. Available at:<http://www.gwu.edu/∼nsarchiv/NSAEBB/NSAEBB23/07-01.htm>.
U.S. Statutes at Large, vol. 35 (1909). Act of 4 March 1909.vol. 98 (1984). Counterfeit Access Device and Computer Fraud and Abuse Act of 1984.vol. 105 (1991). Intelligence Authorization Act of Fiscal Year 1991.vol. 110 (1996). Economic Espionage Act of 1996.vol. 96 (1982). Public Law No. 97-180.vol. 105 (1992). Public Law No. 102-561.vol. 108 (1994). Public Law No. 103-325.vol. 110 (1996). Public Law No. 104-253.
Vaknin, Sam. “Analysis: The Industrious Spies – II.” United Press International,Financial News, 14 May 2002 [2002a].
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 257
“Analysis: The Industrious Spies – III.” United Press International, Financial News,15 May 2002 [2002b].
Veltrop, James. “Trade Secret Misappropriation a Federal Crime.” IntellectualProperty Today, June 1997.
Vickery v. Welch, 36 Mass. (1 Pick.) 523, 526 (1837).Venzke, Ben N. “Economic/Industrial Espionage.” Accessed 3 July 2003. Avail-
able at: <http://www.computercrimeconsultants.com/news1.htm>.“Veridian Targeted by Spy?” Intelligence Online, no. 441, 5 December 2002.Vise, David A., and Daniel Eggen. “FBI Warns of Cyber-Attack Threat: U.S.
‘Very Concerned’ About Vulnerability of Infrastructure.” Washington Post,21 March 2001.
Vistica, Gregory. “Inside the Secret Cyberwar: Facing Unseen Enemies, the FedsTry to Stay a Step Ahead.” Newsweek, 21 February 2000.
Vrana, Deborah. “University of Chicago Student Arrested for Document Piracy.”Chicago Tribune, 3 January 2003.
Waguespack, Michael J. Director of the NACIC. Letter. Accessed 13 January 1997.Available at: <http://www.nacic.gov/dirlett.htm> [Waguespack letter].
Walker, Nigel. Punishment, Danger and Stigma: The Morality of Criminal Justice.Oxford: Basil Blackwell, 1980.
Wall, David. Crime and the Internet: Cybercrimes and Cyberfears. London; New York:Routledge, 2001.
Cyberlaw. Harlow: Longman, 2000.Cyberspace crime. Aldershot, Hants, England; Burlington, VT: Ashgate, 2003.
Waller, Douglas. “Spying: ‘Halt! Friend or Foe?’” Time, 6 March 1995.Waller, Spencer W., and Noel J. Byrne. “Changing View of Intellectual
Property and Competition Law in the European Community and theUnited States of America.” Brooklyn Journal of International Law, vol. 20(1993).
Warner, William T. “Economic Espionage: A Bad Idea.” National Law Journal, 12April 1993.
Waterschoot, Paul. “Overview of Recent Developments in Intellectual Prop-erty in the European Union.” In International Intellectual Property Law andPolicy, vol. 4, edited by Hugh C. Hansen. Yonkers, NY: Juris Publishing,2000.
Watson, Bruce W. United States Intelligence: An Encyclopedia. New York: Garland,1990.
Weisner, Don, and Anita Cava. “Stealing Trade Secrets Ethically.” Maryland LawReview, vol. 47 (1988).
Welch, Lee Ann. Herald-Dispatch (West Virginia), 14 August 2002.Welsh, Robert C., et al. Protecting Confidential Business Information in the Digital
Age. New York: Practicing Law Institute, 2001.“What Purchasing Managers Should Know About Trade Secrets.” Purchasing Law
Report, December 2001.Wheeler, Scott L. “PRC Espionage Leads to ‘Terf’ War.” Insight on the News Mag-
azine, 29 October 2002.Wilke, Clifford A. “Protecting Internet Addresses of National Banks.” Comptroller
of the Currency, Alert 2000–9, 19 July 2000.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
258 REFERENCES
Wine, Michael. “Cyberspace – A New Medium for Communication, Commandand Control by Extremists.” April 1999. Accessed 15 September 2003. Avail-able at: <http://www.ict.org.il/articles/cyberspace.htm>.
Wingfield, Nick. “A Stolen Laptop Can Be Trouble if Owner is CEO.” Wall St. J.,19 September 2000.
Winkler, Ira. Corporate Espionage. New York: Prima Publishing, 1997.Winter, Christine. “Security, Inside Out; Firm’s Product Protects Networks From
Disgruntled Employees.” Sun-Sentinel (Florida), 27 August 2002.Winton, Ben. “Intel Theft a Frame-Up?” Arizona Republic, 25 September 1995.WIPO. “Member States.” Accessed 3 July 2003. Available at: <http://www.
wipo.org/members/index.html>.Wiretap Reports. Accessed 2002. Available at: <http://www.uscourts.gov/
wiretap.html>.“Woman Pleads Guilty.” Houston Chronicle, 31 July 1998. Available in Dow-Jones
News (Publications Library).Woodward, John D. Jr. Superbowl Surveillance: Living Up to Biometrics. Santa
Monica, CA: RAND, 2001.Woolsey, James R. “Former CIA Director Woolsey Delivers Remarks at For-
eign Press Center.” 7 March 2000. Accessed 3 July 2003. Available at:<http://cryptome.org/echelon-cia.htm>.
“World Forum Designed to Combat International Crime, Corruption.” TheMetropolitan Corporate Counsel (Mountainside, NJ), May 2000.
World Information Technology and Services Alliance (WITSA). “Digital Planet2000: The Global Information Economy. Accessed 3 July 2003. Available at:<http://www.WITSA.org/DP2000sum.pdf>.
World Intellectual Property Organization. “About Intellectual Property.” Ac-cessed 28 February 2003. Available at: <http://www.wipo.org/about-ip/en/>.
Worldwide Threat Assessment Brief to the Senate Select Committee on In-telligence. Accessed 1 July 2003. Available at: <http://www.fas.org/irp/congress/1996 hr/s960222p.htm>.
“Worming Out the Truth.” Economist, 4 November 2000.Wray, Stefan. “On Electronic Civil Disobedience.” Peace Review, vol. 11 (1999).Wright, Steve. “An Appraisal of Technologies of Political Control.” Work-
ing document. European Parliament, Scientific and Technological Op-tions Assessment (STOA). Accessed 9 September 2003. Available at:<http://cryptome.org/stoa-atpc.htm>.
Yates, Ronald E. “Cold War: Part II, Foreign Intelligence Agencies Have NewTargets – U.S. Companies.” Chicago Tribune, 29 August 1993 [Yates 1993a].
“Corporate Cloak-and-Dagger Spying – Either by Rival Businesses or ForeignGovernments – Can Cut Right to the Heart of a Vulnerable Corporation, ButCongress Is Considering Ways to Strike Back.” Chicago Tribune, 1 September1996.
“U.S. Intelligence Retools to Fight New Brand of Espionage.” Chicago Tribune,30 August 1993 [Yates 1993b].
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
REFERENCES 259
Yellen, Dwight, and Frank S. Kalamajka. “Reviewing Current Issues on TradeSecrets.” New York Law Journal, 1 April 2002.
Young, Jeffrey. “Spies Like Us.” Forbes, 3 June 1996.Yushkiavitshus, Henrikas. “Law, Civil Society, and National Security: Interna-
tional Dimensions.” In The Information Revolution and National Security: Di-mensions and Directions, edited by S. Schwartzstein. Washington, DC: Centerfor Strategic and International Studies, 1996.
Zuckerman, M.J. “Cracking Down on the Outlaws of Cyberspace.” USA Today, 2July 1996.
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ref CB764-Nasheri-v1 February 17, 2005 11:20
260
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
Index
Acclaim Entertainment, 150acquisitions, 86Acuson Corporation, 161, 162Adirondack Workbooks, 19advanced materials, 9, 93Aeronautics systems, 63aerospace, 9, 14, 17, 20, 36, 73, 91, 93, 131,
153agent recruitment, 81, 88Air Force, 36, 91, 102, 152–154Air France, 16, 17, 82air traffic control, 47Airbus, 24, 86Alameda, 119al-Q’aeda, 37Alzheimer’s disease, 142, 143Amazon.com, 8American Airlines, 8American Cancer Society, 157American Express, 164American Safety Razor Company, 165American Society of Industrial Security
(ASIS), 56Ames, Aldrich “Rick”, 20anonymity, 32, 33, 103, 116Ardita, Julio Cesar, 39, 40Argentina, 39, 40, 43armaments technology, 93Arms Export Control Act, 91Article, 127Article 2 of the U.N. Charter, 177Article 36 of the Rome Treaty, 128Asia, 19, 55, 92Association of University Technology
Managers, 62Atlantis, 107Atomic Age, 173
atomic bomb, 13Australia, 24, 54, 73, 100Avery Dennison Corporation, 71, 141Axis powers, 13
Balladur, French Premier Edouard, 21Beijing, 23, 90, 91, 93, 148, 149Belgium, 8Belgrade, 21, 22Bell Imaging Technology Corporation, 161,
162Belson Imaging Technology Company
Limited, 161, 162Bentham, Jeremy, 6, 7, 181, 182Berlin Wall, 31Bethesda, 120Bharatiya Janata Party, 22Bic, 165bid information, 9biochemical formula, 56biological, 38, 57, 63, 94, 108, 158, 172biotechnology, 9, 17, 93, 129, 132, 178Boeing Company, 24, 86, 152–154Bonaparte, Attorney General Charles, 173Borland International, 66, 119Boston, 9, 142, 144, 156, 158, 164, 165Brain Science Institute, 143Braithwaite, John, 183Branch, Kenneth, 152, 153bribery, 24, 74, 75, 128, 132, 137, 138, 147,
182Bristol-Myers Squibb Company, 146British Petroleum (BP), 64British Tory Members, 22Brookwood Companies, Inc., 159browsing, 111bugged, 83
261
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
262 INDEX
Bureau of Diplomatic Security, 16business counterintelligence, 76business intelligence, 7, 16, 72, 74–77, 80,
131, 150Business Interests, 49Business Week, 75
Cain, John, 75Calix Networks, 163Canada, 8, 24, 42, 127, 140, 163Canadian Security Intelligence Service
(CSIS), 17Cape Canaveral, Florida, 153Carnegie Commission, 31Carnegie Mellon Software Engineering
Institute, 118Cartwright loom, 18Caterpillar, Inc., 167cellular cloning, 50cellular phones, 78, 81cellular telephone industry, 50Central Intelligence Agency (CIA), 15, 16,
19–23, 35, 36, 65, 82, 92, 102Certificates of Compliance, 166Chan, Mylene, 150Chang, Mikahel K., 160Chemical Bank, 120Cheng, Yong-Qing, 148child p*rnography, 32, 47, 118China, 8, 18, 65, 87, 88, 90, 92–94, 144, 145,
148–151, 161Chinese State Ship Building Corporation,
91Chou, Jessica, 146Chrysler, 49Cisco, 148, 155, 156, 163Citadel Security Software, 150Citibank, 10, 39, 52, 103civil law, 25, 133, 134civil remedies, 2, 26, 28, 34, 56, 137, 171,
174, 176, 182Cleveland Clinic Foundation, 142Cleveland, Ohio, 142–144CloudNine Communications, 112Coca-Cola, 69Code Red, 110, 118Cold War, 5, 8, 14, 15, 18–20, 24, 31, 52, 53,
82, 140, 172, 180collection methods, 82, 83commercial databases, 74commercial markets, 86, 87commercial morality, 25, 174commercial motive, 43communications systems, 47communications technologies, 30, 50communism, 14, 19, 31, 92, 181compensatory damages, 122
competitive advantage, 53–55, 62, 69, 72, 77,112, 179
competitive information, 74, 78competitive intelligence (CI), 9, 55, 73–79,
168Competitive Intelligence Review, 75competitive market economy, 10competitive technical intelligence, 75competitor intelligence, 76complex defense technology, 70Computer and Telecommunication Crime
Coordinator, 117computer crime, 33, 35, 42, 44–46, 48, 57,
71, 103–107, 114–117, 122, 123Computer Crime and Intellectual Property
Section (CCIPS), 35, 117, 141Computer Crime and Security Survey, 59Computer Crime Unit, 117Computer Emergency and Response Team
Coordination Center (CERT/CC), 100computer forensics, 80Computer Fraud and Abuse Act (CFAA),
105, 122, 123computer hacking, 7, 32, 42, 77, 78, 80, 123Computer Hacking and Intellectual
Property, 161computer hardware, 18, 93, 148computer intrusion, 36, 56, 111, 113, 118,
162computer modelscomputer networking, 117Computer Security Institute (CSI), 59, 60,
71, 111, 116, 118computer software, 9, 50, 69computer source code, 56, 64computer virus, 11, 114computer voyeurism, 104computerization, 31computing and communications systems, 30ComTraid Technologies, Inc., 149Concord, Ohio, 141confidential treatment request, 150Congressional Intelligence Committee
Report, 53Convention on Combating Bribery of
Foreign Public Officials, 128conventional crimes, 3, 33Cooper, David E., 15copyright, 8, 10, 12, 25, 35, 42, 70, 121, 122,
124, 125, 129, 155, 160, 170, 180copyright infringement, 32, 43, 105, 125, 160Cornell University, 94, 104Corning Glass, 147corporate espionage, 4, 19, 54, 64, 71, 75–77,
132, 176corporate trade secrets, 25, 53, 69Council of Europe (COE), 106, 115, 116, 177
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
INDEX 263
counterfeiting, 32, 115, 174, 177counterintelligence, 14, 19–21, 62, 74, 80,
81, 88, 89Cox Report, 93, 94criminal justice agencies, 1, 33criminal procedures, 46criminal prosecution, 26, 28, 140, 174critical technologies, 10, 15, 77, 83, 88, 131Critical Technology Companies, 14Cuba, 8, 92Cuckoo’s Egg, 35customer lists, 9, 70, 74, 82, 93, 135Customs Agency, 119cyberattack, 32, 89, 101, 108, 109, 111–113,
172cybercrime, 33, 34, 48, 71, 95, 118, 119, 123cyberinfrastructure, 113cyberintrusions, 75cybersecurity, 113, 116cyberspace, 30, 32, 34, 42, 45, 48, 100, 105,
107, 113, 114, 116cyberterrorism, 48, 111, 172cyberterrorists, 36, 111cybertheft, 109cyberthreat, 111, 113cybervulnerabilities, 97cyberwar, 107Cyrix Corporation, 163
d’Entrecolles, Father, 18Dallas, 9, 60, 163Damadian, Dr. Raymond, 27databases, 23, 54, 71, 72, 74, 83, 160data mining software, 8Datang Telecom Technology Company, 148,
149Davis, Steven L., 164decoding, 81Defense Advanced Research Projects
Agency, 98Defense Investigative Service (DIS), 63Defense Reutilization and Marketing
Service, 90Defense Security Service (DSS), 84defense technology, 9defraud, 123Delaware, 49, 159Deloitte & Touche, 164denial-of-service attack, 60, 101, 112, 118,
119Denmark, 39, 43, 163Denver, 107Department of Commerce, 90Department of Defense (DOD), 40, 63, 106,
108, 115, 159, 160Department of Energy (DOE), 63Department of Energy’s Ames Laboratory, 86
Department of Justice (DOJ), 86Department of Homeland Security (DHS),
116Department of State, 91Detroit, 9, 33, 69, 94Deutsche, Director John, 65Direction de la Surveillance du Territoire, 21Direction Generale de la Securite
Exterieure, 54Director of Central Intelligence, 23DirecTV, 152disgruntled employee, 7, 9, 28, 55, 67, 69,
104, 111Disney, 71District of Columbia, 137domestic security, 57downloads, 24, 26Drahos, Peter, 183Drug Enforcement Agency, 119drug trafficking, 33, 107dual criminality, 42, 43dumpster diving, 8, 82, 83duplicating documents, 9
Eastern block, 14, 92Eastern Europe, 19, 179Eastman Kodak, 144eavesdropping, 8, 13, 22, 24, 51, 54Echelon, 23, 24e-commerce, 38, 50economic advantage, 17, 54, 135, 138Economic Counterintelligence Program, 76Economic Counterintelligence Unit, 76economic crime, 1, 3, 4, 32–34, 47, 72, 105,
165, 173, 175economic espionage, 1, 3–5, 7–21, 27–29, 49,
50, 52–55, 58, 59, 61, 62, 65, 76, 77, 81–84,88, 89, 91, 92, 94, 125, 127, 128, 130, 131,133, 140, 143, 150, 151, 164, 168, 170, 172,173, 176–180, 182, 183
Economic Espionage Act (EEA), 2, 4, 17, 26,28, 62, 76, 123–125, 132, 136, 140, 142,143, 151, 159, 163, 168, 175, 178, 179
economic intelligence, 16, 17, 20, 36, 52, 54,74, 78, 83, 84, 130, 140
economic security, 36, 53, 91, 93economic value, 136–138effects test, 43electrical power, 47, 98, 166Electronic Communications Privacy Act, 123electronic crimes, 32, 34, 43–45, 47, 113Electronic Disturbance Theater (EDT), 41electronics, 9, 14, 17, 63e-mail bombs, 36embezzlement, 103, 107encrypted messages, 81encryption, 70, 101, 120, 152
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
264 INDEX
energy research, 9, 93engine technology, 9England, 12, 13, 39Erskine, William, 152, 153Estrada, Fausto, 162Europe, 92, 115European Commission (EC), 22, 37European intelligence agency, 17European Parliament, 22–24European Union (EU), 22, 128export-controlled technologies, 16, 85external attacks, 50extraterritorial, 28, 43, 139
false flag operations, 17Far East, 9Federal Bureau of Investigation (FBI), 3, 8,
15, 39, 71, 111, 118, 119, 143, 144, 154,156, 161, 162, 165, 171
Federal Mail and Wire Fraud Statutes, 123Federal Sentencing Guidelines, 145, 161Fialka, John, 18, 93films, 50, 80financial markets, 31financial transactions, 47, 50, 54Finland, 39firewalls, 50, 51, 61, 71, 101, 111flight attendants, 17, 83Flood Net, 41Florence, 12Florida, 40, 90, 118Fonar Corporation, 27foreign agent, 18, 26, 93, 130, 131Foreign Economic Collection, 13foreign government, 1, 8, 13, 17, 26, 28, 53,
58, 63, 74, 76, 79–84, 89, 90, 93, 108, 127,130–133, 146, 175
foreign intelligence services, 3, 20, 77, 81,84, 88
fork bombsformula, 69, 70, 73, 134, 135, 138, 144Fortune, 43, 58, 59Fortune, 19, 113Four Pillars, 141France, 8, 12, 15, 16, 18, 21–23, 42, 54, 82,
91, 92, 140, 178fraud, 11, 26, 28, 32, 33, 39, 47, 50, 60, 103,
107, 118, 122, 152, 173free trade, 67, 180Freedom of Information Act (FOIA), 74,
77Freeh, Director Louis J., 131freelance spies, 80Frigidaire, 79Frito-Lay, 55front companies, 85front loader, 78
Fruit-of-the-Loom, 71Futures Group, 92
G-8, 101, 115, 177Gartner Group, 33Gates, Director Robert, 92Geide, Kenneth, 76General Accounting Office (GAO), 15, 36General Agreement on Tariffs and Trade
(GATT), 21General Motors, 9, 33, 69, 71Geneva, 22geopolitical strategy, 30Germany, 8, 12, 15, 21, 28, 35, 36, 39–42,
171, 178Gillette Company, 164global economic competition, 50global economy, 2, 4, 53, 55, 66, 70, 125, 170,
172global information infrastructure, 70, 95global risk, 55global security, 107globalization, 1, 29, 31, 32, 38, 47, 49, 52,
124, 180Goldberg, Marc, 64Grabosky, Peter, 183graduate students, 80, 81, 86, 88Grand Canyon, 108graphically, 138Great Britain, 13, 18Green, David E., 141gross domestic product, 17, 50, 55ground systems, 63growing vulnerability, 95Guanzhou, 65
hacking, 22, 36, 39, 41, 48, 50, 78, 105, 122Hallstead, Steven Craig, 163Hanco*ck International Airport, 94Hangzhou Zhongtian Microsystems
Company Ltd., 151hardware, 9, 149Harriman, United States Ambassador
Pamela, 21Harvard Business School, 72Harvard Medical School, 156, 157Hashimoto, Prime Minister Ryutaro, 22Hayden, Lieutenant General Michael, 23health services, 47Heffernon, Richard, 62Hendrata, Andry, 40Henson Medical Imaging Company, 162Hess, Markus, 35high-tech crimes, 4, 29High-Tech Squad, 161high-tech weaponry, 29high technology, 9, 93
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
INDEX 265
High-Technology Crime Units, 117Hitachi, 19Ho, Chester S., 146Hoffman, Ronald, 20, 64Holder, Deputy Attorney General Eric, 171Honeynet Project, 61horizontal axis, 78hostile regimes, 95Hsu, Kai-Lo, 146Hughes Aircraft, 9Hughes Network Systems, Inc., 150Hughes Software Systems Ltd., 150Humes, William Robert, 165, 167
IceNewkillegal operations, 81ILOVEYOU virus, 110India, 8, 18, 54, 150industrial competitors, 108, 109industrial engineering, 68industrial espionage, 10, 12, 13, 23, 25, 31,
32, 55, 59, 62, 73, 76, 77, 79, 82, 131, 133,137, 169, 178
industrial hackers, 11industrial power, 129, 134industrial property, 10, 35, 125, 126industrial sector, 3, 12, 31, 131, 178, 183information age, 1, 30–32, 38, 44, 57, 74, 95,
134, 169, 171information collection, 52information infrastructure, 38, 47, 113information security, 50, 56, 107information society, 30, 42, 48information systems, 63, 107, 108information theft, 5, 29, 71, 101, 111, 182,
183information warfare (IW), 38, 39, 63, 95,
105, 111information wave, 97information weapons, 108infringement, 2, 26, 28, 42, 125, 126, 136,
160, 177innovations, 1, 25, 36, 54, 124, 172Institute of Physical and Chemical Research,
142intangible property, 52Intel Corporation, 11, 163intellectual property, 2, 3, 5, 8, 10–12, 19, 26,
28, 31, 34, 47, 49, 52, 54, 58, 59, 62, 63,68–70, 73, 74, 76, 88, 89, 91, 105, 113, 115,124–126, 128–134, 140, 164, 165, 169–171,174–176, 179–183
intellectual property rights (IPRs), 2, 10, 26,28, 35, 126, 128, 129, 171, 172, 180, 183
Intellectual Property Rights Initiative, 171intelligence, 5, 9, 14intelligence activities, 14, 15, 92
intelligence agencies, 7, 15, 16, 21, 24, 53,61, 72, 80, 81, 88, 93, 150, 178, 180
intelligence agents, 9, 14, 18, 22, 92, 93intelligence gatherers, 53, 78, 80–82, 91intelligence organization, 14, 108intelligence service, 14, 16, 17, 20, 53, 82, 92,
109, 112, 120, 176intelligence unit, 92interception of communications, 32International Bureau of the World
Intellectual Property Organization, 125International Business Machines (IBM), 18,
58international cooperation, 2, 4, 42, 102, 119,
177international dimensions, 30, 34, 49international economic espionage, 90international trade, 17, 31, 137internationalized markets, 30Internet, 1, 8, 9, 13, 22, 24, 31–35, 37, 38, 41,
42, 44–49, 56, 57, 59–61, 71, 74, 78, 83, 84,89, 95, 96, 98–102, 104, 105, 108, 109, 112,115–123, 140, 148, 149, 151, 152, 155, 172,173
Internet criminals, 47Internet Fraud Complaint Center (IFCC),
118Internet protocol (IP), 34Internet security, 60, 99Internet service provider, 40, 112Internet worm, 104Interplay Entertainment, 150Interpol, 115, 116Interstate Transportation of Stolen Property
Act (ITSP), 131intrusion detection system, 61inventions, 8, 10, 12, 55, 62, 69, 73, 124, 126,
136, 180investigators, 7, 33, 39, 41, 46, 47, 65, 80,
117, 130Ion Networks, 151Iowa State University, 87Iran, 8, 22, 91, 92, 167Ishikawajima-Harima Heavy Industries, 20Islamabad, 91Israel, 8, 15, 39, 41, 43, 92Israeli Ministry of Justice, 41Israeli National Police, 41Israeli Parliament, 41Italy, 23, 42
Jacobs, Irwin, 79James Bonds, 81Japan, 8, 9, 15, 17, 22, 28, 42, 81, 92, 142,
143, 158, 171, 178Japan’s Ministry of International Trade and
Industry, 81
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
266 INDEX
Jefferson, Thomas, 12joint ventures, 85Jones Day, 152Jordan, 167jurisdictions, 1, 33, 34, 42, 102, 115, 118
Kansas City, Kansas, 142–144Kantor, Mickey, 22Karn, Phil, 119Kentucky Fried Chicken, 69Keppel, Robert R., 154–156KH-11 satellite, 23Kimbara, Kayoko, 156Kodak, 78, 144, 145
Land Mine Convention, 37laptop theft, 60larceny statutes, 121laser microphones, 80Latin America, 92law enforcement, 2, 4, 5, 32–36, 40–48, 58,
59, 92, 109, 110, 113–117, 119, 122–124,160, 163, 171, 173, 174, 178, 179, 183
Lawrence Berkeley Laboratory, 35Lebanon, 167Lee, Dr. Ten Hong, 141legal collection methods, 74, 84Lerner Research Institute, 142Levin, Vladimir, 39Li, Sun, 65Libya, 167Lin, Hai, 147, 148Linux, 61, 110Locke, John, 5, 181Lockheed Martin, 9, 152–154logic bombs, 103, 113London, 39, 140Lopez, Jose, 33loss of business, 121loss of reputation, 137loss of the value, 137lost profits, 136, 137Love Bug, 48Lowell, Francis Cabot, 18loyalty, 66, 67, 71, 124, 133Lucent Technologies, Inc., 147, 149Ludlum, Robert, 64Lyon Group, 115
Ma Bell, 121Madrid, 140Maginot Linemagnetic resonance imaging (MRI)mail bombsmail fraud, 141, 162Mail Fraud and Copyright Statutes, 122Mail Fraud and Wire Fraud Statutes, 131
Major League Baseball, 174Malaysia, 11, 141malicious code, 108malloc bombsMann Act, 173manufacturing and fabrication, 63manufacturing costs analyses, 9manufacturing facility, 73manufacturing processes, 9, 19, 54, 59, 74, 86marine systems, 63Marion, Pierre, 13, 14, 92market environment, 73marketing plans, 9, 70, 93Maryland, 39, 120Massachusetts, 18, 25, 90, 117, 142, 144, 150,
156, 164Massachusetts Institute of Technology
(MIT), 39Massachusetts Supreme Court, 124MasterCard, 155, 162Maytag, 78, 79Merced microprocessor, 11, 31mergers and acquisitions, 75, 86Mexico, 41, 127Miami, 32, 40Microsoft, 11, 55, 79, 80, 154–156Microsoft Certified Solution Developer
(MCSD), 155Microsoft Certified Systems Engineer
(MCSE), 154Military Critical Technology List (MCTL), 63Military Intelligence Department, 93military technology, 18, 19, 52, 93Mindspeed Technologies, Inc., 150Ministry of Science and Technology, 142, 143Ministry of State Security, 93Minnesota Mining and Manufacturing
Corporation (3M), 78misappropriation of trade secrets, 10, 25, 26,
55, 69, 131, 132, 152, 174Mitnick, Kevin, 120Mitsubishi Electric, 20Mitsubishi Heavy Industries, 20modem pirates, 79moles, 80, 81monetary damages, 137Morch, Peter, 163Morris, John Berenson, 159Morris, Robert Tappan, 104Motorola, 9multinational companies, 54Munitions List, 90, 91
National Computer Crime Squad, 116National Counterintelligence Center, 15, 16National Counterintelligence Executive, 59National Football League, 174
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
INDEX 267
national information infrastructure, 113National Infrastructure Protection Center,
117National Institute of Health, 157National Institute of Justice, 58National Motor Vehicle Theft Act, 173national security, 2, 4, 5, 10, 15, 20, 31, 33,
36, 53, 55, 63, 76, 86, 92, 96, 111, 113, 114,131, 180
National Security Agency (NSA), 23National Stolen Property Act (NSPA), 132National Strategy to Secure Cyberspace, 116National Weather Service, 39National White-Collar Crime Center, 118natural rights, 12Naval Criminal Investigative Service, 16,
39NEC Electronics Corporation, 65, 151Netherlands, 8, 39, 45NetPlane Systems, Inc., 150Netspionage, 39, 47, 50, 51networked computer systems, 30, 100New England, 18, 156New Jersey, 9, 148, 149, 159New TearNew York City, 78, 145New York Times, 73New Zealand, 24Next Level Communications, 150Nigerian letter fraud, 118Nike, 55Nimda worms, 118Nintendo, 150Nissan Motor Company, 20Nolan, John, 75Non-Proliferation Center, 22North American Free Trade Agreement
(NAFTA), 127North Carolina, 9, 133Novaya Zemlya, 37nuclear destruction, 30nuclear systems, 63nuclear weapons, 38, 108, 172
Occupational Safety and HealthAdministration, 77
Office of International Affairs, 119Office of Science and Technology Policy,
59Okamoto, Takashi, 142open source collection, 84Oracle-Microsoft, 8Organization for Economic Cooperation
and Development (OECD), 57, 106, 115,128
Ow, Say Lye, 31Owens-Corning, 147
Pakistan, 22, 91, 154Paller, Alan, 120Paris Convention, 125, 126Park, Daniel, 160password, 37, 39, 67, 79, 89, 100, 110–112,
122, 148patents, 10, 12, 62, 70, 80, 125, 136, 181,
183PathStar source code, 148Peker, Michael, 152Pennsylvania, 9, 66, 137, 147Pentagon, 41Pentium processor, 11People’s Liberation Army, 94People’s Republic of China (PRC), 23, 86,
141, 148, 151, 161, 162personal computers, 34, 37, 72, 101personnel data, 9, 93PetroChinapharmaceutical, 9, 10, 146, 181pharmaceutical industry, 10Phelps, Marshall, 58Philippines, 48Phoenix, 107photocopying, 7, 102photographically, 138, 188Ping of DeathPittsburgh, 147Pittsburgh Plate Glass, 147Plagnol, Henry, 21Plum, Lord, 22poaching, 8Posner, Judge, 182, 183Poulsen, Kevin, 120PPG Industries, 147President Clinton, 95, 117Presidential Order, 167PricewaterhouseCoopers, 81pricing data, 9, 70, 93Pringle, Brian Russell, 163privacy protections, 32private property rights, 13private sector surveys, 61Proctor & Gamble, 55Procurement Solutions International,
L.L.C., 165product development, 9, 10, 25, 50, 70, 93product recipes, 73profitability, 2, 8property rights, 68, 122, 181proprietary, 8–10, 14, 17, 24, 25, 33, 37, 50,
53, 55, 56, 58, 60, 63–67, 69–72, 75–78, 81,83, 84, 88, 89, 93, 107, 111, 127, 129–132,136, 139, 141, 144, 146, 147, 150, 153–157,159, 162–167, 172, 176, 178
prototypes, 138, 188Public Telecommunication Network, 98
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
268 INDEX
public–private engagement, 113, 116public–private partner, 176public–private partnership, 113, 176
Qualcomm, Inc., 79, 120
Radiance high-speed (HS) infrared camera,90
radiological, 172Ramen and Lion worms, 110Renaissance Software, 64Reno, Attorney General Janet, 101Republic of Venice, 12research and development, 8, 10, 17, 30, 54,
55, 62, 71, 76, 77, 79, 85, 137, 141, 163,176, 180, 182
Resolution, 56, 127Resolution, 106, 127Restatement of Torts, 25, 131, 134restraint, 6retribution, 5, 6reverse engineering, 68, 69, 175Rome Treaty, 128Rosenfeld, Morty, 120Russia, 8, 11, 39, 42, 64, 92Russian Republic, 9
Sabre computer system, 8Safar, Jean, 64Saitama-Ken, Japan, 142sales figures, 9, 70, 93San Antonio, Texas, 156San Francisco, 35, 116, 119, 151, 162, 163San Jose, 65, 151, 160Sans Institute, 120Santa Clara District Attorney, 119satellites, 54, 78, 81, 153Saudi Arabia, 24, 167Scandinavian, 8schematics, 9, 27, 165, 167Schweizer, Peter, 14, 15, 54science and technology, 30, 31, 93Science Applications, Inc., 20, 64SCIP’s Code of Ethics, 77Scotland Yard, 179search warrants, 33, 118, 148Secret Service, 119Secretary of DHS, 116Securities and Exchange Commission (SEC),
52, 150security breaches, 50, 51, 59, 118security technology, 51SecurityFocus.com, 120Sega, 150seismographs, 108Semi Supply, Inc., 160semiconductors, 9
Senate Select Committee on Intelligence,131
Senior Law Enforcement Experts onTransnational Crime, 115
sensors and lasers, 63September 11, 56, 94Serebryany, Igor, 151, 152Serizawa, Hiroaki, 142shadow teams, 8Shan, Yan MingShanghai, 91, 150, 162shareholders, 57, 58Shearer, Jack, 165, 166Sherman, Texas, 163Shiva, Vandana, 180, 183SIGINT, 23, 81signal, 18, 21, 23, 72, 152signature control, 63Silicon Valley, 9, 131, 151silkworms, 18silver bullet, 101Sixteen Character Policy, 94Slot II CPUs, 163sniffers, 103social security, 37Society of American Business Editors and
Writers, 79Society of Competitive Intelligence
Professionals (SCIP), 73Solar Turbines, Inc., 165Solaris operating system, 110Sony, 55, 150sound recordings, 50, 125South Korea, 9, 13, 15Soviet Union, 9, 13, 19–21, 179space systems, 63Spanish Armada, 13special agents, 143, 148, 161, 173specially trained personnel, 77specified unlawful activity, 125Spector, Senator Arlen, 125spies, 4, 7, 9, 12–14, 16, 18, 19, 25, 52, 53, 58,
72, 78, 80, 82, 83, 89, 104, 127, 133, 136,140, 175
spy devices, 7spying, 2, 5, 7, 8, 12, 18, 20, 21, 24, 54, 77, 78,
80, 88, 89, 177stealth technologies, 9Stockholm, 126Stoll, Clifford, 35Stone, Katherine V.W., 67Strategic Defense Initiative, 20, 64strategic partners, 50strategic planning, 9, 19, 72, 74, 93strategy-oriented competitive intelligence, 75students, 78, 80, 87, 88, 93, 94Sun Microsystems, 11, 65, 151
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
INDEX 269
Sun, Tse Thow, 159Supervision, Inc., 65Supervision Ltd., 151suppliers, 1, 50, 51, 64, 72, 167surveillance, 22, 34, 36, 75, 90, 91, 141, 150surveillance equipment, 8Sutherland, Edwin, 3Swartwood, Dan, 62Sweden, 40, 43, 166Symantec Corporation, 119SYN floodSyria, 167
tactics-oriented competitive intelligence, 75Taiwan, 9, 64, 141, 146, 147Taiwanese, 64, 146target-oriented competitive intelligence, 76Taxol, 146, 147Teardroptechnical schematics, 56technical training, 46technological attacks, 50technological espionage, 15, 17, 182technological evolution, 4technology bazaar, 64technology intelligence, 75Technology Transfer Regulation, 129technology transfers, 86, 87, 93technology-oriented competitive
intelligence, 75techno-savvy, 116technospies, 51Tejas Compressor Systems, Inc., 165, 167Tejas Procurement Services, Inc., 165, 167telecommunication interceptions, 78telex spools, 82Telnetworks, 150Tenebaum, Ehud “The Analyzer”, 41Tenet, George, 23Terfenol-D, 86, 87terrorists, 22, 36, 95, 104, 108, 111, 172textile industry, 18theft of documents, 7theft of private information, 16Third World, 52Toffler, Alvin, 38, 97tort theory, 24Toshiba Corporation, 27totalitarian governments, 30Toyota, 22trade secret theft, 1, 3, 5, 7–9, 26, 28, 52, 58,
63, 69, 70, 123, 130–133, 137, 139, 147,149, 168, 179, 190
trade secrets, 3, 7–11, 15–17, 19–21, 24–26,28, 32, 34, 52, 55, 56, 58, 59, 65–70, 74–76,78, 79, 81–83, 88, 119, 122, 124–129, 131,132, 134–137, 139, 141, 143–147, 149,
151–154, 156, 159–171, 174–177, 179, 182,185–187, 190, 196
trademarks, 10, 35, 70, 125, 129, 170Trade-Related Aspects of Intellectual
Property Rights (TRIPs), 126trade-show floors, 7Transmeta Corporation, 65, 151transnational organized crime, 29, 101transportation, 9, 31, 38, 57, 93, 98, 122, 132,
151, 153, 156, 159, 162, 196trash trawling, 82Treaty Establishing the European Economic
Community, 128Trident Microsystems, 65, 151Trinoo attacks, 110Trojan Horses, 103, 113Trujillo-Cohen, Mayra Justine, 164twentieth century, 18, 29two-track, 20
U.S. Bankcorp, 155Ukraine, 152undercover methods, 78Unfair Competition Prevention Law, 178Uniform Trade Secrets Act (UTSA), 56, 131,
134, 137Uniscribe Professional Services, 152United Kingdom, 24United Nations, 106, 115, 116, 127, 128, 177United Nations Manual on Computer-Related
Crime, 106United States Air Force’s Office of Special
Investigations, 16United States Constitution, 12, 69United States Customs Service, 91, 162, 171United States Department of Labor, 73United States House of Representatives, 93United States intelligence community, 16,
19–22, 59United States Naval Academy, 95United States Navy, 86United States Patent Office, 62United States Secret Service, 40United States Supreme Court, 133University of Chicago, 151, 152University of Texas, 60, 158Unix, 45Uppsala, 166Uruguay Round, 126utilitarian, 5–7, 24, 181, 182utilitarianism, 5–7
Van Eck, 120vandalism, 60, 61, 107Venice, 12venture capital, 124Verint Systems, 150
P1: GDZ/JZK P2: GDZ/JZK QC: GDZ/JZK T1: GDZ
0521835828ind CB764-Nasheri-v1 February 17, 2005 9:58
270 INDEX
violent crimes, 3, 34, 46, 47, 173Visa, 155, 162
W.L. Gore & Associates, Inc., 159Wall Street Journal, 79Wallace, Robert E., 144Wal-Mart, 8, 78Wang, Eugene, 119Wang, Junsheng, 161Warner-Lambert Company, 165Washington, DC, 9, 116Washington, George, 12web pages, 72web sites, 8, 34, 41, 60, 106, 112webcast, 73Webster, Noah, 12Western Europe, 55white-collar crime, 3, 4, 173Wind River Systems, 119Windows, 79, 103, 110Windows 98, 6, 61wire fraud, 33, 141, 142, 147, 148, 164,
196wire interception, 7wireless communication technologies, 50wiretaps, 54, 75Worden Enterprises, Inc., 144, 145Worden, Harold, 144
World Intellectual Property Organization(WIPO), 144
World Trade Organization (WTO), 88, 126World War I, 12, 173World War II, 13, 72, 173worms, 103Worthing, Daniel, 147Worthing, Patrick, 147Wray, Stefan, 41Wright Industries, Inc., 164Wu, Xingkun, 161
Xu, Kai, 148
Yang, Hwei Chen, 140–142Yang, Pin Yen, 140–142Ye, Fei, 64, 151Yin, Qianqiang, 94Yuen Foong Paper Company, 146Yugoslav Federal Directorate for Supply and
Procurement, 22
Zapatista, 41, 106Zedillo, Mexican President Ernesto, 41Zhong, Ming “Andy”, 64Zhongtian Microsystems Corporation, 151Zhu, Jiangyu, 156Zia Tech Corp., 150
