Category Archives: Trade Secrets
Does this sound like a Michael Crichton novel? We can only hope. Several news agencies are reporting on a study released by Mandiant, an American computer security firm, that has traced huge volumes of hacking activity to a building in a rundown neighborhood of Shanghai believed to be under the control of a Chinese military unit identified as the “Comment Crew” or “Shanghai Group.”
What are they after? In addition to orchestrating attacks against high level US and Canadian government interests, they are increasingly targeting the intellectual property of companies involved in critical infrastructure such as the electrical power grid, gas lines, and waterworks. Other industries targeted include information technology, aerospace, military contractors, satellite and telecommunications, financial services, and even legal services. The group is reportedly draining terabytes of data from these sources.
The study details the efforts of the Comment Crew in hacking Coca-Cola during its acquisition of a large Chinese company, presumably in an effort to uncover negotiation strategies and other information critical to the deal. The attack was traced to a “spearphising” email sent to a Coca-Cola executive. The email appears to be from a friend and includes a link that initiated the download of malicious code. The executive clicked on the link.
The group is also believed responsible for a similar attack on RSA, the computer security company owned by EMC, a large technology company. It is best known for its SecurID token, carried by employees at United States intelligence agencies, military contractors, and many major companies.
Scary stuff indeed! Cyberwarfare, or government sponsored cyberattacks, are not new and there have been many high profile incidents in the news. According to former US national security advisor Richard Clark, Israel used cyberwarefare to make their planes invisible to the Syrian air command system during a 2007 bombing raid carried out against a nuclear facility under construction in Syria. The US and Israel are believed to be responsible for the attack on an Iranian uranium enrichment facility that supposedly destroyed several pieces of key equipment using a highly sophisticated computer virus. The Chinese are also believed to have gained access to key elements of the F-35 advanced fighter jet when they hacked into the computer systems of BAE Systems, a British defense contractor.
In an attempt to head off more of these types of attacks the Obama administration last week issued a cybersecurity executive order designed to promote security through a joint government and industry self monitoring program. The order puts into place key elements of the cybersecurity legislation that was defeated last term by a Republican filibuster and was opposed by key groups like the US Chamber of Commerce for fears that it would place undue regulatory burdens on business.
Government sponsored cyberattacks on business is somewhat of a new phenomena and seriously escalates the risks of business to business dealings. I suspect we only know the tip of the iceberg when it comes to hacking, and the protection of key business intellectual assets should be at forefront of all business dealings. It would appear that you cannot really be too cautious these days.
IP-related crimes are well known for non-patent offenses, e.g., theft of trade secrets, 18 U.S.C. § 1832; criminal copyright infringement, 17 U.S.C. § 506; and trademark counterfeiting, 18 U.S.C. § 2320. Patent crimes are virtually unknown, with the exception of the false marking statute, discussed at length elsewhere, here, and there.
A lesser-known patent-forgery statute targets anyone who “falsely makes, forges, counterfeits, or alters any letters patent granted or purporting to have been granted by the President of the United States.” 18 U.S.C. § 497. That crime would probably not be very successful. Furthermore, that statute’s constitutionality may be in question after the Supreme Court decides the Alvarez case this term.
There are more general federal crimes that may arise in a patent context, though. Lying to the PTO would violate 18 U.S.C. § 1001; a literal reading of that statute would criminalize some forms of inequitable conduct. Using a patent procured by inequitable conduct to obtain a government contract would probably violate the False Claims Act.
Other criminal issues that apparently arise tangentially in patent contexts. For example, Appendix R to the Patent Rules states:
§ 10.88 Threatening criminal prosecution.
A practitioner shall not present, participate in presenting, or threaten to present criminal charges solely to obtain an advantage in any prospective or pending proceeding before the Office.
A forthcoming paper in the Stanford Law Review from Judge Posner and Professor Yoon is titled “What Judges Think About the Quality of Legal Representation.” The good news? “In civil cases, judges gave their highest ratings to lawyers handling commercial litigation and intellectual property.” What’s more, when it comes to IP litigators, Judges found very little disparity in the quality of representation between opposing counsel. IP litigation is not only a high-quality fight, but an evenly matched one.
Attacks by computer hackers on retailers such as the January 2012 attack on Zappos.com remind us that no one’s intellectual property is safe from cyber attacks—not even a shoe shopper’s. Attacks such as the December 2011 attack on Strategic Forecasting, Inc. (Stratfor) and the February 2011 HB Gary attack confirm that not even those with the motivation and means to thwart a cyber attack cannot successfully do so.
The attacks arise for different reasons. An attack’s objective may appear as merely criminal; for example, attempting to steal consumer data electronically stored by Zappos. And, as attack may be driven by ideology—Anonymous’s humiliating attack on HB Gary, following the security firm’s announcement that it would expose the identity of the unknown hackers’ guild. An attack may also have geo-political roots, supported by a nation state: it was reported in May 2010 that the elements of China’s military hacked the U.S. Chamber of Commerce’s computer network to gain information about the lobbying group’s more than three million members. That information was reportedly used to then infiltrate specific Chamber members involved in Asian policy. Attacks occur for mixed reasons as well. Stratfor’s CEO explained, in his apology for failing to prevent its hackers, that while consumer and commercial data was hacked, the attack was motivated by a desire to destroy Stratfor and expose and embarrass its clients. Read the rest of this entry