Employee Use of Company Computers and Email Continues to Chronically Facilitate Trade Secrets Theft (IPPIBlog.com)

*Previously posted on my blog: IPPIBlog.com

RECENT FIVE-PART BLOG SERIES-TRADE SECRETS THEFT ENTERPRISE

In last month’s five-part blog-post series titled, “Composition of a Trade Secrets Theft Enterprise-Case Study” we took a deep dive into how certain GlaxoKleinSmith (GSK – a U.S. pharmaceutical company) employees routinely downloaded trade secrets to their company email accounts then transferred it to their personal email accounts. Part 1  Part 2   Part 3   Part 4  Part 5

AGAIN and AGAIN and AGAIN…

It just continues to be a common story. Employees (not outsiders!) transfer proprietary information from their company email accounts to their personal email accounts or download trade secrets from their company computers/laptops to the cloud or to a zip drive, and pass it on.

RECENT NOTABLE EXAMPLES

Here are four other recent examples within only the last thirty days:

October 10, 2018 – A deputy division director with China’s Ministry of State Security was extradited to the U.S. to face charges of trade secrets theft. Aside from the enormity of a Chinese Intelligence officer being extradited back to the U.S., and how he was nailed, this case has some of the same components of lax computer discipline and monitoring. Here’s a quote from the New York Times article titled, “Chinese Officer Is Extradited to U.S. to Face Charges of Economic Espionage. “…and the employee sent Mr. Xu (Chinese intelligence officer) a file directory of documents on the employee's company-issued laptop.

October 19, 2018 – Bombardier, a Canadian aviation company filed a suit in U.S. federal court against Mitsubishi Aircraft for their alleged use of Bombardier trade secrets that former employees of Bombardier allegedly downloaded and transferred to their personal computers before they were hired by Mitsubishi and then passed the secrets onto Mitsubishi.

Here’s a quote from the 92 page complaint, “Defendant…committed intentional acts constituting trade secret misappropriation at least when he (a) wrongfully obtained Bombardier trade secret information by sending such information without authorization to his personal email accounts from his Bombardier work email account within weeks and days of his planned and voluntary departure from Bombardier to work for MITAC on the MRJ project. 

October 29, 2018 - A U.S. federal grand jury has indicted a principal scientist at Genentech (a U.S. pharmaceutical company) for downloading confidential information and transferring it to her husband and other consultants to a competitor of Genentech.

November 1, 2018 – U.S. charged a government-controlled company in China with stealing trade secrets. One of the accused is alleged to have downloaded more than 900 files of proprietary Micron (U.S. semiconductor company) information and stored it in personal cloud storage and external hard drives.

EMPLOYERS WORKPLACE RIGHT TO MONITOR COMPUTER RELATED ACTIVITY

What makes this intriguing is that companies have substantial authority to monitor whatever is communicated on a company email system or company computers.

Here are a couple of legal opinions on the issue:

“Generally, employers have the right to monitor their employees use of the Internet (including visiting social networking sites, checking e-mails, and instant messaging) on computers owned by the employer, during employees on-duty hours.” And here is a quote from U.S. employment attorney Lisa Guerin, in her article titled,

“Email Monitoring: Can Your Employer Read Your Messages? Employers have a lot of leeway to monitor employee emails.

“Emails sent or received through a company email account are generally not considered private. Employers are free to monitor these communications, as long as there's a valid business purpose for doing so. Many companies reinforce this right by giving employees written notice (for example, in an employee handbook) that their work email isn't private and that the company is monitoring these messages. However, even if your employer doesn't have this type of written email policy, it still probably has the legal right to read employee email messages transmitted through company accounts.”

THE TIME HAS COME

What is becoming increasingly clear is the absolute necessity for companies to continue to develop robust programs to monitor computer-related employee activities, and control what devices are permitted to come in-and-out of the facility.

We are getting to a point (if we’re not already there) in which it will be a standard condition of employment that a prospective employee must understand two basic things before accepting a position:

A. That the use of a company computer or email for any purpose other than authorized company business is strictly prohibited, with the following notice, as Snapchat did, according to one news report,

“If you leak Snap Inc. information, you will lose your job and we will pursue any and all legal remedies against you.”

“And that’s just the start. You can face personal financial liability even if you yourself did not benefit from the leaked information. The government, our investors, and other third parties can also seek their own remedies against you for what you disclosed. The government can even put you in jail.”

B. That any device which has the capacity to record information in any form is strictly prohibited from being brought into the workplace, (i.e., iPhone, iPad, digital camera, digital recorder, zip-drives, etc.)

FENCED-IN SPACE

The workplace is becoming a fenced-in space in which management needs to have complete control, as impractical as that may seem. In some ways, companies will need to treat their facility like a federal courthouse. You are just not permitted to enter a federal courthouse with an iPhone unless given special authorization.

So, for example, when we're on jury duty we must accept that we do not have access to any electronic devices. As a result, we relearn how to use a desk phone, relearn how to read a book, or newspaper or magazine made of paper instead of on a Kindle, and we accept that during the few days or weeks we are on jury duty, we must make do. This principle of containment needs to be applied to the workplace.

Of course, it would be impractical—in many cases—to impose these restrictions on all areas of the facility, but those areas (and persons) where the most sensitive R & D work is being done must be contained.

Who and what goes in-and-out must be strictly controlled whether it’s physical, mechanical or digital.

THE TIMES IN WHICH WE LIVE

These are the times we live in.

What’s the alternative if companies do not confront this problem and persistently act on it?

The answer is painfully obvious.

Disclaimer: IPPIBlog.com is offered as a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, with regard to content provided in IPPIBlog.com. We disclaim any and all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such person and the accuracy and validity of the information provided by them. This blog is provided for general information purposes only and is not intended to provide legal or other professional advice.