When it comes to secret agents, it’s hard to beat the pages of Ian Fleming or John le Carré. However, the world of corporate espionage also has its emotions. For example, the alleged shenanigans in a recent court case involving two US software companies. In May, a jury agreed that Appian, based in McLean, Virginia, was entitled to a whopping $2 billion in damages from Massachusetts-based Pegasystems, which it accused of illegally spy on it to gain a competitive advantage. The trial revealed that Pegasystems executives had referred to a contractor tasked with accessing Appian’s software as “our spy” in internal documents and had dubbed the overall espionage effort “Project Crush.” Pegasystems, whose shares plunged after the ruling and which is now facing a barrage of class action lawsuits from disgruntled investors, has vowed to appeal the “unfair” decision.
The episode illustrates just how much interest in corporate espionage and learning to thwart it has grown. Espionage is no longer largely focused on the handful of traditionally vulnerable “sensitive” sectors, such as defense and pharmaceuticals. It is increasingly being used against smaller companies in surprising sectors, such as education and agriculture. In short, it has become more of a kind of generic business risk. Just as the Cold War was (at least in the popular imagination) the heyday of great-power espionage, corporate espionage may be entering its golden age.
There are two closely related reasons for this. The first is the inexorable growth of the intangible economy; intellectual property is increasingly the currency of business. The second is the increasing sophistication of hackers. CEOs are right to worry when they see the sale of their company secrets being touted on the dark web: a new marketplace, Industrial Spy, sells stolen data and documents to “legitimate” companies. Information is sold in packages ranging from a few to millions of dollars. Keeping intellectual property safe in a digital vault can be extremely complex.
When you hear about intellectual property, most people think of patents. Securing patents can reduce risk, but it’s something that has become more difficult, at least in the United States, after a couple of Supreme Court rulings in the past decade removed protection for “business methods” and “business methods.” abstract ideas” (which is what many software-based inventions are).
The result has been that companies rely more heavily on the development and protection of an equally valuable type of intellectual property: trade secrets. Those secrets can be anything from algorithms and customer lists to chemical processes and marketing plans. Among the most famous trade secrets are the recipe for Coca-Cola and the formula for the all-purpose product WD-40. Most are more trivial: some recent legal battles have involved agents for industrial baking and resin formulations for floors. Patents offer greater protection, but trade secrets are forever, if they can be kept under lock and key.
Christine Streatfeild of the law firm Baker McKenzie speaks of a “turn” in the last five years, as more companies in more sectors realize the need to protect their secrets. Streatfeild notes that efforts have been intensified when it comes to consumer goods, steel and even cannabis. Baker McKenzie has advised legal marijuana growers in the United States on steps they can take to curb rivals’ access to information on cultivation techniques, soil preparation recipes, aroma extracts, and more.
Digitization contributes to making the problem more thorny. As more established sectors (from car manufacturing to education) increase their investment in software-related technologies, they also accumulate more bits and bits worth stealing. Sectors with lots of startups are especially vulnerable, says Sidhardha Kamaraju of the Pryor Cashman law firm, because they combine a lot of new technology with mobile employees jumping between start-ups. In 2018, Waymo, the unit that develops Alphabet’s autonomous vehicle, reached a settlement with Uber worth 245 million dollars after claiming that one of its former engineers had taken trade secrets when he left the office to go to the company. of private transport services.
The good news for businesses is that legislative protections for trade secrets have been strengthened. In the United States, the Trade Secrets Defense Act passed in 2016 was a turning point that greatly expanded the type and number of secrets covered by federal law… and whose passage caused a 30% increase in trade secrets. the lawsuits filed, according to Tim Londergan of Tangibly, an intellectual property management company.
The bad news is that surprisingly many companies mishandle those secrets. It is not enough to make reasonable efforts to prevent information from becoming confidential. The secret also has to be clearly formulated. Failure to comply with this requirement has come to light in a series of recent court cases. In one of them, Mallet, a bakery products company, failed to prevent a newcomer from using similar release agents (which allow loaves and buns to release from pans) similar to its own: a US appeals court ruled that Mallet had failed to adequately describe and document his secret procedure.
Such rulings have encouraged more corporate officials to request “intellectual property audits” and use the results to better protect their valuable secrets. This, in turn, has fueled the growth of a small sector of trade secret consultants and software solutions companies. There is also demand for lawyers. “Patent attorneys abound, but not enough really understand trade secrets, and they tend to focus on litigation when the problem has already arisen,” says Londergan. “Companies need help first.”
And they also need to pay more attention to risks coming from corporate partners; for example, in joint ventures. Londergan points out that it is often “an idea that only appears late,” even among multinationals. He says that TSMC, a Taiwanese chipmaker, is one of the few companies globally that comes close to best practice in how it formulates and manages trade secrets.
TSMC has good reason to want to get it right. You work in a very sensitive industry, full of proprietary information that rivals would be happy to get their hands on. It has at its doors a China that resents Taiwan and is widely recognized as a planetary reference in the matter of intellectual property theft (after having itself been a victim in the 18th century, when Jesuit priests were sent from Europe to steal trade secrets of porcelain manufacture). Taiwanese authorities say that in recent months they have uncovered several attempts by China to recruit semiconductor engineers through companies illegally registered on the island, concealing their origin. In May, the Taiwanese parliament passed a law punishing anyone who obtains or uses designated “basic” technologies for the benefit of “external entities” with up to 12 years in prison.
The United States, too, has cracked down with China in mind. According to the Justice Department, roughly four-fifths of all economic espionage cases it brings “report conduct that would benefit the Chinese state.” The best-known case of suspected espionage by China, involving the telecommunications equipment manufacturer Huawei, is just the tip of a large iceberg.
As great as the threat from China is, that country is not unique. They also spy on supposedly friendly states. Israel is known to spy on American companies for the benefit of its technology and military sector. And it’s not always helpful to think in discrete terms about the threats posed by different types of actors—company employees, corporate rivals, or governments. Sometimes several of them act simultaneously. Take, for example, the recent 14-year prison sentence of You Xiaorong, a former Coca-Cola chemist. You was convicted of stealing trade secrets related to the lining of the inside of beverage cans. She used the stolen formula to create her own company in China, with the support of a local partner. The company was supported by grants from the Chinese government. It was unclear whether or not Chinese officials were aware of the theft.
The case highlights another challenge for companies trying to keep their secrets safe. No matter how many dollars they spend hardening computer systems, they also need to pay attention to older, analog forms of data exfiltration. Some Procter workers
Furthermore, much of corporate espionage can be (from the point of view of the spied on) frustratingly confusing. Some activities are completely legal. Many hedge funds specialize in monitoring factory activity, using on-site “hands” or satellite imagery to measure output and then bet on stocks. At the other extreme, there are things that no CEO in his right mind would ever allow: senior P
Between the two extremes is a vast gray area in which agents “walk the jagged edge” of morality and the law, writes Eamon Javers in his book on corporate espionage, Broker, Trader, Lawyer, Spy. Many of them work for groups hired by companies willing to have their dirty work done for them, sometimes to provide a credible alibi.
The corporate intelligence industry was born out of the acrimonious takeover battles of the 1980s and has been growing at breakneck speed ever since. Big names like Kroll and Control Risks are at the top of a pyramid made up of thousands of companies that are almost all small. Most of that work is legal and pretty boring; for example, conducting due diligence processes in relation to potential business partners of clients. However, there are cases of companies engaging in dubious activities, from wiretapping to identity theft. In the 19th century, the grandfather of the industry, Allan Pinkerton, established (and largely followed) a strict code of conduct. Javers worries that some of Pinkerton’s modern counterparts routinely violate many of his chivalrous injunctions.
None of that is going to go away. Employee mobility is almost at an all time high, if it hasn’t already. Companies, and the tactics they use, become more desperate in recessions. And the geopolitical background is less and less peaceful, which increases the incentives for the shady activities of the States or their representatives. This may not be Casino Royale, but the specter of growing economic espionage is real.
© 2022 The Economist Newspaper Limited. All rights reserved.
Translation: Juan Gabriel López Guix