1.8 Industrial Espionage

1.8 Industrial Espionage

A company might be subject to industrial espionage simply because competitors share some level of sensitive customer information, which might be worth millions for interested parties ranging from governments to corporate and private entities. It is not only the press who would be willing to pay for information. This situation might be encouraging enough for many hackers to tempt fate and attempt to obtain such information. Internal staff might consider the risk minimal and give away such information. There could be active attempts to retrieve information without authorization by hacking, sniffing, and other measures. A case of espionage can have serious consequences for a company, in terms of incurring the cost of lawsuits and resulting damage awards. This situation can also devastate a company's reputation in the marketplace .

Formally defined, industrial espionage is the act of gathering proprietary data from private companies or governments to aid others. Industrial espionage can be perpetrated either by companies seeking to improve their competitive advantage or by governments seeking to aid their domestic industries. Foreign industrial espionage carried out by a government is often referred to as economic espionage . Because information is processed and stored on computer systems, computer security can help protect against such threats; it can do little, however, to reduce the threat of authorized employees selling that information.

Cases of industrial espionage are on the rise, especially after the end of the Cold War, when many intelligence agencies changed their orientation toward industrial targets. A 1992 study sponsored by the American Society for Industrial Security (ASIS) found that proprietary business information theft had increased 260 percent since 1985. The data indicated that 30 percent of the reported losses in 1991 and 1992 had foreign involvement. The study also found that 58 percent of thefts were perpetrated by current or former employees. The three most damaging types of stolen information were pricing information, manufacturing process information, and product development and specification information. Other types of information stolen included customer lists, basic research, sales data, personnel data, compensation data, cost data, proposals, and strategic plans.

Within the area of economic espionage, the Central Intelligence Agency (CIA) has stated that the main objective is obtaining information related to technology, but that information on U.S. government policy deliberations concerning foreign affairs and information on commodities, interest rates, and other economic factors is also a target. The Federal Bureau of Investigation (FBI) concurs that technology- related information is the main target, but also lists corporate proprietary information, such as negotiating positions and other contracting data, as targets.

Because of the increasing rise in economic and industrial espionage cases over the last decade , the Economic and Espionage Act of 1996 was passed by the U.S. government. This law, coded as 18 U.S.C. §1832, provides:

1. Whoever, with intent to convert a trade secret, that is related to or included in a product that is produced for or placed in interstate or foreign commerce, to the economic benefit of anyone other than the owner thereof, and intending or knowing that the offense will, injure any owner of that trade secret, knowingly

   1. steals, or without authorization appropriates, takes, carries away, or conceals, or by fraud, artifice, or deception obtains such information;

   2. without authorization copies, duplicates, sketches , draws, photographs, downloads, uploads, alters, destroys, photocopies, replicates, transmits, delivers, sends, mails , communicates, or conveys such information;

   3. receives, buys, or possesses such information, knowing the same to have been stolen or appropriated, obtained, or converted without authorization;

   4. attempts to commit any offense described in paragraphs (1) through (3); or

   5. conspires with one or more other persons to commit any offense described in paragraphs (1) through (3), and one or more of such persons do any act to effect the object of the conspiracy , shall, except as provided in subsection (b), be fined under this title or imprisoned not more than 10 years , or both.

2. Any organization that commits any offense described in subsection (a) shall be fined not more than $5,000,000.

In a recent case, [16] against violators of 18 U.S.C. § 1 832 , convictions were upheld in the appeal of Mr. Pin-Yen Yang and his daughter Hwei Chen Yang (Sally) for industrial espionage, among other crimes. Mr. Yang owned the Four Pillars Enterprise Company, Ltd., based in Taiwan. This company specialized in the manufacture of adhesives. Mr. Yang and his daughter conspired to illegally obtain trade secrets from their chief U.S. competitor, Avery Dennison Corporation, by hiring an ex-employee of Avery Dennison, a Dr. Lee. Lee was retained as a consultant by Yang, and the group conspired to pass confidential trade secrets from Avery to Four Pillars. When the FBI confronted Lee on the matter, he agreed to be videotaped in a meeting with Mr. Yang and his daughter . During the meeting, enough evidence was gathered to result in a conviction . [17]

Measures against industrial espionage consist of the same measures companies take to counter hackers, with the added security obtained by using data encryption technology. Where this is not possible because of government regulations (e.g., in France), proprietary compression or hashing algorithms can be used, which result in the same effect as encryption, but with a higher chance of being broken by a determined adversary. Legal protections exist, of course, but were once very difficult to dissect from the vast amount of legislation in Title 18 of the U.S. Code. Congress amended the many laws dotted throughout Title 18 into a comprehensive set of laws known as the 1996 National Information Infrastructure Protection Act.