The FBI is aware of 23 countries currently conducting operations targeting US trade secrets.  It has been widely reported that France, for example, routinely bugged Air France flights and French hotel rooms to obtain economic and technical information from selected foreign passengers and guests.  Three former directors of the DGSE, France’s external security service, have publicly commented on France’s prowess in conducting economic espionage.  As recently as 1996, former DGSE director Claude Silberzahn said that in France “the state is not just responsible for law making, it is in business as well.”  He added:  “For decades, the French state regulated the markets to some extent with its left hand while its right hand used the secret services to procure information for its own firms.

   China has gone to similar lengths.  Vietnam and Cuba are aggressively following suit.  Russia uses former KGB and GRU officers to collect information that will help the country compete more effectively in the global market as it struggles to create a free market economy.  The energy that was once spent on defeating the West in the Cold War is now being devoted to gaining market share in the global marketplace.  And traditional allies that are also strong economic competitors like Israel, Germany, Japan, Taiwan and South Korea all actively target US business information to gain a competitive edge internationally. 

   Futurist Alvin Toffler said:  “The 21^st century will be marked by information wars and increased economic and financial espionage…among the boom businesses of the decades ahead, (corporate) espionage will be one of the biggest.”  A federal judge stated in a 1991 ruling:  “The future of the nation depends in no small part on the efficiency of industry, and the efficiency of industry depends in no small part on the protection of industrial property.” 

   The Economic Espionage Act (EEA) was enacted to focus attention on the threat of foreign industrial spying, and to give the federal government a mechanism to prosecute offenders.  It allows the government to prosecute information theft regardless of whether it takes place in the US, on the Internet, or in any international location.  It was designed to cover the whole range of trade secrets, which are defined in the act as “information the owner has taken reasonable measures to keep secret,” and information that “derives its economic value, actual or potential, from not being generally known to or available to the general public.”

   The Need for New Legislation

   The EEA was conceived after FBI Director Freeh and others concluded that existing federal statutes simply did not allow the US government enough clout to counter the growing threat of industrial espionage to the US economy.  In testimony before the Senate, Director Freeh said:  “Intellectual property…government and corporate proprietary economic information, sustains the health, integrity, and competitiveness of the American economy and has been responsible for earning our nation’s place in the world as an economic superpower.”

   While the US may not be able to compete with some other countries in terms of low wages or natural resources, it does excel in ideas, inventiveness, research and intellectual property development.  IBM Chairman Frank Cary drew a clear link between inventiveness and this country’s economic well being and standard of living when he said:  “To destroy the reward of investment is to destroy the incentive to innovate.”

   Intel Corporation’s David Shannon provided a stunning example of this during a congressional hearing on the subject.  He said:  “Intel is a world class, sophisticated company with world class security…even though we have world class security and are very deeply involved in the computer industry…we recently were the victim of economic espionage where the value to the receiver of that information could range as high as $300 million.”

   In short, tens of billions of dollars and millions of jobs were being lost, and the US government was seemingly impotent in its efforts to counter it.  It was hamstrung by having to use outdated statutes enacted long before the advent of computers, copy machines and instant communications.

   The Adirondack Project

   One of the more striking examples of the inadequacy of federal laws at the time occurred during the 1982 investigation of Hitachi’s theft of information on IBM’s highly classified “Adirondack” project.  Adirondack was IBM’s code name for its development of a new generation of mainframe computers.  The information on the Adirondack program was literally worth billions of dollars to a competitor. 

   The FBI collected volumes of information regarding the theft, including some 35 hours of videotape showing damning evidence of an undercover FBI agent and an IBM undercover official’s meetings with Hitachi officials.  The tapes recorded the payment of $650,000 in bribe money given to the undercover officers by the Hitachi officials and detailed explanations given by them concerning the reasons why they wanted the IBM technology.

   Hitachi entered a plea of guilty to the only thing they could be charged with at the time – conspiring to transport stolen IBM property to Japan – and was slapped on the wrist with the maximum penalty allowable under the law:  $10,000.

   Outraged, the FBI lobbied for new legislation to criminalize the theft of trade secrets.  The result was the EEA of 1996.

   The Economic Espionage Act

   The Economic Espionage Act of 1996 was passed to protect US companies from efforts by foreign governments to steal US technology and proprietary information.  The FBI director highlighted the need for the new legislation by saying that foreign espionage against US businesses was a real and growing threat.  The EEA was enacted with two goals in mind:  to thwart attempts by foreign entities to steal our trade secrets, and to allow the federal government to investigate and prosecute all offenders, including foreign information thieves and domestic American competitors.  The act included cybercrimes and illicit duplication of intangible trade secrets.  In short, it brought the law into the new millennium. 

   The Act focused attention on economic espionage and gave the federal government the mechanism to prosecute offenders.  Under the act, the theft of trade secrets, defined as “all forms of financial, business, scientific, technical, economic, or engineering information…if the owner has taken reasonable measures to keep such information secret and the information derives independent economic value, actual or potential, from not being generally known to and not being ascertainable through proper means by the public,” was now considered a federal criminal offense.

   It allows the government to prosecute the theft whether it takes place in the US, on the Internet, or in any international location.  The act provided for prison sentences of up to 15 years and fines up to $500,000.00.

   Limitations of the Act

   Conceived and enacted with the best of intentions, and while legislation shows increased awareness of the foreign threat to US businesses, it has so far proved to be largely ineffective and unenforceable.  Even Attorney General Janet Reno has discussed the deficiencies of the law.  She has stated publicly that she had no intention of aggressively prosecuting potential offenders.

   There are many problems with the act.  First of all, it will not eliminate true espionage by foreign governments.  Espionage has always been illegal, but that has not deterred foreign services from targeting the US and others for their secrets.  And since the economic angle has become more important in recent years, many foreign governments are putting more resources toward collecting economic and technical information.  A government can save millions of dollars and years of research if it can obtain information rather than having to develop it independently, and most foreign governments are willing to help “their own” gain a competitive edge.  Countries use every method previously used against “government targets,” including electronic eavesdropping, penetrating computer systems, surveillance, trespassing, blackmail, bribery, planting “moles,” and hiring away employees.

   Furthermore, it can be difficult to prove that a crime has been committed.  The best espionage operations, cloaked in secrecy, are never discovered.  If a company can recruit a spy to copy a file and return it unaltered, for example, the company may never know that the information was accessed illegally and passed to a foreign government or company.  Companies often assume that the identical technology or proprietary information was simultaneously developed by the foreign company and that it was merely a case of bad luck when, in fact, it was espionage that acquired the information.  Intelligence officers and investigators simply don’t believe in coincidence.

   One of the major problems with foreign government sponsored espionage is that the offenders are often protected from arrest by diplomatic immunity.  So even if their operations are discovered, the most that can be done is to expel the crook and register a diplomatic complaint with the offending foreign government.

   These limitations are reflected in the arrests made under the act so far.  Although the FBI is reportedly investigating more than 800 separate cases under the EEA, only eighteen people have been charged thus far.  And all of the cases appear to be examples of exceptionally blatant attempts at economic espionage.  Four of them involve foreign industrial espionage (South Korea, Taiwan and China) and the rest are domestic cases.  Three of the cases involved FBI sting operations, which may be indicative of a more aggressive approach to countering industrial espionage, but more likely is only the result of a tip being given to the FBI and the ease of running a sting operation with a cooperative victim.

   The bottom line is that, at least in the near term, the act will not provide significant protection for US businesses.  Foreign governments will continue to target US technology and their approaches probably will get even more sophisticated as the US raises the bar of deterrence. 

   The fact remains, it is cheaper to steal cutting-edge technology than it is to do the required R&D.  Couple this with the difficulty in proving that these kinds of crimes have been committed, or who precisely is behind the espionage, and the onus falls back on individual companies to protect themselves from these kinds of attacks.

   What Can Be Done?

   It is imperative that companies with secrets to protect improve their internal security procedures – access control, briefing employees, compartmentalization of information, etc. – and that they know their employees and the people with whom they do business.  Conducting comprehensive due diligence and background investigations on all individuals and companies they plan to work with, particularly in the international arena, should be standard operating procedure – SOP. 

   Remember the words of Sun Tzu:  “Know your enemy and know yourself.”  Although the EEA has been used rather sparingly to date, more arrests and convictions will follow as corporate America wakes up to the threat and law enforcement agencies learn more about the modus operandi of states and companies that routinely engage in industrial espionage.