Trade Secret Theft in China

By David Cohen and Donal O’Connell

The headlines:

“China national charged with stealing trade secrets” – U.S. Justice Department

“Chinese battery expert is charged with stealing trade secrets from US employer, as he prepared to join mainland firm” – South China Morning Post

“US charges Chinese companies with stealing trade secrets” – The Guardian

“Supreme Court Declines to Hear Chinese Trade Secret Theft Case” – Law360

“Why Trump tariffs on China not stopping theft of trade secrets” – USA Today

“China accused by US and allies of ‘massive hacking campaign to steal trade secrets and technologies’” – South China Morning Post

These are just some of the headlines pulled from various publications during December 2018, all linking China and trade secret theft together.

A challenging situation:

One clearly has to acknowledge the challenging situation faced by many foreign companies in China with respect to trade secrets and their misappropriation.

This paper will briefly explain trade secrets before then describing the various scenarios in which foreign companies may find themselves. We suggest that some of the scenarios described are clear examples of trade secret theft but others less so, if not at all.

This paper also explores some recently published US reports about the problem of trade secret theft in China.

  • Findings by the U.S. Trade Representative under Section 301 of the Trade Act of 1974, published 22 March 2018, and then updated on 20 November 2018
  • US Department of Justice report to Congress pursuant to the Defend Trade Secrets Act, published 19 October 2018

This paper then concludes with some guidance on what foreign companies should do in order to better protect themselves.

Trade Secrets:

Let’s start with the basics. A trade secret is any information that:

  • is secret.
  • has value.
  • is reasonably protected.

Broadly speaking, any confidential business information which provides an enterprise a competitive edge may be considered a trade secret.

Contrary to popular belief — especially among business owners — trade secrets are not only found in top secret, highly-secure research labs. Rather, almost every business possesses trade secrets, regardless of the size and industry focus of the business.

Growing importance of trade secrets:

Trade secrets are clearly growing in importance. First, the law is changing:

  • The Defend Trade Secrets Act was passed in the USA in May 2016.
  • The EU Directive on Trade Secrets will be enacted by member states on June 9, 2018.
  • China explicitly included trade secrets in its 2018 revisions to the Anti Unfair Competition Law.

Second, changes in eligibility requirements and enforcement mechanisms in patent laws around the world, but especially those in the Unites States — and especially as they relate to software and business methods — make trade secrets an attractive mechanism to protect a company’s competitive advantages.

Third, with the increased use of cloud-based and licensing-based business models, across multiple industries, many businesses prefer a “black box” approach to the company’s technology more suitable to trade secrets than the disclosure-in-exchange-for-limited-monopoly approach of patents.

Fourth, cyber-criminals — whether competitors or State actors — are working overtime trying to steal trade secrets from organizations.

Fifth, more and more companies are embracing open and outsourced innovation models, which necessarily requires sharing and collaborating on trade secrets with others.

Sixth, changes in employment models are leading to a highly mobile and transitory workforce where companies now have increased risk that their employees will walk out the door with their valuable trade secrets.

Seventh, there is growing interest in trade secrets by the tax authorities:

  • OECD BEPS Guidelines now include trade secrets as an intangible asset requiring proper management.
  • Much of the EU’s Anti Tax Avoidance Directive (ATAD) enacted on 1 January 2019 relates to intangibles including trade secrets
  • Patent Box Tax Regimes in a number of jurisdictions are now allowing trade secrets as qualifying IP.
  • The US Government is encouraging US companies to repatriate their IP back to the US by lowering tax rates for royalties received from all forms of IP to be materially less than the rate on ordinary corporate income.

Eighth, trade wars are linked by some to trade secret theft concerns.

Last, but not least, we are seeing increased trade secret litigation especially for US companies, but not exclusively so.

China and trade secrets:

It is almost impossible to discuss trade secrets without making mention of China and the alleged theft of trade secrets by Chinese entities. However, there is no ‘one size fits all’ when it comes to China and trade secret theft. It is also the case that not all incidents related to China and trade secrets qualify as trade secret theft.

Case A:

Let’s take the example of a US multi-national enterprise (MNE) with some business operations in China. A local Chinese employee of that MNE leaves the company with know-how in their head and joins say a local Chinese company operating in the same sector. The ex-employee now leverages that know-how in his work for that local Chinese company.

This is an employee agreement issue as such and very depends on the ‘non-compete’ provisions in the person’s employment agreement.

China’s labor laws allow an employer and an employee to enter into a non-compete agreement or agree on a set of non-compete provisions (usually in the employment agreement or a confidentiality agreement) that prohibits the employee from competing with the employer for up to two years after the employment term.

China employee non-compete agreements are generally limited to senior management, senior technicians and other personnel who have a confidentiality obligation.

In exchange for an employee’s promise to uphold a non-compete requirement, the employer is required to pay economic compensation to the employee. An employer’s failure to pay the non-compete compensation means the employee can stop abiding by the non-compete provisions.

It is also worthwhile noting that non-compete agreements are generally disliked by China’s administrative and judicial authorities. That statement is probably true for many jurisdictions.

It should be noted that this example of an employee leaving with know-how in their head is not unique to China. This happens in almost all jurisdictions and in almost all industry sectors.

Case B:

Let’s take the example of a US multi-national enterprise (MNE) with some business operations in China. A local Chinese employee of that MNE steals documented trade secrets belonging to that US MNE and provides such documentation to a local Chinese company (possibly competing with the MNE).

This is clearly trade secret theft so long as the information is indeed a trade secret, the employee did indeed steal the information, and there was damage to the company as a result of the theft.

It should be noted that China’s rules defining and regulating trade secrets are scattered among a series of laws and regulations. The most important of these however is the Anti-Unfair Competition Law which was enhanced in January 2018.

The key changes to the Chinese Anti Unfair Competition Law are as follows …

  • The definition of a trade secret has been simplified to now be ‘commercial secrets of sufficient commercial value’ (and more in line with the definition of trade secrets in the US and in Europe)
  • The fines have been increased from CNY 200,000 to CNY 3,000,000.
  • The law has been expanded in that 3rd parties with actual or constructive knowledge of the theft of a trade secret could also now violate the law.

It should be noted that this example of an employee stealing trade secrets from their employer and making it available to competitors is not unique to China, but it does appear much more systematic there.

Case C:

Let’s take the example of a US multi-national enterprise (MNE) with some business operations in China. A local Chinese employee resigns from the MNE to join a competing local Chinese company taking some documented trade secrets with him on exit.

Just like Case B above, this is clearly trade secret theft so long as the information is indeed a trade secret, the employee did indeed steal the information, and there was damage to the company as a result of the theft.

It should be noted that this example of an employee stealing some trade secrets on their last days of employment is certainly not unique to China. This happens in almost all jurisdictions and in almost all industry sectors. A significant number of departing employees spend their last few hours in the company downloading information onto USB memory sticks or uploading information to the cloud for them to access later.

Case D:

Let’s take the example of a US based MNE cyber attacked and hacked by Chinese state sponsored hackers and having some of its trade secrets stolen.

The cyber criminals leverage a variety of different approaches and techniques to identify the vulnerabilities in the IT network of the company and then attack.

The cyber criminals may leverage back-doors into the IT network. They may try a denial-of-service attack or even a direct-access attack. They may try eavesdropping, spoofing, and even tampering directly with the IT network of the company. The cyber criminals may use privilege escalation, phishing, click jacking or social engineering techniques. In some cases, they create a false environment of stealing non-pertinent data, diverting the attention of incident responders only to exfiltrate trade secret data residing elsewhere on the network. Regardless of what, where and how they attack, they are after the trade secrets of the company.

Although clearly trade secret theft, bringing the culprits to justice is easier said than done.

It should be noted that this example of state sponsored hacking to steal corporate trade secrets is not unique to China. Yes, a significant number of nation-state cyber-attackers are indeed Chinese, but many other countries are also involved such as Russia, North Korea and Iran according to cyber security experts. However, one would have to be very naive to think that many western governments are not also involved.

Case E:

Let’s take the example of a US based MNE operating in China and working in partnership with a local Chinese company and willingly sharing some trade secrets with that local Chinese company.

When English poet John Donne wrote his famous line “No man is an island,” almost 400 years ago, in many ways he was forecasting the future of business as it operates today. No company is an island. It will interact with others.

In most if not all of these business relationships listed above, the companies involved will pass trade secrets back and forth.

A legal framework of some sort is usually put in place between the parties, with the first step usually being the signing of a Non-Disclosure Agreement (NDA). This is a relatively simple legal agreement between a company and a counter-party of that company to exchange information, for the purpose of a project, marketing campaign, R&D or sourcing, etc. Examples of information which can be protected by a NDA are business proposals, financial data, new ideas, etc. Under an NDA, the signer promises the recipient that he will not disclose certain information to any third parties, except under circumstances described within that contract.

Although NDAs are specifically mentioned here, this legal framework may include a Memorandum of Understanding, a Development Agreement, a Commercial Agreement and more.

Ideally, whatever legal framework is put in place should contain details of the standard by which the parties involved will handle the disclosed trade secrets provided to them by the other party. However, this is an aspect that is often overlooked by many companies.

This case described above is not trade secret theft. It could possibly qualify as trade secret theft if the local Chinese company exploits the trade secrets shared by the US based MNE in ways not permitted according to the provisions of the legal framework between the two companies.

Case F:

Let’s take the example of a US based MNE operating in China and working in partnership with a local Chinese company but reluctantly sharing some trade secrets with that local Chinese company as part of the agreement they signed to allow them to operate in China and access the Chinese market.

Beijing is promising new measures to protect foreign companies operating in China.

On 23 December 2018, the Chinese Government submitted a draft of a new law to the Standing Committee of the National People’s Congress, the country’s parliament, highlighting provisions aimed at better protecting foreign companies’ intellectual property.

The proposed foreign investment law would prohibit forced technology transfer from foreign firms to their Chinese partners.

We would argue that this example is not trade secret theft as such. If the US company signed an agreement in order to operate in China, and part of that agreement involved the transfer of some trade secrets to that local Chinese company, then presently, that is the price of doing business in China for that US entity.

However, this example is not unique to China. We know of non-US companies feeling the same type of pressure when entering the US market and dealing with US based MNEs. A European SME operating in the food & beverage sector is currently under pressure from a major US retailer to share some of its trade secrets with an existing US based supplier of that retailer as part of the deal to do business with that major US retailer.

Case G:

Let’s take the example of a US based MNE operating in China, and audited by the Chinese authorities, and concerned that trade secrets are being misappropriated during such audits.

Some claim that Chinese tactics include the dispatching of antitrust and other investigators into foreign companies to attempt to gather their trade secrets. Some claim that China fills regulatory panels with experts who may pass trade secrets found onto Chinese competitors. It is true that regulatory panels do scrutinize foreign investments to make sure they meet Chinese government goals.

The challenge here is that there are some exceptions built into trade secret laws, and such exceptions are not unique to China. The Directive on Trade Secrets enacted in June 2018 across the EU for example does not alter the current legal obligations on companies to divulge certain information.

Companies are subject to legal obligations to disclose information of public interest, for example, in the chemical and pharmaceutical sectors. The EU Directive on Trade Secrets also does not provide any grounds for companies to hide information that they are obliged to submit to regulatory authorities.

Of course, if the auditors or regulators are stealing trade secrets to then pass onto Chinese competitors, then such behavior is clearly trade secret misappropriation.

Case H:

Let’s take the example of a US based MNE with products on sale in China, and competing Chinese companies reverse engineering their products.

Trade secrets are not protected against a 3rd party independently duplicating and using the secret information once it is discovered, such as through reverse engineering.

Yes, that 3rd party may have to avoid patent or trademark infringement, but the 3rd party in this case does not have to concern itself with trade secret misappropriation.

The US perspective:

A number of detailed investigations have been conducted recently by the US into this challenging situation in China.

The US Department of Justice report to Congress pursuant to the Defend Trade Secrets Act contains a number of key sections …

  • A description of the nature and scope of the existing challenges to trade secret owners doing business overseas,
  • The legal landscape of U.S. trading partners in protecting trade secrets through civil and criminal legal structures,
  • The U.S. government’s response to the theft of trade secrets through investigation and prosecution, with particular focus on the efforts of the Federal Bureau of Investigation and Department of Justice prosecutors responsible for addressing intellectual property crime,
  • The U.S. government’s response through engagement with victims, industry, and foreign counterparts to increase awareness and effective trade secret protection overseas.

The key finding highlighted in the report is that the threat of trade secret theft to U.S. corporations conducting business internationally is a well-recognized and extensively documented phenomenon. The report identifies trade secret theft as one of the key challenges in the protection and enforcement of intellectual property rights among U.S. trading partners, a problem that places highly valuable U.S. trade secrets at unnecessary risk.

Section 301 of the Trade Act of 1974 is a key US enforcement tool that may be used to address a wide variety of unfair acts, policies, and practices of U.S. trading partners. Section 301 sets out three categories of acts, policies, or practices of a foreign country that are potentially actionable:

  • Trade agreement violations;
  • Acts, policies or practices that are unjustifiable (defined as those that are inconsistent with U.S. international legal rights) and that burden or restrict U.S. Commerce;
  • Acts, policies or practices that are unreasonable or discriminatory and that burden or restrict U.S. Commerce.

The key sections of the U.S. Trade Representative report under Section 301 of the Trade Act of 1974, and published on 22 March 2018 with an update on 22 November 2018 are as follows …

The first section of this report focused on how China uses inbound foreign ownership restrictions, such as joint venture (JV) requirements and foreign equity limitations, and the administrative licensing and approvals process to require or pressure the transfer of technology, including trade secrets.

The second section of this report addresses China’s acts, policies, and practices depriving U.S. companies of the ability to set market-based, mutually-desirable terms in licensing and other technology-related negotiations with Chinese companies. It also details how China also intervenes in U.S. firms’ investments and related activities in China through restrictions on their technology licensing, including trade secret licensing.

The third section of this report explores China’s technology focused foreign investments, particularly in the United States and Europe, and the various motives driving such behavior. Over the past decade, China’s outbound foreign direct investment (OFDI) has grown rapidly. A longstanding focus of China’s OFDI has been the acquisition of mineral deposits and other natural resource assets, principally in developing regions such as Africa and Latin America. Yet, as China’s OFDI flows have increased, technology-focused investments have become more prevalent.

The fourth section of this report looks at the Chinese government and its cyber intrusions into U.S. commercial networks targeting confidential business information held by U.S. firms. Through these cyber intrusions, China’s government has gained unauthorized access to a wide range of commercially-valuable business information, including trade secrets.

It should be noted that the US Department of Justice report is not specific to China, whereas the US Trade Representative report is. That said, the US Department of Justice report is specific to trade secret misappropriation whereas the US Trade Representative report is not.

Getting the basics right:

Companies need to take trade secret asset management seriously, but especially so if they are doing business in China. Unfortunately, many companies are poor when it comes to trade secret asset management.

Executives from companies of all types acknowledge the importance of trade secrets to their businesses while privately admitting that their company has no idea how many trade secrets they have, which ones are important, or how any of them are protected. The same executives will also sheepishly admit that they have no idea how many trade secrets their company has received from third parties in various business ventures, how adequately their company protects them, or if they even bother to return or destroy them once the collaboration ends.

  • Trade secrets are poorly managed
  • Education is not happening
  • There is a lack of ownership
  • Documentation is poor.
  • Protection mechanisms are poor or non-existent.
  • There is a lack of any classification of such assets.
  • Details on whether trade secrets have been shared is often missing
  • Trade secrets not properly addressed in agreements & contracts
  • There is no information sharing between the legal / IP function and the Accounts / Tax function
  • There is no audit trail.

Nearly everyone acknowledges the importance of trade secrets while doing very little to protect them or even making a simple list. It’s like knowing you have a Rembrandt in your attic and not bothering to have it appraised, insured, or even protected from rodents and birds.

Good practice:

Those exceptional companies who have this mastered tend to have the following things in place

  • Education of employees about trade secrets
  • A robust trade secret policy
  • Fit for purpose trade secret process & procedures
  • A system to underpin that process
  • Good quality trade secret metadata
  • Trade secret governance

The importance of education of employees about trade secrets cannot be stated enough. It is a self-enlightening process. It is crucial to the overall development of the individual participant and the company or organization at large. Trade secret education provides the participant with knowledge about the world of trade secrets and enables informed decisions to be made.

A corporate trade secret policy is a formal declaration of the guiding principles and procedures by which the organization will operate, typically established by its board of directors, a senior management policy committee or by the Legal / IP function within the organization

A trade secret process can be seen as an agreement to do certain things in a certain way and the larger the organization, the greater the need for agreements on ways of working. The trade secret process is like the memory of the organization, and without such a process, a lot of effort can be wasted, and the same mistakes can be repeated.

If a company only has one or two trade secrets, then they probably do not require any trade secret asset management system. However, if the number of trade secrets in a company is more than a handful; if they are sharing their trade secrets with others; if other entities are entrusting their trade secrets to the company; if the company has any direct or indirect links with entities in the US (given the growing issue with trade secret litigation there); if the company has trade secrets located across diverse EU member states (given the EU Directive on Trade Secrets being enacted in June 2018), if the company is doing any business in China (for the reasons outlined in this paper); and/or if the company is conducting any IP due diligence exercises due to some corporate event (e.g. M&A, JV, Investment Round, etc.), then a trade secret asset management system is absolutely required.

Metadata is a set of data that describes and gives information about other data. Metadata is simply data that describes other data. Meta is a prefix that in most information technology usages means ‘an underlying definition or description’. Some mistakenly believe that because trade secrets are not registered, then the concept of trade secret metadata may not apply. Others mistakenly believe that because trade secrets are meant to be kept secret, then no metadata should exist.

Governance is the act of governing. It relates to decisions that define expectations, grant power, or verify performance. In the case of a business, governance relates to consistent management, cohesive policies, proper guidance, well defined processes, KPIs and metrics, and decision-rights for a given area of responsibility. Trade secret governance is simply about defining the ‘rules’ for those involved in trade secret asset management within the organization.

The first and last items listed, namely education and governance, are like book-ends keeping everything else in order.

We would argue that trade secret metadata is key. Without trade secret data, you have no trade secret information. Without trade secret information, you have no trade secret knowledge.

[This post originally appeared on LinkedIn Pulse.]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: