企业和工业间谍活动及其对美国竞争力的影响 - 金博宝网站,金博宝正规网址,金博宝更改账户

企业和工业间谍和他们对美国竞争力的影响 ======================================================================= 听证会的国际经济政策和贸易小组委员会第一千零六届国会众议院国际关系委员会第二次会议 __________2000年9月13日__________编号106-180 __________国际关系委员会印刷供国际关系委员会使用，可通过万维网获得:http://www.house.gov/ International
--relations __________ U.S. GOVERNMENT PRINTING OFFICE 68-684 WASHINGTON : 2000 ______ COMMITTEE ON INTERNATIONAL RELATIONS BENJAMIN A. GILMAN, New York, Chairman WILLIAM F. GOODLING, Pennsylvania SAM GEJDENSON, Connecticut JAMES A. LEACH, Iowa TOM LANTOS, California HENRY J. HYDE, Illinois HOWARD L. BERMAN, California DOUG BEREUTER, Nebraska GARY L. ACKERMAN, New York CHRISTOPHER H. SMITH, New Jersey ENI F.H. FALEOMAVAEGA, American DAN BURTON, Indiana Samoa ELTON GALLEGLY, California DONALD M. PAYNE, New Jersey ILEANA ROS-LEHTINEN, Florida ROBERT MENENDEZ, New Jersey CASS BALLENGER, North Carolina SHERROD BROWN, Ohio DANA ROHRABACHER, California CYNTHIA A. McKINNEY, Georgia DONALD A. MANZULLO, Illinois ALCEE L. HASTINGS, Florida EDWARD R. ROYCE, California PAT DANNER, Missouri PETER T. KING, New York EARL F. HILLIARD, Alabama STEVEN J. CHABOT, Ohio BRAD SHERMAN, California MARSHALL ``MARK'' SANFORD, South ROBERT WEXLER, Florida Carolina STEVEN R. ROTHMAN, New Jersey MATT SALMON, Arizona JIM DAVIS, Florida AMO HOUGHTON, New York EARL POMEROY, North Dakota TOM CAMPBELL, California WILLIAM D. DELAHUNT, Massachusetts JOHN M. McHUGH, New York GREGORY W. MEEKS, New York KEVIN BRADY, Texas BARBARA LEE, California RICHARD BURR, North Carolina JOSEPH CROWLEY, New York PAUL E. GILLMOR, Ohio JOSEPH M. HOEFFEL, Pennsylvania GEORGE RADAVANOVICH, Califorina [VACANCY] JOHN COOKSEY, Louisiana THOMAS G. TANCREDO, Colorado Richard J. Garon, Chief of Staff Kathleen Bertelsen Moazed, Democratic Chief of Staff John P. Mackey, Republican Investigative Counsel ------ Subcommittee on International Economic Policy and Trade ILEANA ROS-LEHTINEN, Florida, Chairman DONALD A. MANZULLO, Illinois ROBERT MENENDEZ, New Jersey STEVEN J. CHABOT, Ohio PAT DANNER, Missouri KEVIN BRADY, Texas EARL F. HILLIARD, Alabama GEORGE RADANOVICH, California BRAD SHERMAN, California JOHN COOKSEY, Louisiana STEVEN R. ROTHMAN, New Jersey DOUG BEREUTER, Nebraska WILLIAM D. DELAHUNT, Massachusetts DANA ROHRABACHER, California JOSEPH CROWLEY, New York TOM CAMPBELL, California JOSEPH M. HOEFFEL, Pennsylvania RICHARD BURR, North Carolina Mauricio Tamargo, Subcommittee Staff Director Jodi Christiansen, Democratic Professional Staff Member Yleem Poblete, Professional Staff Member Victor Maldonado, Staff Associate C O N T E N T S ---------- WITNESSES Page Sheila W. Horan, Deputy Assistant Director for Counter Intelligence, National Security Division, Federal Bureau of Investigation.................................................. 3 Dan Swartwood, Corporate Information Security Manager, Compaq Computer Corporation........................................... 12 Scott Charney, Partner, PricewaterhouseCoopers................... 14 Austin J. McGuigan, Senior Partner, Rome, McGuigan, and Sabanosh, P.C............................................................ 16 APPENDIX Prepared statements: The Honorable Ileana Ros-Lehtinen, a Representative in Congress from Florida and Chair, Subcommittee on International Economic Policy and Trade............................................... 26 Sheila W. Horan.................................................. 29 Dan Swartwood.................................................... 40 Scott Charney.................................................... 48 Austin J. McGuigan............................................... 51 CORPORATE AND INDUSTRIAL ESPIONAGE AND THEIR EFFECTS ON AMERICAN COMPETITIVENESS ---------- WEDNESDAY, SEPTEMBER 13, 2000 House of Representatives, Subcommittee on International Economic Policy and Trade, Committee on International Relations, Washington, DC. The Subcommittee met, pursuant to notice, at 2:09 p.m. in room 2200, Rayburn House Office Building, Hon. Ileana Ros- Lehtinen (chairman of the Subcommittee) presiding. Ms. Ros-Lehtinen. The Subcommittee will come to order. The past decade has brought profound changes, yet some of the characteristics of the old world order continue to live on today, with some of the darker impulses of yesteryears adapting to fit a new time and a new set of standards and requirements. The front line is no longer the one which divides East and West, but the one defined by technological innovations. The battle lines lie in research and development. Resources designed and previously used exclusively for military intelligence gathering are now being expanded to gather intelligence on mergers, investments and other financial transactions. The generals are being replaced with CEOs, and the bottom line is not ideological, but financial. The threat of economic and industrial espionage looms over the horizon of the business world like a gray cloud threatening a placid sea. Those who develop a competitive advantage over their rivals stand to make millions from their innovations. That profit is enough for some to seek an unearned advantage of their own by indulging in corporate espionage as a quick fix solution to their creative deficiencies and their inability to remain competitive in their field. In a survey of Fortune 500 companies, the American Society for Industrial Security estimated that last year U.S. corporations sustained losses of more than $45 billion from the theft of trade secrets. Companies reported that on average, each had suffered 2.5 incidents of unauthorized appropriation of proprietary information. The average estimated loss per incident was calculated to be over $500,000, with most incidents occurring in the high technology and service sectors. In another study, Pacific Northwest National Laboratory, under contract by the FBI, developed an economic loss model in an attempt to assess economic losses resulting from intellectual property theft. This model determined that the misappropriation of intellectual property resulted in over $600 million in lost sales and the direct loss of 2,600 full-time jobs per year. The same technology which has propelled our economy to unparalleled heights is also the mechanism which allows for those practicing corporate espionage to more easily sneak into a corporation's files, gather sensitive information and escape without a trace. However, industrial espionage is a crime which continues to be best accomplished through low tech means and is not necessarily dependent upon high tech gadgetry. A vast majority of corporate espionage crimes do not occur in cyberspace, but rather in person, face to face. For example, key employees within a given corporation might be sought by a rival company for information or recruited by spies posing as consultants or headhunters at trade shows. Competitors often examine a company's own internet home page, where key technical employees are often listed, and craft strategies on how to lure that employee away from that firm. This is done because information can be meaningless without the help of trained employees who understand how a particular technology is used. A critical step was taken in 1996 with the passage of the Economic Espionage Act. Since its enactment, the U.S. Government has prosecuted 18 cases of corporate or industrial espionage, yet these crimes and the threat they pose to U.S. economic security continues to escalate. Some would argue that this is because we are the leading target of these crimes due to our position in the global marketplace and our technological leadership. The United States produces the majority of the world's intellectual property capital, including patented inventions, copyrighted material and proprietary economic information. Factor in the incredible ingenuity and inventiveness of the American worker, and one can easily see why this problem is so pronounced in the American workplace. Other observers contend that if the punitive portions of the Economic Espionage Act were strengthened to make it more costly for corporations and governments to engage in industrial espionage against the United States, the desired deterrent effect would be achieved. Many have raised export restrictions as a strong option for the United States to take, and have underscored the need to secure binding commitments from our allies in the Organization for Economic Cooperation and Development and other international forums. We hope to examine these and other pertinent issues during the course of today's hearing and look forward to the recommendations of our panelists on the steps that Congress can take to help curtail the proliferation of economic espionage. I would like to yield to the Ranking Member of our Subcommittee, Mr. Bob Menendez of New Jersey. Mr. Menendez. Thank you, Madam Chairlady. I appreciate your hearing today. This is an important subject, one that warrants and receives increasing attention. As our witnesses have pointed out in the past and will again today, opportunities to steal trade secrets are on the rise, particularly as society relies more and more on computers and the internet for the development, storage and communication of ideas and designs. For the purposes of this hearing, of course, we really should distinguish between legal and illegal spying or corporate intelligence, as legitimate gathering of company data is called, and as we are the International Relations Committee we must, of course, distinguish as well between domestic and foreign theft. Only a fraction of the problem is actually foreign theft of U.S. trade secrets. According to the American Society for Industrial Security, more than three of every four thieves are employees or contractors. Another 6 percent or more are domestic competitors. Only 7 percent steal secrets on behalf of a foreign company or government. Still, this amount of foreign theft of U.S. trade secrets amounts to possibly billions of dollars annually, and ease of access to computers and internet and intranet sites will make foreign theft much easier and much more common. I realize that much of the testimony today will focus on the problem as a whole, on the threats from employees, on the need to educate businesses about the risks and how to protect themselves, on the need to inform the public and policymakers about what is acceptable and not within the bounds of corporate intelligence, but I do hope also that we can focus to the extent possible on what exactly are the threats from abroad and how government can best work to prevent corporate espionage that will threaten the United States' competitiveness. I know that our witnesses will make some specific recommendations for new and improved legislation, and we look forward to exploring those with you. We look forward to the responses of the Administration as to some of those and to the testimony here today. Thank you. Ms. Ros-Lehtinen. Thank you so much, Mr. Menendez. It is a pleasure to have with us our first Administration witness who will share with us her views on the effects which corporate and industrial espionage have American competitiveness. It is our pleasure to introduce Sheila Horan, Deputy Assistant Director on Counter Intelligence for the Federal Bureau of Investigation. A special agent of the FBI since 1973, Ms. Horan has held a number of positions within the Bureau, including Assistant Special Agent in Charge for Administration in the New York office and the Associate Special Agent in Charge in Philadelphia. In 1998, Ms. Horan was transferred to her current position as Deputy Assistant Director for Counter Intelligence with the National Security Division at FBI headquarters. We thank you, Sheila, for being here today. We will include your entire testimony for the record, and feel free to abridge your comments. [The prepared statement of Ms. Ros-Lehtinen appears in the appendix.] STATEMENT OF SHEILA HORAN, DEPUTY ASSISTANT DIRECTOR FOR COUNTER INTELLIGENCE, FEDERAL BUREAU OF INVESTIGATION Ms. Horan. Thank you very much, Madam Chairman. I am gratified to see that you are anxious and willing to engage with us in grappling with the immense problem facing us today with regard to the protection of sensitive information, proprietary information, security, economic competitiveness and economic security in this---- Ms. Ros-Lehtinen. Ms. Horan, if I could interrupt you? Ms. Horan. Yes? Ms. Ros-Lehtinen. I am so sorry, Mr. Burr. I should have looked back. I have these funny glasses on today. I apologize. Mr. Burr. The gentlelady is awfully kind to stop, but I would rather hear from our witnesses. I thank the Chair. Ms. Ros-Lehtinen. Thank you. I am so sorry. Ms. Horan. Thank you, sir. So you have my statement, and rather than regurgitating that now I will just make some points, and then we can get on to the questions if you would like. The Attorney General essentially defines economic espionage as the unlawful or clandestine targeting and acquisition of sensitive financial, trade or economic policy information, proprietary economic information or critical technology. In today's environment, intellectual property and economic information in general have become the most important and sought after commodity by all nations of the world. No question about it. I would say that because of our unique position in the world as a target rich nation for natural resources, intellectual property, just general overall wealth, that we are the No. 1 target in the world for economic espionage and the stealing of that information and secrets. Why are we the most sought after commodity? The United States, that is. It is a pretty complex situation actually, but three reasons sort of come to the fore. The first is the collapse of the Soviet Union and the tremendous relief that that has brought throughout the world. There were essentially, and not to be overly simplistic, but two large camps in the world, and various countries in the world devoted their natural resources, their personnel resources and their general overall wealth toward supporting their position either with the west or with the Soviet empire. When the empire fell, they found themselves looking around and saying look, we have got to redefine what is our national security. It is no longer aligning ourselves with the Soviet Union or the west. It is we have to have a piece of the economic pie. We want to do this. We want to have wealth as well. So the intelligence services, as well as the governments themselves, said who has the most, and the answer is the United States has the most. Second, allies, military allies, who were--as well as ideological allies--during that last 50 years of our history are now aggressive economic competitors. We are faced with former friends I do not want to say attacking, but certainly working against us very aggressively in order to get again a piece of the pie. Third, rapid globalization of the world economy defines national security not so much in how many tanks you have deployed or how many soldiers you have on the field necessarily, but instead their strength is measured in terms of the nation's economic capability. So the nations of the world, as well as our own, and President Clinton underscored this point I think back in 1991 by saying now we should realize very strongly that national security equals economic security. That is an extremely important point I think for us to keep in mind in terms of our war or our fight against economic espionage. What are the targets? Very briefly, they come in sort of two flavors, if I could be a little bit flip there. We are still facing the threat and the attempted threat on classified military defense related national information. There is no doubt about that. There is still ongoing, and we are always battling espionage cases on that basis. Coming out of classified information, however, and related to classified information is cutting edge technologies, dual technologies, sensitive information that may not reach the classified level and, hence, would not be subject to an espionage case, but certainly would be fodder for economic espionage cases and our inspection of those kinds of cases. The other flavor, if you will, is the non-sensitive area and theft of our non-high tech products and services. It is very important to realize that the way we approach economic espionage investigations. It does not have to be high tech for us to take an interest in something. A trade secret can be just as valuable in many instances as more sensitive or classified information. So that is how we approach that, and the way we approach it is through the Economic Espionage Act, which you have already indicated that is out there. Prior to 1996, there was only state laws and some civil remedies for companies and individuals and entities to pursue theft of their trade secrets or theft of their proprietary information. In 1996, the law gave us an overarch or gave the Federal Government the ability with the Federal law to approach the theft of trade secrets offering stiffer penalties and other advantages that were not available to us and to business and industry to pursue these cases. We have prosecuted you mentioned 18. Actually up to date there are 20 in which we have successfully prosecuted over the last 4 years. Interestingly enough, the Department of Justice or Congress actually, not the Department of Justice, was concerned that we would take this law in 1996 and profligately investigate all sorts of smaller issues and inappropriate crimes under this umbrella. I think that you can be well served and proud that in the 4-years the Bureau and the Department of Justice have carefully looked at these cases and have had what I consider a tremendous success in the 20 cases that we have prosecuted. We are truly faced with a problem that because of the Cold War and our 50 years' involvement in that perhaps did not allow us to focus as we should have as an intelligence community, as a government, on this problem. It is not a new problem. It has been around for years and years and years, but our government was focused on the Cold War issues and realities and perhaps did not have enough time to pursue this as aggressively as we are trying to do today. Let me stop there, Madam Chairman, and engage with you and your fellow Members any issues that you might want to pursue. [The prepared statement of Ms. Horan appears in the appendix.] Ros-Lehtinen. Thank you so much for your testimony. Mr. Burr, in order to make up for it I would like to recognize you first for the questions. Mr. Burr. The gentlelady is awfully kind. Let me ask you, if I can. Can you give us some type of percentage as to what you see that would be the classified part that the theft is going after versus the non-classified? Ms. Horan. Let me answer that, Mr. Burr, by saying that there are two provisions in the Economic Espionage Act. One is 1831, which deals with economic espionage attempted and conducted by a foreign entity, that is to say a foreign intelligence service, a foreign government, a foreign organization linked to the actual government. The other provision is 1832, which, generally speaking, you could characterize as a theft of trade secrets and would be aligned with possibly white collar crime violations, theft of essentially trade secrets, as I said. The vast majority--well, of the 20 prosecutions that I mentioned to the Chairwoman that we have pursued, none of them fall in the former category of the foreign power based or supported category. All 20 have been in the 1832, which is the trade secrets. In terms of how many cases, actual cases we are pursuing that fall into the two camps, I would say that the percentage is at this stage highly weighted in the trade secrets or the non-classified versus the classified, although we have a number, and I would prefer not to get into actual numbers in this open forum, but we do have a goodly number in the other category, the foreign based category. Mr. Burr. And is there any dollar amount that the Bureau has put on the current economic espionage that exists for the U.S. economy? Ms. Horan. We have not. As the Madam Chairperson has mentioned, there were two, at least two, studies conducted. ASIS did one and PNNL conducted another one in which they projected. The PNNL case projected out of an actual trade secret prosecuted or trade secret case. They projected out even to tax loss, job loss, as well as monetary loss to the company itself. While that is illustrative to us, as is the American Society for Industrial Security study, both of them are very illustrative of what the actual loss is and magnificent essentially. It is huge. Mr. Burr. I thank you and yield back to the Chairman. Ms. Ros-Lehtinen. Thank you so much. Ms. Horan. OK. Ms. Ros-Lehtinen. Thank you. Mr. Menendez. I know we have a vote. Mr. Menendez. I have one question or two actually. Maybe just by joining together you can answer them together. Ms. Horan. Sure. Mr. Menendez. I understand there are, you said, about 20 cases or so that have been prosecuted under the EEA. I understand that this is in part due to an agreement or an understanding or a pledge by the Attorney General not to prosecute cases or not to have the government pursue charges without first having obtained the Attorney General's personal approval to proceed and that there are 800 cases now being considered for prosecution. Is that a correct number, and would we expect the amount of prosecutions to go up after the 5-year waiting period? No. 2, is the suggestion that closing--from some of the other witnesses we will hear about closing the loophole that prevents prosecution for theft of their product before it is placed into interstate or foreign commerce and the creation of a private cause of action under the EEA, are those items that the Department has considered or has---- Ms. Horan. I am not aware of the Department's view on the latter issue, but on the former issue---- Mr. Menendez. If you would have the Department give us a written response to that? Ms. Horan. Yes, certainly I would. By all means, Mr. Menendez. Your first question, though, would we expect an up tick, so to speak, in the number of prosecutions, and also you asked about the figure 800 and whether that is accurate. I would say that is not accurate at this time. We have about as of today, because I checked thinking you might want to know this. We have about 400 cases open today. Mr. Menendez. Four hundred? Ms. Horan. Four hundred. Because of the education efforts that we are engaging in and trying to get the word out about this, you must understand that industry and business are somewhat loathe and reticent in engaging with us, but the more they hear about the cases, the more they see the results, we anticipate that those cases are going to raise exponentially and in fact have raised over the years heretofore. Have increased I should say, so, yes, definitely. Mr. Menendez. I really look forward to the Department's response. Ms. Ros-Lehtinen. Thank you, and I am pleased to recognize Mr. Manzullo, who will take over for us. Thank you. Mr. Manzullo [presiding]. This is like musical chairs. Ms. Ros-Lehtinen. Thank you. Mr. Manzullo. Thank you. I get to ask you the questions, yet I have not even heard your testimony. Ms. Horan. Well, I will be happy to hand it to you right now. Mr. Manzullo. I have it right here. Forgive me if I ask this question---- Ms. Horan. That is quite all right. Mr. Manzullo. What is the line beyond which inquiry or gathering information becomes a violation of the Economic Espionage Act? Ms. Horan. Let me try and answer that question this way. There are a number of ways that we look at and approach economic espionage in the FBI and intelligence community wide. We are not doing this ourselves. We are enjoined with the Department of Defense, the Central Intelligence Agency, Commerce, Customs, etc. This is not an FBI unilateral responsibility, but we sort of coordinate it. One of the main ways we do that is utilizing the Economic Espionage Act of 1996, which I think is what you are referring to. We also have a responsibility under our counterintelligence mandate and apart from any criminal mandate to gather information and collect and disseminate information with regard to foreign targeting of our infrastructure, of our government, of our business academia, business and industry, etc., with the idea that using investigative steps, which I probably will not get into here, but trying to stem that, avoid it, prevent it and get around it, stop it before it actually happens. It is a huge analytical effort, and that is one whole aspect that we probably will not talk about today, but that is one area that we have a lot of effort in. With respect to when does an individual or a member of a foreign government step over the line, I would have to say that it is a case by case situation. You have to really look at the circumstance, the totality of circumstances involved in each situation, but what the law does not want us to do, and this is part of that line, is to say to diplomats and legitimate government or personal envoys from abroad or from within our own country that they cannot collect open source information, economic information that is out there on whether it be the internet, whether it be libraries, wherever it lies. So we are not trying to impact or stop that kind of activity. Where we would like to have an impact and where many of the 20 cases that have been prosecuted so far have led us is where a foreign or a domestic, a foreign or a non-foreign, entity is attempting to rip away some element of our economic competitiveness, generally speaking, in the business world here, in the business industry. Mr. Manzullo. Can you---- Ms. Horan. I am sorry. Mr. Manzullo. In the context of that answer, can you give us an example of someone who you have prosecuted---- Ms. Horan. Sure. Mr. Manzullo [continuing]. That is a matter of open record? Ms. Horan. Sure. Mr. Manzullo. Thank you. Ms. Horan. As I say, there are 20. I will--probably the most widely known one and one that you may be aware of is the Bristol-Myers Squibb Taxol case, which was resolved a couple of years ago, Taxol being a very, very popular cancer fighting drug, and it was the subject of theft from a Taiwanese company who sent employees here to attempt to steal that. We prevented that thankfully. They went through the court process and arrests were made, and it was prosecuted successfully. That is one of them, but let me, I think, to give you an idea, I will just quickly tell you some of the--and this goes to a comment that I made that it need not--our prosecutions and our interests need not be only in cutting edge, dual use technology, sensitive, proprietary information, but can be non- high tech. I do not think you were here for this part; non-high tech issues, trade secret issues that we are very interested in, too. For instance, the Joy Mining Machining Company in Pittsburgh, PA. Technical coal mining equipment was being targeted. Deloitte & Touche was the victim of one case, and a proprietary software program was targeted. Gillette Company was the victim in another case. A new shaving system was the target. Mr. Manzullo. How many ways---- Ms. Horan. On and on. Mr. Manzullo [continuing]. Can you use to cut whiskers? Ms. Horan. Well, they evidently had a new one. I do not know what it was. Mr. Manzullo. I do not want to use the word watchdog, but obviously you got involved at a point where the company owning the patent or the trade secret had some kind of an indication that somebody was trying to steal it? Ms. Horan. That is correct. Mr. Manzullo. That would be the normal way? Ms. Horan. It can be two ways. Either they detect this, which is frequently the case, or we get information that something is amiss. This brings up an interesting point. I am glad you made that point that companies are sometimes reluctant to come to the Federal Government and the Federal Bureau of Investigation for these kinds of investigations, No. 1, because they are largely ignorant of how we do them, and we are trying to successfully overcome that by an education program, but they do not want their trade secrets to be aired. They do not want their shareholders to know there are problems in the company. These kinds of bottom line issues are very difficult to overcome when a company comes and finds out information like this. Just this very morning we were in contact with one of the major oil companies in the United States who phoned in and wanted--the director of security phoned in and said look, we found that we have information that someone is trying to steal XYZ from us, and I am going to make a presentation--I am the director of security--to the CEO about whether we should involve the FBI or not, so these kinds of problems are plaguing us right now because it is a new law and people do not know, but we think we will overcome this as time goes on hopefully with some good, high level, highly publicized deterrent factors. Mr. Manzullo. This is a good segue to these questions that the Chairlady had circled, which I will ask now. One of the witnesses on the second panel will state that since the value of trade secrets is not well established, safeguarding efforts are often given lower priority when limited resources are allocated. The question here is do you agree with this assessment? Is there a wide gap between the value of lost assets and resources allocated to investigation, enforcement, prosecution of economic espionage? How do you establish a clear value for the assets? This goes right to the heart of your work at the FBI, does it not? Ms. Horan. It does. Mr. Manzullo. It is obviously high priority for you because this is your mission, is it not? Ms. Horan. Pardon me, please. Yes, it is a high priority for us and will continue to be one I think in the coming years because of the escalating costs that it is---- Mr. Manzullo. And you focus your career almost entirely on this, is that correct, in the FBI? Ms. Horan. Me myself? Mr. Manzullo. Yes. Ms. Horan. Personally? It is one of the responsibilities. I am in charge of counterintelligence for the Bureau, so this would be one aspect of it---- Mr. Manzullo. OK. Ms. Horan [continuing]. But certainly one growing and very important one, but I would say to you in answer to your comment there that if you go out to major corporations in the United States and look at their security departments, you are going to find that generally, generally speaking, the heads of the security departments are not first line executive, and by that I mean it is not a particular company's first mission, security. Mr. Manzullo. They are not trained in it? Ms. Horan. Well, Delta Airlines take for instance. Their mission is to fly planes. The director of security at Delta Airlines, and this is multiplied across the country, is a drain on company resources because that person wants to say, ``listen, in order to prevent bombs from going on the plane, in order to prevent luggage from being stolen, in order to prevent our executives from being kidnapped, this is what I need. This is how much money I need.'' They are not, generally speaking, welcomed, euphemistically speaking. Not literally, but they are not always the most favorite person at the party, so to speak, so again it is an education process. Mr. Manzullo. Do you mean within the company? Ms. Horan. Exactly right, so resources, and I think this is what you were getting at. Resources in private industry devoted to security issues are much less than probably they should be in many instances. Mr. Manzullo. I do not know if this question was aimed at the belief that there is a low priority within the FBI or within the company itself. That is why I said---- Ms. Horan. Not a low priority with us. Mr. Manzullo [continuing]. Based upon your testimony---- Ms. Horan. No. Mr. Manzullo [continuing]. I do not think it is a low priority. Ms. Horan. Not at all, no, but my response was to private industry. Mr. Manzullo. Do you think the big problem is that there is so much snooping going on that people just cannot fathom the sophisticated means of doing it and the extent to which people would actually steal the product, their patent or something like that? Ms. Horan. Yes. I do not think people expect it. Mr. Manzullo. And they get blindsided? Ms. Horan. That is exactly right. Some of the methods used to do this are fairly innocuous and not geared toward raising anyone's hackles unless you happen to be a security person or an investigator or something who is well schooled in this spotting and assessing, for instance, an individual in a company who might be near to a particular technology, getting to know that person, building up a relationship. These are some of the methods that are used. Additionally, what you see more and more are unsolicited requests to businesses from--either domestically or internationally in which hundreds of thousands of E-mails are sent around the world asking for particular information from, you know, someone who is interested in getting it. It is an information gathering technique that a foreign entity can use to just send to all our countries--pardon me. All companies that deal with a particular technology that they are involved in. So they send out 1,000 E-mails. They may get back two, but they are getting back information very cheaply. Mr. Manzullo. Do you mean just enough to know that somebody has something there that they want? Ms. Horan. Oh, yes. Yes. Visits to U.S. facilities, the visitor programs, DOD, DOE, NASA. All these government entities and quasi government entities have hundreds of thousands of visitors who come to their doors each year on legitimate business, but they are also collectors, and they bring that back to their home country. Is that something that we should be concerned about? I would say absolutely. Mr. Manzullo. Los Alamos? Ms. Horan. Los Alamos is an extremely good example. Mr. Manzullo. Do you or people that work under you at the FBI put on seminars for companies on---- Ms. Horan. Yes. Mr. Manzullo. Do you do seminars like that? The biggest city in the congressional district I represent has over 1,500 industries. Ms. Horan. What is that city, sir? Mr. Manzullo. Rockford, IL. Ms. Horan. Oh, yes. Mr. Manzullo. It serves some aerospace fasteners. Of course, it is anything that is kept secret, so I am sitting here thinking that perhaps you or somebody might be interested in having a seminar on how to keep your secrets from being stolen. Ms. Horan. Well, our Chicago field office would have what is called, as all field offices have, an answer program. Mr. Manzullo. OK. I really appreciate your coming here. I did not hear your testimony, and I am sorry, but I will read that. We will be in contact with your Chicago office to see if the chambers perhaps would have, even if it is a half dozen industries. Would that be sufficient to have an agent come out? Ms. Horan. One industry would be enough. Mr. Manzullo. One industry? Ms. Horan. We do them to 1 or 200. It does not matter. Mr. Manzullo. Fine. Thank you for coming. Ms. Horan. You are very welcome, sir. Mr. Manzullo. I really appreciate it. I am sorry about the interruption with the bells, but---- Ms. Horan. Not at all. Very understandable. Mr. Manzullo [continuing]. We live by this. Thanks again. Ms. Horan. Thank you for your attention. Mr. Manzullo. If we could impanel the second panel? If we could impanel the second panel before the bell starts again, and I guess it is obvious that they are not interested in televising your testimony, so I hope you do not feel too badly about that. To complement the expertise of our first witness, we would like to introduce three gentlemen who not only understand this issue, but have dedicated a significant amount of their professional lives to dealing with this problem. First, Dan Swartwood, corporate information security manager with Compaq Computer Corporation and primary author of ``Trends in Intellectual Property Loss Survey Report.'' Dan is a retired U.S. Army counterintelligence officer and contributing consultant to an independent assessment of the White House security program for U.S. Secret Service. He is a 14-year member of the American Society for Industrial Security, an 8-year member of a standing committee on safeguarding proprietary information and an avid reader of James Bond novels. I threw that in. Next, I would like to introduce Scott Charney, a partner with PricewaterhouseCoopers. Scott is a former chief of the Computer Crime and Intellectual Property Section, Criminal Division, at the Department of Justice. Under his watch, his division investigated and prosecuted cases of national and international computer hacking, cases of economic espionage and violations of Federal criminal copyright and trademark laws. A former U.S. Attorney and Assistant District Attorney, Scott is a published author who has written widely on the subject of protection of proprietary information. Finally, I would like to introduce Mr. Austin McGuigan, a senior partner--is that correct? Mr. McGuigan. Correct, sir. Mr. Manzullo. That is an Irish name like Manzullo. A senior partner at Rome, McGuigan and Sabanosh. He is a former Chief State's Attorney for the State of Connecticut, as well as a former adjunct professor at the University of New Haven. He is the co-author of a number of articles, including ``How to Use the Economic Espionage Act to Protect Your Corporate Assets.'' Well, this is pretty impressive. Dan, we will start with you. I am going to put on a 5-minute clock here and try to stick to it a little bit generally. Mr. Swartwood. I will make every effort. Mr. Manzullo. This is pretty sophisticated. I do not know if I can operate it. OK. Go ahead. STATEMENT OF DAN SWARTWOOD, CORPORATE INFORMATION SECURITY MANAGER, COMPAQ COMPUTER CORPORATION, AND CO-AUTHOR OF TRENDS IN INTELLECTUAL PROPERTY LOSS SURVEY REPORT Mr. Swartwood. Mr. Chairman, I want to thank you for the opportunity to discuss a topic that often is addressed only as a subplot in movies and occasional sensational headlines. Mr. Manzullo. And James Bond novels. Mr. Swartwood. That topic is economic espionage and its impact on American competitiveness. For over 20 years, I have worked in a variety of government and civilian positions that have helped qualify me to discuss this topic. I have also been actively involved, as mentioned, in the American Society for Industrial Security international survey efforts to assess the impact of intellectual property loss for almost 10 years. These surveys have continued to indicate that the issue of intellectual property loss is growing in both scope and impact. As mentioned, the 1999 survey mentioned that direct revenue losses were estimated to be as high as $45 billion and there were almost 1,000 incidents of loss reported by 45 companies alone. For the last 5 years I have been the corporate information security manager at Compaq Computer, and during that time Compaq has grown into the 20th largest American corporation and 75th largest in the world. Compaq's work force globally exceeds 100,000 people, and we, along with other major corporations, face the challenge of information loss. I mentioned earlier that this topic tends to make the headlines. Unfortunately, there was just a major incident this week. On Monday, it was widely reported that part of the Western Union website had been cracked, and 15,000 users' credit card information had been stolen. From my perspective, the interesting aspect is how this theft occurred. It was reported that the site administrators, while conducting routine maintenance, had removed security measures protecting the site. This is anecdotal, but does support the premise discussed in my prepared statement, which is the majority of corporate information loss occurred because of one of three causes. One, a lack of training for and mistakes made by authorized members of your work force. Two, the failure on the part of administrators to implement and maintain security measures, and, three, disgruntled and/or disaffected individuals working in your corporation. These issues can cause up to 85 percent of all corporate information loss. A primary consideration determining how this issue is addressed in any corporation is the priority that senior management gives it. In any corporation, there are a myriad of competing priorities on a constant basis. Security issues tend to be addressed as a reaction to unfortunate events. The lack of adequate security and training resources can create an environment where the question is not if losses will occur. The question is when they will occur. The surveys indicate that less than 3 percent of all IT and security dollars are spent protecting or safeguarding electronic or hard copy proprietary information. The vast majority of these dollars are spent on physical and electronic measures designed to keep outsiders from penetrating corporate spaces or networks. These are absolutely essential measures in any corporation, but it must be noted, however, that they do little to protect information from either the untrained or disgruntled insider. Few American corporations have the resources to deal with economic espionage sponsored by either nations or foreign corporations. The Federal Bureau of Investigation and Justice Department are actively building a capability to investigate such activities, and we welcome the interest and efforts they have made to address economic and industrial espionage. Corporate espionage, defined as outsiders penetrating corporate offices or networks, does occur and can be very damaging, but because of my experience and results of the four nationwide surveys on intellectual property loss I have been a part of, I feel that it is an issue to be addressed, but is not the primary concern of corporate America. Because the threat to business information is not primarily foreign or caused by outsiders does not make it less real or less destructive. When a corporation is denied the full benefit of their trade secret or innovations, their business suffers, and our economy is weakened. For the last 4 years, the Federal Government has been instrumental in engaging corporate America on the issue of infrastructure protection. These efforts are designed to protect information and networks of several critical infrastructure industries. A similar engagement addressing the larger issue of intellectual property loss might cause similar improvements in how corporations view this issue and improve our competitiveness in the global marketplace. I want to thank you for the opportunity to address you today and would be pleased to answer any questions you might have after the speakers are done. [The prepared statement of Mr. Swartwood appears in the appendix.] Ms. Ros-Lehtinen [presiding]. Thank you so much. Mr. Charney. STATEMENT OF SCOTT CHARNEY, PARTNER, PRICEWATERHOUSECOOPERS Mr. Charney. Thank you, Madam Chairperson. Being mindful of Mr. Menendez's comments that you have our written testimony and we should feel a little bit free to deviate, I am going to do just that. In my career I have now been both on the government side at the Justice Department responsible for economic espionage, and now at PricewaterhouseCoopers I have clients that want economic espionage or hacking cases investigated. Building on what was said before when the FBI was present, there is certainly a reluctance by some industry members to go to law enforcement. That has to do with several reasons, but the biggest one I see is that for a private victim if they go to the government they lose control over the case. That is, as a private company that is being victimized they can control the investigation, decide how many resources to put toward it and call it quits if they choose to do so, whereas when you report it to law enforcement then the subpoenas come and other kinds of compulsory process, and you have to go forward. Most companies do not want to lose that control. Having said that, I also want to highlight a few other points. I mean, it is absolutely clear that digital information is great property of value in the information age. I remember many years ago, as far back as 1992, a reporter was asking Europeans about the fall of the Soviet Union and what it meant that the United States was the world's sole superpower. The response of most Europeans was in the new economy it is not military power, but economic power that is going to rule, and so if Willy Sutton says I go to banks because that is where the money is, then competitors are going to say we are going to computers because that is where the digital resource is. If you look at the surveys that have come out that have been referenced in almost all the testimony, both the American Society for Industrial Security [ASIS] and surveys by the Computer Security Institute, it is clear that the losses are mounting. The number of cases is increasing. In the Computer Security Institute survey, for example, about 20 percent of the respondents out of 585 said that they were victims of trade secret information theft, and in terms of sheer dollar losses the survey found that the most serious losses from all the types of criminal activity listed from hacking to other kinds of abuse, the theft of trade secret information was the most expensive crime for U.S. businesses with 66 respondents reporting over $66 million in losses. I would point out, too, that these surveys probably represent only the tip of the iceberg because most computer crime is neither detected nor reported, so to the extent that people are stealing data from computer systems that is valuable, it is probably not detected. The reason for that is the nature of electronic theft. If I steal your car you know because it is gone, but if I steal your customer list or a design plan, you still have it and so unless you have detected that abuse you will not know that I have it, and you will remain comfortable. To show just how bad that is, one of the difficulties has always been that when you have a supposition, such as most computer crimes are neither detected nor reported, how do you prove what you do not know? The answer is you do a controlled study. The Defense Department did just that. They attacked 38,000 of their own machines. They penetrated security 24,700 times or 65 percent. Then they went to the system administrators and said OK, how many intrusions have you detected, and their answer was 988, only 4 percent. Then they went to DISA, the Defense Information Systems Agency, and said how many reports have you gotten, and the answer was 267 or 27 percent, so it is absolutely clear that most of these crimes are probably not detected in the first instance, and then they are not reported to anyone. I would like to conclude by focusing particularly on the international aspects of this problem, and I think that there are some critical questions that the committee needs to think about when thinking about international economic espionage in particular. The first is what actually constitutes international espionage in the new world order. Is Chrysler an American company or a foreign company? With all the globalization of businesses, to the extent laws and governments are concerned, as rightly they should be, about allegiances and whether this is foreign or domestic, I think that line is getting increasingly blurry. It is hard to tell. That is one problem. The second problem is with the growth of the internet, particularly with now approximately 165 countries connected, it is going to be increasingly difficult to identify the perpetrators of these crimes. The reason for that is the internet has global connectivity. Hackers have shown the ability to weave between countries to hide their tracks. In addition to that, there is no authentication or traceability on the internet, which means if you know your machines are being attacked and people are taking sensitive data, it is extremely, extremely hard to find the source. [The prepared statement of Mr. Charney appears in the appendix.] Ms. Ros-Lehtinen. Thank you, Mr. Charney. Mr. McGuigan. Mr. McGuigan. McGuigan. Ms. Ros-Lehtinen. McGuigan. Close enough. Mr. McGuigan. Thank you, Madam Chairperson. McGuigan. Ms. Ros-Lehtinen. All right. All right. Mr. McGuigan. Thank you, Madam Chairperson. Ms. Ros-Lehtinen. Congresswoman Johnson and Congressman Shays send their best to you. I saw them there on the Floor. Actually, they asked me to ask you really hard questions. Mr. McGuigan. I understand at least from Congressman Shays why he would say that. STATEMENT OF AUSTIN J. McGUIGAN, SENIOR PARTNER, ROME, McGUIGAN AND SABANOSH, P.C. AND CO-AUTHOR OF HOW TO USE THE ECONOMIC ESPIONAGE ACT TO PROTECT YOUR CORPORATE ASSETS Mr. McGuigan. A little bit about my background. I was the chief prosecutor in Connecticut from 1977 to 1985. For 4 years I was chief of the organized crime task force, and prior to that I had 3 years as a special agent in military intelligence. For the last 11 years, I have been a plaintiff in many uniform trade secret actions throughout the United States, at least eight or nine states, so I come from this both as a government prosecutor and as an attorney who is prosecuting the cases. I have written a number of articles about the Economic Espionage Act. I assume that everybody agrees that America's technological prowess is its real capital and that the reason for federalizing this area of criminal activity was that we needed that type of protection and expected results. I would suggest to the Committee that there has been a disquieting dichotomy between the numbers that have been provided on estimated losses, $45 billion in 1999, $24 billion in another study, and I have cited these studies from time to time in the absence of cases. Twenty cases, I think only nine of which resulted in any incarceration, not significant fines, not a single case under 1831 which deals with foreign entities, and truly if you call it the Economic Espionage Act it seemed it was in the first instance directed at foreign espionage. There is not a single case that has been developed that deals with foreign espionage of all the 20 cases that are cited, one of which I believe was dismissed, so that when one looks at the record against the alleged losses, one must ask why? What is going on? Of course, the reasons are people are learning how to do these cases, etc. Understandably, the Attorney General agreed to limit the number of cases to 50 in the first 5 years, but at this point it does not look like they are going to challenge the agreed upon limitation so that the number of cases reflects and the types of cases that have been taken reflects that so far whatever the allocation of resources, and I do not know what the government has allocated for resources under the Economic Espionage Act, but it does not seem to be returning the kind of bang for the buck that one might expect. As normally not a fan of the federalization of criminal law, recognizing as a former chief state prosecutor that many of the federalizations of crimes does not exactly enhance the law enforcement activities, but, in any event, this law I felt was a law that was needed. It was needed because this was truly a national/ international problem, but I could say this. I would doubt there is any significant deterrent effect that has come out of the passage of this Act in the last 4 years. The number of cases simply would not augur that people are living in fear of being caught stealing trade secrets. I have suggested in the material prepared for the Committee that at this point it would be something to seriously consider creating a private cause of action for individuals and companies under the Economic Espionage Act. The Uniform Trade Secret Act is presently in force in 38 states, and I believe that almost every state has common law trade secret, which would be equivalent to the Uniform Trade Secret Act, so there are trade secret causes of action in all the states. The question is why federalize? Federalizing would direct court power in three areas in which it is needed. One is in the enforcement of injunctions. Let me explain, having had a number of these cases. If one is to get an injunction in say the State of Connecticut against an individual who has misappropriated trade secrets and that individual moves to Montana, enforcing that injunction in Montana is not as simple as one would think so that we have to discuss with companies the fact that unless we are lucky enough to have diversity, which allows us to have Federal jurisdiction, when we have injunctive power of the Court we may have problems getting enforcement in a foreign jurisdiction. Second, I think it would provide for much easier discovery, and discovery in uniform trade secret cases, and I take economic espionage cases through investigation, is absolutely essential, so I would suggest that for that reason a Federal cause of action is warranted. The third is executing of judgments, execution of judgments when people leave states. Although we have uniform execution, a judgment is simply not that simple. If one is trying to seize assets, once one has a Federal judgment they are in much better shape in trying to enforce it. The fourth reason. I would suggest that when and if someone considers a cause of action that they consider having some type of pre-suit discovery orders. In other words, one of the problems in developing these cases, while one realizes in a company that the technology has been taken to a different company because they have developed something and show no pattern of having worked on it, one is not able to file an action based on the fact that they must have stolen it, so I would suggest that similar to the Copyright Act, and I have put it in my prepared remarks, that you consider some type of pre- suit discovery. The conclusion is that given the paucity of prosecutions that you have, that while criminalization of economic espionage may have provided some merit, the real battle is going to have to be fought by the people who are losing technology. The people who are suffering the losses are going to have to finance the war through private causes of action, and that, I suggest, would give us better deterrent effect and better protect America's technological prowess. Thank you. [The prepared statement of Mr. McGuigan appears in the appendix.] Ms. Ros-Lehtinen. Thank you. Those are very good recommendations. Following up on improvements that we could make to the Economic Espionage Act, and I would like to ask all three panelists. The Act allows for a protective order preserving the confidentiality of a trade secret only if the prosecution requests it. Does this afford, do you believe, sufficient protection against disclosure during legal proceedings? How would you propose that this section of the law be improved? Mr. McGuigan. Well, I would say, and it was pointed out, that companies are afraid they lose control over cases when they have the government prosecuting a case and are afraid that their trade secret will be disclosed in the case itself so that they may in effect win the battle and lose the war. I would suggest that the law be amended so that companies-- the government is required to seek the input of the company, and if a company is forced to give up the very thing for which it was trying in the first instance to protect in order to proceed with the prosecution, it should have a say in having the prosecution stopped, similar to when the government decides that giving up an intelligence informant, they do not wish to go further with the case. Ms. Ros-Lehtinen. Thank you. Mr. Charney. Mr. McGuigan. I believe Mr. Charney had also---- Mr. Charney. Yes. From my days as chief of the computer crime section, we grappled with this problem. You have to look at this a bit logically, though. If the trade secret has already been stolen, the defendant has it. If the trade secret has not been stolen or has been stolen and not yet used as far as you can tell and you want to prohibit its introduction in court, there is a problem with the sixth amendment because under the right of confrontation and the right to challenge the government's evidence, he has a right to challenge the trade secret. I will tell you that we had a case where we charged attempted theft of a trade secret. The defense asked for the trade secret, and we took it up, and we won on the theory that since the defendant was only charged with attempt, whether it was actually a trade secret was irrelevant, and, therefore, there was no need to disclose it. The Appellate Court agreed and so we did not have to disclose it, but I would just caution the Subcommittee that if you are looking at that issue, remember that to some extent the defendant has a right to see what he has been accused of stealing for purposes of litigating for his defense. Ms. Ros-Lehtinen. Thank you. Do you have anything to add? Thank you, Mr. Swartwood. Mr. Swartwood. I would comment that as the only person on this panel that actually works in a corporation, this is a very difficult issue. Often not only is it very difficult to make a determination that you have lost something, but then after you have made that determination or you feel you are comfortable that that has occurred, getting that information pushed up into the management of the organization and having a reaction, a positive reaction to that, is also somewhat problematic. It is very difficult with all the concerns that major corporations have unless you are talking about some absolutely seminal piece of information or something that is considered so super critical. It is very difficult sometimes to get any mind space with the senior management to address these issues in any constructive way. Ms. Ros-Lehtinen. Thank you. I wanted to ask about the territorial scope of the law relating to conduct occurring outside of the United States. Some suggest that there are problems with it. They suggest that the measure ought to be whether the espionage act committed overseas had a substantial effect within the United States. Would you disagree or agree with that recommendation, and how would you define substantial effect? Mr. Charney. I think it is a difficult issue. The law already has some extra territorial provisions, as you know, and also when there is any conduct in the United States you get venue in the United States and so I guess my question would be are we looking at cases, for example, where a foreign company steals a secret in that country, but it somehow has an impact upon the United States. I think if the United States were to exercise jurisdiction in those kinds of cases we would probably get resistance from foreign states about the reach of our law--if that is the scenario we are thinking about. If, for example, a French company took data from IBM in France and because IBM is an American company we said well, that has an impact on IBM's corporate profits and earnings, I think we would get resistance. That is just my sense. Ms. Ros-Lehtinen. Austin. Mr. McGuigan. I do not know whose proposition this is a problem because I know of no case under 1831 that has even been attempted, and I cannot comment on whether or not there is a stumbling block because I simply do not see it as a stumbling block, and I have not seen a case where someone has planned out how it could become a stumbling block. I do not know what testimony there is to that effect. I do not know. Ms. Ros-Lehtinen. OK. Does the prospect of litigation, the threat of litigation or prosecution serve as a true deterrent for corporate spies? Are the fines that are levied under this Act, the Economic Espionage Act, a true deterrent? How can industrial espionage be made less appealing? Do you think more prosecution or heavier fines would serve as deterrents? For example, should violator companies be sanctioned internationally whereby they cannot reap any benefits from the stolen information? Should the United States impose duties on products from such companies or impose other import or export restrictions? What steps can be taken? Mr. McGuigan. The fine so far, and I hate to keep taking the table. The fine so far is simply in looking through I provided a table of all the cases. Ms. Ros-Lehtinen. Yes. We have it. Thank you. Mr. McGuigan. Simply no one could suggest that the types of fines that have been proposed could act as a deterrent---- Ms. Ros-Lehtinen. Correct. Mr. McGuigan [continuing]. If the problem is $45 billion. It is simply not--it does not make any sense. The only large fine is really a restitution I believe that is in the Gillette case where the gentleman sold, I believe, the new design for the Mach III razor before it came out. I believe it has something to do with that, but that is the only large one, and that is really a restitution so there does not seem to be any fines. I would think that the threat of incarceration is more serious for corporations than money, and putting individuals in jail is the best deterrent. Mr. Manzullo. Yes, but they do not give you razors in jail. Mr. McGuigan. I understand that, but I think that---- Ms. Ros-Lehtinen. Not the Mach III anyway. Mr. McGuigan [continuing]. Incarceration is a much better deterrent. For foreign companies obviously, fines are going to have to be more seriously considered, substantial ones, because incarceration is not real. Ms. Ros-Lehtinen. Thank you. Mr. Swartwood. Mr. Swartwood. I think another consideration is that it would be difficult I think to try to prove that something was taken with the full knowledge and agreement of say the CEO of any major corporation. My experience in information loss indicates that even the perpetrators of such crimes for the most part are acting as individuals and not acting necessarily at the behest of another corporation. They are doing it for their own personal reasons. They are doing it for either personal gain or for some type of retribution, etc., and once again I am talking mostly on the insiders. In external situations, my feeling is that even when corporations, if they were involved, it would be at a level of the corporation that would not necessarily be considered corporate. I mean, you might have someone in a division trying to get a short-term gain in an area, and so, I mean, I think proving that it would be a corporate level issue could be very difficult, especially in a criminal venue. Ms. Ros-Lehtinen. Yes? Mr. McGuigan. I think my experience has been the opposite. In many of the cases I have taken, upper management has been involved in the misappropriation, and it has been my experience in the criminal law that when one prosecutes low level individuals they are able to get those individuals to give up the names of the people otherwise involved. So absent again incarceration and seriously doing that, I do not see how you are going to get to the bottom of who in the company is involved. Ms. Ros-Lehtinen. Thank you. Mr. Manzullo. Mr. Manzullo. This is very fascinating. I see two roads here. Maybe I am wrong, and you can correct me-- one is an inference that says because there have been only 18 prosecutions, the FBI or Department of Justice is not sufficiently and aggressively prosecuting these types of cases. Then, on the other hand there is this natural reticence of the companies. They would rather take the hit than give a Federal agent the opportunity to take a peek at the secret. The testimony of the Assistant Director was pretty obvious that they have to struggle with companies. She said she would put on a seminar for one company just to be able to peak their level of inquiry that the FBI is indeed interested. Did you want to comment on that, Mr. McGuigan, because you seem to draw the---- Mr. McGuigan. We in Connecticut have incarcerated at state court individuals. There are no Federal prosecutions in Connecticut, but have had the local gendarmerie prosecute individuals and actually incarcerate individuals for misappropriation of propriety drawings from one of our companies. I think that the reasons for the dichotomy I think need to be explored between the losses and the lack of cases, but, second, I think that it should be longer incarceration because summarily dealing with some people is an object lesson for others. What I am saying is that when you have a case I think you have to prosecute it very, very vigorously, and you have to-- when you get substantial time, you will find out who else is involved, and that can have a salutary effect on a number of other individuals contemplating similar conduct. Mr. Manzullo. Yes? Mr. Charney. I would just like to build on this question a moment because when I was chief of the computer crime section, I can tell you that prosecutors salivate over cases like these. You know, the first case out of the box was the Four Pillars case, which went to trial. We convicted the president of a corporation from Taiwan for stealing secrets from Avery Dennison. These are good cases with sex appeal. That is not the problem. If you look at the Computer Security Institute's surveys, however, they have done surveys on computer crime from 1996 to the year 2000, and in the year 2000 survey what they said was one of the most remarkable statistics on computer crime--not just trade secrets, but computer crime--was the rapid increase in the number of companies willing to report to law enforcement. It had gone all the way up to 32 percent. You know, one victim out of three was now willing to report to law enforcement, up from 17 percent the year before, so if you have between one and two, you know, in every 100 cases you have roughly 17 reported. That is not a very high statistic. I think there is a lot of difficulty within the corporate environment in making the determination about whether you handle this civilly, whether you cut your losses, remediate and get your business up and running again and seek damages through civil action or whether you go to law enforcement. That is a tough call because when you go to law enforcement you get far more publicity than you might want. Then you have to worry about shareholders and investors and public relations. Mr. Manzullo. Loss of confidence. Mr. Charney. Loss of confidence. It is a hard call for a CEO whose primary responsibility is to protect the assets of the corporation and not to---- Mr. Manzullo. Especially in light of the fact that the penalties are so minimal. That goes back to what you were saying. Do companies then opt for civil action, or do they just take it on the chin? Mr. Charney. No. I am actually now on the private side, and the cases that we have been investigating for companies is for civil suit purposes, not to go to law enforcement. Mr. Manzullo. Are these very difficult cases to try and prove? Mr. Charney. Like everything else, it is so dependent on the evidence. I mean, the Four Pillars case we had someone in the company who was being paid off. We flipped him. We put him in a hotel room. We had a camera. The president of the foreign company was going to see the Forest Hills tennis tournament. We had him stop off in the hotel room, and he traded documents for money. The best part of the case, the documents actually said Confidential, and he took scissors and told our informant to cut out the word Confidential and throw it away where it would not be found. That is a great case to try, but in most cases it is far more difficult, especially electronic cases because it is very hard to trace back to the source, and even if you can trace back to the source machine, it does not tell you who is the person sitting at the keyboard. If that machine is in another country, now you have to figure out if that country has similar laws. Mr. Manzullo. We just had that. Was it Indonesia where the---- Mr. Swartwood. Philippines. Mr. Manzullo. In the Philippines. That shows obviously a lack of legal coverage, but only a Philippine law could apply there. Mr. Charney. That is correct. In fact, there are groups. There are three international organizations looking at some of these issues. One is the G8, and I used to chair the G8 subgroup of high tech crime, one is the United Nations, and the other is the Council of Europe. There is a push internationally to harmonize criminal laws in the new economy area, but it is slow. It takes a lot of work. Many countries do not quite see the threat. Indeed, we have only been waking up to it. Mr. Manzullo. Where do you draw the line? When I asked the Assistant Director, at what point does something become espionage? You earnestly recruit people that are with other companies. That goes on all the time. At what point do you cross the line? At what point is a crime committed? Mr. Charney. I mean, generally we would look at the statutory elements first and foremost, and then I hate to say this, but it is a little like paraphrasing Potter Stewart on obscenity, which is I know it when I see it. Most of the cases that were brought to our attention were egregious cases where, for example, people, companies, will not come to law enforcement and report we had an employee. He got hired away by another company. We want you to go investigate. In fact, the government would probably say that is a perfect civil suit, not a criminal one, because you are in a situation where there is going to be a lot of dispute over the facts, a lot of questions about whether it is an employment dispute or---- Mr. Manzullo. Scott, let me followup on that. If you have an individual that works for one company and is hired away by a competitor, how much of his mind has to stop? Mr. Charney. Well, the answer is it does not. I mean, general knowledge does not have to stop, but specific does. In fact, I have seen cases where individuals who have created proprietary information then go to another company and recreate proprietary information. I can tell you in those cases companies are looking at civil suits over that issue. They think that crosses the line because the second company is producing now the same unique product that the first company had and gave them a competitive edge in the market. Mr. McGuigan. Generally you have a non-disclosure agreement in the first place with any high level employee creating that type of information so if he breaches the contract in the first instance. Mr. Manzullo. A non-competitive agreement. Mr. McGuigan. Second, if he were claiming it was simply in his head, in many cases now there is what is known as inevitable disclosure. He is inevitably using the proprietary data that he got in the first instance to develop the data for another company, so those cases are prosecuted civilly. I have been involved in them. I had someone who developed software for machinery and then when to work for another company 5 years later and developed the same software. We successfully sued them and prevented them from doing that. Even though he claimed he did not take any of the information with him when he left, he had the process by which the flow charts for the computer software, which allowed him to essentially create it. Mr. Manzullo. I have one last question if you do not mind, regarding the four suggestions that you made. Mr. McGuigan, you mentioned the fact that there is no subject matter jurisdiction, that you have to have diversity in order to get the Act involved. Mr. McGuigan. Correct. You do not have a Federal Economic Espionage Act, so you sue in the states. If you were suing a citizen of another state and you get diversity, you can---- Mr. Manzullo. Do you mean if there is no Federal Act? Mr. McGuigan. There is no Federal Act now. There is only a Federal criminal Act. What I am suggesting is they should make the Economic Espionage Act and create a civil cause of action under the Economic Espionage Act and allow the companies to spend the resources to prosecute the cases because they will do it, and they will do it when they are confident that they can do it, and they will no longer be afraid they are going to lose control of the case and the government is going to---- Mr. Manzullo. So do you think that is one of the problems is that there is no Federal cause of action? Mr. McGuigan. I think it is clear to me. I never thought as a state prosecutor I would be arguing for an expansion of Federal jurisdiction, but it is clear to me in this particular case. Mr. Manzullo. You have come to your senses. OK. Mr. McGuigan. It is clear to me. Mr. Manzullo. We are moving with electronic commerce that moves like that across state lines. That is a little bit different. Mr. McGuigan. I have come to the conclusion that creating a Federal cause of action is really the way to go, and I think almost everything was pointed out here today. Mr. Manzullo. Which could be tried in a state court. You could actually try that case in a state court if the law---- Mr. McGuigan. You should not have preemption. You should have it you can file a Federal cause of action or a state cause of action. In other words, you should be allowed to file either. I do not think there should be a preemption of state uniform trade secrets law as has happened in some other areas, so I am not suggesting that, and I am not talking about it in expansive approaches in the RICO Act. I am just talking about creating a cause of action. Ms. Ros-Lehtinen. Those are good recommendations. Mr. Manzullo. Yes. I appreciate that very much. Thank you. Ms. Ros-Lehtinen. I think we will move on that. Thank you so much for your excellent testimony. We appreciate it, and we will be checking back with you. I am sure as we move on this, on these recommendations. Thank you. The Subcommittee is now adjourned. [Whereupon, at 3:27 p.m. the Subcommittee was adjourned.] ======================================================================= A P P E N D I X September 13, 2000 ======================================================================= [GRAPHIC] [TIFF OMITTED] T8684.001 [GRAPHIC] [TIFF OMITTED] T8684.002 [GRAPHIC] [TIFF OMITTED] T8684.003 [GRAPHIC] [TIFF OMITTED] T8684.004 [GRAPHIC] [TIFF OMITTED] T8684.005 [GRAPHIC] [TIFF OMITTED] T8684.006 [GRAPHIC] [TIFF OMITTED] T8684.007 [GRAPHIC] [TIFF OMITTED] T8684.008 [GRAPHIC] [TIFF OMITTED] T8684.009 [GRAPHIC] [TIFF OMITTED] T8684.010 [GRAPHIC] [TIFF OMITTED] T8684.011 [GRAPHIC] [TIFF OMITTED] T8684.012 [GRAPHIC] [TIFF OMITTED] T8684.013 [GRAPHIC] [TIFF OMITTED] T8684.014 [GRAPHIC] [TIFF OMITTED] T8684.015 [GRAPHIC] [TIFF OMITTED] T8684.016 [GRAPHIC] [TIFF OMITTED] T8684.017 [GRAPHIC] [TIFF OMITTED] T8684.018 [GRAPHIC] [TIFF OMITTED] T8684.019 [GRAPHIC] [TIFF OMITTED] T8684.020 [GRAPHIC] [TIFF OMITTED] T8684.021 [GRAPHIC] [TIFF OMITTED] T8684.022 [GRAPHIC] [TIFF OMITTED] T8684.023 [GRAPHIC] [TIFF OMITTED] T8684.024 [GRAPHIC] [TIFF OMITTED] T8684.025 [GRAPHIC] [TIFF OMITTED] T8684.026 [GRAPHIC] [TIFF OMITTED] T8684.027 [GRAPHIC] [TIFF OMITTED] T8684.028 [GRAPHIC] [TIFF OMITTED] T8684.029 [GRAPHIC] [TIFF OMITTED] T8684.030 [GRAPHIC] [TIFF OMITTED] T8684.031 [GRAPHIC] [TIFF OMITTED] T8684.032 [GRAPHIC] [TIFF OMITTED] T8684.033