Did You Do Enough to Protect Your Trade Secrets?

by Mitchell Silberberg & Knupp LLP
Contact

On January 21, 2014, Mozaffar Khazaee, a naturalized American who maintained dual citizenship with his native Iran, was indicted in Connecticut on two counts of interstate transportation of stolen property, which carries with it a potential sentence of ten (10) years in jail and a fine of up to $250,000. This case is a stark reminder that internal controls are only as good as their implementation.

What prompted the arrest was Khazaee’s earlier attempt to ship 44 boxes of household goods to Iran. In fact, those boxes contained highly sensitive information about the U.S. Air Force’s F-35 Joint Strike Fighter in the form of technical manuals, specification sheets, and other proprietary information. In order to stop Khazaee from leaving the country while the investigation is ongoing, a Homeland Security Investigation (HSI) agent swore out an affidavit to support an arrest warrant for violation of 18 U.S.C. § 234. The elements of the crime are 1) goods, wares, merchandise, or other property is stolen, converted, or taken by fraud; 2) the defendant transported, transmitted, or transferred the property in interstate or foreign commerce; 3) the defendant knew the property was stolen, converted or taken by fraud; and 4) the value of the property was $5,000 or more. The fact that the government relied on 18 U.S.C. § 234 as the basis to arrest him is worthy of comment since such a law clearly has nothing to do with the possible U.S. national security threat arising out of the attempted export.

The HSI affidavit explains that much of the contents of theshipment belonged to at least three (3) defense contractors. Press reports have identified one of the contractors as Pratt & Whitney, which has acknowledged it is cooperating with authorities. The affidavit makes clear these contractors all had in place exactly the types of agreement one would hope to find. Khazaee had signed a form of trade secrets agreement when hired in which he acknowledged he was responsible to surrender all company property upon termination. There were proprietary notices on many of the documents making clear the property belonged to the named defense contractor and was subject to the International Traffic in Arms Regulations or ITAR, 22 U.S.C. parts 120-130. There were also notations on many pages that export contrary to U.S. law is prohibited. There was a general downsizing at Pratt & Whitney and, as part of his separation process, Khazaee signed an agreement stating he had returned all company property and complied with the company’s intellectual property and business proprietary requirements. Yet he still had these reams of highly sensitive documents in his possession and was trying to get them to Iran!

Many have speculated why Iran would be interested in the information given the aging nature of its air force. The most likely reason is to assist its close allies, including the Chinese and the Russians. Perhaps Khazaee intended to go into business for himself. Whatever his motives, this case reminds companies of all sizes and in all industries that all the agreements in the world cannot protect you if they are not properly implemented and enforced. At this juncture, not enough is known publicly about how he obtained the documents. We do not know whether Khazaee emailed them to himself. Perhaps he had remote access and printed them. He could have also downloaded the files to thumb drives that he removed from the office. The HSI affidavit makes clear that some of the documents dealt with strength and durability evaluations for one contractor’s engine components. Also in the boxes was a document entitled “Turbine Durability: Creep.” Obviously these are highly sensitive business proprietary documents with potentially serious implications to U.S. national security.

Press reports indicate the F-35 program is centered around the concept of a single fighter plane designed to be used jointly by the Air Force, Navy, and Marines starting in 2015. As with any of these defense contracts, there are multiple parties involved, and a case like this one has to cause all of them to be concerned about how their information and technology is being handled.

One can find any number of reality shows featuring the dumb things criminals do. Certainly here, shipping anything directly to Iran would send up red flags, calling it household goods was even riskier, and trucking the boxes from Connecticut to Los Angeles for export to Iran generated even more red flags. Nonetheless, this case is a harsh reminder that monitoring what one’s employees are doing can be tricky but remains necessary, especially if someone is being terminated.

Although we do not have details as to how Pratt & Whitney implemented its downsizing, this worst-case scenario serves to remind all employers that merely asking employees to sign confidentiality agreements is not enough to protect the confidentiality of company information – and this is an important factor whether, as here, we are focused on an employee no longer with the company or whether we focus on contractors or employees currently working with the company. Employers simply must take more measures to ensure that employees/contractors do not leave the premises with proprietary information, especially upon separation. These measures could include, for example, walking the employees/contractors back to their work stations and out of the building to ensure nothing is taken; ensuring that employees/contractors do not have access to computer systems at home (or, if they do have access, ensuring the IT department remains vigilant that nothing is downloaded without permission); marking all company documents as proprietary and confidential; having management remind employees/contractors regularly and consistently they must maintain company information confidential and that any violation of that policy will lead to discipline, up to and including termination; and filing charges or civil lawsuits against those employees/contractors who steal confidential information. Of course, these measures cannot offer complete protection against the enterprising malfeasant, but they certainly send a message to other potential malfeasants the company will not tolerate the theft of its proprietary information.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mitchell Silberberg & Knupp LLP | Attorney Advertising

Written by:

Mitchell Silberberg & Knupp LLP
Contact
more
less

Mitchell Silberberg & Knupp LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.