Congress Raises the Stakes for Theft of Trade Secrets with Passage of Two New Laws

by Pillsbury Winthrop Shaw Pittman LLP

The old adage that crime does not pay rings particularly true in the aftermath of two pieces of recent legislation aimed at raising the penalties for trade secret theft: the Theft of Trade Secrets Clarification Act and the Foreign and Economic Espionage Penalty Enhancement Act.

The United States government has become increasingly focused on the monetary costs to the economy from the theft of trade secrets – costs that can never be fully known, but have been estimated to run into the hundreds of billions of dollars. While the Department of Justice and FBI have stepped up prosecutions of individuals and corporations engaging in such theft under the Economic Espionage Act of 1996 (the “EEA”), a recent Second Circuit decision, United States v. Aleynikov, 676 F.3d 71 (2d Cir. 2012), exposed significant limitations in the reach of the EEA – punishing the theft of trade secrets incorporated in products placed in interstate commerce, but not if these products are only used to facilitate or engage in commerce. Certain intangible intellectual property and services were therefore not protected under the EEA – a significant limitation, considering the increasing technology and service orientation of the economy.

Congress has now reacted promptly, passing legislation to close these gaps, and to substantially increase the penalties associated with trade secret theft for the benefit of foreign governments. While the EEA still does not provide a private right of action, the likely result of these legislative initiatives will be an increase in the number of criminal referrals and enforcement actions.

The Economic Espionage Act of 1996

The EEA, 18 U.S.C. § 1831, et seq., punishes companies and individuals who (i) knowingly misappropriate a trade secret (defined broadly as financial, business, scientific, technical, economic or engineering information) “that is related to or included in a product that is produced for or placed in interstate or foreign commerce,” to the economic benefit of anyone other than the owner, (ii) misappropriate a trade secret knowing that it will benefit a foreign government, or (iii) attempt or conspire to commit such theft. As under common law, the EEA requires the owner to have taken reasonable measures to keep such information secret, and that the information derive economic value from not being known to, or ascertainable by, the public.

The EEA carried the threat of maximum penalties of $250,000 and ten years imprisonment for individuals, and maximum penalties of $5,000,000 for organizations. Where the theft was for the benefit of foreign governments, the maximum penalties doubled and the maximum imprisonment for individuals increased to fifteen years. The EEA also allows the Attorney General to bring a civil action to obtain injunctive relief against violations of the EEA.

The Second Circuit Limits the Scope of the EEA

What the EEA did not reach was brought into sharp focus by Aleynikov. In 2009, a former Goldman Sachs Group Inc. (“Goldman”) programmer was indicted for stealing Goldman’s proprietary source code for its high-frequency trading program upon his departure for a Chicago-based startup looking to develop its own such program. Aleynikov, 676 F.3d at 73. On the defendant’s last day with the company, he encrypted and uploaded more than 500,000 lines of Goldman source code to a server in Germany, then deleted the encryption program and history on his computer. Id. at 74. He then downloaded the source code from that server in Germany to his home computer and took portions on a flash drive to a meeting in Chicago with the startup. Id. The jury convicted the defendant and he was sentenced to 97 months of imprisonment and ordered to pay a $12,500 fine. Id. at 75.

The defendant appealed, arguing that the stolen source code was not “related to or included in a product that is produced for or placed in interstate or foreign commerce,” within the meaning of the EEA. Id. The Second Circuit agreed, reading this statutory language to apply only to products that have “already been introduced into the stream of commerce and have reached the marketplace,” and products that are “still being developed or readied for the marketplace.” Id. at 80. The Court said the statute did not apply where a product’s purpose is merely to facilitate or engage in such commerce. Id. It therefore reversed the defendant’s conviction.

The Legislative Fix

Congress reacted swiftly to this decision, passing the Theft of Trade Secrets Clarification Act of 2012, signed into law on December 28, 2012. As Senator Patrick Leahy (D-VT) explained, this act was aimed at correcting the Second Circuit’s “narrow reading” of the EEA to ensure that “American companies can protect the products they work so hard to develop, so they may continue to grow and thrive.” The law replaced the statutory language the Second Circuit had narrowly construed, “a product that is produced for or placed in interstate or foreign commerce,” with the phrase “a product or service used in or intended for use in interstate or foreign commerce.” (emphasis added.)

Congress then followed with the Foreign and Economic Espionage Penalty Enhancement Act of 2012, signed into law on January 14, 2013, increasing the maximum penalties for trade secret theft by those who knowingly commit economic espionage to benefit a non-U.S. government, agency or instrumentality. The stated purpose of this bill was to protect U.S. jobs and technologies, promote investments and innovation, and advance the economic and national security interests of the United States. The maximum penalties for such foreign economic espionage by individuals increased from $500,000 to $5,000,000. For organizations, the penalties increased from $10,000,000 to “the greater of $10,000,000 or 3 times the value of the stolen trade secret to the organization, including expenses for research and design and other costs of reproducing the trade secret that the organization has thereby avoided.” The new law also charges the United States Sentencing Commission with evaluating and, if appropriate, amending the federal sentencing guidelines for foreign trade secret theft convictions. Notably, the act did not increase the maximum penalties, or mandate sentencing guideline review, for purely domestic thefts.


Enforcement officials now have the authority to commence criminal and civil proceedings against individuals and organizations who steal trade secrets related to services, and products or services used to facilitate interstate or foreign commerce. These recent legislative changes will criminalize the theft of more types of intangible intellectual property and afford greater protection, in particular, to the financial services industry. Moreover, recognizing that economic espionage is all about monetary gain, the changes will better align the penalties for such wrongdoing with the potentially enormous benefits to be reaped by offenders, at least in the context of thefts for the benefit of foreign governments and instrumentalities.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pillsbury Winthrop Shaw Pittman LLP | Attorney Advertising

Written by:

Pillsbury Winthrop Shaw Pittman LLP

Pillsbury Winthrop Shaw Pittman LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.