Federal authorities have recently described the threat of economic espionage from foreign entities as one of the greatest threats to the economic vitality of the United States, and this has led to an increase in investigations and prosecutions targeting foreign nationals as well as U.S. citizens who control foreign entities. At present, the threat is primarily linked to the Chinese government and China-controlled entities; however, entities controlled by other foreign governments and non-governmental entities also represent a significant concern as well.
The United States-China Trade War and the Rising Cybersecurity Threat for the U.S. Government and U.S. Businesses
The United States has been fighting a trade war with China for decades. The threat from China has escalated in recent years, and is now considered a national security issue due to the risks presented to U.S. economic, military, intellectual property (IP) interests. Today, the risks are largely (though not exclusively) presented online, and the U.S. is now facing a cyber war in which federal agents are defending against efforts to hack U.S. intelligence, illegally download proprietary technologies, and misappropriate U.S. companies’ research and development (R&D) for the benefit of China. In addition to the increased national security risks, there is also concern that the trade war has also hampered the R&D efforts of Chinese scientists in the United States, who may fear falling victim to the increased political frictions between the two nations.
Recently, the U.S. Department of Justice (DOJ) has filed charges against American and Chinese nationals in dozens of cases involving economic, technological, academic, and scientific espionage linked to China. In addition, the United States regularly utilizes foreign policy restrictions that are specific to China in order to address national security concerns. These restrictions are present in a variety of key industry sectors, including high technology, software, and business and consumer services. “With the risks companies are facing today, taking appropriate steps to prevent intrusions needs to be a top priority,” says Dr. Nick Oberheiden, founding attorney of Oberheiden P.C. “Companies need to be confident that their IP assets and data are secure, particularly if these assets and data are likely to be of interest to foreign entities.”
Discovery Challenges in U.S. Federal Prosecutions Targeting Foreign Entities
When it comes to federal prosecution of economic espionage and other crimes, a challenge exists as a result of the disparities between U.S. discovery rules and foreign privacy laws. The U.S. discovery process in particular can present additional burdens for prosecutors seeking to investigate U.S. citizens with ties to foreign countries in cross-border cases, especially when the defendant raises foreign jurisdiction or foreign law issues.
For example, the United States and China are both parties to the Convention on the Taking of Evidence Abroad in Civil or Commercial Matters (“Hague Evidence Convention”), and would therefore typically follow the process for obtaining evidence in the other jurisdiction by sending letters of request. However, the U.S. Supreme Court held in Socie´te´ Nationale Industrielle Ae´rospatiale v. U.S. District Court, 482 U.S. 522, 538 (1987) that following the procedures of the Hague Evidence Convention is optional; and, instead, international comity issues associated with ordering evidence located abroad should be the guiding factor for the judiciary.
Further, prosecutors must consider the possibility that it may be illegal to follow certain U.S. discovery rules may under foreign law. This is based on the doctrine of foreign state compulsion, and it is frequently asserted as a defense to non-compliance with U.S. discovery requests. Under the doctrine of foreign state compulsion, U.S. courts will excuse violations of discovery requests if foreign law prohibits the disclosure or production of evidence and the party asserting the doctrine has acted in good faith to avoid the resulting conflict.
Section 442 of the Restatement (Third) of Foreign Relations Law articulated a balancing test to consider when determining whether foreign law may excuse noncompliance with U.S. discovery requests under the doctrine of foreign state compulsion. The Supreme Court endorsed this balancing test in Socie´te´ Nationale Industrielle Ae´rospatiale . However, there is also a bright-line rule which provides that the doctrine does not apply when a foreign party acts in bad faith in refusing to comply with a U.S. discovery request. For instance, in Richmark Corp. v. Timber Falling Consultants, 959 F.2d 1468, 1477 (9th Cir. 1992), the court determined that a Chinese entity acted in bad faith because it could have avoided the conflict at issue but failed to do so.
The doctrine of doctrine of foreign state compulsion and the Supreme Court’s decision in Socie´te´ Nationale Industrielle Ae´rospatiale have changed the ways U.S. courts deal with discovery requests in cross-border cases. It is now more common for foreign-controlled entities to be ordered to produce evidence or documents for use in U.S. courts. However, when a foreign government orders one of its citizens to either withhold information from U.S. discovery requests or face criminal prosecution, federal prosecutors face a significant setback in gathering evidence. Absent other exigent circumstances in such cases, the U.S. discovery rules will generally yield to the foreign government’s order.
Non-Citizens in the United States with Ties to Foreign Governments and Foreign Non-Governmental Entities are Facing Increased Scrutiny and Heavy Prosecution
Due in part to these challenges, the DOJ has increased its scrutiny of individuals of foreign origin residing in the United States, with a particular emphasis on China. In 2018, the DOJ launched the “China Initiative” to combat domestic IP theft and economic espionage by Chinese nationals. Since its 2018 launch, the China Initiative has resulted in the arrest and prosecution of numerous individuals of Chinese descent based on the government’s efforts to protect the national security interests of the United States.
For example, in February 2020 a federal grand jury returned a nine-count indictment against four Chinese nationals who are members of the Chinese military. The counts include computer fraud, economic espionage, and wire fraud in relation to the Chinese nationals’ alleged hacking of Equifax's computer networks and theft of approximately 145 million American citizens’ sensitive personally identifiable information. Later in February, a Chinese national who was an associate scientist at a petroleum company admitted to intentionally copying and downloading technology R&D materials worth $1 billion.
At the end of June, a U.S. District Court judge found a Chinese national guilty of economic espionage, theft of trade secrets, and conspiracy to steal trade secrets from U.S. companies—including his employer—for the benefit of the Chinese government. Specifically, the defendant was found to have stolen trade secrets from these companies and then replicated their technologies. Finally, in July, a rheumatology professor and researcher at a U.S. university with significant ties to China was charged with illegally using U.S. grants from the National Institutes of Health ("NIH") worth $4.1 million to develop research for China and with making false statements about his employment in China. The defendant was a member of the Chinese Talent Plan and had failed to disclose his relationship to a Chinese university, his receipt of funds from the Chinese government, and his actions of researching for the Chinese Communist Party.
These are just a small sampling of recent cases that highlight the federal government’s aggressive efforts to combat foreign IP theft, economic espionage, and other related crimes targeting U.S. companies, institutions, and government authorities.
U.S. Companies Must Proactively Address the Risk of Cyber Intrusions and Other Attacks with National Security Implications
The laws that protect U.S. national security are complex and constantly evolving. The threat from foreign governments and foreign-controlled entities has produced a massive legislative response, and the DOJ and other federal agencies have significantly enhanced their efforts to combat IP theft and economic espionage threats from foreign nationals in the U.S. and abroad.
With this in mind, companies that are prone to cyber intrusions and other attacks from foreign entities need to address these risks—particularly if an attack could have ramifications for U.S. national security. These companies must adopt comprehensive data security protocols, policies, and procedures, and they must have a means of monitoring their IT systems in real time in order to identify threats. This includes not only external threats (i.e. hacking), but also internal threats from personnel or contractors who may also be working for a foreign government or a foreign-controlled entity. When threats are discovered, companies must be prepared to respond immediately in order to protect their IP assets as well as any information which could present a national security threat if obtained by foreign entities.
The risk of cyber intrusions and other attacks on private companies is not going away anytime soon. If anything, the challenges companies face in protecting their IP and other sensitive information are only likely to grow for the foreseeable future. Companies that take the necessary steps to adapt will put themselves in a strong position to avoid potentially-catastrophic losses, while those that do not could find themselves facing scrutiny in a federal investigation with national security implications.