As the size, complexity, and interconnectedness of modern companies’ IT infrastructures has increased, so too has the risk of corporate espionage and cyber attacks targeting companies’ intellectual property. In-house and outside counsel must be ready to deal with the risk that their clients’ confidential information will be stolen, potentially undermining the company’s trade secret assets. Recently, DuPont’s large share of the world’s multi-billion-dollar-a-year titanium dioxide market was threatened by the alleged theft of its trade secret manufacturing techniques by overseas competitor Pangang Group. See United States v. Pangang Group Co. (N.D. Cal. Case No. 11-0573). Similarly, Chinese wind turbine manufacturer Sinovel was indicted this past June for misappropriation of trade secrets valued at $1 billion from Massachusetts-based energy company AMSC. See United States of America v. Sinovel Wind Group Co., Ltd. et al (W.D. Wis. Case No. 13-084). Theft of trade secrets can occur on a smaller scale as well. All it takes is an employee who unwittingly plugs a flash drive with spyware into a company computer, or a disgruntled IT staff member with access to sensitive databases.

Preventative measures abound, including hiring cyber security experts, removing USB ports from corporate computers, enforcing bring-your-own-device policies that govern the use of personal devices for work purposes, and requiring employees to use “clean” loaner laptops when traveling abroad. But what should counsel do when they learn that those measures have failed, and that trade secret information has already been stolen? Worse yet, what if it is discovered that the stolen information has been obtained by a competitor outside of the United States? Once a trade secret is out the door, preventing further dissemination or misappropriation will likely require litigation, and certain prudent options such as those outlined below should be considered.

Contact the Authorities

First, it is important to quickly determine who is in possession of the stolen trade secrets. If the identity of the culprit is not readily ascertainable, private forensics teams can be brought in. Government authorities can also be contacted. While the police are often ill-equipped to deal with cyber theft, the Secret Service Electronics Crimes Task Force has offices in most major US cities and can coordinate local and state law enforcement efforts. If a larger scale or cross-border theft is suspected, the FBI can be contacted to launch an investigation.

Consider Pressing Charges

Bringing in the Secret Service or the FBI early in the case may prove useful in laying the foundations for federal prosecution. Filing a civil lawsuit was once the exclusive means of pursuing trade secret misappropriators, but the Economic Espionage Act of 1996 criminalized trade secret theft under circumstances where the trade secret is used in a product to be sold in interstate or foreign commerce, or where the theft is for the benefit of a foreign government. 18 U.S.C. §§ 1831, 1832. The law also has extraterritorial reach, allowing prosecution of overseas misappropriation where the perpetrator is a US national or where an act in furtherance of the offense occurred in the United States. 18 U.S.C. § 1837. In addition to multi-million dollar criminal fines, the EEA authorizes the Attorney General to bring a civil action to enjoin any violation of the Act, thereby directly benefiting the injured party. Just last year, Congress expanded the EEA in response to the Second Circuit’s decision in United States v. Aleynikov, 676 F.3d 71 (2d Cir. 2012). In that case, the defendant had been convicted of stealing source code related to his employer’s high-frequency trading system, but the Second Circuit overturned the conviction on the grounds that the code was not intended to be used in a product sold in interstate commerce. The EEA has now been extended to cover both products and services used in or intended for use in interstate or foreign commerce.

Injunctions Against Foreign Actors

The EEA is not the only avenue of relief in cases where trade secrets are misappropriated by a multinational or foreign entity. To the extent the stolen IP is later patented, 35 U.S.C. §§ 271(a) and (g) make it an act of infringement to import any product covered by the patent or made using a patented method. Whether the IP is patented or maintained as a trade secret, an action may also be brought in the International Trade Commission, where cases are heard quickly, and an injunction can be obtained barring importation of the offending goods pursuant to Section 337 of the Tariff Act. In 2011, the Federal Circuit held that Section 337 also authorizes injunctions barring importation of goods made using trade secrets that were misappropriated overseas. TianRui Group Co. v. ITC, 661 F.3d 1322 (Fed. Cir. 2011).

A civil action may also be brought against the US distributor of products made by a foreign actor using stolen trade secrets. IMAX Corporation took this approach in June when it sued the California-based distributor of film technology that it alleges was misappropriated by China-based China Film Giant Screen. See IMAX Corporation v. GDC Technology (USA) LLC, et al. (C.D. Cal. Case No. 13-04640). Where the misappropriator itself can be sued in a US District Court, it may even be possible to obtain a worldwide injunction prohibiting the overseas manufacture of products made using misappropriated trade secrets. Such an injunction was ordered last year by Judge Payne of the Eastern District of Virginia following a $920 million verdict against South Korea-based Kolon for misappropriation of DuPont’s Kevlar manufacturing trade secrets. See E.I. Dupont De Nemours & Co. v. Kolon Indus., 894 F. Supp. 2d 691 (E.D. Va. 2012).

The cases cited above demonstrate a willingness on the part of the judiciary, federal law enforcement agencies and Congress to enhance protections for trade secret holders in response to the increased incidence of corporate espionage. IP practitioners would do well to monitor developments in this area of the law, particularly as cyber crime becomes more prevalent.