Archive for 'Trade secrecy.'
Michael D. Moberly March 11, 2014 ‘A blog where attention span matters’.
On February 19, 2013, Mandiant, a U.S.-based cyber-security firm released a report purporting to have evidence linking a specific unit of the (Chinese) People’s Liberation Army in Shanghai to a global cyber espionage campaign against companies in twenty economic sectors. The campaign was designed to misappropriate valuable intellectual property and other forms of intangible assets, i.e., intellectual, structural, and relationship capital. And why is this relevant? It’s because steadily rising percentages, i.e., 80+% of most company’s value, sources of revenue, profitability, and sustainability lie in – emerge directly from intangible assets!
As would be expected, Mandiant’s report received substantial media coverage, prompted no doubt in part by its immediate and categorical rejection by Chinese government officials. Of note, the following day (February 20, 2013) the Obama administration release a newly tweaked strategy to combat theft of intellectual property and other intangible assets from U.S. companies based on the argument that trade secret theft threatens U.S. national (economic) security, with five strategic actions noted…
- Focus diplomatic efforts to protect trade secrets overseas.
- Promote voluntary best practices by private industry to protect trade secrets.
- Enhance domestic law enforcement operations.
- Improve domestic legislation, and
- Public awareness and stakeholder outreach.
Economic Espionage Equates With National Security…
Economic espionage involves government and/or otherwise state sponsored initiatives to clandestinely acquire information assets from another (foreign) government or company that are in a safeguarded state. That is, the information assets
- are owned by a company.
- distinguished as being proprietary, or
- meet the requisites of trade secrecy.
- enforced, protected by intellectual property law, or,
- categorized as being classified by a government entity.
Frequently though, economic espionage is referred to as corporate or industrial espionage.
The U.S., and I assume other countries as well, are correctly inclined, in my view, particularly in a 21st century context, to equate or elevate the aggressive, increasingly sophisticated and predatorial targeting capabilities of economic espionage to national and economic security status, as expressed by former FBI Director Sessions in the mid-1990’s. Or, in more recent contexts, numerous U.S. private sector and government leaders point to economic (cyber) espionage as metastasizing to the point of being a (the) primary contributor to the “greatest transfer of wealth in history’. While this characterization may have originated with intent to dramatize the significance of this adverse phenomena, it’s hardly arguable.
I suspect, but have no direct evidence to support such a claim, there is an agenda, correctly or not, to modify the context of economic espionage, away from its 1996 roots with the passage of the Economic Espionage Act, by consistently describing it as cyber-espionage vs. the more straightforward term of economic espionage.
To be sure, well before the advent of sophisticated cyber technologies, economic espionage was just as stealthy and successful as it presumably is today. The difference being, both protectors and adversaries apparently hold the view that all valuable information assets now exist primarily in electronic ‘bits and byte’ contexts.
However, be assured, that does not suggest economic and competitive advantage adversaries overlook or dismiss the extraordinary value embedded in human (intellectual, structural, and relationship) capital. Readers of this blog recognize, economic (cyber) espionage has manifested itself in multiple forms in the past quarter century.
International Law and Economic (Cyber) Espionage…
Countries’ desire and need to engage in more consistently potent legal prosecutions and other countermeasures to combat economic (cyber) espionage are challenged somewhat by existing international law on espionage, says David P. Fidler, Professor of Law at the Indiana University and a Fellow at I.U.s Center for Applied Cyber-security Research and member of the American Society of International Law.
In his fine article titled ‘Economic Cyber Espionage and International Law: Controversies Involving Government Acquisition of Trade Secrets through Cyber Technologies’ (ASIL, March 20, 2013, Volume 17, Issue 10), Fidler points out that while a victim country, and presumably company as well, could assert that spying violates the principles of sovereignty and non-intervention, state practice has, probably unfortunately in my view, has accepted state-sponsored espionage to the extent that such appeals may not be regarded as serious or sufficient claims, standing alone.
Although cyber espionage is sometimes described as “cyber attacks” and “cyber-war,” Fidler identifies no government that regards cyber espionage as constituting a prohibited use of force. Other bodies of international law under which espionage issues arise, such as rules on armed conflict and/or with respect to diplomatic relations in periods absent a declaration of war, do not prohibit or necessarily constrain espionage, or economic espionage in particular.
Many Countries Obviously Prohibit Economic Espionage…
Many countries prohibit economic espionage under (their own) national law. However, enforcement of such laws may present challenges because the specific elements of economic espionage include foreign government participation. Using extradition or mutual legal assistance treaties proves ineffective also, especially says Fidler, when the requested state is accused of sponsoring criminal acts, i.e., economic espionage.
Is there a possible role for TRIPS…
The Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) of the World Trade Organization (WTO) requires each WTO member to protect, within its territorial boundaries, certain types of intellectual property rights, including trade secrets.
Some have argued that the U.S. should use protections enunciated in international trade law regarding intellectual property against countries engaged in economic (cyber) espionage. As readers already know, private sector enterprises engaged in trade and investment agreements and/or transactions have used international law to safeguard their intellectual property rights.
However, WTO members have, to date, shown little or no interest, according to Professor Fidler, in addressing economic espionage within the constructs of WTO, despite mounting concerns. One reason is that WTO members have not used WTO-based strategies, the reason, Fidler says, lies in the difficulty of successfully formulating a claim that economic espionage actually violates WTO agreements.
WTO rules impose obligations on WTO members to fulfill within their territorial boundaries. That is, WTO members that engage in economic espionage, i.e., covertly (illegally) obtaining intellectual property and other forms of intangible assets of other WTO members which operate companies within that countries’ territorial boundaries could be in violation of those WTO obligations. No prudent business person should exhibit naiveté about such obligations.
Even if a WTO member could construct what may become a successful claim that economic (cyber) espionage violates a WTO rule, it would have to establish that another WTO member’s government is responsible for the act. Usually, Professor Fidler argues, establishing governmental responsibility for challenged acts is not difficult, but WTO cases have generally not involved accusations regarding state-sponsored economic (cyber) espionage. It is not clear, Fidler suggests, whether a WTO (nation, government) member could successfully satisfy such a burden by relying solely on evidence provided by the private sector victim, e.g., Mandiant’s report without revealing any existing counter-intelligence tradecraft that may be in place.
Far too much time focused on naming the culprits…
Far too much time, in my view, has been focused on identifying and naming who the (economic espionage) culprit countries are, with far too little attention and resources from private sector companies on designing, incorporating, and executing effective strategies to combat it. Let’s say, for instance, we accept Mandiant’s report in full, along with the annual report by the Office of the National Counterintelligence Executive, and various other reports citing China as the single most aggressive economic (cyber) espionage adversary.
I am quite confident readers of this blog are pragmatists. That is to say, we would be very surprised to learn of a company that would elect to cease operations and/or business transactions in a country with 1.2 billion+ potential consumers! Just don’t see that happening!
(A special thanks to David P. Fidler, Professor of Law at the Indiana University and a Fellow at I.U.s Center for Applied Cyber-security Research and member of the American Society of International Law for his fine article titled ‘Economic Cyber Espionage and International Law: Controversies Involving Government Acquisition of Trade Secrets through Cyber Technologies’ (ASIL, March 20, 2013, Volume 17, Issue 10) that inspired this post.)
Michael D. Moberly October 5, 2012
The context,…‘if a hole is found in my company’s or my client’s proprietary information fence, the job of information security is to patch the hole, but, the job of an information asset protection specialist is, in addition to helping patch the hole, DETERMINE…
- What caused the hole in the fence to occur/form in the first place, and were there precipitating circumstance or triggering factors…?
- Under what circumstances was the hole in the fence initially discovered…?
- Who, if anyone, knew the hole in the fence existed before it was discovered, but did not report it…?
- How long did the hole in the fence exist before it was discovered…?
- What information assets moved through the hole in the fence before it was discovered and patched…?
- Is there evidence that the information/data-based assets that moved through the hole in the fence before it was discovered and patched were specifically targeted or merely arbitrarily acquired…?
- How much (economic) hemorrhaging and/or impairment to (asset) value, materiality, competitive advantage, brand, reputation, ownership, trade secrecy and/or strategic planning, etc., occurred as a result of information assets moving through hole being in the fence…?
- Is it known who the recipients of the information assets that moved through the hole in the fence are, before it was discovered and patched…?
- How will the recipients likely use – exploit those information assets…?
The responsibilities of information (security) asset protection specialists are now cross-functional and converge with risk management, HR, IT security, intellectual property counsel, audits, valuation, R&D, reputation risk, and brand integrity, among others.
To mitigate adverse effects – consequences do to information asset losses, compromises, and/or misappropriation, an important key is to collaborate with professional domain above with a singular objective; sustain (protect, preserve) control, use, ownership, and monitor the value and materiality of a company’s information-based (largely intangible) assets!
Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593 or firstname.lastname@example.org
This post was adapted by Michael D. Moberly and inspired by a speech made by Dr. Joel Brenner, then Director, Office of National Counterintelligence Executive (ONCIX) to the American Bar Association in Washington, D.C., and author of ‘America The Vulnerable: Inside The New Threat Matrix of Digital Espionage, Crime, and Warfare’.
Michael D. Moberly August 20, 2012
A recent ruling by the USDC (Northern District of California) will, once again, hopefully serve as impetus for information asset protection management specialists and intellectual property counsel to review the agreements, policies, procedures, and practices to reflect the adage that ’all trade secrets start life as intangible assets, i.e., ideas – intellectual capital!
On June 7, 2012, in FormFactor, Inc. v. Micro-Probe, Inc., this court ruled on a case that, once again, delineates the evidence necessary to support an allegation of trade secret theft.
In February 2010, defendant left FormFactor to work for Micro-Probe, a competitor. Both firms sold and provided support for products used to test the performance of semi-conductors. The companies had some overlapping customers although their products conducted different kinds of performance tests.
While employed by FormFactor, defendant had been authorized to remotely access his employer’s internal system on the laptop provided by his employer as well as a personal home computer. When defendant informed his employer he was leaving to work for Micro-Probe, he returned his company owned laptop. Unfortunately, FormFactor made three procedural errors…
- it made no inquiries about whether the defendant retained any proprietary data/information (files) on his personal home computer,
- neither did FormFactor request that defendant return or delete any (proprietary) materials that he may have acquired while working from home., and in addition, defendant
- never signed any restrictive covenant/agreement while employed by FormFactor.
Shortly after defendant departed FormFactor, at their request, the defendant relinquished his personal (home) computer and other data storage devices for inspection (by FormFactor) to determine if it contained trade secrets or confidential (proprietary) information. This inspection revealed some 4500 files were stored on defendant’s home computer and its storage devices belonging to FormFactor. Following this inspection and comparison to Micro-Probe’s databases and electronic storage system, only one of those (4500) files appeared in Micro-Probe’s possession.
Consequently, the court noted that any party seeking to recover under California’s Uniform Trade Secret Act for misappropriation, in this instance, FormFactor…
- must demonstrate the existence of a trade secret
- must identify the trade secret(s), and
- carry the burden of showing that the (alleged) trade secrets exist.
Further exacerbating FormFactor’s claims in this instance, was that, of the 4,500 files listed, none met the requisite specificity of constituting a trade secret, thus, the blanket assertion that all of the files were ‘confidential or contained a trade secret was rejected.
Also, the USDC ruled that FormFactor’s case omitted the requirements that the plaintiff
- identify each particular trade secret (not just a file that might contain a trade secret), and
- describe the subject matter of the trade secret, and
- establish that a trade secret held independent economic value.
It certainly comes as no surprise that requiring plaintiff’s to openly disclose a trade secret frequently deters companies from pursuing trade secret claims.
The court also said, plaintiff’s broad argument that it spends $50 million a year on R&D failed to establish a connection between (a.) the value of the alleged (contested) trade secrets on the defendants home/personal computer, and (b.) FormFactor’s level of annual spending on R&D.
Finally, the court held that FormFactor had not sufficiently demonstrated that it made reasonable efforts to safeguard its alleged trade secrets in that it…
- never required defendant to sign a non-compete, confidentiality/non-disclosure, or non-solicitation agreement.
- allowed defendant to retain his contact information after his departure from FormFactor.
- authorized defendant and other employees to work from home.
- did not request defendant return any FormFactor data upon tendering his resignation.
Ultimately, FormFactor did not establish the existence of any protectable trade secrets, nor did it demonstrate misappropriation, i.e., improper acquisition or use, under CUTSA. Mere possession of an alleged trade secret by a departing employee, standing alone, does not presume misappropriation.
Too, the single file that defendant appeared to have taken to Micro-Probe was actually a spreadsheet containing non-confidential information. That file was in a format that was common to the industry and not unique to FormFactor. Too, there was no evidence that Micro-Probe ever actually used that documents’ content.
Given the extraordinarily rapid growth of knowledge intensive companies globally, wherein 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth and sustainability reside in intangible (intellectual capital) assets, this ruling should serve as yet one more testament to how companies should strictly follow the ‘six requisites of trade secrecy’, and put procedures-practices in place to sustain control, use, ownership, and monitor the value, materiality, and possession of its proprietary information and trade secrets!
(This post was inspired by a case summary by GreenbergTraurig, dated August 3, 2012)
Michael D. Moberly May 3, 2012
We can presume that a significant percentage of employees enjoy and likely receive some, albeit cathartic, satisfaction talking about their work. The array of on-line (social media) platforms that are readily available and through which people (employees) can converse about their work often times in substantial detail.
Most companies with even a modicum of understanding about the vulnerability and risks such open source conversations pose, endeavor to mitigate such risks and sustain the proprietary nature – trade secret status of designated information assets through restrictive covenants included in employment contracts, i.e., non-disclosure and/or confidentiality agreements or NDA’s and CA’s respectively. Exacerbating the open source social network posting phenomena of course, is how seasoned competitive analysts can derive actionable intelligence from these sources which, among other things may reveal a company’s plans, intentions, and capabilities, i.e., projects, launches, etc.,
Most NDA’s and CA’s I’ve seen however, are brimming with a myriad of do’s, don’ts, procedures, and potential sanctions to those who breach the now mandated confidentiality. While I’m confident they exist to the contrary, I see few NDA’s or CA’s that address the all-important ‘why this information warrants protection’ question. I’m suggesting including explanatory contractual language (in NDA’s and CA’s) directed to inquisitive twenty-something’s why certain company information must remain proprietary or secret should not be dismissed or overlooked. To be sure however, I’m not referring here to categories of information and/or data that are already mandated kept free from breaches, i.e., HIPPA or similar regulatory mandates.
For a generation of ‘twenty something’ employees who appear undaunted by regular postings of what preceding generations would characterize as personal, even perhaps private information, on their preferred social media platforms; answering the relatively simple question about why it’s important to safeguard particular (company held) information is, in my view, an overlooked and under-studied necessity.
Warranted or not, the proverbial twenty something’s have earned a reputation as being a primary source where information breaches are likely to emanate which I am inclined to believe and thus favor including a realistic answer in NDA’s and CA’s to the ‘why this information warrants protection’ question. I am not suggesting the answer be framed as a discussion or an option, rather a straightforward answer. One very viable and understandable answer to that question lies in…the economic fact that 65+% of most company’s value, sources of revenue, and building blocks to achieve growth and sustainability evolve directly from intangible (mostly information-based) assets!
In other words, providing a sound(contractual-based) rationale for sustaining trade secrecy or its cousin, proprietary status, can, I believe, in many circumstances, will serve as an additional and probably equally effective risk management tool insofar as safeguarding a company’s valuable and strategic information assets.
I recognize that I am hardly the first practitioner to raise – frame the issue in this manner. But, I suspect, in this social media era, assuming a twenty-something employee fully appreciates the connection between signing an NDA during their employee orientation process and the (real and contributory) value of that information, which in most instances, they have yet to see, let alone access, is a fairly weak assumption.
I remain skeptical therefore, that employees who seemingly find it both acceptable and desirous to post what heretofore has justifiably been private (life) matters on their social media platforms will become information asset protection (security) zealots overnight. But, let’s be clear, this post is not about characterizing all twenty-something employees as being naive and potential-inevitable sources of information breaches or leaks
Ester Dyson, a re-known information technology consultant, once said on a related matter, that ‘the trick (to information asset protection) may not lie in trying to control the number of copies, or even the ability to copy for that matter, rather it may have more to do with influencing a relationship with originators and users of information’. For the 90+% of new and existing employees, whom studies assure us will never become an ‘information leaker’, I agree!
Michael D. Moberly May 2, 2012
At a time when 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth and sustainability evolve directly from intangible assets, it’s prudent for management teams and boards should be very clear about the…
- decision process to declare particular information assets as trade secrets
- six requisites of trade secrecy that must be maintained and monitored, and
- designation of particular information assets as trade secrets, constitutes a strategic business decision, not solely a tactical legal process.
It’s important to recognize that an organization’s trade secrets and proprietary information are intangible assets, plain and simple! They provide both objective and subjective value.
- Objective value in the sense that they are directly related to the continuity of a company, i.e., how trade secrets and/or proprietary information contributes to a particular process, procedure, and/or operation, and
- Subjective value in the sense that their value follows-flows from its nature, i.e., the ability to retain the information assets in a secret and/or proprietary state.
So, my intent here is not to portray trade secrecy as being an extraordinarily complex, cumbersome, or burdensome process, rather, to provide management teams and boards with:
1. important considerations and options regarding decisions to declare or not declare particular information assets as a trade secret.
2. context regarding the adverse and often time cascading economic and competitive advantage affects if/when a company’s trade secrets or proprietary information (assets) are compromised, stolen, or misappropriated, etc.
In conversations with management teams and boards about trade secrets and trade secrecy, the first items on my agenda are to thoroughly discuss and ensure there’s clarity about the…
- six requisites to trade secrecy, and
- absolute necessity for a company to be consistent with respect to their practices and procedures in meeting those requisites, i.e., what’s required operationally and procedurally, for a company (on an enterprise wide basis) to ‘keep secrets secret’!
The second, but equally important item on my discussion agenda about trade secrecy is addressing the contributory value of a trade secret. My rationale for attaching such significance to information (trade secret) asset value-valuation is that numerous and respected studies and surveys, as well as anecdotal experiences, clearly conclude that:
- The indeterminate protection of proprietary information – trade secret assets is an increasingly challenging, but never-the-less essential undertaking for companies today.
- The probability that a company will experience a breach, theft, compromise, or misappropriation of one or more of its trade secret assets and that it will have been facilitated, enabled, or fully executed by a trusted employee (insider) is on, what many experts believe, and I agree, an irreversible upward curve.
- If the holder of trade secret is unable to build a strong and legally persuasive case when it’s challenged or disputed, regarding:a. the value of the stolen, misappropriated, or compromised trade secret (information asset)
b. the consistency in which the holder met and followed the well-established requisites of trade secrecy,
it’s probable then that the assets’ trade secrecy status may not be conferred by a court!
What follows are specific aspects of trade secret value, valuation, and trade secrecy status that management teams and boards should find relevant insofar as sustaining trade secrecy and recognizing key and inevitable questions that will be posed when/if challenged, e.g.,
1. Does the trade secret have multiple and/or separable components, i.e., does it consist of a specific formula in addition to a specific process to operationalize that formula? If so, what would the value of the trade secret be if separated on a piecemeal basis?
2. Does the trade secret deliver and/or enhance the value of an entire enterprise/company or to a specific operation, business unit, technique, and/or method related to conducting-operating the business?
3. Does the existence of a trade secret add to the knowledge-competency of a single employee or particular group of employees? If so, is the resulting-subsequent intellectual capital those employees create and presumably apply in their work acknowledged and valued?
4. What would happen, in a criticality context, if a trade secret were to literally disappear tomorrow? Could the company continue to function profitably? If so for how long? Or, would the loss be so significant and adverse in terms of economic and competitive advantage hemorrhaging that the company would have to cease operation?
5. What level of economic-competitive advantage benefit can a company objectively expect (project) from declaring a particular information asset as a trade secret? Is the value of a trade secret indeterminately sustainable, or does it fluctuate – change over time? If so, what is the range and frequency of such fluctuations?
6. Maintaining certain information assets in a trade secret status requires time and resources. But, is there a specific (observable, measurable) point when a trade secret becomes obsolete or its contributory value depreciates to a level that there is no business necessity to retain its trade secrecy status and therefore allow it to enter the public domain?
7. Have there been a sufficient number of transactions and/or litigations in the industry sector, i.e., a trade secret loss, misappropriation, and/or compromise to identify an objective and replicable framework for assessing trade secret value? If so, would the market for this particular information (trade secret) asset be considered active in the context of giving validity to the value a company has assigned to a comparable (stolen, compromised, misappropriated) trade secret?
8. Does each information asset a company has declared to be a trade secret have independent economic value that can be directly attributed to it ‘being kept secret’?
9. If a trade secret were stolen, misappropriated, or otherwise compromised, what would its ‘re-development value’ be, assuming it could be re-developed? Can the management team and board attach a price to the process necessary to re-develop a particular trade secret asset?
To be sure, the above questions and underlying issues are not intended to be exhaustive list relative to management teams, c-suites, and boards’ decision to declare – not declare certain information assets as trade secrets.
Admittedly, and for multiple reasons, there remain numerous challenges and difficulties when trying to objectively establish (calculate, assign) value to a trade secret. One of which is that trade secrets can often be used/applied in multiple ways within the same firm, and thus may exhibit higher contributory value for one business unit compared to another business unit.
Hopefully, a memorable ‘bottom line’ to this post will be that management teams, c-suites, and boards must consistently meet the six requisites to trade secrecy in order for a particular information asset to sustain its trade secrecy status!
Michael D. Moberly April 11, 2012
Let’s be clear, I am not advocating a protectionist view here. I am however, a strong proponent of Article I, Section 8 of the U.S. Constitution that states (paraphrased), ‘if one invents a new product and/or technology, etc., and has been issued a patent, trademark, or copyright by the U.S. Patent and Trademark Office (USPTO) they, and only they, should reap the economic benefits from their efforts’.
Once IP has been issued, the holder essentially has the sole responsibility for sustaining the much coveted exclusivity and executing the necessary protections, which frankly, are dependent on numerous factors, but primarily whether the IP holder:
- consistently engages in best practices to effectively safeguard their IP, and
- has the resources to consistently monitor and aggressively (legally) pursue any attempts to misappropriate, infringe, or steal their IP.
A very relevant business reality for IP holders to consider is that not all cultures, countries, or individuals embrace or interpret the largely western dominated view regarding IP exclusivity.
For example, in McAfee’s (2009) report titled ‘Unsecured Economies: Protecting Vital Information’, the subject matter experts who responded to the survey agreed (not surprisingly) that if an enterprise (country, company, organization, etc.) can (illegally) appropriate R&D for example, at minimal cost compared to legitimate competitors and then go on to produce a comparable product (albeit it a product developed from infringed IP) at a far lower cost, basic economics dictate that the manufacturer of the (infringed) product will, in fact, win space in the marketplace.
Thus, the global incentives for state sponsored, companies, or individuals to engage in industrial – economic espionage, i.e., appropriate others’ intellectual property, remains high, particularly in markets (countries) where:
- there are few, if any, well established brands and corresponding consumer (brand) loyalty, and
- there is an abundance of ‘legacy free players’ (Thomas Friedman) in which private property ownership remains a relatively new concept as does the ownership of intellectual property..
- the business transaction environment is ultra-aggressive, competitive, predatorial, and winner-take-all.
While the realities conveyed above are well understood within the information asset protection community, there remain a significant number of companies that express an attitude of dismissiveness, not only about IP risk, but developing effective policies, procedures, and practices to mitigate this global and costly reality.
Too, many companies still do not have an integrated (enterprise-wide) approach to address the persistent challenges associated with IP theft, infringement, and/or misappropriation, which minimally requires…
converging the expertise of information asset protection, HR, IP counsel, IT security, risk management, marketing, and R&D as a starting point to address c-suite fiduciary responsibilities for ensuring control, use, ownership, and value of a company’s intangible (IP) assets are sustained for the duration of their respective value and functionality cycle.
Of course, to achieve this on any semblance of consistency, it’s absolutely essential today that:
- there is an on-going dialogue among a company’s various professional disciplines regarding risk to IP assets
- each disciplines’ perception of (IP) risk will be recognize
- consensus is reached on what actions (policies, procedures, practices, etc.) are necessary to prevent, deter, and/or mitigate the risk.
While visiting my blog, you are respectfully encouraged to browse other topics/subjects (left column, below photograph) . Should you find particular topics of interest or relevant to your circumstance, I would welcome your inquiry at 314-440-3593 or email@example.com
Michael D. Moberly January 19, 2012
Throughout my 25+ years of experience in the intellectual property – intangible asset side of business I recall only a handful of instances in which a company had assigned (presumably calculated) a specific dollar value, beyond a subjective estimate, to stolen, infringed, or misappropriated trade secrets (proprietary information).
On the other hand, I have been part of conversations, too numerous to mention, when a company representative would offer guesstimates about the value of ‘missing’ information assets.
There are various reasons why companies do not provide more detail about a loss or compromises of a trade secret or information deemed proprietary. One reason is, there is no standard methodology to objectively calculate (assign) a more precise, defensible, and preferably unchallengeable dollar value to a loss or compromise.
Not in-frequently, I have found that when a company experiences a particularly significant information asset loss or compromise, their initial reaction is to hurriedly resurrect a laundry list of resources used to produce that asset (from its inception to its execution) along with estimates of the associated cost of those resources. In such instances, simple arithmetic would be applied to tally the costs as representing the value of the missing asset.
Such approaches provide little if any insight to the underlying and contributory (enterprise-wide) value of a compromised information asset. In other words, if the secret/proprietary information was embedded in, for example, multiple processes or procedures that permitted a company to achieve (current, future) competitive advantages or an enhanced market position, it’s unlikely such simple calculations would reveal that additional, but very real, value.
A second reason companies may be reluctant to provide more precise (dollar value) information about stolen and/or compromised trade secrets and proprietary information is that by doing so, it may become problematic from a public relations, stakeholder, and legal perspective. And, if litigation (civil, criminal action) is being considered a more thorough analysis may…
- undermine consumer – shareholder confidence.
- encourage (leaving the door open to) unflattering challenges about the validity of the methodology the company used to reach a dollar value.
- prompt (legitimate) questions about the company’s overall information asset protection capabilities and practices, on a fiduciary (responsibility) level.
Relevant to all of this is a Forester Research study (March, 2010) commissioned by Microsoft and RSA, titled ‘The Value of Corporate Secrets: How Compliance and Collaboration Affect Enterprise Perceptions of Risk’.
Having read and studied numerous similar studies, this particular study stands out in my view because the principle investigators incorporated the following into their analysis of the findings, i.e., the,
- value of sensitive information contained in corporate portfolios, as a whole.
- variety of security controls used to protect/safeguard that information.
- drivers of information security programs, i.e., what influences companies (internally, externally) to impose security controls on its information assets.
- cost and impact of enterprise data security incidents, apart from corporate (trade) secrets and sensitive, proprietary information.
The key findings of this Forrester Research study are…
1. Secrets comprise two-thirds of the value of most company information portfolios
2. Compliance, not security, is the primary driver of (information) security budgets
3. Companies focus a great deal of time/resources on preventing accidents, but theft (of trade secrets) is actually more costly.
4. The more valuable a company’s trade secrets/proprietary information is, the more ‘incidents’ a company will likely experience.
5. Chief Information Security Officers (CISO’s) typically do not know how effective, or perhaps conversely, how ineffective, their company’s information security controls really are.
Ultimately, it’s important to recognize that…
- trade secrets and proprietary information are intangible assets, and
- 65+% of most company’s value, sources of revenue, and building blocks for growth and sustainability lie in – directly evolve from intangible assets.
Michael D. Moberly August 30. 2010
As the respected consultant and researcher Karl-Erik Sveiby once noted, ‘my argument about the value of information is not that it is wrong to regard information as being valuable, rather, it’s that we should reconsider our mindsets about its value’.
Of course, from my perspective, having been engaged in safeguarding information-based intangible assets for a significant portion of my professional career, I still sense the prevailing, all be it, naive ‘talk is cheap’ mindset is perhaps the single greatest challenge that companies and/or holders of proprietary information face.
There’s little question, people (employees) enjoy – variously receive some pleasure talking to others about their work. And today, there is such an array of platforms, in addition to verbal, that provide people with opportunities to convey, often times in very specific detail, their work related projects, activities, travels, etc. Of course, most companies with a modicum of understanding (appreciation) for their vulnerability to the leakage of proprietary and/or sensitive information, now endeavor to restrict information through social media platforms available.
A significant percentage of companies elect to address the proprietary nature of information via non-disclosure and/or confidentiality (employee) agreements. Typically, NDA’s are filled with a lot of do’s and don’ts but little contractual language is devoted to explaining to inquisitive twenty-something employees ‘why’ certain information should remain proprietary. I’m not talking, of course, about information and/or data that is mandated to be kept free from breaches via HIPPA or other regulatory mandates.
In most instances, the answer to the ‘why’ question lies in the fact – business reality that the (protected) information contributes to delivering value, revenue streams, and competitive advantages to a company so long as it does not enter the public domain.
While I’m confident they exist, I have yet to see NDA’s and/or confidentiality agreements that address the ‘why’ in this manner, in other words, acknowledge that the information to be kept proprietary and/or secret produces value to the company, and if it were to become something other than proprietary or secret, there is a reasonable probability the associated competitive advantages, value, and/or revenue streams would be lost, undermined, or erode fairly rapidly.
The ‘information security-protection’ literature is replete with the views and experiences of countless practitioners, along with various ‘insider’ theft of proprietary information studies. etc. Thus, I suspect I am hardly the first to raise – frame the issue in this manner.
I suspect, in this social media era, assuming a twenty-something employee fully appreciates the connection between signing an NDA during their employee orientation process and the (real and contributory) value of that information, which in most instances, they have yet to see, let alone access, is a fairly weak assumption.
I remain skeptical therefore, that employees who seemingly find it both acceptable and desirous to post sometimes intimate and daily details about their life, and the life of ‘friends’ on their social media platforms will become information asset protection (security) zealots overnight.
Let’s be clear, this post is not about trying to pigeonhole all twenty-something employees as being naive and potential information leakers. Rather, I’m merely saying that it would be prudent, and ultimately more effective, to devote an appropriate amount of time discussing ‘the value of information’ as an component of employee on-boarding processes.
Ester Dyson, a reknown information technology consultant, once said on a related matter, that ‘the trick (to information asset protection) may not lie in trying to control the number of copies, or even the ability to copy for that matter, rather it may have more to do with influencing a relationship with originators and users of information’. For the 90+% of new and existing employees, whom studies assure us will never become an ‘information leaker’, I agree!
The ‘Business IP and Intangible Asset Blog’ is researched and written by Mr. Moberly to provide insights and additional views for company management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets. I welcome and respect your comments and perspectives at firstname.lastname@example.org.
Michael D. Moberly August 16, 2010
There’s still room to debate just what really constitutes the world’s oldest profession. From where I sit, albeit a biased position of advocacy ‘bloggerism’, it’s certainly not prostitution as many like to euphemistically suggest. And, of course, when I use the word ‘poaching’ as I have in the title of this post, I’m not referring to poaching in the medieval European context, wherein a ‘poacher’ was one who intentionally, and with stealth, trespassed on anothers property to hunt and kill game.
In 2010, the word poaching comes to mind, but of a slightly different nature. It’s about poaching of (for) intangible assets during the course of a business transaction, or sometimes more accurately, a faux business (transaction) interest in which one party is trying to get something (information) for nothing, that is, insights, perspective, experienced know how, etc., for perhaps only a Venti of Pike at Starbucks.
The primary target of ‘business information poaching’ today takes the form of acquiring someone elses intellectual (structural or relationship) capital, ala intangible assets and applying them for their own benefit.
So, what should prompt business management teams and boards to be leery of information poachers? The answer lies in the economic fact that 65+% of most company’s value and sources of revenue today stem from knowledge-based intangible assets. In most business transactions today, intangible assets and the intellectual (structural, relationship) capital embodied/embedded in those assets will not only be in play, i.e., an integral part of the transaction and will likely be shared and/or transferred under the parameters of the transaction’s contract. But some, will surely morph into one or the other parties business operational coffers outside the boundaries of that contract.
As every business person knows, some all too well, there is risk in any transactional relationship, in part, precisely because proprietary and/or competitive advantage information (intangible assets) will be transferred and shared between parties for purposes specified in the contract. The risk materializes though, in many instances, when that information is used by one party for purposes outside or beyond the terms of the contractual relationship. In other words, the information will be used by the receiving party (poacher) to benefit them economically to the detriment of the other party.
Some will surely dismiss or relegate this perspective of ‘information poaching’ as constituting just another inevitable cost of doing business, i.e., a new (additional) transaction cost of conducting business in an increasingly knowledge-based…information-driven economy wherein increasing percentages of transaction value and projected sources of revenue evolve directly from information/competitive advantage laden intangible assets.
I’m reminded though of the computer manufacturer whose vice-president of operations announced, upon building multiple manufacturing sites in another country, that an estimated 25+% of the company’s intellectual property would be irrevocably lost (infringed, misappropriated) during the relatively brief life cycle of these newly established manufacturing sites.
Under these types of circumstances, referring to this phenomena (business information poaching) as merely constituting a transaction cost endemic to the knowledge-based economy is, at best, an understatement!
The consequences (criticality) attendant to business information poaching risks can obviously be significant and long lasting, if not terminal, for company’s today, particularly relative to supplier relations and contractual governance. Insofar as remedies are concerned, the option of a business becoming isolationistic, i.e., not share or transfer business information under most any circumstance, is obviously neither feasible nor practical, that is, if a business wants to remain a going concern and be successful and profitable.
However, if management teams and boards exercise prudence upfront, during the contract negotiation period, relative to what information will – will not be shared, transferred, etc., with transaction partners is as important as is the management and oversight of contractual business (transaction) relationships. The goal of course, is, a the end of the day, control, use, ownership, value, and materiality of information-based (intangible) assets before, during, and after a transaction has concluded, remains intact.
(This post was inspired by the work of Clemons and Hitt in their paper titled ‘Poaching and the Misappropriation of Information: Transaction Risks of Information Exchange.)
The ‘Business IP and Intangible Asset Blog’ is researched and written by Mr. Moberly to provide insights and additional views for company management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets. I welcome and respect your comments and perspectives at email@example.com.
Michael D. Moberly August 9, 2010
Figuratively speaking, but quite realistically, the ‘birth certificate’ of every patent should state that its origin exist in the form of a (trade) secret. If that (patent) ‘birth certificate’ does not convey a clear and unequivocal portrait of asset (idea, innovation) secrecy, the inventor and/or entrepreneur can likely anticipate incurring significant, if not irreversible and costly bumps and challenges along the long and tedious road aiming toward the issuance of a patent.
It’s essential then, perhaps more so today that anytime before, that inventors and entrepreneurs fully recognize that the basis/foundation of what they’re seeking to patent, is frequently comprised of numerous ‘pieces’ of human, structural, and relationship capital, ala intellectual capital, ala intangible assets!
Credibility to the above message lies in the increasingly knowledge-based global economies, wherein 65+% of most companies value sources of revenue, and future wealth creation today are directly related to intangible assets, (that percentage is significantly higher for early stage, start-ups, and entreprenerial based companies).
Thus, the view, which I advocate, is that all patents must literally start life as a (trade) secret and should be taken quite seriously, particularly in today’s increasingly aggressive, globally predatorial, and ‘winner-take-all’ business transaction environments in which the only real way ideas and innovation can be effectively protected, is by keeping the information secret and that secrecy begins at its point of conception.
Management teams, boards, and certainly inventors and entrepreneurs must recognize that any type – form of disclosure, inadvertent or otherwise, in which key information is treated in other than a secret context, preferably in accordance with the six requisites of trade secrecy, can reduce and/or significantly impair the assets’ projected value, if not negate its trade secret status altogether and possibly adversely affect its patentability.
Some additional key points to consider relative to trade secrecy are:
1. Trade secret protection extends only to confidential relationships and does not prevent independant development by a competitor, i.e., the ease and/or difficulty a competitor will likely encounter to ‘reverse engineer’ (the secret) is a consideration in both achieving and sustaining trade secrecy status.
a. If the protected information is not readily ascertainable and cannot be easily reverse engineered, then an ‘invention’ can generally be protected by trade secrecy, so long as, again, economic-competitive advantage is derived from (sustaining) the secrecy of the information.
2. Trade secrets, unlike patents, can be licensed forever and the trade secret licensee can be obligated to pay royalties for the (trade secret) license even if the information enters the public domain.
3. There are no subject matter constraints imposed on trade secret protection so long as the information provides an economic – competitive advantage derive (rooted) in its continued secrecy, in other words, both technical and non-technical information can constitute a trade secret.
a. Trade secret protection in the U.S. can extend to most any information that can be (1.) used in the operation of a business, (2.) has sufficient value, (3.) can afford a company actual or potential economic (competitive) advantage over others, and (4.) providing it remains secret.
b. Also, (1.) negative know how, i.e., what doesn’t work is protectable as a trade secret, and (2.) novelty, usefulness, and non-obviousness are not applicable to trade secret protection as they are in seeking patent protection.
Lastly, it important for inventors, management teams, and boards to recognize that if patent issuance – protection is uncertain, but a decision is made to pursue it anyway, once a patent application is published, trade secrecy rights (options) are lost.
(This post was inspired by the work of R. Mark Halligan in an article published in the July/August 2010 issue of ABA’s Landslide, titled ‘Trade Secrets v. Patents: The New Calculus’.)
The ‘Business IP and Intangible Asset Blog’ is researched, written, and produced by Mr. Moberly to provide insights and additional and sometimes alternative views for company management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets. I welcome and respect your comments and perspectives at firstname.lastname@example.org.