[House Hearing, 106 Congress]
[From the U.S. Government Publishing Office]





   CORPORATE AND INDUSTRIAL ESPIONAGE AND THEIR EFFECTS ON AMERICAN 
                            COMPETITIVENESS

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                INTERNATIONAL ECONOMIC POLICY AND TRADE

                                 OF THE

                              COMMITTEE ON
                        INTERNATIONAL RELATIONS
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED SIXTH CONGRESS

                             SECOND SESSION

                               __________

                           SEPTEMBER 13, 2000

                               __________

                           Serial No. 106-180

                               __________

    Printed for the use of the Committee on International Relations


        Available via the World Wide Web: http://www.house.gov/
                  international--relations



                               __________

                    U.S. GOVERNMENT PRINTING OFFICE
68-684                     WASHINGTON : 2000


                                 ______


                  COMMITTEE ON INTERNATIONAL RELATIONS

                 BENJAMIN A. GILMAN, New York, Chairman
WILLIAM F. GOODLING, Pennsylvania    SAM GEJDENSON, Connecticut
JAMES A. LEACH, Iowa                 TOM LANTOS, California
HENRY J. HYDE, Illinois              HOWARD L. BERMAN, California
DOUG BEREUTER, Nebraska              GARY L. ACKERMAN, New York
CHRISTOPHER H. SMITH, New Jersey     ENI F.H. FALEOMAVAEGA, American 
DAN BURTON, Indiana                      Samoa
ELTON GALLEGLY, California           DONALD M. PAYNE, New Jersey
ILEANA ROS-LEHTINEN, Florida         ROBERT MENENDEZ, New Jersey
CASS BALLENGER, North Carolina       SHERROD BROWN, Ohio
DANA ROHRABACHER, California         CYNTHIA A. McKINNEY, Georgia
DONALD A. MANZULLO, Illinois         ALCEE L. HASTINGS, Florida
EDWARD R. ROYCE, California          PAT DANNER, Missouri
PETER T. KING, New York              EARL F. HILLIARD, Alabama
STEVEN J. CHABOT, Ohio               BRAD SHERMAN, California
MARSHALL ``MARK'' SANFORD, South     ROBERT WEXLER, Florida
    Carolina                         STEVEN R. ROTHMAN, New Jersey
MATT SALMON, Arizona                 JIM DAVIS, Florida
AMO HOUGHTON, New York               EARL POMEROY, North Dakota
TOM CAMPBELL, California             WILLIAM D. DELAHUNT, Massachusetts
JOHN M. McHUGH, New York             GREGORY W. MEEKS, New York
KEVIN BRADY, Texas                   BARBARA LEE, California
RICHARD BURR, North Carolina         JOSEPH CROWLEY, New York
PAUL E. GILLMOR, Ohio                JOSEPH M. HOEFFEL, Pennsylvania
GEORGE RADAVANOVICH, Califorina      [VACANCY]
JOHN COOKSEY, Louisiana
THOMAS G. TANCREDO, Colorado
                    Richard J. Garon, Chief of Staff
          Kathleen Bertelsen Moazed, Democratic Chief of Staff
            John P. Mackey, Republican Investigative Counsel
                                 ------                                

        Subcommittee on International Economic Policy and Trade

                 ILEANA ROS-LEHTINEN, Florida, Chairman
DONALD A. MANZULLO, Illinois         ROBERT MENENDEZ, New Jersey
STEVEN J. CHABOT, Ohio               PAT DANNER, Missouri
KEVIN BRADY, Texas                   EARL F. HILLIARD, Alabama
GEORGE RADANOVICH, California        BRAD SHERMAN, California
JOHN COOKSEY, Louisiana              STEVEN R. ROTHMAN, New Jersey
DOUG BEREUTER, Nebraska              WILLIAM D. DELAHUNT, Massachusetts
DANA ROHRABACHER, California         JOSEPH CROWLEY, New York
TOM CAMPBELL, California             JOSEPH M. HOEFFEL, Pennsylvania
RICHARD BURR, North Carolina
             Mauricio Tamargo, Subcommittee Staff Director
        Jodi Christiansen, Democratic Professional Staff Member
                Yleem Poblete, Professional Staff Member
                   Victor Maldonado, Staff Associate


                            C O N T E N T S

                              ----------                              

                               WITNESSES

                                                                   Page

Sheila W. Horan, Deputy Assistant Director for Counter 
  Intelligence, National Security Division, Federal Bureau of 
  Investigation..................................................     3
Dan Swartwood, Corporate Information Security Manager, Compaq 
  Computer Corporation...........................................    12
Scott Charney, Partner, PricewaterhouseCoopers...................    14
Austin J. McGuigan, Senior Partner, Rome, McGuigan, and Sabanosh, 
  P.C............................................................    16

                                APPENDIX

Prepared statements:

The Honorable Ileana Ros-Lehtinen, a Representative in Congress 
  from Florida and Chair, Subcommittee on International Economic 
  Policy and Trade...............................................    26
Sheila W. Horan..................................................    29
Dan Swartwood....................................................    40
Scott Charney....................................................    48
Austin J. McGuigan...............................................    51

 
   CORPORATE AND INDUSTRIAL ESPIONAGE AND THEIR EFFECTS ON AMERICAN 
                            COMPETITIVENESS

                              ----------                              


                     WEDNESDAY, SEPTEMBER 13, 2000

              House of Representatives,    
         Subcommittee on International Economic    
                                      Policy and Trade,    
                      Committee on International Relations,
                                                    Washington, DC.

    The Subcommittee met, pursuant to notice, at 2:09 p.m. in 
room 2200, Rayburn House Office Building, Hon. Ileana Ros-
Lehtinen (chairman of the Subcommittee) presiding. 
    Ms. Ros-Lehtinen. The Subcommittee will come to order.
    The past decade has brought profound changes, yet some of 
the characteristics of the old world order continue to live on 
today, with some of the darker impulses of yesteryears adapting 
to fit a new time and a new set of standards and requirements.
    The front line is no longer the one which divides East and 
West, but the one defined by technological innovations. The 
battle lines lie in research and development. Resources 
designed and previously used exclusively for military 
intelligence gathering are now being expanded to gather 
intelligence on mergers, investments and other financial 
transactions. The generals are being replaced with CEOs, and 
the bottom line is not ideological, but financial.
    The threat of economic and industrial espionage looms over 
the horizon of the business world like a gray cloud threatening 
a placid sea. Those who develop a competitive advantage over 
their rivals stand to make millions from their innovations. 
That profit is enough for some to seek an unearned advantage of 
their own by indulging in corporate espionage as a quick fix 
solution to their creative deficiencies and their inability to 
remain competitive in their field.
    In a survey of Fortune 500 companies, the American Society 
for Industrial Security estimated that last year U.S. 
corporations sustained losses of more than $45 billion from the 
theft of trade secrets. Companies reported that on average, 
each had suffered 2.5 incidents of unauthorized appropriation 
of proprietary information. The average estimated loss per 
incident was calculated to be over $500,000, with most 
incidents occurring in the high technology and service sectors.
    In another study, Pacific Northwest National Laboratory, 
under contract by the FBI, developed an economic loss model in 
an attempt to assess economic losses resulting from 
intellectual property theft. This model determined that the 
misappropriation of intellectual property resulted in over $600 
million in lost sales and the direct loss of 2,600 full-time 
jobs per year.
    The same technology which has propelled our economy to 
unparalleled heights is also the mechanism which allows for 
those practicing corporate espionage to more easily sneak into 
a corporation's files, gather sensitive information and escape 
without a trace. However, industrial espionage is a crime which 
continues to be best accomplished through low tech means and is 
not necessarily dependent upon high tech gadgetry.
    A vast majority of corporate espionage crimes do not occur 
in cyberspace, but rather in person, face to face. For example, 
key employees within a given corporation might be sought by a 
rival company for information or recruited by spies posing as 
consultants or headhunters at trade shows.
    Competitors often examine a company's own internet home 
page, where key technical employees are often listed, and craft 
strategies on how to lure that employee away from that firm. 
This is done because information can be meaningless without the 
help of trained employees who understand how a particular 
technology is used.
    A critical step was taken in 1996 with the passage of the 
Economic Espionage Act. Since its enactment, the U.S. 
Government has prosecuted 18 cases of corporate or industrial 
espionage, yet these crimes and the threat they pose to U.S. 
economic security continues to escalate.
    Some would argue that this is because we are the leading 
target of these crimes due to our position in the global 
marketplace and our technological leadership. The United States 
produces the majority of the world's intellectual property 
capital, including patented inventions, copyrighted material 
and proprietary economic information. Factor in the incredible 
ingenuity and inventiveness of the American worker, and one can 
easily see why this problem is so pronounced in the American 
workplace.
    Other observers contend that if the punitive portions of 
the Economic Espionage Act were strengthened to make it more 
costly for corporations and governments to engage in industrial 
espionage against the United States, the desired deterrent 
effect would be achieved. Many have raised export restrictions 
as a strong option for the United States to take, and have 
underscored the need to secure binding commitments from our 
allies in the Organization for Economic Cooperation and 
Development and other international forums.
    We hope to examine these and other pertinent issues during 
the course of today's hearing and look forward to the 
recommendations of our panelists on the steps that Congress can 
take to help curtail the proliferation of economic espionage.
    I would like to yield to the Ranking Member of our 
Subcommittee, Mr. Bob Menendez of New Jersey.
    Mr. Menendez. Thank you, Madam Chairlady. I appreciate your 
hearing today. This is an important subject, one that warrants 
and receives increasing attention. As our witnesses have 
pointed out in the past and will again today, opportunities to 
steal trade secrets are on the rise, particularly as society 
relies more and more on computers and the internet for the 
development, storage and communication of ideas and designs.
    For the purposes of this hearing, of course, we really 
should distinguish between legal and illegal spying or 
corporate intelligence, as legitimate gathering of company data 
is called, and as we are the International Relations Committee 
we must, of course, distinguish as well between domestic and 
foreign theft.
    Only a fraction of the problem is actually foreign theft of 
U.S. trade secrets. According to the American Society for 
Industrial Security, more than three of every four thieves are 
employees or contractors. Another 6 percent or more are 
domestic competitors. Only 7 percent steal secrets on behalf of 
a foreign company or government. Still, this amount of foreign 
theft of U.S. trade secrets amounts to possibly billions of 
dollars annually, and ease of access to computers and internet 
and intranet sites will make foreign theft much easier and much 
more common.
    I realize that much of the testimony today will focus on 
the problem as a whole, on the threats from employees, on the 
need to educate businesses about the risks and how to protect 
themselves, on the need to inform the public and policymakers 
about what is acceptable and not within the bounds of corporate 
intelligence, but I do hope also that we can focus to the 
extent possible on what exactly are the threats from abroad and 
how government can best work to prevent corporate espionage 
that will threaten the United States' competitiveness.
    I know that our witnesses will make some specific 
recommendations for new and improved legislation, and we look 
forward to exploring those with you. We look forward to the 
responses of the Administration as to some of those and to the 
testimony here today.
    Thank you.
    Ms. Ros-Lehtinen. Thank you so much, Mr. Menendez.
    It is a pleasure to have with us our first Administration 
witness who will share with us her views on the effects which 
corporate and industrial espionage have American 
competitiveness. It is our pleasure to introduce Sheila Horan, 
Deputy Assistant Director on Counter Intelligence for the 
Federal Bureau of Investigation.
    A special agent of the FBI since 1973, Ms. Horan has held a 
number of positions within the Bureau, including Assistant 
Special Agent in Charge for Administration in the New York 
office and the Associate Special Agent in Charge in 
Philadelphia. In 1998, Ms. Horan was transferred to her current 
position as Deputy Assistant Director for Counter Intelligence 
with the National Security Division at FBI headquarters.
    We thank you, Sheila, for being here today. We will include 
your entire testimony for the record, and feel free to abridge 
your comments.
    [The prepared statement of Ms. Ros-Lehtinen appears in the 
appendix.]

   STATEMENT OF SHEILA HORAN, DEPUTY ASSISTANT DIRECTOR FOR 
     COUNTER INTELLIGENCE, FEDERAL BUREAU OF INVESTIGATION

    Ms. Horan. Thank you very much, Madam Chairman. I am 
gratified to see that you are anxious and willing to engage 
with us in grappling with the immense problem facing us today 
with regard to the protection of sensitive information, 
proprietary information, security, economic competitiveness and 
economic security in this----
    Ms. Ros-Lehtinen. Ms. Horan, if I could interrupt you?
    Ms. Horan. Yes?
    Ms. Ros-Lehtinen. I am so sorry, Mr. Burr. I should have 
looked back. I have these funny glasses on today. I apologize.
    Mr. Burr. The gentlelady is awfully kind to stop, but I 
would rather hear from our witnesses. I thank the Chair.
    Ms. Ros-Lehtinen. Thank you. I am so sorry.
    Ms. Horan. Thank you, sir.
    So you have my statement, and rather than regurgitating 
that now I will just make some points, and then we can get on 
to the questions if you would like.
    The Attorney General essentially defines economic espionage 
as the unlawful or clandestine targeting and acquisition of 
sensitive financial, trade or economic policy information, 
proprietary economic information or critical technology.
    In today's environment, intellectual property and economic 
information in general have become the most important and 
sought after commodity by all nations of the world. No question 
about it. I would say that because of our unique position in 
the world as a target rich nation for natural resources, 
intellectual property, just general overall wealth, that we are 
the No. 1 target in the world for economic espionage and the 
stealing of that information and secrets.
    Why are we the most sought after commodity? The United 
States, that is. It is a pretty complex situation actually, but 
three reasons sort of come to the fore. The first is the 
collapse of the Soviet Union and the tremendous relief that 
that has brought throughout the world.
    There were essentially, and not to be overly simplistic, 
but two large camps in the world, and various countries in the 
world devoted their natural resources, their personnel 
resources and their general overall wealth toward supporting 
their position either with the west or with the Soviet empire.
    When the empire fell, they found themselves looking around 
and saying look, we have got to redefine what is our national 
security. It is no longer aligning ourselves with the Soviet 
Union or the west. It is we have to have a piece of the 
economic pie. We want to do this. We want to have wealth as 
well. So the intelligence services, as well as the governments 
themselves, said who has the most, and the answer is the United 
States has the most.
    Second, allies, military allies, who were--as well as 
ideological allies--during that last 50 years of our history 
are now aggressive economic competitors. We are faced with 
former friends I do not want to say attacking, but certainly 
working against us very aggressively in order to get again a 
piece of the pie.
    Third, rapid globalization of the world economy defines 
national security not so much in how many tanks you have 
deployed or how many soldiers you have on the field 
necessarily, but instead their strength is measured in terms of 
the nation's economic capability.
    So the nations of the world, as well as our own, and 
President Clinton underscored this point I think back in 1991 
by saying now we should realize very strongly that national 
security equals economic security. That is an extremely 
important point I think for us to keep in mind in terms of our 
war or our fight against economic espionage.
    What are the targets? Very briefly, they come in sort of 
two flavors, if I could be a little bit flip there. We are 
still facing the threat and the attempted threat on classified 
military defense related national information. There is no 
doubt about that. There is still ongoing, and we are always 
battling espionage cases on that basis.
    Coming out of classified information, however, and related 
to classified information is cutting edge technologies, dual 
technologies, sensitive information that may not reach the 
classified level and, hence, would not be subject to an 
espionage case, but certainly would be fodder for economic 
espionage cases and our inspection of those kinds of cases.
    The other flavor, if you will, is the non-sensitive area 
and theft of our non-high tech products and services. It is 
very important to realize that the way we approach economic 
espionage investigations. It does not have to be high tech for 
us to take an interest in something. A trade secret can be just 
as valuable in many instances as more sensitive or classified 
information.
    So that is how we approach that, and the way we approach it 
is through the Economic Espionage Act, which you have already 
indicated that is out there. Prior to 1996, there was only 
state laws and some civil remedies for companies and 
individuals and entities to pursue theft of their trade secrets 
or theft of their proprietary information.
    In 1996, the law gave us an overarch or gave the Federal 
Government the ability with the Federal law to approach the 
theft of trade secrets offering stiffer penalties and other 
advantages that were not available to us and to business and 
industry to pursue these cases. We have prosecuted you 
mentioned 18. Actually up to date there are 20 in which we have 
successfully prosecuted over the last 4 years.
    Interestingly enough, the Department of Justice or Congress 
actually, not the Department of Justice, was concerned that we 
would take this law in 1996 and profligately investigate all 
sorts of smaller issues and inappropriate crimes under this 
umbrella. I think that you can be well served and proud that in 
the 4-years the Bureau and the Department of Justice have 
carefully looked at these cases and have had what I consider a 
tremendous success in the 20 cases that we have prosecuted.
    We are truly faced with a problem that because of the Cold 
War and our 50 years' involvement in that perhaps did not allow 
us to focus as we should have as an intelligence community, as 
a government, on this problem. It is not a new problem. It has 
been around for years and years and years, but our government 
was focused on the Cold War issues and realities and perhaps 
did not have enough time to pursue this as aggressively as we 
are trying to do today.
    Let me stop there, Madam Chairman, and engage with you and 
your fellow Members any issues that you might want to pursue.
    [The prepared statement of Ms. Horan appears in the 
appendix.]
     Ros-Lehtinen. Thank you so much for your testimony.
    Mr. Burr, in order to make up for it I would like to 
recognize you first for the questions.
    Mr. Burr. The gentlelady is awfully kind.
    Let me ask you, if I can. Can you give us some type of 
percentage as to what you see that would be the classified part 
that the theft is going after versus the non-classified?
    Ms. Horan. Let me answer that, Mr. Burr, by saying that 
there are two provisions in the Economic Espionage Act. One is 
1831, which deals with economic espionage attempted and 
conducted by a foreign entity, that is to say a foreign 
intelligence service, a foreign government, a foreign 
organization linked to the actual government.
    The other provision is 1832, which, generally speaking, you 
could characterize as a theft of trade secrets and would be 
aligned with possibly white collar crime violations, theft of 
essentially trade secrets, as I said.
    The vast majority--well, of the 20 prosecutions that I 
mentioned to the Chairwoman that we have pursued, none of them 
fall in the former category of the foreign power based or 
supported category. All 20 have been in the 1832, which is the 
trade secrets.
    In terms of how many cases, actual cases we are pursuing 
that fall into the two camps, I would say that the percentage 
is at this stage highly weighted in the trade secrets or the 
non-classified versus the classified, although we have a 
number, and I would prefer not to get into actual numbers in 
this open forum, but we do have a goodly number in the other 
category, the foreign based category.
    Mr. Burr. And is there any dollar amount that the Bureau 
has put on the current economic espionage that exists for the 
U.S. economy?
    Ms. Horan. We have not. As the Madam Chairperson has 
mentioned, there were two, at least two, studies conducted. 
ASIS did one and PNNL conducted another one in which they 
projected. The PNNL case projected out of an actual trade 
secret prosecuted or trade secret case. They projected out even 
to tax loss, job loss, as well as monetary loss to the company 
itself.
    While that is illustrative to us, as is the American 
Society for Industrial Security study, both of them are very 
illustrative of what the actual loss is and magnificent 
essentially. It is huge.
    Mr. Burr. I thank you and yield back to the Chairman.
    Ms. Ros-Lehtinen. Thank you so much.
    Ms. Horan. OK.
    Ms. Ros-Lehtinen. Thank you.
    Mr. Menendez. I know we have a vote.
    Mr. Menendez. I have one question or two actually. Maybe 
just by joining together you can answer them together.
    Ms. Horan. Sure.
    Mr. Menendez. I understand there are, you said, about 20 
cases or so that have been prosecuted under the EEA. I 
understand that this is in part due to an agreement or an 
understanding or a pledge by the Attorney General not to 
prosecute cases or not to have the government pursue charges 
without first having obtained the Attorney General's personal 
approval to proceed and that there are 800 cases now being 
considered for prosecution. Is that a correct number, and would 
we expect the amount of prosecutions to go up after the 5-year 
waiting period?
    No. 2, is the suggestion that closing--from some of the 
other witnesses we will hear about closing the loophole that 
prevents prosecution for theft of their product before it is 
placed into interstate or foreign commerce and the creation of 
a private cause of action under the EEA, are those items that 
the Department has considered or has----
    Ms. Horan. I am not aware of the Department's view on the 
latter issue, but on the former issue----
    Mr. Menendez. If you would have the Department give us a 
written response to that?
    Ms. Horan. Yes, certainly I would. By all means, Mr. 
Menendez.
    Your first question, though, would we expect an up tick, so 
to speak, in the number of prosecutions, and also you asked 
about the figure 800 and whether that is accurate. I would say 
that is not accurate at this time. We have about as of today, 
because I checked thinking you might want to know this. We have 
about 400 cases open today.
    Mr. Menendez. Four hundred?
    Ms. Horan. Four hundred. Because of the education efforts 
that we are engaging in and trying to get the word out about 
this, you must understand that industry and business are 
somewhat loathe and reticent in engaging with us, but the more 
they hear about the cases, the more they see the results, we 
anticipate that those cases are going to raise exponentially 
and in fact have raised over the years heretofore. Have 
increased I should say, so, yes, definitely.
    Mr. Menendez. I really look forward to the Department's 
response.
    Ms. Ros-Lehtinen. Thank you, and I am pleased to recognize 
Mr. Manzullo, who will take over for us. Thank you.
    Mr. Manzullo [presiding]. This is like musical chairs.
    Ms. Ros-Lehtinen. Thank you.
    Mr. Manzullo. Thank you.
    I get to ask you the questions, yet I have not even heard 
your testimony.
    Ms. Horan. Well, I will be happy to hand it to you right 
now.
    Mr. Manzullo. I have it right here. Forgive me if I ask 
this question----
    Ms. Horan. That is quite all right.
    Mr. Manzullo. What is the line beyond which inquiry or 
gathering information becomes a violation of the Economic 
Espionage Act?
    Ms. Horan. Let me try and answer that question this way. 
There are a number of ways that we look at and approach 
economic espionage in the FBI and intelligence community wide. 
We are not doing this ourselves. We are enjoined with the 
Department of Defense, the Central Intelligence Agency, 
Commerce, Customs, etc. This is not an FBI unilateral 
responsibility, but we sort of coordinate it.
    One of the main ways we do that is utilizing the Economic 
Espionage Act of 1996, which I think is what you are referring 
to. We also have a responsibility under our counterintelligence 
mandate and apart from any criminal mandate to gather 
information and collect and disseminate information with regard 
to foreign targeting of our infrastructure, of our government, 
of our business academia, business and industry, etc., with the 
idea that using investigative steps, which I probably will not 
get into here, but trying to stem that, avoid it, prevent it 
and get around it, stop it before it actually happens.
    It is a huge analytical effort, and that is one whole 
aspect that we probably will not talk about today, but that is 
one area that we have a lot of effort in.
    With respect to when does an individual or a member of a 
foreign government step over the line, I would have to say that 
it is a case by case situation. You have to really look at the 
circumstance, the totality of circumstances involved in each 
situation, but what the law does not want us to do, and this is 
part of that line, is to say to diplomats and legitimate 
government or personal envoys from abroad or from within our 
own country that they cannot collect open source information, 
economic information that is out there on whether it be the 
internet, whether it be libraries, wherever it lies.
    So we are not trying to impact or stop that kind of 
activity. Where we would like to have an impact and where many 
of the 20 cases that have been prosecuted so far have led us is 
where a foreign or a domestic, a foreign or a non-foreign, 
entity is attempting to rip away some element of our economic 
competitiveness, generally speaking, in the business world 
here, in the business industry.
    Mr. Manzullo. Can you----
    Ms. Horan. I am sorry.
    Mr. Manzullo. In the context of that answer, can you give 
us an example of someone who you have prosecuted----
    Ms. Horan. Sure.
    Mr. Manzullo [continuing]. That is a matter of open record?
    Ms. Horan. Sure.
    Mr. Manzullo. Thank you.
    Ms. Horan. As I say, there are 20. I will--probably the 
most widely known one and one that you may be aware of is the 
Bristol-Myers Squibb Taxol case, which was resolved a couple of 
years ago, Taxol being a very, very popular cancer fighting 
drug, and it was the subject of theft from a Taiwanese company 
who sent employees here to attempt to steal that. We prevented 
that thankfully. They went through the court process and 
arrests were made, and it was prosecuted successfully.
    That is one of them, but let me, I think, to give you an 
idea, I will just quickly tell you some of the--and this goes 
to a comment that I made that it need not--our prosecutions and 
our interests need not be only in cutting edge, dual use 
technology, sensitive, proprietary information, but can be non-
high tech. I do not think you were here for this part; non-high 
tech issues, trade secret issues that we are very interested 
in, too.
    For instance, the Joy Mining Machining Company in 
Pittsburgh, PA. Technical coal mining equipment was being 
targeted. Deloitte & Touche was the victim of one case, and a 
proprietary software program was targeted. Gillette Company was 
the victim in another case. A new shaving system was the 
target.
    Mr. Manzullo. How many ways----
    Ms. Horan. On and on.
    Mr. Manzullo [continuing]. Can you use to cut whiskers?
    Ms. Horan. Well, they evidently had a new one. I do not 
know what it was.
    Mr. Manzullo. I do not want to use the word watchdog, but 
obviously you got involved at a point where the company owning 
the patent or the trade secret had some kind of an indication 
that somebody was trying to steal it?
    Ms. Horan. That is correct.
    Mr. Manzullo. That would be the normal way?
    Ms. Horan. It can be two ways. Either they detect this, 
which is frequently the case, or we get information that 
something is amiss.
    This brings up an interesting point. I am glad you made 
that point that companies are sometimes reluctant to come to 
the Federal Government and the Federal Bureau of Investigation 
for these kinds of investigations, No. 1, because they are 
largely ignorant of how we do them, and we are trying to 
successfully overcome that by an education program, but they do 
not want their trade secrets to be aired. They do not want 
their shareholders to know there are problems in the company. 
These kinds of bottom line issues are very difficult to 
overcome when a company comes and finds out information like 
this.
    Just this very morning we were in contact with one of the 
major oil companies in the United States who phoned in and 
wanted--the director of security phoned in and said look, we 
found that we have information that someone is trying to steal 
XYZ from us, and I am going to make a presentation--I am the 
director of security--to the CEO about whether we should 
involve the FBI or not, so these kinds of problems are plaguing 
us right now because it is a new law and people do not know, 
but we think we will overcome this as time goes on hopefully 
with some good, high level, highly publicized deterrent 
factors.
    Mr. Manzullo. This is a good segue to these questions that 
the Chairlady had circled, which I will ask now.
    One of the witnesses on the second panel will state that 
since the value of trade secrets is not well established, 
safeguarding efforts are often given lower priority when 
limited resources are allocated. The question here is do you 
agree with this assessment?
    Is there a wide gap between the value of lost assets and 
resources allocated to investigation, enforcement, prosecution 
of economic espionage? How do you establish a clear value for 
the assets? This goes right to the heart of your work at the 
FBI, does it not?
    Ms. Horan. It does.
    Mr. Manzullo. It is obviously high priority for you because 
this is your mission, is it not?
    Ms. Horan. Pardon me, please. Yes, it is a high priority 
for us and will continue to be one I think in the coming years 
because of the escalating costs that it is----
    Mr. Manzullo. And you focus your career almost entirely on 
this, is that correct, in the FBI?
    Ms. Horan. Me myself?
    Mr. Manzullo. Yes.
    Ms. Horan. Personally? It is one of the responsibilities. I 
am in charge of counterintelligence for the Bureau, so this 
would be one aspect of it----
    Mr. Manzullo. OK.
    Ms. Horan [continuing]. But certainly one growing and very 
important one, but I would say to you in answer to your comment 
there that if you go out to major corporations in the United 
States and look at their security departments, you are going to 
find that generally, generally speaking, the heads of the 
security departments are not first line executive, and by that 
I mean it is not a particular company's first mission, 
security.
    Mr. Manzullo. They are not trained in it?
    Ms. Horan. Well, Delta Airlines take for instance. Their 
mission is to fly planes. The director of security at Delta 
Airlines, and this is multiplied across the country, is a drain 
on company resources because that person wants to say, 
``listen, in order to prevent bombs from going on the plane, in 
order to prevent luggage from being stolen, in order to prevent 
our executives from being kidnapped, this is what I need. This 
is how much money I need.''
    They are not, generally speaking, welcomed, euphemistically 
speaking. Not literally, but they are not always the most 
favorite person at the party, so to speak, so again it is an 
education process.
    Mr. Manzullo. Do you mean within the company?
    Ms. Horan. Exactly right, so resources, and I think this is 
what you were getting at. Resources in private industry devoted 
to security issues are much less than probably they should be 
in many instances.
    Mr. Manzullo. I do not know if this question was aimed at 
the belief that there is a low priority within the FBI or 
within the company itself. That is why I said----
    Ms. Horan. Not a low priority with us.
    Mr. Manzullo [continuing]. Based upon your testimony----
    Ms. Horan. No.
    Mr. Manzullo [continuing]. I do not think it is a low 
priority.
    Ms. Horan. Not at all, no, but my response was to private 
industry.
    Mr. Manzullo. Do you think the big problem is that there is 
so much snooping going on that people just cannot fathom the 
sophisticated means of doing it and the extent to which people 
would actually steal the product, their patent or something 
like that?
    Ms. Horan. Yes. I do not think people expect it.
    Mr. Manzullo. And they get blindsided?
    Ms. Horan. That is exactly right. Some of the methods used 
to do this are fairly innocuous and not geared toward raising 
anyone's hackles unless you happen to be a security person or 
an investigator or something who is well schooled in this 
spotting and assessing, for instance, an individual in a 
company who might be near to a particular technology, getting 
to know that person, building up a relationship. These are some 
of the methods that are used.
    Additionally, what you see more and more are unsolicited 
requests to businesses from--either domestically or 
internationally in which hundreds of thousands of E-mails are 
sent around the world asking for particular information from, 
you know, someone who is interested in getting it.
    It is an information gathering technique that a foreign 
entity can use to just send to all our countries--pardon me. 
All companies that deal with a particular technology that they 
are involved in. So they send out 1,000 E-mails. They may get 
back two, but they are getting back information very cheaply.
    Mr. Manzullo. Do you mean just enough to know that somebody 
has something there that they want?
    Ms. Horan. Oh, yes. Yes. Visits to U.S. facilities, the 
visitor programs, DOD, DOE, NASA. All these government entities 
and quasi government entities have hundreds of thousands of 
visitors who come to their doors each year on legitimate 
business, but they are also collectors, and they bring that 
back to their home country.
    Is that something that we should be concerned about? I 
would say absolutely.
    Mr. Manzullo. Los Alamos?
    Ms. Horan. Los Alamos is an extremely good example.
    Mr. Manzullo. Do you or people that work under you at the 
FBI put on seminars for companies on----
    Ms. Horan. Yes.
    Mr. Manzullo. Do you do seminars like that? The biggest 
city in the congressional district I represent has over 1,500 
industries.
    Ms. Horan. What is that city, sir?
    Mr. Manzullo. Rockford, IL.
    Ms. Horan. Oh, yes.
    Mr. Manzullo. It serves some aerospace fasteners. Of 
course, it is anything that is kept secret, so I am sitting 
here thinking that perhaps you or somebody might be interested 
in having a seminar on how to keep your secrets from being 
stolen.
    Ms. Horan. Well, our Chicago field office would have what 
is called, as all field offices have, an answer program.
    Mr. Manzullo. OK. I really appreciate your coming here. I 
did not hear your testimony, and I am sorry, but I will read 
that.
    We will be in contact with your Chicago office to see if 
the chambers perhaps would have, even if it is a half dozen 
industries. Would that be sufficient to have an agent come out?
    Ms. Horan. One industry would be enough.
    Mr. Manzullo. One industry?
    Ms. Horan. We do them to 1 or 200. It does not matter.
    Mr. Manzullo. Fine. Thank you for coming.
    Ms. Horan. You are very welcome, sir.
    Mr. Manzullo. I really appreciate it. I am sorry about the 
interruption with the bells, but----
    Ms. Horan. Not at all. Very understandable.
    Mr. Manzullo [continuing]. We live by this. Thanks again.
    Ms. Horan. Thank you for your attention.
    Mr. Manzullo. If we could impanel the second panel? If we 
could impanel the second panel before the bell starts again, 
and I guess it is obvious that they are not interested in 
televising your testimony, so I hope you do not feel too badly 
about that.
    To complement the expertise of our first witness, we would 
like to introduce three gentlemen who not only understand this 
issue, but have dedicated a significant amount of their 
professional lives to dealing with this problem.
    First, Dan Swartwood, corporate information security 
manager with Compaq Computer Corporation and primary author of 
``Trends in Intellectual Property Loss Survey Report.'' Dan is 
a retired U.S. Army counterintelligence officer and 
contributing consultant to an independent assessment of the 
White House security program for U.S. Secret Service.
    He is a 14-year member of the American Society for 
Industrial Security, an 8-year member of a standing committee 
on safeguarding proprietary information and an avid reader of 
James Bond novels.
    I threw that in. Next, I would like to introduce Scott 
Charney, a partner with PricewaterhouseCoopers. Scott is a 
former chief of the Computer Crime and Intellectual Property 
Section, Criminal Division, at the Department of Justice. Under 
his watch, his division investigated and prosecuted cases of 
national and international computer hacking, cases of economic 
espionage and violations of Federal criminal copyright and 
trademark laws.
    A former U.S. Attorney and Assistant District Attorney, 
Scott is a published author who has written widely on the 
subject of protection of proprietary information.
    Finally, I would like to introduce Mr. Austin McGuigan, a 
senior partner--is that correct?
    Mr. McGuigan. Correct, sir.
    Mr. Manzullo. That is an Irish name like Manzullo.
    A senior partner at Rome, McGuigan and Sabanosh. He is a 
former Chief State's Attorney for the State of Connecticut, as 
well as a former adjunct professor at the University of New 
Haven. He is the co-author of a number of articles, including 
``How to Use the Economic Espionage Act to Protect Your 
Corporate Assets.''
    Well, this is pretty impressive. Dan, we will start with 
you. I am going to put on a 5-minute clock here and try to 
stick to it a little bit generally.
    Mr. Swartwood. I will make every effort.
    Mr. Manzullo. This is pretty sophisticated. I do not know 
if I can operate it.
    OK. Go ahead.

  STATEMENT OF DAN SWARTWOOD, CORPORATE INFORMATION SECURITY 
 MANAGER, COMPAQ COMPUTER CORPORATION, AND CO-AUTHOR OF TRENDS 
          IN INTELLECTUAL PROPERTY LOSS SURVEY REPORT

    Mr. Swartwood. Mr. Chairman, I want to thank you for the 
opportunity to discuss a topic that often is addressed only as 
a subplot in movies and occasional sensational headlines.
    Mr. Manzullo. And James Bond novels.
    Mr. Swartwood. That topic is economic espionage and its 
impact on American competitiveness.
    For over 20 years, I have worked in a variety of government 
and civilian positions that have helped qualify me to discuss 
this topic. I have also been actively involved, as mentioned, 
in the American Society for Industrial Security international 
survey efforts to assess the impact of intellectual property 
loss for almost 10 years.
    These surveys have continued to indicate that the issue of 
intellectual property loss is growing in both scope and impact. 
As mentioned, the 1999 survey mentioned that direct revenue 
losses were estimated to be as high as $45 billion and there 
were almost 1,000 incidents of loss reported by 45 companies 
alone.
    For the last 5 years I have been the corporate information 
security manager at Compaq Computer, and during that time 
Compaq has grown into the 20th largest American corporation and 
75th largest in the world. Compaq's work force globally exceeds 
100,000 people, and we, along with other major corporations, 
face the challenge of information loss.
    I mentioned earlier that this topic tends to make the 
headlines. Unfortunately, there was just a major incident this 
week. On Monday, it was widely reported that part of the 
Western Union website had been cracked, and 15,000 users' 
credit card information had been stolen. From my perspective, 
the interesting aspect is how this theft occurred.
    It was reported that the site administrators, while 
conducting routine maintenance, had removed security measures 
protecting the site. This is anecdotal, but does support the 
premise discussed in my prepared statement, which is the 
majority of corporate information loss occurred because of one 
of three causes.
    One, a lack of training for and mistakes made by authorized 
members of your work force. Two, the failure on the part of 
administrators to implement and maintain security measures, 
and, three, disgruntled and/or disaffected individuals working 
in your corporation. These issues can cause up to 85 percent of 
all corporate information loss.
    A primary consideration determining how this issue is 
addressed in any corporation is the priority that senior 
management gives it. In any corporation, there are a myriad of 
competing priorities on a constant basis. Security issues tend 
to be addressed as a reaction to unfortunate events. The lack 
of adequate security and training resources can create an 
environment where the question is not if losses will occur. The 
question is when they will occur.
    The surveys indicate that less than 3 percent of all IT and 
security dollars are spent protecting or safeguarding 
electronic or hard copy proprietary information. The vast 
majority of these dollars are spent on physical and electronic 
measures designed to keep outsiders from penetrating corporate 
spaces or networks. These are absolutely essential measures in 
any corporation, but it must be noted, however, that they do 
little to protect information from either the untrained or 
disgruntled insider.
    Few American corporations have the resources to deal with 
economic espionage sponsored by either nations or foreign 
corporations. The Federal Bureau of Investigation and Justice 
Department are actively building a capability to investigate 
such activities, and we welcome the interest and efforts they 
have made to address economic and industrial espionage.
    Corporate espionage, defined as outsiders penetrating 
corporate offices or networks, does occur and can be very 
damaging, but because of my experience and results of the four 
nationwide surveys on intellectual property loss I have been a 
part of, I feel that it is an issue to be addressed, but is not 
the primary concern of corporate America.
    Because the threat to business information is not primarily 
foreign or caused by outsiders does not make it less real or 
less destructive. When a corporation is denied the full benefit 
of their trade secret or innovations, their business suffers, 
and our economy is weakened.
    For the last 4 years, the Federal Government has been 
instrumental in engaging corporate America on the issue of 
infrastructure protection. These efforts are designed to 
protect information and networks of several critical 
infrastructure industries. A similar engagement addressing the 
larger issue of intellectual property loss might cause similar 
improvements in how corporations view this issue and improve 
our competitiveness in the global marketplace.
    I want to thank you for the opportunity to address you 
today and would be pleased to answer any questions you might 
have after the speakers are done.
    [The prepared statement of Mr. Swartwood appears in the 
appendix.]
    Ms. Ros-Lehtinen [presiding]. Thank you so much.
    Mr. Charney.

  STATEMENT OF SCOTT CHARNEY, PARTNER, PRICEWATERHOUSECOOPERS

    Mr. Charney. Thank you, Madam Chairperson. Being mindful of 
Mr. Menendez's comments that you have our written testimony and 
we should feel a little bit free to deviate, I am going to do 
just that.
    In my career I have now been both on the government side at 
the Justice Department responsible for economic espionage, and 
now at PricewaterhouseCoopers I have clients that want economic 
espionage or hacking cases investigated.
    Building on what was said before when the FBI was present, 
there is certainly a reluctance by some industry members to go 
to law enforcement. That has to do with several reasons, but 
the biggest one I see is that for a private victim if they go 
to the government they lose control over the case.
    That is, as a private company that is being victimized they 
can control the investigation, decide how many resources to put 
toward it and call it quits if they choose to do so, whereas 
when you report it to law enforcement then the subpoenas come 
and other kinds of compulsory process, and you have to go 
forward. Most companies do not want to lose that control.
    Having said that, I also want to highlight a few other 
points. I mean, it is absolutely clear that digital information 
is great property of value in the information age. I remember 
many years ago, as far back as 1992, a reporter was asking 
Europeans about the fall of the Soviet Union and what it meant 
that the United States was the world's sole superpower.
    The response of most Europeans was in the new economy it is 
not military power, but economic power that is going to rule, 
and so if Willy Sutton says I go to banks because that is where 
the money is, then competitors are going to say we are going to 
computers because that is where the digital resource is.
    If you look at the surveys that have come out that have 
been referenced in almost all the testimony, both the American 
Society for Industrial Security [ASIS] and surveys by the 
Computer Security Institute, it is clear that the losses are 
mounting. The number of cases is increasing.
    In the Computer Security Institute survey, for example, 
about 20 percent of the respondents out of 585 said that they 
were victims of trade secret information theft, and in terms of 
sheer dollar losses the survey found that the most serious 
losses from all the types of criminal activity listed from 
hacking to other kinds of abuse, the theft of trade secret 
information was the most expensive crime for U.S. businesses 
with 66 respondents reporting over $66 million in losses.
    I would point out, too, that these surveys probably 
represent only the tip of the iceberg because most computer 
crime is neither detected nor reported, so to the extent that 
people are stealing data from computer systems that is 
valuable, it is probably not detected.
    The reason for that is the nature of electronic theft. If I 
steal your car you know because it is gone, but if I steal your 
customer list or a design plan, you still have it and so unless 
you have detected that abuse you will not know that I have it, 
and you will remain comfortable.
    To show just how bad that is, one of the difficulties has 
always been that when you have a supposition, such as most 
computer crimes are neither detected nor reported, how do you 
prove what you do not know? The answer is you do a controlled 
study.
    The Defense Department did just that. They attacked 38,000 
of their own machines. They penetrated security 24,700 times or 
65 percent. Then they went to the system administrators and 
said OK, how many intrusions have you detected, and their 
answer was 988, only 4 percent. Then they went to DISA, the 
Defense Information Systems Agency, and said how many reports 
have you gotten, and the answer was 267 or 27 percent, so it is 
absolutely clear that most of these crimes are probably not 
detected in the first instance, and then they are not reported 
to anyone.
    I would like to conclude by focusing particularly on the 
international aspects of this problem, and I think that there 
are some critical questions that the committee needs to think 
about when thinking about international economic espionage in 
particular. The first is what actually constitutes 
international espionage in the new world order. Is Chrysler an 
American company or a foreign company?
    With all the globalization of businesses, to the extent 
laws and governments are concerned, as rightly they should be, 
about allegiances and whether this is foreign or domestic, I 
think that line is getting increasingly blurry. It is hard to 
tell. That is one problem.
    The second problem is with the growth of the internet, 
particularly with now approximately 165 countries connected, it 
is going to be increasingly difficult to identify the 
perpetrators of these crimes. The reason for that is the 
internet has global connectivity. Hackers have shown the 
ability to weave between countries to hide their tracks.
    In addition to that, there is no authentication or 
traceability on the internet, which means if you know your 
machines are being attacked and people are taking sensitive 
data, it is extremely, extremely hard to find the source.
    [The prepared statement of Mr. Charney appears in the 
appendix.]
    Ms. Ros-Lehtinen. Thank you, Mr. Charney.
    Mr. McGuigan.
    Mr. McGuigan. McGuigan.
    Ms. Ros-Lehtinen. McGuigan. Close enough.
    Mr. McGuigan. Thank you, Madam Chairperson. McGuigan.
    Ms. Ros-Lehtinen. All right. All right.
    Mr. McGuigan. Thank you, Madam Chairperson.
    Ms. Ros-Lehtinen. Congresswoman Johnson and Congressman 
Shays send their best to you. I saw them there on the Floor. 
Actually, they asked me to ask you really hard questions.
    Mr. McGuigan. I understand at least from Congressman Shays 
why he would say that.

STATEMENT OF AUSTIN J. McGUIGAN, SENIOR PARTNER, ROME, McGUIGAN 
  AND SABANOSH, P.C. AND CO-AUTHOR OF HOW TO USE THE ECONOMIC 
         ESPIONAGE ACT TO PROTECT YOUR CORPORATE ASSETS

    Mr. McGuigan. A little bit about my background. I was the 
chief prosecutor in Connecticut from 1977 to 1985. For 4 years 
I was chief of the organized crime task force, and prior to 
that I had 3 years as a special agent in military intelligence.
    For the last 11 years, I have been a plaintiff in many 
uniform trade secret actions throughout the United States, at 
least eight or nine states, so I come from this both as a 
government prosecutor and as an attorney who is prosecuting the 
cases.
    I have written a number of articles about the Economic 
Espionage Act. I assume that everybody agrees that America's 
technological prowess is its real capital and that the reason 
for federalizing this area of criminal activity was that we 
needed that type of protection and expected results.
    I would suggest to the Committee that there has been a 
disquieting dichotomy between the numbers that have been 
provided on estimated losses, $45 billion in 1999, $24 billion 
in another study, and I have cited these studies from time to 
time in the absence of cases.
    Twenty cases, I think only nine of which resulted in any 
incarceration, not significant fines, not a single case under 
1831 which deals with foreign entities, and truly if you call 
it the Economic Espionage Act it seemed it was in the first 
instance directed at foreign espionage.
    There is not a single case that has been developed that 
deals with foreign espionage of all the 20 cases that are 
cited, one of which I believe was dismissed, so that when one 
looks at the record against the alleged losses, one must ask 
why? What is going on? Of course, the reasons are people are 
learning how to do these cases, etc.
    Understandably, the Attorney General agreed to limit the 
number of cases to 50 in the first 5 years, but at this point 
it does not look like they are going to challenge the agreed 
upon limitation so that the number of cases reflects and the 
types of cases that have been taken reflects that so far 
whatever the allocation of resources, and I do not know what 
the government has allocated for resources under the Economic 
Espionage Act, but it does not seem to be returning the kind of 
bang for the buck that one might expect.
    As normally not a fan of the federalization of criminal 
law, recognizing as a former chief state prosecutor that many 
of the federalizations of crimes does not exactly enhance the 
law enforcement activities, but, in any event, this law I felt 
was a law that was needed.
    It was needed because this was truly a national/ 
international problem, but I could say this. I would doubt 
there is any significant deterrent effect that has come out of 
the passage of this Act in the last 4 years. The number of 
cases simply would not augur that people are living in fear of 
being caught stealing trade secrets.
    I have suggested in the material prepared for the Committee 
that at this point it would be something to seriously consider 
creating a private cause of action for individuals and 
companies under the Economic Espionage Act. The Uniform Trade 
Secret Act is presently in force in 38 states, and I believe 
that almost every state has common law trade secret, which 
would be equivalent to the Uniform Trade Secret Act, so there 
are trade secret causes of action in all the states.
    The question is why federalize? Federalizing would direct 
court power in three areas in which it is needed. One is in the 
enforcement of injunctions. Let me explain, having had a number 
of these cases. If one is to get an injunction in say the State 
of Connecticut against an individual who has misappropriated 
trade secrets and that individual moves to Montana, enforcing 
that injunction in Montana is not as simple as one would think 
so that we have to discuss with companies the fact that unless 
we are lucky enough to have diversity, which allows us to have 
Federal jurisdiction, when we have injunctive power of the 
Court we may have problems getting enforcement in a foreign 
jurisdiction.
    Second, I think it would provide for much easier discovery, 
and discovery in uniform trade secret cases, and I take 
economic espionage cases through investigation, is absolutely 
essential, so I would suggest that for that reason a Federal 
cause of action is warranted.
    The third is executing of judgments, execution of judgments 
when people leave states. Although we have uniform execution, a 
judgment is simply not that simple. If one is trying to seize 
assets, once one has a Federal judgment they are in much better 
shape in trying to enforce it.
    The fourth reason. I would suggest that when and if someone 
considers a cause of action that they consider having some type 
of pre-suit discovery orders. In other words, one of the 
problems in developing these cases, while one realizes in a 
company that the technology has been taken to a different 
company because they have developed something and show no 
pattern of having worked on it, one is not able to file an 
action based on the fact that they must have stolen it, so I 
would suggest that similar to the Copyright Act, and I have put 
it in my prepared remarks, that you consider some type of pre-
suit discovery.
    The conclusion is that given the paucity of prosecutions 
that you have, that while criminalization of economic espionage 
may have provided some merit, the real battle is going to have 
to be fought by the people who are losing technology. The 
people who are suffering the losses are going to have to 
finance the war through private causes of action, and that, I 
suggest, would give us better deterrent effect and better 
protect America's technological prowess.
    Thank you.
    [The prepared statement of Mr. McGuigan appears in the 
appendix.]
    Ms. Ros-Lehtinen. Thank you. Those are very good 
recommendations.
    Following up on improvements that we could make to the 
Economic Espionage Act, and I would like to ask all three 
panelists. The Act allows for a protective order preserving the 
confidentiality of a trade secret only if the prosecution 
requests it.
    Does this afford, do you believe, sufficient protection 
against disclosure during legal proceedings? How would you 
propose that this section of the law be improved?
    Mr. McGuigan. Well, I would say, and it was pointed out, 
that companies are afraid they lose control over cases when 
they have the government prosecuting a case and are afraid that 
their trade secret will be disclosed in the case itself so that 
they may in effect win the battle and lose the war.
    I would suggest that the law be amended so that companies--
the government is required to seek the input of the company, 
and if a company is forced to give up the very thing for which 
it was trying in the first instance to protect in order to 
proceed with the prosecution, it should have a say in having 
the prosecution stopped, similar to when the government decides 
that giving up an intelligence informant, they do not wish to 
go further with the case.
    Ms. Ros-Lehtinen. Thank you.
    Mr. Charney.
    Mr. McGuigan. I believe Mr. Charney had also----
    Mr. Charney. Yes. From my days as chief of the computer 
crime section, we grappled with this problem. You have to look 
at this a bit logically, though.
    If the trade secret has already been stolen, the defendant 
has it. If the trade secret has not been stolen or has been 
stolen and not yet used as far as you can tell and you want to 
prohibit its introduction in court, there is a problem with the 
sixth amendment because under the right of confrontation and 
the right to challenge the government's evidence, he has a 
right to challenge the trade secret.
    I will tell you that we had a case where we charged 
attempted theft of a trade secret. The defense asked for the 
trade secret, and we took it up, and we won on the theory that 
since the defendant was only charged with attempt, whether it 
was actually a trade secret was irrelevant, and, therefore, 
there was no need to disclose it.
    The Appellate Court agreed and so we did not have to 
disclose it, but I would just caution the Subcommittee that if 
you are looking at that issue, remember that to some extent the 
defendant has a right to see what he has been accused of 
stealing for purposes of litigating for his defense.
    Ms. Ros-Lehtinen. Thank you.
    Do you have anything to add? Thank you, Mr. Swartwood.
    Mr. Swartwood. I would comment that as the only person on 
this panel that actually works in a corporation, this is a very 
difficult issue. Often not only is it very difficult to make a 
determination that you have lost something, but then after you 
have made that determination or you feel you are comfortable 
that that has occurred, getting that information pushed up into 
the management of the organization and having a reaction, a 
positive reaction to that, is also somewhat problematic.
    It is very difficult with all the concerns that major 
corporations have unless you are talking about some absolutely 
seminal piece of information or something that is considered so 
super critical. It is very difficult sometimes to get any mind 
space with the senior management to address these issues in any 
constructive way.
    Ms. Ros-Lehtinen. Thank you.
    I wanted to ask about the territorial scope of the law 
relating to conduct occurring outside of the United States. 
Some suggest that there are problems with it. They suggest that 
the measure ought to be whether the espionage act committed 
overseas had a substantial effect within the United States.
    Would you disagree or agree with that recommendation, and 
how would you define substantial effect?
    Mr. Charney. I think it is a difficult issue. The law 
already has some extra territorial provisions, as you know, and 
also when there is any conduct in the United States you get 
venue in the United States and so I guess my question would be 
are we looking at cases, for example, where a foreign company 
steals a secret in that country, but it somehow has an impact 
upon the United States.
    I think if the United States were to exercise jurisdiction 
in those kinds of cases we would probably get resistance from 
foreign states about the reach of our law--if that is the 
scenario we are thinking about.
    If, for example, a French company took data from IBM in 
France and because IBM is an American company we said well, 
that has an impact on IBM's corporate profits and earnings, I 
think we would get resistance. That is just my sense.
    Ms. Ros-Lehtinen. Austin.
    Mr. McGuigan. I do not know whose proposition this is a 
problem because I know of no case under 1831 that has even been 
attempted, and I cannot comment on whether or not there is a 
stumbling block because I simply do not see it as a stumbling 
block, and I have not seen a case where someone has planned out 
how it could become a stumbling block. I do not know what 
testimony there is to that effect. I do not know.
    Ms. Ros-Lehtinen. OK. Does the prospect of litigation, the 
threat of litigation or prosecution serve as a true deterrent 
for corporate spies? Are the fines that are levied under this 
Act, the Economic Espionage Act, a true deterrent? How can 
industrial espionage be made less appealing? Do you think more 
prosecution or heavier fines would serve as deterrents?
    For example, should violator companies be sanctioned 
internationally whereby they cannot reap any benefits from the 
stolen information? Should the United States impose duties on 
products from such companies or impose other import or export 
restrictions? What steps can be taken?
    Mr. McGuigan. The fine so far, and I hate to keep taking 
the table. The fine so far is simply in looking through I 
provided a table of all the cases.
    Ms. Ros-Lehtinen. Yes. We have it. Thank you.
    Mr. McGuigan. Simply no one could suggest that the types of 
fines that have been proposed could act as a deterrent----
    Ms. Ros-Lehtinen. Correct.
    Mr. McGuigan [continuing]. If the problem is $45 billion. 
It is simply not--it does not make any sense.
    The only large fine is really a restitution I believe that 
is in the Gillette case where the gentleman sold, I believe, 
the new design for the Mach III razor before it came out. I 
believe it has something to do with that, but that is the only 
large one, and that is really a restitution so there does not 
seem to be any fines.
    I would think that the threat of incarceration is more 
serious for corporations than money, and putting individuals in 
jail is the best deterrent.
    Mr. Manzullo. Yes, but they do not give you razors in jail.
    Mr. McGuigan. I understand that, but I think that----
    Ms. Ros-Lehtinen. Not the Mach III anyway.
    Mr. McGuigan [continuing]. Incarceration is a much better 
deterrent. For foreign companies obviously, fines are going to 
have to be more seriously considered, substantial ones, because 
incarceration is not real.
    Ms. Ros-Lehtinen. Thank you.
    Mr. Swartwood.
    Mr. Swartwood. I think another consideration is that it 
would be difficult I think to try to prove that something was 
taken with the full knowledge and agreement of say the CEO of 
any major corporation.
    My experience in information loss indicates that even the 
perpetrators of such crimes for the most part are acting as 
individuals and not acting necessarily at the behest of another 
corporation. They are doing it for their own personal reasons. 
They are doing it for either personal gain or for some type of 
retribution, etc., and once again I am talking mostly on the 
insiders.
    In external situations, my feeling is that even when 
corporations, if they were involved, it would be at a level of 
the corporation that would not necessarily be considered 
corporate. I mean, you might have someone in a division trying 
to get a short-term gain in an area, and so, I mean, I think 
proving that it would be a corporate level issue could be very 
difficult, especially in a criminal venue.
    Ms. Ros-Lehtinen. Yes?
    Mr. McGuigan. I think my experience has been the opposite. 
In many of the cases I have taken, upper management has been 
involved in the misappropriation, and it has been my experience 
in the criminal law that when one prosecutes low level 
individuals they are able to get those individuals to give up 
the names of the people otherwise involved.
    So absent again incarceration and seriously doing that, I 
do not see how you are going to get to the bottom of who in the 
company is involved.
    Ms. Ros-Lehtinen. Thank you.
    Mr. Manzullo.
    Mr. Manzullo. This is very fascinating. I see two roads 
here. Maybe I am wrong, and you can correct me-- one is an 
inference that says because there have been only 18 
prosecutions, the FBI or Department of Justice is not 
sufficiently and aggressively prosecuting these types of cases. 
Then, on the other hand there is this natural reticence of the 
companies. They would rather take the hit than give a Federal 
agent the opportunity to take a peek at the secret.
    The testimony of the Assistant Director was pretty obvious 
that they have to struggle with companies. She said she would 
put on a seminar for one company just to be able to peak their 
level of inquiry that the FBI is indeed interested.
    Did you want to comment on that, Mr. McGuigan, because you 
seem to draw the----
    Mr. McGuigan. We in Connecticut have incarcerated at state 
court individuals. There are no Federal prosecutions in 
Connecticut, but have had the local gendarmerie prosecute 
individuals and actually incarcerate individuals for 
misappropriation of propriety drawings from one of our 
companies.
    I think that the reasons for the dichotomy I think need to 
be explored between the losses and the lack of cases, but, 
second, I think that it should be longer incarceration because 
summarily dealing with some people is an object lesson for 
others.
    What I am saying is that when you have a case I think you 
have to prosecute it very, very vigorously, and you have to--
when you get substantial time, you will find out who else is 
involved, and that can have a salutary effect on a number of 
other individuals contemplating similar conduct.
    Mr. Manzullo. Yes?
    Mr. Charney. I would just like to build on this question a 
moment because when I was chief of the computer crime section, 
I can tell you that prosecutors salivate over cases like these.
    You know, the first case out of the box was the Four 
Pillars case, which went to trial. We convicted the president 
of a corporation from Taiwan for stealing secrets from Avery 
Dennison. These are good cases with sex appeal. That is not the 
problem.
    If you look at the Computer Security Institute's surveys, 
however, they have done surveys on computer crime from 1996 to 
the year 2000, and in the year 2000 survey what they said was 
one of the most remarkable statistics on computer crime--not 
just trade secrets, but computer crime--was the rapid increase 
in the number of companies willing to report to law 
enforcement. It had gone all the way up to 32 percent.
    You know, one victim out of three was now willing to report 
to law enforcement, up from 17 percent the year before, so if 
you have between one and two, you know, in every 100 cases you 
have roughly 17 reported. That is not a very high statistic.
    I think there is a lot of difficulty within the corporate 
environment in making the determination about whether you 
handle this civilly, whether you cut your losses, remediate and 
get your business up and running again and seek damages through 
civil action or whether you go to law enforcement.
    That is a tough call because when you go to law enforcement 
you get far more publicity than you might want. Then you have 
to worry about shareholders and investors and public relations.
    Mr. Manzullo. Loss of confidence.
    Mr. Charney. Loss of confidence. It is a hard call for a 
CEO whose primary responsibility is to protect the assets of 
the corporation and not to----
    Mr. Manzullo. Especially in light of the fact that the 
penalties are so minimal. That goes back to what you were 
saying. Do companies then opt for civil action, or do they just 
take it on the chin?
    Mr. Charney. No. I am actually now on the private side, and 
the cases that we have been investigating for companies is for 
civil suit purposes, not to go to law enforcement.
    Mr. Manzullo. Are these very difficult cases to try and 
prove?
    Mr. Charney. Like everything else, it is so dependent on 
the evidence. I mean, the Four Pillars case we had someone in 
the company who was being paid off. We flipped him. We put him 
in a hotel room. We had a camera. The president of the foreign 
company was going to see the Forest Hills tennis tournament. We 
had him stop off in the hotel room, and he traded documents for 
money.
    The best part of the case, the documents actually said 
Confidential, and he took scissors and told our informant to 
cut out the word Confidential and throw it away where it would 
not be found.
    That is a great case to try, but in most cases it is far 
more difficult, especially electronic cases because it is very 
hard to trace back to the source, and even if you can trace 
back to the source machine, it does not tell you who is the 
person sitting at the keyboard. If that machine is in another 
country, now you have to figure out if that country has similar 
laws.
    Mr. Manzullo. We just had that. Was it Indonesia where 
the----
    Mr. Swartwood. Philippines.
    Mr. Manzullo. In the Philippines. That shows obviously a 
lack of legal coverage, but only a Philippine law could apply 
there.
    Mr. Charney. That is correct. In fact, there are groups. 
There are three international organizations looking at some of 
these issues. One is the G8, and I used to chair the G8 
subgroup of high tech crime, one is the United Nations, and the 
other is the Council of Europe.
    There is a push internationally to harmonize criminal laws 
in the new economy area, but it is slow. It takes a lot of 
work. Many countries do not quite see the threat. Indeed, we 
have only been waking up to it.
    Mr. Manzullo. Where do you draw the line? When I asked the 
Assistant Director, at what point does something become 
espionage? You earnestly recruit people that are with other 
companies. That goes on all the time. At what point do you 
cross the line? At what point is a crime committed?
    Mr. Charney. I mean, generally we would look at the 
statutory elements first and foremost, and then I hate to say 
this, but it is a little like paraphrasing Potter Stewart on 
obscenity, which is I know it when I see it.
    Most of the cases that were brought to our attention were 
egregious cases where, for example, people, companies, will not 
come to law enforcement and report we had an employee. He got 
hired away by another company. We want you to go investigate.
    In fact, the government would probably say that is a 
perfect civil suit, not a criminal one, because you are in a 
situation where there is going to be a lot of dispute over the 
facts, a lot of questions about whether it is an employment 
dispute or----
    Mr. Manzullo. Scott, let me followup on that. If you have 
an individual that works for one company and is hired away by a 
competitor, how much of his mind has to stop?
    Mr. Charney. Well, the answer is it does not. I mean, 
general knowledge does not have to stop, but specific does. In 
fact, I have seen cases where individuals who have created 
proprietary information then go to another company and recreate 
proprietary information.
    I can tell you in those cases companies are looking at 
civil suits over that issue. They think that crosses the line 
because the second company is producing now the same unique 
product that the first company had and gave them a competitive 
edge in the market.
    Mr. McGuigan. Generally you have a non-disclosure agreement 
in the first place with any high level employee creating that 
type of information so if he breaches the contract in the first 
instance.
    Mr. Manzullo. A non-competitive agreement.
    Mr. McGuigan. Second, if he were claiming it was simply in 
his head, in many cases now there is what is known as 
inevitable disclosure. He is inevitably using the proprietary 
data that he got in the first instance to develop the data for 
another company, so those cases are prosecuted civilly.
    I have been involved in them. I had someone who developed 
software for machinery and then when to work for another 
company 5 years later and developed the same software. We 
successfully sued them and prevented them from doing that.
    Even though he claimed he did not take any of the 
information with him when he left, he had the process by which 
the flow charts for the computer software, which allowed him to 
essentially create it.
    Mr. Manzullo. I have one last question if you do not mind, 
regarding the four suggestions that you made. Mr. McGuigan, you 
mentioned the fact that there is no subject matter 
jurisdiction, that you have to have diversity in order to get 
the Act involved.
    Mr. McGuigan. Correct. You do not have a Federal Economic 
Espionage Act, so you sue in the states. If you were suing a 
citizen of another state and you get diversity, you can----
    Mr. Manzullo. Do you mean if there is no Federal Act?
    Mr. McGuigan. There is no Federal Act now. There is only a 
Federal criminal Act.
    What I am suggesting is they should make the Economic 
Espionage Act and create a civil cause of action under the 
Economic Espionage Act and allow the companies to spend the 
resources to prosecute the cases because they will do it, and 
they will do it when they are confident that they can do it, 
and they will no longer be afraid they are going to lose 
control of the case and the government is going to----
    Mr. Manzullo. So do you think that is one of the problems 
is that there is no Federal cause of action?
    Mr. McGuigan. I think it is clear to me. I never thought as 
a state prosecutor I would be arguing for an expansion of 
Federal jurisdiction, but it is clear to me in this particular 
case.
    Mr. Manzullo. You have come to your senses. OK.
    Mr. McGuigan. It is clear to me.
    Mr. Manzullo. We are moving with electronic commerce that 
moves like that across state lines. That is a little bit 
different.
    Mr. McGuigan. I have come to the conclusion that creating a 
Federal cause of action is really the way to go, and I think 
almost everything was pointed out here today.
    Mr. Manzullo. Which could be tried in a state court. You 
could actually try that case in a state court if the law----
    Mr. McGuigan. You should not have preemption. You should 
have it you can file a Federal cause of action or a state cause 
of action. In other words, you should be allowed to file 
either.
    I do not think there should be a preemption of state 
uniform trade secrets law as has happened in some other areas, 
so I am not suggesting that, and I am not talking about it in 
expansive approaches in the RICO Act. I am just talking about 
creating a cause of action.
    Ms. Ros-Lehtinen. Those are good recommendations.
    Mr. Manzullo. Yes. I appreciate that very much. Thank you.
    Ms. Ros-Lehtinen. I think we will move on that. Thank you 
so much for your excellent testimony. We appreciate it, and we 
will be checking back with you. I am sure as we move on this, 
on these recommendations. Thank you.
    The Subcommittee is now adjourned.
    [Whereupon, at 3:27 p.m. the Subcommittee was adjourned.]
      
=======================================================================




                            A P P E N D I X

                           September 13, 2000

=======================================================================

      
    [GRAPHIC] [TIFF OMITTED] T8684.001
    
    [GRAPHIC] [TIFF OMITTED] T8684.002
    
    [GRAPHIC] [TIFF OMITTED] T8684.003
    
    [GRAPHIC] [TIFF OMITTED] T8684.004
    
    [GRAPHIC] [TIFF OMITTED] T8684.005
    
    [GRAPHIC] [TIFF OMITTED] T8684.006
    
    [GRAPHIC] [TIFF OMITTED] T8684.007
    
    [GRAPHIC] [TIFF OMITTED] T8684.008
    
    [GRAPHIC] [TIFF OMITTED] T8684.009
    
    [GRAPHIC] [TIFF OMITTED] T8684.010
    
    [GRAPHIC] [TIFF OMITTED] T8684.011
    
    [GRAPHIC] [TIFF OMITTED] T8684.012
    
    [GRAPHIC] [TIFF OMITTED] T8684.013
    
    [GRAPHIC] [TIFF OMITTED] T8684.014
    
    [GRAPHIC] [TIFF OMITTED] T8684.015
    
    [GRAPHIC] [TIFF OMITTED] T8684.016
    
    [GRAPHIC] [TIFF OMITTED] T8684.017
    
    [GRAPHIC] [TIFF OMITTED] T8684.018
    
    [GRAPHIC] [TIFF OMITTED] T8684.019
    
    [GRAPHIC] [TIFF OMITTED] T8684.020
    
    [GRAPHIC] [TIFF OMITTED] T8684.021
    
    [GRAPHIC] [TIFF OMITTED] T8684.022
    
    [GRAPHIC] [TIFF OMITTED] T8684.023
    
    [GRAPHIC] [TIFF OMITTED] T8684.024
    
    [GRAPHIC] [TIFF OMITTED] T8684.025
    
    [GRAPHIC] [TIFF OMITTED] T8684.026
    
    [GRAPHIC] [TIFF OMITTED] T8684.027
    
    [GRAPHIC] [TIFF OMITTED] T8684.028
    
    [GRAPHIC] [TIFF OMITTED] T8684.029
    
    [GRAPHIC] [TIFF OMITTED] T8684.030
    
    [GRAPHIC] [TIFF OMITTED] T8684.031
    
    [GRAPHIC] [TIFF OMITTED] T8684.032
    
    [GRAPHIC] [TIFF OMITTED] T8684.033
    
