Valspar Corporation is a Minnesota company which specializes in the development and manufacture of paints and chemical coatings for a variety of consumer, industrial and marine products (Valspar Corporation, 2017). Beginning in 2006, David Yen Lee served as a technical director in the company's architectural coatings group. His job at the company included identifying newly emergent painting technologies and coordinating R&D activities being performed at paint laboratories and at the firm's subsidiary in the People's Republic of China (Federal Bureau of Investigation, 2010). However, while working at Valspar, Lee anticipated advancing his career by seeking higher level positions with Valspar competitors. In preparation for this career change, Lee began to surreptitiously download onto his company-owned computer proprietary information related to Valspar products, R&D and business plans (U.S. v. David Yen Lee, 2009). This proprietary information included (I) technical documents; (2) information on raw materials; (3) cost and strategic planning/marketing data; and (4) 160 formulas for Valspar products (Coe, 2010). This proprietary information was maintained by Valspar as organizational trade secrets and had an estimated market value ranging between $7 million and $20 million (Federal Bureau of Investigation, 2010; Coe, 2010; Thompson, Hoidal, Bluvshtein, & Waltz, 2017). Data related to one product formula (jointly developed by Valspar and a strategic partner) threatened a $600 million annual revenue stream for the company (Shiffman, 2009). Lee conducted this industrial espionage activity during a five-month period beginning in November of 2008 (Federal Bureau of Investigation, 2010; Coe, 2010).
Paralleling his activities as both a research scientist and industrial spy at Valspar, Lee also began to investigate other employment options with Valspar competitors located in the People's Republic of China (Federal Bureau of Investigation, 2010; Coe, 2010). These negotiations resulted in Lee being offered a job at Nippon Paint as vice president of technology and administrator of R&D (Federal Bureau of Investigation, 2010; Coe, 2010). Lee's start date for this new position was April I, 2009 and he planned on leaving the United States by scheduled airline on March 27, 2009. On March 10, Lee began the transfer of proprietary data from his corporate-owned laptop computer to external storage devices. This upload transferred 44 gigabytes of proprietary data/trade secrets to his personally owned thumb/flash drives (Shiffman, 2009; Joshn, Kahnke, Turoski, & Ubel, 2017). Subsequent to these information transfers, Lee notified Valspar of his intention to separate from the company on March 16, 2009 (Federal Bureau of Investigation, 2010).
At the time of this notification, Valspar immediately requested Lee to surrender both his company-owned laptop computer and Blackberry device (Shiffman, 2009). Two days later, Valspar information technology specialists undertook a forensic examination of Lee's corporate laptop computer. This forensic analysis revealed that all of the computer's temporary files, emails and browser history had been deleted, which suggests that Lee had taken steps to clean his computer user history. Second, Valspar found a hidden file containing unauthorized software programs including a data copying program. Third... approximately 44 gigabytes of data including trade secret information, had been downloaded without authorization from Valspar's computer server onto Lee's work computer (Shiffman, 2009, p. 3).
Valspar immediately contacted the Federal Bureau of Investigation and communicated their suspicion that Lee may have misappropriated or stolen company trade secrets. Upon review of the forensic analysis of the company-owned laptop, the FBI concurred with Valspar's allegations regarding Lee's theft of trade secrets. A search warrant was executed for Lee's dwelling and belongings on March 26, 2009. This search by the FBI resulted in the discovery of a thumb drive containing the stolen trade secrets in the suspect's luggage. Lee was summarily arrested for violations of 18 USC 1832 (Theft of Trade Secrets). This arrest occurred one day prior to his planned departure for the People's Republic of China. Valspar executives concluded that without
our internal evidence we wouldn't have been able to stop Lee. He would be in China today with our formulas and 44 Gigabytes of our sensitive data... Like most companies Valspar had reasonably good security against outside intrusions, but little security against a "trusted employee. (Joslin et al., 2017, p.15-16) David Yen Lee subsequently pleaded guilty to one count of trade secret theft and was sentenced to 15 months imprisonment in a federal correctional facility (Coe, 2010).
The Valspar case is typical of many of the trade secret losses experienced by U.S. companies. While much attention has been focused upon assessing and countering the external cyber vulnerabilities of organizations (Wortzel, 2013; Office of the Executive Office of the President, 2013; Sanger & Perlroth, 2015; Sentonas, 2014; Center for Strategic and International Studies, 2014), the fact remains that most trade secrets are lost due to acts of theft or negligence committed by a firm's own employees (Fitzpatrick et al., 2004; Fitzpatrick & Dilullo, 2015; Shey, 2013; Boni, 1999). Security experts have proposed that these employee-centered vulnerabilities require organizations to adopt a variety of security measures which are designed to prevent IP (intellectual property) theft through the (a) active monitoring and physical searches of organizationally-owned assets and employee belongings; and (b) the regulation of personal electronic devices used by employees in their work environment (Secunda, 2012; Ciocchetti, 2011; Robertson & Kanaga, 2008). While these security measures may assist organizations in better protecting their IPs, they also have the potential of increasing their legal liabilities with respect to potential violations of privacy and labor laws (Chow, 2014). The purpose of the present paper is to examine (1) the common methods of industrial espionage often utilized by employees and value chain partners [VCPs] to steal trade secrets (Fitzpatrick & Dilullo, 2015; PriceWatershouseCoopers, 2014; Shey, 2013; CERT, 2016; Lyndrup, 2013; Trzeciak, 2012); (2) corporate counter intelligence/security measures designed to prevent IP theft (CERT, 2016; Trzeciak, 2012); and (3) the legal challenges and potential liabilities for trade secret security programs and investigations in organizations (Center for Responsible Enterprise and Trade, 2012; Ciocchetti, 2011; Bevan v. Smartt, 2004; Stengart v. Loving Care Agency, Inc.,
2010, Randall's FoodMarkets, Inc. v. Johnson, 1995).
THE LEGAL BASIS AND PROTECTION OF TRADE SECRETS
Trade secrets constitute a special form of intellectual property (IPs) which differs significantly from traditional IPs such as patents, copyrights and trademarks (Fitzpatrick & Dilullo, 2013). Traditionally, these latter forms of intellectual properties derive their value from securing formal governmental recognition of an inventor's (a) ownership rights; (b) commercial rights to exclusively exploit their creations; and (c) prohibitions/sanctions against those persons or organizations who would violate the legally sanctioned ownership rights of inventors (Mann & Roberts, 2011). Conversely, as IPs, trade secrets derive their protections and economic value in an entirely different manner. As defined by the Uniform Trade Secrets Act (1985), trade secrets represent IPs which include
information, including a formula, pattern, compilation, program, device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. (Uniform Trade Secrets Act of 1985, Sec. 1 (4). Thus, in order to establish legal protections for trade secrets, owners of these types of IPs must initiate appropriate security measures to prevent proprietary information from either becoming public knowledge or being illicitly utilized by other persons/entities (Religious Technology Center v. Netcom On-Line Communication Services, 1995). In the United States, the deployment of these security precautions is often evidenced by the trade secret owners (I) advising employees that certain IPs have been designated as organizational trade secrets and subsequently limiting employee access to these trade secrets on a "need to know" basis; (2) visually identifying specific categories of proprietary information as secret or confidential; (3) reinforcing information security through the use of nondisclosure agreements among persons with knowledge of organizational trade secrets; (4) creating policies for screening proposed presentations/publications by employees for potential disclosure of proprietary information; and (5) use of physical, mechanical or electronic devices to control or limit access to trade secrets (Van Arnam, 2001;Religion Technology Center v. Netcom On-line Communication Services, 1995; Fink, 2002; Sanders, 2006).
The development and application trade secret law has evolved over a period of centuries (Padilla-Torres, I99I). This legal evolution has sought to create protections for trade secrets based upon (I) cultural norms and common law; (2) the Restatement of Torts; and (3) statutory law at both the state and federal level in the United States (Fisk, 2001; Graves, 2007; Bodie, 2017; Uniform Trade Secrets Act, 1985; Economic Espionage Act, 1996; Defend Trade Secrets Act, 2016; Restatement of Torts, 1977, Restatement of Employment Law, 2015).
Cultural and Common Law Origins of Trade Secret Law