Artificial Intelligence and Trade Secrets -- Professor Villasenor's Insights

Professor John Villasenor at UCLA has published an interesting and helpful article on AI and trade secrets. He identifies some issues regarding the protection of AI generated trade secrets.  The Brookings Institution has published a summary of his article, here. 

Japanese Universities Having Trouble with Tech Transfer

Nikkei Asia has published an article by Kenjiru Suzuki titled, "Japan's Universities Fail to Make the Most of Intellectual Property: Due to Lack of Support, Patents Only Make 2% Compared to U.S. Schools."  The title provides a nice summary of the article's findings.  Research has pointed to differences between countries and their innovation systems as to why a specific country may not experience the relative success of U.S. universities in technology transfer.  For example, there may be differences in university culture, laws concerning taking a company public, corporate formation laws, laws concerning mergers and acquisitions, tax law, amount of available funding, expected licensing terms, skilled workforce, specific IP and data rights laws, networks of support and engagement, university researcher buy-in, and availability of capital (among other things).  I confess I am surprised that Japan has not realized more success in this area.  

Microsoft Threat Intelligence Report on Cybersecurity Attacks Against Universities

On January 17, 2024, Microsoft released a threat intelligence report concerning cybersecurity attacks against certain university researchers across the West and other countries.  The threat report states, in part:

Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files. In a handful of cases, Microsoft observed new post-intrusion tradecraft including the use of a new, custom backdoor called MediaPl.

Operators associated with this subgroup of Mint Sandstorm are patient and highly skilled social engineers whose tradecraft lacks many of the hallmarks that allow users to quickly identify phishing emails. In some instances of this campaign, this subgroup also used legitimate but compromised accounts to send phishing lures. Additionally, Mint Sandstorm continues to improve and modify the tooling used in targets’ environments, activity that might help the group persist in a compromised environment and better evade detection.

The report is available, here. 

U.S. House Report on Competition with Chinese Communist Party

On December 12, 2023, U.S. House of Representatives, select Committee on the Strategic Competition Between the United States and the Chinese Communist issued a 53 page report titled, “Party, Reset, Present, and Build: A Strategy to Win America’s Economic Competition with the Chinese Communist Party.”  Unsurprisingly, the report notes concerns with market access and intellectual property theft.  The report also takes on U.S. companies, including venture capitalists for funding China’s development, and China's WTO participation.  The report sets forth three pillars with key findings:

Pillar I: Reset the Terms of Our Economic Relationship with the PRC

1. The PRC’s economic system is incompatible with the WTO and undermines U.S. economic security.

2. Despite the heightened risks associated with U.S. investment in Chinese companies, the full extent and distribution of that risk and the implications for U.S. national security and financial stability remain unknown.

3. The United States lacks a contingency plan for the economic and financial impacts of conflict with the PRC.

4. The PRC uses an intricate web of industrial policies, including subsidies, forced technology transfer, and market access restrictions, to distort market behavior, achieve dominance in global markets, and increase U.S. dependency on PRC imports.

5. The widespread adoption of certain PRC-developed technologies in the United States poses a significant risk to U.S. national security and data protection concerns and threatens long-term U.S. technological competitiveness.

Pillar II: Stem the Flow of U.S. Capital and Technology Fueling the PRC’s Military Modernization and Human Rights Abuses

1. American investors wittingly and unwittingly support the PRC’s defense industry, emerging technology companies, and human rights abuses.

2. U.S. export controls have been slow to adapt to rapid changes in technology and attempts by adversaries to blur the lines between private and public sector entities, particularly the PRC’s strategy of Military-Civil Fusion.

3. The Committee on Foreign Investment in the United States (CFIUS) needs additional authorities and tools to effectively evaluate inbound investments from the PRC.

4. The PRC exploits the openness of the U.S. research environment to steal U.S. intellectual property (IP) and transfer technology to advance its economic and security interests to the detriment of the United States.

Pillar III: Invest in Technological Leadership and Build Collective Economic Resilience in Concert with Allies

1. The United States is falling behind in the race for leadership in certain critical technologies.

2. The PRC is gaining on the United States in the race for global talent.

3. By working with allies, the United States can increase U.S. exports, reduce supply chain reliance on the PRC, and counter the PRC’s economic and technology mercantilism.

4. The United States is dangerously dependent on the PRC for critical mineral imports.

5. The United States’ dependence on the PRC for pharmaceutical and medical device supply chains poses a distinct national security risk.

6. Through its Belt and Road Initiative, the CCP has expanded its influence around the world and gained significant positions in key supply chains and strategic infrastructure, such as ports and space facilities.

The findings are followed by specific policy prescriptions. For example, for pillar two, finding four, the policy prescriptions include:

Recommendation 4: Strengthen U.S. research security and defend against malign talent recruitment.

1. Build upon cross-agency disclosure guidance produced under National Security Presidential Memorandum 33 (NSPM-33) by the National Science Foundation (NSF) to mitigate research security risk by requiring all federal research funding applicants to disclose details about past, present, and pending relations and interest with foreign governments, foreign government controlled entities, or entities located in foreign adversary countries, in the past five years for themselves and any key member of their team who will be involved in fundamental research supported by the grant and update such disclosure annually throughout the funding period.

2. Create and maintain an unclassified database using open-source information to keep track of PRC research entities that engage in defense and military research and civil military fusion programs. This database can inform U.S. universities and researchers about current and future research collaborations and help federal grant-providing agencies vet grant proposals for risk mitigation.

3. Enact legislation that would prohibit U.S. entities from engaging in research collaborations with PRC entities involved with military and defense research and development (R&D), to include those that are on the International Trade Administration’s Consolidated Screening List, the Department of Defense’s Chinese Military Companies List, and the U.S. Air Force’s China Aerospace Studies Institute’s list of PRC Defense Science and Technology Key Labs.

4. Require U.S. research institutions to obtain an export control license if they intend to use any export-controlled item that has a clear and distinct national security nexus, during the course of research collaboration on critical and emerging technologies with any foreign adversary entity.

5. Exercise oversight on enforcement of existing rules in Sec. 117 of the Higher Education Act of 1965 (HEA) (P.L. 89–329) that requires U.S. universities to disclose of foreign gifts and contracts reaching certain threshold to the Department of Education.

6. Strengthen Sec. 117 of HEA by requiring U.S. universities to apply the “know-your-customer/donor” rule to understand who the benefactors are for foreign gifts and contracts channeled through U.S.-incorporated 501c(3) entities.

7. Require the Department of State to establish “human rights” and “military end-use” guardrails in any Science and Technology Agreement with the PRC and ensure sufficient consultations with appropriate Congressional committees throughout the negotiation process, as outlined in the Science and Technology Agreement Enhanced Congressional Notification Act of 2023 (H.R. 5245).

8. Require universities that receive federal grants for fundamental research to fully implement NSPM-33, to create and implement risk-based security reviews to detect and counter PRC malign influence and technology transfer risk.

Five Eyes on China: 60 Minutes

Members of the Five Eyes recently provided a brief overview of the threat of technology theft concerning China on the U.S. 60 Minutes show.  The interview includes brief mention of academic security as well as election influence.  The interview can be found, here. 

U.S. Disruptive Technology Strike Force Brings First Cases

The relatively newly created Disruptive Technology Strike Force of the U.S. Department of Justice and U.S. Department of Commerce announced five new cases in May.  These are the first cases brought by the new multi-agency task force.  The press release, in part, states:

The Justice Department today announced criminal charges in five cases and four arrests from five different U.S. Attorney’s offices in connection with the recently launched multi-agency Disruptive Technology Strike Force.

The Disruptive Technology Strike Force is co-led by the Departments of Justice and Commerce to counter efforts by hostile nation-states to illicitly acquire sensitive U.S. technology to advance their authoritarian regimes and facilitate human rights abuses. The Strike Force’s work has led to the unsealing of charges against multiple defendants in five cases accused of crimes including export violations, smuggling and theft of trade secrets.

Two of these cases involve the disruption of alleged procurement networks created to help the Russian military and intelligence services obtain sensitive technology in violation of U.S. laws. In the Eastern District of New York, a Greek national was arrested on May 9 for federal crimes in connection with allegedly acquiring more than 10 different types of sensitive technologies on behalf of the Russian government and serving as a procurement agent for two Russian Specially Designated Nationals (SDNs) operating on behalf of Russia’s intelligence services. In the District of Arizona, two Russian nationals were arrested for their involvement in a procurement scheme to supply multiple Russian commercial airline companies – which were subject to bans from engaging in certain type of commercial transactions – with export-controlled parts and components, including braking technology.

Two of the other cases announced today charge former software engineers with stealing software and hardware source code from U.S. tech companies in order to market it to Chinese competitors. In the Central District of California, a senior software engineer was arrested on May 5 for theft of trade secrets for allegedly stealing source code used in metrology software which is used in “smart” automotive manufacturing equipment. The defendant then allegedly marketed the stolen technology to multiple Chinese companies. In the Northern District of California, a citizen of the People’s Republic of China (PRC) and former Apple engineer is accused of allegedly stealing thousands of documents containing the source code for software and hardware pertaining to Apple’s autonomous vehicle technology. This defendant fled to China and is believed to be working for a PRC-based autonomous vehicle competitor.

The fifth and final case involves a Chinese procurement network established to provide Iran with materials used in weapons of mass destruction (WMDs) and ballistic missiles. In the Southern District of New York, a PRC national is charged with allegedly participating in a scheme to use his employer to conduct transactions with a U.S. financial institution for the benefit of a purported Iranian entity, as part of an effort to provide isostatic graphite, a material used in the production of WMDs, to Iran.

“These charges demonstrate the Justice Department’s commitment to preventing sensitive technology from falling into the hands of foreign adversaries, including Russia, China, and Iran,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “We will not tolerate those who would violate U.S. laws to allow authoritarian regimes and other hostile nations to use advanced technology to threaten U.S. national security and undermine democratic values around the world.”

“Protecting sensitive American technology – like source code for ‘smart’ automotive manufacturing equipment or items used to develop quantum cryptography – from being illegally acquired by our adversaries is why we stood up the Disruptive Technology Strike Force,” said Matthew S. Axelrod, Assistant Secretary for Export Enforcement at the Department of Commerce. “The Strike Force actions announced today reflect the core mission of our Export Enforcement team – keeping our country’s most sensitive technologies out of the world’s most dangerous hands.” 

“The theft of technology and trade secrets from U.S. companies is a threat to our economic and national security,” said Assistant Director Suzanne Turner of the FBI’s Counterintelligence Division. “The charges announced today aren’t the only instances of foreign adversaries trying to steal our technology. Combating the illegal transfer of technology is one of the FBI’s highest priorities, and we will continue to work with our federal partners, including the Department of Commerce, to investigate those who steal U.S. technology to ultimately use it in weapons that threaten us and our allies.”

“The protection of sensitive U.S. technologies has been and continues to be a top priority for HSI,” said Assistant Director James Mancuso of Homeland Security Investigations. “HSI and the partners of the Strike Force will ensure that the U.S. maintains its technologic edge to protect the economic and national security interests of the United States. The Strike Force will be relentless in its pursuit of bad actors that attempt the theft of any sensitive U.S. technologies.”

. . .

Today’s actions were coordinated through the Disruptive Technology Strike Force, an interagency law enforcement strike force co-led by the Departments of Justice and Commerce designed to target illicit actors, protect supply chains, and prevent critical technology from being acquired by authoritarian regimes and hostile nation-states. Under the leadership of the Assistant Attorney General for National Security and the Assistant Secretary of Commerce for Export Enforcement, the Strike Force leverages tools and authorities across the U.S. Government to enhance the criminal and administrative enforcement of export control laws.

An indictment, complaint or criminal information is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

 

US FTC to Ban Noncompete Agreements?

The U.S. Federal Trade Commission has proposed a rule which would essentially bar noncompete agreements.  The FTC’s press release states:

The Federal Trade Commission proposed a new rule that would ban employers from imposing noncompetes on their workers, a widespread and often exploitative practice that suppresses wages, hampers innovation, and blocks entrepreneurs from starting new businesses. By stopping this practice, the agency estimates that the new proposed rule could increase wages by nearly $300 billion per year and expand career opportunities for about 30 million Americans.

The FTC is seeking public comment on the proposed rule, which is based on a preliminary finding that noncompetes constitute an unfair method of competition and therefore violate Section 5 of the Federal Trade Commission Act.

“The freedom to change jobs is core to economic liberty and to a competitive, thriving economy,” said Chair Lina M. Khan. “Noncompetes block workers from freely switching jobs, depriving them of higher wages and better working conditions, and depriving businesses of a talent pool that they need to build and expand. By ending this practice, the FTC’s proposed rule would promote greater dynamism, innovation, and healthy competition.”

Companies use noncompetes for workers across industries and job levels, from hairstylists and warehouse workers to doctors and business executives. In many cases, employers use their outsized bargaining power to coerce workers into signing these contracts. Noncompetes harm competition in U.S. labor markets by blocking workers from pursuing better opportunities and by preventing employers from hiring the best available talent.

“Research shows that employers’ use of noncompetes to restrict workers’ mobility significantly suppresses workers’ wages—even for those not subject to noncompetes, or subject to noncompetes that are unenforceable under state law," said Elizabeth Wilkins, Director of the Office of Policy Planning. “The proposed rule would ensure that employers can’t exploit their outsized bargaining power to limit workers’ opportunities and stifle competition.”

The evidence shows that noncompete clauses also hinder innovation and business dynamism in multiple ways—from preventing would-be entrepreneurs from forming competing businesses, to inhibiting workers from bringing innovative ideas to new companies. This ultimately harms consumers; in markets with fewer new entrants and greater concentration, consumers can face higher prices—as seen in the health care sector.

To address these problems, the FTC’s proposed rule would generally prohibit employers from using noncompete clauses. Specifically, the FTC’s new rule would make it illegal for an employer to:

• enter into or attempt to enter into a noncompete with a worker;
• maintain a noncompete with a worker; or
• represent to a worker, under certain circumstances, that the worker is subject to a noncompete.

The proposed rule would apply to independent contractors and anyone who works for an employer, whether paid or unpaid. It would also require employers to rescind existing noncompetes and actively inform workers that they are no longer in effect.

The proposed rule would generally not apply to other types of employment restrictions, like non-disclosure agreements. However, other types of employment restrictions could be subject to the rule if they are so broad in scope that they function as noncompetes.

This NPRM aligns with the FTC’s recent statement to reinvigorate Section 5 of the FTC Act, which bans unfair methods of competition. The FTC recently used its Section 5 authority to ban companies from imposing onerous noncompetes on their workers. In one complaint, the FTC took action against a Michigan-based security guard company and its key executives for using coercive noncompetes on low-wage employees. The Commission also ordered two of the largest U.S. glass container manufacturers to stop imposing noncompetes on their workers because they obstruct competition and impede new companies from hiring the talent needed to enter the market. This NPRM and recent enforcement actions make progress on the agency’s broader initiative to use all of its tools and authorities to promote fair competition in labor markets.

The Commission voted 3-1 to publish the Notice of Proposed Rulemaking, which is the first step in the FTC’s rulemaking process. Chair Khan, Commissioner Rebecca Kelly Slaughter and Commissioner Alvaro Bedoya issued a statement. Commissioner Slaughter, joined by Commissioner Bedoya, issued an additional statement. Commissioner Christine S. Wilson voted no and also issued a statement.

The NPRM invites the public to submit comments on the proposed rule. The FTC will review the comments and may make changes, in a final rule, based on the comments and on the FTC’s further analysis of this issue. Comments will be due 60 days after the Federal Register publishes the proposed rule. The public comment period will be open soon.

The proposed rule states [I’ve modified this post to include the entire rule.]:

910.1 Definitions

(a) Business entity means a partnership, corporation, association, limited liability company, or other legal entity, or a division or subsidiary thereof.

(b) Non-compete clause.

(1) Non-compete clause means a contractual term between an employer and a worker that prevents the worker from seeking or accepting employment with a person, or operating a business, after the conclusion of the worker’s employment with the employer.

(2) Functional test for whether a contractual term is a non-compete clause. The term non-compete clause includes a contractual term that is a de facto non-compete clause because it has the effect of prohibiting the worker from seeking or accepting employment with a person or operating a business after the conclusion of the worker’s employment with the employer. For example, the following types of contractual terms, among others, may be de facto non-compete clauses:

i. A non-disclosure agreement between an employer and a worker that is written so broadly that it effectively precludes the worker from working in the same field after the conclusion of the worker’s employment with the employer.

ii. A contractual term between an employer and a worker that requires the worker to pay the employer or a third-party entity for training costs if the worker’s employment terminates within a specified time period, where the required payment is not reasonably related to the costs the employer incurred for training the worker.

(c) Employer means a person, as defined in 15 U.S.C. 57b-1(a)(6), that hires or contracts with a worker to work for the person.

(d) Employment means work for an employer, as the term employer is defined in paragraph (c) of this section.

(e) Substantial owner, substantial member, and substantial partner mean an owner, member, or partner holding at least a 25 percent ownership interest in a business entity.

(f) Worker means a natural person who works, whether paid or unpaid, for an employer. The term includes, without limitation, an employee, individual classified as an independent contractor, extern, intern, volunteer, apprentice, or sole proprietor who provides a service to a client or customer. The term worker does not include a franchisee in the context of a franchisee-franchisor relationship; however, the term worker includes a natural person who works for the franchisee or franchisor. Non-compete clauses between franchisors and franchisees would remain subject to Federal antitrust law as well as all other applicable law.

910.2 Unfair Methods of Competition

(a) Unfair methods of competition. It is an unfair method of competition for an employer to enter into or attempt to enter into a non-compete clause with a worker; maintain with a worker a non-compete clause; or represent to a worker that the worker is subject to a non-compete clause where the employer has no good faith basis to believe that the worker is subject to an enforceable non-compete clause.

(b) Existing non-compete clauses.

(1) Rescission requirement. To comply with paragraph (a) of this section, which states that it is an unfair method of competition for an employer to maintain with a worker a non-compete clause, an employer that entered into a non-compete clause with a worker prior to the compliance date must rescind the non-compete clause no later than the compliance date.

(2) Notice requirement.

(A) An employer that rescinds a non-compete clause pursuant to paragraph (b)(1) of this section must provide notice to the worker that the worker’s non-compete clause is no longer in effect and may not be enforced against the worker. The employer must provide the notice to the worker in an individualized communication. The employer must provide the notice on paper or in a digital format such as, for example, an email or text message. The employer must provide the notice to the worker within 45 days of rescinding the non-compete clause.

(B) The employer must provide the notice to a worker who currently works for the employer. The employer must also provide the notice to a worker who formerly worked for the employer, provided that the employer has the worker’s contact information readily available.

(C) The following model language constitutes notice to the worker that the worker’s non-compete clause is no longer in effect and may not be enforced against the worker, for purposes of paragraph (b)(2)(A) of this section. An employer may also use different language, provided that the notice communicates to the worker that the worker’s non-compete clause is no longer in effect and may not be enforced against the worker.

A new rule enforced by the Federal Trade Commission makes it unlawful for us to maintain a non-compete clause in your employment contract. As of [DATE 180 DAYS AFTER DATE OF PUBLICATION OF THE FINAL RULE], the non-compete clause in your contract is no longer in effect. This means that once you stop working for [EMPLOYER NAME]:

• You may seek or accept a job with any company or any person—even if they compete with [EMPLOYER NAME].
• You may run your own business—even if it competes with [EMPLOYER NAME].
• You may compete with [EMPLOYER NAME] at any time following your employment with [EMPLOYER NAME].

The FTC’s new rule does not affect any other terms of your employment contract. For more information about the rule, visit https://www.ftc.gov/legal-library/browse/federal-register-notices/non-compete-clause-rulemaking.

(3) Safe harbor. An employer complies with the rescission requirement in paragraph (b)(1) of this section where it provides notice to a worker pursuant to paragraph (b)(2) of this section.

910.3 Exception

The requirements of this Part 910 shall not apply to a non-compete clause that is entered into by a person who is selling a business entity or otherwise disposing of all of the person’s ownership interest in the business entity, or by a person who is selling all or substantially all of a business entity’s operating assets, when the person restricted by the non-compete clause is a substantial owner of, or substantial member or substantial partner in, the business entity at the time the person enters into the non-compete clause. Non-compete clauses covered by this exception would remain subject to Federal antitrust law as well as all other applicable law.

910.4 Relation to State Laws

This Part 910 shall supersede any State statute, regulation, order, or interpretation to the extent that such statute, regulation, order, or interpretation is inconsistent with this Part 910. A State statute, regulation, order, or interpretation is not inconsistent with the provisions of this Part 910 if the protection such statute, regulation, order, or interpretation affords any worker is greater than the protection provided under this Part 910.

The proposed rule itself is interesting because of its breadth.  It does not make a distinction based on the reasonableness of the restriction, such as taking into account time, geographic scope or level of employment of the worker, such as an executive or researcher.  It does not make a distinction between types of businesses, such as research intensive industries.  It also seems to leave a number of questions open concerning the protection of trade secrets and other valuable know-how.  In some ways the rule is a double-edged sword—a company may lose employees, but may also gain them.  It does seem that it may favor companies with the resources to lure employees of competitors away.  The question of competition between countries and the protection of trade secrets is fascinating as well.  Interestingly, the noncompete rule seems to include agreements for additional consideration such as payment for the agreement not to compete. 

A Compelling Read: New Yorker Article on the U.S. Department of Justice's "China Initiative"

The New Yorker has published an important, fascinating and excellent article concerning Franklin Tao, a university researcher, who was caught up in the U.S. Department of Justice's China Initiative.  The article is titled, "Have Chinese Spies Infiltrated American Campuses," and is authored by Gideon Lewis-Kraus.  The article mostly focuses on Mr. Tao's experience, but also raises numerous important questions about the Trump Administration's China Initiative and its general approach. Notably, the Biden Administration has discontinued that initiative, but see here on addressing "The PRC Threat." The article may be classified as additional proof under the Trump Administration critique: "Can Spot a Problem, But Proposes Unworkable and Likely Ultimately Unproductive Solutions." The article could focus a bit more on how in some technical fields the line between basic and applied research is blurred.  Additionally, the question of industry competitiveness (and dare I say protection) is an important one that has national security implications--especially in a global economy.  This is particularly true where private interests control a significant amount of critical (and other) infrastructure and national governments spend significant amounts of funding on research and development that leads to economic development.  It is important to remember that many universities in the United States are land grant institutions with direction to help develop local economic interests.  The Bayh-Dole Act itself points toward a preference for U.S. economic development.  Moreover, democracy relies upon the trust and the relative prosperity of many of its citizens (the protection of good paying middle class jobs). The article seems to indicate that the big difference between now and past policy concerning approaches to sharing technology with, for example, the Soviet Union, is that the United States is no longer perceived as being "on top."  There may be some truth to that, but I don't think it is the full story: a lot has happened since then besides that fear. The important recommended article is available, here. I hope it stimulates more thought and conversation. 

U.S. Department of Justice Sets Forth New Course for Addressing "The PRC Threat"

The U.S. Department of Justice [DOJ] is pivoting from its now past approach to investigating and prosecuting intellectual property-related issues concerning China.  Notably, the DOJ is attempting to balance the need for the United States to continue to attract research talent from abroad, encourage international collaboration and, at the same time, ensure that there won't be abuse.  Moreover, the DOJ is concerned regarding a perception of civil rights violations in the United States relating to the treatment of Asian-Americans and Chinese nationals arguably connected to some of the DOJ's activities.  [More, here.] Today, Assistant Attorney General Matthew Olsen delivered remarks outlining the broad strokes of the new U.S. approach.  Here are some of his comments:

The PRC Threat

As you can see from these examples, we at the Justice Department confront threats from a variety of nation-state actors. Our new strategy reflects this reality — there is no one threat that is unique to a single adversary.

At the same time, it is clear that the government of China stands apart. So, I want to address how the department’s approach to Chinese government activity fits within our overall strategy.

As the FBI Director publicly noted a few weeks ago, the threats from the PRC government are “more brazen [and] more damaging than ever before.” He is absolutely right: the PRC government threatens our security through its concerted use of espionage, theft of trade secrets, malicious cyber activity, transnational repression, and other tactics to advance its interests — all to the detriment of the United States and other democratic nations and their citizens around the world.

To be clear, we are focused on the actions of the PRC government, the Chinese Communist Party, and their agents — not the Chinese people or those of Chinese descent. As we talk about the threats that the PRC government poses to the United States, we must never lose sight of that fundamental distinction. We must always be vigilant to ensure that no one is treated differently based on race, ethnicity, familial ties, or national origin. This is a foundational commitment of the Department of Justice.

I’ll give you a few examples of what the PRC government is doing.

First, it has targeted U.S. citizens with connections to the intelligence community to obtain valuable government and military secrets. In recent years, we have prosecuted four espionage cases involving the PRC, reflecting a concerted effort to steal our most sensitive information.

Second, the government of China has also used espionage tools and tactics against U.S. companies and American workers to steal critical and emerging technologies. Agents of the PRC government have been caught stealing everything from cutting-edge semiconductor technology to actual seeds that had been developed for pharmaceutical uses after years of research and the investment of millions of dollars.

Third, the PRC government has used malicious and unlawful cyber campaigns to pursue technological advancement and profit. The PRC reaps the benefits of these criminal activities, while the victims, including governments, businesses and critical infrastructure operators, lose billions of dollars in intellectual property, proprietary information, ransom payments and mitigation efforts.

Finally, China’s government has gone to great lengths to silence dissent. It has intimidated journalists and employed a variety of means to attempt to censor and punish U.S. citizens, residents, and companies for exercising their rights to free expression. I mentioned earlier Operation Fox Hunt — the PRC’s illegal effort to coerce the return of certain Chinese dissidents to China — which is just one example.

Strategic Review

Against this backdrop, the department announced the “China Initiative” in 2018. The idea behind the initiative was to develop a coherent approach to the challenges posed by the PRC government. The initiative effectively focused attention on the multi-faceted threat from the PRC. But it has also engendered growing concerns that we must take seriously.

I want to take this opportunity today—discussing our approach to nation-state threats overall—to also address the China Initiative directly.

We have heard concerns from the civil rights community that the “China Initiative” fueled a narrative of intolerance and bias. To many, that narrative suggests that the Justice Department treats people from China or of Chinese descent differently. The rise in anti-Asian hate crime and hate incidents only heightens these concerns. The Department is keenly aware of this threat and is enhancing efforts to combat acts of hate. These efforts are reflected in the Attorney General’s memorandum issued last year following the enactment of the COVID-19 Hate Crimes Act.

There are also increasing concerns from the academic and scientific community about the department’s pursuit of certain research grant fraud cases. We have heard that these prosecutions — and the public narrative they create — can lead to a chilling atmosphere for scientists and scholars that damages the scientific enterprise in this country.

Safeguarding the integrity and transparency of research institutions is a matter of national security. But so is ensuring that we continue to attract the best and the brightest researchers and scholars to our country from all around the world — and that we all continue to honor our tradition of academic openness and collaboration.

In light of these concerns, we began a review soon after I took office. The review’s purpose was forward-looking. The key question was whether this framework still best serves the strategic needs and priorities of the department. While I remain focused on the evolving, significant threat that the government of China poses, I have concluded that this initiative is not the right approach. Instead, the current threat landscape demands a broader approach.

I want to emphasize my belief that the department’s actions have been driven by genuine national security concerns. But by grouping cases under the China Initiative rubric, we helped give rise to a harmful perception that the department applies a lower standard to investigate and prosecute criminal conduct related to that country or that we in some way view people with racial, ethnic or familial ties to China differently.

I began my career as a trial attorney in the Civil Rights Division. The department is committed to protecting the civil rights of everyone in our country. But this erosion of trust in the department can impair our national security by alienating us from the people we serve, including the very communities the PRC government targets as victims. Our reputation around the world for being a country dedicated to civil rights and the rule of law is one of our greatest strengths.

As part of this review, I have paid particular attention to cases involving academic integrity and research security. When it comes to these cases, the National Security Division will take an active supervisory role in the investigations and prosecutions. In evaluating cases moving forward, NSD will work with the FBI and other investigative agencies to assess the evidence of intent and materiality, as well as the nexus to our national or economic security. These considerations will guide our decisions — including whether criminal prosecution is warranted or whether civil or administrative remedies are more appropriate.

In addition, the White House Office of Science and Technology has released new guidance to federal funding agencies, including procedures to correct inaccurate or incomplete prior disclosures. These agencies have primary responsibility for research integrity and security. Where individuals voluntarily correct prior material omissions and resolve related administrative inquiries, this will counsel against a criminal prosecution under longstanding department principles of prosecutorial discretion.

Make no mistake, we will be relentless in defending our country from China. The Department will continue to prioritize and aggressively counter the actions of the PRC government that harm our people and our institutions. But our review convinced us that a new approach is needed to tackle the most severe threats from a range of hostile nation-states.

NSD’s Approach Moving Forward

Going forward, the National Security Division will pursue this work guided by our Strategy for Countering Nation-State Threats. Our recent experience confronting the varied threats posed by the Chinese government has shown that a multi-faceted challenge demands an integrated and multi-faceted response. We need to expand our approach to these threats by recognizing the capabilities of each hostile nation and the full spectrum of activity each country undertakes to achieve its goals. And we must align our capabilities, tools and resources with those across the federal government to meet and counter these threats.

Our work will be informed by three strategic imperatives.

First, we must continue to defend core national security interests and protect our most sensitive information and resources. We will continue to aggressively investigate and prosecute espionage, export control and sanctions violations, and interference with our critical infrastructure.

Second, we must protect our economic security and prosperity, including key technologies, private information about Americans and supply chains and industry. We will bring all tools to bear, including the regulatory authorities of the Committee on Foreign Investment in the United States and Team Telecom — as well as criminal process where appropriate — to prevent and mitigate harms from economic espionage, hostile manipulation and cyber-enabled malicious activity.

Third, we must defend our democratic institutions and values to ensure that the promise of freedom remains a reality in the face of rising authoritarianism. We remain steadfast in our commitment to preventing malign influence inside our borders and to promoting freedom of expression and democracy against corrupt and repressive forces.

As we move forward, the department remains committed to confronting any nation that threatens U.S. national security, economic security or our democratic institutions and freedoms.

We will use all the legal tools in our arsenal to combat these threats. The cornerstone of our work at the Justice Department is to investigate and prosecute crimes sponsored by hostile governments and their agents. This includes prosecuting state agents for espionage, hacking campaigns against our government and the private sector, and the repression of critics, as well as efforts to manipulate public discourse in the United States.

In addition to our criminal enforcement work, NSD will use our civil and administrative tools to mitigate threats from foreign investment activity and foreign interests that seek to secretly influence public opinion in the United States.

We also will support broader whole-of-government efforts — which include diplomatic engagement, the use of economic tools and resilience building in communities within the United States and abroad — to address these threats. We will reach out, along with our federal partners, to build trust with affected communities to understand their public safety needs, and to ensure they feel comfortable reporting crimes and incidents.

Finally, we will continue to engage with democratic allies to share information and to discuss how we can make our partner countries more secure. Together, we will develop strategies for effectively responding to these grave threats to the rule of law and to our economic integrity.

Conclusion

The United States is a beacon for people all over the world who seek to live in an open and democratic society. It is our duty in the National Security Division to protect the United States from the myriad threats we face, while staying true to the Constitution and the values of the Justice Department. I know that this commitment to securing equal justice while defending our national security is shared by everyone in the National Security Division and the Department of Justice.  [The full comments are available, here.]

US Treasury Department CFIUS Proposed Regulations Released

The U.S. Treasury Department has recently issued new regulations for review concerning the Committee on Foreign Investment in the United States (CFIUS).  CFIUS reviews transactions implicating national security concerns.  The Fact Sheet concerning the new proposed regulations from the U.S. Treasury Department states: 

FIRRMA Provisions on Non-Controlling Investments

FIRRMA expands CFIUS’s jurisdiction beyond transactions that could result in foreign control of a U.S. business to also include a non-controlling investment, direct or indirect, by a foreign person that affords the foreign person: 

access to any material nonpublic technical information in the possession of the U.S. business;  membership or observer rights on the board of directors or equivalent governing body of the U.S. business or the right to nominate an individual to a position on the board of directors or equivalent governing body; or any involvement, other than through voting of shares, in substantive decisionmaking of the U.S. business regarding— the use, development, acquisition, safekeeping, or release of sensitive personal data of U.S. citizens maintained or collected by the U.S. business; the use, development, acquisition, or release of critical technologies; or the management, operation, manufacture, or supply of critical infrastructure.  

This new authority only applies to a non-controlling investment in a U.S. business that:  produces, designs, tests, manufactures, fabricates, or develops one or more critical technologies;   owns, operates, manufactures, supplies, or services critical infrastructure; or maintains or collects sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security.

FIRRMA also requires that CFIUS prescribe regulations that further define the term “foreign person” in the context of non-controlling investments by specifying criteria to limit its applicability over certain categories of foreign persons.

Key Aspects of the Proposed Regulations Regarding “Covered Investments”

Types of investments covered:  Non-controlling investments that afford a foreign person certain access, rights, or involvement in certain U.S. businesses (referred to as “covered investments”).

Largely a voluntary process:  Process remains largely voluntary, where parties may file a notice or submit a short-form declaration notifying CFIUS of a covered investment in order to receive a potential “safe harbor” letter (after which CFIUS does not initiate a review of a transaction except in certain limited circumstances).  In some circumstances, filing a declaration for a transaction is mandatory.  In particular, FIRRMA creates a mandatory declaration requirement for specified covered transactions where a foreign government has a “substantial interest”.  Additionally, FIRRMA authorizes CFIUS to mandate declarations for covered transactions involving certain U.S. businesses that produce, design, test, manufacture, fabricate, or develop one or more critical technologies.  

U.S. businesses covered:  The new provisions on covered investments only apply to investments in U.S. businesses involved in specified ways with critical technologies, critical infrastructure, or sensitive personal data—referred to as “TID U.S. businesses” for technology, infrastructure, and data.  

 Critical technologies:  CFIUS may review transactions related to U.S. businesses that design, test, manufacture, fabricate, or develop one or more critical technologies.  “Critical technologies” is defined to include certain items subject to export controls and other existing regulatory schemes, as well as emerging and foundational technologies controlled pursuant to the Export Control Reform Act of 2018.  

 Critical infrastructure:  CFIUS may review transactions related to U.S. businesses that perform specified functions—owning, operating, manufacturing, supplying, or servicing—with respect to critical infrastructure across subsectors such as telecommunications, utilities, energy, and transportation, each as identified in an appendix to the proposed regulations.  

 Sensitive personal data:  CFIUS may review transactions related to U.S. businesses that maintain or collect sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security. “Sensitive personal data” is defined to include ten categories of data maintained or collected by U.S. businesses that (i) target or tailor products or services to sensitive populations, including U.S. military members and employees of federal agencies involved in national security, (ii) collect or maintain such data on at least one million individuals, or (iii) have a demonstrated business objective to maintain or collect such data on greater than one million individuals and such data is an integrated part of the U.S. business’s primary products or services.  The categories of data include types of financial, geolocation, and health data, among others.  Genetic information is also included in the definition regardless of whether it meets (i), (ii), or (iii).  

 Foreign person and excepted investor:  The regulations create an exception from “covered investments” for certain foreign persons defined as “excepted investors” based on their ties to certain countries identified as “excepted foreign states,” and their compliance with certain laws, orders, and regulations.  The regulations do not except these persons from control transactions previously subject to CFIUS jurisdiction; investments from all foreign persons remain subject to CFIUS’s jurisdiction over transactions that could result in foreign control of a U.S. business.

FIRRMA Provisions on Real Estate Transactions

In FIRRMA, Congress authorized CFIUS to review “the purchase or lease by, or a concession to, a foreign person of private or public real estate that”

“is, is located within, or will function as part of, an air or maritime port…” 

“is in close proximity to a United States military installation or another facility or property of the United States Government that is sensitive for reasons relating to national security;”

 “could reasonably provide the foreign person the ability to collect intelligence on activities being conducted at such an installation, facility, or property; or”

 “could otherwise expose national security activities at such an installation, facility, or property to the risk of foreign surveillance.”

 Pursuant to FIRRMA, this authority does not extend to “a single ‘housing unit.’”  This authority also does not apply to “real estate in ‘urbanized areas’ . . . except as otherwise prescribed by [CFIUS] in regulations in consultation with the Secretary of Defense.” (emphasis added)

 FIRRMA directs CFIUS to “prescribe regulations to ensure that the term “close proximity” refers only to a distance or distances within which the purchase, lease, or concession of real estate could pose a national security risk.”

 FIRRMA also requires that CFIUS prescribe regulations that further define the term “foreign person” for real estate transactions by specifying criteria to limit its applicability over certain categories of foreign persons.

The full text of the regulations is available, here. 

Mayer Brown Cybersecurity and Data Privacy Report

The law firm of Mayer Brown has published its 2019 Outlook: Cybersecurity and Data Privacy Report.  The 20 page Report warns that cybersecurity breaches are likely to increase in 2019.  Helpfully, the Report provides an overview of numerous new and potentially forthcoming regulatory changes in the United States and other countries.  For example, the Report covers U.S. Department of Transportation and Federal Drug Administration regulation.  The Report also raises the National Association of Insurance Commissioners model data security law that was adopted by the state of South Carolina, Ohio and Michigan.  The Report also covers some potential differences in law across countries such as maintaining privilege and preserving documents in anticipation of litigation.  On trade secrets, the Report notes:

Trade Secret Theft. Companies should expect the current Administration to remain focused on the threat to American economic prosperity and national security posed by economic espionage in 2019. In 2015, China and the United States publicly committed to not engage in the cyber-enabled theft of intellectual property for commercial gain. Recent statements from senior administration officials and high-profile indictments brought by the Department of Justice indicate the view of some leading government officials that China has failed to adhere to that commitment. For example, the Department of Justice indicted two Chinese nationals associated with the Chinese Ministry of State Security of numerous hacking offensives associated with a global campaign to steal sensitive business information. Congress is also likely to consider legislative responses to trade secret theft and economic espionage. These actions suggest that 2019 is likely to see further disputes with China over cyber theft of trade secrets. Companies—especially those in industries that have previously been targeted by espionage campaigns— are likely to benefit from tracking developments in this space.

President Trump noted that he is continuing to push China on cybersecurity issues concerning trade secret theft in his recent State of the Union address:

We are now making it clear to China that after years of targeting our industries, and stealing our intellectual property, the theft of American jobs and wealth has come to an end.

Therefore, we recently imposed tariffs on $250 billion of Chinese goods -- and now our Treasury is receiving billions of dollars a month from a country that never gave us a dime. But I don't blame China for taking advantage of us -- I blame our leaders and representatives for allowing this travesty to happen. I have great respect for President Xi, and we are now working on a new trade deal with China. But it must include real, structural change to end unfair trade practices, reduce our chronic trade deficit, and protect American jobs.

Mayer Brown has also issued a discussion of the European Union Agency for Network and Information Security ("ENISA") 2018 Threat Landscape Report. 

The Issue with China and the United States: What to do about the theft of industrial trade secrets?

The Washington Post Editorial Board recently published an opinion piece, titled “The U.S. must take action to stop Chinese industrial espionage,” which strongly condemns China’s alleged theft of trade secrets.  The Editorial Board pointed to the recent indictment concerning DRAM trade secrets allegedly stolen from Micron, a U.S. based company.  The piece notes that a worker from Micron joined a state-supported Chinese company along with other employees--carrying with them trade secrets.  The editorial ends with the statement that, “In the end, China will only respond to compulsion.”  This is a powerful indictment of China from one of the leading newspapers in the United States.  The editorial can be found, here.  

The question is what are the next steps to exercise “compulsion."  This situation is somewhat different than the Chinese government requiring the disclosure of trade secrets for essentially market access to China. Indeed, even for non-state owned Chinese companies, my understanding is that the Chinese government is involved in technology development even in early stages and exercises a veto power over the direction of technology development. Recently, the Chinese government announced a ban on all new computer games in China.  As I've mentioned in a prior post, this could be a case of rogue Chinese employees attempting to become wealthy who may not be acting with express approval of the Chinese government; although perhaps with tacit approval of the government or willful blindness of the government.  Of course, this ultimately is to the great benefit of China.  However, what is our response?  That is the very difficult question the editorial does not address.  We all know there is an issue.  

Moreover, the problem with trade secrets is that once they are disclosed it is very hard if not impossible to put them back in the box.  Once we've lost it; it's likely lost irrevocably.  And, I don't think putting a few people in prison is going to provide much general deterrence to similar behavior.  Will we start seizing assets--does it matter from whom?  That seems unlikely to be smart--our interests are so intertwined now.  As I've mentioned before, will we attempt to ban all Chinese citizens from working or studying in the United States?  Is that in the best interest of our country?  That may not stop the bleeding of information through cybertheft.  More tariffs?  Does that work?

IP, Digital Trade and the New "NAFTA"

The United States Trade Representative has released a summary of some of the highlights concerning IP and the new “NAFTA” between the United States, Canada and Mexico.  The USMC agreement (United States Marine Corps or What We Say -- I'm making a joke.) summary states, in part:

UNITED STATES–MEXICO–CANADA TRADE FACT SHEET Modernizing NAFTA into a 21st Century Trade Agreement

The United States, Mexico, and Canada have reached an agreement to modernize the 24-year-old NAFTA into a 21st century, high-standard agreement. The new United States-Mexico-Canada Agreement (USMCA) will support mutually beneficial trade leading to freer markets, fairer trade, and robust economic growth in North America.

INTELLECTUAL PROPERTY

The United States, Mexico, and Canada have reached an agreement on a modernized, high-standard Intellectual Property (IP) chapter that provides strong and effective protection and enforcement of IP rights critical to driving innovation, creating economic growth, and supporting American jobs.

Key Highlights: Protections for United States Innovators and Creators

The new IP Chapter will:

• Include 10 years of data protection for biologic drugs and a robust scope of products eligible for protection.
• Require full national treatment for copyright and related rights so United States creators are not deprived of the same protections that domestic creators receive in a foreign market.
• Continue to provide strong patent protection for innovators by enshrining patentability standards and patent office best practices to ensure that United States innovators, including small- and medium-sized businesses, are able to protect their inventions with patents.
• Include strong protection for pharmaceutical and agricultural innovators.
• Require a minimum copyright term of life of the author plus 70 years, and for those works with a copyright term that is not based on the life of a person, a minimum of 75 years after first authorized publication.
• Require strong standards against the circumvention of technological protection measures that often protect works such as digital music, movies, and books.
• Establish appropriate copyright safe harbors to provide protection for IP and predictability for legitimate enterprises that do not directly benefit from the infringement, consistent with United States law.
• Provide important procedural safeguards for recognition of new geographical indications (GIs), including strong standards for protection against issuances of GIs that would prevent United States producers from using common names, as well as establish a mechanism for consultation between the Parties on future GIs pursuant to international agreements.
• Enhance provisions for protecting trademarks, including well-known marks, to help companies that have invested effort and resources into establishing goodwill for their brands.

Key Achievement: Most Comprehensive Enforcement Provisions of Any Trade Agreement

For the first time, a trade agreement will require all of the following:

• Ex officio authority for law enforcement officials to stop suspected counterfeit or pirated goods at every phase of entering, exiting, and transiting through the territory of any Party.
• Express recognition that IP enforcement procedures must be available for the digital environment for trademark and copyright or related rights infringement.
• Meaningful criminal procedures and penalties for unauthorized camcording of movies, which is a significant source of pirated movies online.
• Civil and criminal penalties for satellite and cable signal theft.
• Broad protection against trade secret theft, including against state-owned enterprises.

Key Achievement: Strongest Standards of Protection for Trade Secrets of Any Prior FTA

In particular, the Chapter has the most robust protection for trade secrets of any prior United States trade agreement.  It includes all of the following protections against misappropriation of trade secrets, including by state-owned enterprises: civil procedures and remedies, criminal procedures and penalties, prohibitions against impeding licensing of trade secrets, judicial procedures to prevent disclosure of trade secrets during the litigation process, and penalties for government officials for the unauthorized disclosure of trade secrets. 

DIGITAL TRADE

The new Digital Trade chapter contains the strongest disciplines on digital trade of any international agreement, providing a firm foundation for the expansion of trade and investment in the innovative products and services where the United States has a competitive advantage. 

Key Highlights of the Digital Trade Chapter

The new Digital Trade chapter will:

• Prohibit customs duties and other discriminatory measures from being applied to digital products distributed electronically (e-books, videos, music, software, games, etc.).
• Ensure that data can be transferred cross-border, and that limits on where data can be stored and processed are minimized, thereby enhancing and protecting the global digital ecosystem.
• Ensure that suppliers are not restricted in their use of electronic authentication or electronic signatures, thereby facilitating digital transactions.
• Guarantee that enforceable consumer protections, including for privacy and unsolicited communications, apply to the digital marketplace.
• Limit governments’ ability to require disclosure of proprietary computer source code and algorithms, to better protect the competitiveness of digital suppliers.
• Promote collaboration in tackling cybersecurity challenges while seeking to promote industry best practices to keep networks and services secure.
• Promote open access to government-generated public data, to enhance innovative use in commercial applications and services.
• Limit the civil liability of Internet platforms for third-party content that such platforms host or process, outside of the realm of intellectual property enforcement, thereby enhancing the economic viability of these engines of growth that depend on user interaction and user content.