Yet, as a society, we must still pay serious attention to theft the traditional way: from the inside by current or exiting employees whose motives may include money or revenge.
A few recent cases:
- A former Boeing engineer was sentenced last February to 16 years in prison for stealing trade secrets relating to rockets for use by the Chinese.
- A former DuPont engineering employee was sentenced in March 2010 to 18 months in prison for stealing information to a Korean company.
- Three former Starwood Hotel executives stole confidential documents on a "life-style" hotel concept which they took to Hilton. This led to a court settlement last December that includes a substantial (undisclosed) payment by Hilton and an order enjoining Hilton for entering this line of business for two years. A New York grand jury is still evaluating whether a crime was committed.
- A Dow Chemical scientist was charged last year with economic espionage for China under a statute passed in 1996 to address the growing problem of commercial theft in a highly competitive global economy.
This threat of inside theft is especially salient at a time of accelerating technological competition among commercial entities in both developed and developing markets. Although the information may be private, the implications for national security and foreign policy may still be significant as economic growth and technological advancement are core national interests of most countries.
And major corporations do expend significant resources on cybersecurity (although there is still much to be done) and on the historic task of making sure that proprietary information is not disclosed to outsiders in more conventional settings. But unless they have sensitive technology that is part of a formal classified military program, companies rarely can afford detailed security checks on potential employees at the hiring stage. Nor at the time of promotion into sensitive positions, do they usually explore the risk of theft. And, when employees exit, it can be very difficult to ensure that they have not secreted away important information properly lodged on their computers in the past for future improper use.
The Renault and WikiLeaks cases remind us that, even in this computer age, real people inside real institutions have quotidian access to real information and do not need sophisticated computer techniques to steal real, important secrets. The Economic Espionage Act of 1996 gives federal prosecutors the means to attack these insider thefts, and the head of the Criminal Division has said this should be a DoJ priority. So, too, corporate programs relating to their own employees need to be reevaluated in light of new global competitive realities.
In short, the efforts on cybersecurity against outside attackers needs to be matched by efforts in preventing theft by insiders the old-fashioned way.