The Current and Future Legal Climate Surrounding Corporate and Political Espionage

Introduction

A key moral topic in society to analyze is the ethics of corporate and political espionage and its effects on modern day society in the corporate and public world, particularly focusing on the social, economic, and legal issues surrounding modern-day espionage. While corporate espionage is clearly illegal and unethical as people and corporations are entitled to their own intellectual property and personnel, there are moral gray areas that bring into question what corporate espionage is and if it speeds up society. Ethical business practices encourage fair competition, innovation, and progress. When companies resort to espionage, the majority believes that innovation is stifled, and as a result, corporations begin to have an overreliance on stolen ideas instead of investing in research and development. However, despite governmental legislation about economic espionage, the act still occurs today, oftentimes in more discreet or sophisticated ways located in the legal and ethical gray areas of our society. These legal loopholes and sometimes illegal activities that many within the general public would consider espionage and unethical include employees sharing former companies’ trade secrets, blackmail, and extortion for information. These legal loopholes are therefore highly relevant in the modern world because, while directly stealing other companies’ trade secrets is unethical, there are a lot of gray areas both legally and ethically involving the extent to which committing certain actions should be considered and prosecuted as corporate espionage.

Unlike many other ethical topics, espionage has been researched by thousands of credible security experts and researchers within corporations and governments who have had real life experience with espionage cases and their legal and societal impacts. While the major issues pertaining to espionage as a whole are more important to recognize, it is important to look at some real life espionage cases to get a better picture of how espionage actually functions in the real world. Companies and countries have gotten more and more sophisticated in the espionage world, putting innovative companies with cutting-edge technologies at risk of security breaches and leaks that could be worth millions in the bigger picture. The research gathered has shown that current legal legislation regarding corporate and political espionage is outdated both domestically in the United States and internationally and needs to be made more clear to include corporate protection against cyber-espionage as society heads deeper and deeper into the digital age.

Literature Synthesis

The Current Legal Landscape Around Corporate and Political Espionage

Major Legislation Acts Taken throughout history

Espionage has been a problem around the world for centuries and there has been major legislation surrounding espionage for decades. The most groundbreaking legislation in recent decades is the Economic Espionage Act of 1996 (EEA) which “made the theft or misappropriation of trade secrets a federal crime” (Burke et al, 2004). This act was passed in response to growing complaints about corporate trade secrets being stolen or misused and successfully created a strong precedent that legally protected the intellectual property of American businesses. The EEA was further amended in 2016 by the Defend Trade Secrets Act of (DTSA) which provided a federal civil cause of action for the misappropriation of trade secrets (Marrs & Rodgers, 2005). This major piece of legislation allowed companies to pursue civil charges in federal court for the theft of trade secrets making corporations less inclined to commit espionage and giving them more power on the backend to help punish and prevent future espionage that could harm their company. On the political front, government agencies like the CIA have been hyper aware of foreign governments and powers stealing U.S intellectual property, industry secrets, classified documents, and anything else that may benefit that government’s national interest. For example, the Foreign Intelligence Surveillance Act (FISA) of 1978 is defined as establishing procedures for the physical and electronic surveillance of foreign powers and agents within the United States (National Counterintelligence and Security Center, 2018). This act applies in particular to U.S counterintelligence and the power U.S agents have to stop foreign spies or threats from stealing valuable information. Furthermore, the Patriot Act, enacted in the wake of the September 11 terrorist attacks, expanded the government’s surveillance and intelligence-gathering powers, including “provisions related to the monitoring of electronic communications” (National Counterintelligence and Security Center, 2018). The Patriot Act has been controversial for its potential infringement on civil liberties and privacy rights but has set precedent on how U.S intelligence and counterintelligence operates when dealing with foreign threats: both violent & nonviolent. While this legislation is extensive and has created major change in the ways the United States handles espionage, it fails to account for the rise of the digital revolution and ransomware and has created ways where corporations can trap or exploit employees for the sake of “preventing corporate espionage” (Burke et. al, 2004). The outdated nature of the laws and regulations presented above is evident simply by the majority of legislation being passed in the 1990s and early 2000s.

Corporate and Government Legal Countermeasures to Espionage

Unlike in previous decades, companies and governments now understand the major threat of espionage in today’s society. Because of this understanding certain universal preventative countermeasures have begun to be implemented in an effort to stop espionage from occurring in the first place. These corporate countermeasures include, “(1)nondisclosure/noncompete agreements (2) the screening of employees through the use of background checks… and (3) workplace monitoring of employees” (Burke et. al, 2004). Meanwhile, legal countermeasures on the part of the governments around the world frequently entail the implementation of legislation addressing espionage such as the implementation of Foreign Agents Registration Act and the Economic Espionage Act in the United States. While legislation varies country to country, the core principles regarding the property rights and values of a government’s country remain largely the same. In order to counteract targeted espionage from other nations, governments use diplomatic measures such as imposing penalties and applying diplomatic pressure on the offending countries. In addition, all world governments utilize law enforcement and intelligence organizations and agencies to look into, monitor, and prosecute people and organizations that spy on a government and its national interests.

The Issue with Non-Compete & Non Disclosure Agreements.

While Non-Compete & Non Disclosure Agreements do have clear benefits like “clarifying employee responsibilities regarding the safeguarding of trade secrets and providing a contractual basis for enforcing and recovering damages,” in the case of an employee illegally disclosing corporate trade secrets (Marrs & Rodgers, 2005). Non-disclosures and non-competes bring an ethical issue into question: do employees being contractually limited by these agreements create an unfair competitive advantage for a company and prevent creative thought in society as a whole? These agreements frequently obstruct the free flow of talent and information by prohibiting an individual’s capacity to work in their chosen area or share their expertise and ideas with others. In simple terms, non-compete and non-disclosure agreements have the ability to create obstacles for new companies which could lessen competition between businesses, limit innovation, and possibly result in monopoly-like behavior. Non-compete clauses can also restrict job prospects and upward mobility for workers which may hamper career advancement for employees (Brown, 2011). Employees should be allowed to speak their mind and use their own knowledge for the benefit of another company even if they end up leaving the company they’ve signed a non compete or disclosure with. Therefore, there needs to be legislation implemented with the goal of preventing non-disclosure and non compete clauses from interfering with the flow of talent and information within corporations.

U.S Intelligence’s Stances on Espionage from Foreign Governments

In a recent economic espionage report, the Central Intelligence Agency has noted the three greatest intelligence threats to the United States as China, Russia and Iran. Logically, political enemies will be the most inclined to target U.S based intelligence and trade secrets. The report also acknowledges the threats in cyberspace: “Next-generation technologies such as Artificial Intelligence (AI) and the Internet-of-Things (IoT) will introduce new vulnerabilities to U.S. networks” (National Counterintelligence and Security Center, 2018). Furthemore, the report discussed how major U.S sectors like alternative energy, biotechnology, and defense technology are under attack which once again illustrates the pressing importance of strengthened espionage legislation. Foreign threats are continually attempting to steal U.S intelligence within the aforementioned sectors through the application of new and improved import, national security, and cyber regulations in other nations which puts U.S. technology and confidential data in greater danger. For instance, China and Russia implemented rules that benefited their domestic businesses in 2017 at the expense of American businesses possibly granting their corporations access to sensitive U.S intellectual property (Federal Bureau of Investigation, 2015). The U.S government is clearly acknowledging that the digital age is here to stay and with that legislation both national and international regarding espionage in the cyberspace world needs to be created to dissuade and punish nations for engaging in such detestable activities.

Real World Examples of Modern Day Espionage Legislation

Formula One (F1) Racing. Formula One racing is the crown jewel of motorsports, featuring the world’s fastest cars and most skilled drivers competing in exciting, high-speed races on different race tracks around the world. F1 is a well-respected sport with growing popularity in both the United States and around the world. A massive aspect of F1 “is to constantly fine-tune the cars to lead the automotive industry all the way to the cutting edge of engineering and design” (Lakhani, 2018). Upgrading the race cars is important because unlike other sports where teams have to compete with the same equipment like in basketball, soccer, or even NASCAR, the ability of the car’s design impacts who will go faster in a race. Thus, better technology is always coveted by those that don’t have it because that technology could lead to more success on the race course and in turn a lot more money for a particular team. The most well-known espionage story came in 2007 and involved two of F1’s biggest teams: Ferrari & McLaren, where McClaren had to pay over $100 million in fines after an extensive and publicized legal battle where it was found the chief car engineer of McClaren was caught stealing design plans from, at the time, the superior Ferrari cars (Lakhani, 2018). There are Formula One fans and experts who think that there should be some sort of patent system to prevent teams from stealing other opponents’ technology; however, patents are well known for taking time and the technology in race cars is constantly being tweaked and evolving, so by the time a patent is issued for a piece of technology that equipment may have already become obsolete by that point. The scandal that occurred in F1 is an interesting real world example of why espionage laws both in the United States and internationally need to be legally punishable both civilly and criminally with some sort of precedent needing to be set.

The FBI’s Company Man Campaign. Another example of espionage comes in the FBI’s national awareness campaign called “The Company Man” which works to inform U.S businesses of the dangers of foreign espionage threats in particular (Federal Bureau of Investigation, 2015). The campaign cites a clear example of espionage as its “face case” of the harms of foreign eavesdropping: a group of Chinese Men working to steal insulating materials for the construction of buildings. The theft was in response to a series of building fires that occurred in China due to faulty building materials and lack of companies in China that could mass produce the materials (Federal Bureau of Investigation, 2015). So China decided to give government funding to anyone who could provide them the technology needed, and for two unidentified Chinese men, the technology needed was procured by infiltrating a U.S manufacturing plant to steal the trade secrets needed. While the Chinese government didn’t directly steal the technology, they helped fund those who did and didn’t care that the technology was unethically stolen. “The Company Man” case illustrates the need for international cooperation and treaties on the matter of criminalizing espionage around the world to mitigate conflict and promote fair competition around the world.

The Growing Worries of Cybersecurity and Cyber-Espionage

What is Cyber-Espionage and Why is it dangerous

Cyber attacks are defined as “attacks directed at a specific person or organization rather than at random victims (and) are considered dangerous” and are often long-term threats that can be difficult to uncover and address because of the digital nature of the attacks (Arief et. al, 2019). Cybersecurity tends to be used as a synonym for information systems security which encompasses the range of technologies and services used for security, including identity and access management, breach incident response, and the protection of technology infrastructure such as networks, routers, email and web servers. The growing threat of cybersecurity is frightening with statistics indicating that “In 2011 alone, an estimated 71 million people in the United States were victims of cyberattacks… costing $21 billion in damages” (Arief et. al, 2019). Cyberattack hazards have the potential to have a major negative impact on a company’s reputation and brand, in addition to other potentially serious repercussions. Common cyberattack repercussions consist of higher expenditures for cybersecurity protection of personnel, procedures, and technologies to improve information security within the company; lost income from improper use of confidential data or inability to draw in new business. Because of these threats and the increased usage of cyberspace when storing and working with confidential information, it is necessary to adopt appropriate legislation to combat espionage within the confines of cyberspace.

Importance of the Upper Level Executives Addressing Cyber Security Threats. When cybersecurity is not a priority on the board agenda, companies expose themselves to greater cyber risk and potential revenue losses and reputational damage. Take, for example, former Uber CSO Joseph Sullivan: “a jury found Sullivan guilty of criminal obstruction following a 2016 Uber data breach where…57 million digital records were (leaked),” and many of the records possessed sensitive customer data” (Shikiar, 2023). This example illustrates how companies need to focus on cyber-security starting with the executives and board of directors because those are the people who set the tone and dictate the actions for the corporation as a whole.

Ransomware

What is Ransomware? Ransomware, a type of harmful malware, is a dangerous threat since it targets data with two intentions in mind: “rendering that data permanently inaccessible or threatening further disclosure unless a ransom is paid” (Lubin, 2022). Ransomware can spread through a variety of channels, including hacked mobile apps, infiltrated websites, and contaminated email attachments. Recently, there have been a great deal of attacks using “remote desktop protocol… that do[es] not rely on any form of user interaction” (Shikiar, 2023). Since cryptocurrencies are less regulated and more difficult to police with the current anti money laundering regulations, the hackers usually demand payments in cryptocurrency. And while a handful of states have adopted legislation that criminalizes aspects of ransomware, there is a lack of consistency within this legislation around ransomware that needs to be addressed within U.S law.

Ransomware Impact Facts & Statistics. Ransomware attacks reached a staggering number, between twenty thousand and thirty thousand per day in the United States alone, meaning that “a ransomware attack occurs every eleven seconds.” Attacks also have major negative financial implications with “costs associated with ransomware recovery exceed(ing) $20 billion” in 2021 (Bissell, 2013).

The Future of Espionage Legislation & How it Can Improve

How U.S Employee Contracts should deal with ethical Issues and Still Prevent Espionage

Referring back to employee non-disclosure and non-compete agreements, which are widely utilized in the corporate world, it is clear that these agreements can prevent employees from using their knowledge to contribute to the innovation of society within the United States. Therefore, within the U.S there needs to be clear restrictions placed on how extreme these non-compete and non-disclosure agreements should be. In particular, when employees utilize the knowledge that they’ve discovered and built up at one company for another company’s benefit because it is unethical to try to monopolize the information located within an employee’s head, especially if that information can help drive society in a positive direction. Another option could involve employees consenting to non-compete and non-disclosure agreements in exchange for fair salary or other advantages (Burke et al, 2004). This trade-off between employee and corporation can assist in resolving moral dilemmas of limiting future career prospects for workers while upholding the employer’s rights.

Importance of Legislation consistency between U.S states regarding Corporate Espionage

Legislation that is consistent guarantees that state laws pertaining to corporate espionage are applied equally. Consistent laws guarantee that businesses operating in different states are held to the same legal requirements and helps avoid jurisdictional disparities. Additionally, legislative irregularities can lead to “gaps and contradictions that facilitate corporate espionage offenders’ ability to avoid discovery and legal action” (Brown, 2011). Laws that are consistent create unambiguous and foreseeable penalties for breaking the law, which serves to dissuade corporations from future espionage. A key aspect of consistent U.S espionage legislation is making sure that espionage is both criminally and civilly punishable because of the increased risks it creates for those willing to commit espionage. Consistency in legislation helps to create “(a more) stable and predictable business environment, which fosters confidence among businesses and investors” (Marrs & Rodgers, 2005). In the capitalist United States, this quality is extremely valuable as the business environment has massive effects on the quality of life of everyday citizens. When companies can rely on consistent legal frameworks across states, they are more likely to invest in research and development and share sensitive information with partners and collaborators. States having the same legislative procedures and punishments regarding espionage is a must and depends on congressional and presidential protections and legislation being approved by the federal bureaucracy.

Importance of Global Agreement on Limiting Espionage Internationally

In the international world, it is important that there be global agreements regarding the legislation relating to espionage for political gain. First and foremost, the observation and monitoring of people’s communications and actions may be a part of foreign espionage operations, which may violate their privacy and human rights. International treaties have the power to create measures that guarantee people’s rights and make sure espionage operations follow human rights norms and international law. In international relations and trade, espionage by one nation against another can lead to unequal playing fields. For instance, “International agreements to restrict espionage can aid in the development of common guidelines and standards to guarantee fair competition” (Burke et. al, 2004). These agreements would help stop more powerful nations like China, Russia, or even the United States from unfairly benefiting from unethical tactics. Espionage actions have the potential to “erode peace and stability by igniting international conflict and mistrust, especially when they are carried out with the intention of obtaining military or strategic intelligence” (Lubin, 2022). Limiting espionage agreements can help foster mutual trust and lower tensions especially between countries who are political rivals since most likely a country’s rivals are who that country is spying on. These reasons above prove the definitive need for decisive international agreements regarding espionage that would likely be implemented by the United Nations as a neutral world body.

Future Legislation & Etiquette Surrounding Cyberspace & Ransomware

Emails and corporate employees are easier to target than in-person factories and real life human beings, which is why a new U.S and international awareness campaign needs to be introduced focusing on the dangers of ransomware. Similarly, to the FBI’s Company Man awareness campaign, the campaign combating ransomware would be easy to understand, and force companies around the world to feel obligated to update their security and counterintelligence protocols (FBI, 2015). Another key factor in combating cybersecurity threats is establishing committees both nationally in the United States and internationally within the United Nations in order to determine cyber security legislation based on the changing technology within the world. These committees should be composed of “cybersecurity experts who help advise select groups of people in a sort of representative democratic system, helping to benefit everyone” (Bissell, 2013). It is also evident that the digital age is constantly evolving with the newest shift in technology being the introduction of artificial intelligence into general society which will mean that AI will also eventually be utilized in the espionage world. Thus, having the committees mentioned above present, review, and update cybersecurity legislation at least every five years to stay up to date with new developments in technology and growing threats. This committee could help put procedures in place for continuously evaluating cybersecurity threats, get input from industry participants who have experience with espionage, and modify legal frameworks surrounding espionage as necessary. Another important aspect of helping prevent cyberespionage is to encourage cooperation between governmental, law enforcement, and commercial organizations to exchange threat information, plan incident response actions, and create collaborative projects to fortify cybersecurity defenses.

Next Steps

Further action that needs to be taken includes more case studies involving corporate espionage outside of the United States to account for varying international perspectives. The other main aspect about espionage that needs to be further discussed is the implementation of legal precedent cases for espionage in both domestic and international courts. Most major legislation is related to some kind of legal case that sets a precedent. Researching the implementation of legal precedent cases is not only beneficial but necessary in implementing positive ethical change and long-lasting corporate safety.

References

Arief, B., Hull, G., & John, H. (2019). Ransomware deployment methods and analysis: views from a predictive model and human responses. Crime Science, 8(1). https://link-gale-com.proxy.chandlerlibrary.org/apps/doc/A573937206/AONE?u=chandle r_main&sid=bookmark-AONE&xid=3b0ef364

Bissell, K. (2013, March). A strategic approach to cybersecurity: as cybercrime grows faster than companies can defend against, it’s time for a serious discussion on cybersecurity. Financial Executive, 29(2), 36+. https://link-gale-com.proxy.chandlerlibrary.org/apps/doc/AONE?u=chandler_main&sid= bookmark-A ONE xid=06e62a1a

Brown, A. (2011). The Grey Line: Modern Corporate Espionage & Counter Intelligence (1st ed.). Amur Strategic Research Group.

Burke, D., DiLullo, S., & Fitzpatrick, W. (2004). Trade secret piracy and protection: corporate espionage, corporate security and the law. Advances in Competitiveness Research, https://link-gale-com.proxy.chandlerlibrary.org/apps/doc/A129459327/AONE?u=chandle r_main&sid=bookmark-AONE&xid=a37535cb

Federal Bureau of Investigation (FBI). (2015, July 23). Economic espionage: FBI Launches Awareness campaign. FBI. https://www.fbi.gov/news/stories/economic-espionage

Lakhani, S. (2018). TRADE SECRETS AND INDUSTRIAL ESPIONAGE IN FORMULA ONE MOTORSPORTS. Denver Journal of International Law and Policy, 46(3), 223+. https://link-gale-com.proxy.chandlerlibrary.org/apps/doc/A548230601/AONE?u=chandle r_main&sid=bookmark-A ONE xid=85b5a64f

Lubin, A. (2022). The Law and Politics of Ransomware. Vanderbilt Journal of Transnational Law, 55(5), 1177+. https://link-gale-com.proxy.chandlerlibrary.org/apps/doc/A730839958/AONE?u=chandler_main&sid=bookmark-A ONE xid=101898c7

Marrs, S. & Rodgers, G. (2005). Protecting your company’s crown jewels: what every corporate counsel should know about trade secrets and corporate espionage. IP Litigator, https://link-gale-com.proxy.chandlerlibrary.org/apps/doc/A131605702/AONE?u=chandle r_main&sid=bookmark-A ONE xid=d8436483

National Counterintelligence and Security Center. (2018). Foreign economic espionage in Cyberspace. (n.d.). Office of the Director of National Intelligence, https://www.dni.gov/files/NCSC/documents/news/2018072-economic-espionage-pub.pdf

Shikiar, A. (2023). CYBERSECURITY: Starts with the Board & C-Suite: The protection of information must become part of a company’s culture from the top down. Directors & Boards, 48(1), 27+. https://link-gale-com.proxy.chandlerlibrary.org/apps/doc/A775733080/AONE?u=chandler_ main&sid=bookmark-AONE&xid=c7071abc

---