Jim Pooley was recently interviewed as a guest on the Understanding IP Matters podcast about how companies are increasingly using trade secrets as the basis for competitive advantage. Jim spoke about the value of trade secrets, how they differ from patents, and what companies should do to protect their trade secrets.
You can listen to the full podcast episode below:
The World Trade Organization last week approved a deal to loosen intellectual property protections that many policy professionals say will shatter investment and innovation incentives for drugmakers to meet the needs of major health crises. The deal was a blow to vaccine makers such as Pfizer Inc. and Moderna Inc., which fought to keep the current framework that enabled them to produce life-saving vaccines in record time.
“Anyone with a stake in preventing or responding to future crises should be concerned about the negative effect of this agreement,” said James Pooley, a former deputy director general at the United Nation’s World Intellectual Property Organization.
The IP waiver comes after nearly two years of debate and at a time when initial catalysts for a plan to spur vaccine access and production capabilities have largely been addressed—leaving many in the IP and drug spaces skeptical of the goals of the agreement beyond political gain.
“It delivers the worst possible result: coming at a time when there is an oversupply of vaccines, it is irrelevant to the current crisis; and by reducing the reliability and predictability of patent protection it makes it much harder to secure private investment in the research required to deal with the next global health crisis,” Pooley said.
The waiver indicates that patent rights include ingredients and processes necessary for the manufacture of the vaccine. Were that interpreted to include trade secrets, it could scare off investment capital, Pooley said.
The current US Congress is still in its early days but if the first few months are anything to go by we can expect plenty of discussion and proposed legislation on the subject of IP theft and specifically on protecting their trade secrets.
Last week, Senators Grassley and Whitehouse issued the Stop Theft of Intellectual Property Act 2021. If enacted, this would see foreign nationals who engage in IP theft facing potential deportation from the US.
Another proposed bill comes from Senator Graham. He put out a news release last month about his introduction of “The Combating Chinese Purloining (CCP) of Trade Secrets Act”. Among other things, the bill would include “prohibition on applications for patent protections by US Patent and Trademark office” for foreign persons who misappropriate a trade secret.
“My legislation is designed to deter behavior, much of it from China, that results in the loss of trade secrets, intellectual property, and sensitive government research,” Graham announced.
Senators Van Hollen and Sasse have also had their say with their “Protecting American Intellectual Property Act”, which passed the Senate late last year and, last month, was reintroduced in the new Congress. That proposes levying economic penalties on companies or individuals who have been found to have engaged in the theft of US IP.
Whether any of these bills actually become law remains to be seen. It has only been five years since the Defend Trade Secrets Act (DTSA) was passed, handing rights owners a powerful new route to bring cases under federal law. There hasn’t been an indication yet that
this legislation hasn’t given US authorities enough powers to tackle the problem of IP theft - a message that trade secrets expert Jim Pooley reiterated in a recent interview with IAM.
“These [bills] were not generated from a sense of concern that trade secrets in general are not being sufficiently supported or that the DTSA is not working or that prosecutions under the Economic Espionage Act are somehow not hitting the mark,” Pooley remarked.
Perhaps not surprisingly, Pooley stressed that what had changed the dynamic are the geopolitical tensions between the US and the world’s most populous country. “China was a concern five years ago, now it’s an almost rabid concern on the part of a number of politicians for good reasons and not so good, in my view,” Pooley said.
“I think the elevated concern over China is largely justified but that part is more performative - that you want to be seen to be tough on China - and this is what has me worried because of the unintended consequences,” Pooley commented.
The danger, should some of the proposed legislations’ more radical ideas become law, is that it will prompt a tit-for-tat response.
“Whenever you take measures that are designed to punish and discourage behavior by a foreign country or coming from a foreign country, what you risk is that that country or other countries will enact similar legislation of their own,” Pooley stressed.
In recent years legislators on Capitol Hill have been making ever more radical suggestions around how the US could use the IP system to get tough on China’s leading tech players. In 2019 Senator Rubio even floated the idea of preventing Huawei from seeking damages in patent litigation after it emerged that the Chinese tech giant had asked Verizon to pay $1 billion in licensing royalties.
Graham’s proposal that transgressors should be prohibited from filing for US patents might raise alarm about a similarly harsh response affecting the legions of US companies that have significantly increased their Chinese patent portfolios in recent years. That may not be an appealing prospect for a business like Qualcomm which makes a huge chunk of its revenue from device makers in China.
The risk, Pooley underlined, is that ideas around a balanced playing field and rights owners being given due process in overseas courts, which have traditionally underpinned US policy, might be undermined if the US pursues lopsided measures.
“We want our companies that are engaged in litigation in China to be treated appropriately but what we’re risking here is that by putting up these kinds of barriers without due process we’re basically sending a contrary message,” he stated.
Pooley, who was a key voice in the passage of the DTSA, underlined that the legislation was working largely as was hoped when it was enacted in 2016. He pointed to the large number of trade secrets cases now being filed in federal courts and to developments in the case law such as the decision in Motorola v Hytera, which found that the DTSA could apply to IP theft outside of the US.
“At the moment we don’t need to fix the existing tool in some way to make it more effective,” Pooley insisted. “What I do think we need to do is, a little more broadly speaking around intellectual property, come up with a national strategy for innovation that will increase our competitiveness in a way that hoping additional blocking or punishment mechanisms might not.”
Pooley stressed that he is happy to see a focus on strengthening IP rights, particularly in trade secrets, but added that: “At the same time I worry that the long-term effects of these kinds of proposals may not be what we really want.”
James Pooley, member of the Center for Intellectual Property Understanding and former deputy director general of the World Intellectual Property Organization, understands the full seriousness of cyberespionage.
Pooley agrees that COVID has created a riskier environment because employees are away from their usual offices. But the problem is not entirely current, he notes, explaining that a new risk environment emerged in the last 15 to 20 years, as we moved into an information-based economy, where the asset base shifted from tangibles to intangibles.
In addition, “the imperatives for sharing information and trusting other people went up like crazy because of globalisation”, he says. Supply chains have become longer and more complex, as companies shifted to vendors abroad and therefore have to manage their operations at a distance.
During the early-1970s, “all that a company needed to do to protect its information assets was to guard the photocopier and watch who went in and out the front door, because there were no networks, no internet and records were stored on paper”, says Pooley. But, over the last decades, digitalisation coupled with globalisation has changed the playing field. Some of the most valuable assets have become intangible, opening up a whole new world to hackers.
So how does sensitive data end up in the wrong hands? Pooley argues that swathes of valuable information is lost because of employee inadvertence. In rough numbers, he says, “some 80 to 85 per cent of information loss occurs through employees, as opposed to hackers worming their way in from outside”. While organisations can spend effort and money on secure IT infrastructure, they neglect employee behaviour at their peril.
“I see it over and over again,” says Pooley. “I get hired as an expert to critique the protection systems for companies in litigation over trade secrets, because they have to prove they took reasonable steps to prevent the things from happening.” What he sees is companies neglect to train their employees on how to identify and handle confidential data.
Meanwhile, hackers look for the weakest link in a company’s information chain, for instance when employees use the public wifi of a restaurant near their office for work purposes. He mentions the 2014 hack of Target, when the company’s heating and air conditioning contractor was used as an entry point by hackers, who exploited the vendor’s weaker system to gain access to the Target system.
“It's just astonishing to me that more companies don't pay better attention to these issues, but there we are,” says Pooley. “Maybe I'm a Cassandra, but remember, Cassandra was right.”
How can companies train their employees to be more vigilant? “Preventing bad behaviour is usually about awareness, because people want to do the right thing and they want their jobs to be preserved,” he says.
When Pooley advises companies, he begins with a high-level strategic examination of what the company’s most important information assets are, what risks or vulnerabilities they face and what mechanisms there are to reduce these risks.
“Being really attentive to where the risk points are will alert you to pay special attention to areas that are likely to be used as points of entry,” he says. Companies need to set up policies and procedures to ensure their IP is protected and training employees is a big part of that.
“I worked with one company that built a consumer product primarily manufactured in China, so there were obvious leakage risks connected to that.” As they went through the process of developing a comprehensive system to protect their IP, Pooley asked for all the senior managers of the company to get together in one room to discuss the matter. Even though this was not easy to arrange, he insisted.
Once all senior managers came together, including the supply chain managers who talked about issues they experienced directly, sharing information triggered insights for managers across the board.
“‘Wait a minute, I don't think I've ever really looked at the non-disclosure agreement that we have with company x and when it expires.’ All of a sudden, they're seeing vulnerabilities, where they hadn't really thought about them before,” says Pooley. “No one expected the specialty arm of the organisation that dealt with all these companies in China would have something to say to the other business units, but vulnerabilities can overlap.”
Are silos and inefficient communication partly to blame for companies’ vulnerability when it comes to countering cyberthreats? Pooley argues organisations need to confront the fact that separate units within their business may have set up unnecessary walls. In reality, information flows and risks are usually shared across the business.
Part of the solution could be found through automation, he says, because automation includes behavioural analytics and insight tools that help companies monitor what exactly it is employees do on their platforms. However, using these tools always has to be balanced with individuals’ expectations of privacy.
Pooley concludes: “The message that I often give is cyberespionage is scary and ugly, and we need to do everything we can to prevent it and deal with it. But if we're not managing our employees in a smart way, it's almost like we’ve left a couple of doors open.”