Investigating the Theft of Trade Secrets

What do you do when the general counsel of your hedge fund client tells you an employee appears to have stolen the proprietary software the fund uses to invest billions of dollars, and the company's future hinges on making sure the software doesn't fall into the wrong hands? Very quickly, you need to make a series of critical decisions, often with imperfect information. Here's a way to structure the decision-making process:

What Else Is at Immediate Risk?

Do a rapid assessment as to whether other information critical to the client is at immediate risk. Is the crime still in progress? Is there an electronic back door that needs to be nailed shut instantly? And will slamming that door shut alert the wrongdoer? How much time do you have to gather data and make decisions? Typically, you must begin making decisions within hours.

Control the Dissemination of Information Within the Company

You're embarking on a high-speed investigation to advise your client on high-stakes decisions. But you must also control the spread of information. Take care in deciding whom to interview and whom within the company to enlist for help. Asking employees questions always, always causes them to gossip, no matter how many stern warnings they receive. And if the suspect gets wind of your interest, the investigation and your client will be harmed.

What Is Missing?

Understand precisely what was taken. You, as counsel, will be called on to explain to generalists (courts or prosecutors) how this sophisticated piece of code works, and why it is enormously valuable. Ensure that the employees who are assisting you are being precise. Anxiety and the speed with which decisions must be made may lead the victim to overestimate how much was taken and how vital it is. Consider hiring outside computer experts to corroborate what you are being told.

How Was It Taken?

How was it taken? Most firms now have some kind of electronic trip-wires in their systems. It is often an alarm from that system that has caused you to be summoned. Understand precisely what the electronic audit trail tells you and, more importantly, what it does not. Does the method for taking material out of the firm suggest bad motive? Were safety measures bypassed or steps taken to elude detection? Invariably, there will be a missing evidentiary link that your investigation needs to supply. Make sure you understand all the different places that electronic evidence may be maintained, and that nothing you need gets inadvertently recycled.

Investigate the Thief

What do you know about the thief? If the perpetrator is still an employee, you have more investigative options. Whatever the employee's status, learn as much as you can about him or her without word spreading. Are there financial problems, health or family issues, behavioral changes, signs of dissatisfaction, or rumors of a job change? Review the employee's personnel file, and do a fast electronic background check. Prepare to launch proactive steps such as physical surveillance. (You may decide against them, but you won't have the option when you need it unless you plan now.) If the employee has overseas contacts, make sure your investigative firm has capabilities in that country. Is it a country where the government finances industrial espionage? See Recent Espionage Cases Involving China, Washington Post, April 3, 2008.

Decide Whom to Contact

Do you contact the authorities? If you conclude that the employee has committed a larceny (rather than making an innocent mistake), you must decide whether to take the case to the authorities. There may be cases where law enforcement is the only practical way to prevent the further dissemination of the stolen materials.

Stealing intellectual property violates both state and federal laws. Law enforcement has investigative powers that are unavailable to any private party, including obtaining warrants to search private computers, e-mail accounts, and residences. These tools can be essential to learning the final destination of your property. Once persuaded of the importance of a case, law enforcement may act with astonishing speed.

However, once you inform law enforcement, you've lost control of the case. Your client must fully understand and accept this loss of control. A prosecution is not a civil matter. It is the government, not the victim, who decides whether to go forward. And if the case goes forward, there will be publicity, a former employee may go to prison, and the client's computer program and business strategy may become the subject of public criminal proceedings. You must also fully evaluate whether the client, itself, has any exposure, either legally or reputationally. Also, consider the effect that a referral will have on other employees. Bringing in law enforcement is probably irreversible, and it may be the wrong decision.

Where Do You Go?

Both federal and state prosecutors have jurisdiction over the theft of intellectual property. Many law firms appear to have a bias for federal prosecutors. We have found that state offices (particularly the District Attorney of New York County) will act with breathtaking speed when faced with a compelling case, and have acted with discretion in terms of the media.

Interview the Faithless Employee

One advantage you have is access to the employee and his company records, including e-mails and computers. You may also have the benefit of surprise. Pull the documents together quickly and discretely, along with the client's rules about trade secrets and any confidentiality agreements. If you have engaged with law enforcement, you should plan the interview so that it does not interfere with any official investigation. Otherwise, do it when you have the necessary information in hand and after you have mapped out the employment steps. Consider tape recording the interview, and plan to have a non-lawyer present to serve as a witness in any later proceeding. Make sure to warn the employee that you represent the company, not him. See DR 5-109; Upjohn v. United States, 449 U.S. 383 (1981). A failure to be clear about your ethical obligations can cause incalculable problems. See In re Grand Jury Subpoena, 415 F.3d 333, 340 (4th Cir. 2005). Consider putting the employee under surveillance after the interview to see whom he contacts. Often, an employee will admit taking the materials, but maintain that he did so to study them to become a better employee, to be able to respond to work emergencies from home, or some other improbable but innocent reason. Before the interview, find out whether ' given what was taken and how ' any of these anticipated excuses could be true.

Civil Options

If an employee was willing to violate state and federal criminal laws in the first place, then a civil injunction is unlikely to add protection. Injunctions can, however, have a profound effect on the entity that received the stolen property.

Post-Mortem

At the end, evaluate how the firm's systems reacted. Was the theft promptly detected or does the firm need new systems? Are there proper technological safeguards in place that make it difficult to remove intellectual property from the firm? Are the firm's policies about the handling of confidential material clear and sufficient, and are necessary confidentiality agreements on file? Are managers sensitive to signs of employee dissatisfaction? Are there issues with the firm's culture that need to be addressed? Perhaps most important, are there lessons to be learned about hiring? The ability to perform background checks and psychologically screen prospective hires is more advanced today than every before.

Conclusion

Your client will be called on to make a series of quick decisions, with imperfect information, in a volatile situation, and in the grip of a searing sense of betrayal. Potential harm lurks everywhere ' financial harm through further loss or dissemination of IP, damage to reputation, harm to employee morale, and entanglement in the uncontrollable world of the criminal justice. The objectives of protecting the victim's trade secrets while enabling the government to do its job can be difficult to reconcile, requiring a skillful performance of lawyers' ballet.

Stanley S. Arkin ([email protected]), a member of this newsletter's Board of Editors, is senior partner at New York's Arkin Kaplan Rice LLP. Peter B. Pope is a partner at the firm and was Chief of the New York State Attorney General's Criminal Division from 2000 to 2006. Barrett N. Prinz is an associate.

A dangerous fact of life in today's financial firms is the threat of high-tech espionage, particularly theft of intellectual property by employees. Firms spend millions of dollars developing software that gives them an edge in the marketplace. But however carefully the computer code is protected, there are always employees who need access to update, run and maintain it. And because electronic data is so easy to copy and transport, these binary crown jewels can be stolen with the click of a mouse.

The public got a glimpse of this in the recent federal arrest of a former employee of Goldman Sachs. One of Goldman's programmers allegedly stole the firm's “black box” ' the computer code Goldman used to engage in “sophisticated high-speed and high-volume trades.” U.S. v. Aleynikov, No. 09-MJ-01553 (S.D.N.Y.). The criminal complaint against Aleynikov alleged that he began unlawfully downloading Goldman's computer code as early as June 1, 2009; he was arrested on July 3. The press reported that, sometime during that month, Aleynikov transferred the stolen data to computer servers in Germany. Arrest Over Trading Software Illuminates a Secret of Wall St., Aug., 24, 2009, NY Times, p. A1.

What to Do

What do you do when the general counsel of your hedge fund client tells you an employee appears to have stolen the proprietary software the fund uses to invest billions of dollars, and the company's future hinges on making sure the software doesn't fall into the wrong hands? Very quickly, you need to make a series of critical decisions, often with imperfect information. Here's a way to structure the decision-making process:

What Else Is at Immediate Risk?

Do a rapid assessment as to whether other information critical to the client is at immediate risk. Is the crime still in progress? Is there an electronic back door that needs to be nailed shut instantly? And will slamming that door shut alert the wrongdoer? How much time do you have to gather data and make decisions? Typically, you must begin making decisions within hours.

Control the Dissemination of Information Within the Company

You're embarking on a high-speed investigation to advise your client on high-stakes decisions. But you must also control the spread of information. Take care in deciding whom to interview and whom within the company to enlist for help. Asking employees questions always, always causes them to gossip, no matter how many stern warnings they receive. And if the suspect gets wind of your interest, the investigation and your client will be harmed.

What Is Missing?

Understand precisely what was taken. You, as counsel, will be called on to explain to generalists (courts or prosecutors) how this sophisticated piece of code works, and why it is enormously valuable. Ensure that the employees who are assisting you are being precise. Anxiety and the speed with which decisions must be made may lead the victim to overestimate how much was taken and how vital it is. Consider hiring outside computer experts to corroborate what you are being told.

How Was It Taken?

How was it taken? Most firms now have some kind of electronic trip-wires in their systems. It is often an alarm from that system that has caused you to be summoned. Understand precisely what the electronic audit trail tells you and, more importantly, what it does not. Does the method for taking material out of the firm suggest bad motive? Were safety measures bypassed or steps taken to elude detection? Invariably, there will be a missing evidentiary link that your investigation needs to supply. Make sure you understand all the different places that electronic evidence may be maintained, and that nothing you need gets inadvertently recycled.

Investigate the Thief

What do you know about the thief? If the perpetrator is still an employee, you have more investigative options. Whatever the employee's status, learn as much as you can about him or her without word spreading. Are there financial problems, health or family issues, behavioral changes, signs of dissatisfaction, or rumors of a job change? Review the employee's personnel file, and do a fast electronic background check. Prepare to launch proactive steps such as physical surveillance. (You may decide against them, but you won't have the option when you need it unless you plan now.) If the employee has overseas contacts, make sure your investigative firm has capabilities in that country. Is it a country where the government finances industrial espionage? See Recent Espionage Cases Involving China, Washington Post, April 3, 2008.

Decide Whom to Contact

Do you contact the authorities? If you conclude that the employee has committed a larceny (rather than making an innocent mistake), you must decide whether to take the case to the authorities. There may be cases where law enforcement is the only practical way to prevent the further dissemination of the stolen materials.

Stealing intellectual property violates both state and federal laws. Law enforcement has investigative powers that are unavailable to any private party, including obtaining warrants to search private computers, e-mail accounts, and residences. These tools can be essential to learning the final destination of your property. Once persuaded of the importance of a case, law enforcement may act with astonishing speed.

However, once you inform law enforcement, you've lost control of the case. Your client must fully understand and accept this loss of control. A prosecution is not a civil matter. It is the government, not the victim, who decides whether to go forward. And if the case goes forward, there will be publicity, a former employee may go to prison, and the client's computer program and business strategy may become the subject of public criminal proceedings. You must also fully evaluate whether the client, itself, has any exposure, either legally or reputationally. Also, consider the effect that a referral will have on other employees. Bringing in law enforcement is probably irreversible, and it may be the wrong decision.

Where Do You Go?

Both federal and state prosecutors have jurisdiction over the theft of intellectual property. Many law firms appear to have a bias for federal prosecutors. We have found that state offices (particularly the District Attorney of New York County) will act with breathtaking speed when faced with a compelling case, and have acted with discretion in terms of the media.

Interview the Faithless Employee

One advantage you have is access to the employee and his company records, including e-mails and computers. You may also have the benefit of surprise. Pull the documents together quickly and discretely, along with the client's rules about trade secrets and any confidentiality agreements. If you have engaged with law enforcement, you should plan the interview so that it does not interfere with any official investigation. Otherwise, do it when you have the necessary information in hand and after you have mapped out the employment steps. Consider tape recording the interview, and plan to have a non-lawyer present to serve as a witness in any later proceeding. Make sure to warn the employee that you represent the company, not him. See DR 5-109; Upjohn v. United States , 449 U.S. 383 (1981). A failure to be clear about your ethical obligations can cause incalculable problems. See In re Grand Jury Subpoena, 415 F.3d 333, 340 (4th Cir. 2005). Consider putting the employee under surveillance after the interview to see whom he contacts. Often, an employee will admit taking the materials, but maintain that he did so to study them to become a better employee, to be able to respond to work emergencies from home, or some other improbable but innocent reason. Before the interview, find out whether ' given what was taken and how ' any of these anticipated excuses could be true.

Civil Options

If an employee was willing to violate state and federal criminal laws in the first place, then a civil injunction is unlikely to add protection. Injunctions can, however, have a profound effect on the entity that received the stolen property.

Post-Mortem

At the end, evaluate how the firm's systems reacted. Was the theft promptly detected or does the firm need new systems? Are there proper technological safeguards in place that make it difficult to remove intellectual property from the firm? Are the firm's policies about the handling of confidential material clear and sufficient, and are necessary confidentiality agreements on file? Are managers sensitive to signs of employee dissatisfaction? Are there issues with the firm's culture that need to be addressed? Perhaps most important, are there lessons to be learned about hiring? The ability to perform background checks and psychologically screen prospective hires is more advanced today than every before.

Conclusion

Your client will be called on to make a series of quick decisions, with imperfect information, in a volatile situation, and in the grip of a searing sense of betrayal. Potential harm lurks everywhere ' financial harm through further loss or dissemination of IP, damage to reputation, harm to employee morale, and entanglement in the uncontrollable world of the criminal justice. The objectives of protecting the victim's trade secrets while enabling the government to do its job can be difficult to reconcile, requiring a skillful performance of lawyers' ballet.

Stanley S. Arkin ([email protected]), a member of this newsletter's Board of Editors, is senior partner at New York's Arkin Kaplan Rice LLP. Peter B. Pope is a partner at the firm and was Chief of the New York State Attorney General's Criminal Division from 2000 to 2006. Barrett N. Prinz is an associate.