Stanford CIS

The Anti-Cyberespionage Bill That Isn't, or Never Was?

By David Levine on

It is extremely difficult these days to figure out exactly what problems the Defend Trade Secrets Act's (DTSA) sponsors are trying to solve. As an academic who has opposed this legislation over the past few years, I've been concerned that the putative primary goal of the DTSA -- to offer United States businesses better tools to combat domestic and foreign cyberespionage -- would not be achieved, with a much greater certainty of numerous downsides. So imagine my surprise (or call it confusion?) watching last month's Senate Judiciary Committee DTSA hearing, when the DTSA's sponsors (like Senator Orrin Hatch (R-UT)) and backers (primarily large industry lobbyists and representatives) agreed that "cyber espionage is not the primary focus of" the DTSA.

Have I been misunderstanding the DTSA's sponsors and supporters all along? I can't be sure, but I don't think so. Senator Chris Coons (D-DE), in his April 2014 press release announcing his co-sponsorship of the DTSA, explained:

In today’s electronic age, trade secrets can be stolen with a few keystrokes, and increasingly, they are stolen at the direction of a foreign government or for the benefit of a foreign competitor. These losses put U.S. jobs at risk and threaten incentives for continued investment in research and development. Current federal criminal law is insufficient.

Thus, argued the sponsors, we need the DTSA. More recently, in October 2015, Sen. Hatch was quoted in a "colloquy" with Sen. Coons: “At a time when cyber theft of trade secrets is at an all-time high—particularly as it involves Chinese competitors—it is critically important that U.S. companies have the ability to protect their trade secrets in federal court.” Senator Hatch's press office highlighted this quote, pulled from a longer transcript, and labeled it "notable." Even the DTSA's lobbyists, in August 2015, seem to have been arguing the DTSA's merit based upon the existing cyberespionage threat: "In this digital age, greater connectivity, increased data storage, and globalized supply chains have made trade secrets more vulnerable than ever before. But our laws remain stuck in a different era."

So the DTSA is needed, right? Well, apparently, the new answer is "yes, but for two different primary reasons:" the rise of trade secret theft by rogue employees and the need for uniformity in trade secret law. If that's the case, I'd like to formally note what over 40 academics, including me, argued in November 2015 (and based upon a 2014 letter making a similar point): the DTSA will not address cyberespionage. If the sponsors have changed their tune, and rather suddenly, then that appears to be a concession that our criticism has been on the mark. If I'm misunderstanding the above, then I'd like to hear from the DTSA's sponsors or lobbyists.

Of course, none of the above means that the DTSA is dead. However, if the new primary foci are the "rogue employee" and a purported need for uniformity, then the DTSA's imbalance on the cost-benefit scale is even greater. As we academics have previously argued, the rogue employee is more-than-adequately addressed by existing trade secret law, and the DTSA will not improve dealing with such an employee. Also, there is no federal jurisprudence around trade secret law, so there will be less uniformity in trade secrecy as the DTSA is litigated, interpreted and applied (assuming that uniformity is even lacking; it isn't). And all of the downsides -- from abusive litigation against small entities and start-ups using (or not using) a problematic ex parte seizure remedy (which conjures another fundamentally flawed piece of intellectual property legislation, the failed Stop Online Piracy Act (SOPA)), to resurrecting the anti-employee inevitable disclosure doctrine -- remain.

Finally, even if Congress is no longer focusing on cyberespionage in the DTSA, the DTSA remains a cyberespionage bill. As I've recently argued, the DTSA is likely to weaken private industry cybersecurity standards and practice, not improve them. Why should we expect a company to invest in stronger cybersecurity when it can sue others using federal law that incorporates an arguably antiquated (and therefore low) standard for reasonable cybersecurity? So we can add weakened cybersecurity practice to the mix of DTSA problems and costs. Why? The plaintiff-friendly DTSA will encourage companies to sue because of trade secret theft, thereby diverting those funds from preventing cyber-espionage in the first instance. As corporate cybersecurity is an agreed-upon big national problem, Congress should seriously consider whether the DTSA will be a cyber-criminal's gift.

So where are we right now? Given the general lack of empirical research in trade secrecy, the DTSA amounts to a giant trade secrecy policy experiment with many unknowns and a host of plausible downsides. In such circumstances, we should not be creating game-changing trade secret law while running the risk of diminishing cybersecurity private investment incentives. But that's where we appear to find ourselves.

To be sure, I do not mean to call the sponsors and lobbyists out for a politically-pejorative "flip flop," or to imply that changing one's policy argument is inherently bad. I respect -- in fact, celebrate -- the need in a democracy to allow one's analysis and understanding to evolve, especially in an era where anti-intellectualism is seemingly reaching a modern apex. If I didn't, why bother writing about current policy challenges? Therefore, because the DTSA's  sponsors' and supporters' core argument seems to have changed, that change should be taken seriously, and this blog post is my attempt to do just that.

Especially as the DTSA continues to move through the Senate, we should take heed of the changing reasons for the DTSA's being and the supporters' understanding of the legislation. At a minimum, we can now stop calling the DTSA an anti-cyberespionage bill, because it isn't, and never was. The sponsors and lobbyists apparently now agree. While I remain open to deeper understanding of why the DTSA was introduced in the first place, the math on the DTSA has just gotten easier, and leads to my continued (and deepened) opposition.