Following the publication of a Virginia-based cyber security firm's report accusing the Chinese military of stealing significant amounts of data from U.S. companies through widespread and "sustained" hacking efforts, the resulting media firestorm has propelled trade secret protection to the top of national policymakers' agenda.
Even before the issuance of the startling report, Congress had been taking legislative action to protect U.S. businesses' confidential business information from private and state-sponsored theft. The Theft of Trade Secrets Clarification Act of 2012, signed into law by President Obama on December 28, 2012, amends language in the Economic Espionage Act (EEA) to ensure that the government has broad authority to prosecute trade secret theft under the EEA. The legislation was prompted by a decision handed down by the U.S. Court of Appeals, Second Circuit in 2012. In the case, U.S. v. Aleynikov, 676 F.3d 71 (2d Cir. 2012), the court ruled that the theft of proprietary source code by an employee was not trade secret theft because it was not directly used in interstate commerce, though the company did use it internally to create an advantage in the marketplace. The new law prohibits the theft of a trade secret that is "related to a product or service used in or intended for use in interstate or foreign commerce." Prior to this new law, a trade secret was more narrowly defined as "related to or included in a product that is produced for or placed in interstate or foreign commerce." Another amendment, signed by President Obama on January 14, 2013, increases the maximum penalties for revealing trade secrets to foreign entities, and directs the United States Sentencing Commission to review and, if necessary, amend sentencing guidelines for economic espionage.
In early February, President Obama signed the Executive Order on Improving Critical Infrastructure Cybersecurity that creates voluntary information-sharing programs for companies that operate "critical infrastructure," defined by the order as those "systems and assets, whether physical or virtual, so vital to the United States that [their] incapacity or destruction… would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters." The Executive Order also requires federal agencies to share more information about cyber threats to U.S. companies and the public.
More recently, prompted by widespread media coverage and public reaction to the cyber security firm's report, the White House announced a policy plan for combating corporate and state sponsored trade secret theft. The plan calls for a more aggressive diplomatic effort in countries with high incidence of trade secret theft, increasing coordination between the government and the private sector, and increasing coordination within the law enforcement and intelligence community. The House of Representatives, meanwhile, is revisiting the comprehensive Cyber Intelligence Sharing and Protection Act (CISPA), which the Senate rejected in 2012. The Senate is currently considering its own legislation, the Cybersecurity and American Cyber Competitiveness Act of 2013, introduced in January.