US Tech Dominance Rides on Securing Intellectual PropertyUS Tech Dominance Rides on Securing Intellectual Property
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
April 2, 2021
In January 2021, on his last day in office, President Trump quietly pardoned autonomous vehicle engineer Anthony Levandowski. He had been sentenced to 18 months in prison for stealing trade secrets from his former employer, Google. With everything else going on that month, including the Capitol riot and the inauguration, this news didn't receive much media attention.
Despite how little coverage this case got, it shouldn't be overlooked. In reality, it was a travesty of justice. We need to talk about Levandowski's pardon because it points to a foreboding problem in the US tech industry: Intellectual property (IP) offers a lucrative golden ticket for insiders. That's why there are thousands of security professionals and companies working behind the scenes to secure valuable IP in this country — and the US has some of the best IP laws and enforcement in the world. When the president pardons insider thieves, it sets a dangerous precedent and sends the wrong message to the larger international tech community as well as to those who create IP for companies.
First, some background on Levandowski: In 2016, he left his job on the Waymo team at Google — after receiving $127 million for his work there — to start a trucking company called Otto. Within six months, Otto was acquired by Uber. Over a year later, Google discovered that when Levandowski left Waymo, he exfiltrated 15,000 files on a thumb drive. These files contained some of the company's most important autonomous vehicle IP. He just walked out the door with the proverbial keys to the kingdom.
After a lengthy legal battle, Uber and Google agreed to a $250 million settlement. But Levandowski's time in the spotlight was not over. In August 2020, federal prosecutors convicted him of IP theft, then he was pardoned just a few months later.
Stolen IP can be worth staggering amounts of money. Here's just one example: Hackers attempting to steal COVID-19 vaccine IP in December could have gained billions of dollars if successful. IP theft isn't always as high profile as Levandowski's thumb drive full of self-driving car secrets, but smaller thefts still have an enormous impact on companies' bottom lines. In reality, IP theft happens every single day. Employees frequently download customer lists on their personal computers or email themselves source code. In fact, they are 85% more likely to leak files today than they were before COVID-19.
The Levandowski pardon sends a very negative signal to the international tech community. US competitiveness in the tech space depends on our ability to secure trade secrets. If anyone can gain insight into innovative new projects American companies are working on, how will those businesses stand out against the competition?
If our government is going to override our IP law with pardons, business leaders have to take the bull by the horns. Here are some steps to take now.
First, American companies need to be way more transparent about data ownership. A report from my team at Code42 found that in recent years, more and more employees have started to believe that they — and not their employers — have ownership over the product of their work . Yet there is no doubt that employers own the work they pay their employees and contractors to produce. This is the case even if skilled, hard-working employees like Levandowski feel entitled to ownership of the project. Your legal team needs to write a clear data-use policy outlining your company's ownership over its data, and then leadership needs to remind employees of it regularly.
Training is the next step, and it's an area where I believe companies will invest heavily this year. It's not enough for HR to mention data ownership policies during onboarding — employees need consistent, effective security training. Make sure the training is engaging so employees don't lose interest.
Finally, there's insider risk management technology. It took Google over a year to file its lawsuit against Uber. That's a long gap between theft and action. With effective technology, companies can hang onto their data before it leaves and the damage is done. [Editor's note: The author's company is one of a number of vendors that sell such technology.]
IP is the greatest asset any country has, including the US. It's what sets us apart in the free world. The ending of the Levandowski story is a tragedy because someone who disrespected that whole idea was pardoned with no explanation as to why. Without intervention, employees will continue to harbor the belief that they are entitled to ownership over what they do at work. If businesses aren't aware of data theft, and government officials continue to let it slide, many people will continue viewing trade secret theft as low risk and high reward — and the US will fall behind in the race to global tech dominance.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Defending Corporate Executives and VIPs from Cyberattacks
2021 Gartner Market Guide for Managed Detection and Response Report