Cyber-Espionage and Trade Agreements: An Ill-Fitting and Dangerous Combination

Yesterday's leak of a May 2014 draft of the Trans-Pacific Partnership (TPP) agreement revealed the addition of new text criminalizing the misuse of trade secrets through "computer systems", as mentioned in our previous post about the leak. This is a significant revelation, because we also know that trade secrets are planned for inclusion in the EU-US free trade agreement, TTIP (the Trans-Atlantic Trade and Investment Partnership). The revelation of the proposed text in the TPP provides a good indication that the same kind of language will likely also appear in TTIP. Frighteningly, this text contains no protections to safeguard the public interest.

Today we delve into this provision and its background in more depth.

Why Trade Secrets, and Why Now?

The US Trade Representative's sudden interest in trade secret protection arises largely from reports of widespread cyber-espionage against US companies emanating from China. This has also led to domestic proposals such as this year's Defend Trade Secrets Act, introduced in the Senate in April, and its companion House bill, the Trade Secrets Protection Act, which would create a new federal private right of action for trade secret theft.

In August this year, 31 law professors wrote a joint letter opposing these bills on a number of grounds, including that they are unbalanced, risking that they could be used for anti-competitive purposes, and that they have potential ancillary negative impacts on access to information. The professors write:

Labeling information as a trade secret has become a common way to prevent public and even regulatory access to important information ranging from the composition of hydraulic fracturing fluids to the code inside of voting machines, all of which have compelling (but not uncontroversial) reasons for public access in a democracy.

Even if these new US bills pass, their enforceability against foreigners will be, in practical terms, rather limited. The introduction of new language on trade secrets into both TTP and TTIP—which may become the United States' two largest trade agreements—is therefore a parallel tactic to address cyber-espionage on the global stage.

(Observant readers might have spotted an apparent flaw in this plan, given that China will not be a party to either of these agreements. But the reasoning is that if enough other countries agree on new global standards, diplomatic pressure can be applied on China to also comply. As the Europeans have put it, “The EU and the US also have a common interest in pursuing protection of trade secrets against misappropriation in third countries”.)

Paragraph 1—Trade Secrets

The language in the TPP, however, doesn't much resemble either of the current Congressional bills. This is because if the TPP is agreed, it will create an obligation on the US to ensure that it accords with domestic law, and the US Trade Representative is unable to guarantee that the bills currently in Congress will pass. Instead, the first paragraph is drawn from TRIPS, the multilateral treaty that sets a global minimum standard for so-called intellectual property protection, and the second and third paragraphs are brand new, but share lineage with both the Economic Espionage Act and the Computer Fraud and Abuse Act (CFAA).

This is where things get complicated—because the legal theories, methods and objectives of those two sources are actually quite different.

So beginning with paragraph 1: it very closely mirrors the language that TRIPS members (including all the TPP negotiating countries) have already agreed. It requires them to offer the means to prevent trade secrets from being disclosed to, acquired by, or used by others without consent in a manner contrary to honest commercial practices. This generally, as in the US, involves a private cause of action to be litigated in a civil court.

Paragraphs 2 and 3—Computer E