Lessons From the $1 Billion Intel Trade-Secret Theft

24 November 2008—What if the FBI came knocking on your door saying that your employer had accused you of stealing US $1 billion from the company? That’s exactly what happened to Biswamohan Pani, a former Intel engineer who was indicted earlier this month for stealing trade secrets from the chip maker. Instead of raiding the supply closet for some notepads, pens, and paper clips, Pani allegedly downloaded more than 100 pages of data containing details about future Intel chip designs and 19 drawings detailing the chips’ layouts.

It didn’t take much sleuthing to figure out that by the time Pani resigned his position at Intel near the end of May, he had already been hired by Intel rival Advanced Micro Devices (AMD) to work at one of its R&D labs. For nine days after he reported for duty at AMD on 2 June, he was technically still a full-fledged Intel employee, with all the rights and privileges thereof. One of those privileges was access to an encrypted server containing a cache of Intel’s trade secrets. Intel says it has proof that he raided the server. His supposed intent: to advance his career by strategically using the information to make himself indispensable to his new employer.

Pani has since been indicted for trade-secrets theft and wire fraud—charges that could land him in prison for up to 90 years.

How did Intel arrive at that $1 billion figure? ”It’s a very large, very round number designed to convey the value Intel is placing on the material taken,” says Richard H. Frank, an attorney who chairs the International Employment practice group at the San Francisco offices of Cooley Godward Kronish. Frank notes that in criminal cases, one of the criteria by which the courts calculate sentences is the value that is put on the stolen material. ”In a trade-secrets case, one of those criteria would be the value that is put on material that’s stolen,” he says.

Although there are no pending criminal or civil actions against AMD, which insists that it knew nothing about Pani’s actions and hasn’t been privy to the information, there are some steps Intel needs to take to ensure that its rival is not sandbagging—in other words, biding its time before coming out with chip designs based on the information. Among them is aggressively demanding that AMD cooperate in an internal investigation in which witnesses would be interviewed and computers would be reviewed forensically to see if any of the information allegedly taken was transferred to or copied on any of AMD’s systems.

Frank notes that there are some very good reasons why AMD would avoid using the pilfered data. One is criminal prosecution of individuals, which could lead to prison time and restitution for any profits Intel could prove had been lost, plus disgorgement of any of AMD’s ill-gotten gains. AMD could also face a civil action under which Intel could obtain an injunction preventing use of every product that contained Intel trade secrets. Intel could obtain civil damages in the form of lost sales and, again, ill-gotten gains. Intel could even win back its attorneys’ fees if it could prove its case. ”There are also intangibles [that would negatively affect AMD], such as distraction of management time, bad publicity, and other nonquantifiable market risks, such as lost sales, resulting from a taint on the company and its products, which could scare clients away,” says Frank.

A big open question is why Intel didn’t cut off Pani’s systems access the moment he tendered his resignation. Pani lied about where he was going after leaving Intel, concocting a suspicion-diverting story about going to work for a hedge fund. ”One of two things was going on,” says Frank. ”There either wasn’t a procedure in place, or the procedure wasn’t followed to deal with that resignation in terms of data security.” In other words, did somebody have a checklist? Did HR get notified? Did IT get notified? Did someone say, ”This person has given notice. What do we do now?” Frank says that even in the case of a transfer from Department A to Department B, there should be a checklist including termination of access to data from Department A that’s not necessary to the new job.

If Intel had all the right procedures but somebody made a conscious choice to trust Pani, then that person took a calculated risk that, in hindsight, was a poor one. ”What I advise clients is to think very carefully about the cost-benefit calculation in that situation,” Frank says. ”Maybe you trust the individual. But what is the potential cost to the company when that trust is abused?” Frank notes that this comes up frequently during layoffs. ”Are you going to let the person who has just been informed that they no longer have a job go back to their desk and spend an hour tying up loose ends like transferring their personal photos and personal e-mail to a disk? My advice is ’No.’ The company wants to give the person the benefit of the doubt and trust them to do that. But if enough is at stake, my advice is to err on the side of caution.”

Could Pani still have ended up in federal prosecutors’ gunsights if he hadn’t downloaded the materials but simply gone to work for AMD and used Intel data from memory? Frank says it is a distinct possibility. Though you are free to use your skill, knowledge, and experience for the benefit of any employer, you cross a line when you disclose or make use of information that is a) not publicly available and b) is prepared in the course and scope of developing anything—including a product, a business plan, or a database—that provides an independent economic benefit to the company in question.

Frank points out that there is such a thing as a negative trade secret. If Intel was trying to design a chip with greater speed or increased versatility and it spent a fair amount of time trying to develop it using a certain method and concluded that that method was not effective, that knowledge has independent economic value and can be considered a trade secret. ”Even if in the course of Mr. Pani’s work for AMD someone said, ’Hey, let’s do it this way,’ he would not be at liberty to say, ’No, we tried it at Intel and it didn’t work.’” The deterrent factors would be the same: fear of prosecution, fear of civil action, and fear of career opportunity loss.

The Pani case has made a splash, but it’s extremely hard to quantify how common trade-secret theft is, says Frank. Sometimes people get caught, and sometimes they don’t. Sometimes it’s hard to prove a well-founded suspicion, and sometimes companies have smoking guns. ”What I can tell you is that there are many trade-secret matters that nobody hears about, [such as instances] where an employee is caught red-handed and the matter is addressed and resolved quickly between the company and the party involved,” says Frank. Studies use published statistics, looking at trend lines related to the number of criminal prosecutions and civil suits, and making some assessments regarding what percentage of all the cases they constitute. But it’s not an exact science, says Frank.

Companies often aren’t happy to publicly acknowledge their involvement in an intellectual property (IP) theft. A company accused of receiving and using stolen trade secrets doesn’t want there to be a taint on its products in the marketplace, while a company that has suffered a loss doesn’t want customers, stockholders, or potential investors to know that somebody has walked out the door with such valuable information.

Technology that monitors what employees do on systems can help prevent IP theft, says Frank. For example, if employees are downloading unusually large amounts of data or e-mailing such data outside the company, a software monitor could flag it. And companies are wise to repeatedly let their employees know that they have zero-tolerance policies and various means to catch them. But Frank does concede that it’s difficult to discern the intentions of people who have proper access to information during the course of their jobs and difficult to stop those who want to use that access improperly.

Asked if there are ever cases in which companies don’t pursue a reasonable suspicion of trade-secret theft, Frank says, ”It happens. But generally speaking, when companies feel the evidence is strong, they act.” Even if the evidence is a hunch or something that is quite weak, a company will do something like sending a warning letter reminding, say, a former employee who has started his or her own firm, or one who has gone to work for another company, that he or she still has a duty not to disclose confidential information. Failing to do so would put the company at risk of losing trade-secret status for that piece of information, because part of the definition of trade secret is that the company must make reasonable efforts to maintain the secrecy of the information.

Did Intel’s lapses, in not taking Pani’s system access when he tendered his resignation, constitute a failure to take reasonable steps to protect its trade secrets? ”If that’s the best argument [Pani] has, I wouldn’t want to bet on his chances of defeating the indictment,” says Frank. Stronger arguments could be: the information is not a trade secret, and here’s why; or I had the information in my possession, but I hadn’t used it for anything, wasn’t intending to use it for anything, and because I was still an employee at the time, and they hadn’t shut down my access, I had rightful access to it. We’ll see how the case turns out.”