US Tech Dominance Rides on Securing Intellectual Property

A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.

Joe Payne, President and CEO at Code42

April 2, 2021

4 Min Read
Dark Reading logo in a gray background | Dark Reading

In January 2021, on his last day in office, President Trump quietly pardoned autonomous vehicle engineer Anthony Levandowski. He had been sentenced to 18 months in prison for stealing trade secrets from his former employer, Google. With everything else going on that month, including the Capitol riot and the inauguration, this news didn't receive much media attention.

Despite how little coverage this case got, it shouldn't be overlooked. In reality, it was a travesty of justice. We need to talk about Levandowski's pardon because it points to a foreboding problem in the US tech industry: Intellectual property (IP) offers a lucrative golden ticket for insiders. That's why there are thousands of security professionals and companies working behind the scenes to secure valuable IP in this country — and the US has some of the best IP laws and enforcement in the world. When the president pardons insider thieves, it sets a dangerous precedent and sends the wrong message to the larger international tech community as well as to those who create IP for companies.

First, some background on Levandowski: In 2016, he left his job on the Waymo team at Google — after receiving $127 million for his work there — to start a trucking company called Otto. Within six months, Otto was acquired by Uber. Over a year later, Google discovered that when Levandowski left Waymo, he exfiltrated 15,000 files on a thumb drive. These files contained some of the company's most important autonomous vehicle IP. He just walked out the door with the proverbial keys to the kingdom.

After a lengthy legal battle, Uber and Google agreed to a $250 million settlement. But Levandowski's time in the spotlight was not over. In August 2020, federal prosecutors convicted him of IP theft, then he was pardoned just a few months later.

Stolen IP can be worth staggering amounts of money. Here's just one example: Hackers attempting to steal COVID-19 vaccine IP in December could have gained billions of dollars if successful. IP theft isn't always as high profile as Levandowski's thumb drive full of self-driving car secrets, but smaller thefts still have an enormous impact on companies' bottom lines. In reality, IP theft happens every single day. Employees frequently download customer lists on their personal computers or email themselves source code. In fact, they are 85% more likely to leak files today than they were before COVID-19.

The Levandowski pardon sends a very negative signal to the international tech community. US competitiveness in the tech space depends on our ability to secure trade secrets. If anyone can gain insight into innovative new projects American companies are working on, how will those businesses stand out against the competition?

Fighting Back
If our government is going to override our IP law with pardons, business leaders have to take the bull by the horns. Here are some steps to take now.

First, American companies need to be way more transparent about data ownership. A report from my team at Code42 found that in recent years, more and more employees have started to believe that they — and not their employers — have ownership over the product of their work . Yet there is no doubt that employers own the work they pay their employees and contractors to produce. This is the case even if skilled, hard-working employees like Levandowski feel entitled to ownership of the project. Your legal team needs to write a clear data-use policy outlining your company's ownership over its data, and then leadership needs to remind employees of it regularly.

Training is the next step, and it's an area where I believe companies will invest heavily this year. It's not enough for HR to mention data ownership policies during onboarding — employees need consistent, effective security training. Make sure the training is engaging so employees don't lose interest.

Finally, there's insider risk management technology. It took Google over a year to file its lawsuit against Uber. That's a long gap between theft and action. With effective technology, companies can hang onto their data before it leaves and the damage is done. [Editor's note: The author's company is one of a number of vendors that sell such technology.]

IP is the greatest asset any country has, including the US. It's what sets us apart in the free world. The ending of the Levandowski story is a tragedy because someone who disrespected that whole idea was pardoned with no explanation as to why. Without intervention, employees will continue to harbor the belief that they are entitled to ownership over what they do at work. If businesses aren't aware of data theft, and government officials continue to let it slide, many people will continue viewing trade secret theft as low risk and high reward — and the US will fall behind in the race to global tech dominance.

About the Author

Joe Payne

President and CEO at Code42

Joe Payne is the President and CEO of Code42 Software. Joe is a seasoned executive with more than 20 years of leadership experience and a proven track record leading high growth security and technology companies. With a passion for identifying and solving emerging market needs, Joe engages personally in product strategy and direction, while growing and providing vision and guidance to a world-class team of security executives. Previously, Joe served as CEO of eSecurity, the first SIEM software company. He also served as the president of iDefense prior to its acquisition by VeriSign. At iDefense, Joe led some of the best white-hat security researchers in the world and worked with the top financial institutions and government agencies in the United States to improve their risk profile.

Joe also has held additional executive positions at eGrail, MicroStrategy, InteliData and Eloqua. As CEO of Eloqua, Joe led the team to $125 million in revenue, a successful IPO and a subsequent acquisition by Oracle. Joe currently serves on the Board of Directors of First Focus Campaign for Children, a non-partisan, not-for-profit advocacy organization. Joe previously served on the boards of Dealertrack (NASDAQ: TRAK), Cornerstone OnDemand (NASDAQ: CSOD), Eloqua (NASDAQ: ELOQ), Workfront, TrackMaven, Plex, e-Security, eGrail, and Ecutel.

Joe is a co-author of Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can't Ignore, which shines a light on insider risk and details what business and security leaders can do to keep their workforces productive and data protected.

Joe received his Master of Business Administration from the Fuqua School of Business where he was a Fuqua scholar. He is a magna cum laude graduate of Duke University. When not hard at work, you can find Joe cheering for the US National Soccer Team or his beloved Duke Blue Devils. Joe is married with four children.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights