With competition between firms, there exists a pressure to obtain a competitor’s trade secrets to either defuse the competitor’s advantage or to build an advantage for the organization. The information security professional must ensure that the organization’s equipment is not used for corporate espionage. There may be extra pressure on the professional to either turn a blind eye to such illegal activities, or (given the technological prowess of white hat hackers) to facilitate the illegal activities. Performing illegal activities for an employer does not shield an employee from prosecution. Such pressures must be avoided.
Ideas and innovations can be legally gleaned from existing products. Organizations have legal methods at their disposal. Products can be reverse engineered to determine how they work. (The reverse engineering cannot be used to circumvent protection mechanisms according to the DMCA, however.) The Uniform Trade Secrets Act (1990) states that reverse engineering is permissible providing the “acquisition of the known product” are by “a fair and honest means, such as purchase of the item on the open market.” It is possible to purchase a software package or piece of equipment, take it apart, and determine the ideas behind its design and production.
Another option for obtaining trade secrets legally is to use a clean room technique. Here, a team is provided very specific requirements and source information. They work in a dedicated and isolated space to ensure that existing secrets are not used in reproducing the work. The key here is documenting the inputs and outputs of the team. “Records of the clean room development are saved to demonstrate that trade secrets were independently developed and to refute any claims that a work was copied. (Stim, 2001)”. This provides some level of protection, but clean room is not a defense in “doctrine of equivalents” cases.
References:
Stim, R. (2001). Intellectual Property: Patents, Trademarks, and Copyrights, 2nd Edition. Albany: Delmar.
Posted by