In a year in which the United States has brought and prosecuted a series of high-profile criminal cases under the Economic Espionage Act (“EEA”), another one was recently added to the roll call in the Southern District of Indiana, this time against two former high-level scientists with pharmaceutical giant, Eli Lilly.
On August 14, 2013, a grand jury in the Southern District of Indiana returned a superseding indictment against Guoqing Cao (“Cao”) and Shuyu “Dan” Li (“Li”), stemming from Cao and Li’s alleged multi-year plot to steal Eli Lilly trade secrets and transfer those secrets to one of Eli Lilly’s Chinese-based competitors, Jiangsu Hengrui Medicine Co., Ltd., located in Shanghai, China. Cao and Li are accused—along with an unnamed former Lilly scientist, and current Hengrui official—with stealing nine separate trade secrets (relating to Lilly’s work on cardiovascular disease prevention, diabetes treatment, and cancer treatment) starting in 2011 and continuing until this year. Cao and Li are both currently being held, awaiting a further hearing on their pretrial detention.
According to testimony provided by Eli Lilly’s Senior Vice President of Product and Clinical Design, Delivery & Development, William Heath, Jr., at Cao and Li’s detention hearing, Hengrui is: “the largest supplier of oncology and pain relief medicines in China”, having “received FDA approval for … a cancer drug in the United States”, which “is actually the first sterile parenteral injectable that has been approved from a Chinese company to be brought into the United States, and is quite a significant accomplishment.” (United States v. Cao, 13-cr-00150-WTI-TAB (S.D. Ind. Oct. 22, 2012), Dkt. No. 95-1 at p. 42 (ID#570).)
According to the indictment, in February 2010, Cao allegedly submitted his resume to Individual No. 1 at Hengrui. Over the next few months, Cao allegedly expressed his displeasure to Individual No. 1 with his job with Lilly and explained that he would be traveling to China in the near term. On May 18, 2010, Individual No. 1 allegedly emailed Cao about a meeting with a Hengrui official on Cao’s upcoming trip to China. That same day, Cao allegedly inserted four separate external media devices into his Lilly computer. Following Cao’s meeting with Hengrui in China and in the ensuing months, Cao and Individual No. 1 allegedly continued their communications and Individual No. 1 encouraged Cao to recruit scientists to present at a conference in China on Individual No. 1’s behalf.
On October 15, 2010, Cao allegedly began emailing Lilly authored papers to his personal email account. Over the next year, Cao allegedly either downloaded to external media devices or forwarded to his personal email account various Lilly trade secret information on no less than six occasions. Additionally, on August 11, 2011, Cao allegedly forwarded Individual No. 1 via email Lilly’s trade secret information relating to Lilly’s research into LDL cholesterol, diabetes, and dyslipidemia.
During this time that Cao was allegedly acting as a double agent for Hengrui, he accepted a job with Hengrui on August 18, 2011. He did not resign from Lilly until January 11, 2012.
After Cao resigned, Cao and Li allegedly conspired for Li, still a Lilly employee, to send Cao Lilly’s trade secrets. On February 21, 2012, Li sent emails to Cao attaching a Lilly powerpoint divulging Lilly trade secrets relating to Lilly’s research into metabolic disorders and testing. Several months later in November 2012, Cao allegedly contacted Li again and provided a list of five research areas Cao was interested in. Less than a week later, on November 8, 2012, Li allegedly emailed Cao, attaching documents revealing Lilly trade secrets pertaining to its oncology research.
Most problematic in Cao and Li’s alleged disclosures (and Individual No. 1’s solicitations), Lilly utilized common, industry-accepted measures to protect its trade secrets and confidential information. Indeed, like most companies, Lilly limited access through security cards, required employee confidentiality agreements, restricted access to Lilly confidential information on a need-to-know basis, limited access to computer networks, and utilized data security banners and policies. Above industry standards, Lilly also monitored entrance points, recorded campus entry access, required recurrent training and instruction on safeguarding Lilly confidential and trade secret information, and had restrictive guidelines and required specific authorization to publish or discuss Lilly confidential material outside the company. Cao, Li, and Individual No. 1 all had confidentiality agreements and each participated in annual training on Lilly’s code of conduct, including its confidentiality policies.
Despite those safeguards, Cao and Li are accused of brazenly downloading from their own Lilly computers and emailing Lilly’s trade secrets away through their own Lilly email addresses. If the government’s accusations prove true, this was not a case where employees did not realize what they were doing was prohibited.
This case is important for two reasons. First, it continues a year-long upswing in cases in which the United States brought charges under the EEA. According to Matthew Levine’s article, “With Expansion of Economic Espionage Act, Will More Prosecutions Follow?”, through November 2012, the United States brought 12 prosecutions under the Act. Since the enactment of the Theft of Trade Secrets Clarification Act of 2012 and only through July 2013, the United States brought 15 cases. (Transactional Records Access Clearinghouse, TRAC Reports, Prosecutions and Convictions for 2013, Lead Charges of 18 U.S.C. 1831 & 1832.)
Second, this case continues to highlight why companies must monitor the access its employees have to secure databases and restrict the ability of its employees from exfiltrating its trade secret and confidential information. Here, despite Lilly utilizing password protections, yearly training, and confidentiality agreements, two trusted long-time employees still allegedly misappropriated and transferred trade secrets allegedly worth $55 million dollars to a foreign competitor over a multi-year period. Companies should consider using additional preventive means to prohibit employees from stealing trade secrets, such as configuring the operating system to restrict access to external devices, thus, restricting the ability to download information to an external device; blocking a user from uploading information to a web-based site; and/or utilizing software that blocks employees from sending emails to certain domain names, including to certain domain names that are known to be used for personal email accounts. This case, like the Sinovel and Snowden cases before it continually highlight why in an era in which data is portable, companies much continue to increase their information technology security to prevent theft of their trade secrets and confidential information. This case and others like it will be discussed by Seyfarth attorneys Shashank Upadhye, Scott Schaefers, and Justin Beyer on October 29, 2013 at 12 p.m. CST during Seyfarth Shaw’s Tenth Installment of its 2013 Trade Secrets webinar series, this time focusing on trade secrets in the pharmaceutical industry. If you are interested in this Webinar, you can register here.