INTELLECTUAL PROPERTY RIGHTS CYBER CRIME€¦ · 06/05/2017 · • R.A. 8203 Special Law on...
Transcript of INTELLECTUAL PROPERTY RIGHTS CYBER CRIME€¦ · 06/05/2017 · • R.A. 8203 Special Law on...
UNCLASSIFIED//FOUO UNCLASSIFIED//FOUO
UNIT CHIEF JOHN KIM
U.S. EMBASSY MANILA
LEGAL ATTACHE, FBI
INTELLECTUAL
PROPERTY
RIGHTS &
CYBER CRIME
UNCLASSIFIED//FOUO
Why Should We Care About Cybercrime?
2
• Consumer cost of cybercrime in 2015: $158 billion
• 429 million Personal Records were stolen
– Over 1 million victims per day
• 12 victims per second
• 41% of online adults have fallen victim to attacks
(malware, viruses, hacking, fraud, etc.)
UNCLASSIFIED//FOUO
Why Should We Care About Cybercrime?
3
[The loss of industrial information and intellectual
property through cyber espionage constitutes the]
"greatest transfer of wealth in history."
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Current & Emerging Threats
5
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
11
The FBI’s Role in IPR
• “To promote the progress of science and the
useful arts, by securing for limited times to
authors and inventors the exclusive right to their
writings and discoveries”
– Article I, Section 8, Clause 8, U.S. Constitution
11 UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
One of Our Oldest Laws
• Major Threats Through the Decades: Gangsters
Sabotage/Spies (WWII)
Soviet Threat
Organized Crime
Financial Crimes
Counterterrorism
Cyber Crimes
• Currently about 35,000 employees
• Headquartered in Washington, DC 56 Field Offices
400+ Resident Agencies
70+ Legal Attaches and Sub-Offices
12 UNCLASSIFIED/LES
UNCLASSIFIED//FOUO
The FBI’s IPR Enforcement Mission
• Disrupt and dismantle domestic and international
criminal organizations and individuals that manufacture
or traffic in counterfeit and pirated goods, and/or steal,
distribute, or otherwise profit from the theft of intellectual
property.
• Investigative Priorities:
Theft of trade secrets (non-state sponsored)
Threats to public health and safety
Copyright and trademark cases involving:
National security
Organized crime
Significant economic impact
UNCLASSIFIED/LES 13
UNCLASSIFIED//FOUO
Statutory Authority
• Theft of Trade Secrets /Economic Espionage (18 U.S.C. § 1831/1832)
• Copyright Infringement (§ 2319)
• Trademark Infringement (§ 2320)
• Trafficking Counterfeit Labels (§ 2318)
• Signal Theft (§ 2511)
• DMCA (§ 1201)
• Other Charges: Wire Fraud (§ 1343)
Mail Fraud (§ 63)
False Statements (§ 1001)
CFAA (§ 1030)
False Registration of a Domain Name (§ 3559)
CAN SPAM (§ 1037)
Money Laundering (§ 1956/1957)
Conspiracy (§ 1961)
UNCLASSIFIED/LES 14
UNCLASSIFIED//FOUO
The FBI’s Role in IPR
15 UNCLASSIFIED//FOUO
Civil
Patents
Trade Secrets
Criminal
Copyrights
Trademarks
Trade Secrets
Broadcasts (“Signals”)
UNCLASSIFIED//FOUO
Impact of IPR Violations
Drug Trafficking $320B
Counterfeit & Pirated Goods $250B
Wildlife Trafficking
$19B
Illegal Oil Trade
$11B
Human Trafficking
$32B
Illegal Logging
$10B
Illegal Fishing Trade $10B
Human Organ Trafficking $600M
Source: Economist-Apr 29, 2013
16 UNCLASSIFIED/LES
UNCLASSIFIED//FOUO
Challenges: Perception vs. Reality
UNCLASSIFIED//FOUO 17
UNCLASSIFIED//FOUO
Challenges: Perception vs. Reality
UNCLASSIFIED//FOUO 18
UNCLASSIFIED//FOUO
Challenges: Changing Global Trade
19 UNCLASSIFIED//FOUO
0
1
2
3
2013 2018
Trill
ion
s U
SD
Growth in E-Commerce Trade
USA Global
UNCLASSIFIED//FOUO
Challenges: Changing Global Trade
20 UNCLASSIFIED//FOUO
Mail/Express
Consign-ments
Cargo and Other
% Total Value of IPR Seizures, 2014
Mail/Express
Consign-ments
Cargo and Other
% Total Value of IPR Seizures, 2007
UNCLASSIFIED//FOUO
Solutions: Improving De-Confliction
UNCLASSIFIED//FOUO 21
UNCLASSIFIED//FOUO
National Intellectual Property Rights Center
22 UNCLASSIFIED/LES
• In 1999, started with two agencies U.S. Customs and FBI
• In 2008, the IPR Center was enhanced with ICE, CBP, FBI, USPS, FDA, and DOC
• Today the IPR Center is a collaborative effort of 23 federal and international agencies
UNCLASSIFIED//FOUO
INTELLECTUAL PROPERTY CODE OF
THE PHILIPPINES
• RA 8293
– Created the Intellectual Property Office
(http://www.ipophil.gov.ph/
• The Bureau of Patents;
• The Bureau of Trademarks;
• The Bureau of Legal Affairs;
• The Documentation, Information and Technology Transfer Bureau;
• The Management Information System and EDP Bureau; and
• The Administrative, Financial and Personnel Services Bureau.
23
UNCLASSIFIED//FOUO
Philippine Authority
• R.A. 10372 An Act Amending Certain Provisions of Republic Act No. 8293, Otherwise known as
the "Intellectual Property Code of the Philippines", and for Other Purposes
• R.A. 8293 Intellectual Property Code of the Philippines
• R.A. 3720 Food and Drug Administration
• R.A. 8203 Special Law on Counterfeit Drugs
• R.A. 9239 Optical Media Act
• R.A. 10088 Anti-Camcording Act
• R.A.8792 E-Commerce Act
• R.A. 10175 Cybercrime Act
• Supreme Court Rules on Procedure for Intellectual Property Rights Cases (A.M. No. 10-3-10-SC)
• E.O 736 (Creation of National Committee on Intellectual Property Rights)
• Implementing Rules and Regulations on Republic Act 10515 or the Anti-Cable Television and
Cable Internet Tapping Act of 2013
UNCLASSIFIED/LES 24
UNCLASSIFIED//FOUO
Industry Coordination
Law
Enforcement
Policy
Industry
UNCLASSIFIED//FOUO 25
Effectiveness o
f M
itig
ation A
ctivity
Range of Potential Mitigation Activities
LOW
HI
UNCLASSIFIED//FOUO
Protection
• Intellectual property
• Proprietary technology
• May not be technology…
– PII
– Trade Secrets
– Business processes
– Customer management
– Privileged communications
26
UNCLASSIFIED//FOUO
What Is a Trade Secret?
A trade secret is a formula, practice, process,
design, instrument , pattern, or compilation of
information which is not generally known or
reasonably ascertainable, by which a business can
obtain an economic advantage over competitors or
customers.
UNCLASSIFIED//FOUO
• A trade secret is information that:
– is not generally known to the public;
– confers some sort of economic benefit on its
holder (where this benefit must derive
specifically from its not being generally
known, not just from the value of the
information itself);
– is the subject of reasonable efforts to maintain
its secrecy
What Is a Trade Secret?
UNCLASSIFIED//FOUO
• Formulas for chemicals, drugs, cosmetics, foods, etc. •Industrial Processes
• Know-how, i.e., technical information relating to the practical application of patented or unpatented inventions.
• Blueprints, such as for a building or machinery.
• Computer software, to the extent it cannot be reverse engineered.
• Sources of supply, pricing information, identity of vendors or suppliers, and customer lists.
Examples of Trade Secrets
UNCLASSIFIED//FOUO
Theft of Trade Secrets Case
• Defendant was a former research chemist for DuPont involved in
research of Organic Light Emitting Diodes (OLED)
• DuPont spent several million dollars in research and
development of OLED technology
• Defendant accepted a position as a faculty member at a Beijing
University while still employed by DuPont and without informing
the company
• Defendant emailed sensitive DuPont proprietary information
about the chemical process to his University email account,
uploaded the information to his personal computer using a thumb
drive, and mailed over 100 samples of intermediate chemical
compounds to his University office in Beijing
• In June 2010, defendant pleaded guilty to theft of trade secrets
• In October 2010, defendant sentenced to 14 months in prison
UNCLASSIFIED//FOUO
• Original complaint from MPAA for illegal distribution
and streaming of movies still in theaters
• Subject sold counterfeit cancer medication to at
least 65 victims
• Admitted to selling more than 800 pirated copies of
business software valued at over $435,000
• Sentenced to 33 months in prison, $75,000 fine, and
$53,724 in restitution (Aug. 2010)
Health and Safety Case
UNCLASSIFIED//FOUO
Law Enforcement Engagement
• Establish a working relationship with the Local Law
Enforcement Authorities before a breach
• Engage established LE contacts as early as
practical when a significant event occurs
• Private sectors and LE need to understood to work
together in order to defeat this threat.
• Sharing of information became critical in mitigating
and preventing this threat
32
Key Points of Contacts
Threat Response Asset Response
National Bureau of Investigation (NBI) Cybercrime Division http://www.nbi.gov.ph Email: [email protected] Complaints Desk: +63-2-523-8231 local 3454/3455
Philippine National Police (PNP) Anti-Cybercrime Group (ACG) http://pnpacg.ph/main/ Cybersecurity Concerns: Email: [email protected] General cybercrime: Email: [email protected] Terrorism concerns: Email: [email protected] Women and Children Concern:
Email: [email protected] Complaint Action Center: +63 (02) 414-1560
Department of Justice (DOJ) Office of Cybercrime https://www.doj.gov.ph/office-of- cybercrime.html Email: [email protected]
Call: +63-2-523-8481 local 298
Department of Information and Communications Technology (DICT) Cybercrime Investigations and Coordination Center (CICC) http://www.dict.gov.ph/cybercrime- investigation-and-coordinating-center- cicc/ Email: [email protected] Complaints Desk: +63-2-920-0101 local 1200
Report suspected or confirmed cyber incidents, including when the affected entity may be interested in government assistance in removing the adversary, restoring operations, and recommending ways to further improve security.
National Privacy Commission (NPC) https://privacy.gov.ph/ Email: [email protected] Report suspected or confirmed cyber incidents, when the loss of personal data, PII, any other data defined in the Data Privacy Act of 2012.
If there is an immediate threat to public health or safety, the public should always call 911.
UNCLASSIFIED//FOUO
1. Establishing/enforcing clear policies about confidential business
information;
2. Identifying technological and technical information deemed to be
secret;
3. Advising/training employees and others of the existence of trade
secrets;
4. Use of nondisclosure and confidentiality agreements with
employees and others;
5. Limiting access to trade secrets on a “need-to-know-basis”;
6. Controlling access to company files and facility locations;
7. Central control of blueprints and engineering drawings;
8. Use of security systems and guards;
9. Providing locked storage for sensitive information such as laboratory
notebooks;
10. Implementation of document protection and retention policies; and
11. Use of computer passwords and firewalls throughout organization.
Reasonable Efforts to Maintain Secrecy
UNCLASSIFIED//FOUO
Reporting IPR - www.iprcenter.gov
34
UNCLASSIFIED//FOUO
Reporting IPR in the Philippines
35
http://www.ipophil.gov.ph/
UNCLASSIFIED//FOUO
Joint Cybersecurity Working Group
36
• What?
• In August 2016, the FBI in
partnership with Department Of
State, GPH, and private sector
companies, established an
interagency working group.
• Why?
• To promote intelligence sharing and
policy development between
Philippine public and private
sectors.
• When?
• The JCSWG meets monthly. We
will be conducting our Eighth
Meeting May 15th 2017.
UNCLASSIFIED//FOUO
Some Private Members
37
UNCLASSIFIED//FOUO
Government
38
UNCLASSIFIED//FOUO
Reporting in the Philippines
Threat Response Asset Response
National Bureau of Investigation (NBI) Cybercrime Division http://www.nbi.gov.ph Email: [email protected] Complaints Desk: +63-2-523-8231 local 3454/3455 Philippine National Police: Anti-Cybercrime Group (ACG) http://pnpacg.ph/main/ Cybersecurity Concerns: Email: [email protected] General cybercrime: Email: [email protected] Terrorism concerns: Email: [email protected] Women and Children Concern: Email: [email protected] Complaint Action Center: +63 (02) 414-1560 Department of Justice (DOJ) Office of Cybercrime https://www.doj.gov.ph/office-of-cybercrime.html Email: [email protected]
Complaint Call: +63-2-523-8481 local 298
Department of Information and Communications Technology (DICT) Cybercrime Investigations and Coordination Center (CICC) http://www.dict.gov.ph/cybercrime- investigation-and- coordinating-center-cicc/ Email: [email protected] Complaints Desk: +63-2-920-0101 local 1200
Report suspected or confirmed cyber incidents, including when the affected entity may be interested in government assistance in removing the adversary, restoring operations, and recommending ways to further improve security.
National Privacy Commission (NPC) https://privacy.gov.ph/ Email: [email protected] Report suspected or confirmed cyber incidents, when the loss of personal data, PII, any other data defined in the Data Privacy Act of 2012.
UNCLASSIFIED//FOUO
INTERNET CRIME COMPLAINT CENTER
WWW.IC3.GOV
40
• Intelligence Center for Internet Enabled Crime
• iC3 was established in May 2000 • 262,813 complaints received in FY2013 for a total
reported loss of $700M
Romance Scams Auto Fraud Mass Marketing
Fraud
Extortion
UNCLASSIFIED//FOUO
41
Questions?