The Blades Just Keep Spinning

By James Pooley
July 30, 2018

For your crown jewels, you must control access as if the life of your business depended on it. Because it does.

https://depositphotos.com/27172509/stock-photo-industry-time-bomb.htmlIt was late 2010. The technician, an American in northwestern China, was performing a software check on a wind turbine when he noticed something strange. After the diagnostic program finished running, the turbine was supposed to stop. But this time the blades kept spinning. The same thing happened at the next turbine at the wind farm. And the next, and the next.

Back at the headquarters of American Superconductor Corporation near Boston, the news confirmed executives’ worst fears. Their biggest customer, Sinovel, a Chinese wind farm company financed in part by the government, had recently refused to pay an outstanding bill and had canceled all future orders, citing what it claimed as poor quality and performance of AMSC’s software. That software had supplied the brains for Sinovel’s massive turbines, enabling an efficient flow of electricity into China’s electric power grid. But Sinovel had decided to build its own controller software and had already begun to install it.

The relationship had started out so well just four years before. Following the enactment of China’s first clean energy law, Sinovel had been launched to supply wind power to vast stretches of the country, and ultimately abroad. AMSC, originally formed to apply futuristic superconductor technology to high voltage transmission networks, had pivoted to the more mundane but still complex and profitable business of wind turbine controllers. Their agreement was heralded by the companies in a joint announcement as an“example of Sino-U.S. cooperation in the new energy area,” and both companies became wildly successful in a very short time.

As happens so often, the bilateral enthusiasm was overtaken by greed as Sinovel found a way to eliminate its partner from the business. AMSC had sent a team to China to help support Sinovel. Among them was a programmer named Dejan Karabasevic, a Croatian from AMSC’s Austrian subsidiary. Recently demoted from the design group, Karabasevic was unhappy – and vulnerable.

Sinovel encouraged him to leave AMSC, promising to pay him a million dollars over five years (along with an apartment, and, reportedly, a prostitute). His advance was only 15,000 euros, but it did the trick. Karabasevic resigned, but his supervisor asked him to stay on for a while, with full access to the company’s systems. This allowed him time to create a bootleg version of the AMSC controller software, and to transfer it to his future employer in China.

[[Advertisement]]

This was the software that evaded the AMSC technicians’ diagnostic tools and allowed the windmills to keep turning when they should have turned off. It would be some months before the company learned about their former employee’s treachery, but in the meantime it had lost almost 90% of its revenue, shed a billion dollars in shareholder equity, and had to lay off 700 employees.

A flurry of lawsuits followed, in China, the U.S. and Austria. Karabasevic quickly confessed and spent a year in jail but cooperated in AMSC’s pursuit of Sinovel.

In 2013 the Department of Justice joined in, indicting Sinovel and two of its Chinese employees. On January 24, 2018, after an 11-day jury trial, the defendants were convicted in Wisconsin federal court of conspiracy, wire fraud and theft of trade secrets under the Economic Espionage Act. On July 3 AMSC and Sinovel announced a settlement totaling $57.5 million, including a license for Sinovel to use the AMSC technology in its current model turbines. Within a week the judge sentenced Sinovel to a year’s probation, on condition that it pay the agreed amount.

Analysts have pointed out that Sinovel’s available cash had dwindled to less than $100 million, so the outcome was probably a good deal for AMSC under the circumstances. But after six years of litigation and proven losses of over $550 million, this was a “victory” only in a very relative sense.

What lessons can be drawn from AMSC’s experience dealing with a business partner that stole its most valuable information assets? The most obvious is probably not to let enthusiasm mask obvious risks when relying on one customer, particularly in a foreign country. When you are that exposed, your trade secret protection systems need to be proportionately robust.

Of course, you can also reduce risk of theft by continuous improvement of your technology, proving to your customer the futility of trying to compete. But for your crown jewels, you must control access as if the life of your business depended on it. Because it does.

Always remember that insiders (employees, embedded contractors and temporary workers) account for 90% of information loss. Be aware of circumstances that could turn their loyalty around, and manage accordingly. Don’t keep people on after they resign without carefully assessing the risk of their maintaining access to your systems and what you can do to mitigate that risk. More broadly, use data loss prevention software that can alert you to potential problems through real-time analysis of unusual behavior by those with trusted access.

And if you suspect actual espionage, call the FBI. There’s nothing to concentrate the mind like possible jail time.

 

Image Source: Deposit Photos.

The Author

James Pooley

James Pooley is a former Deputy Director of the World Intellectual Property Organization (WIPO). Having returned to Silicon Valley, Mr. Pooley established a private law practice where he specializes in high-level litigation counseling and strategy.

For more than 35 years, Jim has represented clients as lead trial counsel and strategic advisor in high-stakes patent and trade secret disputes. His broad litigation experience, combined with his service as an international diplomat and business executive, make him uniquely qualified to handle today’s global IP challenges. Jim testified before the Senate Judiciary Committee on the Defend Trade Secrets Act, and has worked with congressional staff on the legislation. His most recent book is Secrets: Managing Information Assets in the Age of Cyberespionage, available here.

Warning & Disclaimer: The pages, articles and comments on IPWatchdog.com do not constitute legal advice, nor do they create any attorney-client relationship. The articles published express the personal opinion and views of the author and should not be attributed to the author’s employer, clients or the sponsors of IPWatchdog.com. Read more.

Discuss this

There are currently 2 Comments comments.

  1. b July 30, 2018 11:56 am

    One of my clients uses a lot of Chinese manufacturing, but spreads the work to at least three different companies in different parts of the country. Each company is unaware of what a particular hardware module, e.g., electronics or special optics, does. Also, his testbed, BIST and core software systems are configured to self-erase unless periodically reset using special codes.

    This doesn’t totally help when it comes to internal sabotage, but his real problem has been competitors sabotaging his installed devices and making accusations of poor quality control. We think we have a few solutions for that as well.

  2. Eric Berend August 2, 2018 3:16 pm

    This cautionary tale is helpful for its description of a now-preferred stunt in the ever-rapacious IP pirate’s playbook: allege “poor quality” for the very project or operation’s component technology that is to be stolen, then use the ensuing disruption to gain a functional or economic advantage.

    Such conduct is rarely possible without prior planning and coordination. In China, no matter what the size or organization type of the entity involved, there is evidently, always some possibility of sovereign state control.