SLS Lecturer Chip Pitts comments on continued hacking attacks from China after the U.S. and China reached a cybersecurity agreement for LegalTech News.

IP agreements should share only what’s absolutely necessary, with strict control procedures on access, audit trails and updated technology security, and careful consideration up-front to the scope of technology involved.

…

There are some lessons for law firms and legal departments after a security firm linked China to hacks at as many as seven U.S. companies earlier this week – and only days after China and the United States announced a cybersecurity agreement.

…

“Given the truly massive cyber hacking from China that’s been taking place, I would say not. Those knowledgeable about the extent of the problem have always realized what a huge challenge it will be even for a sincere Chinese government truly committed to reduce this theft to do so quickly and effectively,” Joe “Chip” Pitts III, a lecturer at Stanford Law School and former chief legal officer of Nokia, told Legaltech News.

A related question from Pitts is whether these incidents represent the “last gasp” of hackers to “grab as much as they can” before enhanced and effective enforcement happens? “I think not,” Pitts says. “Our ability to detect the attacks has been increasing and it’s more likely that these incidents simply document more of the now routine hacking than represent any kind of major uptick.”

In addition, Pitts says “the sheer scale of the problem means that China must be granted reasonable time (months, not weeks) to signal and then take strong action internally against such cyber espionage.”

An indication of the seriousness by China will be apparent within weeks, Pitts said, adding that the United States will register “complaints under the control mechanism recently established and determine … whether the Chinese investigatory and prosecution response is adequate.”

Meanwhile, his advice for lawyers is still to “take whatever legal and physical security mechanisms are possible to defend the company and its assets against hackers from whatever source – Chinese or otherwise.”

“Agreements involving intellectual property must be structured very carefully to share only what’s absolutely necessary, with strict control procedures on access, audit trails and updated technology security, and careful consideration up-front to the scope of technology involved,” Pitts advises. “Due diligence not only regarding partner selection, but all conceivable means of protecting the IPR is at an absolute premium. Careful ongoing monitoring of the overall situation both with respect to the transaction and the larger strategic relationship between the US and China (including implementation of the cyber hacking agreement) remains critical.”

Read More