FBI special agent recounts outsourcing horror story

Network World - The CAD/CAM company thought it was protecting itself, having employees of the Indian outsourcing company that was debugging its source code sign non-disclosure agreements. But when a disgruntled outsourcing employee swiped a copy of the code a few years back and tried to sell it to the CAD/CAM vendor's competitors, the vendor found out that the NDAs were of little use when it came to prosecuting the alleged thief in India.

"They weren't worth the paper they were written on," says Nenette Day, an FBI special agent out of Boston who did double duty as both the case agent and undercover agent investigating this crime against software maker SolidWorks. "The employees would have had to sign the agreement with the Indian company, not the American one."

Day, who has worked in computer crime for eight years and calls herself "a geek with a gun," told attendees at last week's CIO Forum that their companies need to do serious research about the laws of any country to which they outsource work.

CIO Forum is a unique conference during which IT vendors and 300 potential customers unite on a cruise ship out of New York City. (Other discussions at the event focused on topics such as identity theft and biometrics and grid computing.

A handful of FBI agents were on board to consult with IT pros about cybercrime threats, a topic that FBI agents say companies are often reluctant to talk about.

As for protecting yourself when outsourcing to other countries, Day advises IT executives to assume that you have no legal rights. "It should not start with your understanding of American law," she says.

In India, for example, there is no theft of trade secret law, Day says. India does have an IT act, she says, but it is mainly focused on copyright violations.

Day says that despite the fact that "there was not a shred of evidence that we did not have" against the alleged SolidWorks thief, prosecutors in India have failed to convict the suspect and he continues to work. The FBI initially tried to lure the suspected thief out of India to simplify prosecution, but he was too smart for that, Day says.

Indian police nabbed the suspect in 2002 when he allegedly tried to sell the code to Day while she was undercover (she says he initially tried to sell the code for about $250,000, not realizing it was probably worth $300 million). Fortunately, she says, the original source code was recovered and copies were not believed to have been sold.

In the wake of that case, Indian software developers have formed a lobby to push for stronger intellectual property protection laws, concerned that companies won't outsource to India if they aren't better protected, Day says. Outsourcing firms, like the one SolidWorks worked with, have also tightened their own security policies considerably in recent years, she says.

Reprinted with permission from

For more information about enterprise networking, go to NetworkWorld.com
Story copyright 2009 Network World, Inc. All rights reserved.