Dipping Through Geometries

On November 21, a federal grand jury in the Eastern District of Missouri indicted Haitao Xiang, a former Missouri resident, on one count of conspiracy to commit economic espionage, three counts of economic espionage, one count of conspiracy to commit theft of trade secrets and three counts of theft of trade secrets.  Xiang, a Chinese national, had worked for Monsanto and its subsidiary, The Climate Corporation, from 2008 to 2017, as an imaging scientist.

According to the indictment, Monsanto and The Climate Corporation

developed a digital, on-line farming software platform that was used by farmers to collect, store, and visualize critical agricultural field data and increase and improve agricultural productivity for farmers.  A critical component to the platform was a proprietary predictive algorithm referred to as the Nutrient Optimizer.  Monsanto and The Climate Corporation considered the Nutrient Optimizer a valuable trade secret and their intellectual property.

Assistant Attorney General for National Security John C. Demers stated that Xiang “promoted himself to the Chinese government based on his experience at Monsanto,” but did not specify when that contact with Chinese authorities occurred.  Ultimately, in June 2017, the day after he left his employment with Monsanto and The Climate Corporation, Xiang allegedly “bought a one-way plane ticket to China.  Before he could board his flight, Xiang was intercepted at the airport by federal officials who seized copies of the Nutrient Optimizer.”

N.B.: Xiang’s indictment is the latest case under the Justice Department’s China Initiative, which is targeting economic espionage and trade secret theft conducted for the benefit of the Chinese government and Chinese economic interests.  Since the start of 2018, as a Justice Department summary indicates, China Initiative cases have pursued individuals conducting espionage against companies such as General Electric, as well as multiple U.S. aviation and aerospace companies, a semiconductor company, and an unnamed global engineering firm.

The Initiative, launched in November 2018, has ten strategic goals, including (1) identifying ”priority trade secret theft cases, ensure that investigations are adequately resourced, and work to bring them to fruition in a timely manner”; (2) identifying “Foreign Corrupt Practices Act (FCPA) cases involving Chinese companies that compete with American businesses”; and (3) applying “the Foreign Agents Registration Act to unregistered agents seeking to advance China’s political agenda, bringing enforcement actions when appropriate.”

On November 20, the U.S. Department of Justice announced that after a three-week trial in the Southern District of New York, a jury convicted Akshay Aiyer of participating “in an antitrust conspiracy to manipulate prices for emerging market currencies in the global foreign currency exchange (FX) market.”  Aiyer, a former JP Morgan Chase Executive Director and FX trader, was convicted on one count under section 1 of the Sherman Antitrust Act for “conspiring to fix prices and rig bids in Central and Eastern European, Middle Eastern and African (CEEMEA) currencies, which were generally traded against the U.S. dollar and the euro, from at least October 2010 through at least January 2013.”

The evidence presented at trial established the following:

• Aiyer “engaged in near-daily communications with his co-conspirators by phone, text and through an exclusive electronic chat room to coordinate their trades of the CEEMEA currencies in the FX spot market.”
• Aiyer and his co-conspirators “manipulated exchange rates by agreeing to withhold bids or offers to avoid moving the exchange rate in a direction adverse to open positions held by co-conspirators and by coordinating their trading to manipulate the rates in an effort to increase their profits.”
• By agreeing not to buy or sell at certain times, Aiyer and the other conspiring traders “protected each other’s trading positions by withholding supply of or demand for currency and suppressing competition in the FX spot market for emerging market currencies.”
• Aiyer and his co-conspirators “took steps to conceal their actions by, among other steps, using code names, communicating on personal cell phones during work hours and meeting in person to discuss particular customers and trading strategies.”

Aiyer is reportedly scheduled to be sentenced on April 3, 2020.  The release also noted that the investigation into FX spot market collusion is ongoing.

N.B.: This is the most recent conviction stemming from the Department of Justice’s Antitrust Division investigation of collusion in the FX spot market, and apparently the first involving a conviction at trial.  Although five financial institutions and two individual former traders have already pleaded guilty in the investigation, the Antitrust Division’s success in obtaining a conviction at trial could prompt further pleas.

On November 18, Reuters reported on remarks that the Director of the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) Kenneth Blanco made at a November 15 conference in New York.  In his remarks, Blanco stated that the federal government will “strictly enforce” a regulation under the Bank Secrecy Act “that requires cryptocurrency firms engaged in money service businesses such as digital asset exchanges and wallet service providers to share information about their customers.”

The so-called “travel rule,” which has been in effect for more than 20 years, “requires cryptocurrency exchanges to verify their customers’ identities, identify the original parties and beneficiaries of transfers $3,000 or higher, and transmit that information to counterparties if they exist.”   According to Reuters, Director Blanco stated that the rule “applies to CVCs (convertible virtual currencies) and we expect that you will comply period.”  To emphasize the point, he added, “That’s what our expectation is. You will comply. I don’t know what the shock is. This is nothing new.”

Blanco also reportedly commented that the travel rule “is the most commonly cited violation with regard to money service businesses [MSBs] engaged in virtual currencies.”  On a related note, he stated that FinCEN “has been conducting examinations that include compliance with the . . . rule since 2014.”

N.B.:  Some in the cryptocurrency industry have professed surprise at Director Blanco’s remarks, in view of guidance that FinCEN issued in May 2019 regarding CVCs.  The Reuters report indicated that some in the cryptocurrency industry interpreted that guidance to mean that the travel rule did not apply to them.

Admittedly, the May 2019 guidance nowhere mentions the travel rule by name, and nowhere specifically states that CVCs are subject to the travel rule.  On the other hand, the BSA regulations thereunder have long defined MSBs as a “financial institution” responsible for BSA compliance, including the travel rule.  In addition, since 2010 FinCEN’s public position has been that any transmitter’s “financial institution” must comply with the travel rule.

While some in the crypto industry may have parsed the May 2019 guidance too closely, it should be no surprise to those familiar with the BSA that a CVC registered as and operating an MSB falls within the travel rule’s requirements.  In any event, Director Blanco has removed any doubt about the industry’s need to comply with the rule.

On November 14, the British cybersecurity company Sophos issued a report, titled “How Ransomware Attacks,” that explains how ransomware variants attack and affect victims.  Because Sophos views ransomware’s behavior as “its Achilles’ heel,” the report describes “some of the behavioral patterns” of the 11 “most common, damaging, and persistent ransomware families.”

The report, by Sophos Director of Engineering Mark Loman, discusses a number of the most prevalent ransomware techniques and behavioral traits, including the following:

• Ransomware Categories: The report divided various prominent ransomware families into three categories, “distinguishing them by the method attackers use to spread the infection”:
  • Cryptoworm: Ransomware “that replicates itself to other computers for maximum reach and impact.”
  • Ransomware-as-a-Service (RaaS): Ransomware “sold on the dark web as a distribution kit to anyone who can afford it,” allowing people “with little technical skill to attack with relative ease.”
  • Automated Active Adversary: Ransomware that “is deployed by attackers who use tools to automatically scan the internet for IT systems with weak protection.”
• Cryptographically Signed Code: “Attackers may attempt to minimize detection by security software by signing their ransomware with an Authenticode certificate, which anyone can buy (or steal). . . . Unfortunately, some security tools conflate ‘digitally signed’ with ‘should be allowed to run’.”
• Privilege Escalation: “[T]oday’s ransomware uses exploits to elevate their own privileges and abuse stolen administrator credentials to make sure the attack is performed using a privileged account.”
• Attacking Network Drives First: Ransomware causes “the most immediate damage to an organization” when it encrypts mapped network drives first, “as it immediately affects most employees no matter where they are geographically located.”
• Multi-Threading Technology: “Some ransomware is specifically designed to make efficient use of modern CPU hardware and parallelizes individual tasks to ensure faster and, subsequently, more harmful impact before victims discover they’re under attack.”
• Cipher.exe Abuse: Certain ransomware abuses Microsoft’s CIPHER.EXE command-line tool “to make sure ransomware victims cannot recover deleted documents from their storage drives.”  Some ransomware also abuses CIPHER.EXE by exploiting its ability to permanently overwrite all of the deleted data on a storage drive.”

The report also provides a summary of 11 common ransomware families’ methods and characteristics.

The report notes that a key vulnerability of ransomware is that “[t]here are behavioral traits that ransomware routinely exhibits that security software can use to decide whether the program is malicious.” As The Register explained, “sooner or later, the malware has to access the file system and begin to encrypt the data. This is the point where the attacks have to expose themselves and the spot where security tools can stop them.”

N.B.: Because ransomware presents continuing threats to companies and governments around the world, this report warrants a closer reading by corporate information-security teams.  While there is no panacea for ransomware, the report offers information-security professionals a number of useful observations and insights for understanding core behaviors of ransomware and reducing the odds that ransomware can successfully infiltrate corporate networks and databases.

On November 12, the United Kingdom Competition Appeal Tribunal (Tribunal) issued a unanimous judgment in which it affirmed a £50 million penalty by the Office of Communications (Ofcom) against Royal Mail plc for discriminatory pricing against bulk mail operators.

Royal Mail plc, once the state-owned monopoly provider of mail services in the United Kingdom, is a publicly traded company that operates as an international parcels and letters delivery service, and that also serves as the United Kingdom’s sole designated provider of the universal postal service throughout the United Kingdom.

In January 2014, according to the Judgment, Royal Mail announced the introduction of differential prices for bulk mail operators for access to Royal Mail’s final delivery service, without which the bulk mail providers could not operate.  One bulk mail operator, Whistl UK Limited (formerly known as TNT Post), “planned to set up its own final delivery service and establish an end-to-end bulk mail service in competition with Royal Mail.”

After Whistl complained to Ofcom that Royal Mail’s new differential access prices “made its end-to-end operations and future plans uneconomic,” in February 2014 Ofcom announced that it would open an investigation into Royal Mail’s pricing.  Thereafter, Royal Mail’s new prices were suspended, and formally withdrawn in 2015.

Ofcom ultimately ruled in 2018 that Royal Mail “had infringed the Chapter II prohibition under the Competition Act 1998 (“CA 1998”) and Article 102 of the Treaty on the Functioning of the European Union (“TFEU”), and imposed a fine of £50 million on Royal Mail.  Royal Mail then appealed the Ofcom decision to the Tribunal.

In a highly detailed 230-page judgment, the Tribunal dismissed each of Royal Mail’s arguments:

1. Ofcom erred in law and in fact by concluding that, when Royal Mail announced the new prices, prices were applied for the purposes of Article 102(c) TFEU and section 18(2)(c) CA 1998. On this issue, the Tribunal concluded, among other things, “that Royal Mail’s conduct was not ‘competition on the merits’ as that term is understood in competition law,” and that Royal Mail’s issuance of Contract Change Notices, which give notices to access operators of impending changes to the terms and conditions of access, “had the effect of signalling Royal Mail’s commitment to a policy of limiting entry into direct delivery.”
2. Ofcom erred in concluding that transactions undertaken between Royal Mail and all of its different access customers were equivalent in all material respects, and that the price differential could not be justified. On this issue, the Tribunal concluded “the cost justification as advanced by Royal Mail does not serve to overcome the essentially discriminatory nature of the price differential in the particular circumstances of this case.”
3. Ofcom erred in its assessment of whether the price differential was likely to give rise to a competitive disadvantage and/or a restriction of competition because it failed to have proper regard to the impact of the conduct on an ‘as efficient competitor’. On this issue, the Tribunal concluded, after an elaborate analysis, that Ofcom was correct in its finding that the test that Royal Mail advanced “was neither appropriate nor necessary in this case and that its analysis of the likely effects  of the conduct in question and its findings on competitive disadvantage were fully justified.”
4. Ofcom erred in finding that any abuse was not objectively justified under Article 102 and/or Article 106(2) TFEU by reference to the need to preserve the viability of the universal service under economically acceptable conditions.  On this issue, the Tribunal concluded “that Royal Mail cannot claim either that its conduct was objectively justified under Article 102 or that it was exempt from the application of Article 102 by reason of Article 106(2).”
5. Ofcom committed a fundamental procedural error by basing its findings of a likely competitive disadvantage in the Decision on evidence and analysis that was not previously included, or relied upon, in the Statement of Objections, or otherwise put to Royal Mail during the administrative phase. On this issue, the Tribunal concluded That “notwithstanding the paramountcy of an undertaking’s ability to defend itself without procedural hindrance, Royal  Mail’s ability to do so in this particular case has not been impaired.”
6. Ofcom erred in imposing a £50 million fine on Royal Mail. On this issue, the Tribunal “[took] the view that a substantial penalty is justified” and concluded that the amount of the penalty was correct.

N.B.:  Corporate officers responsible for compliance with the United Kingdom Competition Act 1998 should take note of this judgment, and incorporate key elements of the Tribunal’s judgment and analysis in their internal guidance on discriminatory pricing.  Although this case arose in the United Kingdom, the Tribunal’s judgment may also provide guidance for other European Union Member States in pursuing discriminatory-pricing cases.