Keeping CAD Files From Going Astray

July 10, 2007
Failing to protect your intellectural property can cost you big-time.
Intellectual property (IP) is one of the most critical resources of any business. loss of proprietary manufacturing designs and processes, CAD files, financial information, customer lists, research data and any other information that gives a company a competitive edge can be disastrous. Companies that have had their product intellectual property stolen have lost product sales, lost market share and reduced margins.

According to the U.S. Commerce Department, intellectual property theft is estimated at more than $250 billion and 750,000 jobs annually. The International Chamber of Commerce estimates the global fiscal loss to intellectual property theft is more than $600 billion per year.

A 2004 survey of 400 business professionals about their attitudes toward intellectual property theft conducted by Ibas, (, a global supplier of data recovery and computer forensics, showed the following:
• 69.6 percent of business professionals have stolen some form of corporate intellectual property from their employer when leaving a job.
• 30.4 percent admitted to taking information such as customer databases and contact information.
• The most commonly used method for stealing intellectual property is to send electronic copies of documents and files to a personal email account.
• 58.7 percent think that taking intellectual property is as acceptable, if not more, as exaggerating an insurance claim to cover the excess charge.
• only 28.2 percent think that intellectual property theft is completely unacceptable.
• The most common justification for intellectual property theft was that the person had created the documents/files stolen and felt they partly belonged to him or her.

While employees are a company's greatest asset they can also be its greatest liability. According to the U.S. Department of Justice, current and former employees are the most common perpetrators of intellectual property theft. They reported that the number of suspects referred to U.S. attorneys with an intellectual property theft-related lead charge increased 26percent from 1994-2002. from 1994 to 2002 the number of cases in which plaintiffs sought civil remedies related to patent, trademark, and copyright infringement increased 20percent to 8,254. And in 2004 they estimate American businesses suffered more than $250 billion in intellectual property theft.

And, with the growing trend to distribute CAD files to customers and suppliers, a company not only has to be concerned about the safety of their intellectual property in the hands of their own employees, but also in the hands of all those other companies' employees.

So what can a company do to reduce the likelihood that its designs and other intellectual property do not get stolen?

Start by educating employees about the threats and consequences of intellectual property theft. help them realize that by protecting the company's intellectual property the employees are also protecting their employment. Then hire certified information security professionals to help implement appropriate information security technologies such as firewalls, attachment and content filtering, intrusion detection, encryption and physical theft security. While the theft of laptops and USB devices is a concern, research indicates that most intellectual property theft of CAD files and other company data is usually done via email attachments or web transfers.

That focuses on internal theft, but what about theft perpetrated at, or by, other companies that are given access to proprietary data? A recent Aberdeen Group ( report, "protecting product Intellectual property Benchmark report" has the following recommendations:

To protect their investment in product intellectual property, companies should evaluate their product innovationproduct development and engineering processes to ensure that they effectively:
• Adopt "intellectual property friendly" approaches to collaboration including sharing only the amount of design data required by partners to accomplish their tasks
• ensure that research and development (R&D) discoveries are captured, evaluated from a business perspective, and safeguarded by executing the appropriate protection
(i.e., patents, trademarks, trade secrets, defensive publishing).
• protect product data, including implementing secure product data management (PDM) and enhanced IT security solutions to safeguard product data within the firewall and digital rights management (DRM) to protect product intellectual property "in the wild" when designs are shared with others outside of the corporate firewall.

There are a number of software packages available that can help with that last point. Choosing one (or more) of those packages depends on what CAD software is being used, what level of distribution control is needed and what is the budget for acquiring this type of software.

The best place to start evaluating and selecting this type of software is to talk to the supplier of the CAD software being used. each of the major 3D CAD suppliers has a different approach.

UGS (, a supplier of product lifecycle management software, uses its Teamcenter software to control access to data with a system of permissions that defines not only who can access what data, but also how much of the data they can access. Users can be allowed to download complete files or restricted to only seeing a selected subset view of the data, e.g. only shape information. UGS also uses file watermarks to determine the source of a file and whether it was created with licensed UGS software or a bootlegged copy. UGS has experimented with more complex digital rights management software but decided that the resulting control process was unnecessarily cumbersome to their typical customers' workflow.

Autodesk ( uses its Streamline software to also create a permissions-controlled access portal. like UGS's Teamcenter, Streamline can allow an authorized user to download a complete file or restrict that user to some subset of authorized data. If a user is allowed to download a file by Streamline or Teamcenter, all control over the further use of that file is lost. The file can be copied and/or distributed around the world without the permission of the file's original creator.

Autodesk does have a tool that was designed for sharing data on a limited basis. Its DWf file format is an encrypted file. Inventor 2008 adds permission controls to outputted DWf format files that enable the file creator to decide if recipients of the file can measure, print or markup the file in addition to viewing the file. Autodesk's Design review software is needed to view a DWf file. Controlling the measure, print and markup functions is currently only controllable with files created by Inventor 2008 but Autodesk expects to add that function to AutoCAD as well.

Solidworks took a completely different approach. Instead of trying to develop control portal software or encrypted file readers, Solidworks partnered with companies who specialize in that sort of software. one of the partnerships is with pinion Software ( Similar to Autodesk's DWf format, the pinion software uses encryption and permissions to control access to the data. Authorized users can be prohibited from saving changes, cutting, copying, pasting and using screen grabber utilities. permissions include date and time limitations as well as access controls. The single-user price for the pinion software is about $1,000.

Another Solidworks partnership, this one with liquid machines, Inc. ( appears to offer digital rights management level of control. Solidworks 3D can output a liquid machines encrypted file with one click on a dropdown menu. That file can only be accessed on a computer that has liquid machines' client agent software. When a user tries to open the file in Solidworks 3D, the software detects that it is a liquid machines encrypted file and checks for resident liquid machines client agent software. If present, the agent software will contact, via the Internet, a database on the originating company's server to see what access is to be allowed. A full range of access, including editing and copying, can be allowed. When a file is copied, it is also encrypted and subject to access control by the originating company's database. The software is sophisticated enough to allow controlled offline access, e.g. enable downloading to a laptop for access where there is no Internet connection. This gives file originators complete control of all downstream access to, and modification or copying of, the original files. This is not available in any of the other packages. Current single-copy cost for the client agent software is about $400. According to Jody Saarmaa, senior director of product marketing at liquid machines, a typical package of the server software and several client agent seats for a small business usually costs around $30,000.

When considering whether to invest in any of these software products or not, it might be useful to consider the following:

"The engineering data created using SolidWorks 3D manufacturing design software [ed. note: or any other company's design software] is often among a company's most valuable intellectual property," says Joyce Durst, president and Ceo of pinion

Software. "When this information is shared without continuous protection as part of design collaboration, outsourced manufacturing, or other technical business processes, it could become subject to unintended or illegitimate use that could have significant consequences to your business." like losing your business.