Here are the noteworthy trade secret, non-compete and cybersecurity stories from the past week, as well as one or two that I missed over the past couple of weeks:
Trade Secret and Non-Compete Posts and Cases:
  • The big news this week was the U.S. Court of Appeals for the Ninth Circuit’s reversal of the $172 million trade secrets verdict in the epic MGA v. Mattel case. The Ninth Circuit concluded that MGA’s trade secret claims did not arise out of the same facts as Mattel’s trade secrets claims and should not have been allowed as compulsory counterclaims. Mattel had argued that those claims were barred by the statute of limitations and the Ninth Circuit apparently agreed by vacating the award; the Ninth Circuit did however allow the $137 million award for attorneys fees incurred by MGA defending against Mattel’s copyright claim to stand. Both Daniel Josh Salinas and Press Millen have posts on the case.
  •  Massachusetts has introduced a new non-compete bill, according to a recent post by Russell Beck in his Fair Competition Blog. According to Russell, “The new bill – called the “Noncompete Agreement Duration Act” – leaves most noncompete law intact, and, as its name suggests, focuses on the duration of noncompetes (in the employer/employee context).”
  • A Kansas City, Missouri federal judge has sentenced the acknowledged thieves of many of Pittsburgh Corning’s trade secrets for cellular glass insulation, reports Todd Sullivan in his Employee Defections & Trade Secrets Blog. Ji Li Huang, 45, was sentenced to 18 months by U.S. District Judge Brian C. Wimes.
  • A recent case out of the U.S. Court of Appeals for the Eighth Circuit highlights the dangers of destroying evidence, reports Kenneth Vanko in a recent post for his Legal Developments in Non-Competition Law Blog. In Hallmark v. Murley, the Eighth Circuit affirmed a jury’s finding that a former employee forfeited her $735,000 severance package after it was instructed it could infer that she had destroyed relevant documents.
  • In another recent health care non-compete case, a North Carolina federal court has refused to enforce a non-compete against a physician, reports Jonathan Pollard in the non-compete blog. In Carolina Asthma and Allergy Center, P.A. vs. Maeve O’Connor, M.D., the court apparently voided an apparently overbroad non-compete against the departing physician.
  • “Former Bob Evans supplier accusing company of stealing trade secrets” reports Columbus Business First.
  • IBM has developed a tool to identify disgruntled employees advises The Wall Street Journal’s CIO Report.
  • “What’s New in the World of Non-Competes and Trade Secrets”?   Plenty, according to this fine summary by Michael Greco for Fisher & Phillips’ Non-compete & Trade Secrets Blog.
Computer Fraud and Abuse Act Posts and Cases:
  • “Dealing With Aaron Swartz in the Nixonian Tradition: Overzealous Overcharging Leads to a Tragic Result” laments John Dean for Justia.
  •  “Law Professor James Grimmelmann Explains How He Probably Violated The Same Laws As Aaron Swartz” notes Mike Masnick for TechDirt.
  •  “After Aaron: how an antiquated law enables the government’s war on hackers, activists, and you” writes Joshua Kopstein for The Verge.
  •  “How Computer Hacking Laws Make you a Criminal” explains Paul Wagenseil for Yahoo News.
html#stoynk=
Cybersecurity Articles and Posts:
  • “Senate Democrats Renew Effort To Pass Cybersecurity Legislation” reports Bloomberg/BNA.
  •  “Hackers in China Attacked The Times for Last 4 Months” acknowledges The New York Times.
  •  “Is your Company BYOD or COPE?” asks Benjamin Fink for the Georgia Trade Secret & Non-Compete News Blog.
For the past two weeks, the technology and Internet communities have grappled with the untimely death of Aaron Swartz, the technology activist who was prosecuted for allegedly “hacking” into the JSTOR database and attempting to download 4.8 million academic documents.  Media as diverse as The Wall Street Journal and Wired have criticized what they believe to be the misuse of prosecutorial discretion in pursuing the charges against Swartz.  Some are even calling for the U.S. Attorney responsible for the prosecution, Carmen Ortiz, to step down.  Others are calling for the forces that led to the defeat of SOPA last year to reunite to amend or scrap the Computer Fraud and Abuse Act (CFAA).  Silicon Valley congresswoman Zoe Loffgren has proposed a bill to modify the statute to remove potential criminal liability for violations of computer usage terms of service.  The narrow question here:  What does this unfolding tragedy mean for the CFAA?  Given the scope and intensity of this issue, I am going to break this discussion down into two posts.  Today, I am going to  consider the following question:  Did Swartz’s alleged conduct violate the CFAA, and if so, is the CFAA part of the problem?  My second post will assess the issue of prosecutorial discretion and consider what can be done to avoid this unfortunate situation from recurring in the future, with a look at Congresswoman Loffgren’s proposed changes to the CFAA. What brought us here?  The story is a compelling one.  A prodigy and reformer, Swartz had co-founded the subscription feed RSS and co-founded Reddit, the social media site.  Swartz had been a particularly powerful voice in the Internet grass-roots movement that defeated SOPA last year.  As Orin Kerr notes in his meticulous analysis of the Swartz case, in 2008, Swartz published an essay that he labeled the Guerrilla Open Access Manifesto. In the essay, Swartz argued that there was a moral imperative to engage in civil disobedience and disregard laws that limited access to academic articles and that those articles should be made available. This fact emphasizes a couple of important undercurrents that are driving this narrative.  First, this prosecution is the latest flashpoint in the battle between the “information should be free” community on the one side, and the intellectual property rights owners and their legal community, on the other.  Those in the first camp generally believe that those in the second camp use IP law (particularly copyright law) to unduly restrict ideas and content that should be free and available to all; the most public battle between these two forces was the defeat of SOPA last year.  As Swartz was a vocal proponent that content should be available over the Internet, his untimely death, and the circumstances that apparently drove it, have added considerably to the emotional intensity of the story. There is also a generational undercurrent that has not received a lot of attention (in an article for Forbes, Tarun Wadhwa has written about “What the Loss of Swartz means for his Generation”).  In many ways, Swartz was a standard-bearer for the millennial generation, the generation that came of age in the Internet, Napster and file-sharing, and a generation that is generally believed to be somewhat agnostic to the concept of copyright law. (This issue warrants a post by itself). Back to the indictment:  Swartz was alleged to have improperly accessed JSTOR, a subscription service allowing users to access a variety of academic journals. According to the indictment, Swartz initially downloaded articles from JSTOR through a guest account on MIT’s network on to an ACER laptop that he purchased for this purpose. Through the use of a program called “keepgrabbing,” Swartz allegedly was able to circumvent JSTOR’s limits on the number of articles a single person could download. However, after MIT and JSTOR detected his efforts and disabled his access multiple times, Swartz allegedly broke into a utility closet on MIT’s campus where he was able to connect his computer directly to the university network. (Prosecutors contend a surveillance camera captured him attempting to cover his face with a biking helmet).  In total, Swartz allegedly downloaded around 4.8 million articles from JSTOR. In July 2011, Swartz was indicted on federal charges, including wire fraud and thirteen separate violations of the CFAA. For these charges, Swartz faced up to thirty-five years in prison, as well as millions of dollars worth of fines.  Swartz faced a trial on April and, as most of us now know, he committed suicide on January 11, 2013 after plea negotiations broke down. Was the CFAA Part of the Problem?  The CFAA has undergone a fair amount of criticism as of late, as the debate over U.S. v. Nosal last year showed.  Numerous commentators have blamed the over breadth of the CFAA as the primary culprit for the Swartz tragedy.  But is the CFAA really the problem here?  To answer that question, we have to look at what Swartz did and then apply the statute as charged.  (So that readers can judge for themselves, I am attaching the indictment below as a PDF). Here is one of the better summaries of the alleged conduct that led to the indictment (again from Orin Kerr’s analysis):  “… Swartz knew that the means he used to obtain the JSTOR database was unauthorized. He was playing a long-term cat-and-mouse game with MIT and JSTOR in which they repeatedly tried to get him off the network and he repeatedly figured out ways to get back on and get the files he wanted. He didn’t break into the closet because he liked closets; he was trying to find a way to do what MIT and JSTOR were trying to block. He wasn’t hiding his face from the video camera in the MIT closet out of shyness; he knew that he was doing something illegal and he was trying not to get caught. And when the police spotted him, he wasn’t surprised that they wanted to talk to him: According to the police report, he jumped off his bike and tried to outrun the police on foot. Further, Swartz’s conduct had real costs to others, ranging from costs to MIT in dealing with responding to his conduct to lost access to JSTOR for a few days for the entire campus.” Many have criticized the CFAA because the indictment identified Swartz’s violations of the MIT’s online agreement as the basis for the charges.  The reasoning goes that any violation of a computer use policy can potentially lead to an indictment by an overzealous prosecutor.  However, as Andy Greenberg of Forbes has observed, the indictment was premised on more than the violation of the MIT computer use policy.  He quotes Marcia Hoffman of the Electronic Freedom Foundation as follows:  “When Swartz wrote a program that had his Acer laptop automatically download millions of academic papers from the restricted website JSTOR, after all, he ended up doing more than merely violating MIT’s and JSTOR’s terms of service, Hofmann points out. When registering an account with MIT that gave him initial access to the JSTOR documents, he used a pseudonym, “Gary Host.” And when MIT administrators noticed his computer downloading massive numbers of documents, they attempted to block his connection based on its IP and MAC addresses, measures that Swartz circumvented.” Under the existing language of the CFAA, it is hard to argue that the conduct of which Swartz was accused would not violate the CFAA.  His alleged actions would support an indictment that he either exceeded his authorization or acted without authorization in attempting to repeatedly download the documents from JSTOR.  For this reason, those that have likened his conduct to checking out too many library books simply have not looked at the allegations within the indictment (assuming, of course, that the prosecutors’ allegations are taken as true).  To again quote and paraphrase Orin Kerr’s meticulous analysis, the allegations regarding this cat-and-mouse game took place over 3 1/2 months, “in which he kept trying to gain access to the database and JSTOR kept trying to block him. They blocked his IP address; he changed it. They blocked his MAC address; he spoofed it. They blocked access and he broke into a restricted closet and connected directly to MIT’s network. This is not merely a case of breaching a written policy. Rather, this is a case of circumventing code-based restrictions by circumventing identification restrictions. I don’t see how that is particularly different from using someone else’s password, which is the quintessential access without authorization.” Frankly, I think the more important question is whether Swartz undertook the alleged acts in question with the requisite “intent to defraud.”  Swartz is alleged to have accessed the database for ideological reasons and not to enrich himself.  While he appears to have intentionally accessed protected computers belonging to MIT and JSTOR “without authorization,” it seems to me that this element (which is necessary for a charge under 1030(a)(4) and which gives rise to Counts 3 through 7 of the indictment) was lacking here.  Perhaps the prosecutors intended to argue that by engaging in the cat-and-mouse game detailed above, that was the requisite intent to defraud; however, since that is the conduct that supports the unauthorized access, this seems a reach, at least to me. The prosecutors also used 1030(a)(2) for Counts 8 through 12 of the indictment, which omits this requirement of “intent to defraud.”  Of the charges brought under the CFAA in this case, this one is the most problematic charge because it potentially permits the criminalization of any intentional access without authorization (or access that exceeds authorization) of any “information from any protected computer if the conduct involved an interstate or foreign communication.”  That is extraordinarily broad. As a practical matter, given the wide array of potential mischief that can be performed in cyberspace, the unfortunate reality is that prosecutors need a broad statute, particularly given that technological advances will always outpace the ability of Congress to legislate.  Those attempting to improperly access a bank or company’s system may not be doing it for economic gain but may be seeking to inflict damage or havoc for ideological or political reasons.  So I get why the criminal charges can’t be limited to charges of intent to defraud.  However, the language 1030(a)(2) appears to be virtually limitless to me.  So I can’t help but conclude that the CFAA, as presently written, is part of the problem. Which will lead me to my next post, looking at the issue of prosecutorial discretion and proposed modifications to the CFAA. Swartz Indictment.pdf (189.35 kb)
Here are the noteworthy trade secret, non-compete and cybersecurity stories from the past week, as well as one or two that I missed over the past couple of weeks: Computer Fraud and Abuse Act Posts and Cases: The commentary criticizing the prosecution of technology activist Aaron Swartz continues to mount. (For those who have not been following it, Swartz committed suicide after plea negotiations with the U.S. Attorney for the District of Massachusetts broke down; he had been charged with violations of the Computer Fraud & Abuse Act for allegedly hacking into an academic database affiliated with MIT). I am hoping to get a post with my perspective on this important case out this weekend. In the meantime, those interested in more on this case should see the following articles:
  • Professor Orin Kerr has written two posts for The Volokh Conspiracy, the first evaluating whether the prosecutors abused their discretion (he concludes that they were not out of bounds under normal prosecutorial standards) and the second proposing changes to the CFAA.
  • And in The Public Domain, James Boyle voices his disagreement in “The Prosecution of Aaron: A Response to Orin Kerr.”
  • The Wall Street Journal had an editorial last Friday, “Cyber Crime and Punishment,” which expressed concern over the proportionality of the penalties sought by U.S. Attorney Carmen Ortiz.
  • The New York Times had an op-ed piece by Lincoln Caplan entitled “Aaron Swartz and Prosecutorial Discretion” and also ran an article detailing MIT’s role in the case, “How M.I.T. Ensnared a Hacker, Bucking a Freewheeling Culture.”
  • In Harper’s Magazine, Scott Horton is critical of the prosecution in ‘”Carmen Ortiz Strikes Out.”
  • For those interested in finding out more about some of the statistics behind recent CFAA prosecutions, Professor Kyle Graham has a fine summary in his post entitled “Some Thoughts on the Computer Fraud and Abuse Act” for the noncuratlex.com blog.
Trade Secret and Non-Compete Posts and Cases:
  • Could the National Labor Relations Board find an employer’s confidentiality provisions to be overbroad? An interesting post by Epstein Becker’s Trade Secrets & Noncompete Blog notes a recent decision in which a NLRB administrative law judge that  found confidentiality and non-disparagement provisions contained in a mortgage banker’s employment agreement were violative of the NLRA. 
  • “Judge Strips Richtek Claims In UPI Trade Secrets Case,” reports Law360.
  • “Analyzing the Non-Competition Covenant as a Category of Intellectual Property Regulation,” from the Hastings Science & Technology Law Journal (a hit tip to Jonathan Pollard for tweeting this article).
  • “Federal Court Finds Choice of Law that Permits Blue Penciling Does Not Violate Virginia Public Policy,” reports Paul Kennedy for Littler’s Unfair Competition & Trade Secrets Counsel Blog.
  • “California Appellate Decision Clarifies Standard for Injunctive Relief Carve-Outs Within California Arbitration Agreements,” reports Robert Milligan for Seyfarth Shaw’s Trading Secrets Blog.
  • If you are in the aerospace industry, you need to be particularly careful with your Chinese partners and suppliers, advises Todd Sullivan in his Trade Secrets & Employee Defections Blog. Todd cites a recent article from The New York Times, which addresses security and trade secret concerns for that industry in China.
  • “US Manufacturer Accuses Chinese Agent Of Stealing IP,” notes Law360.
  • “The China NDA (Non-Disclosure Agreement). Shut the Barn Door BEFORE the Horse Bolts,” warns Dan Harris in his China Law Blog.
Cybersecurity Articles and Posts:
  • “The BYOD Thicket: Some Tips Basis Steps to Take for Businesses,” advises Kenneth Vanko in his Legal Developments in Non-Competition Agreements Blog.
  • And if you are interested in how law firms should balance BYOD and security, check out Sean Martin’s article, “Top Mobile Use Cases in Law Firms,” for Law Technology News.
  • “Protecting Companies’ Intellectual Property From Cyber Crime,” advise Ernest Badway and Daniel Schnapp for Law Technology News.

Interested in finding out more about the Theft of Trade Secrets Clarification Act of 2012 and how it may impact criminal and civil cases in 2013? Well, join Warrington Parker, Peter Toren and me for a one hour briefing, “The Theft of Trade Secrets Clarification Act of 2012: Practical Implications for Employees, Employers and Trade Secret Litigation” on Friday, January 25, 2013 at 1 p.m. EST.

As many of you know, the Act was signed by President Obama on December 31, 2012 to address the decision by the U.S. Court of Appeals for the Second Circuit in the high profile prosecution of former Goldman Sachs programmer, Sergey Aleynikov. That decision had the effect of significantly narrowing the category of trade secrets that could be prosecuted under the Economic Espionage Act (EEA). 

Warrington will moderate a discussion over the history of the EEA, recent prosecutions, the U.S. v. Aleynikov decision, the Act itself, and what its impact will be for the civil remedy proposed by Senators Kohl and Coons, the Protecting American Trade Secrets and Innovation Act.

The briefing is one hour long and CLE-approved for many states. For more information, please check out Law Seminars International’s link for the presentation here. Hope you can join us.

Here are the noteworthy trade secret, non-compete and cybersecurity stories from the past week, as well as one or two that I missed over the past couple of weeks:
 
Computer Fraud and Abuse Act Posts and Cases:
As many of you know, technology activist Aaron Swartz committed suicide last week after plea negotiations with federal prosecutors over his indictment under the CFAA broke down. Swartz was facing a criminal trial in April on charges relating to his effort to “liberate” the JSTOR database, a database of academic and scientific journals maintained by the Massachusetts Institute of Technology. His profoundly sad story has struck a chord with many, and as a result, there has been an outpouring about his death and the propriety of the criminal charges brought against him.
 
Many are calling for an amendment to narrow the scope of the CFAA and heeding those requests, Congresswoman Zoe Lufgren (D-CA) has introduced a bill that she believes will address the CFAA’s shortcomings.
 
Here are some of those and other relevant posts that I have come across this week:
 
  • “Web Activist’s Suicide Highlights Tech Law,” writes Joe Palazzolo for The Wall Street Journal.
  • “How To Honor Aaron Swartz: In the wake of the brilliant technology activist’s death, let’s fix the draconian Computer Fraud and Abuse Act,” advises Marcia Hoffman for Slate.
  • “Anti-hacking law questioned after death of Internet activist,” writes John Roach for NBCNews.com.
  • “Swartz death immortalizes hacking law woes,” notes Scott Martin for USA Today.
  • Harvard Law School Professor Lawrence Lessig also advocates reform in a post entitled “Aaron’s Law” for The Atlantic.
  • George Washington Professor Orin Kerr, who is former federal prosecutor but no fan of a broad interpretation of the CFAA, has written a post for The Volokh Conspiracy analyzing the prosecution. In that post, Professor Kerr concludes that the charges were brought under a fair reading of the CFAA. He has promised a follow up post on whether the federal prosecutors exercised their discretion properly in this case.
  • Finally, Robert Milligan and Jessica Mendelson provide their timely take on the prosecution for Seyfarth Shaw’s Trading Secrets Blog. 
 
Trade Secret and Non-Compete Posts and Cases:
  • Preemptive filings over whether the law of California (which forbids non-competes) or other states applies are common in non-compete disputes. Kenneth Vanko has a post detailing a recent decision by New York’s influential First Appellate Department, Aon v. Cusack, rejecting an effort by a group of employees to race to California and secure that forum to invalidate their non-competes. Epstein Becker’s Trade Secrets & Noncompete Blog and Jackson Lewis’ Non-Compete & Trade Secret Report Blog also have posts on this decision.
  • AMD has secured a TRO against 4 former employees who left to join competitor Nivida in Massachusetts, reports Todd Sullivan in his Trade Secrets & Employee Defections Blog.
  • The Department of Justice has issued what it purports to be a summary of all of the trade secret prosecutions undertaken since 2007 (it is hardly a summary as it’s 82 pages long, single-spaced).  For those actually looking for a summary, Jessica Mendelson has a post and link to the report on Seyfarth Shaw’s Trading Secrets Blog.
  • Kenneth Vanko has another post providing an update on a Maryland bill that has been introduced to ban non-competes.
  • Employers would do well to remember the bitterness that might flow enforcement of a non-compete, advises Brian Bialas for Foley & Hoag’s Massachusetts Noncompete Blog in a post, “The Human Factor in Noncompete Disputes: Howie Carr is Still Upset Over 5 Years After His Lawsuit with WRKO.”
  • A Pittsburgh hospital has threatened to enforce its non-competes against former staff and physicians, Jonathan Pollard is reporting in the non-compete blog.
  • “2012 Showed Courts Willing To Enforce Noncompetes,” writes Ben James for Law360.
  • For those who have not gotten enough of the Amazon v. Powers (Google case), check out “Legal lessons from Amazon’s ‘noncompete’ battle with Google,” by William Carleton for Geekwire.
  • “12 Ways to (Legally) Spy on Your Competitors,” recommends Carol Tice for Entrepreneur.
Cybersecurity Articles and Posts:
  • “Cyberlaw Predictions: Data Security, Cloud Computing, and Identity Management,” foresees Thomas O’Toole for BNABloomberg’s e-Commerce & Tech Law Blog. 
  • “The Internet of Things Has Arrived — And So Have Massive Security Issues,” announces Wired in an opinion piece by Andrew Rose.

011220132013 promises to be an interesting year.  Here are three major developments that I expect in trade secrets law, cybersecurity and non-competition law:

1.  On The Trade Secrets Front, A Federal Trade Secret Civil Remedy Will Finally Be Enacted.

I believe that there is sufficient momentum building from (a) the recent Theft of Trade Secrets Clarification Act, an amendment to the Economic Espionage Act (EEA), and (b) growing concern over international misappropriation to get a proposed federal statute over the hump. 

Last year may have been a watershed year for getting a federal civil trade secret law. As I wrote earlier this month, a national consensus emerged that the trade secrets and confidential information of American companies have been at risk or compromised from international powers and companies. The bipartisan and prompt action to address the flawed ruling in U.S. v. Aleynikov bears that out. In a year where our political parties and branches of government seemed unable to agree on many issues, they were able to agree on fixing this statute. 

The Protecting American Trade Secrets and Innovation Act (PATSIA) was introduced last July but has been mired in committee since its introduction, perhaps because it lacks a Republican Senator to co-sponsor it.  PATSIA would amend the EEA to include a civil remedy primarily to address international trade secret cases. The main legal obstacle to its passage is concern over the ability of a trade secret claimant to secure an ex parte seizure order for product incorporating the misappropriated trade secrets and/or to preserve evidence. As I have written before, this provision could be abused and needs to be narrowed to only cover situations involving international misappropriation. If that can be done, we will hopefully see its passage this year.

2.  Cybersecurity Litigation In 2013 Will Begin To Define A Standard of Care. 

2012 was the year that many companies discovered the severity of the threat posed by cybertheft and hacking. 2013 is the year the proverbial chickens come home to roost, as courts wrestle with the inevitable cases filed by individuals and companies damaged by these cyber-breaches.  Given the obvious inability to pursue and collect against cybercriminals and hackers, those damaged will look to the companies that either housed their data or money.

Last year, the U.S. Court of Appeals for the First Circuit reversed a ruling in favor of a bank that had allowed improper transfers of over $500,000 to cybercriminals, essentially finding the bank had failed to properly secure the account of one of its small business customers. In Patco Construction v. People’s United Bank, the First Circuit rejected the bank’s claim that it behaved in a commercially reasonable manner in authenticating the transactions under the Uniform Commercial Code.  Expect more cases like this one.

In fact, this year, expect more litigation to ensue against not only financial institutions but companies that have been tasked with implementing, designing or managing security for the accounts in question. Of course, many may be able to rely on contractual limitations, but there will ultimately be a few cases where a court is unwilling to impose those limitations and instead looks to shape a duty. In short, a legal environment is evolving where all businesses will be subject to a duty to provide reasonable security for the data they house and the systems they design or operate.  Given the number of incidents last year, there will be litigation this year establishing what that duty is.

3.  Expect More Non-Compete Disputes in the Healthcare Industry.

There are three reasons that I think this will be one of the most watched developments in the non-compete area.

First, as the Affordable Care Act comes into effect, expect greater uncertainty and shake outs within the healthcare community. Major changes in the law inevitably lead to litigation and the healthcare industry will be no different, as hospitals and healthcare providers jockey to keep what they have or entice physician practice groups to join them. These movements in the marketplace will of course lead to a greater number of healthcare disputes, which will invariably lead to disputes over restrictive covenants that are part of existing agreements.

Second, this will be exacerbated by the increasing shortage of physicians. The industry’s recognition of this shrinking pool may contribute to greater aggressiveness by healthcare providers, hospitals and others to litigate over these physician relationships. 

Finally, don’t expect the federal and state governments to sit idly by while these issues percolate. Consider the dispute between Renown Healthcare and the Federal Trade Commission over Renown’s efforts to use its non-competes against 10 cardiologists in Reno, Nevada; Renown eventually relented after the FTC raised concerns about it having nearly 88% of the market share for cardiologists in that area. The need to service rural or under-served communities, and the political tensions resulting from that need, will cause federal and state agencies to be more willing to insert themselves into these disputes.

Last year, we witnessed an uptick in non-compete cases involving physicians and other healthcare professionals. That trend should continue and increase in 2013.

Here are the noteworthy trade secret, non-compete and cybersecurity stories from the past week, as well as one or two that I missed over the past couple of weeks:    Trade Secret and Non-Compete Posts and Cases:
  • “Eternal vigilance” may be required to protect trade secrets in South Carolina, reports Josh Durham for Poyner Spruill’s Under Lock & Key Blog. In Ethox v. Coca Cola, a South Carolina federal court dismissed Ethox’s complaint, finding that as a general matter that Ethox had failed to provide sufficient detail as to its claims. According to Josh, the district court held that “any time one company discloses a trade secret to another, as Ethox did in its dealings with Coca-Cola, the disclosing company must exercise ‘eternal vigilance’ or else the secret will be lost.” 
  • Looking for an in-house perspective on non-competes? Then check out Janette S. Levey’s two posts in The Emplawyerologist entitled “Restrictive Covenants in Employment Agreements: Guarding the Family Jewels, Parts I and II.”
  • “Rankings Of NFL Prospects May Constitute Trade Secrets,” advises Paul E. Freehling for Seyfarth Shaw’s Trading Secrets Blog.
  • “What Can the NHL Lockout Teach Us About Mediating Non-Compete and Trade Secret Disputes?” asks Michael Greco for Fisher & Philips Non-compete and Trade Secrets Blog.
  • “Industry Customs may be Basis for Establishing Secrecy Measures under Trade Secret Acts,” reports Kenneth Vanko in his Legal Developments in Non-Competition Agreements Blog.
  • “5 Ways Physicians Can Negotiate Better Employment Contracts,” recommends Rob Dean for The Virginia Non-Compete Blog.
  • “Trade Secret Protection in China: A Perspective From China and Hong Kong,” advise James Chapman, Song Lin and Alex Nie of Foley & Lardner for martindale.com.
  • “Protecting Trade Secrets in Korea: Top 5 Things to Know Before Subjecting your Business Secrets to the Korean Market,” reports Sean Hayes for The Korean Law Blog.
  Computer Fraud and Abuse Act Posts and Cases:
  • Russell Beck and Robert Milligan both provide their take on the recent dismissal of WEC Carolina Energy’s writ of certiorari, which means the split between the federal circuit courts over whether an employer can use the CFAA for violation of computer access policies will continue for the foreseeable future.
  • “Two Year Statute of Limitations of Computer Fraud and Abuse Act Accrued When Plaintiff “Suspected” Wrongdoing,” reports Shawn Tuma.
  Cybersecurity Articles and Posts:
  • “More than half of in-house counsel say data security is their top legal concern,” notes Michael Kozubek for Inside Counsel.
  • “Corporate Network Defense: When Seconds Count, the FBI is Years Behind,” laments Stewart Baker for Covington’s Cyberblog.
  • “Law Firms And Cloud Computing,” writes Arturo A. Castro of Cullen & Dykman for JDSupra.
  • “Top 7 end-user security priorities for 2013,” reports Joe Ferrara, CEO of Wombat Security Technologies for SC Magazine.
  • “Does Your Firm Have a Bring-Your-Own-Device Policy?” asks Dennis Kennedy for the ABA Journal’s Technology Column.
News You Can Use:
  • “Be lucky – it’s an easy skill to learn,” recommends Richard Wiseman for The Telegraph.

01092013We are now down to the final three cases.  Each one of them received significant media attention and generated important rulings that will impact other trade secret cases in the future.  Each one could have been No. 1 in their own right in any other year. 

3.  U.S. v. Nosal (U.S. Court of Appeals for the Ninth Circuit, April 2012) and WEC Carolina Energy v. Miller (U.S. Court of Appeals for the Fourth Circuit, July 2012)  These two cases heaved a significant split within the federal appellate circuit over the scope of the Computer Fraud and Abuse Act (CFAA) by narrowing its application to hacking cases as opposed to trade secret theft cases.   Nosal in particular was remarkable because it was a 9-2 en banc decision from the influential Ninth Circuit that reversed a ruling last year issued by a 3-member panel of that court.  In that earlier decision, that panel of the Ninth Circuit had followed the holdings of the Fifth, Seventh and Eleventh Circuit and essentially found the CFAA could be applied to violations of computer use policies. 

Both cases involved situations where former employees had violated computer use policies to misappropriate trade secrets, and presented the question of whether the violation of those policies amounted to “access without authorization” as required for a claim under the CFAA.  The decision in Nosal, which was issued in April, found that it did not apply and expressed concern that holding otherwise might lead to the criminalization of violations of other computer use policies (such as reading ESPN.com at work).  The Fourth Circuit followed that reasoning in WEC Carolina Energy.

Like several of the cases in the Top 10, Nosal and WEC Carolina Energy received tremendous media attention, especially the Nosal holding.  The New York Times even had an editorial applauding Chief Judge Alex Kozinski’s entertaining majority opinion.  Concerns over the potential criminalization of violations of computer use policies had resonance with the public at large.

Unfortunately, the split between federal courts of appeal will remain for the foreseeable future as WEC Carolina Energy’s writ of certiorari to the U.S. Supreme Court was dismissed last week.

2.  DuPont v. Kolon (E.D. Va. 2012).  This epic trade secret case, which was the Trade Secret Litigator’s most significant trade secret case of 2011, would have been the winner again in almost any other year.  As regular readers know, I have written extensively about this case as it moved from an important spoliation of evidence ruling on the eve of trial to a $920 million verdict last year. (Previous posts can be found here and here).

In August, U.S. District Court Judge Robert Payne granted a sweeping 20 year injunction banning Kolon from making Heracron, the synthetic fiber that he found incorporated the trade secrets misappropriated from DuPont.  Judge Payne’s thorough opinion wrestled with the issue of whether irreparable injury was present and whether it was required for a permanent injunction under Virginia’s version of the Uniform Trade Secrets Act.  As permanent injunctions become more and more difficult to secure (compare, for example, Judge Koh’s recent decision to reject a permanent injunction in the Apple v. Samsung case), this opinion may prove to be very important for trade secret claimants seeking permanent injunctive relief.  (My thoughts on that opinion can be found here).

In October, the U.S. Attorney for the Eastern District of Virginia indicted a number of Kolon managers from South Korea for stealing DuPont’s trade secrets in connection with this case.  Kolon has appealed Judge Payne’s ruling to the Fourth Circuit so unless the parties settle, this battle will continue to generate headlines in 2013.

1.  U.S. v. Aleynikov (U.S. Court of Appeals for the Second Circuit, April 2012).  Why did this case get my vote for the top trade secret case of 2012?  Any case that directly causes Congress and President Obama to amend an important criminal statute, a criminal statute that might serve as the basis for a federal civil remedy this year, deserves that title.

For the uninitiated, in December 2010, a federal jury in New York convicted Sergey Aleynikov of stealing source code for Goldman Sachs’ proprietary high frequency trading (HFT)  program under the Economic Espionage Act (EEA).  The circumstances surrounding the charges were pretty egregious:  Aleynikov was responsible for developing Goldman’s HFT computer programs for various commodities and equities markets. In April 2009, Aleynikov resigned from Goldman and accepted a job at Teza Technologies to help develop that firm’s own version of a computer platform that would allow Teza to engage in HFT. On his last day, Aleynikov transferred thousands of computer files, including source code to the HFT trading system, to a server in Germany that was not blocked by Goldman’s firewall. That evening, at his home, Aleynikov downloaded the material from the German server to his personal computer and then to his laptop and a thumb drive so that he could make it available to Teza.

The collective jaw(s) of the trade secret community dropped in April last year when the U.S. Court of Appeals for the Second Circuit issued the grounds for its reversal of Aleynikov’s conviction.  Essentially, the Second Circuit imposed a requirement that the product be intended to be sold in an open market to qualify for prosecution under the EEA. Of course, this interpretation removed a number of potentially important trade secrets from the scope of the statute.

As a result, in late November, Senator Patrick Leahy approved the Theft of Trade Secrets Clarification Act, S. 3642, which specifically sought to remedy the Aleynikov construction by broadening the statute’s scope to cover trade secrets that are “related to a product or service used in or intended for use in interstate or foreign commerce.”  The House approved the amendment, 388 to 4, and President Obama signed it into law on December 31, 2012.  As this broader language will likely be part of any proposed amendment adding a civil remedy under the Protecting American Trade Secrets and Innovation Act, the Aleynikov decision has had an important impact beyond the criminal prosecution.

The Aleynikov and Goldman saga will continue into 2013, as the Manhattan District Attorney has also launched a criminal proceeding against Aleynikov and Aleynikov has filed a lawsuit in New Jersey against Goldman seeking indemnification for the criminal prosecutions brought against him.

In sum, 2012 was a fascinating year, and 2013 promises to be just as interesting as many of these cases will continue to unfold on different fronts.

In one of the biggest non-compete cases filed late last year, a Seattle federal judge has now rejected Amazon.com, Inc.’s effort to enforce its covenant not to compete against former cloud computing manager, Daniel Powers, who had joined Google three months after Amazon terminated him.  There are a number of noteworthy holdings in the December 27, 2012 decision by U.S. District Court Judge Richard A. Jones, a copy of which is attached as a PDF below.  However, what was most significant to me was the manner in which Google and Powers so effectively preempted potential claims of potential misappropriation and irreparable injury by taking steps to protect Amazon’s trade secrets and customer relationships. 

Background:  Powers had served as Amazon’s vice president in charge of global sales for Amazon Web Services before he was terminated by Amazon.  Last October, Amazon sued Powers to enforce its 18 month non-compete after it learned that he had become Google’s director of cloud platform sales. 

However before Powers joined Google, he and Google both agreed that Powers would not (1) use any of the trade secrets or confidential information of Amazon; (2) perform any cloud computing work for his first 6 months with Google; and (3) contact any of his former customers from Amazon.  Significantly, there was no evidence that Powers took anything from Amazon or that he had used any of the trade secrets that the district court concluded he likely had learned while at Amazon.
 
Those steps proved instrumental, as Judge Jones repeatedly emphasized the steps that Google and Powers had undertaken to safeguard those trade secrets, noting that Powers and Google had agreed to “virtually every restriction Amazon seeks in its injunction.”  These safeguards, and the absence of any misappropriation, further undermined Amazon’s ability to present a compelling argument as to irreparable injury, since the district court noted that a probability of the threat of irreparable injury was simply not present on this record.  As a result, he denied most of Amazon’s request to enforce its covenant not to compete and simply ordered that Powers not solicit Amazon customers through March 2013, which amounted to 9 months from the date of his termination.
 
Key Takeaways:  No. 1:  Google and Powers wisely defused Amazon’s non-compete.  Using Hewlett Packard’s playbook from the IBM v. Visentin case, Google and Powers left Amazon with very little room to maneuver.  They addressed Amazon’s legitimate interests in its trade secrets and customers by taking them off the table and their willingness to have him perform no cloud computing work for 6 months not only made them look reasonable but gutted Amazon’s ability to demonstrate the threat of irreparable injury.
 
No. 2:   Amazon’s decision not to conduct discovery cost it dearly.  For reasons that are not clear, Amazon elected not to pursue expedited discovery against Powers and Google, a fact that Judge Jones repeatedly emphasized in knocking down Amazon’s arguments as lacking.  For example, because Powers had not been at Amazon for the previous six months, Judge Jones noted that some of the information could conceivably be stale at this point in time; expedited discovery would have assisted in demonstrating that Powers had access to and had retained viable trade secrets.  Moreover, Amazon’s efforts to argue that Powers would inevitably disclose its trade secrets suffered because they could not demonstrate what he actually knew or retained, or show that the similarity of his old position and new position would lead to that inevitable disclosure.
 
No. 3:  Amazon did not identify the specific trade secrets it believed were at risk.  Perhaps for the same reason it was reluctant to engage in discovery (and thus expose its own trade secrets to Google), Amazon apparently elected not to provide evidence of specific trade secrets it believed were at risk and instead elected to rely more heavily on the protections it felt it had under the covenant not to compete.  Judge Jones identified this as a further ground for denying Amazon’s trade secrets claim.

No. 4:  An overly broad non-compete hurt Amazon.  The district court was troubled with the non-compete which had no geographical limitation and which covered all of Amazon’s business lines, even the ones in which Powers had never worked.  Consequently, the broad non-compete served to reinforce the reasonableness of the non-solicitation provision, which the court was willing to enforce.  The absence of specific trade secrets and threat of irreparable injury were the final nails in the coffin of the non-compete.

To sum up, this case shows the importance of solid planning and imposition of safeguards to protect an opposing party’s trade secrets and customer relationships.  For more on this important case, see the fine posts of Jonathan Pollard, Kenneth Vanko and Russell Beck.

Amazon v, Powers Decision.pdf (118.69 kb)

Here are the noteworthy trade secret, non-compete and cybersecurity stories from the past week, as well as one or two that I missed over the past couple of weeks:
 
Trade Secret and Non-Compete Posts and Cases: 
  • Two amendments to the Economic Espionage Act (EEA) have or will become law this week or next week. As expected, President Obama signed the Theft of Trade Secrets Clarification Act, which had unanimously passed the Senate and made its way through the House after a 388-4 vote. The Trade Secret Clarification Act has effectively reversed the narrow construction of the EEA by the U.S. Court of Appeals for the Second Circuit in U.S. v. Aleynikov. In that heavily-criticized decision, the Second Circuit had limited the application of the EEA’s §1832(a) to products that were sold or intended to be sold into interstate commerce. In addition to now ensuring that trade secrets related to internal products such as software are covered under §1832(a) of the EEA, the Act has also broadened that part of the statute to cover trade secrets for services. Finally, President Obama is expected to sign an amendment enhancing the penalties’ sections of the EEA, increasing, among other things, the potential financial penalty from $500,000 to $5,000,000 for stealing trade secrets for the benefit of a foreign power under §1831(a) and increasing penalties from at least $10,000,000 to perhaps 3 times the value of trade secrets for violations of §1832. For more on the amendments and their potential impact on prosecutions, see Ryan Davis’ article for Law360, “Trade Secrets Cases May Spike After US Strengthens Law.” 
  • Amazon has lost its effort to enjoin a former employee from working on any cloud computing project for Google, reports Jonathan Pollard in the non-compete blog. According to Jonathan, the Washington state court rejected Amazon ‘s broad injunctive request to bar Daniel Powers from working from Google in a thorough and well-reasoned opinion. The opinion emphasized, among other things, the fact that Powers did not take any documents or files with him, that Amazon had failed to identify its trade secrets with the requisite specificity, and that the request would have amounted to worldwide ban that was not warranted on the facts before the court. For more on the case, see my post about the filing of the complaint here. 
  • How important is it to have a provision requiring the return of confidential information? Pretty damned important, advises Epstein Becker’s Trade Secrets & Noncompete Blog which details a recent decision, Lincoln Chemical Corp. v. Dubois Chemicals Group, from the Northern District of Indiana that relied on such a provision for an injunction in that trade secrets dispute. 
  • “United Health Services Wins $6.9 Million Verdict in Non-Compete Claim Against Acadia Healthcarereports John Paul Nefflen for Burr & Forman’s Non-Compete Trade Secrets Law Blog
  • For those interested in the take of other bloggers on major cases and developments in trade secret and non-compete law in 2012, check out Robert Milligan’s analysis of “Top 10 Developments/Headlines in Trade Secret, Computer Fraud, and Non-Compete Law in 2012” for Seyfarth Shaw’s Trading Secrets Blog as well as Kenneth Vanko’s thoughts on “2012: Year-End Review and Top 10 List” for his Legal Developments in Non-Competition Agreements Blog
  • Kenneth also has a post on a recent opinion out of the Second Circuit construing Connecticut’s version of the Uniform Trade Secrets Act. According to Kenneth, the decision in McDermid, Inc. v. Dieter may prove to be a boon for plaintiffs seeking to protect trade secrets overseas. 
  • “The Four Keys To China Trade Secret Protection” advises Dan Harris in The China Law Blog
  • Samsung Loses Bid To Seal Sales Data In Apple IP Dispute” reports Law360 
Cybersecurity Articles and Posts: 
  • “The White House is Finalizing an Executive Order on Cybersecurityreport Dennis Olle and Padro Pavon of Carlton Fields for JDSupra
  • “Tackling Intellectual Property Issues in the Cloud” advises the bizcloud
  • Looking for tips for “Cyber Security for Smart Phone”? Then check out Peter S. Vogel’s post in his Internet, Information Technology & e-Discovery Blog
  • Cyberlaw Predictions: Crucial Time at the Federal Trade Commission,” notes Thomas O’Toole for Bloomberg’s e-Commerce and Tech Blog.
News You Can Use: 
  • Looking for the discipline to keep those New Year’s resolutions? Then consider “How to Train Your Brain to Stay Focused” as advocated by Nadia Goodman for Entrepreneur.