Here are this week’s noteworthy posts and articles on trade secrets, non-competes and cybersecurity:   Trade Secrets and Non-Competes:
  • The conviction of former Goldman Sachs’ programmer, Sergey Aleynikov, under the Economic Espionage Act (EEA) for stealing Goldman’s source code was overturned by the Second Circuit Court of Appeals within hours after oral argument last week. The Second Circuit issued a short order advising of a more detailed opinion later, but no grounds were provided. According to a thorough article in the New York Times, the Second Circuit likely focused upon “whether Goldman’s high-frequency trading system, and the code upon which it was built, was a ‘product produced for interstate commerce’ within the meaning of the statute.” This promises to be an important opinion under the EEA and I will post later when it comes out.
  • IBM used an unconventional defense — the plaintiff’s deceased mother — to prevail in a trade secret case in the Northern District of California. Alison Frankel’s On the Case Blog reports that in Bierman v. IBM, IBM successfully argued that the statute of limitations barred the plaintiff’s claims because he could not produce evidence that his deceased mother, to whom he transferred his technology for several years, was unaware of the alleged misappropriation.
  • In the latest salvo in the DuPont v. Kolon dispute, Eastern District Court of Virginia Judge Robert Payne denied Kolon’s request to have him recuse himself because of his role in a 1985 patent dispute for DuPont while he was a partner with McGuire Woods, one of the law firms representing DuPont. The decision, which was issued in the remaining antitrust portion of the case brought by Kolon, rejected Kolon’s arguments on the merits and as untimely. (A link to the opinion can be found below).
  • The Texas Employment Law Update Blog reports on a recent decision refusing to enforce a forfeiture provision in a stock incentive program that was triggered by a non-compete violation. The decision, Drennen v. Exxon Mobile Corp., found that the provision in question did not comply with the Texas Covenant Not to Compete Act.
  • Seyfarth Shaw’s Trading Secrets Blog has an outstanding post about a recent decision by the Southern District of California, Platinum Logistics v. Mainfreight, involving the Computer Fraud and Abuse Act (CFAA). This is a rare CFAA decision from a court within the Ninth Circuit, as the district courts and litigants await the Ninth Circuit’s en banc reconsideration of U.S. v. Nosal. According to Robert Milligan, the former employee’s breach of her non-disclosure agreements could qualify as a violation of the CFAA as it is currently interpreted.
  • For you compulsive test takers, take a crack at the hypotheticals offered up in a recent post entitled “Would You Know a Trade Secret If It Jumped Up and Bit You?” on Coatings World.
  • And for those who don’t think the issue of trade secret misappropriation in China has reached the tipping point, take a look at The Onion, which provides its own parody of the recent Hanjuan Jin conviction. In the post, The Onion reports that a Motorola engineer was convicted of stealing “the plots to the next three Droid commercials” and “closely guarded, highly advanced tablet and smartphone tech specs that Motorola originally stole from Apple and Samsung.” Ouch.
Cybersecurity:
  • Stroz Friedberrg, the renowned security firm, confirms in an article, “Securing Corporate Data in a Law Office’s Computer Network,” that lawyers and law firms are hacking targets. The article by Catherine Dunn in the Corporate Counsel site confirms a number of points in an earlier post of mine, including the use of “spear-phishing” to trick unsuspecting lawyers. It also provides an excellent checklist of steps a firm and its lawyers can take to protect themselves from these attacks.
  • According to Wired, Anonymous is promising regularly scheduled attacks on Fridays. Although Anonymous’ mastery of the news cycle may be suspect, the government is taking them seriously on other fronts.  According to the Wall Street Journal, National Security Agency director, Gen. Keith Alexander warns that Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.
News You Can Use:
  • With all the news about app providers downloading personal information, you may want to take a look at “Smartphone Security Blankets,” an article that appeared in last weekend’s New York Times, as well as Smart Money’s “Keeping Prying Eyes Off Your Phone.”
EI Du Pont v Kolon Recusal Opinion.pdf (1.18 mb)

Given the kerfuffle over the recent admissions by Facebook, Twitter, Foursquare, Path and others that they downloaded personal information and/or uploaded contacts through, among other things, Apps on users’ iPhones, it was inevitable that someone would ask whether there might be trade secrets that could be misappropriated as well. Larry Magid recently wrote a post, “Privacy, Safety & Trade Secrets at Risk in Latest Apple App Flap,” for Forbes posing that very question. 

For the digitally unsavvy who missed last week’s news, Larry’s article presents a nice summary: On February 8th, a developer discovered that his “entire address book (including full names, emails and phone numbers) was being sent as a list to Path.” Path, an app that allows people to create and share their personal journals, quickly admitted it, apologized, and issued a new version that sought permission before uploading user data. Other companies, including Foursquare, Twitter, Facebook, Instagram and Voxer, later came forward and admitted uploading user data.
 
Larry’s post expresses concern that given the sheer number of Apps that now exist (over 500,00 for the iPhone and 400,000 for the Droid), it is conceivable that a developer with less-than-pure intentions (other than, of course, simply harvesting the data of its users) could use the interface with the iPhone or Droid to do so. Larry expresses concern that a list of a user’s contacts could confer some form of competitive advantage.
 
While there may be some legitimate concerns on the privacy front about these developments, I don’t think companies have much to worry about on the trade secrets front. The vast majority of users would face, at worst, disclosure of their contact information, which would exist in a fairly rudimentary form (email addresses, phone numbers) and which in some instances would already be available to the public (Twitter, for example, generally lists a user’s followers and the other users that he/she is following). Moreover, one would presume that a user would tread carefully with an App that he perceives competes with him or his employer; in fact, it would be tough to defend a trade secret claim where that information was shared with a competitor with no safeguards.
 
While it is possible, given the growing universe of Apps and the blurring of personal and professional lives on smartphones, that some form of trade secret could be uploaded or taken, it is tough for me to envision such a situation. And since contact information and customer lists are generally perceived as the red-headed stepchildren of the trade secret world, under these circumstances it would be tough to argue for any trade secret protection.

I’ve had the opportunity to consider the pros and cons of the Kohl/Coons Amendment to the Economic Espionage Act (EEA), an amendment that would add a civil cause of action to that criminal statute. (I wrote about the Amendment’s introduction last Fall and a PDF of it can be found here). For the four reasons below, the Amendment is worth supporting and those in the trade secret community should throw their weight behind its passage.

No. 1:  It provides a needed international remedy. Trade secret cases have an increasingly international component. As articles in the New York Times and Wall Street Journal this past week made clear, many companies are in need of a remedy to protect trade secrets misappropriated overseas. DuPont’s dispute with Kolon, Motorola’s dispute with Lemko, DuPont’s dispute with Pangang Group and Walter Liew, the TianRui Group case, the hacking directed at Nortel — all of these high profile cases involve international parties.

The Amendment’s express purposes is combatting international esponiage. As Senator Kohl has noted, “[t]he problem of economic espionage is not new, but it has grown and evolved as the information age has reached a point where trade secrets can circle the globe in the blink of an eye. U.S. corporations face intense competition at home and abroad. As much as 80% of the assets of today’s companies are intangible trade secrets. They must be able to protect their trade secrets to remain competitive and keep our economy strong.”

As Todd Sullivan’s Trade Secrets Blog noted last year, Senator Coons expressed the same concern: “When foreign companies and governments steal our ideas, they’re stealing more than just formulas and schematics — they’re stealing jobs. These amendments are rooted in specific concerns I have heard repeatedly from manufacturers in Delaware who operate in a constant state of fear that their innovations are going to be stolen and sold by a foreign company.”

No. 2:  The ex parte seizure order is a powerful tool. The Amendment provides for an ex parte proceeding that authorizes the seizure of misappropriated product or the preservation of evidence. While short in duration (the foreign party has to have notice within 72 hours), this provision could be very important in international trade secret disputes. 

This is the real wild card within the Amendment. As the facts of the DuPont v. Kolon and Walter Liew cases make clear, foreign parties may not be terribly concerned with the niceties of the preservation of evidence. Having the ability to seize and preserve critical evidence in the digital age is an important tool to have in your trade secret toolbox. As federal courts are some times loathe to grant ex parte remedies, having a statutory basis to do so will be a significant advantage for a litigant.

No. 3:  Nationwide service of process assists in injunctive proceedings. Nationwide service of process can be particularly important in a trade secret case. Anyone who has litigated a trade secret case knows proof of misappropriation is one of the biggest hurdle to overcome. Forensic evidence certainly helps but at the end of the day, a trade secret litigant will likely have to prove misappropriation by circumstantial evidence.

To build that case, third parties will need to be subpoenaed for documents and testimony. If they are located out of state or overseas, that will require a request for a commission or letters rogatory to seek enforcement outside that state. This process, in the best of circumstances, can take weeks and if it is opposed, it could take months.  As trade secret cases frequently arise in the context of injunctive relief and are, by their nature, very contentious, this can frustrate the gathering of important evidence and prompt relief.

The Amendment’s authorization of nationwide service of process would reduce that problem. To the extent that there would be need for international service, the EEA amendment would provide jurisdiction to federal courts to the full extent of Due Process. While service might still be necessary in some situations, it is an improvement over the status quo.

No. 4:  The EEA Amendment has great symbolic value. At the present time there is no federal cause of action available to companies or inventors to protect their trade secrets. Federal trademark, copyright and patent causes of action all exist for a party seeking to protect those rights. Given the increasing prominence of trade secrets as a measure of protection, coupled with the uncertainty over patent protection as a result of recent Supreme Court decisions and the newly-enacted American Invents Act, a federal statute should be in place to reinforce that federal commitment.

Is the Amendment perfect? Of course not. As David Almeling’s post last year with Patently O noted, the Amendment is confined to misappropriation related to products. While I would prefer to see a broader definition, there may not be another opportunity to get an Amendment like this passed. A narrow remedy, which hopefully can be improved, is better than no remedy at all.
 
Momentum is hopefully building in support of the Amendment. Last month, the Trade Secret Law Committee of the American Intellectual Property Law Association voted resoundingly in favor of a resolution supporting the Amendment to the AIPLA’s Board of Directors. The Committee’s Legislative Chair, Russell Beck, who has experience with legislation over Massachusetts’ Non-Compete bill, will be working with the staffs of Senator Kohl and Coons to help move the Amendment forward.

Let’s do what we can to support the Amendment. Contact your own Senators and House Representative and make it clear that you think this Amendment is important and deserves their support. Talk to your clients and urge them to contact their Senator and tell them that the Amendment needs to pass. We shouldn’t let this historic opportunity slip away.

02172012There is an important article in today’s online edition of Forbes entitled “10 Security Essentials For CIOs” by Kristen Lovejoy, Vice President of IT Risk at IBM. While the article is directed at CIOs, its recommendations equally apply to, and and should be used by, outside lawyers, in-house counsel and human resources managers to ensure that the trade secrets within their organization are protected. It is an easy and quick read, but a powerful one.

I won’t repeat each of steps that Kristen outlines but I will emphasize the first:  “Build a Risk-Aware Culture.” She uses a compelling metaphor to reinforce her point:

“Think of the horror that many experience if they see a distracted parent on a cell phone while a child runs into the street. That same intolerance should exist, at a company level, when colleagues are careless about  security. Management needs to push this change relentlessly from the very top down, while also implementing tools to track progress.”

We are inundated by new technology and the growing, and at times seemingly overflowing, risks presented internally and externally by those that might compromise it. That technology, however, has little value if the individuals within the organization do not use it and do not consistently enforce its use by others. 

I could search Bartlett’s Quotations or Google for an effective quote about the importance of culture in an organization but I think we all innately know that as human beings, through the process of osmosis, we respond to and are directed by the actions and directives of the organization around us. The actions of senior management and other influencers invariably filter down to others who take notice, consciously or unconsciously, and incorporate that behavior into their own. There are few things more corrosive to an organization than a leader or manager who violates the rules or fails to apply them to his or her own conduct.

Conversely, there is no more effective teaching tool than the actual conduct of a diligent manager or leader. If decision-makers act responsibly, others will invariably follow. Reinforce those actions with formal procedures and education, and you build a culture step-by-step over time. 

It is no different with security. I had the privilege of speaking last May at the American Intellectual Property Association’s Spring Meeting with Malcolm Harkins, Intel’s Chief Information Security Officer. When Malcolm got up to speak, I expected his presentation to be heavily oriented to the technical protections that a sophisticated company like Intel was using or advocating to others. Instead, Malcolm’s primary message was the importance of building and reinforcing a culture of security at Intel.

Take a look at the news this week. Nortel’s trade secrets were stolen from senior management over the course of a decade by hackers. Lawyers are increasingly the targets of cyberattacks because they are perceived to be less careful than their clients in their infrastructure. Like it or not, it is now the world in which we live. Focusing on security and envisioning how to make it part of your organization’s culture is the first and most important step to protecting trade secrets and confidential information.

Here are the noteworthy trade secret, covenant not to compete and cybersecurity stories from the past week; as you will see, it was an extremely busy week and a significant number of the posts address China, no doubt because of the U.S. visit of Chinese Vice President Xi Jinping:
Trade Secrets and Non-Competes:
  • Any reversal of the TianRui Group v. ITC decision will have to come from the U.S. Supreme Court as the Federal Circuit just declined to reconsider the decision en banc (thanks to Wil Rao for the update; Wil represented the American company that initiated the underlying ITC action). TianRui Group was one of the most significant trade secret decisions of 2011 as it provided for a remedy (a ban on importation) for products incorporating misappropriated trade secrets overseas.  (A copy of the order entering judgment is attached below).
  • The Delaware Non-Compete Law Blog describes a recent case, Chesapeake Insurance Advisors, Inc. v. Williams Insurance Agency, Inc., that confirms the Delaware Chancery Court’s unwillingness to “blue pencil” an overly broad non-compete or non-solicitation provision. Let this serve as a warning to anyone drafting an agreement governed by Delaware law.
  • Hanjuan Jin, a former Motorola Engineer, was convicted last week of stealing Motorola’s trade secrets but avoided the more serious economic espionage charges. (I have attached a PDF copy of the 77-page opinion below). In a story that borders on being an urban myth in trade secret circles, Jin was detained by federal agents at Chicago’s O’Hare International Airport in 2007 during a random security search before she could board a flight to Beijing on a one-way ticket. That discovery led to the subsequent litigation between Motorola and a number of its former employees, a case that settled last month after the district court denied the former employees’ motions for summary judgment and set it for trial.
  • Senator John Kerry apparently gave visiting Chinese VP Xi an earful about the experience of a Massachusetts company that believes its trade secrets were stolen in China and has been frustrated by the Chinese legal system. In a New York Times article entitled “U.S. to Share Cautionary Tale of Trade Secret Theft With Chinese Official,” the company, American Superconductors, “saw 70 percent of its business evaporate last year after a Chinese partner enticed one of its employees to steal the crown jewel of its technology.”
  • Seyfarth Shaw’s Trading Secrets Blog has a nice summary of the recent decision by the Illinois Appellate Court, Second District, in Hafferkamp v. Llorca retroactively applying the Illinois Supreme Court’s holding in Reliable Fire Insurance v. Arrendondo. As readers of this blog will recall, in Reliable Fire Insurance, the Illinois Supreme Court required that a court determine whether there was in fact a legitimate business interest in support of a non-compete.
  • Kenneth Vanko’s Legal Developments in Non-Compete Law Blog is reporting that the Illinois legislature is considering leveling the playing field for employees who prevail in non-compete disputes. According to Kenneth, House Bill 5198 would amend the Illinois Code of Civil Procedure to allow a circuit court to shift attorneys’ fees to a prevailing defendant if a contract under which a plaintiff sues allows for the plaintiff to recover fees.
  • The Connecticut Supreme Court has sided with the University of Connecticut’s decision to withhold information about its boosters. The university said lists naming its donors and other supporters qualify as trade secrets that other institutions could use to lure away its fans’ dollars and loyalty and are therefore exempt from public records requests under Connecticut law.
Cybersecurity:
  • Both the New York Times and Wall Street Journal ran stories this week about the present efforts within the Senate to move forward on the Cybersecurity Act of 2012. The New York Times wonders whether the ghosts of SOPA and PIPA will complicate passage of that legislation.
  • The New York Times’ Bits Blog entitled “How Much Have Foreign Hackers Stolen?” quotes Mike McConnell, the former director of national intelligence and now vice chairman at Booz Allen Hamilton, as estimating that foreign cyberthieves steal 867 terabytes of data from the United States, or “nearly four times the amount of data collected in the archives of the Library of Congress” on a daily basis. That, my friends, is a lot of data.
  • The Wall Street Journal also ran a major story (it was on the front page in the print edition) describing the nearly-decade long efforts of Chinese hackers directed towards Nortel. According to the article, “Chinese Hackers Suspected in Long-Term Nortel Breach,” the hackers had the passwords of Nortel’s CEO and six other senior executives and unfettered access to its trade secrets from 2000 to 2009. It is a chilling read.
News You Can Use:
  • Planning on traveling to China anytime soon? In an article entitled “Traveling Light in a Time of Digital Thievery,” the New York Times (who else this week?) quotes security experts that recommend leaving laptops, smartphones and other mobile devices behind and bringing “clean” loaner devices.
  • For those looking to protect their trade secrets in the cloud, David McGrath and Charles Stewart have an interesting article, “Minimizing the Risk of Data Theft Through Cloud Computing.”
TianRui Group v. ITC Judgment Issued as Mandate.pdf (85.46 kb) U.S. v. Hanjuan Jin Memorandum.pdf (2.16 mb)

Two high profile cases have drawn attention to a frequent problem in trade secret cases involving medical researchers, software developers and engineers: Who owns the trade secrets or inventions at issue, the employee or the employer? As one might expect, a well drafted employment agreement will go a long way to resolving this question.

The first case, Abramson Cancer Center of the Univ. of Penn. v. Craig Thompson, M.D., Case No. 11-cv-09108-LAK (S.D.N.Y.), highlights the problems that the absence of an employment or consulting agreement may create. Late last year, the University of Pennsylvania’s Abramson Cancer Institute sued its former research director, Dr. Craig Thompson, as well as the company that he formed after his departure, Agios Pharmaceuticals. Penn’s Institute claims that Dr. Thompson took an “innovative cancer metabolism research platform” with him that was the property of the Institute. The Institute claims it has been damaged to the tune of a whopping $1 billion. As Dr. Thompson is now the President of Memorial Sloan-Kettering Cancer Institute, this dispute has garnered a number of headlines.

I have attached the amended complaint below. As you can see, there is no claim invoking a specific employment contract (while there is an invocation to an Institute Agreement, there does not appear to be any allegation that Dr. Thompson signed it).  Instead, the amended complaint primarily relies upon statutory and common law claims that Dr. Thompson owed a duty to the Institute to disclose any of his inventions or research and that he failed to disclose his discoveries while he served as research director. One would expect that Dr. Thompson and his company will emphasize the absence of any written agreement on this issue, a fact that may complicate the question of owns what. We’ll obviously wait to see how things shake out.

Now compare the Northern District of Illinois’ recent decision in Motorola, Inc. v. Lemko Corp., Case No. 08 C 5427 (N.D. Ill.), where the existence of a provision establishing the employer’s ownership of the inventions proved critical.  (I have attached a copy of the opinion below). In Lemko, Motorola brought a trade secret action against a number of former employees who had formed a competing company, Lemko, to develop and sell devices that arose from their work on Motorola’s distributed mobile architecture. The employee agreements of two of the former employees, Shaowei Pan and Nicholas Labun, contained  a provision assigning to Motorola “the entire right, title and interest in all my inventions, innovations, or ideas developed or conceived by me solely, or jointly with others, at any time during my employment … related to the actual or anticipated business activities of Motorola.” 

Pan and Labun began doing work for Lemko while they were still employed by Motorola. In 2007, Hanjuan Jin, one of Motorola’s former employees, was stopped at O’Hare International Airport before boarding a one-way flight to China and it was discovered that she had documents containing Motorola’s trade secrets. (Jin was convicted last week of stealing Motorola’s trade secrets). Motorola later brought this action and asserted that various Lemko patents were the property of Motorola because they were related to inventions and innovations that Pan and Labun had developed for Motorola.
 
Lemko, Pan and Labun moved for summary judgment but that motion was denied because the district court found there were sufficient issues of material fact regarding whether Lemko’s inventions and technology fell within the relevant employment agreements. The case settled shortly after that ruling last month.

While an agreement should considerably strengthen an employer’s hand, it is important to remember that several states have specifically addressed this situation with legislation. California, for example, provides a safe harbor for employees who develop inventions or technology entirely on their own time without using their employer’s resources or equipment, so long as those efforts do not relate to work performed for their employer. That statute, California Labor Code § 2870, expressly trumps any employment agreement that purports to require an employee to assign an invention that would otherwise be his under this statute.

The takeaway? Make certain that every researcher, technician and developer has a written employment or consulting agreement that includes a provision defining who owns what intellectual property that he or she develops while employed. Also, make sure that there is a requirement that they disclose any inventions that they believe that they have independently derived so that the issue of ownership can be flushed out and resolved before they decide to go forward in any new venture. Finally, double-check your state’s law to see whether there are any statutes or authority addressing this situation.

The Leonard and Madlyn Abramson Family Cancer Research Institute at the Abramson Cancer Center of the University of Pennsylvania v Craig Thompson M D .pdf (416.45 kb)

Motorola Inc v Lemko Corp et al .pdf (1.23 mb)

In an unprecedented move, federal prosecutors have indicted Pangang Group Company Limited, a company owned and controlled by the Chinese government, as well as and one of its Chinese executives, in a high profile criminal trade secret case in San Francisco.  In essence, the U.S. Attorney for the Northern District of California has decided to indict China for the theft of DuPont’s trade secrets for the process and manufacture of titanium dioxide (TiO2), a commercially valuable white pigment that is used in a large number of materials ranging from paints to plastics to paper and is particularly valuable in military and aerospace applications. 

The indictment quickly follows the U.S. government’s successful opposition to the release of Walter Liew, a California businessman whom the government has also indicted for, among other things, conspiracy to steal trade secrets, attempted economic espionage and witness tampering.  I have attached a copy of the 77-page amended indictment below, as well as the original indictment against Liew and his wife, Christina Liew.
 
If there is any doubt that this is a cannon shot across the bow, one need only read the opening sentence of the amended indictment: “The People’s Republic of China publicly identified the development of chloride-route titanium dioxide (TiO2) production as a scientific and economic priority.”  The indictment goes on to describe Pangang Group as a state-owned enterprise controlled by government agencies of China and run by officials of the Communist Party of China.
 
The case unfolded shortly after DuPont sued Liew in Northern California last April and notified federal authorities of its concerns.  On August, 23, 2011, federal prosecutors indicted Liew and his wife, accusing them of providing false statements to federal authorities and obstructing justice in connection with their investigation of the possible theft of DuPont’s titanium dioxide.  During the course of the search of the Liews’ home, the FBI found a “trove” of letters and correspondence establishing that Liew was in the process of securing DuPont’s TiO2 processes and data to sell to Chinese companies.  It is this trove that led to the amended indictment against the Liews, Pangang Group, its subsidiaries, and its Vice President of the Chloride Process TiO2 P roject Department, Hou Shengdong.
 
According to one of the prosecutor’s filings, Liew “was tasked by representatives of the [Chinese] government to obtain technology” for building titanium factories, and “obtained that technology from former DuPont employees and sold it to companies controlled by the [Chinese] government.”  Liew is alleged to have paid former DuPont engineers for assistance in designing the TiO2 processes at issue, and in turn secured contracts with Pangang Group and others for $5.6 million, $6.2 million and $17.8 million.
 
In addition to naming a state-owned manufacturer, there are a number of other interesting twists to this case.  For example, according to the Wall Street Journal and Reuters, one of the key witnesses killed himself last week. That witness, Tim Spitler, was a former DuPont engineer who had testified that he discussed secret DuPont documents with Liew.  In addition, according to the Wall Street Journal, two executives of Pangang were detained and prevented from leaving the U.S. so that the government could obtain testimony about the Liews.  However, they were released to return to China after securing their testimony, a curious decision given the undeniable thrust of the indictment directed toward Pangang Group and the Chinese government.
 
As I noted yesterday in briefly describing media reports of the indictment, I can’t recall a criminal case that so directly asserted that the Chinese government had a role in the trade secret allegations at issue, let alone one that actually indicted a state-owned company.  Most, if not all, of the recent prosecutions have been against individuals.  The timing of this decision is of equal significance.  Vice President Xi Jinping, who is widely expected to be promoted to the Chinese Communist Party chief later this year, is visiting the U.S. next week to discuss a host of diplomatic, economic and policy differences with President Obama and others. 

The Obama administration has not been shy about expressing its concerns about China’s role in economic espionage: Last October’s report by the Office of the National Counterintelligence Executive found that China was the largest source of attacks on U.S. businesses, and accused Chinese intelligence of being a “persistent collector” of data stolen from U.S. companies.  It also follows the conviction of Hanjuan Jin, a Chinese-born American, on Wednesday, February 8, 2012, for the theft of trade secrets from Motorola (the court, after a bench trial, rejected the government’s Economic Espionage Act charges).
 
So what does all of this mean? At minimum, it signals an escalation in the increasingly bitter charges and counter-charges that the U.S. and China have lobbed against one another over the past decade. It will be interesting to see what the next step is in the criminal proceeding, as well as in the broader dialogue between the two governments.

United States of America v- Walter Lian-Heen Liew- et al-0-002.pdf (3.07 mb)

United States of America v- Walter Lian-Heen Liew- et al-0-001.pdf (346.27 kb)

It was a busy week for trade secret and non-compete law and an especially busy week in the cybersecurity realm. Here are some of the most noteworthy stories:   Trade Secrets and Non-Competes:
  • In what promises to be a contentious new trade secret case, Ocean Tomo, LLC, a self-described IP merchant bank, has secured a TRO in California against former employee Steven Lee. Lee was allegedly going to divulge its trade secrets and privileged information to another former employee, Jonathan Barney, who is embroiled in an Illinois arbitration with Ocean Tomo. This promises to be a nasty one and I will keep everyone posted on future developments.
  • Todd Sullivan’s Trade Secret Blog is reporting that Western Digital is now attempting to appeal from the $630 million arbitration award against it in its trade secret dispute with Seagate Technology. As the post notes, one of the supposed benefits of arbitration is finality, until of course you think you got hosed by the arbitrator.
  • I wrote last week about the recent criminal case against Walter Liew who is accused of stealing DuPont’s trade secrets. Reuters is reporting that federal prosecutors have now indicted a state-owned Chinese manufacturer, Pangang Group, as the party that directed him to steal that technology.  While there have been plenty of criminal cases involving Chinese nationals over the past few years, I can’t recall prosecutors so directly calling out the Chinese government in a trade secrets case.  The timing is particularly interesting as Chinese Vice President Xi Jinping is scheduled to visit the U.S. next week on a range of economic, trade, regional and global issues.
  • In what has been characterized as a landmark decision, the Canadian Supreme Court defined a trade secret for purposes of an exemption under Canada’s Access to Information Act. Justice Thomas Cromwell rejected Merck’s efforts to prevent the disclosure of certain documents, holding Merck failed to demonstrate that they qualified as trade secrets. Justice Cromwell ruled that a trade secret “is known only by one or a relatively small number of persons,” “must be capable of industrial or commercial application,” and “the possessor must have an interest worthy of legal protection.”
  • Kenneth Vanko’s fine Legal Developments in Non-Competition Agreements Blog provides some practical advice for both employers and employees when it comes time to terminate employment. The post notes the importance, particularly for employees, of ensuring that any termination is “without cause,” which some courts hold guts a non-compete.
  • Russell Beck’s Fair Competition Law Blog has been doing a very, very thorough monthly compilation of trade secret, non-compete and cybersecurity posts, cases and issues.  It is a great source of relevant information and commentary.  
Cybersecurity:
  • Cyberattacks targeting lawyers continue to be in the news; this week, representing an unpopular client may be enough to make a law firm a target. Ericka Berg of Nelson Mullins posted an article from SC Magazine entitled “Anonymous raids law firm over its defense of Marine” that details a cyberattack by Anonymous on the law firm Puckett & Faraj, which represents a Marine accused of killing 24 Iraqi civilians in 2005. After the firm secured a favorable deal for the soldier, Anonymous raided the firm’s site and boasted that it stole “court mails, faxes, transcriptions, etc.”
  • The Massachusetts Data Privacy Law Blog quotes Symantec for the following staggering statistic:  $113 BILLION was stolen by cyberthieves last year. To give you a sense of the vastness of that number, bank robbers stole a mere $43 billion.
  • Symantec was the subject of an extortion effort by Anonymous hackers. According to Andy Greenberg’s “As Hackers Leak Symantec’s Source Code, Firm Says Cops Set Up Extortion Sting Operation,” the hostage (the source code) is now dead as the sting effort failed to nab the bad guys. It is a good read.
News You Can Use:
  • Andrew Martin of Scott & Scott has put together a nice article entitled “Five Top Provisions in Technology Vendor Agreements.” It’s a useful cross-reference.
  • If you use the popular Internet photo sharing service Path with your iPhone, watch out for your contact information!  CNET first reported that Path has uploaded a number of iPhone user’s contacts without their permission. Path initially said it did so to enhance its customers’ use of the site, and then, realizing a brewing PR storm, apologized yesterday.
  • And, finally, at long last, a device to better enable employees to transfer trade secrets from their tablets and smartphones: Say “hello” to Airshaft!

Late last month, the U.S. Supreme Court issued its long-awaited opinion in U.S. v. Jones, which held that affixing a GPS device to an individual’s car and tracking his movements without a warrant constituted a violation of the Fourth Amendment. The opinion has not only been dissected by academics and criminal defense attorneys but also by a number of technology commentators. One of the better articles is entitled “A Supreme Court Justice’s Radical Proposal Regarding The Privacy of Your Google Searches, Facebook Account & Phone Records,” written by Kashmir Hill, a technology and social media columnist at Forbes. Hill’s article analyzes Justice Sotomayor’s concurring opinion, which has generated the most commentary. It is an important opinion, the type that just may resonate in other areas of the law, including trade secret law as well as the Computer Fraud and Abuse Act.

Let me explain. Justice Sotomayor asked whether the Supreme Court should revise its present notions of the reasonable expectation of privacy in the digital age. In so doing, she questioned the viability of the third party doctrine, a doctrine that holds that the sharing of information with a third party means that you have a diminished expectation of privacy, and less or no Fourth Amendment rights to complain if the government secures that same information. Here are the two paragraphs that stand out:

 “More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as JUSTICE ALITO notes, some people may find the ‘tradeoff’ of privacy for convenience ‘worthwhile,’ or come to accept this ‘diminution of privacy’ as ‘inevitable,’ and perhaps not.

I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.”

What is the impact of this concurring opinion on trade secret law? One of the most litigated issues in trade secret cases is whether a trade secret has been disclosed to a third party and under what circumstances. Some courts have applied a rigid test that disclosure of trade secrets, no matter what the circumstances, may result in the waiver of its trade secrecy. However, many courts have applied an analysis that parallels the one supplied by Justice Sotomayor — one that recognizes that, given the reality of our digital age, there may be some disclosure that is necessitated by practical and economic considerations. For example, does a business waive its trade secrets if it stores them with a cloud provider? Do trade secrets lose their protection if an employee inadvertently discloses some of their elements on the Internet? Are trade secrets lost if some of them are shared with a customer to facilitate or close a sale? A court adopting Justice Sotomayor’s view would likely say “no.”

And the CFAA? This is where Justice Sotomayor’s reasoning could have the greatest impact. I wrote last Fall about the possible fallout from U.S. v. Nosal, a Ninth Circuit case holding that violation of a company’s Internet or computer usage policy could satisfy the access without authorization requirement for a claim under the CFAA. Professor Orin Kerr of George Washington and others had predicted that Nosal’s reasoning could lead to the conclusion that a party’s failure to follow the Terms and Conditions supplied by Facebook, LinkedIn or some other website could give rise to a claim under the CFAA. Sure enough, in September 2011, the Northern District of California found that a commercial party’s failure to follow those terms could give rise to a claim under the CFAA in Facebook v. MaxBounty.

Which leads to the following question: When was the last time any of us actually took the time to read the “Terms of Service” that accompany a software download, to open an account with an Internet Service Provider, or that allow us to do our banking or pay for something on eBay? And if you did take the time to read them and declined them, what happened? I strongly suspect that the reality is most of us don’t have much of a choice when it comes to accepting those terms, whatever they are, to perform those mundane but necessary tasks, unless of course you are content to live like Ted Kaczynski, holed up in a cabin in the woods of Montana.

It is in this respect, therefore, that Justice Sotomayor’s reasoning could have the most impact. Her concurring opinion recognizes the practical realities of the digital age and more importantly, reflects the overwhelming expectation that the vast majority of us have when we access or share information over the Internet, over our mobile phones or through other electronic devices.

02032012A profoundly troubling article by Bloomberg details expanding efforts by hackers to attack system networks of law firms to cull confidential data on sensitive deals and transactions. According to the January 31, 2012 article entitled “China-Based Hackers Target Law Firms to Get Secret Deal Data,” the attacks have been sufficiently serious that the FBI’s cyber division convened a meeting with the top 200 law firms in New York City last November to address the rising number of law firm intrusions.

One attack in particular involved China-based hackers looking to derail a $40 billion acquisition of the world’s largest potash producer by an Australian mining conglomerate. The hackers “zeroed in on offices on Toronto’s Bay Street, home of the Canadian law firms handling the deal.” According to the article:

“Over a few months beginning in September 2010, the hackers rifled one secure computer network after the next, eventually hitting seven different law firms as well as Canada’s Finance Ministry and the Treasury Board, according to Daniel Tobok, president of Toronto-based Digital Wyzdom. His cyber security company was hired by the law firms to assist in the probe. The investigation linked the intrusions to a Chinese effort to scuttle the takeover of Potash Corp. of Saskatchewan Inc. by BHP Billiton Ltd. as part of the global competition for natural resources, Tobok said. Such stolen data can be worth tens of millions of dollars and give the party who possesses it an unfair advantage in deal negotiations, he said.”

Why law firms? The article quotes Mary Galligan, the head of the FBI’s cyber division in New York as observing that “as financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry.” Galligan’s unit held the meeting with the 200 law firms as a result. “We told them they need a diagram of their network; they need to know how computer logs are kept,” the article quotes Galligan as saying of the meeting. “Some were really well prepared; others didn’t know what we were talking about.”

Mandiant, a cybersecurity firm based out of Alexandria, Virginia, estimates that 80 law firms were hacked last year. “Spear phishing” attacks (i.e., targeted attacks at particular individuals) or gaps when transitioning information to cloud storage sites are the preferred means of attack right now. At the November meeting, the FBI also recommended that the law firms review their mobility policies, including the security of e-mail linkups and mobile phones.

The takeaway? As trade secret lawyers, we frequently advise our clients on the importance of managing sensitive information — i.e., limiting access, use of encryption, having sound security policies that are implemented, and creating a culture of security. To the extent that law firms are managing highly sensitive technical data or are involved in highly sensitive transactions, they need to apply their own advice to their employees and IT networks.