A recent decision by the Montana Supreme Court raises one of the trickier situations in the trade secret and non-compete practice: Can you, or better yet, should you, enforce a covenant not to compete against an employee that you just fired?  In Wrig v. Junkermier, Case No. DA 11-0147 (Nov. 22, 2011), the Montana Supreme Court held “an employer normally lacks a legitimate business interest in a covenant when it chooses to end the employment relationship.” Applying that rule, the court refused to enforce a non-compete after the employer elected not to renew the employee’s contract.   Many courts are, at best, ambivalent about non-competes and some are even hostile towards them (California forbids them except in the most limited of circumstances). Trying to enforce a restrictive covenant against an employee who has just been terminated in The Great Recession may be no easy task. Whatever the law, in these situations, an employer will need to overcome the sense that it is “piling on” or rubbing it with that employee. Most jurisdictions require that a company show a legitimate business interest, such as the protection of trade secrets or customer relationships, that justifies enforcement of a non-compete. In this sense, Montana has now joined Illinois and many other states that require that showing. In the case of a fired employee, however, a court may expect a compelling showing of that interest. In the absence of that showing, a court may reason that the employer’s claim that the recently-fired employee now suddenly poses a competitive threat is disingenuous. Or, as the Montana Supreme Court put it, “[a]n employer’s decision to end the employment relationship reveals the employer’s belief that the employee is incapable of generating profits for the employer.” (For a more thorough analysis of the facts and reasoning of the Wrig decision, check out Non-Compete and Trade Secrets Blog’s fine post on this case).   Of course, the circumstances giving rise to the termination will be key. As the Montana Supreme Court recognized, a protectable interest may be found if the firing arose from misconduct of the employee. Thus, as in any injunction case, the conduct of the employee, as well as the employer, will heavily influence the court’s exercise of discretion.   The takeaway? As an employer, take a long, hard look at whether it is worth the time and expense to enforce the non-compete of a fired employee. Be prepared to face an uphill fight if your client has fired or laid off the employee. Having documentation supporting a termination for cause will be critical but also do not understimate the importance of demonstrating a compelling trade secret or customer relationship interest.

In the first installment of this post last week, we looked at the emerging BYOD (Bring your own device to work) movement and the IT community’s concerns about security. This week, in Part II of that post, we drill down on those security issues and look at what others are doing to address them.

Security concerns: The first and greatest security concern arises from the complication of retrieving confidential information and trade secrets before an employee resigns or is terminated. If an employee has copied, transferred or downloaded that information into his or her personal device, the risk that everything has not been returned, deleted or destroyed increases significantly. 
 
The second concern is carelessness: in a widely reported story earlier this year, an Apple employee apparently left his unreleased iPhone 5 prototype at a bar, causing understandable angst within Apple.  
 
The third concern, as we noted last Friday, is the fact that mobile devices and employees are increasingly being targeted by cyberthieves. As Symantec reports, one third of data breaches in 2010 occurred through mobile devices. A popular means of penetration is using Trojans that pose as legitimate apps, which are then uploaded to mobile app marketplaces in the hopes that an employee may download and install them into them their phones, which will then in turn allow malicious code to enter into the employer’s infrastructure. This means of attack, coupled with the target efforts at individuals because of the ability of crooks to gather information about them through social media, will only likely increase.
 
So what can a company do? The first step before implementing a new policy should be to find out who is accessing the company’s servers and what devices the employees are using. Until that audit is conducted, the company literally has no idea who is tapping in to its servers.  Once it understands what devices are being used and by which employees, it can evaulate the type of policy that may fit its business.

Not surprisingly, the degree to which an employer imposes a personal device policy depends largely on what type of “work” the employee will be performing on his or her device.  An employee’s use of his personal smartphone or laptop to access email will likely face little opposition from the employer, so long as the email is accessed through a web-based program such as Webmail. Because Webmail is Internet-based and allows the employee to access their email account from literally any computer in the world, accessing email from the employee’s personal device is of little consequence. The company already has internal security measures in place to protect the access of email on the Webmail server (through, among other things, the use of an https:// address).

Security is of greater concern, however, where the employee seeks to “tap in” to an employer’s exchange or other internal server. If not blocked, that access is easy for the employee, with even the iPhone or Droid default email program allowing access to the exchange server with just the simple input of the employee’s username and password. 

Companies that elect to allow their employees to access exchange servers or other databases which house sensitive or confidential information should consider requiring those employees to download a program or application onto their device which gives the IT department the ability to monitor the employee’s use of the server and “wipe” the device should it become lost or compromised. Of course, employees may be more reluctant to allow their IT departments access to their personal devices, the same ones on which they store photos of their children, their favorite music, and applications which access personal Facebook or Twitter accounts. For personal devices, employees obviously have a greater expectation of privacy than the work-issued laptop that they might also use for personal reasons.

Marisa Viveros, a VP for Security at IBM, recently outlined the following practical steps a company and its employees can take right now to protect their work and personal data:

  • Make sure you protect access to your device with a password or PIN to keep intruders out if the device is lost or stolen.
  • Only download applications from well-known, trusted sites.
  • Make sure you install system updates and run anti-malware as prompted.
  • Back up your data on a regular basis.
  • Have the ability to track your phone and remotely wipe all its data if it is stolen. You can easily find an app that will allow you to do this.

Finally, an employer who wants to err on the side of extreme caution when it comes to protecting its confidential information (including trade secrets) should either: (a) not allow employees to use personal devices for work purposes at all; or (b) require those employees to install on whatever security measures are necessary to protect the information on those personal devices. Its employees might not be happy about being given such an ultimatum, but those employers should also be prepared to offer a work-issued device to the employee if they are expected to be “available” after 5:00 p.m. If you don’t want your employees using their personal devices to access the email exchange server, then you may have no choice but to give them (and pay for a data plan for) a Blackberry or comparable device. 

As they have in the past, employers and employees will eventually figure out how to balance the competing concerns of convenience and security and shape a policy that best fits that company. In the meantime, there will invariably be bumps along the road as they figure out how best to integrate these technological issues into the workplace. (A special shout-out to my colleague Phil Eckenrode, a vocal member of the BYOD community, for his hard work and assistance with this post.)

As some of you may know, Symantec issues Internet Security Threat Reports each year. While there were a number of noteworthy findings in the most recent edition, the most striking was that more than one in three data breaches involved a mobile device, a finding that should only reinforce the concerns that gave rise to yesterday’s post about the use of employee’s personal devices for work. I have attached a PDF below of the report for those of you who want to read it but want to avoid having to get on Symantec’s mailing list.  (Just kidding, Symantec).

Symantec expects cybercriminals to increase their attacks on mobile devices in 2011 and 2012. As the executive summary ominously observes: “The installed base of smart phones and other mobile devices had grown to an attractive size in 2010. The devices ran sophisticated operating systems that come with the inevitable vulnerabilities—163 in 2010. In addition, Trojans hiding in legitimate applications sold on app stores provided simple and effective propagation method. What was missing was the ability to turn all this into a profit center equivalent to that offered by personal computers. But, that was 2010; 2011 will be a new year.”

Other highpoints of the report include:

  • The specific targeting of individuals through the use of information gathered through social media information is expected to increase. For more on this practice, known as spear-phishing or in the case of high value targets such as CEOs, whaling, please see my November 4, 2011 post. 
  • Currently most malicious code for mobile devices consists of Trojans that pose as legitimate applications. These applications are uploaded to mobile “app” marketplaces in the hopes that users will download and install them. 
  • Attack toolkits continue to lead in Web-based attack activity because “[t]heir ease of use combined with advanced capabilities make them an attractive investment for attackers.”

In addition to identifying these threats, as the Womble Carlyle Trade Secret Blog wryly notes, Symantec has also recently supplied a profile of your friendly neighborhood trade secret thief. He is 37 years old, white, male and probably a programmer or engineer. That should narrow things down.

 

Symantec 2010 Report.pdf (1.62 mb)

One of the more important debates percolating within the trade secret community, as well as society at large, is what to do about the use of personal electronic devices. The colliding realities of today’s 24/7 workplace and the increasing security risks posed by the use of devices outside the protective sphere of a company’s infrastructure are bringing this issue into focus.  IT managers and CIOs are not the only ones talking about this issue; national media, including Forbes, the New York Times and the Wall Street Journal, have noted the tension betwen these forces in many recent articles.

To give this topic the attention it deserves, I am going to divide it into two posts. Part I will address the data and issues that are driving this problem to the front of the desks of many in-house lawyers, HR managers, CIOs and IT managers; Part II will address the security issues and what companies are doing, and can do, to reduce or eliminate this security risk.

The Facts Driving the Debate: One thing is clear, and that is that employees want to be able to use their personal devices for work. According to a survey, 35% of IT managers say they are under increased pressure from employees to offer greater flexibility for the use of personal devices. 

The reasons why employees want to use their personal devices for work are straightforward: (1) an individual employee is much more likely to keep up with ever-changing technology, as opposed to the employer, who as a matter of practical economic reality cannot match that pace (on average, companies upgrade their computers and other devices only once every three years); (2) employees, who are going to own their own devices regardless of their employer’s policy, don’t want to have to carry two smart phones, two laptops, etc.; (3) employees are expected to perform more work from home and many times after 5 p.m., so they do not want to be saddled with what they perceive as relatively “outdated” office technology while on (what was previously) their personal time; and (4) employees simply prefer working from a device with which they are comfortable and familiar, a fact reflected in their purchase of that device. These facts are unlikely to change anytime soon.

Those advocating the increased use of employee devices have coined the phrase “BYOD” (Bring Your Own Device) for those companies and firms that allow for greater use of employee devices.  Proponents claim that BYOD benefits the employer as well because it saves the company money, increases employee morale, and allows their employees to be more available after hours. However, as one opponent of BYOD commented, after identifying the legal, security, and logistical problems that accompany employees’ use of personal devices: “BYOD, you say? Better follow it up with BYOB, because you’ll want something to dull the pain.” (See Erik Sherman’s recent take in the Wall Street Journal article, “Should Employees be Permitted to Use Their Own Devices for Work?”  John Parkinson presents a nice defense of the BYOD position in the same article, some of which is incorporated above).

The Great Unknown:  Now for the frightening part:  recent research and surveys suggest that few companies and IT departments are adequately prepared – let alone adequately educated – to address the relevant issues head-on. According to a November 21, 2011 Citrix press release, a recent global survey by Citrix revealed that 62% of small and medium-sized businesses have no internal IT controls in place to manage employee-purchased smartphones, tablets, laptops, and other devices.  

Even more alarming, the Citrix survey found that 45% of the IT managers surveyed were unaware of all the devices being used to access their servers.  I am going to repeat that statistic — nearly half of those IT managers could not identify all of the devices that were accessing their servers.  Probably for that very reason, 57% of IT managers polled are most concerned about the security implications of employees using personal devices to conduct business.

We’ve confronted the issue and the facts on the ground.  Now, in next week’s Part II of this post, we will look at the practical consequences and what companies are doing, or can do, to protect themselves. 

A merger’s impact on the non-competes of the merged company remains a hot topic (see my October 7, 2011 post about the U.S. Court of Appeals for the First Circuit’s reasoning in OfficeMax v. LeVesque, which found the non-competes at issue did not protect the new company). Three weeks ago, the Ohio Supreme Court heard oral argument in a case, Acordia of Ohio LLC v. Fishel, that will go a long way in determining whether non-competes that do not specifically address the new company survive a merger in Ohio.

In Acordia of Ohio, the trial court refused to enforce the four non-competes in question. It ruled that under the specific language of those contracts, the restrictive covenants were confined to the specifically named employers, which changed over time after a series of successive mergers. After each merger, the company holding the specific non-compete disappeared. According to the trial court, this effectively terminated employment under each non-compete and triggered the time period of each non-compete. By the time the four employees decided to leave and join a competitor, each of their non-competes had expired under this analysis. 

The First Appellate District in Hamilton County affirmed the ruling late last year, looking not only at the language of the agreements in question but relying on Ohio statutory law to support its holding (citing in particular, Ohio R.C. 1701.82(A)(3)), which deals with the legal effects of a merger of Ohio corporations). The First District relied on older Ohio Supreme Court authority holding that “the absorbed company ceases to exist as a separate business entity” and that “[b]ecause the predecessor companies ceased to exist following the respective mergers, the Fishel team’s employment ceased to exist following the respective mergers, the Fishel team’s employment with those companies was necessarily terminated at the time of the applicable merger.” 

Former Ohio Court of Appeals Judge Marianna Brown Bettman’s Legally Speaking Ohio Blog has a fine summary of the questions asked by the Ohio Supreme Court Justices at the November 15, 2011 oral argument.  It is tough to handicap how the Court will rule. Logically, the employees’ position does not make sense: if the company in fact disappears, what is there to trigger, let alone compete against or protect, since there is no company left?  On the other hand, Ohio courts have shown increasing antipathy to non-competes over the past four years; given the language of the non-competes and the apparent absence of a provision allowing for the assignment to successors or assigns, it is altogether possible that the Supreme Court could affirm that the non-competes expired. This one is too close to call.

The takeaway? A better definition of “Company” under the Agreement (one that explicitly includes successors and assigns) as well as a provision providing that the agreement shall inure to the benefit of the parties’ successors and assigns would have better protected the employers. In addition, to remove all doubt, perhaps the simplest approach would be for all of the employees re-sign their non-competes with the new employer just before or after the merger.

Earlier today, the Illinois Supreme Court issued a much-anticipated ruling in Reliable Fire Equipment v. Arredondo, Illinois Supreme Court, Case No. 111871 (Dec. 1, 2011), holding that Illinois trial courts are required to determine whether a legitimate business interest exists based on the totality of the facts and circumstances of each individual case. 

In Reliable Fire Equipment, the trial court found the two non-competes before it to be unenforceable because the employer had failed to prove the existence of a legitimate business interest in support of the two non-competes. In what the Illinois Supreme Court described as a sharply divided panel, the appellate court nevertheless affirmed that decision.

According to the Legal Developments in Non-Competes blog by Illinois lawyer Kenneth Vanko, a three-way split had developed among Illinois Appellate District courts on how a legitimate business interest was to be analyzed. One line of cases had applied a categorical test that limited legitimate interests to customer relationships and confidential information, another had apparently questioned whether that requirement was even necessary, and the third had applied a fact-based analysis based on the circumstances of each case. Kenneth predicted, correctly it turns out, that the Illinois Supreme Court would adopt the fact-based analysis for determining business interests.

The Illinois Supreme Court reiterated that proof of a legitimate business interest was still required and that a covenant not to compete would only be enforced as reasonable if (1) it was no greater than required to protect the legitimate business interest of the employer; (2) did not impose an undue hardship on the employee; and (3) was not injurious to the public. In so doing, the Supreme Court explicitly rejected the holding of Sunbelt Rentals, Inc. v. Ehlers, 394 Ill.App.3d 421 (2009), which had held that an employer did not need to demonstrate a legitimate business interest when it sought to enforce a restrictive covenant. This came as no great surprise as the Sunbelt decision has been criticized and a number of Illinois appellate courts had declined to follow it.

Instead, the Illinois Supreme Court concluded that there must be an examination of the underlying business interest, focusing on the totality of the facts and circumstances of each individual case. Factors such as the near-permanence of the customer relationships to be protected, the employee’s acquisition of trade secrets or confidential information through his employment, and the time and place restrictions within the covenant are all to be considered and weighed.

The takeaway? Illinois trial courts are now indisputably vested with tremendous discretion to determine what qualifies as a legitimate business interest. While this ruling will lead to less certainty (something that is always good for lawyers, less so for their clients), one can hope it will lead to more equitable and practical results. 

Cisco’s General Counsel, Mark Chandler, has taken the unconventional step of writing a blog post criticizing Hewlett-Packard for repeatedly suing former employees who have joined Cisco over the past two years.  This post follows, and apparently details, the recent lawsuit filed by HP filed against its former Chief Technologist, Paul Perez, who joined Cisco on November 14 (for more on the litigation, see my recent post).  HP had sought to enforce a non-compete in Texas after Perez had filed an action in California challenging the enforceability of that same non-compete.

According to Chandler’s post, Perez has prevailed — emphatically — in the two lawsuits thus far.  Chandler reports that Perez’s Texas attorney was able to derail an effort at an ex parte temporary restraining order that was hurriedly scheduled in advance of a pending hearing in the California action on the very same issue.  Cisco’s legal department had reached out to HP to resolve the dispute before the California hearing, advising HP’s legal staff that Cisco had put safeguards in place to protect HP’s trade secrets (as HP had done earlier this year to insulate itself in a dispute with IBM, about which I also recently posted).

Instead of responding to that olive branch, HP apparently sought an “emergency” TRO conference without notice to Perez or Cisco even though the California hearing was scheduled to begin in two hours.  When Perez’s Texas attorney saw HP’s filing online, he appeared before the Texas court unexpectedly to report that “the matter was already in front of a California court, with HP fully represented.”  Chandler noted that “the judge in Texas was not impressed by HP’s effort to get her to act without a hearing,” that “she refused to proceed” on HP’s TRO request, and later that day “the California judge issued an order allowing [Perez] to begin his new career at Cisco.”

This resounding win and resulting post are both getting a fair amount of coverage.  The Wall Street Journal’s Law Blog, the San Francisco Chronicle, the San Jose Business Journal, and technology blogs like All Things Digital have all reported on Chandler’s post.  I have not been able to access either court’s ruling but, given the attention this case is receiving, I will do a post later once I have the opportunity to review them. 

The lesson here is ex parte requests are rarely granted and even more rarely appreciated by courts.  This is especially true when the court learns that the other side has counsel and has expressed an interest in trying to work things out.  In these high profile disputes, this aggressive approach can backfire and result in not only a legal but public relations coup for the other side.

If you fail to comply with the fine print found within the Terms of Service of an online agreement, have you committed a crime? That is the troubling question raised by increasingly broad interpretations of the acts sufficient to trigger a criminal action (or civil claim) under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030.
 
In an interesting post entitled “Lie about your age … Steal a trade secret … It’s all criminal,” the Non-Compete Trade Secrets blog posits that failing to follow some of the broadly written and mundane Terms of Service provided by many websites could, in the wrong circumstances, be enough to justify an indictment by an overzealous prosecutor.  Orin Kerr, professor and author of the Volokh Conspiracy Blog, has also written about the potential for abuse in his blog and in a recent op-ed piece in the Wall Street Journal.  Their concerns arise from recent decisions expanding one of the critical prongs of the CFAA — whether a defendant “exceeded authorized access” of a protected computer.
   
The most noteworthy of these decisions is the Ninth Circuit’s recent holding in U.S. v. Nosal,  642 F.3d 781 (9th Cir. Apr. 28, 2011).  In that case, the Ninth Circuit held that the violation of a computer use policy that placed “clear and conspicuous restrictions on the employees’ access” to the employer’s computer system and the specific data at issue could be enough to qualify as conduct that exceeded authorized access. The Northern District of California has since applied Nosal’s reasoning to online agreements, at least in a civil dispute between commercial parties. In Facebook v. MaxBounty, Case No. CV-10-4712-JF (N.D. Cal, Sept. 14, 2011), that district court found that a violation of Facebook’s terms of use could qualify as access without authorization under the CFAA.
 
It’s not just lawyers musing about the implications of these decisions. Even the Wall Street Journal has chimed in, expressing concern that the proliferation of online agreements that many of us mindlessly click and accept could trigger a violation of the CFAA. For example, supplying the wrong age, height or weight in a profile for a dating website might qualify as a violation of the CFAA because you may have agreed not to provide inaccurate or misleading information to the website. And this does not even account for the fact that many of these online agreements reserve the right for the provider to change those Terms of Service without notice at their discretion.
 
Naturally, federal prosecutors dismiss such fears.  According to the WSJ, Richard W. Downing, deputy chief of the Computer Crime & Intellectual Property Section at the Justice Department’s Criminal Division recently testified that such fears were “unsubstantiated.” According to Downing, the Justice Department would not “expend its limited resources on trivial cases such as prosecuting people who lie about their age on an Internet dating site.” The problem, however, is that not that prosecutors will pursue everyone, but that they have the discretion to pursue anyone.
 
The tide may be turning. While Nosal was initially applauded by many in the trade secret community because it would bolster employers’ protections under the CFAA, libertarian groups such as the Electronic Frontier Foundation argued that Nosal could criminalize the very acts outlined above as violations of broadly written Terms of Service. Perhaps as a result of those arguments, the Ninth Circuit indicated on October 27, 2011 that it will rehear Nosal en banc and noted that in the meantime Nosal was not to be used as precedent in the meantime.
 
I have to agree with the commentators on this one.  Isn’t the correct question what did Congress intend to prohibit when it enacted the CFAA?  I have not burrowed into the legislative history, but is difficult to imagine that the CFAA was supposed to govern a consumer’s failure to follow the fine print in an online licensing or terms of use agreement.

As many of you know, the challenges posed by the Internet and the potential for abuse by self-styled whistleblowers are two things near and dear to my heart.  A thoughtful but potentially troubling decision on November 9, 2011 by the U.S. District Court for the Northern District of California in Art of Living Foundation v. Doe, Case No. 5:10-cv-05022-LHK, may make it more difficult for trade secret plaintiffs to litigate against anonymous bloggers who post trade secrets on a website.

The Art of Living Foundation (AOLF), a religious group based in Bangalore, India with chapters in more than 140 countries, was accused of being a cult by the Doe Defendant, a blogger who uses the pseudonym “Skywalker.” As a result, AOLF sued Skywalker last November, claiming that two of his posts misappropriated some of its trade secrets, infringed its copyrights, and defamed it.  AOLF claimed that Skywalker and other defendants published AOLF’s copyrighted Breathe Water Sound manual and trade secret teaching methods in his blog and also made numerous false and disparaging remarks about AOLF and Ravi Shankar, who apparently holds himself out as an “enlightened being” and leader of this movement.

AOLF issued various subpoenas on several Internet Service Providers to discover Skywalker’s identity, and Skywalker moved to quash those subpoenas on First Amendment grounds. The Magistrate denied the Motion to Quash, but that decision was subsequently overturned by District Court Judge Lucy H. Koh, who balanced the rights of Skywalker against the needs of AOLF to discover Skywalker’s identity.  Using a practical approach, Judge Koh ultimately concluded that discovery of the blogger’s identity was premature because motions for summary judgment and to strike AOLF’s claims were fully briefed and ripe for decision. This part of the decision makes sense, since Judge Koh had already dismissed the defamation claim on First Amendment grounds on June 15, 2011.

My Concerns About The Ruling:  I think addressing the First Amendment question on the identity of the blogger was unnecessary.  AOLF may or may not be a cult, Skywalker may or may not be a disgruntled former member, and it is hard to argue against a blogger’s First Amendment right to criticize a large religious institution on what appears to be a genuine issue of public interest. That being said, in its desire to reach the First Amendment issues, the district court ended up engaging in circular reasoning. For example, Judge Koh recognizes that the nature of the underlying speech (is the speech political, religious or literary, or is it merely commercial?) will trigger the rigor of the standard to be applied to the speech in question. 

For this reason, the district court distinguished decisions ordering the identity of defendants in copyright cases where unidentified defendants are alleged to have illegally downloaded and distributed a plaintiff’s copyrighted songs using a “peer to peer” file copying network. Judge Koh reasoned that the individual’s motivation in those cases was commercial (i.e., to obtain music for free) as opposed to trying to communicate an idea or thought. This analysis is consistent with Ninth Circuit’s 2010 decision in In re Anonymous Online Video, which ordered the identity of the speakers because the speech was commercial and directed to the commercial and business practices of the plaintiff. (For a fine analysis of that decision, see this post from the IP Law Blog).

However, how can a party adequately determine whether the speaker in question is motivated by commercial interests if he can hide behind a veil of anonymity? After all, as the Second Circuit has recently held, a Doe defendant’s arguments may raise “questions of credibility and plausibility that cannot be resolved while [a Doe Defendant] avoids suit by hiding behind a shield of anonymity.” Arista Records LLC v. Doe, 604 F.3d 110, 124 (2d Cir. 2010). By foreclosing discovery regarding the defendant’s identity, a plaintiff may be precluded from determining whether there is in fact a commercial component to the speech in question. 

The second problem that I have with the district court’s reasoning was its willingness to readily accept Skywalker’s protestations of harm.  Holding that “to the extent that Skywalker’s anonymity facilitates free speech, the disclosure of his identity is itself an irreparable injury.” (Opinion at p. 13). The problem with this reasoning is that any disclosure of a blogger’s identity is equated with irreparable injury. Mark my words, we will see this language again in some other opinion in the future. Similarly, Judge Koh acknowledged that the blogger’s claims of potential retaliation were “not particularly reliable.” (Id. at p. 14). Yet on this weak record, she found that it still outweighted AOLF’s right to discover the blogger’s identity.

This is a pet peeve of mine. When issues of the First Amendment are raised, some federal courts are too eager to race to embrace them, particularly when public interest groups like the ACLU or First Amendment Coalition fan the flames. In this case, the district court could have easily punted based on the procedural posture of this case alone, the position that it ultimately settled on in deferring discovery. Unfortunately, the district court unnecessarily engaged in an involved First Amendment analysis that may prove problematic when applied later in another case to a less worthy defendant.

Finally, should the mere fact that a motion to dismiss or summary judgment is filed be enough to prevent discovery on the issue of the identity of the blogger? Again, the cloak of anonymity may frustrate the ability to meaningfully respond to such a motion.  One would hope that, under different facts, that the balancing test used by a district court would yield a different result.

I am a big believer in transparency and, as a result, I am always skeptical of those who claim that they should be free to criticize or do anything else under the cloak of anonymity.  We all know this is especially true given the potential harm that the Internet can cause.  Courts sometimes are too willing to accept the narrative of the noble but at-risk whistleblower, when the story may turn out just as easily to be that of someone who has an axe to grind or is simply unhinged.  Yes, AOLF is hardly a sympathetic plaintiff, and yes, AOLF probably wanted the identity of the blogger for reasons other than service of process.   However, another court may now take this reasoning and apply it to a situation where the identity of the blogger is simply not worthy of First Amendment protection.

As WikiLeaks’ funding has dried up and as the federal government presses ahead in its prosecution of those behind it, the risk posed by that once-dangerous phenomenon appears to be waning.  Throw in the recent SyncSort v. Innovative Resources decision holding that mere publication on the Internet does not destroy trade secrecy, and a trade secret plaintiff should feel better about its chances of prevailing these days in these cases.  However, the unnecessary First Amendment reasoning used in this case could lead to mischief later.

Law360 is reporting that the Hewlett-Packard Company (HP) sued its former Chief Technologist for its StorageWorks unit, Paul Perez, in Houston, Texas on Wednesday, November 16, 2011, to enforce a non-compete and non-disclosure agreement.  Perez resigned to join Cisco Systems on Monday, November 14, 2011, and according to HP, he has filed a preemptive lawsuit in California asking for a ruling that he is free to work for Cisco. 
 
According to the complaint filed in Hewlett-Packard Company v. Paul Perez, Harris County, Texas (Dist. Court No. 201169187), Perez was responsible for leading the HP StorageWork unit’s technology strategy and exploration processes, keeping a census of its IP portfolio, and leading the unit’s patent review process. After working for HP for more than 25 years, Perez executed a one-year non-compete in 2010. HP contends that Cisco is a direct competitor and that by serving as Chief Technology Officer with Cisco’s Server Access Virtualization Technology Group, Perez is violating his non-compete.   
    
Like some other high profile disputes involving senior executives, there is a looming battle over which law and forum should govern. According to HP, Perez agreed that he would not pursue any legal action to set aside or avoid his non-compete. However, on the day that he resigned (November 14, 2011), Perez filed a complaint against HP in California challenging the enforceability of his non-compete (Perez v. Hewett-Packard Company, Cause No. 111-CV-213052, Superior Court of California, County of Santa Clara). HP argues that the court should disregard Perez’s claims of California residency because he still owns a home in Texas and never advised HP of any move to California.

As I have written before, the first court to hear the injunction generally decides the outcome of the case. Most if not all of these cases involve efforts by the former employee to invoke California law, which we all know forbids non-competes except under the most limited circumstances. However, California courts have not been terribly receptive to eleventh-hour claims of residency and have been willing to defer to the court in the state in which the employee previously resided. For example, in a high profile non-compete case in 2009, David Donatelli, the chief of EMC’s storage division, moved from Massachusetts to California to join (ironically) HP and tried the same approach; that strategy fizzled when the Massachusetts court enforced the non-compete in substantial part and the California court then demurred on grounds of comity. (Full disclosure: I have represented EMC in the past).

I will keep an eye on this one and provide an update if there is a decision.