Bring Your Own Device… But Beware

By Thomas Hubert on Posted in Confidential Information, Data Protection, Employee Monitoring, Trade Secret

Set of touchscreen smartphonesOver the last decade, smart phones, laptops, and tablets have become essential components for a successful business model. Many business leaders correlate increased mobile connectivity with increased productivity. In theory, remote access to company data allows employees to efficiently work anytime, anywhere. “Bring Your Own Device” (BYOD) policies have emerged as one of the most popular options for providing employees with access to these new technologies.

But companies should consider the potential perils associated with increased accessibility to corporate data through an employee’s personal device. And—particularly—trade secret theft if the employee plans to resign for employment with a competitor or to start a competing business. Companies must be concerned about what employees are doing on personal devices that are likely less monitored than company-owned devices and that may be synced with various cloud storage networks or data-sharing services.

Consider this scenario. Before resigning, an employee had access to and downloaded confidential documents on several personal devices, like a tablet, phone, or even a computer. She has also stored customer contacts on these devices.  All the data—the contacts, emails, documents, etc.—remain on these personal devices when she resigns to work for a competitor. The confidential information is now in a competitor’s hands. Or consider a slightly different scenario, where the employee intentionally uses these personal devices to download and steal the company’s confidential information right before resigning to work for this competitor.

So what should a company do?

Continue Reading

Thinking Beyond The NDA

By PJ Kee on Posted in NDAs, Trade Secret, Trade Secret Audit

Non-Disclosure Agreements are now staples for start-ups seeking funding from third-party investors. But entrepreneurs shouldn’t rely solely on NDAs to protect their nascent trade secrets. You must think beyond the agreement—especially in tech industries where competitive advantages go stale quickly.

Two recent blog posts highlight helpful strategies for tech entrepreneurs to begin this process, though in different ways. One uses HBO’s new comedy series Silicon Valley to explain what the show’s protagonist and fellow cohorts should have done to better protect Pied Piper’s trade secrets (and why not pause to enjoy the  “Incubator” in action).

While the other tells an anecdote about an emerging company’s struggles with an investor-turned-competitor:

Recently, one of my emerging company clients with a truly disruptive idea and a great management team … had been talking to a Fortune 100 company using that company’s “standard” NDA. After months of effort and collaboration, my client was ready to introduce its product at a customer conference sponsored by the Fortune 100 corporate partner. Instead, the partner introduced its own product, using my client’s trade secrets. That presented a fundamental flaw of NDAs:  in order to enforce the NDA, my client would have to sue the infringing party. And how many early stage businesses can afford to bring a lawsuit against a Fortune 100 company? Any such lawsuit, especially one alleging unscrupulous behavior on the part of the large company, would draw a quick and very expensive countersuit.

There’s a consensus here. Entrepreneurs cannot take their trade secrets for granted by relying on “standard” NDAs. And I’ve highlighted some of the helpful strategies to protect your trade secrets and intellectual assets: Continue Reading

Chinese Military Officers Indicted For Economic Espionage And Trade Secret Theft

By PJ Kee on Posted in CFAA, Criminal, Economic Espionage Act, Trade Secret

wanted_cyber051914

A federal grand jury in Pennsylvania indicted five Chinese military officers for economic espionage and trade secret theft this morning.  According to the indictment, the five officers engaged in an elaborate conspiracy to hack into the computer networks of five U.S.-based companies, as well as a labor organization, to steal trade secrets and proprietary information that would be useful to Chinese competitors and state-owned enterprises.

This is the first-ever indictment against a state actor involving this type of cyber espionage. U.S. Attorney General Eric Holder remarked:

This is a case alleging economic espionage by members of the Chinese military and represents the first-ever charges against a state actor for this type of hacking. The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response. Success in the global market place should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets. This administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market.

The indictment included 31 counts, charging the five officers with computer fraud and abuse; aggravated identity theft; economic espionage; and trade secret theft.  The alleged criminal conduct occurred from 2006-2014 and targeted Westinghouse Electric Co.; U.S. subsidiaries of SolarWorld AG (SolarWorld); U.S. Steel Corp.; Allegheny Technologies, Inc. (ATI); Alcoa, Inc.; and the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW).

Continue Reading

On The Hill: FBI Offers Tips For Fighting Trade Secret Theft

By PJ Kee on Posted in Congress, Criminal, Trade Secret

On May 13, 2014, before a Senate subcommittee, the FBI’s Assistant Director for the Counterintelligence Division testified about the bureau’s efforts to combat economic espionage and trade secret theft—which cause, according to the Office of the National Counterintelligence Executive, “tens or even hundreds of billions of dollars annually to the American economy.”

Fighting economic espionage and trade secret theft remains a top priority. This was the overriding message of the Assistant Director’s opening statement, as he walked the subcommittee through the government’s coordinated law enforcement efforts, as well as the FBI’s attempts to raise awareness about these threats (including a plug for the FBI’s recently released film The Company Man: Protecting America’s Secrets that dramatizes a recent trade secret theft case—trailer below).

The Assistant Director also offered salient advice on how companies can protect themselves from insider threats. He first noted a trend. Companies who learn about trade secret theft often pursue private negotiations or civil litigation—without alerting law enforcement. The FBI wants this to change:

The FBI is committed to ensuring companies have an established line of communication to report concerns about possible economic espionage or trade secret theft to law enforcement. But the FBI must assure companies the government will work to protect their proprietary information from disclosure during prosecution, so that more companies are willing to come forward and report concerns about possible trade secret theft.

But the bureau cannot address the threat of trade secret theft alone. Companies must take steps to protect their information more proactively, the Assistant Director advised.  Here are the FBI’s  suggestions that companies should implement:

  • Mark sensitive material as secret or proprietary information;
  • Limit access to protected material (and if a piece of information is critical to the long-term success and profitability of a company, limit access to those employees who have a need to know);
  • Monitor who accesses the protected material;
  • Provide regular employee training and more frequent notices regarding company policies on protecting trade secrets;
  • Consider implementing non-disclosure agreements with employees; and
  • Evaluate internal operations and policies to determine whether current approaches are tailored to the company’s risks posed by insider threats.

The Assistant Director also emphasized employee education. Companies need to educate employees on detecting warning signs that a colleague may be stealing or planning to steal trade secrets. Warning signs could include:

  • Working odd hours without authorization;
  • Taking home company proprietary information;
  • Installing personal software, or personal media, on company equipment;
  • Taking short trips to foreign countries without notification or for unexplained reasons;
  • Enjoying a sudden influx of wealth; and
  • Living beyond his or her means.

Recognizing potential theft is not enough, though—employees must also timely report any suspicious behavior to appropriate company personnel. But this will only occur within a workplace culture where protecting trade secrets is consistently emphasized as being crucial to the company’s continued success.

The Assistant Director essentially sent out a call to arms: while the federal government is committed to protecting U.S. companies from economic espionage and trade secret theft, companies must take the lead in protecting themselves. And his suggestions for doing so are right on point.

The SEC’s Cybersecurity Initiative

By Luke Falgoust on Posted in Cybersecurity

On April 15, 2014 the Securities and Exchange us-securities-and-exchange-commissionCommission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a National Exam Program Risk Alert entitled OCIE Cybersecurity Initiative (the “Risk Alert”) announcing its plans to conduct examinations of more than 50 registered broker-dealers and investment advisers focused on cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.

Although the Risk Alert does not specify, it can be expected that the sample of firms to be examined will be selected to gather information about how firms of different sizes and levels of complexity are addressing cybersecurity risks. Accordingly, registered broker-dealers and investment advisers should review the Risk Alert carefully and prepare for dealing with a potential examination by OCIE of their cybersecurity protocols, policies and defenses.

The Risk Alert includes a sample information and document request list that describes the various categories of detailed information that OCIE will potentially be seeking through its examinations. This disclosure by OCIE is intended to provide compliance professionals in the securities industry with questions and tools they can use to assess their firms’ level of preparedness. The sample information and document request list also can be used by a firm’s compliance department as a guide to track the firm’s cyber infrastructure, assess the firm’s cybersecurity risks and document, implement and monitor policies and procedures regarding identification, documentation, prioritization and mitigation of cyber risks. The sample request list suggests that all financial firms should, among various other measures:

  • use an established framework to address cybersecurity;
  • have written policies and procedures in place to manage information security assets, networks and information;
  • conduct periodic risk assessments to identify physical cybersecurity threats and vulnerabilities;
  • identify persons responsible for overseeing cybersecurity risks;
  • implement a cybersecurity incident response policy; and
  • maintain insurance that specifically covers losses and expenses attributable to cybersecurity incidents.

OCIE hopes that these examinations will identify areas where the SEC and the securities industry can work together to protect investors and capital markets from cybersecurity threats.  Registered broker-dealers and investment advisers should review the information and document requests included in the Risk Alert and evaluate their existing cybersecurity policies and procedures. Financial firms should also prepare for OCIE’s greater scrutiny of their cybersecurity policies and procedures.

Federal Jury Convicts Employee Of Trade Secret Theft

By PJ Kee on Posted in Criminal, Trade Secret

Phillip Groves could face up to 40 years in jail and a $1,000,000 fine after a federal jury in Kentucky convicted him of violating 18 U.S.C. § 1832. That statute criminalizes converting a trade secret related to a product or service used, or intended for use, in interstate or foreign commerce if the conversion was intended to harm the trade secret’s owner or benefit anyone other than the owner. The statute sets forth specific conduct qualifying as a conversion, including:

  • stealing, or without authorization, appropriating, taking, carrying away, or concealing, or by fraud, artifice, or deception obtaining such information; and
  • without authorization copying, duplicating, sketching, drawing, photographing, downloading, uploading, altering, destroying, photocopying, replicating, transmitting, delivering, sending, mailing, communicating, or conveying such information.

Much like the Uniform Trade Secrets Act, a “trade secret” under this statute includes a wide range of information that the owner has taken reasonable measures to keep secret and that derives independent value from “not being generally known to, or not being readily ascertainable through proper means by, the public.” Specifically included are:

all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing.

According to the indictment and the recent press release, the U.S. attorneys offered evidence that Groves copied and transferred approximately 30,000 files containing trade secret information from his former employer’s—White Drive Product, Inc.—network onto an external hard-drive. The copying and transferring occurred on February 22 and 27, 2008, around two to three months before he resigned to work for a White Drive competitor. The jury found that Groves did so intentionally to harm White Drive and to benefit himself and White Drive’s competitor.

Sentencing was scheduled for July 23, 2014. But Groves has filed a motion challenging the jury verdict and asking the court to enter a judgment of acquittal or to order a new trial. We will continue to monitor this case and provide relevant updates.

Trading Cards or Trading Secrets?

By Jones Walker LLP on Posted in Confidential Information, IP, Trade Secret

Are published baseball card prices protectible as trade secrets? That’s one question raised in a lawsuit recently filed in Seattle, Washington. Beckett Media, LLC, a publisher of pricing and other information on collectibles and specialty products, sued Check Out My, LLC, the owner of COMC.com, which offers consignment services for collectible cards and other memorabilia.

Before the lawsuit, COMC had licensed Beckett Media’s pricing data, which helped buyers and sellers on COMC.com to price and trade collectibles, according to Beckett Media’s complaint. COMC allegedly “scraped” pricing data from Beckett Media’s website, but Beckett Media fails to describe the measures taken to maintain the secrecy of this allegedly trade secret information. Beckett Media also claims rights to a “proprietary pricing process.”

In December 2013 Beckett Media notified COMC that it was terminating its license, and COMC represented that it would create its own pricing database, according to the complaint. Beckett Media’s claim—under Washington’s Uniform Trade Secrets Act—seeks to prevent COMC from using its alleged trade secret information when creating its own database.

COMC’s answer presents a different story. COMC claims that it only used information that was publicly available from Beckett Media’s website, Beckett.com, and that Beckett Media breached its license to use that data when it terminated COMC’s access without good cause. COMC suggests in its answer that the true reason Beckett Media terminated the license was because COMC would not sell itself to Beckett Media for a price that it was willing to pay. COMC denies that it had access to Beckett Media’s “pricing process” and represents that it has deleted the data it previously licensed from Beckett Media.

It will be interesting to see whether the court confers trade secret protection on Beckett Media’s price data, despite its apparent public availability. Beckett Media may have better luck protecting its “proprietary pricing process,” but it is unclear whether COMC ever had access to that information.

Beware of Pitfalls When Litigating Trade Secret Cases

By Jones Walker LLP on Posted in Public Records, Trade Secret

Are you confident in your ability to prosecute a trade secret case without losing those “secrets” in the process? The U.S. Fourth Circuit Court of Appeals’ recent decision should give you pause before answering. The Court’s holding in E.I. DuPont De Nemours & Co. v. Kolon Industries, Inc., underscores the significant risks of putting evidence into the public record when litigating trade secret cases.

Initially, this appeared like a strong case for DuPont, who viewed its complex chemical manufacturing process for making Kevlar as a “well-guarded secret.” DuPont alleged that Kolon — a Korean synthetic fibers manufacturer — employed five former DuPont employees to collect and utilize DuPont’s confidential information relating to this manufacturing process.

The jury agreed. After a seven-week trial, it found that Kolon willfully and maliciously misappropriated 149 of DuPont’s trade secrets and awarded DuPont $919.9 million in damages and a 20-year non-compete injunction.

But the Fourth Circuit recently reversed that verdict, holding that the district court abused its discretion when excluding evidence that Kolon obtained from the public record in an earlier case between DuPont and a different competitor. Specifically, Kolon wanted to show that DuPont failed to take reasonable measures for protecting its trade secrets by allowing information relating to its Kevlar manufacturing process to remain in the public record. The Fourth Circuit stated that:

Although it is true, as DuPont contends, that the mere ‘presence [of confidential information] in [a federal court’s] public files, in and of itself, did not make the information contained in the document ‘generally known’ for purposes of the [UTSA],’ … we also emphasized in that very case that ‘whether [ostensibly confidential information] remains a trade secret’ ‘is a fact-intensive question to be resolved upon trial.

The district court’s blanket exclusion of this evidence, the Fourth Circuit held, seriously prejudiced Kolon’s defense and, thus, justified vacating the jury’s verdict.

This decision underscores the extreme caution that companies and their attorneys must take when prosecuting a trade secret case. There’s a delicate balance between winning an individual case but losing future trade secret protections. A misstep could cost close to a billion dollars.

Employers Receive Friendly Computer-Fraud-And-Abuse-Act Ruling From Louisiana Court

By PJ Kee on Posted in CFAA, Trade Secret

The U.S. Eastern District of Louisiana recently sided with employers in the on-going judicial debate over interpreting the Computer Fraud and Abuse Act (“CFAA”). See Associated Pump & Supply Co., LLC v. Dupre, et al., No. 14-0009 (E.D. La.). Associated Pump sued its former employee Kevin Dupre for violating CFAA during his alleged scheme to steal Associated Pump’s trade secrets. The complaint sets forth a now familiar scenario: shortly before resigning, Dupre used his work computer to violate a confidentiality agreement and known company policies by improperly accessing and obtaining Associated Pump’s confidential information to use while employed by Associated Pump’s competitor. These allegations, the Court held, state a viable CFAA claim.

But courts are split on whether this scenario falls within CFAA’s reach. To assert a civil claim under 18 U.S.C. 1030(a)(4), a plaintiff must prove four elements: (1) the defendant accessed a protected computer; (2) the access was without authorization or exceeded permissible authorization; (3) the defendant did so knowingly and with the intent to defraud; and (4) the conduct furthers the intended fraud and obtains anything of value. Courts disagree on the second element. That is—Does an employee “exceed” her authority to access electronically stored information when she does so to obtain that information for a competitor’s benefit and use? Continue Reading

LexBlog