The Donald Offers A Lesson To Trade Secret Litigators

This may come as a shock. But Donald Trump has unwittingly offered trade secret litigators a teachable moment. It arose in his recent squabble with fellow presidential hopeful Senator Lindsey Graham. After Trump mocked Senator John McCain for being a POW, Graham told CNN that Trump was “becoming a jackass” and later called Trump “the world’s biggest jackass” on “CBS This Morning.” Trump unsurprisingly escalated the bickering. During a campaign speech, Trump called Graham a “lightweight” and an “idiot”—and then disclosed Graham’s personal cell phone number, encouraging his supporters to “give it a shot.” After the phone was inundated with calls and texts, Graham responded by letting us know what he planned to do with the phone (my personal favorite is the Red Bull shake):

So what does this have to do with trade secret cases? Defendants may experience a Grahamesque reaction when they suspect that a trade secret case is brewing. That is, get rid of the phones—or computers, flash drives, email accounts, etc.—as soon as possible and before we’re sued. But litigators on both sides of a trade secret dispute must ensure that Graham’s instructional video is not followed. Especially since these devices and accounts often hold the central evidence for the plaintiffs and defense.

Counsel for trade secret plaintiffs need to act immediately. As soon as a client alerts you to potential trade secret concerns, you should notify the potential defendants and their counsel about not only your client’s underlying trade secret concerns but also the obligation to preserve their devices and accounts and the information stored on them. You don’t want defendants to claim that they discarded devices without realizing the need to preserve them. The notification letter should trigger their obligation to preserve evidence and will be exceedingly helpful if they don’t. A court considering a spoliation motion can rely on your notification letter to determine when the obligation to preserve evidence arose and whether the evidence was destroyed intentionally.

And this is exactly what you don’t want to face as defense counsel. A plaintiff’s successful spoliation motion will often lead to a victory on the underlying claim. So you don’t want your client accused of spoliation or to be faced with the challenge of trying to convince a judge or jury that the destruction of evidence was accidental, understandable, or not as bad as it seems. It’s thus imperative to instruct your clients as soon, as clearly, and as often as you can. They can’t take Senator Graham’s lead. Meat cleavers, blenders, golf clubs, lighter fluid, samurai swords, and baking ovens are off limits. The devices, accounts, and information stored on them must be preserved. If not, the likely consequence is that—unlike Senator Graham—your clients won’t have the last word—and may in fact be deprived of the right to defend themselves entirely.

The Donald has given us a chance to revisit how important it is to communicate early and often about preserving evidence in trade secret disputes. Just as he intended.

Time To Review Your Non-Competes

timeCompanies with employees across multiple states face an administrative challenge. How do they ensure that their non-compete programs remain up to date with the various states law requirements for enforcement? Four states have recently passed legislation that reinforces the importance of addressing this question. The highlights below from the changing non-compete landscape should prompt companies to review their current non-compete programs and discuss strategies for ensuring that their non-competes comply with any new state laws that may affect their enforcement.

Arkansas Reforms. Arkansas’s new non-compete law takes effect on August 6, 2015, and provides non-compete drafters with some stress relief. Previously, Arkansas courts refused to reform non-competes that were overly broad. But now, the Arkansas legislature has stepped in, specifically instructing that courts “shall reform” overly broad non-competes so that they are reasonable with restraints “not greater than necessary to protect the protectable business interest.” Arkansas employers can now be more aggressive when drafting their non-compete’s geographic scope.

Hawaii Bans. Hawaii recently passed legislation banning non-competes and non-recruitment agreements within “technology businesses”— essentially, for software developers. This new law took effect on July 1, 2015, and unlike the Arkansas law that requires courts to enforce more non-competes, the Hawaii legislature found that these agreements do more harm than good within the software space. And it turned to academic studies as support: “Hawaii has a strong public policy to promote the growth of new businesses in the economy, and academic studies have concluded that embracing employee mobility is a superior strategy for nurturing an innovation-based economy. In contrast, a noncompete atmosphere hinders innovation, creates a restrictive work environment for technology employees in the State, and forces spin-offs of existing technology companies to choose places other than Hawaii to establish their businesses.” The Hawaii legislature also noted that technology businesses already receive trade secret protections through other state laws and that enforcing non-competes would allow duplicative relief. Many Hawaiian employers would likely disagree–but the act is now law.

New Mexico Aids. New Mexico’s new law became effective July 1, 2015, and allows doctors and healthcare practitioners to avoid non-compete restraints in employment contracts. But the New Mexico legislature pointed out that the law does not affect other clauses in these types of employment contracts, including non-disclosure covenants; liquidated damage clauses; and requirements to repay a loan, relocation expenses, signing bonuses, or educational expenses for doctors and practitioners who resign within three years of employment. So while doctors may not be restricted from competing, they still can be required to pay to compete.

Alabama Clarifies. Alabama repealed its old non-compete law and replaced it with a new one that will become effective January 1, 2016. Like the old law, the new one prohibits non-competes that do not preserve a “protectable interest.” But unlike the old law, the new law defines the types of interests that a non-compete can protect. The act limits the potential “protectable interests” to the following five categories: trade secrets; confidential information; commercial/customer relationships; good will; or specialized and expensive employee training. But the new law not only provides employers with some clarity on what is required, it also alleviates previous burdens of proof. Whereas employers were required to prove that the non-compete would not cause undue harm—now—the employee must prove undue harm before that affirmative defense will be applied. Not all aspects changed, though. The new law, for instance, still bans non-competes for professionals like doctors, lawyers, and accountants.

*             *            *            *           *

These brief highlights demonstrate that non-compete laws remain fluid. Whether through court decisions or state legislatures, these laws are subject to change—which can cause unexpected consequences for employers overly confident in their non-compete’s validity. Companies should, at least, implement a policy to routinely confer with their counsel about whether their current non-competes still comply with current state laws.

A Trade Secret Reminder — Take “Reasonable Steps”

White PaperThe Center for Responsible Enterprise and Trade (CREATe.org) just released a new White Paper“Reasonable Steps” To Protect Trade Secrets: Leading Practices in an Evolving Legal Landscape. It’s a must read for companies grappling with how best to protect and manage their trade secrets.

We have discussed a previous CREATe report that discussed the devastating economic effect that trade secret theft and misuse can have on a company’s profits, market share, and reputation. But this new White Paper provides concrete, practical advice on how companies can protect their trade secrets and potentially prevent trade secret theft.

In the US, a company must take “reasonable steps” to protect the secrecy of their business information for it to qualify as a “trade secret.” CREATe succinctly summarizes the consequences if “reasonable steps” are not implemented:

Aside from the practical usefulness of implementing “reasonable steps” to prevent trade secret theft and misuse, taking such steps can also have crucial legal significance. Where the legal definition of trade secrets includes a “reasonable steps” or similar requirement, a court can find that a company’s information is not a trade secret if such steps are not taken. Failing to take adequate precautions to protect such information can preclude a company from getting any legal redress if the worst happens and unauthorized disclosure or use of the information takes place.

And that’s where this paper offers value. It recommends an eight-part strategy of leading practices to ensure that companies are taking “reasonable steps” to protect their trade secrets. We have highlighted some of the most salient recommendations for each category:

Policies, Procedures, and RecordsIt should go without saying that companies should have confidentiality policies to protect information. But CREATe recommends that companies should also institute procedures to ensure the policies are being disseminated and followed—and that there are records to demonstrate this compliance. This can include using confidentiality clauses in contracts with employees, contractors, vendors, etc.; using NDAs with customers or potential business partners; and creating inventory of trade secret activity.

Security and Confidentiality Management. Companies should limit trade secret access on a “need to know” basis and should design “reasonable” ways to restrict this access. IT personnel should be involved in the strategy to ensure that information is stored on a company’s computer networks with the appropriate database and shared-drive restrictions.

Risk Assessment. Before companies can assess their “reasonable steps,” they must first identify what their trade secrets are, where the trade secrets are located, and who has access to the trade secrets.  Essentially, CREATe recommends that companies should conduct a trade secret audit so that a “risk mitigation plan” can be implemented to hopefully prevent trade secret theft.

Third Party ManagementBefore disclosing trade secrets to a contractor, client, or customer, companies need to make their policies known—”upfront and regularly”—and require NDAs and confidentiality terms where possible.

Information Protection TeamCREATe recommends that companies should consider developing a committee with oversight responsibilities for the company’s trade secret protections.

Training and Capacity BuildingCompanies need to create a corporate culture that emphasizes the importance of trade secret protections. This should begin during on-boarding and continue throughout the employees’ tenures, with specialized training for IT personnel and other executives with access to the most valuable business information.

Monitoring and MeasurementCREATe recommends annual or even more regular reviews of the company’s trade secret protection program, which should include a rating system to assess the effectiveness of the program and to address potential weaknesses.

Corrective Actions and ImprovementsCompanies must have a rapid response when it learns about potential trade secret theft. This should include a response plan that not only addresses the immediate theft or disclosure but also identifies the root cause, so that strategies can be developed—and added to the trade secret protection program—to prevent similar breaches from reoccurring.

U.S. Supreme Court To Review Fifth Circuit CFAA Decision

US Supreme CourtWe frequently discuss the Computer Fraud and Abuse Act (“CFAA”), which prohibits obtaining information from protected computers through unauthorized access or access that exceeds such authorization. Violating the CFAA can have serious consequences, as the statute carries both criminal and civil penalties. But must a defendant obtain information through unauthorized access and exceed authorized access? Ordinarily not. Yet the U.S. Supreme Court will soon consider this question. On June 29, 2015, the Court agreed to hear a criminal defendant’s appeal, in which he argues that federal prosecutors were required to prove both elements for his CFAA conviction.

The Conviction. Michael Musacchio was the president of Exel Transportation Services (ETS), a transportation brokerage company, until he resigned in 2004.  In 2005, Musacchio founded a competing company, Total Transportation Services (TTS), and then used independent agents to access ETS’s computer servers to obtain proprietary information. ETS’s new president began hearing rumors about a data breach and hired a forensic investigator, who uncovered what Musacchio was up to. ETS sued Musacchio, TTS, and others, and the parties ultimately settled the civil dispute for $10 million. But in 2010, the federal government indicted Musacchio for violating and conspiring to violate the CFAA the CFAA. The jury returned a guilty verdict, and Musacchio filed an appeal with the United States Court of Appeals for the Fifth Circuit.

The Conviction Affirmed. On appeal, Musacchio did not attack CFAA’s language, which is fairly clear: 18 U.S.C. § 1030(A)(2) prohibits one from obtaining information from a protected computer by accessing this computer without authorization or exceeding such authorization. Instead, Musacchio’s question was this. What happens when the trial court erroneously instructs the jury (without objection) that the underlying CFAA offense is defined as “to intentionally access a protected computer without authorization and exceed authorized access”?  Ordinarily, “an instruction that increases the government’s burden and to which the government does not object becomes law of the case.”  United States v. Jokel, 969 F.2d 132, 136 (5th Cir. 1992).  However, under Fifth Circuit procedure, that rule does not apply where (1) “the jury instruction…is patently erroneous and (2) the issue is not misstated in the indictment.”  United States v. Guevara, 408 F.3rd 252, 258 (5th Cir. 2005). On Musacchio’s appeal, the Fifth Circuit held that the indictment correctly set forth the standard and that the jury instruction was patently erroneous.  Musacchio v United States, No. 13-11294, slip op. at 5 (5th Cir. Nov. 10, 2014).

Before The Supreme Court. The Supreme Court likely agreed to hear Musacchio’s appeal to resolve a circuit split. Unlike the Fifth and First Circuits, the Eight and Tenth Circuits require the government to meet any standard imposed by a jury instruction when the government fails to make an objection. Though the Supreme Court likely will not resolve differing interpretations of the CFAA itself—such as the conflicting views on what it means to “exceed authorized access”—the Court will consider an interesting question that highlights the importance of the CFAA in modern trade secret cases and will likely resolve the circuit split on whether an erroneous jury instruction can become the standard when an the government fails to object.  Argument on this case is expected during the Supreme Court’s October term, and we will continue to monitor and report on any new developments in the case.

Hulk Hogan, Sex Tapes, And The FBI: Lesson Learned

FBIWhen the celebrity gossip blog Gawker decided to post highlights from a sex tape starring Hulk Hogan, it never thought that decision would lead to suing the FBI. But that’s what happened—and just recently, Gawker prevailed. A federal judge in Florida ordered that the FBI and the Executive Office of United States Attorneys (EOUSA) must respond to Gawker’s FOIA request—even though the agencies argued that the requested evidence related to an ongoing investigation. The case between Gawker and the FBI had nothing to do with alleged trade secret theft or federal hacking violations. But the judge’s decision underscores an important risk that companies should consider before contacting law enforcement about potential trade secret theft or computer security breaches: What is exchanged with law enforcement may become public record—which could have the unintended consequence of stripping an otherwise protectable trade secret of its “secrecy.”

From Hulk Hogan v. Gawker To Gawker v.  FBI. The case between Gawker and the FBI arose from Hulk Hogan’s suit against Gawker. Hogan sued Gawker in Florida state court over an October 2012 post that published a highlight reel from an anonymously received sex tape. Hogan claims that Gawker invaded his privacy by posting the video footage and seeks $100 million in damages.

14-GAWKER-JP4-blog427Hogan’s counsel also contacted the FBI and requested a criminal investigation regarding the creation and attempted sale of the sex tape. The FBI uncovered a large volume of evidence about the sex tape, and in November 2013, Gawker filed a FOIA request with the FBI, seeking “[a]ll documents relating to an investigation, or a request for an investigation, in October 2012 regarding allegations of illegal recording(s) of Terry Bollea a/k/a Hulk Hogan engaged in sexual relations.”

Initially, the FBI denied the request due to privacy concerns, but in the meantime, Gawker convinced the Florida state court judge to compel Hogan and the female in the video to sign privacy waivers because Gawker needed the FBI’s evidence for its defense. Gawker then updated the FBI in November 2014 about the signed privacy waivers and that Hogan had agreed on a specific method that the FBI should use when producing responsive evidence. Hogan agreed that the FBI should produce all responsive documents directly to Gawker and that any responsive video footage must first be produced to the Special Discovery Magistrate in the Florida state court case.

But in January 2015, the FBI refused to produce 1,168 responsive documents and two CDs of video material because they related to an “ongoing investigation.” Gawker ultimately sued both the FBI and the EOUSA in a Florida federal court, seeking an order to compel the production of documents and video footage. Gawker argued that the documents and video were essential to its defense and that the FBI and EOUSA had not provided a sufficient reason to withhold them. Gawker noted that their investigation had concluded several months earlier.

The Federal Court Decision. The federal judge agreed with Gawker. The judge ordered the FBI and EOUSA to produce all documents that did not fall within FOIA’s “law enforcement exception” (5 U.S.C. § 552(b)(7)(A)) and to produce the video footage to the state court’s Special Discovery Magistrate. She also seemed wary of the government’s exemption claims. She ordered that the FBI and EOUSA  must file a “categorical index” of all responsive documents that includes “general categories of documents, the number of pages pertaining to each category, the claimed exemption, and the reason why disclosure of the documents could reasonably be expected to interfere with law enforcement proceedings.” She also ordered that the FBI and EOUSA must “submit a declaration in support of the categorical index” that “shall provide a more particularized explanation as to why the law enforcement exemption applies to each category of documents and why disclosure of each category could reasonably be expected to interfere with law enforcement proceedings.” And it seems that the FBI and EOUSA will fight an uphill battle in trying to persuade her that the “law enforcement proceeding” exemption actually applies. That is, Gawker will likely receive all the requested evidence.

Lesson Learned. The cases between Hulk Hogan and Gawker and Gawker and the FBI do not involve trade secret theft or computer security breaches. But the judge’s ruling against the FBI should give companies pause before contacting law enforcement about potential trade secret theft or federal hacking violations. It’s not uncommon for law enforcement to investigate and gather evidence but, in the end, decline to pursue formal charges. Law enforcement may thus not be able to rely on the “law enforcement proceeding” exemption to withhold information that a competitor seeks through a FOIA request. Companies should keep this in mind when deciding what to provide to law enforcement and how to provide it. We have previously written about precautionary steps to take when disclosing information to a public entity—and this a good opportunity to revisit those suggestions.

Clearly Mark Trade Secrets. Conspicuously identify what documents or information are trade secrets by marking them accordingly. Though a “law enforcement proceeding” may no longer be available, law enforcement agencies can rely, for instance, on FOIA exemptions that protect trade secrets from public disclosure.

Limit What Is Provided. Consider how much information law enforcement needs to start its investigation—and gauge how receptive law enforcement is to pursuing the investigation—before disclosing the actual trade secrets that may have been misappropriated.

Request FOIA Notification. Ask the law enforcement agency for formal written notice of any FOIA-type request for documents or information concerning the investigation.

Consider The Impact. Weigh the potential harm that public disclosure could cause against the benefit of having law enforcement involved. The risk of disclosure may be small—but companies must consider the nightmare scenario of losing potential trade secret protections by involving law enforcement to help protect those same trade secrets. Companies should rely on counsel to guide them on whether and how to involve law enforcement so that their information is best protected.

Tennessee Federal Court Refuses To Apply Inevitable Disclosure Doctrine

sealWilliams-Sonoma is embroiled in a contentious trade secret theft case with its former executive and direct competitor. On June 18, 2015, a federal district court in Tennessee granted a preliminary injunction motion to enjoin Williams-Sonoma’s former vice president and direct competitor from using confidential business information, soliciting Williams-Sonoma employees, and destroying electronic evidence. But the federal court refused to give Williams-Sonoma everything it requested.  It stopped short of prohibiting Williams-Sonoma’s former senior vice president from working for a competitor. And in doing so, the federal court rejected an invitation to adopt the inevitable disclosure doctrine in this trade secret theft case.

The Background. The facts in Williams Sonoma, Inc. v. Arhaus, LLC, echo those in most trade secret cases. An employee is contacted by a competing company with a lucrative offer. The employee accepts — but before leaving, accesses confidential business information on the company’s databases and saves that information onto external storage devices. Then, after leaving, the employee recruits former co-workers to join the competitor and encourages more trade secret theft.

Williams-Sonoma implemented measures to protect its confidential business information relating to its supply chain and distribution channels. The furniture giant required log-in credentials for and restricted access to its network and databases. It distributed employee handbooks and acknowledgment forms explaining the importance of confidential information. The company also forced employees to abide by a code of ethics detailing the ongoing obligations of employees to protect confidential information. Williams-Sonoma even required employees to take a quiz each year on the contents of the code of ethics.

Williams-Sonoma alleged that it employed these preventive measures because its supply chain and distribution channels represented a huge competitive advantage—one that resulted in tens of millions in savings and allowed Williams-Sonoma to have lower retail prices than most of its competitors.

So when Williams-Sonoma’s Senior Vice President of Transportation took a similar position for a competitor—Arhaus, LLC—the company wanted to ensure that information was not stolen. An extensive forensic investigation revealed the executive had downloaded large amounts of confidential business information to external storage devices immediately after announcing his departure. The executive also solicited two of his co-workers and encouraged additional trade secret theft.

As a result, Williams-Sonoma filed suit against Arhaus and its former employee for trade secret theft, breach of contract, breach of the fiduciary duty, tortious interference with contract, and violations of the Computer Fraud and Abuse Act.

The Inevitable Disclosure Doctrine. Williams-Sonoma also sought to immediately prevent the use and disclosure of trade secrets by preventing its former employee from continuing his employment with the competitor. Though Arhaus argued that all trade secrets and information had been returned—Williams-Sonoma argued that the former executive would inevitably disclose or use Williams-Sonoma’s information if he were allowed to continue working for Arhaus.

The Inevitable Disclosure Doctrine provides equitable relief in the absence of an enforceable non-competition agreement. The principle behind the doctrine is that knowledge and skill obtained through employment qualify the employee for a similar position at a competing company, and thus, the employee will have to rely on this knowledge and skill, which include trade secrets, to successfully perform her duties for the competitor. Ultimately, the doctrine presumes that it’s unfair to force an employer to wait for relief until the former employee and competitor misappropriate trade secrets. It allows the employer to prevent the inevitable disclosure of the confidential business information on the front end through injunctive relief.

Acceptance of the doctrine has varied. For instance, Louisiana courts have rejected the doctrine, whereas Texas courts have applied it in certain circumstances. Compare Tubular Threading, Inc. v. Scandaliato, 443 So. 2d 712, 715 (La. Ct. App. 1983) (finding that an injunction is a harsh remedy when based solely on speculation) with Rugen v. Interactive Bus. Sys., Inc., 864 S.W.2d 548, 551 (Tex. App. 1993) (finding that a former employee in possession of trade secrets and in position to use those secrets should not be able to use them to the detriment of the former employer).

The Court Declined Adopting The Doctrine. The Tennessee federal court declined the opportunity to adopt the Inevitable Disclosure Doctrine. But the court didn’t close the door entirely either. The court found that the knowledge and information remaining in the former employee’s head didn’t rise to the level necessary to invoke the doctrine. The court noted that it wasn’t a secret formula from Coca-Cola or highly specialized information used by only a few obscure companies. The court ruled that much of the information remaining in the former employee’s head “is of the type that one would find in any business school class.” Because the knowledge wasn’t sufficiently specialized, the court denied Williams-Sonoma’s request to enjoin its former employee from competing.

The Take Away. Companies should use non-compete and non-disclosure agreements to ensure confidential business information is protected. Relying on the Inevitable Disclosure Doctrine is unreliable at best.

A Look Inside The Sony Hack

Fortune Magazine released its first installment in a three-part story on what it’s calling “The Hack of the Century.” The story on the Sony hack is turning into a cautionary tale on what companies should not do to protect their computer networks. And it’s worth taking the time to read this compelling and in-depth look into what may well be the hack of the century. We will continue to report on this breaking story and provide some helpful pointers once the full story is published.

The CFAA Debuts In The Big Leagues

imagesAccessing someone’s computer without authorization is a federal crime under the Computer Fraud and Abuse Act (CFAA). This past week, several news sources have reported that the FBI and Justice Department are investigating executives of the St. Louis Cardinals for allegedly violating the CFAA by hacking into the Houston Astros’ internal computer network.  It’s suspected that the Cardinals’ front office were trying to steal the Astros’ player personnel data and other proprietary information. According to the New York Times:

Internal discussions about trades, proprietary statistics and scouting reports were compromised . . . . Law enforcement officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager, who had been a successful and polarizing executive with the Cardinals until 2011.

Investigators told the New York Times that the Cardinals front office “examined a master list of passwords used by Mr. Luhnow and other officials” and then “used those passwords to gain access to the Astros’ network.”

This internal network contained highly valuable information. The New York Times cited a Bloomberg Business article (titled Extreme Moneyball) that described the database as housing the Astros’ “collective baseball knowledge,” which takes a series of variables and weighs them “according to the values determined by the team’s statisticians, physicist, doctors, scouts and coaches.”

Many businesses are now quite familiar with this type of illegal activity—though it may be the first reported case of corporate espionage involving two professional sports team. But the way that the Cardinals’ front office allegedly accessed the Astros’ computer network underscores specific measures that companies should take to address ever-present risks when employees switch teams.

Controlling Passwords. Companies should already be enforcing a password-duration policy that requires employees to change their computer passwords every few months. But this investigation highlights that, during the on-boarding process, companies should prohibit newly-hired employees from recycling passwords that were used to access their former employer’s computer network. Especially when those former employers are direct competitors.

Monitoring Access. Company network administrators should be utilizing the auditing features built into their computer networks’ operating systems. These audits can alert administrators to abnormal file access or log-in patterns that can help uncover suspicious activity. And there should be an open line of communication between these administrators and executives about potentially suspicious activity.

Understanding Value/Liability. Companies need to start fostering a corporate culture where employees understand the value of keeping business information confidential (as well as the potential liability of attempting to use or steal another competitor’s confidential business information). In addition to confidentiality agreements and policies, regular training on what the company expects will go a long way.

Contacting Law Enforcement. Companies should consider whether contacting law enforcement officials makes the most business sense. The Astros contacted authorities after its information was posted on Deadspin, but that was nearly a year ago. Companies can also pursue civil litigation in state or federal courts—where they may be able to receive quicker business relief through an injunction.

These are just a few suggested measures. But the broader point is that companies must remain proactive, vigilant, and creative when it comes to protecting their business information.

On the Hill: Congress “Attacks” Cyber-Security

downloadCyber-security and data breaches are hot-button issues that recently received some well-deserved attention from the federal government. Last year we posted about the FBI’s efforts to combat economic espionage and trade secret theft. At that time, the Assistant Director of the FBI—who was testifying before a Senate subcommittee—offered salient advice on how American companies could protect themselves from trade-secret theft and insider threats.  But the Assistant Director noted an important trend: companies who learn about trade secret theft often pursue private negotiations or civil litigation—without alerting law enforcement. The FBI wanted this to change:

The FBI is committed to ensuring companies have an established line of communication to report concerns about possible economic espionage or trade secret theft to law enforcement. But the FBI must assure companies the government will work to protect their proprietary information from disclosure during prosecution, so that more companies are willing to come forward and report concerns about possible trade secret theft.

Nearly a year after that call for change—and after a spate of high-profile data breaches—Congress took heed of the FBI’s advice by passing measures to increase the public-private flow of information about hacking attempts. Lawmakers, government officials, and most industry groups agree that more data will help both sides better understand their attackers and bolster network defenses that have been repeatedly compromised. The Chairman of the House Homeland Security Committee recently explained why such comprehensive cyber-security laws are needed:

Make no mistake. We are in the middle of a silent crisis.  At this very moment, our nation’s businesses are being robbed and sensitive government information is being stolen.

THE LEGISLATION.  The reluctance that many American companies have with sharing internal data about cyber-attacks has greatly stymied previous efforts to fight the theft of personal information and state-sponsored campaigns to steal American intellectual property. But two bills recently passed by the House are intended to quell these fears by making it easier for private companies to share information about cyber-security threats among themselves and with the government without fear of lawsuits.

On April 22, 2015, The Protecting Cyber Networks Act passed with overwhelming support from House Intelligence Committee leaders, and members from both sides of the aisle. The bill—which is similar to a measure approved by the Senate Intelligence Committee and headed for that chamber’s floor this spring—would give companies liability protections when sharing cyber threat data with government civilian agencies, such as the Treasury or Commerce Departments.

Similarly, on April 23, 2015 the House passed the National Cyber-security Protection Advancement Act of 2015, which extends liability protections to companies that follow certain procedures and share information about cyber-attacks with the U.S. Department of Homeland Security.

These bills are two of three measures that Congress must pass to get a comprehensive cyber info-sharing law in place.  Under both bills as currently written, companies that share data-breach information with the government would receive liability protection only if that data is stripped of all personal information on two separate occasions—once by the company before it gives the data to the government and another round of cleansing by the government agency that receives the data. These bills will now be merged and sent to the Senate, where similar legislation has bipartisan support.

THE IMPACT.  Congress has contemplated various forms of this law for nearly five years. But the recent computer attacks on corporate giants like Sony Pictures Entertainment, Target, Anthem, and JPMorgan Chase—which exposed confidential business information and compromised credit card data, Social Security numbers, and personal  health information—has changed the political equation and places the onus on Congress to act. Whether or not these two house bills become law, the Committee of Homeland Security Chairman has made clear that cyber-security will remain a priority for Congress:

Cyber criminals, hacktivists, and nation-states will never stop targeting Americans’ private information and American companies’ and government networks to damage, disturb and steal intellectual property and U.S. Government secrets. One of the greatest cyber threats to the homeland is the weakness of our power grids, and energy and water systems. A successful cyber attack on our critical infrastructure could cripple our economy. Congress must take action to defend America’s vital digital networks and help American businesses better protect themselves.

Should the House and Senate come together on final legislation, it would be the federal government’s most aggressive response.  And as these bills go to senate and the white house, we will keep you updated.

Huawei’s Two Bites At The Apple To Dismiss T-Mobile’s Trade Secret Claims

In a previous post, we examined T-Mobile’s complaint against Chinese smartphone marker Huawei and its US subsidiary, in which T-Mobile accused Huawei employees of stealing trade secrets relating to a mobile phone testing robot named “Tappy”.

T-Mobile filed its complaint in September 2014, and the following month Huawei’s US subsidiary responded with a motion to dismiss. Huawei USA argued the complaint failed to identify any information that qualified as a trade secret, urging the Court to consider three published patent applications and a video featuring Tappy (see below). Huawei also challenged T-Mobile’s claim that it created the robot, pointing out the conspicuous Epson logo on one of Tappy’s components.

T-Mobile’s opposition disputed Huawei’s version of the facts and argued that it was improper to consider papers outside of the complaint at the motion to dismiss stage. It also accused Huawei of failing to distinguish between its burden of, on the one hand, identifying its trade secrets, a pleading requirement, and, on the other hand, proving that the information was in fact secret, a question of fact requiring discovery. T-Mobile further stressed that Epson only created one component of its robot and, even when combining known components, trade secret protection may extend to the combination itself, if secret.

By November 2014 briefing on Huawei USA’s motion to dismiss was complete. For five months no substantive motions were filed, and the Court had not yet ruled on Huawei USA’s motion.

Then, last week, on April 22, 2015, the Chinese Huawei parent company filed its own motion to dismiss. It asserted a new argument—lack of personal jurisdiction—but it also adopted and expanded on its subsidiary’s arguments on the merits. It attached to its motion foreign patent applications corresponding to the ones its subsidiary previously identified and several media reports on various aspects of T-Mobile’s robot and testing lab, some of which were not included in the earlier motion to dismiss.

Considering that the same counsel represents both Huawei’s parent and subsidiary companies, it appears Huawei may get a second chance to brief its earlier motion to dismiss before the Court issues its ruling. T-Mobile may cry foul, but it is more likely to attack Huawei’s new evidence and arguments on the same grounds as its previous opposition.

We’ll have more when the Court issues its ruling. Stay posted.

LexBlog