Can Mark Cuban’s Cyber Dust Help Protect Proprietary Information?

Cyber Dust is an app that lets users send text messages without leaving a digital fingerprint. All texts “self destruct” within 30 seconds, after which they are not stored anywhere — including on Cyber Dust’s servers. Also, Cyber Dust notifies you if someone takes a screenshot of one of your Cyber Dust texts.

Mark Cuban is behind Cyber Dust. In a recent Forbes article, he explained that the idea came from his own experience of having the SEC use his text messages in its insider-trading action against him: “That the phone companies and your text recipients own your texts and even the most innocent text can take on a whole new context. I wanted to have a means of communication that is analogous to face to face – where you can speak openly and honestly. That is why we created Cyber Dust.”

Similar technology is being developed for emails. For example, The Atlantic recently wrote about Pluto Mail, which includes features that allow the sender to set an email to expire after a set time. After that, the recipient can no longer view the email.

As Cuban notes, emails and texts create a digital record that can last forever. When your employees (or others, like consultants or vendors) send emails and text messages that contain your proprietary information, there is a risk of disclosure. As more companies use bring-your-own-device policies, those companies lose even more control of information sent via text and email.

I’ve been thinking of how to use this technology to minimize unwanted disclosure. For example, a company could require that all work-related text messages be sent via Cyber Dust. Emails are a bit more complicated, since there is often a need to preserve emails for later use. But a company could require that all emails containing proprietary information, or attaching certain proprietary documents, be sent with a scheduled expiration date.

In the end,  these policies would only be effective if there’s a way to monitor compliance. Otherwise, it’s not worth the effort. Also, these policies likely would not deter someone who is sending the information with malicious intent, such as an employee who knows he will be leaving to work for a competitor. UPDATE: In fact, such a person could use this technology to cover his tracks.

But it’s worth exploring how to use new technology like Cyber Dust to help bolster efforts to protect proprietary information.

Trade Secrets and Public Records

Companies performing municipal or government work face unique challenges when they need to share their confidential or proprietary information with public agencies. These companies must be wary of state public records laws and the Freedom of Information Act. A recent case, All Aboard Florida — Operations, LLC v. State of Florida, et al., filed in Leon County, Florida, illustrates this.

All Aboard Florida is attempting to develop passenger rail service between Miami and Orlando. It is doing so in partnership with various governmental entities. Recently, Orlando developer Matthew Falconer served various Florida agencies with requests under Florida’s Public Records Act for various documents relating to All Aboard Florida’s efforts.

According to the complaint, these agencies told All Aboard Florida that they intended to provide Falconer with All Aboard Florida’s Florida Ridership and Revenue Study. In response, All Aboard Florida filed this complaint for declaratory and injunctive relief, seeking protection under Florida’s Trade Secrets Act. According to All Aboard Florida, this study is a trade secret:

The Ridership Study analyzes expected market share for AAF’s service, including the effects of various pricing and travel time scenarios on AAF ridership. As such, the Ridership Study is an extremely sensitive and commercially valuable document, the disclosure of which to the public could place AAF at an unfair competitive disadvantage vis-à-vis airlines and other transportation alternatives.

Under Florida’s Public Records Act, trade secrets are exempt from disclosure.

When All Aboard Florida provided this study to the government, it marked each page as proprietary and confidential. For companies facing this situation who have no choice but to provide proprietary information to a government agency, I would recommend going one step further: Label each page of any proprietary document as “Trade Secret Information Protected From Disclosure By Section 815.045, Florida Statutes” (or the relevant statute in the state at issue).

The goal is to make it as simple as possible for the government employees responding to a public-records request to recognize that the document at issue should not be disclosed.

 

What Can the Donald Sterling Episode Teach Us About Protecting Trade Secrets?

Even if you hate sports, you have surely heard about the NBA banning LA Clippers owner Donald Sterling for life for his racist comments. The comments came to light after a recording of a telephone conversation between Sterling and his “girlfriend” was made public. We can all agree that Sterling’s comments were reprehensible. But for our purposes, what does this episode teach us about protecting trade secrets?

We’ve reached a point where virtually every person is walking around with technology in their pocket that allows them to record, photograph, videotape, or otherwise document everything around them at any given moment. The widespread use of iPhones and other smartphones has profound implications on many aspects of society. For Sterling, this led to the disclosure of what he thought was a private conversation. For companies trying to protect their proprietary information, they need to be even more vigilant about keeping this information secret.

As I’ve discussed before, only share proprietary information with those who need it to do their jobs. Don’t allow visitors access to areas where proprietary information is stored. Use IT solutions to restrict and password-protect critical proprietary information. And make sure (through training and contractual obligations) that employees know not to discuss this information with any third parties. After all, you never know when the other person may be recording the conversation.

 

 

Trade Secrets and the First Amendment

Before this week, I had never thought much about trade-secrets issues intersecting with the First Amendment. But then I read the complaint in a lawsuit filed by hedge fund Greenlight Capital Inc. against the owner of a website called seekingalpha.com, which published a post disclosing Greenlight’s then-confidential investment strategy. The suit seeks to compel the website owner to disclose the writer’s identity so that Greenlight can sue for trade-secret misappropriation. A copy of the complaint is linked below.

Greenlight Capital, led by David Einhorn, is a hedge fund whose “activity in the investment markets is well known and closely watched by other traders and investment advisors.” In the complaint, Greenlight describes how it develops its investment strategies “at considerable expense,” and how it must keep this information confidential, since disclosure of its investment strategies could move the market.

In November 2013, Greenlight was building an equity position in Micron Technologies. This information was not public knowledge. On November 14, 2013, a writer on the seekingalpha.com website, writing under a pseudonym, disclosed Greenlight’s intentions regarding Micron. As a result, Micron’s share prices rose immediately. Greenlight now needs the writer’s identity, so that it can sue him or her for misappropriating trade secrets.

In a New York Times article discussing this lawsuit, high-profile First Amendment lawyer Floyd Abrams offered thoughts on how the suit implicated constitutional issues:

Floyd Abrams, a First Amendment lawyer with Cahill Gordon & Reindel, said there might be reasons for a judge to compel an anonymous blogger to be identified in a libel case. But he said there weren’t many good reasons for doing so in what would appear to be a largely commercial dispute. “There is a serious First Amendment issue here,” Mr. Abrams said. “He will have a pretty tough job persuading a judge.”

While Floyd Abrams has forgotten more about the First Amendment than I’ve ever known, his position strikes me as off point. Laws prohibiting trade-secret misappropriation by definition restrict speech. Essentially, the Uniform Trade Secrets Act* recognizes that, for example, if you obtain a trade secret you know was acquired by improper means, you are not permitted to disclose that information. Allowing someone to hide behind an online pseudonym could render these laws ineffective.

There are other interesting issues in this case. For example, Greenlight says it takes the following measures to protect this confidential information:

Greenlight’s employees are required pursuant to both firm policy and their employment agreements to keep information regarding Greenlight’s non-public investment strategies confidential. In addition, Greenlight’s prime brokers and custodians are required by confidentiality agreements and other duties to Greenlight to keep non-public information concerning Greenlight’s securities positions confidential.

Later, it notes that at the time seekingalpha.com published the post, “the only persons who lawfully possessed information regarding Greenlight’s position in Micron were persons with a contractual, fiduciary, or other duty to maintain the confidentiality of Greenlight’s position: Greenlight’s employees, counsel, prime and executing brokers and other agents.”

It’s not possible to tell from the complaint whether all of Greenlight’s employees, brokers, and agents are required to sign a confidentiality agreement. If not, Greenlight has a major gap in its confidentiality protections that could undermine its misappropriation claims — the defendant could argue that Greenlight did not reasonably protect its proprietary information. As I’ve discussed often before, it is critical to make sure that all employees, vendors, etc. with access to confidential or proprietary information sign agreements that, at a minimum, require them to keep this information confidential.

*Greenlight filed the case in New York, which is one of the few states that has not adopted some form of the UTSA.

Greenlight Complaint

Small Business Data Theft: Risks and Solutions

Data theft is a hot topic now, with the recent high-profile thefts at Target and others. This issue has consequences for companies trying to protect trade secrets. For example, if a company is not taking measures to protect against data theft, a court could easily conclude that the company has not reasonably protected its proprietary information, and thus is not entitled to trade-secret protection under the Uniform Trade Secret Act.

Two recent articles in Entepreneur address this problem head on. In “Why Your Small Business Is At Risk of a Hack Attack,” Heesun Wee explains the risks facing small businesses:

Last year, 31 percent of all attacks were aimed at companies with less than 250 employees, according to Symantec’s 2013 Internet Security Threat Report.

But many small businesses do not appreciate this risk:

Smaller ventures are particularly vulnerable because cybercriminals know they likely spend less to protect their digital information and infrastructure. Cheaper security measures also tend to be static, meaning those systems don’t evolve to keep up with criminals’ newest tricks. . . . Roughly 77 percent of small firms believe their company is safe from a cyberattack–even though 83 percent of those firms do not have a written security policy in place, according to the National Cyber Security Alliance and Symantec.

Small businesses need to do more to protect their sensitive data and proprietary information. In “Preventing Another Target Attack,” Eric Basu offers some suggestions for retailers that apply with equal force to many small businesses.

First, you should use network-monitoring software:

There are next generation software solutions that effectively visualize network traffic, break down machine-to-machine connections by service protocols and allow filtering by machine, service or even internet destination. For example, a North American-based retailer using a payment processing partner from the same continent should not see outbound connections from a POS terminal to places like Russia, China or Brazil.  If they do, the connection should be dropped and the security administrator should be notified of the machine initiating the connection.

Second, improve application-level security:

Keeping [software applications] up to date with the latest versions and patches as well as performing penetration tests on both internal- and external-facing interfaces would have gone a long way to preventing the lateral movements the Target attackers were able to pull off in a short amount of time. Companies that develop in-house applications should also ensure they are designed securely from the get go, performing both static and active secure code reviews at every minor release. Furthermore, only authorized white-listed applications should be allowed to run and properly identified.

Many small business do not have the know-how or resources to deal with this issue in-house. In that case, perhaps the most important step you can take is to speak with an IT expert to obtain customized recommendations for protecting your business’ sensitive information. Combining up-to-date IT solutions with proactive legal protections gives you the best chance of avoiding a problem in the first place. And it gives you the best chance to mitigate the damage if a breach occurs.

Sixth Circuit Rejects Dubious Trade Secret Claim

If you are thinking about bringing a trade-secret-misappropriation suit, do not take a ready-fire-aim approach. Before filing the lawsuit, you need to be able to articulate the precise trade secret at issue and how it was misappropriated. A recent case decided by the Sixth Circuit, Dice Corp. v. Bold Tech., 2014 WL 260094 (6th Cir. Jan. 24, 2014) gives an example of a trade-secrets claim that probably never should have been filed. A link to the opinion is below.

This case involved a dispute between two competitors who provide services and software to alarm companies. An alarm company using the plaintiff’s software decided to change to the defendant’s. In this circumstance, there needs to be a transition period, during which the alarm company is still using the plaintiff’s software, while running the defendant’s software in parallel on other servers. This ensures that the new software is properly monitoring the alarm signals before it goes live.

The plaintiff, perhaps angry over the loss of a client, accused the defendant of accessing and using its proprietary information during the transition process. It brought claims under the Michigan Uniform Trade Secrets Act, among others.

The trade-secrets claim was based on supposed misappropriation of (1) a file containing a master list of alarm codes, and (2) “receiver drivers” software that takes incoming signals and converts the data to the plaintiff’s standard. The Sixth Circuit rejected both. As to the list of codes, the court said:

The plaintiff fails to explain how this information, even if uniquely coded, is a trade secret. The [file] is a compilation of labeling codes created by manufacturers, not the plaintiff. The codes were collected by the plaintiff’s customers, not the Plaintiff. The plaintiff has not put forward an explanation of how the value of its unique labeling is derived from it not being readily ascertainable by proper means.

Regarding the software, the Sixth Circuit noted that “neither in the operative complaint nor in the plaintiff’s response to the defendant’s motion for summary judgment can we find a trade secret claim based on receiver drivers or software that performs that function.” Even if the plaintiff had properly pleaded a claim on this basis, the court still would reject it since “other than a generalized explanation of what the receiver drivers do, the plaintiff has failed to explain whether the receiver drivers derive economic value from their secrecy.”

Takeaway: This seems like the latest in a long line of trade-secrets cases that never should have been brought in the first place. Filing a lawsuit and litigating it through appeal is not cheap. Before doing so, make sure you can (1) explain what trade secret(s) were actually misappropriated, and (2) plead and prove the misappropraition (or at least feel comfortable that discovery is likely to lead to the evidence necessary to prove your claim). If you have difficulty doing either, think very carefully whether the suit should be filed. As the (overused) saying goes, sometimes discretion is the better part of valor.

Dice Corp. v. Bold Tech.

Trade Secret Injunctions Are Not Automatic — Beware of Equitable Defenses

Companies bringing lawsuits based on a noncompete or misappropriation of trade secrets routinely seek an injunction. For example, a former employer seeking to enforce a noncompete will often ask the court to block the former employee from working for a competitor.

Because an injunction is an equitable remedy—as opposed to a legal remedy, such as seeking money damages—the defendant is permitted to raise certain equitable defenses not available when the plaintiff is solely seeking money damages. This includes the defense of unclean hands, under which a plaintiff is not entitled to equitable relief—like an injunction—if it has acted inequitably or in bad faith. (Important point: these defenses can vary from state to state.)

So if the former employee can convince the court that the former employer acted inequitably, the injunction motion is likely to be denied. As part of their equitable defenses, defendants often argue that they were coerced into signing a noncompete, or that the former employer did not mention the noncompete until after the former employee had quit his prior job.

While it’s impossible to prevent a defendant from lobbing unfounded accusations, employers can take steps as part of the hiring process to circumvent these equitable defenses.

If an employer is going to require a noncompete or other restrictive covenant, inform prospective employees early in the hiring process. If there is a job posting, consider including this requirement. Of course, the employer needs to balance the risk of deterring applicants with the risk of increased difficulty obtaining an injunction. Consider giving prospective employees a handout at the initial interview describing the position and disclosing that any job offer will be subject to signing restrictive covenants. Certainly, any offer letter should make clear that it is subject to the employee entering into all required restrictive covenants.

Too often, companies assume that their restrictive covenants will automatically protect them, without thinking proactively about making sure that they are putting themselves in the best position to enforce these agreements down the road. Taking these simple steps can make a big difference if it becomes necessary to litigate.

Five Trade Secrets Businesses Don’t Know They Have

When a business owner or executive asks what kind of law I practice, and I tell them about my trade-secrets work, I often get a response along the lines of “Interesting stuff, but we don’t have any trade secrets.” Most of the time, they are wrong. Almost all businesses have some kind of proprietary information that can qualify as a trade secret, as long as the business reasonably protects that information.

Here are five categories of common information that can qualify as trade secrets, under the right circumstances:

  1. Customer Information. Many companies spend significant time and money gathering information about their customers. Some maintain simple address and demographic information, while others compile detailed customer databases with order history and precise customer preferences. The more detailed the information, and the more time spent compiling it, the more likely it could be a trade secret.
  2. Pricing Information. In many industries, pricing information is not publicly known. Such pricing information can qualify as a trade secret, as long as the company reasonably protects it. At a minimum, customer contracts should include a confidentiality provision.
  3. Profit-Margin Information. Like pricing information, profit-margin information can also be a trade secret.
  4. Contracts. I’ve had clients who spend years developing proprietary contracts that help them better serve their customers. In these cases, the contract can become a trade secret. Again, a confidentiality provision would likely be required, along with other protections, before a court will recognize a contract as a trade secret.
  5. Business Plans. Business plans inevitably include some kind of proprietary information, whether it be pricing-related, or market forecasting. If this information is not outdated, and is properly protected, it can be a trade secret.

If your company has one or more of these types of information, it may have trade secrets. But to enjoy protection under the trade secrets act, you must take reasonable measures to protect your information.  Consult with an attorney to make sure you’re in the best possible position to protect your proprietary information.

I Forgot About My Noncompete!

Recently, I was retained by a client with an all-too-common story: one of its former employees, who signed a noncompete agreement, was working for a competitor and soliciting the client’s customers. I sent the former employee and his new employer a cease-and-desist letter, attaching the signed noncompete.

The next day, I got a call from the former employee. He said that he had forgotten that he had signed the noncompete years before. And he told me that he had quit his job with the competitor (which I had him and the competitor confirm in writing), and that he would no longer do work in my client’s field.

I have no idea whether the former employee really forgot about the noncompete, though I doubt it. More likely, he knew he had signed a noncompete, but he just hoped that my client wouldn’t enforce it. Regardless, this situation shows how important it is to address a departing employee’s noncompete obligations before he leaves the company.

The most efficient, effective way to handle this is through an exit interview. During the interview, the departing employee should be given a copy of his noncompete agreement and asked to sign an acknowledgement of his noncompete obligations. This sends the message that the company is serious about enforcing the agreement, hopefully deterring the departing employee from otherwise disregarding his obligations.

The exit interview also gives a company an opportunity to gather intelligence about whether there is a risk that the departing employee may violate his noncompete. If a departing employee refuses to sign the acknowledgement, or is evasive when asked about his next job, it may be worth consulting with an attorney to figure out how to proceed.

In my client’s case, there’s a good chance that had they conducted an exit interview, the former employee never would have accepted a job with their competitor.

Dealing With Bankruptcy After a Trade-Secrets Judgment

What happens if you obtain a judgment for misappropriation of trade secrets, and the defendant files for bankruptcy? A recent case from the E.D. Va. bankruptcy court could offer some assistance, as it held that judgments for willful and malicious misappropriation are not dischargeable in bankruptcy.

In re: Erika Brooke Harton, 2013 WL 5461832 (Bankr. E.D. Va. Oct. 1. 2013) (linked below) has a particularly egregious story of trade-secret misappropriation. While still working at the plaintiff’s med-spa/salon, the defendant/debtor opened her own competing salon. After the plaintiff’s salon had closed for the day, the debtor entered the salon, accessed the plaintiff’s computer, and printed out the plaintiff’s client’s appointment schedule for the next three months. The debtor also looked up and copied all of the plaintiff’s clients’ contact information.

The debtor then mailed over 2,000 postcards to the plaintiff’s clients that said “We’ve moved—same faces—new location,” and directed them to the debtor’s business. Many of the clients changed their appointments to the debtor’s salon.

Not surprisingly, the plaintiff sued in Virginia state court and obtained a judgment for misappropriation of trade secrets under the Virginia Trade Secrets Act. The court concluded that the defendant’s misappropriation was willful and malicious. After that, the debtor filed for Chapter 13 bankruptcy relief.

In the bankruptcy court, the plaintiff filed an adversary proceeding claiming that the judgment was nondischargeable under 11 U.S.C. 523(a)(4). This statute provides that debts based on, among other things, embezzlement or larceny are not dischargeable.

The bankruptcy court first determined that the debtor was collaterally estopped from relitigating the state court’s finding that her misappropriation was willful and malicious. The bankruptcy court then found that willful and malicious misappropriation falls under Section 523(a)(4), noting that it involves taking another’s property for one’s benefit.

Takeaway: There is always a risk that a judgment debtor will file for bankruptcy protection. In a trade-secrets action seeking damages, try to argue and establish (when possible) that the defendant’s misappropriation was willful and malicious. Armed with such a finding, a judgment creditor can argue that its judgment cannot be discharged in bankruptcy.

In re Erika Brooke Harton, Memorandum Opinion

%d bloggers like this: