Bitcoin, Blockchain & Trade Secrets: An Introduction

I’m willing to bet that most readers of this blog have heard of Bitcoin. But I’m not sure how many know about the technology it’s based on, called blockchain. If you haven’t heard of blockchain, now’s the time to learn, since it has the potential to be the most transformative technology since the internet.

I’m going to be writing more about blockchain and the unique trade-secrets issues facing the many companies rushing to develop applications and other technology based on blockchain. But first, I want to give a primer for those who haven’t heard of it.

Blockchain is essentially a database that is distributed among a large number of computers on a network. Each computer with access to the blockchain has an identical copy of the database. Here’s a simple example to explain how it works, from this explanatory post that compares blockchain to a “record book”:

To be clear, this isn’t just one record book stored in a central location that is shared by many. There are thousands of copies of this record book, stored on computers all around the world, both home computers and business servers – hence the term “decentralised”. This record book can be used to record many kinds of things, however I’ll use sending and receiving money as the primary example, as it’s the most common one right now.

When John wants to send money to Sue, a new line item is created detailing that transaction. This line item then gets sent off to hundreds of other computers who have a copy of the record. Those computers confirm that this transaction is authorised, and ultimately they agree (or disagree) that everything about the transaction is legitimate before giving that line item a tick of approval. It has to match up perfectly on every copy of the record.

Each transaction, here John sending money to Sue, is a “block,” which when added to all the prior blocks forms a kind of “chain.” Hence, blockchain.

Since each computer with access to the blockchain has an identical copy of the database, fraudulent transactions are nearly impossible. If any one computer has a blockchain entry that all of the others don’t recognize, that entry is rejected. Entries are only added if all of the computers with access to the database agree.

The first “app” based on blockchain is Bitcoin, a cryptocurrancy. You can watch a short video that explains Bitcoin here. Bitcoin was the first truly digital currency, which allowed the transfer of money without the need for any centralized institution like a bank. Now there are a number of cryptocurrancies with names like Ether and litecoin.

But blockchain’s potential goes far beyond currencies. It can be used to streamline, simplify, and secure a wide variety of transactions, such as supply-chain management, digitial voting, collecting taxes, and recording real estate transfers and ownership. Essentially, any transaction involving value could be conducted—and improved—on the blockchain. Some think that the entire worldwide financial system will eventually move to blockchain — and I agree. Additionally, developers are using a blockchain platform called Etherium (which also underpins the Ether cryptocurrancy) to create “smart contracts” — essentially programming code that is capable of executing or enforcing contractual terms. This is a powerful, but complicated, concept that I will discuss in more detail in a future post.

Companies large and small are racing to develop new “apps” based on blockchain technologies.  This entire industry is essentially in the research-and-development phase, which means that trade-secrets issues abound. These companies can benefit from tech-savvy lawyers who understand how to protect this rapidly developing information.

This post is a very basic introduction to blockchain. I’m fascinated by the technology and see virtually limitless potential. If you want to learn more, I’d recommend The Internet of Money, an excellent book by Andreas M. Antonopoulos. And stay tuned — I intend to explore the intersection of blockchain and trade secrets here at Protecting Trade Secrets.

Florida Companies: Are Your Non-Competes Missing This Critical Provision?

Under Florida’s restrictive-covenant statute, Section 542.335(f), a restrictive covenant is only enforceable by a successor entity or third-party beneficiary if the agreement so provides. This provision can become very important following corporate merger or sale transactions. Or in the due-diligence period leading up to those transactions.

In a recent Florida case, Collier HMA Physician Mgmt, LLC v. Menichello, the plaintiff almost fell victim to this statutory requirement. A copy of the opinion can be downloaded here.

In this case, the plaintiff owns a healthcare business employing approximately 40 doctors. It also operates two hospitals and clinics. The defendant, a physician, previously worked for the plaintiff, where he signed a non-compete agreement prohibiting him from working for certain of the plaintiff’s competitors. After his departure, he accepted a position with one of those competitors, and the plaintiff filed suit.

The physician argued that a merger transaction involving the plaintiff’s corporate parent triggered the statutory provision above. Per the physician, since the agreement did not expressly provide for enforcement by successors, the merger invalidated the non-compete. The trial court agreed and granted summary judgment in the defendant’s favor.

The appellate court reversed. To reach that conclusion, it interpreted the term “successor” in the statute as “a corporation that, through amalgamation, consolidation, or other assumption of interests, is vested with the rights and duties of an earlier corporation.”

The court found that “the status of [the plaintiff] after the merger does not comport with the standard definition of a successor as it relates to corporations or other business entities.” In particular, there were several tiers of corporate entities between the plaintiff and the parent company that was subject to the merger. While the ownership of the ultimate parent company changed, “nothing about the corporate structure or ownership of [the plaintiff] was different after the merger”; it “continued in existence as a single member limited liability company.”

In the end, the plaintiff here was able to enforce its non-compete agreement. But all of this trouble could have been avoided. This leads to a very simple takeaway: when drafting restrictive covenants in Florida, include a provision allowing their enforcement by successors and assigns. Florida companies with existing restrictive-covenants should have a lawyer review them for compliance with this statute.

Similarly, anyone considering acquiring or merging with a company with Florida employees/independent contractors needs to have a lawyer review any restrictive covenants for this purpose.

The failure to include this provision could lead to all sorts of problems. For example, it could impede a later merger or sale of the company. But any Florida company can avoid these problems by having a lawyer conduct a simple review.

 

One Simple Step in Outlook to Protect Your Trade Secrets

If you and your employees use Outlook, you can take one simple step now to dramatically reduce the risk of inadvertent sharing of confidential information: Disable email-address auto fill.

Everyone loves this feature. You type the first few letters of someone’s name, and Outlook fills in an email address. But the increased efficiency comes at a cost, as everyone occasionally sends an email to the wrong person whose name is similar to the intended recipient.

If that email contains confidential info, you’ve just compromised it. Hopefully, you sent it to someone friendly who will comply with your embarrassed request to delete the email. Even if there’s no confidential information, the recipients may question your ability to exercise discretion when necessary. (Also, imagine later trying to prosecute a trade-secrets action and having to produce in discovery an email sending the info at issue to some random guy.)

So I strongly recommend that you disable this feature. And have your IT department disable it for all employees. The relatively minor loss of efficiency is outweighed by the reduced risk of unwanted disclosure. And there’s an added benefit: not having to send sheepish apology emails to the mistaken recipients (and sometimes to the other intended recipients who now have an interloper privy to the discussion).

Here’s how you disable this feature:

File –> Options –> Mail –> Send Messages –> Deselect the radio button for “Use Auto-Complete List to suggest names when typing in the To, CC, and Bcc lines”

ABA Ethics Opinion: Trade-Secrets Lawyers Need to Encrypt Emails

By definition, lawyers working on trade-secrets issues, whether in litigation or otherwise, have access to their clients’ most confidential information. And, of course, these lawyers routinely communicate with clients via email, including about the trade secrets. Sometimes, even the trade secrets themselves are exchanged via email.

This raises ethical issues. Recently, the ABA Committee on Ethics and Professional Responsibility issued a formal opinion addressing lawyers’ ethical obligations when transmitting confidential client information. The opinion can be downloaded here.

All lawyers who deal with trade-secrets issues should read the opinion. But here are some highlights:

The opinion recognizes that law firms are hacking targets because:

(1) they obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client, and (2) the information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client.

It then discusses applicable ethical rules, concluding that “lawyers must exercise reasonable efforts when using technology in communicating about client matters.” So what are reasonable efforts?

What constitutes reasonable efforts is not susceptible to a hard and fast rule, but rather is contingent upon a set of factors. In turn, those factors depend on the multitude of possible types of information being communicated (ranging along a spectrum from highly sensitive information to insignificant), the methods of  electronic communications employed, and the types of available security measures for each method.

The opinion specifically mentions lawyers who deal with trade secrets, since those matters “may present a higher risk of data theft.” The fact-based analysis is often relatively simple in trade secrets cases: if you are transmitting your client’s trade secrets or related information, you may need to use “particularly strong protective measures”:

A fact-based analysis means that particularly strong protective measures, like encryption, are warranted in some circumstances. Model Rule 1.4 may require a lawyer to discuss security safeguards with clients. Under certain circumstances, the lawyer may need to obtain informed consent from the client regarding whether to the use enhanced security measures, the costs involved, and the impact of those costs on the expense of the representation where nonstandard and not easily available or affordable security methods may be required or requested by the client. Reasonable efforts, as it pertains to certain highly sensitive information, might require avoiding the use of electronic methods or any technology to communicate with the client altogether, just as it warranted avoiding the use of the telephone, fax and mail in Formal Opinion 99-413.

There is a simple takeaway for all trade-secrets lawyers: think very carefully about how you are transmitting confidential client info. This requires an open dialogue with the client. You need to figure out how you will be protecting this data while in transit (and at rest, but that’s a separate issue). At my firm, we have the capacity to encrypt individual emails on-demand, which can allow for secure transmission of sensitive data.

But this sensitive data isn’t only shared with clients. Often, it will need to be produced in litigation. Lawyers spend a lot of time negotiating protective/confidentiality orders with attorney’s eyes only (AEO) protections. But don’t forget to securely transmit AEO documents to the other side. For example, my firm uses a secure/encrypted document sharing platform.

Trade-secrets cases often move fast. But this ABA opinion shows that regardless of how intense the litigation becomes, lawyers must be cognizant of their obligations to protect clients’ confidential information.

Damages for Misappropriation of Trade Secrets Found Non-Dischargeable In Bankruptcy

Guest post by Solomon B. Genet

As Eric’s law partner, from time to time I “guest post” on trade secret issues in the insolvency / bankruptcy context.  One important issue involves the dischargeability of pre-bankruptcy misappropriation claims. The March 31, 2017 In re Mandel decision out of the Eastern District of Texas addresses this issue.  There, claimants filed proofs of claim in Mandel’s bankruptcy case alleging that the debtor violated the Texas Civil Theft Liability Act (“TCTLA”) by misappropriating trade secrets. The debtor objected to these claims. On September 30, 2011, the bankruptcy court tried the matter and found that the debtor violated the TCTLA and awarded the claimants damages and attorney’s fees. Years later, the issue before the bankruptcy court was whether these claims (arising from conduct prior to the bankruptcy filing) could be discharged in the bankruptcy case.

The claimants asserted that the damages for violation of the TCTLA were non-dischargeable on a variety of bases, and the bankruptcy court ruled in favor of the claimants on some theories and against the claimant on others.  To narrow the issues for purposes of this post, the bankruptcy court determined that its previous decision finding (as a matter of fact and law) that the debtor misappropriated trade secrets was sufficient to also prove that the debtor committed: (1) fraud; (2) larceny (fraudulent and wrongful taking of the property of another with intent to convert such property to the taker’s use without the consent of the owner); and (3) embezzlement (fraudulent appropriation of property by a person to whom such property has been entrusted, or into whose hands it has lawfully come).  Each of these bases gave rise to the misappropriation of trade secret claims being non-dischargeable.  Therefore, the bankruptcy court did not require re-litigation of the issues and found in favor of the claimants.

Practice Pointer:    When litigating a claim for misappropriation of trade secrets, make sure your strategy includes collection of the debt arising from that claim.  If there is a possibility that the wrongdoer may file for bankruptcy, consider the elements of a claim for non-dischargeablity when presenting and proving your case.

The case is In re Mandel, No. 12-4128, 2017 WL 1207503 (E.D. Tx. March 31, 2017).

 

 

Alley-Oops: The Orlando Magic Tweeted a Picture Showing Team Trade Secrets

Sometimes companies forget about even the most obvious protections for their trade secrets. For example, “don’t tweet out a picture of your secret business strategies.” The Orlando Magic recently did just that.

Earlier this month, a player’s agent tweeted a picture of the player signing a new contract with the Magic. But the picture also showed a dry-erase board listing the Magic’s off-season free-agent targets and trade possibilities. Now there are reports that the Magic’s general manager, who has since been fired, took the picture.

It goes without saying that the Magic don’t want the rest of the league knowing about their off-season personnel plans, which are arguably trade secrets if appropriately protected. But for some reason, they left those plans on a dry-erase board and then let an agent—who could potentially benefit from knowing that information—into the room. And then they allowed the contents of the board to be shared with the rest of the world. Not particularly savvy.

The lesson here is simple, and seemingly obvious: trade secrets need to be secret. They shouldn’t be left up on a dry-erase board. Or in papers on someone’s desk. This episode shows that even intelligent people can have a lapse of judgment. If you implement and enforce a trade-secrets policy that only allows storage of trade secrets in secure media, and limits disclosure of trade secrets to those who need them to do their jobs, you can minimize the “human error” element that led to this embarrassing gaffe.

The Cybersecurity Article that Every Executive Should Read Immediately

I love this article, titled Why America’s Current Approach to Cybersecurity Is So Dangerous. It should be required reading for all executives at companies at risk of a cyber attack — in other words, all companies. While the whole article is great, its core message can be reduced to a single sentence: People, not technology, are the key to reducing the risk of cyberattacks. I could not agree more, as I’ve written about before. Every company needs to ask: what can we do to create a culture of protection?

The article starts by identifying the problem:

We should be concerned that, as a society, our minds go mushy when it comes to “digital literacy,” “information security,” “online safety,” or whichever name we choose. In fact, that mushiness is a major reason why America’s current approach to cybersecurity is so dangerous. We’re ignoring the behaviors of the overwhelming majority of actual users, and therefore leaving the largest attack surface undefended. . . . To the extent we are all part of the contest in cyberspace, we’re essentially deploying our troops without armor, our submarines without sonar.

And as a result, “cybersecurity has transformed what is actually a ‘people problem with a technology component’ into its exact opposite.” Yes! Technology is not a panacea for preventing cyber attacks. Technology can’t protect your company’s biggest vulnerability: the people working there. “Until we embrace a vision of public cybersecurity that sees all people, at all ranges of skill, as essential to our collective security, there will be no widespread cybersecurity.” The same goes with your company. You can spend millions or more on tech-based protections, but if you ignore the human risk, your security is virtually certain to fail. And of course, if you are at risk of a cyberattack, you are at risk of trade-secret theft.

The article finishes with a great analogy between cybersecurity and public health:

We need to get better to increase our herd immunity against botnets. We need to see that cybersecurity—like all aspects of safety, security, and resilience—is a shared responsibility. Better devices and apps won’t save us, since there are myriad other ways that individuals—even highly trained ones—become the weak link allowing bad guys to access personal, corporate, and government information assets. And almost all efforts at online safety, while well-meaning, are so poorly designed as to preclude knowing whether they work. It’s not magic: As with health or safety education, we need to start with basic steps and repeatable behaviors—like hand-washing or looking both ways before crossing.

This is the key. In a mature organization that has fully embraced and achieved a culture of protection, the employees will treat cybersecurity as second nature. Good habits will have become routine. Unfortunately, I have yet to encounter a company that has reached this point. For a variety of reasons—dependence on technology first among them—just about all employees have a host of bad habits that put the company at risk.

Creating this culture is not easy. To the contrary, it will require repeated, sustained effort, initiated and supported from the very top of the organization down, over a long period of time. Nor will it guarantee that all cyberattacks will be thwarted. But I see no viable alternative. Any company that has not made employee-level protection a top priority is virtually certain to suffer repeated cyberattacks.

Florida’s Restrictive Covenant Statute: The Power of Presumption

Florida has one of the most employer-friendly restrictive-covenant statutes in the country, Section 542.335, Fla. Stat. For example, the statute prohibits judges from considering any hardship suffered by the person against whom enforcement is sought. The statute also contains a rebuttable presumption that a violation of an enforceable restrictive covenant creates irreparable injury. Yesterday, Florida’s Third District Court of Appeal (which covers Miami-Dade County) issued an opinion showing the power of this presumption. The opinion, in Allied Universal Corp. v. Given, can be downloaded here.

Allied manufactures and distributes water-treatment chemicals. Defendant Given worked as a regional sales manger for Allied and signed a non-compete agreement. As part of his employment, he received training regarding various aspects of Allied’s business. Given resigned from Allied to work for Univar, a company that competes with Allied. Allied filed suit and sought a temporary injunction, which the trial court denied on the grounds that Allied failed to show irreparable harm.

The appellate court focused on the rebuttable presumption of irreparable injury and described the evidence offered by Allied:

At the evidentiary hearing on the motion for temporary injunction, Allied presented unrebutted evidence of the existence of statutorily legitimate business interests to be protected and evidence that Given had substantial relationships with specific prospective or existing Allied customers. Allied’s president, Mr. Palmer, testified that his company had trained Given, over the course of Given’s six-year employment, in its manufacturing and production techniques, marketing strategies, and confidential pricing strategies. In addition, Given had knowledge of existing and prospective customers, and had been sent to several trade meetings to cultivate these contacts.

Thus, the court concluded that Allied had successfully shifted the burden to Given to establish the absence of irreparable injury. But Given “failed to present any such evidence.”

Interestingly, Given argued that because he had not yet begun actively working for Univar, he had not breached the noncompete and no damages were incurred. But he admitted that if he were not enjoined, he would start working for Univar. The court rejected this argument, noting that “the only focus at the preliminary injunction stage is to maintain longstanding relationships and preserve the company’s goodwill.” In the future, plaintiffs can use this language to highlight the need to maintain the status quo.

Given Florida’s employer-friendly restrictive-covenant statute, noncompete and related agreements are powerful tools for Florida companies seeking to protect trade secrets and proprietary information. Cases like Allied show how this statute makes it easier for an employer to obtain an injunction prohibiting violations of a restrictive covenant.

Another Federal Court: No Heightened Pleading Standard in Defend Trade Secret Act Cases

Previously, I wrote about a decision from the District of New Jersey that declined to apply a heightened pleading standard to Defend Trade Secret Act claims. Now, another federal court has reached the same conclusion. A copy of the opinion can be downloaded below.

In Aggreko, LLC v. Barreto, pending in the District of North Dakota, the plaintiff and one of the defendants, Elite Power, are competitors in the generator-renting industry. Defendant Barreto previously worked as Aggreko’s sales manager. Aggreko alleges that Barreto resigned under false pretenses, thereby hiding his intention to work for Elite Power. And on the way out, Barreto allegedly downloaded Aggreko’s trade secrets and confidential information. Aggreko sued Elite Power and Barreto for violations of the Defend Trade Secret Act, among other claims.

The defendants moved to dismiss, arguing that Aggreko failed to plead its misappropriation claims with sufficient particularity. The court rejected this argument:

All that is required at this stage of the proceedings is an allegation that Barreto misappropriated Aggreko’s trade secrets sufficient to put the defense on notice as to the nature of the claim. Aggreko has alleged Barreto wrongfully acquired its trade secrets and provided them to Elite Power. Aggreko describes its trade secrets as including customer lists and information regarding Aggreko’s operations, customers, business proposals, pricing strategy, client preference and history, and proprietary pricing models known only to Aggreko; a description which the Court finds is clearly adequate under Rule 8. The discovery process will provide the parties with the details relevant to the claims, most of which are known to Barreto.

In this case, it sounds like the plaintiff only offered high-level allegations of the trade secrets at issue. And those allegations survived a motion to dismiss. This, along with the case discussed in my prior post, should be encouraging to trade-secret plaintiffs who are leery of a possible heightened pleading standard in federal court.

Aggreko v. Barreto Order

Federal Court Denies Expedited Discovery In Defend Trade Secret Act Case

Trade-secret-misappropriation cases can move fast. Often, the plaintiff files a motion for temporary restraining order alongside its complaint. Sometimes, the plaintiff has enough evidence already to justify a TRO. Other times, the plaintiff needs to take discovery before the TRO hearing.

But the typical discovery deadlines in the rules of civil procedure are not well suited for these TRO proceedings. Thus, plaintiffs regularly seek expedited discovery. In my experience, the parties are often able to agree to an expedited discovery schedule, since defendants usually want to take discovery as well. But when the parties cannot agree, the court needs to get involved. A recent case out of the Middle District of Florida shows the importance of narrowly tailoring expedited discovery requests, particularly when asking a judge to permit this type of discovery.

In Digital Assurance Certification, LLC v. Pendolino, the plaintiff works with municipal bond issuers to comply with various SEC regulations. The plaintiff alleges that the defendant, a former employee, left to work for a competitor. And in his final week of work, according to the plaintiff, the defendant used a USB drive to access every document on the plaintiff’s shared drive. Thus, the plaintiff brought claims for violations of the Defend Trade Secret Act and the Florida Uniform Trade Secrets Act, among others, and filed a motion for a TRO.

In advance of the TRO hearing, the plaintiff filed a motion for expedited discovery. The court denied the motion. A copy of the order can be downloaded below.

The court first set forth the standard for determining whether the plaintiff had demonstrated good cause for expedited discovery:

Factors the Court considers in deciding whether a party has shown good cause include: (1) whether a motion for preliminary injunction is pending; (2) the breadth of the requested discovery; (3) the reason(s) for requesting expedited discovery; (4) the burden on the opponent to comply with the request for discovery; and (5) how far in advance of the typical discovery process the request is made.

Here, the court focused on the second factor, the breadth of the plaintiff’s requests. The court took issue with the scope of the plaintiff’s requests, noting that “while these matters may be relevant to the issues raised in DAC’s complaint, they go far beyond what is needed for the hearing on the motion for a temporary restraining order.”

Take away: When bringing a motion for a TRO, the plaintiff’s lawyers need to figure out quickly whether the parties will be able to agree to an expedited discovery schedule. If not, the plaintiff needs to draft discovery requests that are laser focused on the issues relevant to the TRO hearing. In my experience, judges will allow this type of discovery, as long as the requests are reasonable. Conversely, judges will protect defendants from overbroad discovery.

Digital Assurance Certification, LLC v. Pendolino

%d bloggers like this: