“Risk comes from not knowing what you’re doing.”Warren Buffett
At this moment, there is a fellow riding a bus in London who will determine the fate of your secrets. To be more precise, he’s on the Clapham bus; but he has no name. In fact, he’s a fictional character originally imagined by 19th Century journalist Walter Bagehot, who thought that “public opinion” was best described as the “opinion of the bald-headed man at the back of the omnibus.” The idea was picked up by the English courts as a metaphor for the “reasonable person” standard that is applied in all sorts of cases, from criminal to personal injury to contract interpretation. It also has special application to trade secrets, which we’ll get to in a minute.
First, a bit more about the hypothetical “reasonable person.” As the UK Supreme Court explained in a 2014 decision, the “Clapham omnibus has many passengers. The most venerable is the reasonable man, who was born in the reign of Victoria but remains in vigorous health.” Others include the reasonable parent, the reasonable landlord and the “fair-minded and informed observer, all of whom have had season tickets for many years.” The point is for the judge or jury to put themselves in the mind of this fictive but “reasonable” person, for guidance on what the actual person in the case should have done.
If this strikes you as a vague and maybe unpredictable cop-out by judges who can’t come up with a more precise standard for acceptable behavior, you wouldn’t be alone. But at least it’s objective, in the sense that what’s reasonable is what that anonymous guy on the bus would think about the behavior of someone in similar circumstances. It’s not about what the person being judged thinks is sensible or right. In effect, being dim is no defense.
What does this have to do with trade secrets? Under modern law, as established by the states under the Uniform Trade Secrets Act (UTSA) or the federal Defend Trade Secrets Act (DTSA), a business that wants to protect the integrity of its confidential information has to provide evidence of “reasonable measures” to prevent the loss. This means that before you can get help from the courts you must have helped yourself by taking actions “reasonable under the circumstances” to maintain secrecy of your data. In other words, your preventive efforts will be judged under the “reasonable person” standard.
It wasn’t always like this. Back in the days when the rules came from the common law (individual decisions of judges), trade secrets were treated as a part of tort law, and the emphasis was on the confidential relationship between the business and those it had to share secrets with. Courts focused more on the defendant’s bad behavior in taking or misusing the secret than they did on whether the information deserved to be protected at all. This perspective found expression in the 1939 Restatement of Torts, which defined trade secrets in reference to a set of six factors to be weighed as the judge saw fit. One of those was “the extent of measures taken by [the trade secret owner] to guard the secrecy of the information.” That left a lot of room for judges to just do what felt right. Defendants who had been caught behaving badly had little luck in arguing that the plaintiff should have done a better job protecting its secrets from misappropriation. One judge compared the argument to the car thief that complains about the driver leaving his keys in the car.
Things began to shift in the 1980s. Trade secrets were viewed more like property rights, with owners being expected to draw boundaries and provide warnings. As more states adopted the UTSA, with its specific requirement (no longer just a factor) that the trade secret owner prove that it had exercised “reasonable efforts,” judges started to express more skepticism about those efforts, and that trend picked up with the adoption in 2016 of the DTSA, which allows most trade secret cases to be brought in federal court. Thirty years ago, trade secret claims were only rarely dismissed before trial based on a failure of reasonable efforts. Now, according to a recent study by the law firm Winston & Strawn, it happens in 11% of trade secret disputes. The “reasonable person” standard is now the “reasonable business” standard, and it really matters.
A recent case decided by the Second Circuit Court of Appeals, Turret Labs USA, Inc. v. CargoSprint, LLC, illustrates how things have changed. Turret had developed a software program for use only by freight forwarders operating at airports, but licensed the product to airlines, in this case Lufthansa. CargoSprint was alleged to have gotten access through Lufthansa by falsely presenting itself as a freight forwarder, acquiring secret algorithms and other information it used to create a competing product. Turret alleged that Lufthansa had “protocols” in place to ensure proper access, but it did not recite what provisions of its license required the airline to apply them. It also alleged various network security measures such as servers in locked and monitored cages, with data in transit secured by encryption. The appellate court affirmed the trial judge’s order dismissing the complaint for failure to describe reasonable efforts. Based on the allegations in its complaint, Turret had given full authority to Lufthansa to control access, but apparently without requiring it to do so. That basic surrender of control to a third party rendered irrelevant all of the technical measures that had been applied to secure the IT system.
Turret, and cases like it, teach us four important lessons. First, businesses have to pay close attention to trade secret management. That’s mainly about preventing loss or contamination of those assets, which these days represent the lion’s share of a company’s sustainable value. But it’s also about being ready in case you have to go to court to protect your rights. These cases often come at you very fast, after you’ve discovered that a departing employee or unreliable business partner threatens to abuse a trust. When that happens, you need to be prepared to explain not only what your trade secrets are, but also all the steps you have taken to demonstrate to the court that you have acted prudently to maintain control over these valuable assets. That means designing your relationships and transactions with a keen eye to this dimension of risk.
Second, the trade secret statutes require you to prove both that your secrets have competitive value and that you have exercised reasonable efforts to protect them. Don’t conflate those two related but distinct issues. Your secret process or other confidential information may appear to give you a significant advantage over the competition; but you also have to signal that special value to those who have access to it. Robust training for employees and careful contracting with third parties will be part of the story you may have to tell about how you made sure that everyone understood what your secrets were and how they were supposed to protect them.
Third, in designing your protection program, don’t fall into what I call the “checklist trap.” You can find lots of lists of protective measures culled from judicial decisions about what judges found to be sufficient in a particular case. More often than not, those decisions will be on motions to dismiss or summary judgment, where the court is making a narrow ruling, preserving for the jury the ultimate decision on what is or isn’t “reasonable.” What some other company has done may be interesting, but it’s not particularly relevant, unless they are protecting the same kind of information that faces identical risks. The question is what’s reasonable to maintain the secrecy of your unique secrets, in the light of the unique (and usually dynamic) risk environment they live in. Remember that Turret had apparently constructed a fairly secure framework against external attacks, but none of that mattered because it transferred access control to its licensee without limitations.
Fourth, approach the issue the same way that you would any other major area of business risk, by performing a classical risk analysis. Consider carefully the value of the information you want to protect as well as the security risks that it faces on a day-to-day basis in the business – with particular emphasis on the “internal threat” of uninformed or careless employees as well as the full range of third-party access through supply chains and collaborations. Examine what you can do to efficiently mitigate those risks, which will normally come down to careful relationship management, through contracts, communications and education. (For a thorough discussion of trade secret management, see the draft Sedona Conference Commentary on “Governance and Management of Trade Secrets”).
Your primary objective always is to maintain control over your data assets so that they don’t migrate or get infected. But if you ever have to go to court to protect them, resolution of the “reasonable efforts” issue will be driven mainly by whether or not your secrecy efforts taken before the litigation appear to be consistent with the high value you assert in the courtroom. Sitting in judgment on that question will be that bald-headed fellow on the Clapham omnibus.
The World Trade Organization last week approved a deal to loosen intellectual property protections that many policy professionals say will shatter investment and innovation incentives for drugmakers to meet the needs of major health crises. The deal was a blow to vaccine makers such as Pfizer Inc. and Moderna Inc., which fought to keep the current framework that enabled them to produce life-saving vaccines in record time.
“Anyone with a stake in preventing or responding to future crises should be concerned about the negative effect of this agreement,” said James Pooley, a former deputy director general at the United Nation’s World Intellectual Property Organization.
The IP waiver comes after nearly two years of debate and at a time when initial catalysts for a plan to spur vaccine access and production capabilities have largely been addressed—leaving many in the IP and drug spaces skeptical of the goals of the agreement beyond political gain.
“It delivers the worst possible result: coming at a time when there is an oversupply of vaccines, it is irrelevant to the current crisis; and by reducing the reliability and predictability of patent protection it makes it much harder to secure private investment in the research required to deal with the next global health crisis,” Pooley said.
The waiver indicates that patent rights include ingredients and processes necessary for the manufacture of the vaccine. Were that interpreted to include trade secrets, it could scare off investment capital, Pooley said.
“All warfare is based on deception. There is no place where espionage is not used.”— Sun Tzu
What does the invasion of Ukraine have to do with COVID-19? Would you believe intellectual property is the link? Stay with me on this; it’s an interesting story.
Recently, it was confirmed that the Main Intelligence Department of the Ministry of Defense of Ukraine – apparently with some help from volunteer hackers – managed to breach the network of Russia’s most guarded nuclear power facility and make off with extremely valuable trade secrets. The Beloyarsk Nuclear Power Plant contains the world’s only two operational “fast breeder” reactors. More than 20 countries, including the U.S., Japan and France, have been working for decades on this technology, which is supposed to be able to extract close to 100% of the energy from uranium, compared to about 1% for light water reactors.
In other words, this is a process that can produce large amounts of energy while completely consuming the fuel and creating virtually no nuclear waste. Whoever is able to commercialize it will make a fortune. So far, no one has come close to the Russians.
As you might expect, the Beloyarsk facility is closely guarded. But because it has to communicate with various suppliers, its network has electronic doors that can be unlocked. Ironically, at about the same time that the Russian army was in Ukraine overtaking the Chernobyl nuclear plant, Ukrainian hackers were worming their way into Beloyarsk’s business network, which in turn gave them access to control systems, parts lists, floor plans and other critical data. To the delight of power companies around the world, Ukraine has supplied this trove to a journalist who is publishing the documents on his website.
You can almost hear the public cheering for underdog Ukraine. Some commentators have suggested this hack represents the first “weaponization” of intellectual property to damage a nation. I’m not sure I’d go that far. In any event, the broader issue of “technology transfer” across borders has a long and interesting history, a brief review of which will bring us to the current pandemic.
State-sponsored commercial espionage started at least as early as the sixth century, when a pair of monks returning to Constantinople from a mission to China brought inside their bamboo staffs a colony of silkworms and in their heads the knowledge of how to breed them and weave their output. This broke China’s de facto monopoly on what had become the world’s most valuable commodity, more precious by weight than gold. Constantinople (now Istanbul) also nurtured a community of glass blowers, and when the city was sacked in the early thirteenth century, Venice welcomed them, and soon thereafter made it a crime for them to leave.
Besides beautiful glass, Venice created the first patent system, and it was emulated throughout Europe. But these patents were granted on the basis of “local novelty,” meaning that the applicant did not have to be the actual inventor, but just the first person to bring the innovation to the country. These so-called “patents of importation” were a sensible way for countries to move up the IP value chain quickly, because there were no journals or other mechanisms for rapid dissemination of new ideas, and national economies were largely independent of one another. So, what seems to us today like theft was viewed with more equanimity as a victimless act.
It wouldn’t be until 1883 that the first international treaty on intellectual property, the Paris Convention, established cross-border recognition of patent rights. In the meantime, what with the Enlightenment and empire building and all, Europe was rapidly becoming more economically interdependent and competitive. While patents of importation remained a more or less above-board way to force tech transfer between countries, there developed alongside them a system of outright economic espionage.
Government spying for commercial secrets reached its zenith in the eighteenth century, when Britain had become the acknowledged world leader in precision manufacturing. Many European rivals, particularly France, saw espionage as the way to catch up. They did this in part through “tourists” and academics gathering technical information, but they were primarily interested in the “know-how” of skilled workers, and so most of their efforts consisted of recruiting foreign artisans. As French civil engineer Trudaine de Montigny put it in 1752, “the arts [that is, technologies] never pass by writing from one country to another; eye and practice can alone train men in these activities.”
In this way, the French (and other countries) were able to disrupt Britain’s exclusive control over innovation in steel production, metalwork in general, including copper sheathing of ships, and especially textile manufacturing.
It is in this latter area that the U.S. is unfairly (in my view) characterized as having built its industrial revolution through theft of IP from Britain, after Samuel Slater violated its law against emigration of skilled textile workers by leaving for New England in 1789. You can read my take on his story here. Regardless of how you interpret that murky record, there is no denying the facts about how this country organized its own patent system.
In 1790, just months after Slater arrived, Congress passed the first Patent Act, based on the authority provided by the “IP clause” of the Constitution. Alexander Hamilton strongly favored patents of importation, the traditional way to generate rapid economic growth, especially in a country that was short on labor and needed to maximize efficiency through innovation. Thomas Jefferson – who originally described any form of exclusive patent grant as an “embarrassment” to a free society – favored instead a system that would recognize the true inventor based on global, not local, novelty. Jefferson’s view prevailed. In this way, the U.S. looked to the market, rather than government muscle or spying, as the way to achieve technological progress.
The situation today might be seen as both simpler and more complicated. We have made things simpler with some powerful international agreements that have reinforced global respect for IP rights based on national law. Besides the Paris Convention, we have the Patent Cooperation Treaty of 1970, which now guarantees recognition of patent filing priority in 155 countries. And since 1995, with the establishment of the World Trade Organization, we have enjoyed the benefit of the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS), which sets minimum standards for recognition of all IP rights, including trade secrets.
In parallel with these developing international norms for the protection of IP, we have seen disturbing evidence of state-sponsored trade secret theft. Practiced mainly by countries with highly controlled economies, these efforts bring to bear the power and resources of a foreign government to target commercial enterprises around the world. The U.S. government has long issued warnings about state-sponsored industrial espionage by China, and recently, alarming messages have gone out about cyberattacks coming from Russia. Although those attacks are assumed to be directed mainly at disrupting critical infrastructure like banking and energy, once the enemy is “inside the system” they can easily gather commercial technology as well.
This now brings us to COVID-19 and efforts to ensure vaccine availability to the entire world. Here, the primary state actors are India and South Africa. At one very important level, they have spoken for the community of developing and least developed countries, properly pointing out the shameful disparity in distribution of vaccines between rich and poor nations. But as I have pointed out before (see here and here), their proposal that TRIPS protections be waived for any vaccine technology would be ineffective for the current pandemic and disastrous for the next one. And behind the proposal is a not-so-hidden agenda directed at the future enhancement of their own generic pharmaceutical industries.
The proposed TRIPS waiver is not really about patents, because the agreement allows countries to force a compulsory license during emergencies. Instead, it’s about old-fashioned tech transfer, as when the French wanted British manufacturing secrets and tried to hire skilled workers to emigrate. It’s the “know-how” that matters.
It may seem counterintuitive, but modern transfer of valuable technology from one country to another is enabled by strong trade secret laws that enforce voluntary agreements. Indeed, this fundamental truth is well illustrated by COVID vaccines, which couldn’t be produced alone by the companies that invented them. They had to find qualified commercial partners in other countries to collaborate, sending their scientists and engineers abroad for weeks or months to bring up to speed their colleagues about the “know how.”
In short, tech transfer for modern, complex technology is really hard to do, even when it’s voluntary and done according to a commercial agreement. The failed conceit of the “TRIPS waiver” project is the assumption that it’s even possible for governments to force that sort of surrender of private property.
Indeed, I think we can agree that any form of state-sponsored commercial espionage is wrong. Well okay, maybe when your country is under siege you may be excused for using whatever tools you have at hand to cause disruption to the aggressor. Also, the forced dissemination of efficient nuclear energy technology may be one of the few benefits to come out of this terrible tragedy in Ukraine.
“It signals that the United States is willing to play footsie with India and South Africa on this essential sort of lie, that pulling back on patent protections globally will somehow solve more problems than it creates, and that’s a delusion. And we’re buying into it,” said James Pooley, a former deputy director general at the World Intellectual Property Organization. “That itself will have a dampening effect on the willingness of companies to invest in technologies.”
According to the tentative plan, WTO members will decide whether to extend the waiver to “cover the production and distribution of COVID-19 diagnostics and therapeutics” within six months of an agreement.
McDole, however, noted that “like the vaccine manufacturers, Gilead and other therapeutic manufacturers are continuously entering into voluntary licenses to increase production and access” for Covid treatments.
The waiver, particularly from the U.S. point of view, is “the worst of both worlds,” Pooley said.
“It doesn’t solve the actual problems of vaccine availability,” and “it reinforces the idea that whenever we have some sort of global issue, let’s look at ways in which the IP system can be seen as a barrier,” he said.
“Trust, but verify.”– President Ronald Reagan
Trust is getting a lot of attention these days. Of course, it’s always been important in the United States. We declare trust in God on our currency, Scouts have to be trustworthy, and we even seem to trust the algorithm behind cryptocurrencies. On the other hand, we worry about what feels like a decline, if not complete rupture, in social trust. For businesses that depend on controlling the confidentiality of data shared with employees and outsiders, these are perilous times. Our most important assets are stored and transmitted through digital systems that are imperfect; and that’s without accounting for the frailties of the people with access to those assets.
Information security has come a long way since I started my career in the 1970s. There were no networks to worry about then, no powerful computers in the pockets of employees. Data was transmitted on paper. You just needed to watch the front door and photocopier. Employees with their badges as markers of trust could go pretty much anywhere they wanted within the facility.
The internet was still a pipe dream when the United States and the Soviet Union began negotiating to reduce their frightening stockpiles of intermediate-range nuclear weapons. One thing we remember from those negotiations is the quote attributed to President Reagan: “Trust, but verify.” A very wise and relevant point; but he didn’t make it up. The phrase is translated from a rhyming Russian proverb – Doveryai, no proveryai – that basically means to validate everything even with a trusted person. It turns out that one of Reagan’s advisors told him that the Russians love to speak in aphorisms, and this was his favorite from a list she had provided him to memorize. And he used it often; by the time the deal was struck, Gorbachev complained that Reagan said it in every one of their meetings.
At that time, and continuing until recently, trust has been at the forefront (along with verification) of enterprise secrecy controls. We could usually take comfort in the fact that we knew who our colleagues were in the building. (Remember when we all worked together in an office?) That’s also where the data was, sitting in secure filing cabinets in locked offices. Then came the corporate digital network, and now, increasingly, our IT systems are in the cloud and our colleagues (often from their homes) are connected with the company’s data through their personal computers, tablets and smartphones. Meanwhile, the bad guys are constantly attacking our systems, looking for security vulnerabilities that will get them inside.
But we do have to get the work done, frequently accessing sensitive data to do it. So, who do we trust? In the classic digital environment, identity is established with a password: get it right and then you’ve got broad access to wander through the system (or some major portion of it). That kind of “implicit trust zone” can work pretty well in a small company where people know each other. It is less likely to suit a business with thousands of employees and many external relationships where sensitive information has to be shared.
In most enterprises, security is managed by distributing more or less permanent status to individual users who are given access based on their then-current job description. If the system is working properly, scope of access is adjusted when a person moves to a different scope of responsibilities. But even when those changes are perfectly accounted for, the individual is still given admission to a very broad array of data, much more than might be necessary for any specific task.
That approach may be reasonable when you have very limited entry points into the system and where job requirements are fairly static. But increasingly, the company’s assets are in the cloud and its networks are accessible through other points, a lot of them remote. In addition, many people work on projects that change over time, so their scope of responsibility is not static.
Enter “Zero Trust,” where nobody gets a hall pass, and every inquiry is by default treated as if it might be a breach. The idea is to bring access controls down to the lowest possible level of detail, so that identity is established in much the same way that we did decades ago: we know who the user is because the system, using AI and machine learning based on the user’s profile and past behavior, recognizes them with a high level of confidence. And, in the same way, it “knows” what resources in the system they should or shouldn’t need. It then provides just enough access to enable the task at hand. In effect, this automates risk-based decisions in ways that can be more efficient.
You might be excused for thinking at this point: oh no, I’ve just gotten over the annoyance of dealing with two-factor authentication; the last thing I want to deal with is heavier security! Won’t this interfere with information flows and frustrate legitimate actors from getting the data they need to do their jobs? We understand, of course. But the proponents of ZTNA (zero-trust network architecture) assure us that it’s actually going to be easier to deal with. Technology deployed to reliably identify you will in fact be so seamless that you will be able to get rid of the dreaded VPN connection!
What? How is that possible, you might say. Well, look at it this way: the VPN is a door with a lock consisting of certain credentials, and hackers go for those credentials just like they do other data – and that’s because the credentials reflect “implicit trust.” When the door no longer is opened by a key but instead by an intelligent, well-informed analysis of who is there and why they want to get in, the hacker’s job just got enormously more difficult. People sitting at their desk can sometimes be fooled by spearphishing emails based on data about them scraped from social media; but you’ll almost never be able to fool the AI machine.
Indeed, technology is what’s enabling this much more sophisticated approach to IT security. It’s increasingly possible to adjust access controls dynamically to account for changes in the risk environment. The security professionals call this “adaptive access.”
Feeling better now? “Zero Trust” is not some dystopian nightmare in which we have lost all our humanity. In fact, it may make our jobs easier by automating detection and response processes that now involve humans with all their capacity for error and misjudgment. Or at least that’s what everyone seems to assume.
In any event, ZTNA is coming to a large company near you. We can be fairly sure of this because the National Institute of Standards and Technology, part of the Commerce Department and the source of the most widely adopted standard for cybersecurity management, has recently issued the NIST 800-207 Zero Trust guidelines.
For many smaller companies, this is likely to be a long-term issue, as the risk environment may not indicate this sort of access control, especially within groups that value a great deal of fluid information flow and collaboration. But for larger, more complex organizations with multiple business units and product lines, the zero-trust approach may be the right direction.
As with most information security strategies, this one begins with identifying the company’s “resources”—that is, your data and where it’s located. Then you examine all of the “identities” that may need access. That part of the process is likely to be more difficult with mature organizations, because of the proliferation of user accounts. After that, you determine the circumstances under which the “identities” need to access each resource, and at that instance of interaction define levels of confidence (i.e., establish algorithms) that will permit different levels of access.
For most companies, this doesn’t mean replacing your existing framework, because most of the principles are implemented in existing systems, especially identity verification. Zero trust just takes it to a new level with a judgment about confidence in the identification, by looking at the circumstances of the access request and the device it’s coming from.
The new phrase is “never trust anyone, and verify constantly.” But remember, these are automated systems to protect sensitive data; they are not comprehensive controls on human interaction within the enterprise. Indeed, inside the corporate community, we need to foster the kind of collegiality and honest communication that support empathy, collaboration, creativity and . . . . trust.
Secretary of State George Shultz, who accompanied Reagan during his negotiations with Gorbachev, published some good advice just before his passing at age 100: “When we are at our best, we trust in each other . . . . With that bond, [we] can do big, hard things together, changing the world for the better.”
“Secrecy is the badge of fraud.”— Sir John Chadwick
What a strange and compelling story. Brilliant young inventor conceives revolutionary machine, raises staggering amounts from investors, is fawned over by the press for a decade, then crashes to earth on revelations of faked demonstrations and technology that doesn’t work. When I learned of the recent jury verdict, I naturally turned over in my mind how all this could have happened to such a well-meaning person as . . . . . . . . . . John Ernst Worrel Keely.
Okay, you were expecting someone else. But since you may not have heard of Mr. Keely, let me fill you in, and explain the role that secrecy played in one of the country’s most elaborate and long-running scams. I assure you that the Theranos investors wish they had boned up on Mr. Keely’s operation.
Keely came to prominence in the 1870s, a time of breathtaking technological advancement. This was the decade of the phonograph, the telephone and the electric light bulb. Opportunity was in the air, ready to be seized upon by anyone with the foresight to identify, and invest in, the next big thing.
Some corners of theoretical science, however, had not caught up with this state of the practical art. Although we knew a lot about how electricity worked, physicists of the time still clung to the idea that all space was filled with an unidentified substance called the “ether” which was necessary for the transmission of light and electromagnetic waves. This stubborn mystery attracted Keely’s attention, and in his Philadelphia laboratory he conceived a machine that would be run by a previously unknown, but incredibly powerful, force derived from the ether and activated by the vibration of tuning forks operating on water.
Notice we use the word “conceive” here, just as patent lawyers would, to distinguish between having the idea and “reducing to practice” the invention. The first part can arrive quickly, in a “flash of genius” while the second part, building a device that works, can take years, or never happen at all. But part of Keely’s genius – he didn’t have a formal education – was his ability to spin the vision and to capture the imagination of his investors. And of course, to capture their money.
Introducing the “Etheric Generator”
In 1872, he invited a group of scientists, along with the press, to witness a demonstration of a rudimentary “etheric generator” that used vibrations to separate atoms of water, releasing enormous power. This effort resulted in enough eager investors to allow the Keely Motor Company to build and show off a more powerful version two years later. While he spoke of “quadrupole negative harmonics” and “etheric disintegration,” Keely blew into a tube and then poured in some tap water. As the machine started to grind and wheeze, the pressure gauge registered over 10,000 p.s.i. The press reported the reaction of one witness that, “great ropes were torn apart, iron bars broken in two or twisted out of shape, by a force which could not be determined.”
But the “force which could not be determined” was just too attractive to ignore. Technology was changing the world overnight, and if what Keely had could be scaled up, then the possibilities – and the profits – were practically limitless. The company was capitalized with over $5 million (the equivalent of more than $100 million today), from prominent investors like John Jacob Astor IV. A leading Philadelphia socialite provided Keely with a monthly salary to maintain his laboratory and his focus on perfecting his invention.
The stockholders showed extraordinary patience. Year after year, at their annual meeting, Keely would send a report about some new development or discovery that reinforced the fundamentals but required extensive refinement. As promised delivery dates passed, Keely would provide new demonstrations, with increasingly impressive outputs from the machine. He enthused that his “etheric generator” would make other sources of power obsolete, and that a train could travel to San Francisco and back using the power generated from the “disintegration” of a single quart of water.
Throughout the more than twenty years of the company’s existence, Keely resolutely refused to share any details of how his technology worked, claiming that to reveal the secret would destroy its advantage over the competition. Although some nervous shareholders asked for an independent inspection, most were content with Keely’s explanations and accepted waiting.
Keely died in 1898, apparently without having revealed his secret to anyone. However, an investigation by The Philadelphia Press concluded that Keely’s motor had been “a delusion and deception,” and that the “mysterious force” which Keely claimed to have discovered derived from a three-ton tank of compressed air buried in the basement of his laboratory, connected to the workshop with pipes and wires hidden in the walls and in false floors.
Hindsight Skews the Analysis
With the benefit of hindsight, it’s easy to see Keely’s investors as credulous rubes who let greed and hubris overcome their better judgment. But that’s the power of hindsight, isn’t it? Let’s say you were hanging around Palo Alto in 1998 and a couple of Stanford students named Larry and Sergey came to you saying they wanted to build an algorithm that would search information for free but bring in $100 billion a year in advertising revenue, would you have given them money to start what would become Google? Sure, you say, but that’s another application of the power of hindsight. The fact is that in real transactions like this we are stuck with trying to calculate risk without knowing all the facts.
So, if you’re an inventor with no track record to establish your credibility, or if you’re an investor who wants to ensure that the technology is “real,” how do you protect yourself? It’s understandable that the investor wants to look under the hood and poke around; and it’s just as understandable that the inventor wants to keep the secret under wraps, because if it gets out the value is destroyed. Both of these people have a legitimate interest in protecting themselves.
But that doesn’t mean that the inventor can lie. In her trial, Theranos founder Elizabeth Holmes admitted that she hid the fact that the company was not using its highly touted “finger prick” device to test patients’ blood and instead was using traditional test equipment from established companies. She tried to defend her behavior as protecting the company’s trade secrets about how it had modified that equipment. But the existence of trade secrets doesn’t allow the inventor to defraud. And it doesn’t – or shouldn’t – mean that investors have no obligation to check out the veracity of the inventor’s claims.
The Dilemma of Asymmetric Knowledge
The answer to this dilemma of asymmetric knowledge lies in finding creative ways to build trust and confidence, so that the risk on each side becomes clearer and more easily managed. In a process that I refer to as “progressive incremental disclosure,” the participants begin with no confidentiality agreement, but are open to establishing one. The inventor determines a series of “reveals” that can be expected to increase confidence in the investor, without giving away enough information to constitute a real risk to the integrity of the secret. Along the way, the inventor may demonstrate the technology in a way that shows its potential but again does not reveal the mechanism. In another step, the inventor may call on a respected third party to perform tests that can shed light on the plausibility of the innovative machine or process, without requiring access to everything about its operation.
At some point in this negotiation, trust and a willingness to accept risk may merge, leading the investor to agree to sign a nondisclosure agreement. That act may be significant, as it could interfere with the investor’s ability to deal with a competitor. But it also may not be enough. There are some innovations that are so easy to replicate that even with a nondisclosure agreement in place, not all the details will be made available. If it comes to that, at least the investor can make a decision based on having secured a lot more information than was available at the outset. And the parties will have tested their ability to rely on the trust imposed in one another.
In the end, it comes down to risk analysis, and a process of reducing risk through diligent investigation. For example, the investors in Keely Motor Company, had they looked a bit harder into Keely’s background, would have discovered that, before he became an inventor, he worked as a carnival barker.
Last year at this time, we thought we had been through the worst of it and, with the new vaccines arriving, that life would return to normal in 2021. Hahaha, how naïve we were! But take heart; some things hold steady through the storm, such as the popular sport of trade secret litigation. Unlike most patent and copyright cases, every dispute is guaranteed to unfold as a morality play—a story of good guys and bad guys.
Let’s now look back on the year when remote work dug in to become a permanent fixture, and remind ourselves of the broad sweep of trade secret law by looking at some of the more instructive and interesting opinions issued by the courts – and one inexplicable decision by our government.
This is where it all starts. The information has to be a secret, meaning you can’t find it on the internet. The legal expression of this simple idea requires that the information not be generally known or “readily ascertainable” – that is, easy to discover – through “proper means.” In Life Spine, Inc. v. Aegis Spine, Inc., 8 F.4th 531 (7th Cir. 2021), the trade secret consisted of the exact dimensions of a patented spinal implant device for treating degenerative disc disease. Life Spine hired Aegis as a distributor under a contract that prohibited reverse engineering and required Aegis to remain with the device through surgery. Aegis designed a copy and defended itself by arguing that the information was known through the patent and by marketing. But the diagrams in the patent did not disclose precise measurements of the component parts, and prospective customers were only allowed to inspect the device under close supervision. The court held that the measurements remained a secret.
Perhaps ironically, secrets can be lost through the process of trying to protect them in litigation, because of the requirement that court proceedings be open to the public. The law makes provision for this kind of risk, but the parties have to pay close attention to implementation. In Bader Farms v. Monsanto Co., 2021 U.S. Dist. LEXIS 16308 (ED Mo), a pretrial order called for document-by-document review of confidentiality of trial exhibits, but the plaintiff waited until after the evidence had been received to raise the issue, and sealing was denied. In a more nuanced decision in HouseCanary, Inc. v. Title Source, 622 S.W.3d 254 (Tex), the Texas Supreme Court announced two interesting holdings: first, that the Uniform Trade Secrets Act provision requiring courts to protect alleged trade secrets does not displace state procedural rules; and second, that introducing exhibits at trial without sealing is only a factor in determining whether secrecy of the information has been lost.
Closely related to the concept of secrecy is the requirement that the trade secret owner exercise “reasonable efforts under the circumstances” to protect the information. In effect, courts will not step in to help if the owner has failed to help itself with security measures that match the business risk. In DePuy Synthes Prods. V. Veterinary Orthopedic Implants, Inc., 990 F.3d 1364 (Fed. Cir. 2021) the issue was whether to seal a court filing that contained confidential information about the identity of a manufacturer. There was no NDA or other contract establishing confidentiality. Instead, the litigant relied on proof that it had kept that information confidential through its own internal security policies and protocols; but this was held to be insufficient. Similarly, the plaintiff in ASC Engineered Sols., LLC v. Island Industries, Inc., 2021 U.S. Dist. LEXIS 117177 (WD Tenn) tried to have the court enter summary judgment that its efforts were reasonable, citing its policies and practice to inform employees about confidentiality, and its marking of emails and documents with secrecy legends. Such evidence, the court held, could be considered but was not decisive, because what is reasonable is a question of fact, and the company’s employees had denied seeing the security policies.
The law generally recognizes anyone in lawful possession of secret information as an “owner” and entitled to sue for misappropriation, even if they hold it under a nonexclusive license. However, as explained in Zabit v. Brandometry, LLC, 2021 U.S. Dist. LEXIS 94234 (SDNY), the claimed right to possession of the information as a remedy for fraud or another tort does not give rise to “equitable title” in the trade secret sufficient for standing. And in Bio-Rad Labs., Inc. v. ITC, 996 F.3d 1317 (Fed.Cir. 2021), it was held that an employee’s undisclosed “idea” that contributed to a later invention by his colleagues at a subsequent job did not make the employee a co-inventor and the ex-employer a co-owner of the invention. On a related issue, the U.S. Supreme Court held, in Minerva Surgical, Inc. v. Hologic, Inc., 141 S.Ct. 2298 (2021), that the patent doctrine of assignor estoppel cannot be applied to the typical assignment by employees of future inventions, because their scope is inherently unpredictable. This ruling provides comfort to companies hiring from competitors, because the doctrine had been used as leverage in some departing employee cases involving trade secret and patent claims, to prevent the new employer from contesting validity of the patent.
One of the unique aspects of trade secret law, in comparison to other forms of intellectual property, is that the boundaries of the right are not specified in a government-issued grant. As a result, a preliminary – and usually consequential – question in every trade secret case is: what exactly is the trade secret information that’s being claimed? Usually, companies have not made an inventory of their information assets, and even if they have, the specific data involved in any given dispute is unlikely to have been described with precision before litigation begins. As a result, identification of the subject matter – and when and how to do it – has become a frequent early battleground in trade secret litigation.
This past year, two opinions from the Third Circuit have provided guidance on this critical aspect of case management. In Oakwood Labs. LLC v. Thanoo, 999 F.3d 892 (3d Cir. 2021), the defendant challenged the plaintiff’s description of its trade secrets because it did not clearly state which secrets it claimed that the defendant had misappropriated. This argument was rejected as an “effort to blend together the identification-of-a-trade-secret element and the misappropriation element, when “only discovery will reveal exactly what the defendants are up to.” Mallet & Co. v. Lacayo, 2021 U.S. App. LEXIS 30894 (3d Cir.) involved technology for commercial baking release agents (that is, things like oil that keep bread from sticking to the pan). The District Court, apparently impressed by strong evidence of misappropriation by a departing employee, had issued a preliminary injunction prohibiting use of thirteen broad categories of the plaintiff’s “protected materials,” including internal discussions of “actual major problems,” “supply source for product ingredients,” “pricing and volume data,” and “information about [plaintiff’s] equipment.” The Court of Appeals reversed, finding that this lack of specificity prevented any meaningful review of whether the plaintiff was likely to prevail on the merits.
Many trade secret disputes are caused by what we might call “NDA negligence,” either because the parties treat confidentiality agreements as mere forms instead of contracts, or because they don’t pay attention to some specific obligation or limitation of the NDA until it’s too late to fix. Two cases from this year illustrate the point. In EMC Outdoor, LLC v. Stuart, 2021 U.S. Dist. LEXIS 63438 (ED Pa), the defendant ex-employee had individually negotiated a provision in her nondisclosure agreement making the confidentiality provisions applicable post-employment only if she resigned. Because she was fired from the position, the court held, the contract language made it impossible to state a claim for misappropriation. Summary judgment was entered for the defendant. And in Bladeroom Group., Ltd. v. Emerson Elec. Co., 11 F.4th 1010 (9th Cir. 2021), parties to a potential merger had signed an NDA with a proviso that the agreement would terminate in two years, even though other aspects of the contract could be read to suggest continuing confidentiality. The District Court had prevented defendant from arguing that the two-year limit controlled because it was contrary to the parties’ intent and would lead to an absurd result. The Court of Appeals responded that it would be absurd to ignore the plain language of the proviso, and reversed a $60 million verdict.
Because those who misappropriate trade secrets would like to keep their actions, well, secret, it’s often difficult to find direct evidence of theft, and plaintiffs must prove their case with circumstantial evidence. Also, misappropriation by direct copying is rare, and so liability is usually established by demonstrating “indirect use” of the purloined information. In Oakwood Labs. LLC v. Thanoo, 999 F.3d 892 (3d Cir. 2021), the court held that indirect use can be inferred from the timing of a competitive hire, coupled with deception in the employee’s departure, the new employer’s lack of experience in the relevant technology, unusually low financial investment, and unusually rapid success. In contrast, merely retaining a former employer’s confidential documents, without any proof of use, will normally be insufficient to state a claim for misappropriation. In Zurich Am. Life Ins. Co. v. Nagel, 2021 U.S. Dist. LEXIS 89781 (SDNY), the court held this remained true even when the employee deliberately kept the documents as leverage for settlement of other claims against the employer.
Assuming misappropriation has occurred or is threatened, the question becomes what to do about it. If the plaintiff succeeds in securing a preliminary injunction, does that stop accrual of damages? No, said the court in ResMan, LLC v. Karya Prop. Mgmt., LLC, 2021 U.S. Dist. LEXIS 145462 (ED Tex); an injunction prohibiting use or disclosure of trade secrets does not break the chain of causation regarding defendant’s continuing benefit from the misappropriation. Oakwood Labs. LLC v. Thanoo, 999 F.3d 892 (3d Cir. 2021) considered the common situation in which the defendant has not yet launched a competing product, holding that harm is established merely by the act of misappropriation, because the plaintiff “has lost the exclusive use of trade secret information, which is a real and redressable harm.” And if it turns out that harm can’t be proved in any compensable way, explained the court in Elations Systems, Inc. v. Fenn Bridge LLC, 2021 Cal. App. LEXIS 975, the trial court should not dismiss the claim, but should instead award nominal damages.
Sometimes in committing trade secret theft, a defendant gains unauthorized access to information stored on a computer system. If so, then a (criminal and/or civil) violation of the CFAA, 18 U.S.C. §1030, can be alleged along with the misappropriation. But what if the defendant was authorized to have access, but used it for an improper purpose? The circuit courts were split on that question until the decision in Van Buren v. United States, 141 S.Ct. 1648 (2021). A police sergeant had agreed to use his patrol-car computer to retrieve license plate information for a private party. Reversing his conviction, the Supreme Court explained that if the CFAA “criminalizes every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals.”
Back in the mid-1990s, the U.S. government fought hard to get the World Trade Organization (WTO) to adopt global standards for IP protection, resulting in the Agreement on Trade-Related Aspects of Intellectual Property (TRIPS). It wasn’t just about registered IP rights; TRIPS Article 39 also required member states to provide legal protection for “undisclosed information.” Its structure and content closely followed the Uniform Trade Secrets Act, and ever since has been the basic reference pattern for the trade secret laws of many foreign countries.
In response to the COVID pandemic, a group of developing countries – led by India, with its large generic pharmaceutical industry – proposed that WTO “suspend” selected parts of TRIPS, including Article 39, ostensibly to enable more effective global access to vaccines. In May 2021, the Biden Administration surprised the international community when it joined in supporting the Indian proposal, apparently unaware of the central importance of secret know-how to the manufacture of vaccines by U.S. companies. In effect, the intended waiver would force a transfer of privately-owned technology that under normal (i.e., voluntary) circumstances requires many months of collaborative effort, with no plausible near-term effect on the distribution of vaccines to the developing world. The government is now engaged in finding a face-saving way out of the corner it has painted itself into. However, the diplomatic debacle has at least drawn worldwide attention to the role that secrecy plays in incentivizing the development of new therapies; and as we face the prospect of future pandemics, this new appreciation for the benefits of trade secret law should benefit all of us.
Question: how do you make money from a secret formula for a product that smells and tastes horrible and that no one wants? Answer: you make everyone believe they have a medical problem that only this stuff can solve.
Back in 1879, Joseph Lawrence, a St. Louis doctor, was experimenting with surgical disinfectants. This was a new thing. In the 1860s, a British surgeon named Joseph Lister was the first to perform surgery antiseptically, using carbolic acid as a disinfectant. Inspired by Lister, Lawrence came up with a compound of alcohol and essential oils that seemed to kill whatever bugs it touched. To honor Lister (and presumably to take advantage of his fame), Lawrence named the concoction “Listerine.”
He tried to sell it to dentists but wasn’t getting traction. In 1881, he ran into a local pharmacist, Jordan Lambert, who acquired the secret formula in return for royalties on future sales. Apparently not fully thinking through what “future” meant, Lambert signed a contract that guaranteed payment to Lawrence (and his heirs and successors) $20 for each 144 bottles sold. The contract consisted of two sentences with a total of 127 words.
Later, they agreed to reduce the royalty to $6, and then converted it to ounces, to account for different sized containers. But Lawrence wasn’t earning much on the royalties anyway, because Listerine sales remained sluggish. Even when Lambert took the product directly to the public in 1914, it just didn’t catch on. Maybe it was the foul smell (“like an old shoe”) or the taste (“like petrol”). The company tried promoting various applications besides mouthwash, including as a treatment for dandruff and gonorrhea (don’t ask). They even brought out (very briefly) a Listerine cigarette.
It was Lambert’s son, Gerald, following him as president in 1923, who came up with the idea that would make Listerine the world’s most popular mouthwash – and also make Lawrence’s family rich. If only people could realize that they had a medical condition, they would be willing to use something that tasted awful to fix it. So, Gerald coined the term “halitosis” – from the Latin word for breath and the Greek suffix “osis” which implies some form of disease.
The company spent millions on an aggressive marketing campaign – the equivalent of constant Super Bowl ads – to convince people that “halitosis” was a very serious social problem with a simple, medical solution: Listerine. The ads were early examples of fear-based marketing, usually featuring attractive people who were failing in their personal and professional relationships because of bad breath. Leveraging social anxiety, the ads promised that “your closest friends won’t tell you” and that “they talk about you behind your back.” And worst of all, “you yourself rarely know when you have halitosis.” (You can check out some of the ads here and here.) And if you have something that sounds as serious as halitosis, you need strong medicine, with a real “medicine” taste. A later tag line became “It’s the taste people hate – twice a day.” Advertising professionals now refer to Lambert’s campaign approvingly as a metaphor: using fear to sell a product is called a “halitosis appeal.”
Whatever you think of the social value of fear-based advertising, or about the direct line from there to today’s fear-based social media journalism, it certainly works. For Lambert, the results were astonishing: in the space of five years annual sales of Listerine increased from $115,000 to $8 million (today, U.S. sales exceed $650 million). But all the success attracted other attention to the product, and someone was able to reverse engineer it. The previously-secret formula was published in 1931, leaving the trademark, supported by all that advertising, as the foundation for continued success.
By 1955, when Lambert merged with another company to become Warner-Lambert, Lawrence’s heirs had pulled in a total of $22 million (think of all those actual silver dollars) and continued to be paid $1.5 million a year, even though the property right that Lambert had originally bargained for – a trade secret formula – had effectively disappeared. Figuring that 70 years was more than enough, Warner-Lambert filed a case in New York federal court, asking for a declaration that it could stop paying royalties for something that no longer had any value. It argued that the contract was “indefinite in time” and so should be subject to the rule requiring that a reasonable time limit be inferred. That time, it said, had passed, especially given how much the company had spent on advertising to build the brand.
In its ruling, the court rejected this argument, noting that the promise to pay royalties actually depended on a condition that Warner-Lambert controlled: the continuing sale of Listerine. Just stop selling it, the court explained, and you can stop paying the royalties. The parties to the original contract had to know that there was a risk of disclosure of the secret, and they could have provided for some consequence. Inserting one later would be to rewrite the deal.
As for Warner-Lambert’s huge investment in building the value of its trademark, the judge pointed out that those advertisements promoted the “unique, indeed, almost magical qualities of the formula;” and in any event the company was still benefiting from the “head start” that it had gained in the market, “which has proved of incalculable value through the years.”
Since then, Listerine has continued to sell the terrible-tasting “original” formula, with great success. Perhaps that’s because people still fear “halitosis” and assume that it has to hurt if you’re going to get better. Or perhaps it’s that after 140 years we’ve managed to acquire a taste for it. Just like Australians love Vegemite and Norwegians adore rakfisk. (Don’t know about Norway’s smelly fish? Check it out here). Anyway, everyone seems to be happy, not least the heirs of Dr. Lawrence and those who have bought from them small fractional interests in the continuing royalty stream. Last year, an investor paid $561,000 for just one of those.
So, what is this supposed to teach us? I thought you’d be too distracted by the story to ask. There are actually several good takeaways here.
First, when you’re dealing with trade secrets, the contract matters a lot. Unlike patents, by which the government gives you a limited-time monopoly, trade secrets are by their nature non-exclusionary. So, for the most part (there are some exceptions, which we’ll discuss another time) people and companies are free to draft their contracts as they wish. And that means that those involved have to be sure they read them carefully and understand their implications.
Second, contracts don’t have to be pages long for them to work as intended. This was one of the shortest I’ve seen, and it’s still going strong after almost a century and a half. Lawyers sometimes worry more about the risk of leaving things out than they do about whether everyone understands how the document allocates risk. As the Warner-Lambert case shows, appreciating the risk can be very consequential.
Third, the value of a secret is not entirely about its continued secrecy. Especially in fast-moving sectors, trade secrets can provide what the judge referred to as a “head start,” or what today we call a “first mover advantage.” Where getting access to the secret allows the recipient to capture market share, it may not matter what its lifespan may turn out to be.
Fourth – and this one is important – intellectual property strategy isn’t necessarily about choosing one kind of IP over another, but using them in complementary ways. We’ve already looked at that issue in relation to patents and trade secrets. The Listerine case highlights this same principle regarding trademarks and branding. And it isn’t unique. The 1980s blockbuster sweetener Nutra-Sweet was originally protected by a combination of patents and secret process technology that allowed the company to produce the generic material, aspartame, more cheaply than any competitor. And then to reinforce its dominance, it pressured the makers of Coke and Pepsi to place its trademark on their soda cans – a triumph of brand leverage.
Back in 1881, Lawrence and Lambert probably had no idea about the scope (sorry about that) of commercial possibilities for Listerine. But they managed to strike a deal that benefited both of them and, ultimately, the public. Remember, Listerine is not only “non-poisonous,” but according to other ad copy from 1948, “even the strong odor of fish yields to it.” Somebody please ship a case to Norway.
“Risk management is about people and processes and not about models and technology.”— Trevor Levine
Have you ever shopped for something dangerous? Back in the 1950s, my mother wanted to buy a pressure cooker to make dinner faster (and use cheaper cuts of meat). That wasn’t an easy decision, because the early models had a reputation for occasionally exploding (there was no Consumer Product Safety Commission then). My father, a self-taught steam engineer, was skeptical that a kitchen appliance could safely contain double the normal atmospheric pressure. But Mom did her homework, researching what the problems were (usually a single pressure valve prone to clogging) and finding cookers with redundant pressure relief systems. It worked for years, and no one went to the hospital.
Companies shopping to buy other companies, or to acquire a license to their technology, also entertain risk. That’s because in the process of interviewing potential targets they can become exposed to highly valuable trade secrets. If any particular transaction doesn’t go forward, but the shopper implements similar technology, the disappointed seller may file a lawsuit claiming misappropriation.
Potential acquirors have ways to protect themselves, including sometimes insisting on contracts that deny a confidential relationship, or that allow them to “retain in unaided memory” any information they learn from the transaction. But most of the time these transactions are based on a traditional nondisclosure agreement, in which the prospective purchaser or licensee agrees to use the target’s confidential information only for the purpose of assessing the potential deal. This can put the recipient company in a very awkward position, unsure of its ability to effectively compete if the deal goes off the rails.
One way that acquisitive companies have tried to reduce this risk is through the use of “clean teams.” The term was adopted from a closely related situation of potential mergers between established competitors, where antitrust regulations prohibit pre-acquisition coordination (something called “gun jumping,” which to me sounds even more dangerous than pressure cookers). This led to the hiring of consulting firms to receive confidential business information from both sides and assess it independently, reporting to each side only “cleansed,” generic observations about the wisdom of the deal.
Clean Teams operated in “Clean Rooms,” a term itself borrowed from the semiconductor industry, where you have to put on a bunny suit to enter the highly purified environment of a manufacturing facility. The common idea here is to prevent any sort of unwanted exposure or contamination. For the traditional “clean team,” their formal independence and professionalism seemed to satisfy the regulators, while allowing informed advice to the participants.
This idea also can work when trying to maintain control of trade secrets. A prospective purchaser can arrange for an independent, trusted third party to have access to the target’s technology and business plans, reporting out only their conclusions about potential value of the deal. In theory at least this can substantially reduce the risk of disputes if the transaction is abandoned.
But not all “clean teams” are made up of external actors. Frequently companies decide to populate them with some of their own staff, either because inserting a consulting firm in the process would be too unwieldy or expensive, or because they want advice that is informed with a full understanding of the potential fit of the target or its technology. The decision to form the group in whole or in part from in-house resources is often influenced by those who want to be a part of the process.
Many of these potential acquisitions or “licensing in” of technology are driven by an unresolved question: should we develop this ourselves or get it from outside? Those within the organization who are inclined to acquire might be part of the sales function, which puts a premium on getting the functionality out to the market quickly. In opposition might be those in R&D or engineering who believe they can do this as well or better themselves. In an effort to respond to these “make vs. buy” tensions, or just to get more granular feedback on the value of the transaction, management will sometimes include insiders in the group who are exposed to the target’s confidential information.
This due diligence team formed with insiders can, in the abstract, be a “clean team,” in the sense that they can be effectively walled off from others doing internal development. In practice, however, they may find it difficult to respect the barriers established to prevent data contamination. Curious colleagues ask probing questions about the target. The risk becomes more apparent and acute when one considers that misappropriation of trade secrets does not require copying or other direct use, but can result from any knowledge that substantially influences the development of a product or process.
And it gets worse, because when the company launches its competitive product, and the jilted target brings a claim, the defense requires proving a negative: despite appearances, our internal work was not at all affected by the exposure of one or two engineers to the other company’s secrets. As many courts have pointed out, misappropriation is almost always proved by circumstantial evidence, and participation in due diligence, followed soon after by marketing of a similar product, can be a bad look.
The operational consequences can be serious. In one case, a potential acquiror gave its outside patent counsel a copy of the target’s confidential patent application, which the lawyer used to inform his own filing, resulting in a $116 million jury verdict. In another case, the diligence team was secretly working on the possible acquisition of a competitor of the target, so the court prohibited that transaction from going forward. In a third case, the potential buyer claimed independent development of its product by a third company, but it turned out that the developer had been visited by a member of the diligence team.
Preventing these kinds of disasters is not terribly complicated. First, it pays not to think of any internal team as reliably “clean,” even if they have the best of intentions. Second, the confidentiality agreement with the target can be negotiated in ways that reduce risk, such as including recitals that the acquiror is actively engaged in competitive development, limiting the scope of protectable information, or terminating restrictions after a period of time. Third, if a true “clean team” is not sufficient and some level of contamination has to be accepted, the company can effectively insulate itself by outsourcing an independent reverse engineering project based on a high level, functional specification. See my earlier post “The Art of Reverse Engineering,” here.
Thoughtful, multilayered efforts are most effective at reducing risks of otherwise dangerous activity. Take my Mom, for example. Even though she found a cooker with a separate release mechanism, she always took the time to thoroughly clean the primary pressure valve. Creating robust structures is important, but process implementation is critical.
“It is impossible to unsign a contract, so do all your thinking before you sign.”Warren Buffet
You may remember 2014 as the year when we all discovered a plague of noncompete agreements threatening our economy. No? Let me help you.
In June that year, the New York Times published an expose of sorts relating the story of a 19-year-old summer camp counselor who couldn’t get hired by a certain camp because the year before she signed a contract with another camp that blocked her from working for any nearby competitor. Noncompete contracts, the article suggested, had previously been reserved for high level corporate executives, and suddenly (and “increasingly”) they were being foisted on rank and file employees engaged in event planning, investment management, and even yoga instruction. A follow-on piece in the Times confirmed the emerging crisis by revealing that the Jimmy John’s fast food chain had forced noncompete clauses on all its sandwich makers (acknowledging, however, that there was no evidence that the company had ever tried to enforce the contracts).
The inspiration for this concern may have come from a then-recent book published by Orly Lobel, a California law professor, called Talent Wants to be Free. She argued not only the unsurprising point suggested by the title, but also that it was actually in the interest of businesses to release departing employees from all restrictions, because in some organic way that would redound to the companies’ benefit. Unfortunately, as I reported in a review at the time, this hypothesis was unsupported by any serious evidence.
Nevertheless, the anecdotes about preventing low-level employees from competing caught the attention of other journalists and academics, as well as politicians. Some of those stories were compelling, especially when the employee had no idea that a noncompete would be required until they showed up the first day on the job. A movement to reform the law began to grow. Massachusetts, which for years had resisted tamping down on noncompete agreements, radically amended its law to prohibit them for lower salaried employees, and to require notice to the employee at least 14 days in advance of starting work. Other states have joined in. According to the leading blog on employee contracts, just through the first six months of this year there were 66 bills filed in 25 states.
The federal government has also entered the ring. On July 9, President Biden issued an executive order designed to increase competition in the national economy. Among many other directives to government agencies, he commanded the Federal Trade Commission to examine what action it might take to rein in the negative effects of employee noncompete agreements (a responsive letter crafted by Russell Beck and signed by dozens of practitioners, including myself, has urged caution on the issue).
Why doesn’t everyone see this as a form of social crisis? After all, it looks like a new example of corporate overreach in an economy that has already discounted almost to irrelevance the dignity of work. But in fact, businesses have been using noncompete agreements for more than a century, subject to strict limitations imposed by state law. California, North Dakota and Oklahoma have long refused to enforce them at all. And in the rest of the country, they are enforced only when a judge agrees that they are reasonable in time, subject matter and geography.
There’s no doubt that restricting an employee’s ability to leave and compete can impose serious costs on the individual. And although studies show that it’s impossible to measure any loss of innovative capacity or output, it’s probably safe to assume that some situations prevent competition that might benefit the community. But that doesn’t necessarily mean that the competition would be fair.
In the digital economy, more and more employees have to be trusted with sensitive information in order for the enterprise to succeed in an increasingly competitive environment. To maintain that success a company has to be able to protect its information assets from flowing out the door to the competition. In the U.S. we enjoy robust laws, at both the state and federal level, that are designed to reduce that risk by providing remedies for trade secret misappropriation.
But companies often don’t – and can’t – know when a former employee is using what they know to benefit their new employer. Surveys show that a large percentage of employees, perhaps a majority, are so unsure of their secrecy obligations that they are willing to use sensitive information at the next job. And even if the left-behind company suspects foul play, trade secret litigation can be messy, unpredictable and expensive. It’s certainly not the most efficient way to resolve misunderstandings. So, from the company’s point of view, simply preventing the risk for a limited time with a noncompete clause can seem very attractive. This is especially true for smaller companies whose trade secrets consist of information about customers, in other words the sort of goodwill built up over time that sustains the business.
For the employee, of course the constraints of a noncompete will feel like a blunt weapon, prohibiting not only trade secret theft but also preventing fair competition. And it’s entirely legitimate for a community – say, a state like California – to decide that the obvious individual costs and the possible detriment to the collective economy are not worth preserving the private interests of individual employers. Indeed, some have pointed to the astonishing success of Silicon Valley as proof that the broad social benefits of “knowledge spillovers” from free movement of labor vastly outweigh the private losses from those spillovers.
Unfortunately, the empirical evidence so far doesn’t permit a firm conclusion on that larger point. But it’s clear enough that noncompete agreements have been abused to some extent. States – and perhaps the federal government – will likely continue to press for reforms, especially for categories of employees who are not practically in a position to cause a company damage when they leave.
In the meantime, what’s a business to do? First, you should consider whether noncompete agreements are right for the culture of your company. Do you really need them to protect yourself? What might be the cost in decreased trust and increased resentment among a workforce that expects to enjoy career flexibility? Consider imposing these restrictions only on those senior employees who have access to your most sensitive information. Be prepared to consider relaxing or eliminating constraints in special situations where taking a bit of calculated risk might help establish or improve an important relationship.
Second, whatever you decide to do about noncompete agreements, don’t depend on them as the primary way to protect your trade secrets. Be sure that you have established a comprehensive information security program, including continuous training and robust enforcement. The most reliable way to reduce the risk that you might lose control of your secrets is through active management, not passive dependence on post-employment restrictions.
Third, if you do use noncompete agreements, watch out for changes in state laws that might affect you. If any meaningful reforms emerge from the federal government, you will certainly hear about them. In any event, pay attention and be ready to adjust so that you comply with any new standards.
Outrage over imposition of restrictive contracts on teenage camp counselors or sandwich makers is understandable, but it can lead to careless thinking. Not all employee restraints are unreasonable. We expect that the workplace should provide not only a job but also the opportunity for learning and advancement. In the information economy, that often leads to greater exposure to secrets. And preserving those secrets sustains competitive advantage and creates more jobs.