Last Thursday the Senate Judiciary Committee favorably voted out the Defend Trade Secrets Act (“DTSA”), which would amend the Economic Espionage Act (“EEA”) to give trade secret plaintiffs the option of filing civil claims for misappropriation directly in federal court. The vote reflected broad bipartisan support (there are now 27 cosponsors in the Senate) and followed a substantive hearing on December 2 at which I had the privilege to testify. Since that time a number of senators engaged in discussions about how to improve the legislation. The result was a series of amendments, all of which have been adopted. Because the bill is likely to proceed quickly at this point, it would be useful to describe what has changed and what those changes could mean for practitioners and companies.
The notable amendments generally fall into four categories: (1) harmonizing with existing standards under the Uniform Trade Secrets Act (“UTSA”); (2) tightening up the process for preventive seizure of secrets; (3) ensuring that injunctions do not unreasonably restrain employee mobility; and (4) providing an exception for whistleblowers who disclose confidential information in order to report a crime to the authorities. The first three of these are laid out in a “Substitute” for S.1890, and the fourth is described in a separate amendment proposed by Senators Patrick Leahy and Chuck Grassley.
Bringing the DTSA in closer alignment with familiar provisions of the UTSA, the amendments have slightly changed the definition of a trade secret. The EEA had previously required that qualifying information not be known or readily ascertainable to “the public,” while the UTSA had used the phrase “persons who can obtain economic value from its disclosure or use.” While it was never clear whether this difference would actually matter when applied in litigation, the UTSA formulation has now been adopted, so that the two laws are congruent. (Some still point to the different list of examples of protectable information in the UTSA and EEA definitions, but this has never been shown to make any difference in the broad meaning of the common basic term “information.”)
The amendments have also changed the term of the statute of limitations from five years to three. Although a number of states have designated longer periods (from four to six years), this brings the DTSA into line with the UTSA as it was originally proposed. In the same vein, the enhanced damages provision, which had allowed a punitive assessment up to three times the compensatory award, has been adjusted to match the provisions of the UTSA at twice the amount of compensatory damages.
SEIZURE PROVISIONS
The ex parte seizure provisions have been substantially tightened, providing more assurance that this remedy will not be abused. First, the bill now expressly refers to seizure as available only in “extraordinary circumstances.” Second, an ambiguity identified by Senator Whitehouse at the December hearing has been resolved by clarifying that the target of the seizure must be in “actual” possession of the trade secret and property to be seized. Third, access to the seized material is more limited: only federal law enforcement can perform the seizure, with assistance as necessary from state authorities and an independent technical expert, but the applicant is barred. And following the seizure, the court may have the material sorted by a special master who, like the technical expert, must be under confidentiality restrictions. Fourth, in issuing its order the court must direct when the seizure may be carried out, and whether force may be used to access locked areas. Finally, in a new section the bill requires the Federal Judicial Center to develop “best practices” for seizure and handling of electronically stored information.
MOVING ON FROM “INEVITABLE DISCLOSURE”
One of the most interesting and potentially impactful provisions of the amendments concerns the preservation of employee mobility. Recognizing the critical importance of preventive relief to a right that can be so easily destroyed, the UTSA has always permitted injunctions against “threatened misappropriation,” and the same language is used in the DTSA. But because the DTSA would establish a national standard, some expressed fears that the “inevitable disclosure doctrine,” which has been expressly rejected in some states, might be used by federal judges to block an employee from taking a new job. The draft bill had tried to address this concern with a proviso that no injunction could “prevent a person from accepting an offer of employment under conditions that avoid actual or threatened misappropriation,” but this did not quiet the controversy.
To understand the nature of the dispute we need to wind back the clock to 1995, when the Seventh Circuit issued its decision in Pepsico v. Redmond, 54 F.3d 1262 (7th Cir. 1995), affirming a five-month injunction against a former marketing executive who had lied about his plans to take an identical position with another company that was about to launch a directly competitive product. Although the court had emphasized the executive’s bad behavior, it also summarized that “defendant’s new employment will inevitably lead him to rely on the plaintiff’s trade secrets.” Commentators promptly wrenched this phrase from its context and warned that Pepsico could be used to justify enjoining someone from taking a job just because of what he or she knew. This is how the so-called “inevitable disclosure doctrine” was born.
Having (mis)construed Pepsico this way, it was easy for some to make it a target, raising the alarm that “inevitable disclosure” was the equivalent of a post-hoc judicially-imposed non-compete agreement. Perhaps unsurprisingly, the backlash was particularly strong in California, where employees are protected by a robust public policy against restrictive covenants. In Whyte v. Schlage Lock, 101 Cal. App. 4th (2002), an intermediate appellate court issued a blistering condemnation of the doctrine and flatly declared it unacceptable under California law. It did this in response to the plaintiff’s argument that the doctrine should be available as an “alternative” to proving “threatened misappropriation.” Just what kind of evidence might be enough to establish a threat under the UTSA was not addressed. However, that question was answered several years later in another appellate decision, Central Valley General Hospital v. Smith, 162 Cal. App. 4th 501 (2008). The court said that evidence of bad behavior, like a prior misappropriation, an intention to misappropriate, or a refusal to return confidential material, would be enough to supply the inference.
In the meantime, however, the ideological battle lines had been drawn, and the forces mustering against inevitable disclosure, reinforced by many academic and popular articles, were determined to stamp it out if possible, or at least to protect their own jurisdiction from infection. The fervor of the debate apparently distracted everyone from critically examining what “inevitable disclosure” meant, or how it was actually being applied in places that didn’t have a reflexive opposition to it. It turns out that the doctrine was almost never used as the opponents assumed, that is where the only threat indicator was how much the employee knew. In fact, in those cases judges typically explained their denials by reminding the plaintiff that if all this information had been so critically important they could have demanded that the employee sign a non-compete agreement.
Following last December’s hearing, and in the wake of continuing concerns over the relevant DTSA language, I reached out to my friend Mark Lemley, professor at Stanford Law School. Mark and I had worked together before on issues relating to California’s “high velocity” labor market, and after some discussion about what appeared to be this false conflict over the inevitable disclosure doctrine, we suggested to Senate staff that the issue could better be reframed around the kind and quality of evidence that should be required – under the UTSA or the DTSA – to prove “threatened misappropriation,” and that the inquiry should focus on the employee’s behavior, not merely on how much they knew.
Ultimately, Senator Dianne Feinstein proposed the relevant portion of the DTSA amendments, which now allows an order against threatened misappropriation, provided that it not “prevent a person from entering into an employment relationship, and that conditions placed on such employment shall be based on evidence of threatened misappropriation and not merely on the information the person knows.” (In a belt-and-suspenders approach, the DTSA also includes a directly related amendment proposed by Senator John Cornyn that the order may not “otherwise conflict with an applicable State law prohibiting restraints on the practice of a lawful profession, trade, or business.”)
The new language on threatened misappropriation has at least two very positive effects. First, it makes express the apparent consensus from the courts that “threatened” misappropriation may not be established merely by the importance of the information that someone knows. This makes sense not only as a matter of public policy but also of evidence law. Second, it relieves us from the energy-draining debate over “inevitable disclosure,” which was pretty much a straw man that people loved to punch. Courts will not have to consider whether a jurisdiction accepts or rejects this abstract “doctrine,” but instead will ask: what is the actual evidence from which we should conclude that this person (or their new employer) can’t be trusted to honor the integrity of the plaintiff’s trade secrets? Outcomes in particular cases should not be substantially different.
WHISTLEBLOWER PROTECTION
A second major amendment was offered separately by Senators Leahy and Grassley, addressing a new, and in my opinion long neglected, question: how do we assure that employees and contractors who come upon evidence of illegal activity, but who are constrained by nondisclosure agreements from communicating those facts, can safely speak to their lawyers and to law enforcement officials? One might think that this question would already have been reliably answered by now, but it hasn’t been. In a wide-ranging and thoughtful on the subject, Tailoring a Public Policy Exception to Trade Secret Protection, Professor Peter Menell of the UC Berkeley School of Law explores not only the sparse, murky, and sometimes contradictory legal authority, but also the psychology of whistleblowing and the importance of a clear “safe harbor” for those who are thinking of reporting wrongdoing. As he notes, “[t]he same routine non-disclosure agreements that are essential to safeguarding trade secrets can be and are used to chill those in the best position to reveal illegal activity.” As a practical matter, employees and contractors face a stark dilemma, where the upside is a clear conscience (and possibly a reward for uncovering fraud) but the downside can involve painful and relentless retaliation as well as personal, financial, legal, and professional risk. Insulating the whistleblower from costly trade secret exposure serves larger societal interests in law enforcement, tax compliance, and surfacing and deterring securities fraud and fraud against the government.
Yet because of the difficulty of enforcing trade secrets once they leak, companies risk potentially significant losses if employees or contractors mistakenly disclose legitimate trade secrets—i.e., those that do not reveal illegal conduct. Peter’s article provided a balanced and effective solution to this dilemma that protects whistleblowers without jeopardizing disclosure of legitimate trade secrets. The proposed safe harbor insulates whistleblowers and their counsel from trade secret liability for disclosing trade secret information in confidence to government officials or as part of a lawsuit alleging retaliation by an employer provided that the information is filed under seal. (The federal Trade Secrets Act, 18 U.S.C. § 1905, generally prohibits governmental employees from disclosing trade secrets.) The proposed statutory exception to trade secret liability provides clear assurance to potential whistleblowers that they do not violate their NDAs merely by consulting legal counsel regarding reporting allegedly illegal conduct to a responsible government official through a confidential channel. In addition, this safe harbor insulates lawyers advising potential whistleblowers about their options and serving as conduits for presenting evidence of allegedly illegal conduct to the government. The efficacy of the safe harbor is enhanced by requiring that NDAs prominently include notice of the law reporting safe harbor to ensure that those with knowledge of illegal conduct are aware of this important public policy limitation on NDAs and exercise due care with trade secrets in reporting such activity. A
fter Peter’s article appeared just as the DTSA was gaining momentum in the fall, the Senate staff reached out to him to help craft appropriate language. The Leahy/Grassley amendment provides immunity under federal or state law against any claim for violation of an individual’s nondisclosure obligations for disclosure, made in confidence, to (a) an attorney or government official, for the purpose of reporting or investigating a violation of law, or (b) a filing made under seal in a lawsuit “or other proceeding.” In order to ensure that employees (a term that also includes contractors) know about their rights, employers are required to give an appropriate notice in the nondisclosure agreement (as is often done now with state inventor statutes), although this can be a reference to the company’s separate policy document. A failure to comply with the notice provision would block any award of attorneys’ fees or enhanced damages against an employee under the DTSA. Significantly – and this point was emphasized by Senator Feinstein at the hearing on January 28 – the whistleblower protection would not extend to any otherwise improper acts by the employee, such as hacking information in violation of the Computer Fraud and Abuse Act.
CONCLUSION
The DTSA in its current form is a strong bill, meeting its original objective of giving plaintiffs access to federal courts, which are better equipped to handle cases of interstate or international misappropriation of trade secrets. In my opinion, all reasonable objections have been adequately addressed, and there are sufficient protections built in against abuse. Moreover, passage of this bill would substantially improve the environment for both plaintiffs and defendants, by making trade secret litigation more predictable, establishing a national standard for issues like “threatened misappropriation,” and striking the right balance of interests to promote responsible efforts by whistleblowers to report possible violations of law.
Last month Caterpillar was hit with a $74 million jury verdict for trade secret misappropriation in the Eastern District of Illinois. The case was filed by Miller, a UK vendor that supplied Caterpillar with "couplers," a product that allowed quick changes of tools on excavators. After Caterpillar told Miller that it was switching to use a coupler of its own design, Miller sued, claiming that Caterpillar used Miller's confidential information in the development of the product, in violation of their "Supply Agreement."
And it's that agreement that marks the most immediate lesson to be drawn from this case: confidentiality obligations lurk in many contracts that are not called "Nondisclosure Agreement." When we're working on protecting our clients from unwanted information contamination, or just trying to keep track of confidentiality obligations so they can be managed, too often we limit the conversation to NDAs as such. And while those contracts certainly need our attention, we have to remember that similar obligations often are buried in other documents.
So our first task as counsel is to make sure that managers are sensitive to the real issue: obligating the company to keep information secret comes with a very heavy set of risks. It may be helpful to think of this custodial information like a virus, which when properly contained and managed will not cause harm, but which if mishandled can quickly spread through the organization, morphing as it goes in ways that make it hard to recognize, much less extract.
With management having the right understanding of the risk environment, it then becomes a matter of setting up procedures to mitigate the risk by limiting exposure and ensuring that all confidentiality obligations are closely tracked. In practical terms, this usually means creating special protocols as part of contract management, with legal review of the specific undertakings in all agreements. That review should also produce specific advice to the relevant managers about how to avoid misuse of data and how to close down the project properly when it's concluded.
If you have strategic responsibility for intellectual property, then you may already feel the ground shifting beneath you. Patents have held sway during our professional lifetimes not only as a marker of innovation, but as the main way in which companies protect and exploit their competitive advantage. Not any more. Like an old style of dress, trade secrets are coming back into fashion and turning heads...
Trade secret theft has been a federal crime since 1996, covered by the Economic Espionage Act (“EEA”). But civil misappropriation claims remain limited to state court filings under common law or local variants of the Uniform Trade Secrets Act (“UTSA”). Calls for federal jurisdiction have grown with the increasing importance of information as a business asset and with the emergence of technology that makes theft of these assets almost infinitely easier. Recent examples involving international actors have galvanized the business community to request a straightforward solution: amend the EEA to provide a federal option for private claims.
Several bills were introduced in the 113th Congress to accomplish this, and to authorize provisional remedies for seizure of relevant property to prevent secret technology from being transferred out of the jurisdiction. The 2014 legislation was not acted on before Congress adjourned. A revised version is pending now, the Defend Trade Secrets Act of 2015 (“DTSA”), reflected in identical House (H.R.3326) and Senate (S.1890) bills.
The approach of the DTSA is fairly simple: use existing language of the EEA where appropriate, such as the definition of a trade secret, and where other language is required to define the civil aspects, such as misappropriation and damages, use language taken from the UTSA. Indeed, the only meaningful departure from the UTSA is to add a section allowing ex parte seizures of the misappropriated property. But even that portion draws from established provisions of the Lanham Act, tightened up considerably from the 2014 bills in order to discourage abuse.
The DTSA has received virtually unanimous support from industry, and also enjoys unusually bipartisan political sponsorship, with 65 cosponsors in the House (45 Republican and 20 Democrat) and ten in the Senate (six Republican and four Democrat). The only organized opposition has come from a group of law professors who published an “open letter” in 2014 criticizing the previous draft legislation, and who have recently released another letter describing their concerns. Mainly, they argue that we don’t need federal legislation because state laws are uniform enough; that the seizure provisions are too broad; and that the DTSA would limit labor mobility by approving the so-called “inevitable disclosure doctrine.”
As I will explain below, on each of these points the professors are wrong, misled by incorrect assumptions or unjustified speculation. Indeed, in a recent journal article two of them have predicted that the legislation would unleash a never-seen-before class of commercial predator, the “trade secret troll,” who they claim would “roam free in a confused and unsettled environment, threatening or initiating lawsuits for the sole purpose of exacting settlement payments, just like patent trolls.”
This apocalyptic scenario is not only fanciful; it is absurd. While patents are exclusive rights that operate against the world, trade secrets provide no exclusivity and depend on a confidential relationship. The image of a “trade secret troll” may help draw attention to a political argument, but it is a myth, and deserves no serious consideration.
The reality of this legislation is simple and compelling. Giving trade secret owners the option to sue in federal court would fill a critical gap in effective enforcement of private rights against cross-border misappropriation that in the digital age has become too stealthy and quick to be dealt with predictably in state courts. The bills would accomplish this by effecting only very modest changes, relying heavily on existing laws and rules. The seizure provisions in particular are so narrowly drawn that only the most clearly aggrieved plaintiffs would risk invoking the procedure. Having no pre-emptive effect, the federal law would leave in place all relevant state laws and policies, including those relating to mobility of labor.
U.S. trade secret law emerged in the nineteenth century to accommodate the shift from agrarian and cottage production to larger-scale industry, in which the secrets of production would have to be shared with workers or with business partners. Court decisions sought to enforce the confidence placed in those who were given access to valuable information about machines, recipes and processes. At the core of every case was a confidential relationship. Protecting this trust, the courts explained, was a simple matter of enforcing morality in the marketplace.
The common law origins of trade secrets – in contrast to the federal patent statute – meant that the majority of cases were heard in state court. Even when a federal court took diversity or supplemental jurisdiction over a trade secret dispute, it applied the law of the state in which it sat. And at first there was little variation, with most states looking to the Restatement of Torts § 757 as a guide. But as industrial development continued through the middle of the twentieth century, legal foundations shifted, and the reporters of the Second Restatement dropped the subject completely.
Meanwhile, a school of thought had developed among commentators that trade secret law should be abolished altogether because it was inconsistent with, and therefore preempted by, federal patent law. This argument was famously rejected by the U.S. Supreme Court in Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470 (1974). Two important public interests, the Court explained, were served by trade secret law: the “maintenance of standards of commercial ethics and the encouragement of invention.” Without guaranteed secrecy, businesses would be left to expensive self-help security measures that would disadvantage smaller competitors and discourage dissemination of information through sharing. And as a practical matter, there was no conflict between the two systems because they operate so differently: patent law is strong, providing an exclusive right “against the world;” while trade secret rights are “far weaker,” because they do not protect against reverse engineering or independent development.
With the Second Restatement’s decision not to treat the issue, some were concerned that trade secret law would become too fractured and inconsistent for companies which had been increasingly doing business across state lines. Therefore, in 1979 the National Conference of Commissioners on Uniform State Laws issued the first of two versions of the UTSA, proposing harmonized rules on establishing and enforcing trade secret rights. Measured by adoption rates, the UTSA has been a great success, with 47 of the 50 states so far embracing it (New York is the leading holdout). However, measured by its objective of uniformity, the law has been a disappointment. Unlike the UCC, the UTSA has frequently been enacted with customized features.
A few examples will help illustrate the scope of the problem. California dropped the language requiring that a trade secret be not “readily ascertainable,” with the result that the defendant is required to specially plead that circumstance as an affirmative defense. Illinois also eliminated the “readily ascertainable” language, and it prohibits royalty injunction orders, sets a different limitations period and allows permanent injunctions. Idaho requires that computer programs carry a “copyright or other proprietary or confidential marking” to qualify for protection. Georgia limits protection of customer lists to physical embodiments, in effect allowing employees to appropriate such information in (human) memory. South Carolina’s version of the UTSA requires a court hearing an injunction request to consider “average rate of business growth” in determining a head start period, and prescribes very particular rules for discovery of trade secret information, even for local discovery in aid of an action pending in another jurisdiction.
When Congress considered the EEA in 1996, there was some discussion of adding a civil right of action, but this was deemed impractical in view of the need for swift legislative action. In the years since its enactment, the EEA has had a mixed record of success. As reported by one veteran prosecutor, the average of about eight prosecutions per year is a “languid pace” that probably has done little to create a deterrent effect. In part this may be due to a reluctance of victims to bring cases to the prosecutor, either because of a loss of control or Fifth Amendment effects on civil claims, or it may be due to a lack of resources or interest within the various offices of the U.S. Attorneys, who have discretion whether to accept qualifying cases.
Calls for a federal trade secret law with a private right of action had already begun before the EEA was passed. After it became law, a number of scholars noted the anomaly and suggested that, because the national economy had become primarily knowledge-based, and because even with the UTSA state law was far from uniform, a federal civil law should be enacted. More recent commentary, while continuing to emphasize the drawbacks of variations in state law, also has pointed out the economic advantages of federalization, particularly for small businesses, which rely more heavily on secrecy than on patenting, as well as the procedural advantages for trade secret owners, including national service of process.
The highly-publicized cyberattacks of recent years have exposed not only the precarious security of personal financial and health information, but also the vulnerability of American corporate secrets. Thirty years ago information security consisted mainly of guarding the photocopier and watching who went in and out the front door. Now, with the Internet connected to millions of smartphones, and with electronic storage devices the size of a coin, information assets (which account for over 80% of the value of U.S. public companies) can be moved quickly and silently across state and international borders. In that context, existing procedures at the state level seem impossibly quaint. If a case in Illinois requires testimony of a witness in California, the plaintiff has to petition its home court to authorize a deposition, and then file an action in California based on the Illinois order, to secure the required subpoena. During the weeks or months of this process, the witness could easily have left the country, with the secrets in her pocket.
In other words, the time-critical nature of interstate and international misappropriation of valuable digitized data requires an immediate and sophisticated response mechanism, and neither state law nor the EEA criminal framework provides a satisfactory solution. Federal courts, however, can provide the necessary resource. First, they will be operating under a single, national standard for trade secret misappropriation and a transparent set of procedural rules, offering predictability and ease of use. Second, they will provide nationwide service of process and a unified approach to discovery, enabling quick action by trade secret owners even when confronted with actors in multiple jurisdictions. Third, as a result of their extensive experience with complex cross-border litigation involving intellectual property, they will be able to resolve ex parte matters fairly and jurisdictional issues quickly and efficiently. Fourth, their generally more predictable discovery procedures will serve the legitimate needs of trade secret plaintiffs, who typically must develop most of the facts to prove their case through defendants and third parties.
In this context, the objections raised by the law professors are not convincing. First, it is not fair to describe existing state law as “coherent,” “robust and uniform,” so that U.S. businesses already enjoy “a high level of predictability.” The rhetoric does not obscure the reality of a patchwork of differing standards and rules – in some ways more divergent than before enactment of the UTSA – that necessarily creates friction and inefficiency for companies with interstate operations.
Second, while admitting that the current language on ex parte seizure is “more limited in scope” than the 2014 legislation (for example, only property “necessary to prevent the propagation or dissemination of the trade secret” can be seized), the professors think this tightening is not enough and that the provision “may still result in significant harm.” No evidence is provided, but only speculation that mere invocation of the procedure might cause small businesses to “capitulate,” and that the “chilling effect on innovation and job growth . . . could be profound.” Again, the reality could hardly be more different. The DTSA is loaded with limitations making seizure very difficult to achieve, and with liabilities making it prohibitively expensive to be wrong in asking for it. In the unusual case where the plaintiff has no substantial basis for the claim, the defendant will simply file an opposition, the seizure will be dissolved, and the plaintiff will pay for the harm. Surely the benefits of the DTSA are worth that occasional risk.
Third, the professors assert that new language, added to the DTSA to ensure that mobility of labor is respected, embraces the so-called “inevitable disclosure doctrine,” which they view as the equivalent of a judge-made noncompetition agreement. In fact, that “doctrine” is nothing more than a method of analysis under the common-sense UTSA provision allowing injunctions against “threatened misappropriation.” This method has been applied thoughtfully in a majority of jurisdictions, resulting in a wide range of conditional remedies, and has only rarely been applied in a way that stops anyone from taking a new job.
The DTSA is sorely needed to fill a gap in remedies available to U.S. businesses that now operate in an information-based, globalized economy. This is one of those instances where federal structures are required to address a critical set of interstate and international problems. The DTSA has been carefully constructed to deter and punish abuse. Using well-established definitions and norms, it provides a choice to file a familiar claim in an effective forum. And there is absolutely no danger that enacting this statute will generate some new form of “troll” behavior to this point unknown in trade secret law.
We’ve become used to news reports of companies and government agencies being breached by anonymous foreign hackers. But most people were shocked to learn that employees of the St. Louis Cardinals baseball team allegedly compromised the secret database of the Houston Astros, gaining access to scouting reports, player assessments and game strategies. With industrial espionage affecting “America’s Pastime,” we have to pay attention! As it turns out, there are some good takeaways here for everyone that has to supervise employees in the modern enterprise.
First, this story is a great example of how much value there is in information itself. Research proves what we suspect from looking at today’s businesses; increasingly they rely on “intangible” assets like data analytics for their competitive advantage. The most common form of protection for those assets isn’t traditional intellectual property like patents or copyrights, but trade secrets. The main reason is because the law is incredibly broad, protecting not just famous formulas like Coca-Cola’s, but any secret information that you wouldn’t want the competition to know, including strategic plans, customer preferences and unannounced products.
Second, this increasingly crucial business asset has never been more vulnerable or exposed to more threats. In part, this is because of the Internet and other technologies like smartphones and USB thumb drives that make it easier to take data where it’s not supposed to go. In part, it’s also about global competition, which leads many companies to partner with outsiders on the development of new products, increasing the risk of exposure. But one thing that hasn’t changed with the arrival of these new challenges: the single greatest threat to information security has always been, and remains, the company employee.
That’s not to say that workers are being recruited as industrial spies. Deliberate espionage — despite the headlines — is relatively uncommon within private companies. But carelessness isn’t, and that is the way that most proprietary information is lost. This is why the supervisor plays such a key role in protecting today’s most important corporate property. Good management can make all the difference. Here are some suggestions for specific steps that you can take to improve your own performance in this critical area.
If you’re going to help the company protect its sensitive data, you have to be familiar with what it is and why it’s valuable. Of course, focus on what your own department deals with, but also learn what’s important in other parts of the enterprise. Leaks don’t always happen locally inside an organization. Also, keep in mind that it’s the company’s secrets that have to be protected, not the skills and general information that employees need to do their job. If you teach someone how to be a more efficient programmer or analyst or salesperson, they are entitled to put that knowledge in their personal “tool kit” and take it with them to their next job. In managing their work, you should show that you know the difference; it will help them to respect what belongs to the company.
Managing trade secrets is just ordinary risk management applied to a specific subject. To help prevent loss, you need to know what the threats are. In some industries that are mainly customer-facing, you may have concerns about the sort of cyberhacking that has hit Target, Home Depot, Anthem and JP Morgan. The same kind of external threat looms for companies that perform a lot of research in new technologies or therapies; in fact, even the results of failed experiments can be useful to a competitor, to save them time and risk in pursuing their own development. Most businesses meet these external risks with sophisticated software tools for detecting and reacting to IT system breaches. (Even with the best tools, however, you still need good management of the people that operate them and act on their output.) But no matter how much damage might be done by outside entities, a lot more can be caused by those working for the organization. This is the “insider threat” that security experts agree is the most common source of information loss. In plain terms, this means that we all make mistakes from time to time, but carelessness when handling secret data can have catastrophic consequences. That’s because trade secrets are like a gas in a container: once you open the lid and it gets out, you can’t put it back. So while with external threats you can (and often must) rely on breach detection as much as breach prevention, where human behavior is concerned, prevention is paramount. Operationally, this means that your impact on corporate security can be measured by how well you supervise the people in your area, to keep them aware and informed.
Some people have speculated that the Cardinals/Astros hack happened because a former Cardinals executive who joined the Astros set up the same passwords to get system access at the new job as he had used at the old one. Most of us can identify with the inconvenience of having to remember a lot of passwords, but we also know that changing your passwords frequently is just smart practice. This is only one example of the many IT-related practices that, when followed regularly, can dramatically reduce risks. But since those practices are implemented (or not) by the people who work for you, it’s up to you to make sure that they are doing their best.
The same idea — that people management matters most — requires that you pay special attention to how you follow up on the security training that staff receive. Time and again, training is shown to be the most cost-effective way to prevent data loss, because it raises awareness and reduces careless behavior. But that works only if you reinforce the messages that workers have received by periodically measuring their compliance and understanding and finding ways to weave information security into your feedback sessions and performance reviews. And on a daily basis, set the example on compliance with company information policies, for example, by counseling with staff who leave sensitive information open in their work area. Your active demonstration that you care about these policies can do more than any refresher seminar.
It’s not just the loss of the company’s own secrets that keeps executives awake at night; it’s also the risk that its information will become infected with unwanted data from the outside. Many recruits mistakenly believe that they are doing their new employer a favor by keeping records from their previous jobs. So you have to make it clear from the initial interview that the company respects the intellectual property rights of others, and that unauthorized introduction of someone else’s secret information — whether physically or from memory — can result in termination. This especially applies to consultants who often promote their value based on what they know about the competition.
Nondisclosure agreements, or NDAs, are common, but people don’t pay enough attention to managing their obligations. For example, if you have a meeting where some sensitive company information is shared orally, a written confirmation has to be sent within a certain number of days. Keeping records of who gets access to what information will also help you avoid problems. Most importantly, watch out for the requirement to return or destroy shared information at the end of a project, since even keeping it stuffed in a cabinet can get you in trouble.
Once you learn that someone intends to go, the focus of your supervision has to shift. Have they been downloading an unusual amount of documents? Are they meeting with other employees and possibly recruiting for their next employer? If that happens, be prepared for the exit interview, in order to (a) learn where they are going to work and what they will be doing and (b) impress upon them the seriousness of their obligations not to use or disclose any company secrets.
A review of Talent Wants to Be Free: Why We Should Learn to Love Leaks, Raids, and Free Riding, by Prof. Orly Lobel
When I first learned about this book, I was intrigued mostly by the subtitle: not only does talent want to be free (surprise!), but companies that pay the talent should let them go without worrying about protecting their secrets. Now that was a bold and counterintuitive proposal that justified a closer look.
As I’ll explain below, this work fails spectacularly to prove its hypothesis. But so do a lot of books that comment on social issues. Why should the IP community care about this one? In part that’s because of its focus on where creativity most often begins: in the relationship between a company and its employees. But it’s also because the book is beginning to be approvingly cited not just by the popular press, but also by some IP scholars, who may not have read through it with sufficient skepticism.
A very troublesome flaw in Talent Wants to be Free is that the author frequently conflates non-compete agreements with two other very common forms of employee restraints: confidentiality (or nondisclosure) agreements and invention assignments. As most practitioners can readily appreciate, there is a world of difference between the first one and the other two, and they typically are not joined in a single document. Non-competes stop someone from taking a job with a competitor, and their use is restricted in many places and illegal in a few, like California.
Nondisclosure contracts (NDAs), however, are universally seen as appropriate to define the scope of a confidential relationship, and normally cause no problems with later employment. Similarly, assignment agreements provide clarity of expectation for employers and their inventive employees. Both NDAs and assignment agreements generally leave employees free to leave and work wherever they want. But Prof. Lobel regularly mashes together all three types of agreements as “human capital controls” when arguing that they don’t work and that businesses should stop using them.
In this sense, the book misses an opportunity to focus on the distinctive and serious problems of non-compete agreements, which truly can “restrict careers and connections that are born between people.” But it’s not right to put NDAs and assignments in the same box with non-competes. The heavy, somewhat clumsy prohibition against future employment of a non-compete is different not only in its effect on the employee but also in the greater challenge of justifying it.
Confidentiality agreements, in contrast, merely restrain use of special information that the employee gets access to by virtue of a trusted relationship. By enforcing such agreements, the law promotes a basic principle of commercial ethics, and the burden on the employee is relatively light. (It is surprising, by the way, that Prof. Lobel never mentions this ethical mooring of trade secret law, or the U.S. Supreme Court case, Kewanee v. Bicron, 416 U.S. 470 (1974), that explains it.) The same is true for the normal invention assignment, which simply clarifies by contract the idea that creative people who are paid for what they do should leave their specific creations with their employer when they go, while remaining free to keep creating for themselves or others.
The principles involved here are not just academic abstractions. Trade secrets are today the most widely used form of intellectual property, and are critically important to many industries. Consider, for example, a 2009 survey conducted by the National Science Foundation and Census Bureau, which showed that, among companies that engage in substantial research and development activity, secrecy is the leading method of protecting competitive advantage, and for those classified as “R&D intensive” – who account for 67% of U.S. R&D expenditure – secrecy is viewed as the most important form of intellectual property, more than twice the level for invention patents. (The paper is available at nsf.gov/statistics/infbrief/nsf12307/.)
At the same time, a healthy information economy requires easy mobility of knowledge-workers. So in setting policy and enacting laws, a lot rides on whether we get that balance right. And that also means we have to be cautious and discriminating when we examine these competing interests and propose new approaches.
Prof. Lobel supports her case in part by attacking the so-called “inevitable disclosure” doctrine applied by some courts to bar competitive employment by someone who “knows too much” to be trusted to keep secrets. And indeed some of the cases seem to have produced bad outcomes. But by using anecdotes, and describing the facts almost exclusively from the employee’s point of view, she sacrifices objectivity and nuance. When the team captain, with the playbook in his head, wants to join the rival team, there may be a legitimate need for courts to intervene. In the vast majority of these “inevitable disclosure” cases, however, the court denies an injunction, or imposes a limitation like working in another department of the new company for a couple of months. Orders that flatly prevent competitive employment are rare, and even then are usually temporary and require compensation to the employee.
(For a detailed review of all the relevant inevitable disclosure cases, sorting them by their varied facts and outcomes, see my treatise Trade Secrets at §7.02[2][b][ii].)
A similarly one-sided analysis of non-compete agreements detracts from the force of the author’s argument. That’s a shame, because while non-competes deserve healthy criticism, they aren’t completely without justification. Although employers can rely exclusively on NDAs and trade secret law to protect their interests, litigation is messy and unpredictable, and the former employer typically has very little evidence to go on, since the employee planned his departure in secret.
So from the employer’s point of view, the alternative of simply prohibiting competitive employment for a period of time looks pretty attractive. Yes, non-competes are a blunt instrument to provide protection for secrets, and that is why courts are skeptical and why some places like California don’t allow them at all. But this represents a policy choice between competing, rational interests, not a realization of some transcendent truth about the evil of non-competes (which by the way are not, as Prof. Lobel claims they are, a “near universal feature of employment contracts”).
The book also disappoints by relying on anecdotes and examples that turn out to be, well, unreliable. For example, the author cites IBM as a company that “defaults to control,” supporting this claim with a single employee’s description of the company’s “internal communications mail system” that requires “millions” of specially marked envelopes, demonstrating “waste in oversecrecy.” But the quote comes from a Wall Street Journal article published back in 1995. What does IBM do now? I checked, and learned that the envelopes were only used for the most top-secret “restricted” documents – in the hundreds, not millions – and that this practice stopped shortly after Lou Gerstner became president, in 1993. So the 1995 statement turns out to have been both hyperbole and old news when it was first quoted. Over the last 20 years IBM has simplified its confidentiality controls, using electronic systems instead of paper, but without relaxing its focus on information security. And during that same period IBM distinguished itself as one of the nimblest, most successful technology companies in the world. This doesn’t seem to fit with the author’s hypothesis that “control” breeds underperformance.
Her treatment of Apple is similarly problematic. Apple is well known as one of the world’s most secretive enterprises, but (despite certain problems with its Asian suppliers, which have nothing to do with Apple’s secrecy) it also boasts a very satisfied and engaged work force, not to mention the world’s largest market capitalization. Rather than confronting this apparent contradiction with her basic thesis, Prof. Lobel resorts to trivializing Apple’s product release secrecy as a marketing gimmick.
Similarly, Procter & Gamble is singled out as a dinosaur that was obsessively paranoid about security. Here, Prof. Lobel relies on information provided by a journalist who in the 1990s had been in litigation with P&G over her investigative techniques. She is quoted for the assertion that P&G’s “intimidation practices resulted in many talented P&G employees leaving the company to seek work elsewhere.” But where’s the proof that “excessive security” was the cause of P&G’s stock decline in that period? In addition, the author simply assumes that all of this opened the eyes of management, who (we are led to believe) must have relaxed its information security program.
To support this assumption, she points to the well-known success of P&G’s embrace of “open innovation” in sourcing more than half its products from outside the company. This analysis is wrong in at least two ways. First, the kind of “open” innovation employed by P&G (represented by its “Connect+Develop” program) is not free, and in fact can only exist thanks to secrecy laws and internal controls that support collaboration. Second, the introduction of Connect+Develop didn’t happen because P&G’s attention to secrecy was diminished. To assume that it did is just an implausible hypothesis in dire need of evidence.
Finally, Prof. Lobel holds up Syntex Laboratories in Palo Alto as a company that succeeds while allowing free rein to its employees and interns. The most striking aspect of this example is that she uses the present tense to refer to Syntex. A quick check on the Internet shows that the company was acquired in 1994 by Roche, and ceased operations long ago. But the suggestion that a pharmaceutical company may have been relaxed in its attitude about protecting secrets was too tantalizing for me to resist doing some fact checking. It happens that I know the person who was General Counsel and in charge of these issues for Syntex in the 1980s and 1990s. So I got in touch with him, and he confirmed that the company in fact required NDAs and invention assignments from all employees, and took industry-standard steps to keep its research secret. So there’s no story there either.
Beyond her shaky examples, the author also makes serious errors in describing the current state of the law on trade secrets. She attacks the concept of “negative know-how” – that is, the knowledge of what doesn’t work – by claiming that it is “one of the strangest developments in trade secret law.” She supports this with a footnote to an article that says nothing at all about negative know-how. But worse, despite quoting Edison’s famous statement (“I haven’t failed; I’ve just found 10,000 ways that don’t work.”), she fails to acknowledge that this kind of secret is exactly what protects all research and development. And she suggests that there is still a “battle” going on about whether the law should recognize it as protectable. That’s just wrong; the battle, such as it was, over the protection of negative know-how was resolved more than 30 years ago, with the adoption of the Uniform Trade Secrets Act, recognizing “actual or potential” value.
Other references are merely misleading, as where she cites to cases invalidating NDAs under the same scope restrictions as non-competes. But these are exceedingly rare, and the one she refers to, AMP v. Fleishhacker, 823 F.2d 1199 (7th Cir 1987), was decided almost 30 years ago.
But in my view the author’s strangest claim comes when she tries to argue that California’s prohibition against non-competes has paid off by causing fewer trade secret lawsuits to be filed in that state. Specifically, she says, “In practice, the number of trade secret disputes in the [Silicon] Valley has been relatively low in comparison to other competitive regions.” That was a shock to see; from my own experience, I would confidently assume that the opposite is true.
But rather than rely on impressions, I turned to the only published articles that address trade secret litigation statistics: Ameling, et al, A Statistical Analysis of Trade Secret Litigation in Federal Courts, 45 Gonzaga Law Review 291 (2009) and A Statistical Analysis of Trade Secret Litigation in State Courts, 46 Gonzaga Law Review 57 (2010). There, we find that during the years 1995-2009 California ranked number one, with 16% of the country’s state court trade secret filings (Texas came in second with 11%). Although there are no statistics reported separately for Silicon Valley as such, a very close proxy in the federal system is the Northern District of California. That district ranked second in the country for federal court trade secret filings in 2008, the most recent year reported. So California, while refusing to enforce non-competes, actually handles a lot more trade secret litigation than other places that allow them.
It’s no surprise that “talent wants to be free.” Of course it does. The promise of something new comes in the book’s subtitle: “why we should learn to love leaks, raids and free riding.” But unless the “we” refers to the rest of society cheering on the departing employees for contributing to knowledge spillovers (hardly a new idea), Prof. Lobel fails to make her case that the former employer should be happy about this. She tries to get there based on research showing that left-behind firms tend to cite the patents of those who left, and vice versa. But so what? It’s a huge leap from that to conclude that the “sending employers” are better off as a result of the leaving.
Even more speculation is involved in her assertion that “[s]ending companies gain access and possible advantages in future dealings. [Thus,] both sides benefit greatly from the movement.” That can be true in individual cases, but it’s hardly a universal, or even common, condition. And pointing to “alumni embrace” by law firms demonstrates the weakness of her generalization, because these are relationship-based businesses, incomparable to most product-based industries that rely heavily on secrecy. Mostly, the author relies on colorful metaphors like one about jungle vines growing back after being cut, asserting that “[i]n industry, new connections and communications grow to replace the lost employee.” Fine, but what about the lost competitive advantage from stolen secrets? There is just no evidence provided to support the idea that employers should re-think their attachment to proprietary information and “learn to love” leaks and free riding.
The employee-supportive perspective is important to consider, and there are certainly cases where our clients choose to “let it go” rather than fight. But it would be better to provide analysis of those exceptional cases, instead of pointing to them as the option of choice for modern, enlightened enterprises. Things are indeed different these days. But trade secrets are more important now, not less. Talent matters, but sometimes information matters more.
Prof. Lobel’s writing style is captivating, and some of her analysis can be insightful. While in my opinion this book failed to deliver what it promised, I hope that she decides to take on more directly the issues related to non-compete agreements, providing specific advice to employers on how to protect their information assets while intelligently motivating their knowledge-workers. After all, in an age when the term of employment is shrinking and mutual loyalty fading, the connection between the company and its “talent” is becoming more like that between the company and its vendors, customers, and competitors: everything is a collaboration, and all relationships have to be managed carefully for mutual benefit.
What kind of intellectual property (IP) is most often relied on by business to protect competitive advantage? Most people would answer with one of the best known areas of IP: patents, copyright, trademarks or designs. But they would be wrong. The most common form of protection used by business is secrecy.
Why then do trade secrets receive less attention than the other areas of IP? There are several reasons. First, secrecy does not involve a government registration process; it is implemented as a matter of practice by each business. Second, although the general principles of trade secret law - also referred to as the law of undisclosed, or confidential, information - are established in similar ways in most countries, there are few common rules or regulations about enforcement. Third, secrecy disputes are usually secret, so they do not become part of the public debate.
Recently, however, trade secrets have shot to the top of the news, with stories of "cyber-espionage" attacks on companies throughout the world, with spies using fake email messages to get inside corporate networks and trawl for useful information. But trade secret law is also getting a fresh look for more positive reasons, as a framework that can enable collaborative innovation, often involving actors located in many different countries. Whatever the catalyst, governments and industry are clearly interested. Within the last year, major initiatives on secrecy have been launched by the European Commission as well as the US government.
Most simply, a trade secret is information that you do not want the competition to know about. The law generally protects not just secret formulas and designs, but even simple facts, such as the features that might be introduced in the next iPhone, or which country a business intends to go into next.
Secrecy has been a part of trade for thousands of years. For example, secrecy allowed a region of China to profit for centuries from clever harvesting of the silkworm's thread, and it gave a family from Armenia a 400-year lead in producing the best orchestral cymbals.
Trade secrecy is a legal regime that protects relationships of trust. Before the industrial age, innovative craftsmen would keep their "tricks of the trade" closely held through small, family-owned shops. However, as industry moved from the cottage to the factory, there was need for a legal system that would enforce an employee's promise of confidence about a secret process or piece of machinery.
It is important to keep in mind that secrecy is a legitimate tool for businesses of all sizes. Enforcing business secrets has nothing to do with lack of transparency in government. Although it may seem paradoxical, trade secret laws can enable and encourage technology transfer, because they provide a commercially reasonable way to disseminate information. Although some aspects of secrecy laws, such as data exclusivity for drug companies (Art. 39.3 of the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement)), can be controversial, there is general agreement that confidential disclosure is beneficial in a modern economy. Indeed, keeping secrets - often information about customers and their needs and preferences - is the main way that small and medium-sized enterprises (SMEs) protect their business advantage.
It is easier to understand this point if you imagine what it would be like if no one could count on the law to enforce obligations of confidence. Businesses would hire fewer people, since each new employee would expand the risk of information loss. The cost of enforcing physical security - locks, fences, etc. - would increase. Perhaps most important, many licensing transactions and research collaborations would never happen, because there would be nothing to ensure that partners would not run off with the new technology and unfairly compete against its creator. The general approach would be to hoard information, slowing the progress of innovation.
Why do businesses turn most often to secrecy to maintain their advantage? First, it is cheaper than other forms of IP that require registration with a government agency, often with the expense of hiring lawyers or other professionals. In contrast, to establish your trade secret right, all you need to do is be careful with it, spending only what is necessary to keep it from becoming generally known. Usually keeping facilities secure and getting nondisclosure agreements from employees and vendors is enough.
In addition, much more information can be protected through secrecy than is possible with patents, which can only be granted for truly novel technical innovations. Secrecy covers any information that gives you an advantage, even if someone else is already using it; the only limitation is that it not be generally known.
That point reveals the downside of secrecy: there is no guaranteed exclusivity. If someone else discovers your secret without stealing it from you, there's nothing you can do about it, although for most businesses this is not a significant drawback.
Trade secret law, like other forms of IP, is governed by national legal systems. However, international standards for protecting secrets (called "undisclosed information") were established as part of the TRIPS Agreement in 1995. Article 39 of the agreement provides that member states shall protect 1'undisclosed information" against unauthorized use "in a manner contrary to honest commercial practices" (this includes breach of contract, breach of confidence and unfair competition}. The information must not be generally known or readily accessible, must have value because it is secret, and must be the subject of "reasonable steps" to keep it secret. This general formula for trade secret laws has been adopted by well over 100 of the 159 members of the World Trade Organization.
Articles 42 to 49 of the TRIPS Agreement cover enforcement, requiring that civil judicial proceedings be available to enforce all IP rights and that "confidential information" be protected from disclosure. Nevertheless, because national judicial systems, including the methods for granting access to evidence, vary greatly, enforcement of trade secret rights around the world is generally viewed as uneven.
The practical challenges of protecting secrets are more difficult to overcome than the legal ones, however. Paradoxically, the great explosion of innovation that has brought so many benefits to the world has also made it easier for thieves to steal valuable business information. For example, through a process known as "spear-phishing", commercial spies send an email using personal information gleaned from Facebook or other social media, leavÂing the recipient unaware that the message is a hoax. Once the embedded link is clicked, the thief's malicious software, known as "malware", invades the recipient's computer and through it the employer's network. Staying in the computer system for months or sometimes years, this silent invader searches for important confidential files and passwords, and sends all of it back to the hackers who use or sell the information.
Tracing the source of cyber-espionage is notoriously difficult, given the ubiquity and anonymity of the Internet. Estimating damage to businesses is likewise challenging, in part because many enterprises do not know that their systems have been compromised, and also because those who do are often reluctant to report it. Nevertheless, studies show that the problem is growing, and governments around the world are looking for ways to address it.
For businesses, the issue is not just about protecting their own valuable information, but about avoiding being infected by secrets belonging to others. In a global market characterized by easy movement of employees and complex webs of connections among companies' suppliers and customers, it takes special vigilance to avoid contamination by unwanted information. Greater competition also means that businesses have to work continuously on finding ways to exploit their secrets, either through direct commercialization, collaborations or licensing. In the meantime, the sheer volume of potentially valuable data creates its own challenges of inventory and valuation.
For businesses that rely on patent protection, secrecy is a critical part of the innovation process. Because most national patent laws require "absolute novelty", this means that until the day a patent application is filed, the invention must be completely protected from any public disclosure. Where the technology requires refinement through experimentation outside the laboratory, this can be extremely difficult. That is why discussions regarding international patent law harmonization often include the idea of a "grace period" of up to one year before filing, during which time disclosures by an inventor will not disqualify a later patent application.
It is in comparing patents and secrecy that one can most easily see the importance of trade secrets for SMEs. Patents have been key to the success of many businesses, particularly as they reach into global markets where a period of exclusivity is needed to recoup the cost and risk of innovation. That sort of advantage is greatly amplified when using the Patent Cooperation Treaty (PCT}, the international patent filing system administered by WIPO, which gives applicants up to 30 months to refine their plans and find partners and sources of funding. However, patents are not the only tool for protecting technological advantage. Secrecy can do this too, through licensing and various forms of collaboration.
Indeed, it is in the rapidly-expanding realm of international "open innovation" that trade secret laws may be turned to greatest advantage, particularly for smaller firms and individual inventors from developing and least developed countries. These actors often can leverage their special creativity and local knowledge most effectively by collaborating with large, well-established multinational corporations that are looking for fresh ideas. That kind of partnering - the building of "trusted networks" of SMEs and other innovators - is enabled by national trade secret laws that protect the integrity of shared information.
Emerging from a long period of relative obscurity, the subject of trade secrets is currently getting a lot of attention. There is good reason to be concerned about commercial espionage, because like other forms of piracy it disrupts markets and slows progress. But another reason to focus on secrecy is for what it can do to support and amplify the creative work of individuals and SMEs throughout the world, by making it possible to connect with other firms to deliver innovative solutions to the public.