“In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved . . . .”
— 7th Amendment to U.S. Constitution
You always remember your first jury trial. Mine happened almost 50 years ago, and I still vividly recall sitting with the partner to work on the “instructions” that the judge would be giving. He explained to me that the jury would be told what the statutes said (this was a contract case), and they would be responsible for deciding the facts that determined their verdict. As it turned out, we didn’t win, and that was the end of it. Although an appeal was possible, overturning a jury verdict is very hard to do.
And that’s as it should be. Respect for the jury as an institution, coupled with a logical focus on efficiency, long ago – long before we coined the term “crowdsourcing” – led to rules that defer to the wisdom of the jury. If the trial judge made a serious error that likely affected the outcome, a new trial can be ordered. But only rarely do we allow judges to reverse what the jury did and give judgment to the other side. That would require scouring the record, going through all the exhibits and all the testimony, to conclude that there was “a complete absence of evidence supporting the verdict.” Judges are not allowed to substitute their assessment of credibility when they do this, but have to interpret all the evidence in a way that is most favorable to the jury’s decision. Only if they do that, and are still convinced that the facts are so “overwhelming” that no reasonable person could have come out as the jury did, can the trial judge (or an appeals court) reverse the result.
That’s why I was surprised to see the recent opinion in Syntel v. Trizetto, a trade secret case that made its way to the Second Circuit Court of Appeals following a jury trial in New York federal court in October 2020. Syntel, a software developer, had sued Trizetto under a contract for improving software tools used in the healthcare industry. Trizetto filed a counterclaim accusing Syntel of misusing its access to Trizetto secrets to go into competition with it.
Trizetto based its claim on the Defend Trade Secrets Act (DTSA), which since 2016 has allowed trade secret owners to sue in federal court. Before that time, claims for misappropriation mainly happened in state courts under the so-called Uniform Trade Secrets Act (UTSA). I say “so-called” because over the years since the UTSA was proposed as a model, individual states have tinkered with the language so much that Congress decided a federal law was needed to provide consistency. But one aspect of the DTSA and UTSA match perfectly: how damages are calculated.
Because the twin policies behind trade secret law, according to the U.S. Supreme Court, are the “maintenance of standards of commercial ethics and the encouragement of invention,” damage awards tend to be generous to ensure that the victim is fully compensated and that the perpetrator does not retain any benefit from the misappropriation. Specifically, a plaintiff is entitled to recover damages for its “actual loss” and an amount representing the defendant’s “unjust enrichment,” so long as there’s no double counting. For a lot of reasons, it’s often difficult to show actual loss, and so plaintiffs tend to rely more on “disgorgement” of the defendant’s benefit. And usually that benefit is calculated as the defendant’s “avoided costs” from not having to do its own research and experimentation to discover the secret on its own.
Trizetto in fact had evidence of actual loss, in the form of some business that Syntel was able to grab, amounting to $8.5 million. But the calculation of Syntel’s avoided costs, based on what it had cost Trizetto to develop the secret information in the first place, was almost $285 million. That was the number submitted to the jury, and it ruled for Trizetto and also awarded punitive damages because it found that Syntel’s misappropriation was “willful and malicious.” After the trial, Syntel challenged the verdict, but the trial judge, applying the traditional standard favoring jury verdicts, denied Syntel’s motion. (The jury had also awarded damages for copyright infringement, but that was not challenged).
However, on appeal to the Second Circuit, the judgment was vacated. Applying the deferential standard of review, the court began by confirming that Trizetto had proven the existence of legitimate trade secrets, and that Syntel had no right under the contract to use that information in competition with Trizetto. But although it acknowledged that the “amount of recoverable damages is a question of fact,” it switched its analysis to “de novo” (i.e., fresh eyes) review on the “legal question” of whether it was proper “in this specific case” to allow recovery of avoided costs under the DTSA.
You would be excused for thinking that this was a pretty straightforward question. After all, the statute is expressed in the conjunctive: the plaintiff can recover its loss “and” any amount of unjust enrichment that is not already accounted for in the loss calculation. Indeed, at least two other circuit courts, applying identical language from the UTSA, had ruled that way: Epic Systems v. Tata Consultancy (Seventh Circuit) and PPG Industries v. Jiangsu (Third Circuit). Ultimately, the Second Circuit panel said it disagreed with those cases.
Instead, the court adopted a false premise: that the DTSA provision on unjust enrichment is designed to provide compensation to victims “whose injuries are not adequately addressed by lost profits” by making “trade secret holders whole.” There is nothing in the text of the statute or in the history of its enactment that supports that assumption; instead, the obvious goal is simply to make sure that the thief doesn’t get to hold on to any benefit from the wrongful act. This twist of the statutory purpose provided the setup for wandering even further from the statute, to consider the Restatement (Third) of Unfair Competition, a publication of the American Law Institute which purports to describe the common law on a variety of subjects, including trade secrets. It is what lawyers call a “secondary reference,” in contrast to the statute itself, which is primary.
Turning to the Restatement for an understanding of the common law of trade secret damages, the court zeroed in on § 45(2), which suggests that, in addition to the basic approach of awarding the greater of plaintiff’s loss or defendant’s gain, a judge should engage in a “comparative appraisal of all the factors of the case,” including the “degree of certainty” with which the plaintiff has established its damages case, and “the relative adequacy to the plaintiff of other remedies.” We should pause here to emphasize that none of this is part of the UTSA or DTSA, but represents the consensus view of a largely self-selected group of scholars and practitioners about the state of the “common” (i.e., non-statutory) law. But the Second Circuit tried to link it together in passing with a footnote saying only that “these common law principles are consistent with the language and the structure of the DTSA.” Of course, “consistent with” means just that they are not obviously conflicting, not that the common law principles can be inferred from the language of the statute; they can’t be.
Having given itself permission to review the question with zero deference to the verdict, the appellate court engaged in what it viewed as the “comparative appraisal” suggested by the Restatement. It focused its attention on the “adequacy to [Trizetto] of other remedies” and in particular the permanent injunction that the trial judge had entered, prohibiting Syntel from using or disclosing the trade secrets. Such remedies “work as a powerful tonic to reduce the harm a trade secret holder suffers beyond its lost business.” Indeed, if you focused only on avoided costs without the (undefined) “comparative appraisal,” the court said, you risk making “awards that are more punitive than compensatory.” So, let’s pause again briefly to observe that the court has by now conflated two separate statutory damage calculations by linking both of them to harm to the plaintiff; and it seems to have revealed its real underlying concern: that a $245 million damage award seems very excessive (and therefore “punitive”) against someone who’s already been enjoined from further use and in favor of someone who hasn’t actually lost much. (Indeed, the court offered, Trizetto’s software “is worth even more today than it was when the misappropriation occurred.”)
As you may be able to tell by now, this logical legerdemain by the Second Circuit has me pretty disappointed. Even more so because they try to have it both ways, by issuing a broad ruling that avoided cost unjust enrichment damages must somehow be tethered to proof of loss to the plaintiff, and by repeating (seven times by my count) the suggestion that its holding is limited to “the particular facts” of this case. It seems a disservice not only to the litigants, but also to the rest of us who care about this area of the law, to engage in such labyrinthian reasoning to attack an award that one believes is excessive in light of the injunction.
If we think trade secret law on avoided cost damages is too loose as it is written, then we should go back to Congress to make it work better for the industries it is designed to serve, rather than conjure a gloss on the existing statute using a “restatement of the common law.” If we’re going to sharpen the point, we should take the opportunity to clarify and reinforce that harm to the victim is different than benefit to the defendant, and that “avoided cost” is not just about money, but about not having to take the risk that your own development effort will fail entirely. The “value” of a stolen trade secret to the misappropriator is at least in the knowledge that it works.
As an alternative to returning to Congress, perhaps there are ways to honestly interpret the existing law to help provide better guidance to juries. Sitting down to write instructions that cleanly separate issues of law and fact will help us prepare our trials and improve predictability of outcomes. As I learned a long time ago, juries will do the right thing if you give them the right information.
“Think different”
— Apple 1997 ad campaign for the Mac
The story seems to unfold the same way every time, whether the actor is a high-level departing employee or a customer or business partner. When sharing confidential information in a long-term relationship results in the release of a similar product by the recipient, the reaction is a claim of theft, laced with accusations of treachery and betrayal. And the response is equally strong: “no, I did this on my own”; in legal terms, “I engaged in ‘independent development.’”
Strictly speaking, this means that the development of the new product was accomplished “independently” of the information shared in the confidential relationship. As a practical matter, this can be difficult to prove. Once you have been exposed to the secret process or design, or other related information, how do you demonstrate that your work was entirely your own?
This is a particular conundrum for companies that are looking to expand their business through acquisitions, or who respond to inquiries from an innovator interested in some sort of relationship to co-develop a new technology. A recent article in the Wall Street Journal reported on cases where Apple met with startups to look at technology related to the iPhone or Apple Watch, and the legal battles resulting from Apple’s decision to pursue those projects on its own.
One way that a large organization can try to protect itself from these claims is to insert a “residuals clause” into the agreement with the smaller company. Alongside the usual promises of confidentiality and limited use of shared information it inserts a significant exception for information “retained in the unaided” (i.e., human) memory of the individuals who were exposed to it. If that strikes you as a significant carve-out, you’re right. In effect, by entering into an agreement with a residuals clause, you’re granting a license to the other side to use whatever they remember from the transaction.
As a result, the residuals clause is frequently refused, and the process goes forward with a more or less standard NDA in which each side agrees to maintain information in confidence and to use it only to assess the proposed deal. The receiving company may reduce its risk to some extent by declaring in the agreement that it is engaged in its own related research. But even with that sort of disclaimer, there will be exposure to information that makes it a challenge later to demonstrate truly independent development.
An exposure like this doesn’t only happen in the case of potential acquisitions or licenses. Confidential information can be shared in connection with purchase of a commercial product, in which the terms of sale include protection for the seller’s designs. The same might apply to enterprise software, in which the customer is not given access to underlying code, but is exposed to information about how the tool works, usually accompanied by a promise not to reverse engineer it. And of course sensitive information sometimes arrives in the head of an engineer hired from a competitor.
However it occurs, the “information infection” operates more or less automatically to constrain the recipient’s freedom in some way. That constraint can be measured by the risk that there will be some sort of claim, and by the robustness of the evidence that the recipient did not in fact use the information it received in confidence.
The key word here is “use.” To assert a claim of trade secret misappropriation, you don’t have to show copying. The law imposes liability if the later development was influenced, or just accelerated in some way, by access to confidential information. This includes using knowledge of the blind alleys already explored by the originator who invested in research to determine what doesn’t work, or what works less well. These so-called “negative secrets” can be very valuable as a “head start” toward success. Recall that Thomas Edison, in relating his effort to invent a long-lasting filament for the light bulb, said “I haven’t failed; I’ve found 10,000 ways that won’t work.”
In a dispute over breach of confidentiality, the plaintiff always has the “burden of proof,” in the sense that it has to convince the judge or jury that its secrets were misappropriated. But as a practical matter, if the defendant had trusted access and later sold a similar product, all eyes will be on the defendant, who better have a good story to tell.
That story, as we noted at the beginning, is one of “independent development.” But how does the accused convince a (potentially skeptical) audience that there was no breach of trust, that the development was “clean?”
Here, the gold standard is the “clean room” form of reverse engineering, in which you start with publicly available information about a product, or a set of basic specifications for a desired product, and you hand that over to an outside team of developers who have never been exposed to the secret information. Of course, you have to be certain that all the participants are clean, and that the information you give them to start with was not derived from the trade secret. But if you can pull that off, then you should win.
The problem is that a true “clean room” is often impractical for a number of reasons. There may not be enough time, or enough budget. The people with the right skills and experience may not be available when needed. Or the extent of exposure may have been so limited that the risk is viewed as acceptable.
Indeed, assessing the risk is key to most attempts at independent development. The company that is exposed to sensitive data has to recognize that the issue is not clean-cut, but depends on thoughtful risk management, beginning at the point when the relationship is established and the information received. Anticipating the practical burden of proving independent development, the recipient will focus on ways to preserve its options in the event of a claim.
This effort begins with the originating transaction. If the company is entering into a confidential relationship, the contract should be drafted in a way that makes it clear to the other side that if things don’t work out the recipient will be forging ahead on its own. Provisions for specific marking of all confidential information (and prompt written confirmation of verbal disclosures) will help reduce the risk of misunderstanding about what the protected information consists of.
For recruiting exposure, the hiring company should make clear its policy on respecting others’ IP, and should consider establishing protocols to guide the behavior of new recruits and their new colleagues. In exceptional cases, the company may want to provide access to independent counsel to provide the individual with specific, confidential guidance.
All this front-loaded action may not help much without follow-up to ensure that exposure is carefully managed and that good records are kept of how the company has complied with its obligations.
This brings us back to the question of how to structure a development path when there has been some exposure to someone else’s trade secrets. The answer begins with recognizing that it doesn’t necessarily require a hermetically sealed “clean room.” It is possible to create your own product or service “independently” using one or more of the people who had access to sensitive data. For obvious reasons you should limit their participation to what is necessary under the circumstances. But the law only punishes a misuse that is “substantial,” and depending on the context, you may be able to convince a court that any influence from exposure to confidential information was negligible.
The key to success lies in understanding the risk of future litigation and preserving the evidence of your work. This becomes critical as context for a judge or jury to see that your development effort was robust and honest, and that you didn’t cut corners by avoiding the research or experimentation that was already done by others. To show that what you did was “independent” of what you learned from someone else, you should frame your plans accordingly. Begin by thinking different.
It was a hot August afternoon in 1984, and I had just finished testifying to the California Senate committee considering a new law, the Uniform Trade Secrets Act (UTSA). I had been sent to Sacramento to support this legislation, which was supposed to provide a “uniform” standard among the states. But some lawyers from the State Bar were pushing for changes that I thought might cause problems. One of these was to remove the requirement that a trade secret owner prove the information was not “readily ascertainable.”
If you’re still reading, well done! You’ve demonstrated your intellectual curiosity. Please keep going; I promise this will not be a dry, academic rant about something that can’t possibly matter to you. Instead, this is a story about the unintended consequences of casual law-making and the ways that courts can amplify those effects without really understanding what they’re doing.
For 150 years before that day in Sacramento, trade secret law had emerged organically from the opinions of individual judges explaining their decisions. This is what we call the “common law,” and it happened at the state level. As a result, the rules about trade secrets varied quite a bit depending on where you lived. This was inconvenient for companies that operated across state lines. So, in an effort to create a national standard, the UTSA was proposed in 1979.
The flaw in this plan was that the model statute had to be adopted in each individual state, and each legislature was free to fiddle with the language. Quite a few of them did that, and one of them was California. This is what brought me to Sacramento, to try to convince the Senate that there was real value in keeping the statute exactly as it was proposed, to get the benefit of a truly common interstate framework.
Naturally, a key part of the UTSA was to define what could be claimed as a trade secret. It required the owner to prove that the information was not “generally known” or “readily ascertainable by proper means.” In other words, you couldn’t assert a secret if the information was already out in the public domain, or if it could be figured out so quickly that its value from secrecy was trivial. On the other hand, if it would be very difficult or take a long time to “reverse engineer” the information (that is, take it apart or study it to see how it worked), you could assert a right against anyone who had not actually done that reverse engineering in a fair way.
This approach made a lot of sense, and it distilled the rules as they had been developed at common law over the decades. However, the California State Bar representatives opposed the “readily ascertainable” provision. They had seen a decision from an Indiana court applying the new UTSA in that state, where the judge had decided that an insurance company couldn’t protect a customer list because the information could have been easily collected from the individual policyholders. They feared that this interpretation (which as it turned out was not followed by other courts) might be applied in California.
I tried to convince the Senators that the Indiana case was an outlier, and that we needed the original language of the UTSA in order to discourage frivolous trade secret claims. However – and this is where I learned an important lesson about legislatures – the Senators were not interested in this “fine point,” and they proposed that we go upstairs and find a room to discuss coming to an agreement. Less than two hours later we returned with a deal. The plaintiff would not have to prove that the information was “readily ascertainable,” but the issue was preserved as an “affirmative defense,” meaning that a defendant could assert it to avoid liability. I wrote out the compromise language on a tablet (the paper kind that we had back then) and it was adopted as the official comments to the statute:
The phrase “and not being readily ascertainable by proper means by” was included in this section as originally proposed by the National Conference of Commissioners on Uniform State Laws. It was removed from the section in favor of the phrase “the public or to.” This change was made because the original language was viewed as ambiguous in the definition of a trade secret. However, the assertion that a matter is readily ascertainable by proper means remains available as a defense to a claim of misappropriation.
By this time we had lived the adage that “laws are like sausages; it is better not to see them being made.” (The quote is often attributed, unreliably, to Otto von Bismarck). But the story gets more tangled after passage of the UTSA, when the courts got hold of it. While the legislature didn’t seem to care much about the language in the statute, the courts – rather, some of them – really put it through the meat grinder.
At first it seemed there would be no problem implementing the law. The only change we had made was to shift the burden of proof, so that it was the defendant who would have to prove that something was readily ascertainable, instead of the plaintiff having to prove the negative. It never seemed remotely possible that a court would graft on to the statute an additional requirement to prove not only that the information was “ascertainable” but also that the defendant had in fact ascertained it before the dispute arose.
We should pause here and establish two things. First, a point of English morphology: the suffix “-able” implies possibility. Indeed, dictionaries define ascertainable as “possible to find out” or “capable of being determined.” In contrast, there is no dictionary anywhere that defines “ascertainable” as “having been determined.” That would be nonsensical.
Second, a point of law: you can defend a trade secret claim by proving that you discovered the information through proper reverse engineering, but not by arguing that you “could have” reverse engineered. That is because reverse engineering is hard work. But if getting to the “secret” takes only a trivial effort, that is what we call “readily ascertainable,” and the law will not bother with it, even if you took it, because you “could have” quickly discovered it.
In the first California appellate case to address this portion of the UTSA, American Paper & Packaging Prods., Inc. v. Kirgan, the court denied protection for customer information that, while not generally known to the public, was “readily ascertainable” by others familiar with the business, through a process that “was neither sophisticated, difficult, nor particularly time-consuming.” A few years later another case, ABBA Rubber v. Seaquist, reversed a trade secret injunction for procedural reasons, and that should have been the end of it. But the opinion went on to provide “guidance . . . in the event that any further injunctions” might be considered.
Again, we need to pause for a very brief but important lesson in the law. There is a big difference between what a court says that is necessary to its ruling (the “holding”) and other, more or less gratuitous, observations it might make (the “dictum”). The holding is entitled to respect and sometimes deference; while the dictum is not supposed to matter. This is something you learn in the first few weeks of law school.
Well, the ABBA Rubber court went into dictum in a big way, offering its free advice that “whether a fact is ‘readily ascertainable’ is not part of the definition of a trade secret,” but relates only to an “absence of misappropriation.” Therefore, the court concluded, to take advantage of this exception, the defendant would have to prove not just that the information was ascertainable, but that it had actually been ascertained.
The court was basically making this up, but because it was just “dictum” it shouldn’t get any respect from other courts; right? Wrong. The federal courts, beginning with the august Ninth Circuit Court of Appeals in Imax Corp. v. Cinema Technologies, embraced the decision uncritically, ignoring both the earlier American Paper case as well as ABBA Rubber’s fractured logic. And once the mistake took root in Imax, it was repeated in several later (unpublished) opinions from the federal district court in Los Angeles: Medtronic Minimed, Inc. v. Nova Biomedical Corp., Extreme Reach, Inc. v. Spotgenie Partners, LLC, Chartwell Staffing Services v. Atlantic Solutions Group, Inc., and Masimo Corp. v. Apple Inc.
Pausing again for another clarifying point: in the United States we have parallel court systems, state and federal. Federal courts can make judgments about state law, but they are supposed to interpret it by following the rulings of the state’s appellate courts.
Here, the federal courts mostly cited each other, making some really big mistakes along the way. They generally ignored the California Judicial Council form jury instruction which describes the correct application of the “readily ascertainable” defense. They dismissed the American Paper case as having been decided before the UTSA, which was forehead-slapping wrong. And they ignored other California appellate court decisions that were consistent with American Paper, including Morlife, Inc. v. Perry, Syngenta Crop Protection, Inc. v. Helliker, and San Jose Construction, Inc. v. S.B.C.C. In fact, the federal judge in Masimo was so intent on waving away San Jose Construction that he incorrectly (and ironically) characterized its holding as dictum, while embracing the ABBA Rubber progeny borne of dictum.
What are the lessons to be drawn here? First, don’t accept as gospel what might appear as “settled law” in judicial opinions. Instead, if the announced rule seems odd, follow it upstream to its source, looking for the place where the process took a wrong turn. Second, as between state and federal courts, look first to the former for interpretation of state law. And third, studies show that the vast majority of direct personal impact on citizens comes from state legislation, not federal. Maybe we should pay less attention to what happens (or doesn’t) in Congress and focus more on what is going on in our state capitols.
It’s getting pretty rough out there for employers who want to control their employees’ behavior. Think back to March 2020, when the pandemic was just beginning and we took a look at this new phenomenon of widespread remote work. We imagined managers wistfully recalling the Renaissance, when artisans could be imprisoned, or even threatened with death, to make sure they didn’t breach confidence. Well, in modern times at least, companies can use noncompete agreements with departing employees to avoid messy and unpredictable litigation over trade secrets.
Maybe not for long. As we learned last month, the FTC is on the warpath about noncompetes, and it may not be long before the entire country is forced to emulate California and just do without. Whatever happens with the FTC proposal, it’s pretty clear that noncompetes are also under attack by the states, where new laws limit their effectiveness.
So, it’s probably wise to at least prepare ourselves for a world in which noncompete agreements, at least for the rank and file, are forbidden. Welcome to sunny California, where we’ve been living under that regime since 1872, thanks to a statute that prohibits contracts “by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind.” When you can’t prevent staff from jumping to the competition, what does a business have to do to maintain control over its trade secrets?
We’ll get to that, but first let’s console ourselves with the recognition that maybe life without noncompetes wouldn’t be so bad. First, noncompete agreements are not a perfect solution for protecting a company’s confidential information. Where they are allowed, courts often limit coverage to what is “reasonable” in duration, geography and subject matter, to the minimum required to protect the company’s interest. And some courts require the employer to continue to pay salary during the noncompete period, while the former employee prepares plans to open a competing business the day that the restriction expires.
Second, noncompete agreements can introduce resentment and contention into the company’s relationship with its workforce. This can have the perverse effect of increasing risk to confidential information, as employees search for workarounds to evade legal restraints. Third, administering a system in which these agreements have varying effect in individual states or foreign countries can be a nightmare for the HR department. And fourth, too-heavy reliance on noncompetes can lead the company to neglect the important task of managing the confidential relationship (more on that below).
In California, we don’t have to worry about those issues, and some would say that the state has done pretty well, creating the world’s fourth largest economy, largely resulting from innovation produced by Silicon Valley. True, there is general recognition that a lot of valuable information is compromised through the free movement of high-level managers and engineers (the euphemism applied to that loss is “spillover effects”). Still, the general assumption is that the resulting information flows provide a rising tide that lifts all boats. Lest we forget, California also leads the nation in trade secret litigation, which should come as no surprise – take away noncompete agreements and a lawsuit may be your only ultimate tool.
Well, at least we can rely on the old standby of the employee non-disclosure agreement (NDA), or Confidentiality Agreement. Sorry, but I have a bit of bad news on that front. As we know, the FTC has proposed a “functional test” for banning NDAs that are the equivalent of a noncompete because the effect is to block the employee’s ability to find competitive employment. But the FTC didn’t pluck this idea out of thin air, and even if its proposed rule never becomes law, we’re still going to have to deal with the risk that a “garden variety” confidentiality agreement could be struck down, or even made the basis of a claim that the company is engaged in unfair competition.
How can this be? Employee NDAs are built on the noncontroversial assumption that the law already implies an obligation of confidentiality when an employee is entrusted with sensitive information. The contract simply reinforces that notion, providing notice and helping to demonstrate that the company has exercised “reasonable efforts” to protect its trade secrets, a required showing in any lawsuit to enforce its rights.
The problem stems from how companies define the information that employees are required to maintain in confidence after they leave. Naturally, these definitions are a bit broad and vague, because at the outset of the relationship it’s impossible to know exactly what secrets the employee will be exposed to. But some companies (rather, their lawyers) have decided that it’s a good idea to expand the scope of the NDA in ways that actually do have much of the effect of a noncompete. Two cases illustrate the riskiness of this approach.
In the first one, TLS Management v. Rodriguez, the employee worked for a tax planning and consulting firm, leaving to engage in his own tax practice. The employer sued to enforce his NDA, which covered “all information . . . regarding TLS business methods . . . any other information provided to” the employee, and “any other information” he might learn during employment. The only exception was for information disclosed by TLS to the general public. The court struck down the agreement because it extended to the employee’s “general knowledge” and other information that was publicly available.
More recently, a California appellate court, in Brown v. TGS Management, reversed an arbitrator’s decision enforcing an employee NDA that similarly defined “confidential information” to include anything “used or usable in, or originated, developed or acquired for use in, or about or relating to” the employer’s business. The exceptions provided in the contract were so narrow (for example, information previously known to the employee “as evidenced by Employee’s written records”) that the court saw them as proof that the NDA was designed to block legitimate competition.
What should companies do to preserve the utility of confidentiality agreements and avoid their being interpreted as noncompetes? First, look carefully at the definition of covered “Confidential Information” and make sure coverage is directed at information of the company or its customers that deserves the label because it provides some sort of commercial advantage. Second, clarify the definition with exceptions that acknowledge the employee’s control over their own skill and general knowledge. Third, include language that allows a judge, when enforcing the agreement, to adjust its restrictions as necessary to make it reasonable (sometimes called “blue penciling”).
But these mechanics of drafting the NDA are only a part of the effort. While they may be necessary to avoid reclassification as a noncompete, they are not sufficient to establish and maintain control over your trade secrets. Having the new employee sign a restrictive contract is just an initial step in managing the relationship for clarity and understanding about confidentiality.
Whatever is in your contract, you will be entrusting this individual, perhaps over many years, with access to some of your most competitively sensitive information. The contract alone can’t bear the weight of that continuing responsibility when the employee leaves. The perfect NDA will not help you much if by that time you have not communicated well and frequently what that sensitive information is, and how you expect your employees to behave to protect it.
In between the contract at onboarding and the exit interview at departure is where the trust-building happens. Although “Confidential Information” can’t be defined with specificity in the NDA, the company can, through thoughtful training and guidance, help the employee to understand what sort of secrets are most important to the business. That understanding, consistently reinforced, becomes the foundation for a “culture of confidentiality” in which employees who leave are prepared to do what’s right, rather than argue over the wording of their NDA.
We can find surveys showing employees willing to share their employer’s confidential information – but this usually results from misunderstanding and mixed signals, not malicious intent. So, the ultimate solution to reduce risk to a company’s information assets is in nurturing the relationships it forms with those who have access. If you can’t use noncompete agreements, you also can’t file a trade secret misappropriation lawsuit against every departing employee. Your primary protection comes instead from their clear appreciation of the trust that has been placed in them.
“He is led by an invisible hand to promote an end which was no part of his intention.”
— Adam Smith
When Adam Smith spoke about an “invisible hand,” he was talking about a good thing – the way that free markets harness the laws of competition, supply and demand and self-interest to improve the economy. But he also could have been thinking of another law. The law of unintended consequences: that actions of people, and especially of governments, always have unanticipated effects. Sometimes these effects can be perverse, reflecting a profound failure of “second-order thinking” (in other words, thinking ahead about “how could this possibly go wrong?”).
On January 5, 2023 – a day that may go down in IP infamy – we saw two bold actions. First, the “Protecting American IP Act” became law; and second, the Federal Trade Commission (FTC) proposed a new rule that would invalidate noncompete agreements across the United States. But wait, you might say, that actually sounds great! What’s the problem with protecting American IP, and making the rest of the country join California in unleashing talent to go where it likes? Well, don’t be too hasty. Stay with me on this, and you will see just how shortsighted our government can be.
First, let’s look at the legislation. The generic name is S.1294, and it requires the President to impose sanctions on foreign entities or persons involved in “significant” theft of U.S.-owned trade secrets, as well as others who support them. The new law calls for the President to report to Congress in July (and annually thereafter) identifying “foreign persons” who have “knowingly engaged in, or benefited from, significant theft” of trade secrets, if the activity is “likely to result in . . . a significant threat to the national security, foreign policy, or economic health” of the U.S. The report must also name foreign persons who provide “significant” financial or technical support to, or act on behalf of, the direct offender, including an entity’s CEO and board members. We are given no definition of what the oft-repeated word “significant” means, although possibilities range from “non-trivial” to “considerable” to “large.”
Having identified all these foreign actors and supporters, the President is required – unless he files a written waiver justified by the national interest – to impose “5 or more” from a list of sanctions, including (1) blocking property transactions, (2) placing on the “entity list,” (3) denying financial assistance or access, (4) disqualification from selling goods or services to the U.S., and (5) banning U.S. sources of investment. Individuals can be denied visas or have their existing visas revoked. Notably, there is no avenue for appeal to any court for relief from the President’s determination.
If this law sounds vaguely familiar, then congratulations, you’ve been paying attention! In June 2021, we published an article about the rush to “decouple” the United States from China. It included several examples of pending bills at the federal and state level that I mocked for their obvious ineffectiveness. One of them was an earlier version of S.1294. Back then, I thought it was silly to think that legislation requiring the President to choose “5 or more” sanctions, like picking dishes from a menu, could actually become law. How naïve I was!
One thing hasn’t changed, however; it should be apparent that this statute won’t really deter trade secret theft. We already have a law, the Economic Espionage Act, that provides up to 15 years in federal prison and $10 million in fines (plus restitution). Trade sanctions don’t amount to much if you’re ready to risk going to jail.
But hold on, you might say—even if S.1292 is ineffective, at least it can’t do any harm, right? Well, that’s where the law of unintended consequences comes into play. I will pause here for a brief digression into how that law has come to be known as the “cobra effect.” During colonial times, the British governor of Delhi was concerned about an infestation of cobras. So he offered a generous bounty on cobra skins, assuming this would reduce their numbers. Instead, people saw a business opportunity and started breeding thousands of the snakes just to kill them and cash in. Horrified, the governor rescinded the bounty, and so guess what? All those breeding farms released their stock, which slithered into the city.
Here, the statute makes no exception for “foreign” entities that are actually subsidiaries of U.S. companies, so we may end up with sanctions applied to U.S. assets. But the bigger worry is that this law, which provides no incremental benefit, becomes inspiration for copycat legislation in other countries. We would hardly be in a position to complain about China arresting U.S. executives (or impounding data belonging to their companies) based only on a government “finding” made without due process.
Okay, let’s hope that remains just a scary risk that never comes to pass. Now we will turn to the other unwelcome news from Washington, the FTC’s new proposed rule that would ban noncompete agreements. Noncompetes are also something we’ve examined before, when the White House asked the FTC to perform a study, following public outrage over contracts being foisted on summer camp counselors and sandwich makers.
Here’s the background: noncompete agreements are (mostly) not allowed in California, while almost all other states permit them under a strict “reasonableness” filter that limits their time, subject matter and geographic coverage. Businesses like them because it’s hard to know when secrets are being used by a departed employee, and trade secret litigation is expensive and unpredictable, for both sides. To address the worst abuses, individual states have considered specific fixes. According to Russell Beck’s scorecard, 11 states have enacted laws that prohibit noncompetes for low-wage employees, and many other states are currently considering similar legislation.
The FTC rule would immediately wipe out all that state-level activity, based on its conclusion that all noncompetes are “unfair,” and that outlawing them would, according to economists, result in higher wages. The FTC justifies much of its logic and confidence on California’s experience; but the causal connection between that state’s restriction of noncompetes and the success of Silicon Valley has never been proven. One thing we are sure of: California leads the nation in trade secret litigation. That should come as no surprise, since its businesses have no other tool to protect their confidential information. It’s fair to question whether a surge in lawsuits in the rest of the country would be acceptable, or whether that outcome was even considered at the FTC.
But the FTC rule does not just copy California. It seems to go out of its way to introduce more uncertainty, burden and risk for industry. For example, consider that California permits noncompetes for someone who sells their interest in a business. This is sensible, because no one would buy a business if they couldn’t be assured that the seller would not open a shop down the street. But the FTC would only allow this “goodwill” exception for a “substantial” owner, which it defines as holding at least 25% of the company. Think about that. Any business with more than four equal shareholders would be unable to guarantee the buyer protection for goodwill, even if everyone agreed that it was necessary. What would that do to the potential liquidity of businesses, not just on Wall Street, but also on Main Street? Did anyone try to add up how many deals would never get done, or the reduced price for sellers not allowed to protect the sale with a noncompete?
And there’s more. The term “noncompete clause” is defined by the FTC to include any nondisclosure agreement that “is written so broadly that it effectively precludes the worker from working in the same field.” Employee nondisclosure agreements are widely used across most industries because they make it possible to share confidential information and trust that it won’t leave in the heads of departing staff. And because no one knows at the outset exactly what that shared information will be, the agreements must be drafted broadly. How many of them will be challenged as “de facto” noncompete contracts? The uncertainty and cost – including years of litigation – that this would impose is impossible to calculate, but it would be – ahem – “significant.”
Well, at least there will be a transition, right? Wrong! In fact, the FTC’s rule would not only take effect on day one, but it would be retroactive, requiring employers to give “individualized” written notice that the contract clauses have been “rescinded.” And the notice has to go not just to current “workers” (a term that includes independent contractors), but all past workers at their last address.
The ability of the United States to remain competitive in global markets requires that it enable and encourage innovation. Businesses today rely largely on information assets, but to commercialize those assets, companies have to provide confidential access to hundreds or thousands of employees with the assurance of a robust set of laws to protect trade secrets. For decades, the United States has been promoting that framework to the rest of the world. Now, the federal government seems blind to the ultimate consequences of what seems to some people like a great idea. Watch out for the snakes.
The thing to remember about trade secret law is that it comes from the courts. Even with the Uniform Trade Secrets Act ("UTSA") and the Defend Trade Secrets Act ("DTSA"), judges continue to sculpt this category of intellectual property. And it's critical that they get it right, because for hyperconnected, data-driven businesses, secrecy is the primary method of protecting their most valuable and vulnerable assets.
That's what makes it so hard today to imagine how, fifty years ago, we came close to losing it all. I still remember the day when, in my first full year of practice, I noticed one of the senior partners hunched over his desk reading from the advance sheets. Because it was unusual for this partner to be reading cases at all, I asked him what had captured his attention. "Trade secrets," he said. "The Supreme Court says they're okay."
The case was Kewanee Oil Co. v. Bicron Corp., and indeed the Court held that state law on trade secrets survived a preemption challenge based on federal patent law. Viewed from today's perspective, the outcome may seem evident, the challenge even a bit absurd. But the decision wasn't unanimous; Justices Douglas and Brennan dissented, observing that the patent system hinged on encouraging disclosure and that secrecy's "conflict with the patent laws is obvious."
This article's focus is on the past fifty years, the era of what we might call "modern trade secret law." But before we examine the exciting developments of the current period, it's important to understand how we managed to get to that day in 1974 when a whole body of law was on the line, and we could not be sure how it would turn out.
Trade secret jurisprudence, originally conceived in the common law of torts as a way to enforce confidential relationships, now has a sharper focus directed at the property interest of businesses in the data that forms the major portion of their asset base. In the process, trade secrets have taken their place of respect alongside the “registered rights” of patents, copyrights, trademarks and designs. But just because we now enjoy statutory guidance through the Uniform Trade Secrets Act (“UTSA”), enacted with some variations in every state but New York, and national uniformity in federal courts through the Defend Trade Secrets Act of 2016 (“DTSA”), the law continues to evolve much as it did a century ago—that is, through the opinions of judges deciding individual cases on their facts.
What follows is a selection of those decisions from the past year which, in my estimation, provide guideposts regarding important aspects of trade secret law and practice.
First, however, we should consider the recent efforts of The Sedona Conference Working Group 12 on Trade Secrets, a volunteer think tank of over 200 judges, attorneys and other professionals, who have produced a series of commentaries representing consensus views on various subjects. Because courts routinely cite to the Sedona Commentaries as authoritative, they represent a valuable resource for counsel. You can access the commentaries here. .
This is where every case begins. The information has to be a secret, meaning you can’t find it through public sources like the internet. The legal expression of this simple idea requires that the information not be generally known or “readily ascertainable” – that is, easy to discover – through “proper means.” In Masimo Corp. v. True Wearables, Inc., 2022 U.S. App. LEXIS 1923 at *12 (Jan. 24, 2022) (non-precedential), the Federal Circuit rejected in concept the argument that any publication of the claimed secret necessarily would destroy secrecy, regardless of the circumstances. Elaborating in dictum, the court explained that “the fact that the trade secret has been revealed in some publication somewhere does not necessarily compel a finding that the information cannot maintain its status as a trade secret for a party in an entirely different field from the one to which the publication was addressed.”
A particular species of trade secret consists of a “combination” of various bits of information, each of which might not separately be secret but which taken together form a unique whole. A simple example would be the recipe for a unique dish composed of certain amounts of commonly available foods and spices. However, it may be possible to deconstruct the combination and establish that its parts are so obvious and common that it cannot plausibly be claimed as a secret. This was the result for a bread recipe in Bimbo Bakeries USA, Inc. v. Sycamore, 39 F.4th 1250, 1259-64 (10th Cir. 2022) (analysis of “the individual elements of [plaintiff’s] compilation” showed that no reasonable jury could find it not generally known or readily ascertainable).
Closely related to the concept of secrecy is the requirement that the trade secret owner exercise “reasonable efforts under the circumstances” to protect the information that it claims as a trade secret. In effect, courts will not step in to help if the owner has failed to help itself with security measures that match the business risk. Under the old Restatement (First) of Torts definition of a trade secret, reasonable efforts was only one of six factors for a court to consider in deciding whether information should be treated as a trade secret. But both the UTSA and the DTSA specify it as a required element, along with secrecy and value. Even so, the early tendency of courts was to apply a rather forgiving standard, and seldom to dismiss a case on that basis. That inclination seems to have disappeared, with courts taking a more skeptical view of the measures claimed by plaintiffs as enhancing the security of their confidential information, which often consist of little more than a list of standard techniques used to protect the company’s IT systems. A good example of the more recent judicial attitude is the Second Circuit’s opinion in Turret Labs USA, Inc. v. CargoSprint, LLC, 2022 U.S. App. LEXIS 6070 at *7 (2nd Cir. March 9, 2022) (unpublished), affirming a trial court’s grant of summary judgment at 2021 U.S. Dist. LEXIS 27838 at *16 (E.D.N.Y. February 12, 2021). Turret had developed a software program for use only by freight forwarders operating at airports, but licensed the product to airlines, in this case Lufthansa. CargoSprint was alleged to have obtained access through Lufthansa by falsely presenting itself as a freight forwarder, acquiring secret algorithms and other information it used to create a competing product. Turret alleged that Lufthansa had “protocols” in place to ensure proper access, but it did not recite what provisions of its license required the airline to apply them. It also alleged various network security measures such as servers in locked and monitored cages, with data in transit secured by encryption. But Turret had given full authority to Lufthansa to control access, without requiring it to do so. That basic surrender of control to a third party, the court explained, rendered irrelevant all of the technical measures that had been applied to secure its IT system.
To similar effect, see Altman Stage Lighting, Inc. v. Smith, 2022 U.S. Dist. LEXIS 22699 at *12-13 (S.D.N.Y. Feb. 8, 2022), where the plaintiff alleged in its complaint that it had told its engineers working on the relevant project that they were not to discuss it with anyone else. Noting that the pleading was “silent as to any security measures or confidentiality agreements,” the court dismissed the DTSA claim.
One of the unique aspects of trade secret law, in comparison to other forms of intellectual property, is that the boundaries of the right are not specified in a government-issued grant. As a result, a preliminary – and usually consequential – question in every trade secret case is: what exactly is the trade secret information that’s being claimed? Usually, companies have not made an inventory of their information assets, and even if they have, the specific data involved in any given dispute is unlikely to have been described with precision before litigation begins. As a result, identification of the subject matter – and when and how to do it – has become a frequent early battleground in trade secret litigation.
Of course, the publicly-filed complaint should not have to describe the secret information, because that would destroy the right that the action tries to protect. But merely reciting “vague and broad categories that do not allow [the accused party] to determine what the boundaries of the secrets are” is insufficient to withstand a motion to dismiss. Dong Phuong Bakery, Inc. v. Gemini Soc’y, LLC, 2022 U.S. Dist. LEXIS 54958 at *17-18 (E.D. La. Mar. 28, 2022) (secrets defined as “comprehensive strategies for new and emerging markets, . . . roadmaps to focus sales and marketing efforts . . . and other confidential business information.” That said, individual judges may differ on what is ”vague and broad.” Compare Bureau Veritas Commodities & Trade, Inc. v. Cotecna Insp. SA, 2022 U.S. Dist. LEXIS 57408, at *14-18 (S.D. Tex. Mar. 29, 2022), where a complaint alleging misappropriation of “business plans” and “customer lists” was found sufficient to withstand motions to dismiss and for a more definite statement.
Because those who misappropriate trade secrets would like to keep their actions, well, secret, it’s often difficult to find direct evidence of theft, and plaintiffs must prove their case with circumstantial evidence. However, there is a real (if indeterminate) difference between permissible inference and impermissible speculation, and so it is important to marshal as much convincing circumstantial proof as possible. Sometimes the sheer audacity of a competitor’s recruiting efforts will be enough to justify the claim. That was true in Suzhou Angela Online Game Tech. Co. v. Snail Games USA Inc., 2022 U.S. Dist. LEXIS 20164 at *24 (C.D. Cal. Jan. 31, 2022), where 60 employees hired by defendant in one year came from the plaintiff.
Where the plaintiff’s alleged secret consists of a “combination” of elements which may exist individually in the public domain (see the Bimbo Bakeries reference earlier), the defendant might assume that misappropriation requires implementation of the entire combination as it was created by the plaintiff; but that would be wrong. As with other types of secret information, the question is whether the defendant has “used” it even indirectly, which can be reflected in evidence of an accelerated development program. See Caudill Seed & Warehouse Co. v. Jarrow Formulas, Inc., 2022 U.S. App. LEXIS 31246 at *27-28 (6th Cir. Nov. 10, 2022), where a key researcher left to join a competitor with a collection of thousands of published papers which he had curated for many years as the basis of the plaintiff’s formulation. The defendant relied on differences with its own product, but the court explained that misappropriation of a combination secret does not require that the defendant’s product be identical. Otherwise, “a trade-secret thief could misappropriate a research process, design a competing product in far less time than it would have otherwise taken, and avoid liability because it did not debut the same product as its victim-competitor.”
Finally, where a plaintiff asserts misappropriation by a departing employee, it has to provide proof of real misbehavior, not just fear of “inevitable” misuse. In CAE Integrated, LLC. v. Moov Techs., Inc., 44 F.4th 257, 262-263 (5th Cir. 2022), the employee discarded any customer lists before arriving at his new job. The plaintiff pressed for an injunction, arguing that he still knew all the relevant information. Denying the injunction, the judge cited the relevant provision of the DTSA, 18 U.S.C. § 1836(b)(3)(A)(i)(I)), which prohibits injunctions against an individual unless based on actual behavior that indicates a threat of misappropriation.
Assuming trade secret misappropriation has occurred or is threatened, the question becomes what to do about it. In many cases, the urgency of avoiding continuing damage leads the plaintiff to request a preliminary injunction. But because that remedy is “extraordinary,” the requirements can be difficult to meet. Chief among these is specificity. As noted above, trade secret cases present a particular challenge as compared to other forms of intellectual property like patents, where the boundaries of the right are to a great extent defined by the terms of a government grant. When it comes to fashioning a pretrial remedy for which a violation is punishable by contempt, it’s understandable that the courts will insist on clarity and precision of the order.
Nevertheless, the Court of Appeals of Texas in Dey v. Seilevel Partners, LP, 2022 Tex.App. LEXIS 1911 at *17-19 (7th Dist. March 23, 2022) approved a preliminary injunction that broadly prohibited use of the plaintiff’s “confidential or proprietary information,” because the language was taken “almost verbatim from the language in the temporary restraining order to which Dey agreed.” Defense counsel should take note that early efforts to appease the plaintiff by stipulating to a TRO may come back to bite in this way. It may be wise to include in any agreed temporary orders a suitable proviso preserving objections to the terms of any subsequent order.
As for damages, a couple of cases this year serve to remind us that causation is an inherent element of any damage analysis, and that while judges may allow circumstantial proof of misappropriation that skirts the edge of speculation, and while the amount of damage may be established in the face of uncertainty, the same flexibility may not be available when it comes to plaintiff’s proof that it has in fact been harmed. For example, in Geometwatch Corp. v. Behunin, 38 F.4th 1183, 1205 (10th Cir. 2022), the court affirmed summary judgment on a claim that the defendant’s misappropriation led to a collapse of a planned venture to commercialize a satellite-based weather sensor system. It emphasized the plaintiff’s failure to present actual evidence, as opposed to speculation, that the venture was abandoned due to the alleged misappropriation.
One damage theory that almost always deserves early attention is the royalty measure, in which the defendant’s unjust enrichment is established by what it would have been willing to pay, in a hypothetical negotiation, for honest access to the secret information. In Airfacts, Inc. v. Amezaga, 30 F.4th 359, 367-368 (4th Cir. 2022), the court of appeals reversed a ruling by the trial court that plaintiff could not recover royalty damages because there was no proof that the defendant had ultimately “used” the trade secrets in commerce. Emphasizing the UTSA’s authorization of royalty damages “[i]n lieu of damages measured by any other methods . . . for a misappropriator’s unauthorized disclosure or use of a trade secret,” the court concluded that it was not possible to “condition such awards on a defendant putting a trade secret to commercial use.”
For a similar perspective, we should consider PPG Indus. v. Jiangsu Tie Mao Glass Co., 47 F.4th 156, 162 (3d Cir. 2022), where the defendant had engaged in an obviously deliberate theft, but argued that it didn’t benefit from it because it never actually manufactured a relevant product. Nevertheless, the court explained, the secrets had been “used” to avoid extensive research and development, enabling immediate preparations for manufacture; therefore it was appropriate to use evidence of the plaintiff’s cost to develop the information as a proxy for the benefit that the defendant derived from the misappropriation, even if it was unable to carry out its plan.
Last year saw a highly impactful decision on the CFAA from the U.S. Supreme Court in Van Buren v. United States, 141 S.Ct. 1648 (2021), settling a conflict among the circuits and holding that an “authorized” user of a computer system does not violate the statute when he uses that authorized access for an improper purpose. This year the Ninth Circuit has provided another level of assurance about the CFAA, dealing with the scraping of data from a publicly accessible website. In hiQ Labs, Inc. v. LinkedIn Corp., 2022 U.S. App. LEXIS 10349 at *30-36 (9th Cir. Apr. 18, 2022), the court considered whether LinkedIn, whose business model requires open access to its website, could nevertheless effectively block hiQ from scraping data by serving it with a letter stating that it was not authorized to do so. Affirming an injunction based on a claim of tortious interference, the court explained that the CFAA could not apply to preempt hiQ’s claim, because when the “default is free access without authorization, in ordinary parlance one would characterize selective denial of access as a ban, not as a lack of ‘authorization.’” Id. at *32.
We talk more about patents, but it is our secrets that we should be worried about. Control of confidential information has been key to business success for centuries. Long before patents were − so to speak – invented in Venice in the 15th century, China had a lock on the production of silk, which at the time was more valuable than gold. The Industrial Revolution brought a focus on the factory, guarding formulas and processes for transforming raw materials into commercial goods. But it has been the Information Age, in which data is the raw material, that has made us fully appreciate the critical importance of trade secrets. Indeed, while companies have always gathered data about how to improve their business, these days data collection and analysis are forming the core of their business models – think Amazon and its algorithmic understanding of your buying habits.
According to a 2021 report from the National Science Foundation, businesses view trade secrets as more valuable than patents, by a significant margin. Across enterprises of all sizes and industries, 23% consider trade secrets as important, while utility patents lag far behind at 8%. You might say that is because the sample includes businesses that have no real interest in intellectual property. But when you sharpen the focus on companies that engage in R&D, the preference for secrecy remains, with 76% seeing trade secrets as very or somewhat important, and just over 50% assessing patents that way.
This does not mean that patents are fading away – there is nothing quite as powerful as the ability to exclude others from using your invention. But over the last 15 years in the United States, we have experienced an erosion of patent enforcement through court decisions, along with a lift for trade secrets from the America Invents Act. That statute effectively removed the requirement that an inventor reveal the ‘best mode’ of an invention, allowing implementation details to be retained as a trade secret without risking the invalidation of the patent. The law also expanded prior user rights to all areas of technology, making it safer for a company to choose secrecy for technology that might later be patented by someone else. These developments have helped shine a light on trade secrets – not necessarily as an alternative, but certainly as a more robust companion to patent protection.
Although we now recognize these information assets as extremely valuable, how to manage them is not so obvious. Many people inside and outside a company must have access to these assets, usually through electronic systems for storage and communication that are inherently insecure. Therefore, if you are faced with this challenge, a lot of your effort will be spent simply on not losing control of what you have. But equally, sensible management requires that you realize the potential of your data to enhance enterprise value, by ensuring that managers focus on putting it to work in the business.
Fine, you might say, but how do I do that? I am comfortably familiar with the registered rights, I know what they are, I can count them, and there are accepted ways to value them and to sell the ones I do not need. In contrast, managing information sounds like tying string around a cloud. Where do I start?
First, some good news: the legal requirement for establishing a trade secret aligns very well with achieving the corporate purpose of protecting and exploiting it. The basic law expressed in Article 39 of the TRIPs Agreement requires only "reasonable steps" to maintain secrecy of information that provides some commercial advantage. National laws reflect this fundamental policy to protect information so long as the business has taken reasonable measures to keep it confidential. But what does 'reasonable' mean? One recognized implication is that perfection is not required, otherwise any act of misappropriation would prove that you had failed to do enough. The law accepts that you cannot anticipate every kind of mistake or misbehavior by those whom you have trusted with access.
In effect, the law expects what the company's board expects: that management will exercise ordinary prudence under the circumstances to protect assets of the business. That means that you identify and analyze the risks and make a thoughtful determination about how to eliminate or reduce them. In other words, the framework for proper handling of trade secrets is nothing more than an application of classical risk management. One useful example of this sort of risk-based approach can be found in the Cybersecurity Framework published by the National Institute of Standards and Technology. Although originally directed at protection of critical infrastructure such as the financial system and energy grids, the institute's framework has been used as a general information security guide by businesses of all sizes in a variety of sectors.
“There must be 50 ways to leave your lover."
— Paul Simon
It was February 2017 when Waymo, Google’s self-driving car unit, sued Uber in what would become the biggest trade secret case of the century. Waymo alleged that its former manager, Anthony Levandowski, had organized a competing company while still at Waymo, and before leaving had downloaded 14,000 confidential documents. As it turned out, Uber had known about this when it agreed to pay $680 million for Levandowski’s brand new startup; and we’ve already looked at how the hubris of that hasty transaction provides lessons for hiring in new markets driven by emerging technology.
But what about Waymo, the left-behind company? Is there anything to be learned from how it handled the matter? To be sure, it scored points for putting on a convincing case in court. After just a few days of trial, to the disappointment of hundreds of journalists, the dispute was settled, with Uber paying $245 million in stock. Levandowski was forced into bankruptcy and found criminally liable, saved from a jail term only by President Trump’s pardon. It certainly seemed as though Waymo had “won.” But would it have been even more successful if it had avoided the dispute entirely?
Waymo’s complaint, which you can find here, implies that it was in the dark about what Levandowski was up to when he left, despite the fact that while still employed he had downloaded all those documents describing its proprietary sensor technology. Over a month later (in late January 2016), after having established his deal with Uber, Levandowski resigned. In May, his new company, Otto Trucking, emerged from “stealth mode” and by August had been acquired by Uber. In the meantime, several other Waymo employees had left to join him, and on their way out of Waymo had also downloaded a few proprietary documents.
It wasn’t until December, almost a year after Levandowski’s massive collection, that Waymo claimed to have evidence that Otto/Uber was using its secret technology. This came in the form of an email from an Otto vendor attaching a circuit diagram, sent by mistake to Waymo instead of Otto. This drawing, according to the complaint, bore a “striking resemblance” to Waymo’s proprietary technology. It was the “smoking gun” that Waymo was waiting for to file the case.
But let’s pause for a moment and consider that if Waymo had known more of the facts at an earlier time, it might have been able to intervene to prevent Uber’s acquisition of Otto, or at least to limit the damage from whatever information Levandowski may have passed on to the Uber design team. What if, at the time he resigned his position, Waymo knew that he had taken the 14,000 files and was planning to start a self-driving truck company? It doesn’t take much imagination to conclude that the whole unfortunate drama could have been prevented.
Why didn’t Waymo realize that its trade secrets had been compromised immediately after the download? At the very least, considering Levandowski’s extensive access and knowledge, you would have expected the company to insist on questioning him before he left. That process, which is widespread among companies of all types and sizes, is referred to as an “exit interview,” and as we will see it can be a critical step for any business that is losing high-level talent.
But here’s the problem. Exit interviews traditionally are designed and executed by the Human Resources function. And HR professionals see them in a very limited way. Just take a look at any of the literature and you will see that the purpose of the exit process is to find out what made the employee decide to leave. Even if they are being let go, feedback from the interview might improve the company’s people management through insights from those who, because they are on their way out, will be brutally honest about perceived problems.
According to an article in the Harvard Business Review, the objectives of an exit interview are directed inward at the company being left, for example “gaining insight into managers’ leadership styles” and “soliciting ideas for improving the organization.” A leading HR association promotes exit interviews as “giving the company a unique perspective on its performance and employee satisfaction.” And there’s even a Wikipedia article on the subject, suggesting that they can be helpful to “reduce turnover . . . and increase productivity and engagement.” No one ever talks about the interview as a tool to reduce loss and maintain control over information assets.
In reality, the exit interview process forms a vital part of any trade secret management program. It represents the company’s last clear chance to both assess the risk represented by the employee’s leaving and to clarify expectations about how they should behave to protect the sensitive information they’ve been exposed to. Indeed, it is only by directly confronting the departing employee about their plans that the company can reach any useful conclusion about the risks and make informed decisions about reducing them. So don’t limit it to ticking off some boxes on a form, but insist on a thorough discussion. There’s a reason it’s called an “interview.”
Collecting relevant information doesn’t necessarily depend on getting straight, fulsome responses. Sometimes body language speaks loudly, and a direct “I don’t have to tell you that” can lead to an elevated concern and trigger a more intensive inquiry. If a high-level engineering manager claims that he’s leaving to start an ice cream shop with his cousin, you may be excused for thinking that something is not quite right and digging deeper. One way to do that is a forensic examination of the employee’s computer and recent history of system usage, including – ahem – unusual or excessive downloading of files.
A security-focused exit interview will certainly inquire about the sources of any discontent, but not merely to gather suggestions for improving the workplace. Instead, reasons for leaving can provide clues about what the employee intends to do. For example, if they were disappointed that the company didn’t immediately embrace their idea for a new product or process, they may think that they are free to use it themselves. That kind of misperception needs to be corrected, and this may be your final opportunity to do it.
Indeed, another critical part of the process is confirming and reinforcing the employee’s obligations to return all company devices and information. Usually, this discussion revolves around some sort of written termination statement by the employee acknowledging those obligations and confirming that all security policies have been complied with. They should specifically assure that they do not possess any company information, including in personal email accounts or in private cloud storage platforms like Dropbox. Any refusal to sign such a document should lead to escalation to relevant managers.
Having received both verbal and written assurances that the employee will leave behind all company devices and data, the interviewer should explore the risk represented by what the employee will be carrying in their head when they leave. That assessment requires a robust discussion of the new employment and how doing that job might pose a threat of even inadvertent disclosure or misuse of secret information. Frequently, this kind of concern can be addressed with the direct question: “Please help me understand how you will be able to do what you’ve described at the new job while respecting the confidentiality of the information you’ve been exposed to in this one.”
A final area of emphasis is not about gathering information but instead delivering a message about the integrity of your property. As we’ve already noted, this is the last practical chance to put a point on the employee’s continuing obligations after departure. If the company has provided a robust training program that emphasizes the role of the workforce in protecting trade secrets, this will be a straightforward reminder. Conversely, if the company has not invested in regular communication around these issues, then you will have to step up the intensity of messaging at the time of departure, perhaps extending to formal letters to the employee and their new employer.
The best time to deal with risks is before they have matured into reality. It’s not very efficient to discover and mitigate a harmful misappropriation later, when it could have been prevented at the outset.
“I think it is right to refresh your memory…”
— Henry David Thoreau
I was recently reminded of a contest that we often played in Scouts, called Kim’s Game. Derived from a story in Rudyard Kipling’s 1903 novel Kim, it gave you a few minutes to stare at a tray full of diverse objects you might find in a junk drawer – things like a key, pocketknife, nickel, compass, button, crystal. At the end of the allotted time, you were challenged to write down as many as you could remember.
My recollection was triggered by a court order. Silicon Valley startups Wisk Aero and Archer Aviation have been slugging it out in trade secret litigation over “flying taxis” that are designed to take off and land like helicopters but fly with wings and propellers. The basic technology has been around for quite a while but making it practical as a battery-powered (and ultimately autonomous) taxi service demands a lot of creative engineering. Wisk, a joint venture between Boeing and a company owned by Google founder Larry Page, has been developing its models for more than a decade. Aero, which has a relationship with United Airlines, is a more recent entrant, and ramped up its workforce by hiring away 17 of Wisk’s engineers, including its vice president of engineering. For more salacious details, see this piece in Fast Company.
Like all lawsuits that require an exchange of confidential information, this one included a “protective order” that allows each side to designate documents and testimony as available only to the other side’s lawyers, with strict limitations on what can be done with it. But those restrictions actually lubricate the exchange, because the disclosing company knows that its information is only being seen by the lawyers. That is, until those lawyers perceive a specific need to share some of it with their clients. In the Wisk lawsuit, Archer’s lawyers petitioned the judge to allow each of the departed engineers to see the highly confidential trade secret description produced by Wisk, claiming that they needed their clients’ advice on how to defend the claim. Wisk adamantly opposed, arguing that the disclosure would serve to refresh the engineers’ memory about information they had (or should have) left behind two years ago, causing additional harm to Wisk.
The judge thought this argument had merit, but in the end modified the protective order to allow the requested access – up to a point. The engineers could only see the secrets that they had worked with at Wisk, and could not take notes; their lawyer had to chaperone the viewing; and their time was “restricted to no more than 15 minutes total per trade secret” (that’s what triggered my recollection of Kim’s Game). To reinforce the seriousness of the exercise, the judge ordered each individual to agree to the protective order, and to provide a sworn affidavit describing what they had looked at and for how long. (the order is available here). You might imagine that Aero viewed the 15 minutes as arbitrary and insufficient, while Wisk saw it as an invitation to steal all over again.
My purpose is not to get into the pros and cons of this particular order, but to shine a light on how judges in general, but especially in trade secret litigation, are called on to make judgments that allocate risk among competing legitimate interests. In this example, the main issue was the risk to the very same confidential information that Wisk filed the lawsuit to protect. Certainly, that’s a compelling interest, and it’s backed up in the relevant statute, the Uniform Trade Secrets Act, which directs that “a court shall preserve the secrecy of an alleged trade secret by reasonable means.” But pushing back against it is the defendant’s interest in defending itself by having access to information that might prove, for example, that the claimed secrets really don’t qualify for protection. The judge in this case acknowledged both perspectives and tried to find a creative way to manage the risk to each side.
Trade secret disputes are packed full of these competing interests. At the outset, the parties often engage in a tug of war about the subject matter of the lawsuit. This isn’t a problem with patents, copyrights or trademarks, where the dimensions of the right are laid out in a government certificate. But trade secret law in effect extends to protect any confidential information that helps a business define its competitive edge. And unlike most other commercial cases, the trade secret plaintiff has only a vague idea of what the defendant might have done to imperil the integrity of that information. Trying to discern exactly what portion of a vast collection of data might have been compromised is often difficult and sometimes impossible without discovery into what the defendant has done. But defendants reasonably argue that their own secrets shouldn’t be put at risk through the discovery process before the plaintiff has defined its claims, lest those claims be fashioned to match what is found in the defendant’s files.
As a result, judges in many trade secret cases are faced with trying to resolve whether the plaintiff should be required immediately to define its trade secrets with particularity, and then decide whether its attempt is sufficient. These decisions can require sophisticated understanding of the relevant technology, which judges typically don’t have at their fingertips. And it’s not just the parties that have a stake in the outcome; the court itself needs to understand the subject matter in order to make sensible rulings as the case goes on. Fortunately, judges have developed a general approach to this conundrum, in which they credit the views of a plausible expert offered by the parties and leave the boundaries of the secrets to be clarified through the discovery process.
A second area that requires careful balancing relates to employee mobility, in the sense that an employer’s interest in protecting against the risk of disclosure or misuse by a departing employee must be balanced against the basic right to seek new employment. In states like California, which have a strong public policy against noncompete agreements, courts naturally tend to be solicitous of the leaving employee; but in most other states, where noncompetes are accepted, they still are assessed for their reasonableness. Many judges want to see the hardship imposed on an employee reduced by payments from the former employer or narrowing of restrictions.
Closely related to this general tension around the free mobility of labor is the critical difference between information that qualifies as a trade secret and that which represents the individual’s skillset. A just-graduated software engineer in her first job learns how to write code efficiently, with fewer steps. When she leaves, she is entitled to take that learning with her, but has to leave behind the specific algorithms created for the employer. But where do you draw the line when, in her next job, she creates code that looks similar to what she had done before? Separating general industry knowledge and skill from genuine trade secrets is difficult—all the more so because the employee and employer each have reasonable concerns to address.
A fourth area demanding judicial judgment lies in deciding whether to issue an injunction early in the case, before there’s been a trial to resolve the contested facts. Typically, the plaintiff will claim some form of “irreparable harm” unless the court stops the defendant from finalizing some transaction or marketing some product, ostensibly to “maintain the status quo” pending the trial. But for a defendant, such an order could seriously harm its business, before it has had a chance to fully present its defense at trial. And in some cases – for example, the release of a new medical device or therapy – the public also has an interest in the outcome.
Finally, there is the trial itself, where the ultimate questions of secrecy and misappropriation get determined. But in this country, we have a tradition of public access to the court system, including civil cases. Where the dispute is about trade secrets, judges have to rule on whether documents should be sealed from view or even whether the public should be barred from portions of the trial. Today’s courtroom technology, where what is shown on the monitors can be limited to the judge and jury, makes this a bit easier; but with hotly contested or high-visibility cases, the court has to exercise extreme care to balance the need for secrecy with the imperative of an open court.
All of this is extremely complex, and there are no bright lines or clear, objective markers to guide judges through the resolution of these colliding interests. Instead, they must do the best that they can, using common sense and the inclination towards justice that drew them to the bench to begin with. In my experience, judges try very hard to avoid doing harm to any litigant. The best of them ignore the noise of excessive advocacy and emotionally charged rhetoric (all too common in trade secret disputes), and they try to sort out the real risks from the imagined ones. What we get from that are decisions which reflect sensitivity to these positions in tension, dealt with in a framework of ethical standards which represent the bedrock of trade secret law.
If while reading you’ve been thinking that this is really hard to do, you’re right. It’s not like the umpire who declares whether the ball is in the strike zone; it’s more like the quarterback faced with a rush, who has to quickly assess the available options and act. Indeed, judges, often with hundreds of contested matters on their docket, are squeezed for time while the lawyers are getting paid for it. Sometimes they have less than 15 minutes available to make a decision. In spite of that, they usually get it right. We should all be grateful.