In Part I of this article, we recapped some of the most notable trade secret cases of the past year that dealt with issues such as proving secrecy and exercising reasonable efforts, as well as the publication of a key judicial resource for trade secret cases. Below, we continue with some of the top trade secret cases and subject matter the courts addressed in 2023.
One of the unique aspects of trade secret law, in comparison to other forms of intellectual property, is that the boundaries of the right are not specified in a government-issued grant. As a result, a preliminary – and usually consequential – question in every trade secret case is: what exactly is the trade secret information that’s being claimed? Usually, companies have not made an inventory of their information assets, and even if they have, the specific data involved in any given dispute is unlikely to have been described with precision before litigation begins. As a result, identification of the subject matter – and when and how to do it – has become a frequent early battleground in trade secret litigation.
Voicing a lament that has become all too common in cases where judges are called upon to discern discovery relevance in trade secret disputes, the court in Wilbur-Ellis Co., LLC v. Gompert, 2022 U.S. Dist. LEXIS 227155 at *11 (D. Neb. December 16, 2022) denied a plaintiff’s request for issuance of a third-party subpoena. The plaintiff had been ordered to prepare a particularized description of its trade secrets. Instead, it filed what the court characterized as a list of “seven generic categories, with corresponding generic definitions, which Plaintiff alleges are trade secrets.” That the plaintiff claimed also to have produced “nearly 6,000 pages of documents” in discovery merely “emphasizes Plaintiff’s lack of specificity in identifying the trade secrets at issue, rather than its commitment to robust discovery.” In addition to denying the request for third-party discovery, the court ordered that the plaintiff’s list be unsealed, as it “does not contain material that implicates confidentiality to the extent necessary to overcome the strong presumption of public access to court documents.” Id. at *16.
While trade secret plaintiffs are allowed to describe their secrets in broad terms in a publicly-filed complaint, see Neutron Holdings, Inc. v. Hertz Corp., 2023 U.S. Dist. Lexis 100085 at *10 (N.D. Cal. June 8, 2023) (acceptable to use the qualifier “including but not limited to” in complaint), after the pleading stage real particularity is required. Where software is involved, that often means producing specific algorithms, along with associated documentation. In Reald Spark LLC v. Microsoft Corp., 2023 U.S. Dist. LEXIS 80221 at *10-12 (W.D. Wash. May 8, 2023) the court addressed the sufficiency of responses to an interrogatory asking for a description of each alleged secret. At first, the plaintiff just repeated a list of categories from its complaint; then it responded by referring to almost 3,000 pages of documents and stating that its source code would be made available for inspection. In filing its motion to compel, Microsoft addressed the requirement that a trade secret be defined in a way that separates it from “matters of general knowledge in the trade,” and it submitted related patents showing that some of the claimed concepts were well known. This led the court to order production of the specific algorithms used to implement those concepts, along with related “datasets” and “know-how” (including negative know-how) and source code. In the meantime, pending compliance by the plaintiff, it issued a protective order preventing the plaintiff from conducting discovery into Microsoft’s confidential information.
Although California’s “sequencing order” that requires early identification of trade secrets before the plaintiff gets related discovery from the defendant is technically mandatory only for state law-based litigation, courts considering DTSA claims may find the procedure useful as a discovery management tool. See Blockchain Innovation, LLC v. Franklin Resources, 2023 U.S. Dist. LEXIS 104537 at *5-6 (N.D. Cal. June 15, 2023). As the court there pointed out, however, the defendant may not simply grant itself a unilateral discovery stay by citing the statute; rather, it must move for a protective order at the outset of the case.
The question of whether secrets are adequately described remains live throughout the litigation. Even after trial and a verdict, in a case where the trade secrets were alleged to have been disclosed entirely orally, the judge may revisit whether they are too indefinite. See Coda Dev. S.R.O. v. Goodyear Tire & Rubber Co., 2023 U.S. Dist. Lexis 57556 at *19-20 (N.D. Ohio March 31, 2023) (granting JMOL to defendants following a jury verdict in plaintiff’s favor).
Because those who misappropriate trade secrets would like to keep their actions, well, secret, it’s often difficult to find direct evidence of theft, and plaintiffs must prove their case with circumstantial evidence. However, there is a real (if indeterminate) difference between permissible inference and impermissible speculation, and so it is important to marshal as much convincing circumstantial proof as possible. One common factor used to help prove misappropriation is the speed with which the defendant has produced a competing product. However, the evidence of implausible speed has to be tied to the specific claimed secrets, in order to raise the argument beyond the level of speculation. See Wisk Aero LLC v. Archer Aviation Inc., 2023 U.S. Dist. LEXIS 100960 at *42-43, *80-81 (N.D. Cal. June 9, 2023) (on motion for summary judgment, finding misappropriation claim unjustified as to a broad design secret, while allowing another claim for “indirect” misappropriation based on request to a common vendor to use a known confidential process).
In an era of digital communications, ubiquitous storage options, and remote work, there are bound to be opportunities for misappropriation, or what looks like misappropriation, by departing employees who abscond with information they were supposed to use only in their jobs. In TF Glob. Mkts. Ltd. v. Sorenson, 2023 U.S. Dist. Lexis 27983 at *11-12 (N.D. Ill. Feb. 17, 2023) the court agreed that where a former employee “retained without authorization” a large number of confidential files the plaintiff had adequately alleged misappropriation through “acquisition by improper means.”
Assuming trade secret misappropriation has occurred or is threatened, the question becomes what to do about it. In many cases, the urgency of avoiding continuing damage leads the plaintiff to request a preliminary injunction. But because that remedy is “extraordinary,” the requirements can be difficult to meet. One of those requirements is that the harm be proven “irreparable,” and when the defendant appears intent only to use the information without further dissemination or irreparable impairment of value, it can be argued that money damages will provide a complete remedy. See TomGal LLC v. Castano, 2022 U.S. Dist. Lexis 231415 at *10 (S.D.N.Y. December 19, 2022) (denying preliminary injunction).
Where the identified threat to the plaintiff derives from a departing employee’s “personal knowledge or public sources,” it is proper to deny preliminary relief in a case relying on section 1836(b)(3)(A)(i)(I) of the DTSA, due to its prohibition against “inevitable disclosure” injunctions. See CAE Integrated, LLC v. Moov Techs., Inc., 44 F.4th 257, 262-263 (5th Cir. 2023). On the other hand, it is error to deny a preliminary injunction without careful consideration of possible future harm. See Direct Biologics, LLC v. McQueen, 63 F.4th 1015, 1022-23 (5th Cir. 2023) (reversing denial where district court had not analyzed likelihood of future harm due to destruction of metadata).
As a form of relief, damages are not available at all until the plaintiff has prevailed on the merits. However, success at trial usually requires early attention to damage theories and the adequate preparation of experts. For example, it is common for damage experts to assume misappropriation as a predicate for their analysis. However, if the case involves multiple claimed secrets and the expert assumes misappropriation of all of them, there is a risk that the jury will lack guidance on what to do if it finds misappropriation of fewer than all. This was the situation in Versata Software, Inc. v. Ford Motor Co., 2023 US Dist LEXIS 75318 at *51-52 (E.D. Mich. May 1, 2023), where the trial judge granted JMOL in favor of the defendant following a verdict in excess of $100 million. The damage expert had grounded his analysis on the estimation that it would have taken Ford just over eight years to independently develop the four alleged secrets. But he failed to provide any alternative approach that would apply if the jury did not find misappropriation of all four. This “all or nothing model,” as the judge termed it, left the jury without a reliable basis to calculate nonspeculative damages. Id. at *62. The case stands as a stark warning to anticipate various outcomes and prepare for them, either with some sort of allocation among the secrets or a plausible basis for determining the same dollar figure for a variety of outcomes. (Heaping further disappointment on the plaintiff, the trial judge later denied a permanent injunction, emphasizing the absence of any presumption of irreparable harm, particularly when the “head start” obtained by the defendant had already run its course. Versata Software, Inc. v. Ford Motor Co., 2023 U.S. Dist. Lexis 188219 at *11 (E.D. Mich. Oct. 19, 2023).)
It is interesting to contrast the opinion in Versata with that in Caudill Seed v. Jarrow, 53 F4th 368, 388-90 (6th Cir. 2022), where the court affirmed a judgment based on a finding of lesser misappropriation than had been claimed, justifying the award as lower than the plaintiff had requested, and backed up by sufficient analysis from the expert to allow the jury to base its award on the value derived by the defendant from savings in research costs.
In what is likely to be seen as one of the more controversial trade secret opinions of the past year, the Second Circuit addressed the issue of avoided cost damages as a measure of unjust enrichment. In Syntel Sterling v. Trizetto, 68 F.4th 792, 811 (2d Cir. 2023), the court vacated a judgment based on an almost $285 million verdict. Trizetto had presented evidence of lost profits from some limited sales, amounting to $8.5 million, but had withdrawn that claim to avoid “double counting” with the avoided cost award. In reversing the trial result, the Second Circuit reasoned that the DTSA was designed to provide unjust enrichment damages only “in instances where the value of the secret is damaged, or worse yet – destroyed.” Id. at 809. In this case, where the trial court had entered a permanent injunction preventing further use or disclosure of the trade secrets, Trizetto retained the use of those secrets, leading the court to conclude that it had not been damaged beyond the $8.5 million. Id. at 810.
The court referred to, but did not define, a required “comparative appraisal” where equitable remedies have been applied, to ensure that avoided costs awards are not “more punitive than compensatory.” Id at 811. It recognized that its ruling might be seen as conflicting with the plain language of the DTSA, as it acknowledged contrary holdings by the Seventh and Third Circuits. Id. at 812-13, n. 42. Curiously, while it expressed its ruling in broadly applicable terms, it also repeatedly stressed that its holding was limited to the facts of this particular case. Time will tell if the Syntel ruling remains an exceptional example of strained analysis applied to an uncomfortable verdict. In the meantime, however, considering that New York state law disallows any trade secret damage award based on avoided costs, E.J. Brooks Co. v. Cambridge Sec. Seals, 31 N.Y.3d 441 (N.Y. 2018), plaintiffs may be well advised to avoid filing suit there if possible.
dmarcian, Inc. v. dmarcian Eur. BV, 60 F.4th 119, 134-141 (4th Cir. 2023) (personal jurisdiction can be based on remote access meetings led by people within the forum).
GateGuard, Inc. v. Amazon.com Inc., 2023 US Dist LEXIS 26905 at *17 (SDNY Feb. 16, 2023) (Computer Fraud and Abuse Act applies to interference with intercom system).
Trade secrets in the United States have a fascinating history, during which courts shaped the common law tort as a way to enforce confidential relationships. Now the legal framework is statutory, with some version of the Uniform Trade Secrets Act (UTSA) in effect in every state except New York, and with uniformity in the federal system thanks to the Defend Trade Secrets Act of 2016 (DTSA). Nevertheless, the law continues to evolve much as it did a century ago—that is, through the opinions of judges deciding individual cases on their facts.
What follows is a selection of those decisions, along with other resources, which have come out during the past year and which I believe provide helpful guideposts about important aspects of trade secret law and practice.
Inspired by the Patent Case Management Judicial Guide, some of us who worked on that volume joined with other practitioners and scholars to create the Trade Secret Case Management Judicial Guide, which has just been published by the Federal Judicial Center for distribution to all federal courts. It provides judges and counsel with a comprehensive resource for surveying trade secret law and managing trade secret litigation. Chapters are organized according to the stages of litigation and guided by an early case management checklist.
Counsel should also consider the recent efforts of The Sedona Conference Working Group 12 on Trade Secrets, a volunteer think tank of over 200 judges, attorneys and other professionals who have produced a series of commentaries representing consensus views on various aspects of intellectual property litigation. Because courts routinely cite to the Sedona Commentaries as authoritative, they represent a valuable resource. The most recent final commentaries, issued in July 2023, are:
This is where every case begins. And secrecy is not just about the information not being generally known; in the absence of actual espionage, it is grounded on sharing in a trusted, confidential relationship. Therefore, in a business transaction, even if the owner had a subjective expectation of secrecy, there can be no claim for misappropriation where the contracts show no direct confidential relationship with the defendant. Novus Group v. Prudential, 74 F.4th 424, 428 (6th Cir. 2023) (affirming summary judgment). In a similar way, a lack of attention to confidentiality can lead to loss of associated rights. In Minerva Surgical v. Hologic, 59 F.4th 1371, 1377-79 (Fed. Cir. 2023), the Federal Circuit upheld summary judgment of invalidity of a patent based on the bar of 35 U.S.C. § 102(b) that prevents patenting an invention more than a year after it was “in public use.” In this case, the inventor had taken samples of the device to display at an industry conference. Although no one was allowed to disassemble or even handle the samples, there were no confidentiality agreements in place, and so simply showing the device was enough to start the clock running.
One tricky area of trade secret jurisprudence lies in the so-called “combination secret,” which derives its value from a unique (and secret) combination of elements which themselves may be found individually in the public domain. Think of a simple food recipe, for example. Each of the ingredients may be well known, and probably are. The amount of each one may have shown up in other recipes. Ditto for the baking time and other variables. But if it can be shown that this one is “special” in the sense that you can’t find that specific combination elsewhere, then – subject to your ability to demonstrate the value, or “synergy” of the recipe (more on value below) – you may have a defensible secret. But the other requirements of the law still apply, including that the secret not be “readily ascertainable by proper means” by others. (I’ve seen people who can taste a piece of cake or a cocktail and confidently recite how to make it.) Thus, the court in DT-Trak Consulting v. Kolda, 979 N.W.2d 304, 311 (S.D. 2022) determined that no protection was available for a combination that could be “compiled by others with the general skills and knowledge” in the field.
In contrast, consider Allstate Ins. Co. v. Fougere, 79 F.4th 172, 189 (1st Cir. 2023), where the alleged secret consisted of spreadsheets containing information about thousands of customers, including email addresses, premium rates and policy renewal dates. Although they also included some otherwise accessible data, the court observed that duplication of the entire compilation would be “immensely difficult.” Summary judgment for plaintiff was affirmed.
The UTSA and the DTSA require that protectable trade secrets “derive independent economic value” from secrecy. In their 2021 article, Abandoning Trade Secrets, 73 Stan. L. R. 1, 9, Camilla Hrdy and Mark Lemley asserted that in the litigation of trade secret cases the courts are less rigorous than they should be, “allowing plaintiffs to rely on weak inferences and assertions of hypothetical value rather than meaningful evidence.” While I don’t fully embrace the larger theme of their article that trade secrets may be declared “abandoned” if not actively used by the business owner (there’s good reason that the statutes qualify “value” as “actual or potential”), they do have a point that courts tend to accept conclusory assurances rather than demand robust evidence. Some judges have taken notice of the criticism and are trying to elevate expectations for litigants. In Health Care Facilities Partners, LLC v. Diamond, 2023 U.S. Dist. LEXIS 97611 at *30-31 (N.D. Ohio June 5, 2023), the court granted summary judgment on this issue, noting that conclusory allegations of competitive value are insufficient to establish a trade secret. The opinion quoted from Providence Title Co. v. Truly Title, Inc., 547 F.Supp. 3d 585, 610-11 (E.D. Tex. 2021):
“In a general sense, there is ‘value’ to a business in keeping all confidential business information secret; that’s the motivation for classifying such information as confidential. But just because a business benefits from keeping certain information confidential does not necessarily mean that the information has independent economic value derived from its confidentiality. Otherwise, all confidential business information would constitute a trade secret and the additional statutory requirement that the information have independent economic value would be rendered meaningless.”
What is required, the Health Care court explained, is “discrete, particularized facts” based on personal knowledge to support the conclusion of value. Stated another way, the plaintiff must provide evidence of “some objective indicia of (or rationale for)” the existence of independent economic value that derives from secrecy.
In addition to establishing a foundation that meets the requirements of the Rules of Evidence, proof of value should focus on the specifically claimed trade secrets, rather than on products that incorporate them, or more distantly the value of the company that owns them. This was the primary message of Synopsys, Inc. v. Risk Based Security, Inc., 70 F.4th 759 (4th Cir. 2023). Having been accused by RBS of misappropriation, Synopsys sought a judicial declaration that it had not misappropriated any legitimate trade secrets. Affirming the district court’s grant of summary judgment in Synopsys’ favor, the Sixth Circuit pointed out that RBS had only presented evidence of the commercial success of the company’s primary product and the price that a third party had paid to acquire the company. Even though the product embodied the trade secrets and represented 90% of its revenue, RBS had failed to provide “evidence that its seventy-five alleged trade secrets had value because they remain secret.” (emphasis in original) Under the circumstances, the plaintiff should have presented expert testimony about the competitive value of each discrete trade secret, or at least of groups of them that share the same evidence of commercial value. However, the RBS expert had not assessed the asserted secrets directly, justifying exclusion of his report.
Closely related to the concept of secrecy is the requirement that the trade secret owner exercise “reasonable efforts” (UTSA) or “reasonable measures” (DTSA) to protect the information. In effect, courts will not step in to help if the owner has failed to help itself with security measures that match the business risk. Occasionally the failure is so obvious that it can result in a judgment on the pleadings. For example, consider Pauwels v. Deloitte LLP, 83 F4th 171, 182 (2nd Cir. 2023), where the plaintiff consultant alleged a verbal agreement with two Deloitte partners not to disclose or use his analytic model outside of their firm. In affirming dismissal, the court found a failure to use reasonable measures because the agreement did not prevent widespread disclosure within Deloitte to people who were not bound to confidentiality.
Two other cases decided this year address whether and how the question of reasonable efforts can be addressed through experts. A challenge to testimony from a law professor was turned back in Neural Magic, Inc. v. Meta Platforms, Inc., 2023 U.S. Dist. LEXIS 37357 at *56-*57 (D. Mass. Mar. 6, 2023), because she also had experience as a consultant on reasonable measures. It did not matter that she lacked a degree in, or deep understanding of, the relevant technology because she could still provide context to help the jury understand “how certain security measures are viewed in the field.” Id. at *58-*59. And FMC Technologies, Inc. v. Murphy, 2023 Tex. App. LEXIS 5984 at *30-*31 (1st Dist. Houston Aug. 10, 2023) affirmed the trial court’s decision to allow a lawyer (ahem, that would be me) to testify in view of my separate experience in managing information security issues, emphasizing that reasonable efforts is a question of fact, id. at *53, and that analyzing the circumstances in terms of risk management was a reliable methodology. Id. at *56-*57.
In Part II of this article, we will look at cases dealing with the proper identification of trade secrets, misappropriation and cases assessing injunctions and damages.
“The more you tighten your grip, the more slips through your fingers.”— Princess Leia speaking to Tarkin in the first Star Wars movie
Princess Leia wasn’t the first person to use the “tighten your grip” metaphor, but I think she’s the most memorable. To be totally accurate, she warned Tarkin that “more star systems will slip through your fingers.” And her philosophizing did not stop him moments later from using the Death Star to destroy her home planet, Alderaan. But that’s a quibble. The point for our purposes is that tightening your grip on a company’s trade secrets can actually lead to losing them. Stay with me here; this kind of excessive protection is more widespread than you might think, and most companies don’t appreciate the risks that they are taking by overdoing it.
The first category is legal risk. Recall that courts require, as part of any case for misappropriation of trade secrets, that you prove you have taken “reasonable measures” to maintain control over the information. Because most trade secret loss happens through employees, you might assume that judges want you to have strong confidentiality agreements. And you would be right; in fact, if you don’t have them, you are statistically likely to lose. But here’s the hidden problem: if your employee non-disclosure agreements (NDAs) are too broad, courts could throw them out.
On this issue lawyers may not be your best friend. Trained to turn over every pebble on the path, they come up with contracts that identify as “confidential information” everything that happens or is communicated in the business. Avoiding any attempt at actually explaining what makes particular information sensitive and in need of special handling, they opt instead for an open-ended set of examples, usually preceded by “including but not limited to” and listing such high-level abstractions as “all information regarding business methods and procedures, clients or prospective clients” or any information the employee “may obtain knowledge of” while working for the company.
This was the language used in one recent case, TLS Management v. Rodriguez-Toledo, where the judge concluded that the contract would cover information that was in the public domain or general knowledge of the sort that employees are supposed to be able to take to the next job. The court refused to “fix” the agreement by narrowing its terms and instead held that it was totally unenforceable.
Let’s pause and acknowledge that the business is always on the razor’s edge regarding confidentiality agreements, in the sense that employee NDAs must be fairly vague. That is because at the outset no one can predict exactly what trade secrets the company will have, and what the employee will be exposed to, during what may be years of employment.
But what seems a conundrum for the business – how to be comprehensive enough without being overbroad – can be resolved if there’s not almost exclusive reliance on the contract (and perhaps an equivalently vague Code of Conduct or Employee Handbook). The business has it within its power – and some courts might say has the responsibility – to communicate effectively to the workforce about confidentiality by training and other messaging delivered throughout the employment lifecycle. This can continue through the exit process, which presents a particularly powerful opportunity to ensure a common understanding of what the company views as its trade secrets and what are its expectations for the departing employee’s behavior after they leave.
The second kind of risk is operational. By making your confidentiality controls and rules too complex, or too demanding, chances are that a substantial portion of the workforce will either ignore them, or even deliberately circumvent them. For example, consider the requirement that the word “confidential” must be placed on every sensitive document. Unless you have a simple and easy way for people to add that term every time, they will tend to ignore the rule, especially if they see that others are doing the same. Another example is the prohibition against taking confidential information off the premises (or sending it to a private email address), when people need to work at home to get the job done.
In a Texas case where I testified as an expert in 2021, FMC Techs. v. Murphy, the company had sued a departing senior engineer for taking a secret, unpublished patent application describing undersea oil drilling equipment. The company had a suite of policies about protecting confidential information, including a requirement to mark sensitive documents. But in practice, documents were seldom marked “confidential,” including the patent application at the center of the dispute. Worse, the senior manager in charge of engineering couldn’t even explain what confidential information was. Basically, this was a company with valuable information, but they had decided to protect it mainly by patenting, and ultimately failed to police compliance with the “standard” rules they had established for trade secrets.
The jury decided that the claimed trade secrets didn’t qualify, because the company failed to exercise reasonable security measures. The moral of the story: if you create a rules-based framework for trade secret protection, you need to enforce it. And a corollary: only create rules that you reasonably expect the workforce to follow.
Trying to protect every bit of the company’s information as if it is equally important creates its own set of risks. First, that approach almost always results in a false sense of security. It leads management to think “we have set up really tight procedures for handling secrets, and so we must be safe.” The trouble is, the vast majority of information loss – whether through carelessness or espionage – happens below the awareness of management. When you have lost control of secret information, it’s still there, so you may not know that there’s a problem. As a result, you can easily miss all sorts of related vulnerabilities and ways to address them.
Second, by treating everything at the same level of sensitivity – for example, by giving all your engineers access to the entire database of information about the company’s ongoing research and development – you may think that you are encouraging collaboration and creative work. But by choosing not to partition access by project groups, you could be missing opportunities for more supervised collaboration, where managers know what’s going on, participants stay focused on their projects, and confidential information is less likely to leak.
Third, overly aggressive rules can slow things down when they need to move very fast, as in response to a reported data breach. The same phenomenon can work to reduce compliance with external regulatory requirements, where a too “locked-down” environment collides with the need for a certain amount of managed transparency that enables effective reporting.
Fourth, and perhaps most important, your workforce, properly trained and incentivized, is your primary bulwark against possible loss or contamination of data assets. If you put them inside a security regime that is too strict, not only do you risk noncompliance and circumvention, but you will be sending a message that you don’t trust them. Conversely, if you design your systems in a way that distributes an appropriate level of authority to determine what is confidential and how to protect it, employees are likely to be more engaged and effective.
This balanced way of implementing security measures takes more time and effort than simply issuing a standard set of policies and expecting that they will work. You need to have a good idea of what data assets are most important for protecting the company’s competitive advantage, and what are the risks to their integrity. From that point, you manage to those risks, and not so much to a precooked set of rules. Be realistic about what can work in your business. Often, that requires that you relax your grip.
“An approximate answer to the right problem is worth a good deal more than an exact answer to an approximate problem.”— John Tukey
As I was participating in a recent conference of trade secret nerds (yes, we often refer to ourselves that way), I found myself thinking about the Titanic. More specifically, about the legend of the missing binoculars. It seems that on that tragic night in 1912 the lookout was unable to find a pair of binoculars that he thought had been stowed in the crow’s nest. According to the story, they were in a locked box in the quarters of the former second officer, who had been transferred to another ship just before departure (lucky guy) and apparently took the key with him. In the immediate aftermath of the sinking, no one considered that the lack of binoculars had anything at all to do with the ship’s failure to steer clear of the iceberg. It was pitch dark, and the obvious cause was excessive speed. The official report didn’t even mention binoculars. But during the later inquest, the lookout testified about his futile search, and the “but for the binoculars” legend was born.
Why did this come to mind sitting in a meeting about trade secret management? We were debating a classic question: should a company create a “list” of its secrets, so that it can sensibly manage them and be ready if it has to go to court to protect them? The transactional lawyers in the group said yes, but many of the litigators were opposed. They worried that if a company committed to a list, it might later need to file an action to enforce a secret that wasn’t on the list and lose the case as a result. Like the binoculars, something that initially seemed fairly insignificant might become critical in a new context.
Proving trade secrets often requires focus on the impression that you’re giving the judge or jury about what information really matters to you. Ideally, the owner offers compelling evidence that this specific design, or code, or process makes a big difference to the success of the company. But if you had failed to put this on the “list,” it’s hard to avoid the argument that you didn’t care enough about it, or it just wasn’t all that important. However, as we’ll see it doesn’t necessarily have to end up that way; a lot depends on how you go about “listing” what you have.
At our meeting, the argument boiled down to a contest of competing perfections. The corporate lawyers wanted to maximize the company’s ability to manage an asset that is as valuable as it is evanescent, so were willing to take some risk on a later dispute if in return the business could more effectively supervise its secrets. The litigators wanted to maximize flexibility to “adjust” the company’s claimed secrets to later circumstances, without worrying about a previous catalog that may have missed something now considered to be important.
Both sides in this debate were right and wrong. Yes, the law requires that a company trying to enforce its trade secret rights demonstrate that it has engaged in “reasonable efforts” to keep them secret; and knowing what they are is an obvious first step in that process. But the law requires only that the business act reasonably, not flawlessly. Similarly, in litigation where you have strong proof of theft, the jury is not likely to be too distracted by the fact that you didn’t perfectly categorize all the secrets that you can now prove have value.
Of course, it certainly helps to show that you have always taken seriously the need to protect the information that gives your business a competitive edge. The judge or jury tends to equate the actual value of your secrets with the relative effort that you have put into caring for them. But that doesn’t mean you have to inventory each and every bit of data. That’s a fool’s errand. Because trade secrets are so granular and pervasive throughout the enterprise, and because they – and their value – are always changing, you would have to be updating the list daily, and you would never get it totally right.
There is a simpler way to identify your information assets, one that doesn’t take inordinate resources or risk losing a lawsuit. It recognizes that there is no one “best practice,” but only a range of practice that is “reasonable under the circumstances” for your business. As that phrase suggests, there are multiple potentially relevant factors.
For example, if you run a small business that is relatively predictable, such as a restaurant or an insurance agency, you already have an appreciation for the secrets you need to protect, whether recipes or customer lists. And you know that the main risk you face is with employees who may be tempted to walk off with them. Having that in mind, your efforts will be focused on limiting access, perhaps with some training to help the workforce understand why those things are sensitive.
At what might be the other extreme, if yours is a startup tech company with a mission to disrupt a market, you will be creating and discarding ideas and data as you quickly grow. Your dataset of valuable information is necessarily dynamic (as are the risks it faces). In that environment, trying to stop and get a useful handle on what your most important secrets are can be very difficult; everything is moving too fast.
But that doesn’t mean you should just throw up your hands and forget about trying to understand the nature of your competitive advantage. You may not have (yet) discovered something discrete on the order of the blockbuster drug molecule or the perfect search algorithm; but even in the early stages you learn a lot about what works and what doesn’t. You develop an idea of what the ideal feature set for your upcoming product might be. You begin to understand what it is that your customer base would love to have, if only you could deliver it to them.
Would you want your competitors to have access to all that information? Of course not. But if you don’t pause from time to time to think about what it is, then you won’t be in a position to actively manage it, to protect it and use it to increase enterprise value. Remember, the “it” we’re talking about here is the essence of what distinguishes your company, or will distinguish it going forward. What could be more important?
The point is that you don’t have to boil the ocean to know what you have at a sensible level of detail. For many companies, it will be enough to identify the categories of information that are (or will be) your “crown jewels,” recorded and briefly described on a spreadsheet that is regularly updated. Other companies wanting to impose more discipline on the process may opt to use a trade secret management tool such as Tangibly. Whatever sort of system you adopt, its description or user notes should include the caveat that it is intended as a guide for management, and should not be seen as comprehensive or exhaustive. By doing that, and also describing your secrets in broad terms, you will decrease the risk that something omitted becomes a problem.
On the positive side, you will have given yourself a solid basis for effective management of your information assets by assigning appropriate risk levels and considering mitigation measures. And you will be much more prepared for transactions like acquisitions or licenses, and also able to respond immediately with litigation when your rights are threatened.
At least you won’t be frantically searching for the keys to the binoculars case.
“Three may keep a secret, if two of them are dead.”— Benjamin Franklin
It used to be so simple. For centuries, China was able to maintain its monopoly on silk production just by killing anyone who tried to leave the country with knowledge of its secrets. Thirteenth century Venice showered benefits on the Murano glassmakers but also prohibited them from leaving the island. Augustus the Strong preserved the secrets of Meissen porcelain by setting up a workshop in one of his remote castles and basically imprisoning the artisans there. A similar containment strategy was employed by England to protect its preeminent position in textile manufacturing. With the Exportation of Machinery Act of 1774, Parliament decreed that neither “Implements used in the Manufacture of Cloth” nor “Descriptions” thereof could be exported. Although this was presumed to apply to skilled workers with such knowledge in their heads, the law did not stop one ambitious young apprentice, Samuel Slater, from slipping out to find his fortune in the colonies by applying what he knew, seeding the U.S. industrial revolution.
It helps to remember that Slater’s behavior challenged not only the law against exportation of technology, but also the system of apprenticeships that had developed in England since the sixteenth century. The 1563 Statute of Apprentices (also called the “Statute of Artificers,” referring to skilled workers who produce goods by hand) made an apprenticeship compulsory for anyone who wanted to enter a trade. This was no summer internship, but typically required a seven-year commitment to learning at the foot of a master in the trade, who in addition to training would also provide room and board. Although the apprenticeship “indenture” was similar in many ways to the general contract of indenture by which workers pledged themselves for a set period in return for some benefit such as a piece of land, its focus was instead on training. Indeed, many middle-class families would pay a hefty fee for their 14-year-old son (there were relatively few female apprentices) to learn from a well-regarded master.
Apprenticeship indenture contracts tended to constrain the young worker in ways that their modern counterparts would likely find unacceptable. The apprentice had to “gladly obey” the master’s commands, forego “Cards, Dice or any other unlawful Game” and avoid “Ale-Houses, Taverns and Play-Houses” (that is, theaters). But we also see in them some of the same restrictive covenants that are common in modern employment agreements. The apprentice had to “keep the said Master’s Secrets,” and in many cases agree not to compete with the master for seven more years after expiration of the apprenticeship (the English Statute of Monopolies of 1623 set the term of a patent at 14 years; coincidence?)
When Slater traveled to New England, he was responding to an advertised market need for skilled artisans. In the same year that Britain barred the export of textile technology, its colonies had begun to offer bounties for textile workers willing to emigrate. Pennsylvania’s was first, at £100, and following independence most states offered amounts up to £500. In effect, these were the signing bonuses of the nascent industrial revolution. Fast forward to today, when very skilled artificial intelligence professionals can command salaries of as much as $900,000. In an economy fueled by the expanding horizons of innovation, money talks and talent walks.
The recruiting side of this process comes with its own challenges and risks around contamination with information belonging to others, a subject we have examined before. But for the moment, let’s focus on how business gets employees to respect and protect the integrity of the company’s own data assets. Here, we need to distinguish between two types of restrictive agreements: (1) prohibiting competition for a period after the employment ends (a “noncompete”) and (2) prohibiting use or disclosure of the employer’s trade secrets (a “confidentiality” or “nondisclosure” contract).
Noncompete agreements have always been controversial to some extent. Employers like them because they avoid messy litigation over whether the employee has breached confidentiality; a noncompete eliminates the risk as a practical matter. But it is a blunt instrument, preventing fair as well as unfair competition. At a macro level, a few states, notably including California, long ago decided that noncompetes are anathema in an open economy. Some people point to the extraordinary story of Silicon Valley to argue the wisdom of this policy. Indeed, Minnesota has just jumped on board, and a growing number of other states have limited noncompetes to high-earning executives.
In contrast, employee confidentiality agreements have almost universally been embraced by courts, even though they usually operate in perpetuity to restrain use or disclosure of information. This is mainly because even without a contract, the common law recognized a duty of confidentiality by all employees to respect the trust implied by having access to secrets. In that context, the contract is not necessary to create the obligation, although it certainly is helpful, because it provides evidence of the confidential relationship and notice to the employee. As a result, employee confidentiality agreements are ubiquitous in most industries.
But establishing a relationship of confidence isn’t the same as enforcing one, and in a society that values the free movement of labor there can be some real tension between the employer’s interest in ensuring exclusive control over its trade secrets and the employee’s interest in moving to another job, even one that is directly competitive. We resolve that tension in part through rules that guarantee all employees the right to use their accumulated skills and general knowledge as they move on. In effect, they have a growing “tool kit” to take with them. But increasingly, legislatures and government agencies have expressed policies that more clearly support labor mobility.
In the negotiations that led to the federal Defend Trade Secrets Act of 2016 (DTSA), a provision was inserted that restricted the ability of judges to issue injunctions against departing employees. Courts may not prevent someone from accepting a job, and any restrictions they impose on what an employee can do must be based on evidence that misappropriation is likely, but “not merely on the information the person knows.” Technically, the statute does not limit the applicability of confidentiality agreements, but it can make more challenging the company’s attempt to enforce them in ways that are effective to protect secrets.
More recently, the Federal Trade Commission has proposed a rule that would ban noncompetes nationally but would also apply to any employee confidentiality agreement “written so broadly that it effectively precludes the worker from working in the same field.” We examined that proposal when it emerged some months ago, and while it may not ever issue as an enforceable regulation, it rhymes with much of the effort at the state level to rein in noncompetes.
Whatever position you might take on noncompetes as such, a troubling dimension of this debate is the use of the same broad brush to paint confidentiality agreements as threatening to employee mobility. And it’s not just government that is pressing this position; the courts have also joined. In a 2020 case from the First Circuit Court of Appeals, TLS Management v. Rodriguez-Toledo, the lower court had ruled for the employer, a tax advisor, against a former employee who it claimed had been using its proprietary techniques in violation of his confidentiality agreement. The appellate court reversed, explaining that “overly broad nondisclosure agreements, while not specifically prohibiting an employee from entering into competition with the former employer, raise the same policy concerns about restraining competition as noncompete clauses where, as here, they have the effect of preventing the defendant from competing with the plaintiff.”
This willingness to analyze nondisclosure agreements as if they were noncompete contracts presents a serious conundrum for businesses. Imposing nondisclosure agreements on employees is a key feature of most companies’ information security programs; indeed, the law’s requirement that the employer engage in “reasonable efforts” to protect its trade secrets often starts with looking at where such agreements are in place. If you don’t have them, you risk losing your rights. And when you create them, you can’t know exactly what information the employee will be exposed to over the years of employment. As a result, the definition of “confidential information” in the contract necessarily will be very broad, with the details to be filled in by on-the-job training and experience.
So, what is the employer supposed to do? First, avoid trying to claim that everything the employee learns on the job belongs to the company. The language of the contract in TLS Management was so expansive that it arguably swept up information that was generally known, making the employee radioactive in terms of litigation risk. As a test, make sure to read the agreement in a way that ensures there is a path forward for the honest worker who just wants to get another job. Second, accept that there is no way in the modern world to make yourself whole for having released into the market someone whom you have endowed with the skillset to compete with you. Get over that annoyance. And third, focus on the risks to your specific secrets by engaging in a meaningful exit process. More on that here.
We’re not in the 18th century anymore. Ultimately, talent will break free to pursue new opportunities, and that, together with hackers and heavy-handed regulators, represents the modern business environment. But take heart: litigation (a modern form of capital punishment) is not the only answer. Almost all concerns about protecting trade secrets can be solved with better management.
“In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved . . . .”— 7th Amendment to U.S. Constitution
You always remember your first jury trial. Mine happened almost 50 years ago, and I still vividly recall sitting with the partner to work on the “instructions” that the judge would be giving. He explained to me that the jury would be told what the statutes said (this was a contract case), and they would be responsible for deciding the facts that determined their verdict. As it turned out, we didn’t win, and that was the end of it. Although an appeal was possible, overturning a jury verdict is very hard to do.
And that’s as it should be. Respect for the jury as an institution, coupled with a logical focus on efficiency, long ago – long before we coined the term “crowdsourcing” – led to rules that defer to the wisdom of the jury. If the trial judge made a serious error that likely affected the outcome, a new trial can be ordered. But only rarely do we allow judges to reverse what the jury did and give judgment to the other side. That would require scouring the record, going through all the exhibits and all the testimony, to conclude that there was “a complete absence of evidence supporting the verdict.” Judges are not allowed to substitute their assessment of credibility when they do this, but have to interpret all the evidence in a way that is most favorable to the jury’s decision. Only if they do that, and are still convinced that the facts are so “overwhelming” that no reasonable person could have come out as the jury did, can the trial judge (or an appeals court) reverse the result.
That’s why I was surprised to see the recent opinion in Syntel v. Trizetto, a trade secret case that made its way to the Second Circuit Court of Appeals following a jury trial in New York federal court in October 2020. Syntel, a software developer, had sued Trizetto under a contract for improving software tools used in the healthcare industry. Trizetto filed a counterclaim accusing Syntel of misusing its access to Trizetto secrets to go into competition with it.
Trizetto based its claim on the Defend Trade Secrets Act (DTSA), which since 2016 has allowed trade secret owners to sue in federal court. Before that time, claims for misappropriation mainly happened in state courts under the so-called Uniform Trade Secrets Act (UTSA). I say “so-called” because over the years since the UTSA was proposed as a model, individual states have tinkered with the language so much that Congress decided a federal law was needed to provide consistency. But one aspect of the DTSA and UTSA match perfectly: how damages are calculated.
Because the twin policies behind trade secret law, according to the U.S. Supreme Court, are the “maintenance of standards of commercial ethics and the encouragement of invention,” damage awards tend to be generous to ensure that the victim is fully compensated and that the perpetrator does not retain any benefit from the misappropriation. Specifically, a plaintiff is entitled to recover damages for its “actual loss” and an amount representing the defendant’s “unjust enrichment,” so long as there’s no double counting. For a lot of reasons, it’s often difficult to show actual loss, and so plaintiffs tend to rely more on “disgorgement” of the defendant’s benefit. And usually that benefit is calculated as the defendant’s “avoided costs” from not having to do its own research and experimentation to discover the secret on its own.
Trizetto in fact had evidence of actual loss, in the form of some business that Syntel was able to grab, amounting to $8.5 million. But the calculation of Syntel’s avoided costs, based on what it had cost Trizetto to develop the secret information in the first place, was almost $285 million. That was the number submitted to the jury, and it ruled for Trizetto and also awarded punitive damages because it found that Syntel’s misappropriation was “willful and malicious.” After the trial, Syntel challenged the verdict, but the trial judge, applying the traditional standard favoring jury verdicts, denied Syntel’s motion. (The jury had also awarded damages for copyright infringement, but that was not challenged).
However, on appeal to the Second Circuit, the judgment was vacated. Applying the deferential standard of review, the court began by confirming that Trizetto had proven the existence of legitimate trade secrets, and that Syntel had no right under the contract to use that information in competition with Trizetto. But although it acknowledged that the “amount of recoverable damages is a question of fact,” it switched its analysis to “de novo” (i.e., fresh eyes) review on the “legal question” of whether it was proper “in this specific case” to allow recovery of avoided costs under the DTSA.
You would be excused for thinking that this was a pretty straightforward question. After all, the statute is expressed in the conjunctive: the plaintiff can recover its loss “and” any amount of unjust enrichment that is not already accounted for in the loss calculation. Indeed, at least two other circuit courts, applying identical language from the UTSA, had ruled that way: Epic Systems v. Tata Consultancy (Seventh Circuit) and PPG Industries v. Jiangsu (Third Circuit). Ultimately, the Second Circuit panel said it disagreed with those cases.
Instead, the court adopted a false premise: that the DTSA provision on unjust enrichment is designed to provide compensation to victims “whose injuries are not adequately addressed by lost profits” by making “trade secret holders whole.” There is nothing in the text of the statute or in the history of its enactment that supports that assumption; instead, the obvious goal is simply to make sure that the thief doesn’t get to hold on to any benefit from the wrongful act. This twist of the statutory purpose provided the setup for wandering even further from the statute, to consider the Restatement (Third) of Unfair Competition, a publication of the American Law Institute which purports to describe the common law on a variety of subjects, including trade secrets. It is what lawyers call a “secondary reference,” in contrast to the statute itself, which is primary.
Turning to the Restatement for an understanding of the common law of trade secret damages, the court zeroed in on § 45(2), which suggests that, in addition to the basic approach of awarding the greater of plaintiff’s loss or defendant’s gain, a judge should engage in a “comparative appraisal of all the factors of the case,” including the “degree of certainty” with which the plaintiff has established its damages case, and “the relative adequacy to the plaintiff of other remedies.” We should pause here to emphasize that none of this is part of the UTSA or DTSA, but represents the consensus view of a largely self-selected group of scholars and practitioners about the state of the “common” (i.e., non-statutory) law. But the Second Circuit tried to link it together in passing with a footnote saying only that “these common law principles are consistent with the language and the structure of the DTSA.” Of course, “consistent with” means just that they are not obviously conflicting, not that the common law principles can be inferred from the language of the statute; they can’t be.
Having given itself permission to review the question with zero deference to the verdict, the appellate court engaged in what it viewed as the “comparative appraisal” suggested by the Restatement. It focused its attention on the “adequacy to [Trizetto] of other remedies” and in particular the permanent injunction that the trial judge had entered, prohibiting Syntel from using or disclosing the trade secrets. Such remedies “work as a powerful tonic to reduce the harm a trade secret holder suffers beyond its lost business.” Indeed, if you focused only on avoided costs without the (undefined) “comparative appraisal,” the court said, you risk making “awards that are more punitive than compensatory.” So, let’s pause again briefly to observe that the court has by now conflated two separate statutory damage calculations by linking both of them to harm to the plaintiff; and it seems to have revealed its real underlying concern: that a $245 million damage award seems very excessive (and therefore “punitive”) against someone who’s already been enjoined from further use and in favor of someone who hasn’t actually lost much. (Indeed, the court offered, Trizetto’s software “is worth even more today than it was when the misappropriation occurred.”)
As you may be able to tell by now, this logical legerdemain by the Second Circuit has me pretty disappointed. Even more so because they try to have it both ways, by issuing a broad ruling that avoided cost unjust enrichment damages must somehow be tethered to proof of loss to the plaintiff, and by repeating (seven times by my count) the suggestion that its holding is limited to “the particular facts” of this case. It seems a disservice not only to the litigants, but also to the rest of us who care about this area of the law, to engage in such labyrinthian reasoning to attack an award that one believes is excessive in light of the injunction.
If we think trade secret law on avoided cost damages is too loose as it is written, then we should go back to Congress to make it work better for the industries it is designed to serve, rather than conjure a gloss on the existing statute using a “restatement of the common law.” If we’re going to sharpen the point, we should take the opportunity to clarify and reinforce that harm to the victim is different than benefit to the defendant, and that “avoided cost” is not just about money, but about not having to take the risk that your own development effort will fail entirely. The “value” of a stolen trade secret to the misappropriator is at least in the knowledge that it works.
As an alternative to returning to Congress, perhaps there are ways to honestly interpret the existing law to help provide better guidance to juries. Sitting down to write instructions that cleanly separate issues of law and fact will help us prepare our trials and improve predictability of outcomes. As I learned a long time ago, juries will do the right thing if you give them the right information.
“Think different”— Apple 1997 ad campaign for the Mac
The story seems to unfold the same way every time, whether the actor is a high-level departing employee or a customer or business partner. When sharing confidential information in a long-term relationship results in the release of a similar product by the recipient, the reaction is a claim of theft, laced with accusations of treachery and betrayal. And the response is equally strong: “no, I did this on my own”; in legal terms, “I engaged in ‘independent development.’”
Strictly speaking, this means that the development of the new product was accomplished “independently” of the information shared in the confidential relationship. As a practical matter, this can be difficult to prove. Once you have been exposed to the secret process or design, or other related information, how do you demonstrate that your work was entirely your own?
This is a particular conundrum for companies that are looking to expand their business through acquisitions, or who respond to inquiries from an innovator interested in some sort of relationship to co-develop a new technology. A recent article in the Wall Street Journal reported on cases where Apple met with startups to look at technology related to the iPhone or Apple Watch, and the legal battles resulting from Apple’s decision to pursue those projects on its own.
One way that a large organization can try to protect itself from these claims is to insert a “residuals clause” into the agreement with the smaller company. Alongside the usual promises of confidentiality and limited use of shared information it inserts a significant exception for information “retained in the unaided” (i.e., human) memory of the individuals who were exposed to it. If that strikes you as a significant carve-out, you’re right. In effect, by entering into an agreement with a residuals clause, you’re granting a license to the other side to use whatever they remember from the transaction.
As a result, the residuals clause is frequently refused, and the process goes forward with a more or less standard NDA in which each side agrees to maintain information in confidence and to use it only to assess the proposed deal. The receiving company may reduce its risk to some extent by declaring in the agreement that it is engaged in its own related research. But even with that sort of disclaimer, there will be exposure to information that makes it a challenge later to demonstrate truly independent development.
An exposure like this doesn’t only happen in the case of potential acquisitions or licenses. Confidential information can be shared in connection with purchase of a commercial product, in which the terms of sale include protection for the seller’s designs. The same might apply to enterprise software, in which the customer is not given access to underlying code, but is exposed to information about how the tool works, usually accompanied by a promise not to reverse engineer it. And of course sensitive information sometimes arrives in the head of an engineer hired from a competitor.
However it occurs, the “information infection” operates more or less automatically to constrain the recipient’s freedom in some way. That constraint can be measured by the risk that there will be some sort of claim, and by the robustness of the evidence that the recipient did not in fact use the information it received in confidence.
The key word here is “use.” To assert a claim of trade secret misappropriation, you don’t have to show copying. The law imposes liability if the later development was influenced, or just accelerated in some way, by access to confidential information. This includes using knowledge of the blind alleys already explored by the originator who invested in research to determine what doesn’t work, or what works less well. These so-called “negative secrets” can be very valuable as a “head start” toward success. Recall that Thomas Edison, in relating his effort to invent a long-lasting filament for the light bulb, said “I haven’t failed; I’ve found 10,000 ways that won’t work.”
In a dispute over breach of confidentiality, the plaintiff always has the “burden of proof,” in the sense that it has to convince the judge or jury that its secrets were misappropriated. But as a practical matter, if the defendant had trusted access and later sold a similar product, all eyes will be on the defendant, who better have a good story to tell.
That story, as we noted at the beginning, is one of “independent development.” But how does the accused convince a (potentially skeptical) audience that there was no breach of trust, that the development was “clean?”
Here, the gold standard is the “clean room” form of reverse engineering, in which you start with publicly available information about a product, or a set of basic specifications for a desired product, and you hand that over to an outside team of developers who have never been exposed to the secret information. Of course, you have to be certain that all the participants are clean, and that the information you give them to start with was not derived from the trade secret. But if you can pull that off, then you should win.
The problem is that a true “clean room” is often impractical for a number of reasons. There may not be enough time, or enough budget. The people with the right skills and experience may not be available when needed. Or the extent of exposure may have been so limited that the risk is viewed as acceptable.
Indeed, assessing the risk is key to most attempts at independent development. The company that is exposed to sensitive data has to recognize that the issue is not clean-cut, but depends on thoughtful risk management, beginning at the point when the relationship is established and the information received. Anticipating the practical burden of proving independent development, the recipient will focus on ways to preserve its options in the event of a claim.
This effort begins with the originating transaction. If the company is entering into a confidential relationship, the contract should be drafted in a way that makes it clear to the other side that if things don’t work out the recipient will be forging ahead on its own. Provisions for specific marking of all confidential information (and prompt written confirmation of verbal disclosures) will help reduce the risk of misunderstanding about what the protected information consists of.
For recruiting exposure, the hiring company should make clear its policy on respecting others’ IP, and should consider establishing protocols to guide the behavior of new recruits and their new colleagues. In exceptional cases, the company may want to provide access to independent counsel to provide the individual with specific, confidential guidance.
All this front-loaded action may not help much without follow-up to ensure that exposure is carefully managed and that good records are kept of how the company has complied with its obligations.
This brings us back to the question of how to structure a development path when there has been some exposure to someone else’s trade secrets. The answer begins with recognizing that it doesn’t necessarily require a hermetically sealed “clean room.” It is possible to create your own product or service “independently” using one or more of the people who had access to sensitive data. For obvious reasons you should limit their participation to what is necessary under the circumstances. But the law only punishes a misuse that is “substantial,” and depending on the context, you may be able to convince a court that any influence from exposure to confidential information was negligible.
The key to success lies in understanding the risk of future litigation and preserving the evidence of your work. This becomes critical as context for a judge or jury to see that your development effort was robust and honest, and that you didn’t cut corners by avoiding the research or experimentation that was already done by others. To show that what you did was “independent” of what you learned from someone else, you should frame your plans accordingly. Begin by thinking different.
It was a hot August afternoon in 1984, and I had just finished testifying to the California Senate committee considering a new law, the Uniform Trade Secrets Act (UTSA). I had been sent to Sacramento to support this legislation, which was supposed to provide a “uniform” standard among the states. But some lawyers from the State Bar were pushing for changes that I thought might cause problems. One of these was to remove the requirement that a trade secret owner prove the information was not “readily ascertainable.”
If you’re still reading, well done! You’ve demonstrated your intellectual curiosity. Please keep going; I promise this will not be a dry, academic rant about something that can’t possibly matter to you. Instead, this is a story about the unintended consequences of casual law-making and the ways that courts can amplify those effects without really understanding what they’re doing.
For 150 years before that day in Sacramento, trade secret law had emerged organically from the opinions of individual judges explaining their decisions. This is what we call the “common law,” and it happened at the state level. As a result, the rules about trade secrets varied quite a bit depending on where you lived. This was inconvenient for companies that operated across state lines. So, in an effort to create a national standard, the UTSA was proposed in 1979.
The flaw in this plan was that the model statute had to be adopted in each individual state, and each legislature was free to fiddle with the language. Quite a few of them did that, and one of them was California. This is what brought me to Sacramento, to try to convince the Senate that there was real value in keeping the statute exactly as it was proposed, to get the benefit of a truly common interstate framework.
Naturally, a key part of the UTSA was to define what could be claimed as a trade secret. It required the owner to prove that the information was not “generally known” or “readily ascertainable by proper means.” In other words, you couldn’t assert a secret if the information was already out in the public domain, or if it could be figured out so quickly that its value from secrecy was trivial. On the other hand, if it would be very difficult or take a long time to “reverse engineer” the information (that is, take it apart or study it to see how it worked), you could assert a right against anyone who had not actually done that reverse engineering in a fair way.
This approach made a lot of sense, and it distilled the rules as they had been developed at common law over the decades. However, the California State Bar representatives opposed the “readily ascertainable” provision. They had seen a decision from an Indiana court applying the new UTSA in that state, where the judge had decided that an insurance company couldn’t protect a customer list because the information could have been easily collected from the individual policyholders. They feared that this interpretation (which as it turned out was not followed by other courts) might be applied in California.
I tried to convince the Senators that the Indiana case was an outlier, and that we needed the original language of the UTSA in order to discourage frivolous trade secret claims. However – and this is where I learned an important lesson about legislatures – the Senators were not interested in this “fine point,” and they proposed that we go upstairs and find a room to discuss coming to an agreement. Less than two hours later we returned with a deal. The plaintiff would not have to prove that the information was “readily ascertainable,” but the issue was preserved as an “affirmative defense,” meaning that a defendant could assert it to avoid liability. I wrote out the compromise language on a tablet (the paper kind that we had back then) and it was adopted as the official comments to the statute:
The phrase “and not being readily ascertainable by proper means by” was included in this section as originally proposed by the National Conference of Commissioners on Uniform State Laws. It was removed from the section in favor of the phrase “the public or to.” This change was made because the original language was viewed as ambiguous in the definition of a trade secret. However, the assertion that a matter is readily ascertainable by proper means remains available as a defense to a claim of misappropriation.
By this time we had lived the adage that “laws are like sausages; it is better not to see them being made.” (The quote is often attributed, unreliably, to Otto von Bismarck). But the story gets more tangled after passage of the UTSA, when the courts got hold of it. While the legislature didn’t seem to care much about the language in the statute, the courts – rather, some of them – really put it through the meat grinder.
At first it seemed there would be no problem implementing the law. The only change we had made was to shift the burden of proof, so that it was the defendant who would have to prove that something was readily ascertainable, instead of the plaintiff having to prove the negative. It never seemed remotely possible that a court would graft on to the statute an additional requirement to prove not only that the information was “ascertainable” but also that the defendant had in fact ascertained it before the dispute arose.
We should pause here and establish two things. First, a point of English morphology: the suffix “-able” implies possibility. Indeed, dictionaries define ascertainable as “possible to find out” or “capable of being determined.” In contrast, there is no dictionary anywhere that defines “ascertainable” as “having been determined.” That would be nonsensical.
Second, a point of law: you can defend a trade secret claim by proving that you discovered the information through proper reverse engineering, but not by arguing that you “could have” reverse engineered. That is because reverse engineering is hard work. But if getting to the “secret” takes only a trivial effort, that is what we call “readily ascertainable,” and the law will not bother with it, even if you took it, because you “could have” quickly discovered it.
In the first California appellate case to address this portion of the UTSA, American Paper & Packaging Prods., Inc. v. Kirgan, the court denied protection for customer information that, while not generally known to the public, was “readily ascertainable” by others familiar with the business, through a process that “was neither sophisticated, difficult, nor particularly time-consuming.” A few years later another case, ABBA Rubber v. Seaquist, reversed a trade secret injunction for procedural reasons, and that should have been the end of it. But the opinion went on to provide “guidance . . . in the event that any further injunctions” might be considered.
Again, we need to pause for a very brief but important lesson in the law. There is a big difference between what a court says that is necessary to its ruling (the “holding”) and other, more or less gratuitous, observations it might make (the “dictum”). The holding is entitled to respect and sometimes deference; while the dictum is not supposed to matter. This is something you learn in the first few weeks of law school.
Well, the ABBA Rubber court went into dictum in a big way, offering its free advice that “whether a fact is ‘readily ascertainable’ is not part of the definition of a trade secret,” but relates only to an “absence of misappropriation.” Therefore, the court concluded, to take advantage of this exception, the defendant would have to prove not just that the information was ascertainable, but that it had actually been ascertained.
The court was basically making this up, but because it was just “dictum” it shouldn’t get any respect from other courts; right? Wrong. The federal courts, beginning with the august Ninth Circuit Court of Appeals in Imax Corp. v. Cinema Technologies, embraced the decision uncritically, ignoring both the earlier American Paper case as well as ABBA Rubber’s fractured logic. And once the mistake took root in Imax, it was repeated in several later (unpublished) opinions from the federal district court in Los Angeles: Medtronic Minimed, Inc. v. Nova Biomedical Corp., Extreme Reach, Inc. v. Spotgenie Partners, LLC, Chartwell Staffing Services v. Atlantic Solutions Group, Inc., and Masimo Corp. v. Apple Inc.
Pausing again for another clarifying point: in the United States we have parallel court systems, state and federal. Federal courts can make judgments about state law, but they are supposed to interpret it by following the rulings of the state’s appellate courts.
Here, the federal courts mostly cited each other, making some really big mistakes along the way. They generally ignored the California Judicial Council form jury instruction which describes the correct application of the “readily ascertainable” defense. They dismissed the American Paper case as having been decided before the UTSA, which was forehead-slapping wrong. And they ignored other California appellate court decisions that were consistent with American Paper, including Morlife, Inc. v. Perry, Syngenta Crop Protection, Inc. v. Helliker, and San Jose Construction, Inc. v. S.B.C.C. In fact, the federal judge in Masimo was so intent on waving away San Jose Construction that he incorrectly (and ironically) characterized its holding as dictum, while embracing the ABBA Rubber progeny borne of dictum.
What are the lessons to be drawn here? First, don’t accept as gospel what might appear as “settled law” in judicial opinions. Instead, if the announced rule seems odd, follow it upstream to its source, looking for the place where the process took a wrong turn. Second, as between state and federal courts, look first to the former for interpretation of state law. And third, studies show that the vast majority of direct personal impact on citizens comes from state legislation, not federal. Maybe we should pay less attention to what happens (or doesn’t) in Congress and focus more on what is going on in our state capitols.
It’s getting pretty rough out there for employers who want to control their employees’ behavior. Think back to March 2020, when the pandemic was just beginning and we took a look at this new phenomenon of widespread remote work. We imagined managers wistfully recalling the Renaissance, when artisans could be imprisoned, or even threatened with death, to make sure they didn’t breach confidence. Well, in modern times at least, companies can use noncompete agreements with departing employees to avoid messy and unpredictable litigation over trade secrets.
Maybe not for long. As we learned last month, the FTC is on the warpath about noncompetes, and it may not be long before the entire country is forced to emulate California and just do without. Whatever happens with the FTC proposal, it’s pretty clear that noncompetes are also under attack by the states, where new laws limit their effectiveness.
So, it’s probably wise to at least prepare ourselves for a world in which noncompete agreements, at least for the rank and file, are forbidden. Welcome to sunny California, where we’ve been living under that regime since 1872, thanks to a statute that prohibits contracts “by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind.” When you can’t prevent staff from jumping to the competition, what does a business have to do to maintain control over its trade secrets?
We’ll get to that, but first let’s console ourselves with the recognition that maybe life without noncompetes wouldn’t be so bad. First, noncompete agreements are not a perfect solution for protecting a company’s confidential information. Where they are allowed, courts often limit coverage to what is “reasonable” in duration, geography and subject matter, to the minimum required to protect the company’s interest. And some courts require the employer to continue to pay salary during the noncompete period, while the former employee prepares plans to open a competing business the day that the restriction expires.
Second, noncompete agreements can introduce resentment and contention into the company’s relationship with its workforce. This can have the perverse effect of increasing risk to confidential information, as employees search for workarounds to evade legal restraints. Third, administering a system in which these agreements have varying effect in individual states or foreign countries can be a nightmare for the HR department. And fourth, too-heavy reliance on noncompetes can lead the company to neglect the important task of managing the confidential relationship (more on that below).
In California, we don’t have to worry about those issues, and some would say that the state has done pretty well, creating the world’s fourth largest economy, largely resulting from innovation produced by Silicon Valley. True, there is general recognition that a lot of valuable information is compromised through the free movement of high-level managers and engineers (the euphemism applied to that loss is “spillover effects”). Still, the general assumption is that the resulting information flows provide a rising tide that lifts all boats. Lest we forget, California also leads the nation in trade secret litigation, which should come as no surprise – take away noncompete agreements and a lawsuit may be your only ultimate tool.
Well, at least we can rely on the old standby of the employee non-disclosure agreement (NDA), or Confidentiality Agreement. Sorry, but I have a bit of bad news on that front. As we know, the FTC has proposed a “functional test” for banning NDAs that are the equivalent of a noncompete because the effect is to block the employee’s ability to find competitive employment. But the FTC didn’t pluck this idea out of thin air, and even if its proposed rule never becomes law, we’re still going to have to deal with the risk that a “garden variety” confidentiality agreement could be struck down, or even made the basis of a claim that the company is engaged in unfair competition.
How can this be? Employee NDAs are built on the noncontroversial assumption that the law already implies an obligation of confidentiality when an employee is entrusted with sensitive information. The contract simply reinforces that notion, providing notice and helping to demonstrate that the company has exercised “reasonable efforts” to protect its trade secrets, a required showing in any lawsuit to enforce its rights.
The problem stems from how companies define the information that employees are required to maintain in confidence after they leave. Naturally, these definitions are a bit broad and vague, because at the outset of the relationship it’s impossible to know exactly what secrets the employee will be exposed to. But some companies (rather, their lawyers) have decided that it’s a good idea to expand the scope of the NDA in ways that actually do have much of the effect of a noncompete. Two cases illustrate the riskiness of this approach.
In the first one, TLS Management v. Rodriguez, the employee worked for a tax planning and consulting firm, leaving to engage in his own tax practice. The employer sued to enforce his NDA, which covered “all information . . . regarding TLS business methods . . . any other information provided to” the employee, and “any other information” he might learn during employment. The only exception was for information disclosed by TLS to the general public. The court struck down the agreement because it extended to the employee’s “general knowledge” and other information that was publicly available.
More recently, a California appellate court, in Brown v. TGS Management, reversed an arbitrator’s decision enforcing an employee NDA that similarly defined “confidential information” to include anything “used or usable in, or originated, developed or acquired for use in, or about or relating to” the employer’s business. The exceptions provided in the contract were so narrow (for example, information previously known to the employee “as evidenced by Employee’s written records”) that the court saw them as proof that the NDA was designed to block legitimate competition.
What should companies do to preserve the utility of confidentiality agreements and avoid their being interpreted as noncompetes? First, look carefully at the definition of covered “Confidential Information” and make sure coverage is directed at information of the company or its customers that deserves the label because it provides some sort of commercial advantage. Second, clarify the definition with exceptions that acknowledge the employee’s control over their own skill and general knowledge. Third, include language that allows a judge, when enforcing the agreement, to adjust its restrictions as necessary to make it reasonable (sometimes called “blue penciling”).
But these mechanics of drafting the NDA are only a part of the effort. While they may be necessary to avoid reclassification as a noncompete, they are not sufficient to establish and maintain control over your trade secrets. Having the new employee sign a restrictive contract is just an initial step in managing the relationship for clarity and understanding about confidentiality.
Whatever is in your contract, you will be entrusting this individual, perhaps over many years, with access to some of your most competitively sensitive information. The contract alone can’t bear the weight of that continuing responsibility when the employee leaves. The perfect NDA will not help you much if by that time you have not communicated well and frequently what that sensitive information is, and how you expect your employees to behave to protect it.
In between the contract at onboarding and the exit interview at departure is where the trust-building happens. Although “Confidential Information” can’t be defined with specificity in the NDA, the company can, through thoughtful training and guidance, help the employee to understand what sort of secrets are most important to the business. That understanding, consistently reinforced, becomes the foundation for a “culture of confidentiality” in which employees who leave are prepared to do what’s right, rather than argue over the wording of their NDA.
We can find surveys showing employees willing to share their employer’s confidential information – but this usually results from misunderstanding and mixed signals, not malicious intent. So, the ultimate solution to reduce risk to a company’s information assets is in nurturing the relationships it forms with those who have access. If you can’t use noncompete agreements, you also can’t file a trade secret misappropriation lawsuit against every departing employee. Your primary protection comes instead from their clear appreciation of the trust that has been placed in them.
“He is led by an invisible hand to promote an end which was no part of his intention.”— Adam Smith
When Adam Smith spoke about an “invisible hand,” he was talking about a good thing – the way that free markets harness the laws of competition, supply and demand and self-interest to improve the economy. But he also could have been thinking of another law. The law of unintended consequences: that actions of people, and especially of governments, always have unanticipated effects. Sometimes these effects can be perverse, reflecting a profound failure of “second-order thinking” (in other words, thinking ahead about “how could this possibly go wrong?”).
On January 5, 2023 – a day that may go down in IP infamy – we saw two bold actions. First, the “Protecting American IP Act” became law; and second, the Federal Trade Commission (FTC) proposed a new rule that would invalidate noncompete agreements across the United States. But wait, you might say, that actually sounds great! What’s the problem with protecting American IP, and making the rest of the country join California in unleashing talent to go where it likes? Well, don’t be too hasty. Stay with me on this, and you will see just how shortsighted our government can be.
First, let’s look at the legislation. The generic name is S.1294, and it requires the President to impose sanctions on foreign entities or persons involved in “significant” theft of U.S.-owned trade secrets, as well as others who support them. The new law calls for the President to report to Congress in July (and annually thereafter) identifying “foreign persons” who have “knowingly engaged in, or benefited from, significant theft” of trade secrets, if the activity is “likely to result in . . . a significant threat to the national security, foreign policy, or economic health” of the U.S. The report must also name foreign persons who provide “significant” financial or technical support to, or act on behalf of, the direct offender, including an entity’s CEO and board members. We are given no definition of what the oft-repeated word “significant” means, although possibilities range from “non-trivial” to “considerable” to “large.”
Having identified all these foreign actors and supporters, the President is required – unless he files a written waiver justified by the national interest – to impose “5 or more” from a list of sanctions, including (1) blocking property transactions, (2) placing on the “entity list,” (3) denying financial assistance or access, (4) disqualification from selling goods or services to the U.S., and (5) banning U.S. sources of investment. Individuals can be denied visas or have their existing visas revoked. Notably, there is no avenue for appeal to any court for relief from the President’s determination.
If this law sounds vaguely familiar, then congratulations, you’ve been paying attention! In June 2021, we published an article about the rush to “decouple” the United States from China. It included several examples of pending bills at the federal and state level that I mocked for their obvious ineffectiveness. One of them was an earlier version of S.1294. Back then, I thought it was silly to think that legislation requiring the President to choose “5 or more” sanctions, like picking dishes from a menu, could actually become law. How naïve I was!
One thing hasn’t changed, however; it should be apparent that this statute won’t really deter trade secret theft. We already have a law, the Economic Espionage Act, that provides up to 15 years in federal prison and $10 million in fines (plus restitution). Trade sanctions don’t amount to much if you’re ready to risk going to jail.
But hold on, you might say—even if S.1292 is ineffective, at least it can’t do any harm, right? Well, that’s where the law of unintended consequences comes into play. I will pause here for a brief digression into how that law has come to be known as the “cobra effect.” During colonial times, the British governor of Delhi was concerned about an infestation of cobras. So he offered a generous bounty on cobra skins, assuming this would reduce their numbers. Instead, people saw a business opportunity and started breeding thousands of the snakes just to kill them and cash in. Horrified, the governor rescinded the bounty, and so guess what? All those breeding farms released their stock, which slithered into the city.
Here, the statute makes no exception for “foreign” entities that are actually subsidiaries of U.S. companies, so we may end up with sanctions applied to U.S. assets. But the bigger worry is that this law, which provides no incremental benefit, becomes inspiration for copycat legislation in other countries. We would hardly be in a position to complain about China arresting U.S. executives (or impounding data belonging to their companies) based only on a government “finding” made without due process.
Okay, let’s hope that remains just a scary risk that never comes to pass. Now we will turn to the other unwelcome news from Washington, the FTC’s new proposed rule that would ban noncompete agreements. Noncompetes are also something we’ve examined before, when the White House asked the FTC to perform a study, following public outrage over contracts being foisted on summer camp counselors and sandwich makers.
Here’s the background: noncompete agreements are (mostly) not allowed in California, while almost all other states permit them under a strict “reasonableness” filter that limits their time, subject matter and geographic coverage. Businesses like them because it’s hard to know when secrets are being used by a departed employee, and trade secret litigation is expensive and unpredictable, for both sides. To address the worst abuses, individual states have considered specific fixes. According to Russell Beck’s scorecard, 11 states have enacted laws that prohibit noncompetes for low-wage employees, and many other states are currently considering similar legislation.
The FTC rule would immediately wipe out all that state-level activity, based on its conclusion that all noncompetes are “unfair,” and that outlawing them would, according to economists, result in higher wages. The FTC justifies much of its logic and confidence on California’s experience; but the causal connection between that state’s restriction of noncompetes and the success of Silicon Valley has never been proven. One thing we are sure of: California leads the nation in trade secret litigation. That should come as no surprise, since its businesses have no other tool to protect their confidential information. It’s fair to question whether a surge in lawsuits in the rest of the country would be acceptable, or whether that outcome was even considered at the FTC.
But the FTC rule does not just copy California. It seems to go out of its way to introduce more uncertainty, burden and risk for industry. For example, consider that California permits noncompetes for someone who sells their interest in a business. This is sensible, because no one would buy a business if they couldn’t be assured that the seller would not open a shop down the street. But the FTC would only allow this “goodwill” exception for a “substantial” owner, which it defines as holding at least 25% of the company. Think about that. Any business with more than four equal shareholders would be unable to guarantee the buyer protection for goodwill, even if everyone agreed that it was necessary. What would that do to the potential liquidity of businesses, not just on Wall Street, but also on Main Street? Did anyone try to add up how many deals would never get done, or the reduced price for sellers not allowed to protect the sale with a noncompete?
And there’s more. The term “noncompete clause” is defined by the FTC to include any nondisclosure agreement that “is written so broadly that it effectively precludes the worker from working in the same field.” Employee nondisclosure agreements are widely used across most industries because they make it possible to share confidential information and trust that it won’t leave in the heads of departing staff. And because no one knows at the outset exactly what that shared information will be, the agreements must be drafted broadly. How many of them will be challenged as “de facto” noncompete contracts? The uncertainty and cost – including years of litigation – that this would impose is impossible to calculate, but it would be – ahem – “significant.”
Well, at least there will be a transition, right? Wrong! In fact, the FTC’s rule would not only take effect on day one, but it would be retroactive, requiring employers to give “individualized” written notice that the contract clauses have been “rescinded.” And the notice has to go not just to current “workers” (a term that includes independent contractors), but all past workers at their last address.
The ability of the United States to remain competitive in global markets requires that it enable and encourage innovation. Businesses today rely largely on information assets, but to commercialize those assets, companies have to provide confidential access to hundreds or thousands of employees with the assurance of a robust set of laws to protect trade secrets. For decades, the United States has been promoting that framework to the rest of the world. Now, the federal government seems blind to the ultimate consequences of what seems to some people like a great idea. Watch out for the snakes.