Last year at this time, we thought we had been through the worst of it and, with the new vaccines arriving, that life would return to normal in 2021. Hahaha, how naïve we were! But take heart; some things hold steady through the storm, such as the popular sport of trade secret litigation. Unlike most patent and copyright cases, every dispute is guaranteed to unfold as a morality play—a story of good guys and bad guys.
Let’s now look back on the year when remote work dug in to become a permanent fixture, and remind ourselves of the broad sweep of trade secret law by looking at some of the more instructive and interesting opinions issued by the courts – and one inexplicable decision by our government.
This is where it all starts. The information has to be a secret, meaning you can’t find it on the internet. The legal expression of this simple idea requires that the information not be generally known or “readily ascertainable” – that is, easy to discover – through “proper means.” In Life Spine, Inc. v. Aegis Spine, Inc., 8 F.4th 531 (7th Cir. 2021), the trade secret consisted of the exact dimensions of a patented spinal implant device for treating degenerative disc disease. Life Spine hired Aegis as a distributor under a contract that prohibited reverse engineering and required Aegis to remain with the device through surgery. Aegis designed a copy and defended itself by arguing that the information was known through the patent and by marketing. But the diagrams in the patent did not disclose precise measurements of the component parts, and prospective customers were only allowed to inspect the device under close supervision. The court held that the measurements remained a secret.
Perhaps ironically, secrets can be lost through the process of trying to protect them in litigation, because of the requirement that court proceedings be open to the public. The law makes provision for this kind of risk, but the parties have to pay close attention to implementation. In Bader Farms v. Monsanto Co., 2021 U.S. Dist. LEXIS 16308 (ED Mo), a pretrial order called for document-by-document review of confidentiality of trial exhibits, but the plaintiff waited until after the evidence had been received to raise the issue, and sealing was denied. In a more nuanced decision in HouseCanary, Inc. v. Title Source, 622 S.W.3d 254 (Tex), the Texas Supreme Court announced two interesting holdings: first, that the Uniform Trade Secrets Act provision requiring courts to protect alleged trade secrets does not displace state procedural rules; and second, that introducing exhibits at trial without sealing is only a factor in determining whether secrecy of the information has been lost.
Closely related to the concept of secrecy is the requirement that the trade secret owner exercise “reasonable efforts under the circumstances” to protect the information. In effect, courts will not step in to help if the owner has failed to help itself with security measures that match the business risk. In DePuy Synthes Prods. V. Veterinary Orthopedic Implants, Inc., 990 F.3d 1364 (Fed. Cir. 2021) the issue was whether to seal a court filing that contained confidential information about the identity of a manufacturer. There was no NDA or other contract establishing confidentiality. Instead, the litigant relied on proof that it had kept that information confidential through its own internal security policies and protocols; but this was held to be insufficient. Similarly, the plaintiff in ASC Engineered Sols., LLC v. Island Industries, Inc., 2021 U.S. Dist. LEXIS 117177 (WD Tenn) tried to have the court enter summary judgment that its efforts were reasonable, citing its policies and practice to inform employees about confidentiality, and its marking of emails and documents with secrecy legends. Such evidence, the court held, could be considered but was not decisive, because what is reasonable is a question of fact, and the company’s employees had denied seeing the security policies.
The law generally recognizes anyone in lawful possession of secret information as an “owner” and entitled to sue for misappropriation, even if they hold it under a nonexclusive license. However, as explained in Zabit v. Brandometry, LLC, 2021 U.S. Dist. LEXIS 94234 (SDNY), the claimed right to possession of the information as a remedy for fraud or another tort does not give rise to “equitable title” in the trade secret sufficient for standing. And in Bio-Rad Labs., Inc. v. ITC, 996 F.3d 1317 (Fed.Cir. 2021), it was held that an employee’s undisclosed “idea” that contributed to a later invention by his colleagues at a subsequent job did not make the employee a co-inventor and the ex-employer a co-owner of the invention. On a related issue, the U.S. Supreme Court held, in Minerva Surgical, Inc. v. Hologic, Inc., 141 S.Ct. 2298 (2021), that the patent doctrine of assignor estoppel cannot be applied to the typical assignment by employees of future inventions, because their scope is inherently unpredictable. This ruling provides comfort to companies hiring from competitors, because the doctrine had been used as leverage in some departing employee cases involving trade secret and patent claims, to prevent the new employer from contesting validity of the patent.
One of the unique aspects of trade secret law, in comparison to other forms of intellectual property, is that the boundaries of the right are not specified in a government-issued grant. As a result, a preliminary – and usually consequential – question in every trade secret case is: what exactly is the trade secret information that’s being claimed? Usually, companies have not made an inventory of their information assets, and even if they have, the specific data involved in any given dispute is unlikely to have been described with precision before litigation begins. As a result, identification of the subject matter – and when and how to do it – has become a frequent early battleground in trade secret litigation.
This past year, two opinions from the Third Circuit have provided guidance on this critical aspect of case management. In Oakwood Labs. LLC v. Thanoo, 999 F.3d 892 (3d Cir. 2021), the defendant challenged the plaintiff’s description of its trade secrets because it did not clearly state which secrets it claimed that the defendant had misappropriated. This argument was rejected as an “effort to blend together the identification-of-a-trade-secret element and the misappropriation element, when “only discovery will reveal exactly what the defendants are up to.” Mallet & Co. v. Lacayo, 2021 U.S. App. LEXIS 30894 (3d Cir.) involved technology for commercial baking release agents (that is, things like oil that keep bread from sticking to the pan). The District Court, apparently impressed by strong evidence of misappropriation by a departing employee, had issued a preliminary injunction prohibiting use of thirteen broad categories of the plaintiff’s “protected materials,” including internal discussions of “actual major problems,” “supply source for product ingredients,” “pricing and volume data,” and “information about [plaintiff’s] equipment.” The Court of Appeals reversed, finding that this lack of specificity prevented any meaningful review of whether the plaintiff was likely to prevail on the merits.
Many trade secret disputes are caused by what we might call “NDA negligence,” either because the parties treat confidentiality agreements as mere forms instead of contracts, or because they don’t pay attention to some specific obligation or limitation of the NDA until it’s too late to fix. Two cases from this year illustrate the point. In EMC Outdoor, LLC v. Stuart, 2021 U.S. Dist. LEXIS 63438 (ED Pa), the defendant ex-employee had individually negotiated a provision in her nondisclosure agreement making the confidentiality provisions applicable post-employment only if she resigned. Because she was fired from the position, the court held, the contract language made it impossible to state a claim for misappropriation. Summary judgment was entered for the defendant. And in Bladeroom Group., Ltd. v. Emerson Elec. Co., 11 F.4th 1010 (9th Cir. 2021), parties to a potential merger had signed an NDA with a proviso that the agreement would terminate in two years, even though other aspects of the contract could be read to suggest continuing confidentiality. The District Court had prevented defendant from arguing that the two-year limit controlled because it was contrary to the parties’ intent and would lead to an absurd result. The Court of Appeals responded that it would be absurd to ignore the plain language of the proviso, and reversed a $60 million verdict.
Because those who misappropriate trade secrets would like to keep their actions, well, secret, it’s often difficult to find direct evidence of theft, and plaintiffs must prove their case with circumstantial evidence. Also, misappropriation by direct copying is rare, and so liability is usually established by demonstrating “indirect use” of the purloined information. In Oakwood Labs. LLC v. Thanoo, 999 F.3d 892 (3d Cir. 2021), the court held that indirect use can be inferred from the timing of a competitive hire, coupled with deception in the employee’s departure, the new employer’s lack of experience in the relevant technology, unusually low financial investment, and unusually rapid success. In contrast, merely retaining a former employer’s confidential documents, without any proof of use, will normally be insufficient to state a claim for misappropriation. In Zurich Am. Life Ins. Co. v. Nagel, 2021 U.S. Dist. LEXIS 89781 (SDNY), the court held this remained true even when the employee deliberately kept the documents as leverage for settlement of other claims against the employer.
Assuming misappropriation has occurred or is threatened, the question becomes what to do about it. If the plaintiff succeeds in securing a preliminary injunction, does that stop accrual of damages? No, said the court in ResMan, LLC v. Karya Prop. Mgmt., LLC, 2021 U.S. Dist. LEXIS 145462 (ED Tex); an injunction prohibiting use or disclosure of trade secrets does not break the chain of causation regarding defendant’s continuing benefit from the misappropriation. Oakwood Labs. LLC v. Thanoo, 999 F.3d 892 (3d Cir. 2021) considered the common situation in which the defendant has not yet launched a competing product, holding that harm is established merely by the act of misappropriation, because the plaintiff “has lost the exclusive use of trade secret information, which is a real and redressable harm.” And if it turns out that harm can’t be proved in any compensable way, explained the court in Elations Systems, Inc. v. Fenn Bridge LLC, 2021 Cal. App. LEXIS 975, the trial court should not dismiss the claim, but should instead award nominal damages.
Sometimes in committing trade secret theft, a defendant gains unauthorized access to information stored on a computer system. If so, then a (criminal and/or civil) violation of the CFAA, 18 U.S.C. §1030, can be alleged along with the misappropriation. But what if the defendant was authorized to have access, but used it for an improper purpose? The circuit courts were split on that question until the decision in Van Buren v. United States, 141 S.Ct. 1648 (2021). A police sergeant had agreed to use his patrol-car computer to retrieve license plate information for a private party. Reversing his conviction, the Supreme Court explained that if the CFAA “criminalizes every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals.”
Back in the mid-1990s, the U.S. government fought hard to get the World Trade Organization (WTO) to adopt global standards for IP protection, resulting in the Agreement on Trade-Related Aspects of Intellectual Property (TRIPS). It wasn’t just about registered IP rights; TRIPS Article 39 also required member states to provide legal protection for “undisclosed information.” Its structure and content closely followed the Uniform Trade Secrets Act, and ever since has been the basic reference pattern for the trade secret laws of many foreign countries.
In response to the COVID pandemic, a group of developing countries – led by India, with its large generic pharmaceutical industry – proposed that WTO “suspend” selected parts of TRIPS, including Article 39, ostensibly to enable more effective global access to vaccines. In May 2021, the Biden Administration surprised the international community when it joined in supporting the Indian proposal, apparently unaware of the central importance of secret know-how to the manufacture of vaccines by U.S. companies. In effect, the intended waiver would force a transfer of privately-owned technology that under normal (i.e., voluntary) circumstances requires many months of collaborative effort, with no plausible near-term effect on the distribution of vaccines to the developing world. The government is now engaged in finding a face-saving way out of the corner it has painted itself into. However, the diplomatic debacle has at least drawn worldwide attention to the role that secrecy plays in incentivizing the development of new therapies; and as we face the prospect of future pandemics, this new appreciation for the benefits of trade secret law should benefit all of us.
“It is non-poisonous.”
— 1931 advertisement for Listerine®
Question: how do you make money from a secret formula for a product that smells and tastes horrible and that no one wants? Answer: you make everyone believe they have a medical problem that only this stuff can solve.
Back in 1879, Joseph Lawrence, a St. Louis doctor, was experimenting with surgical disinfectants. This was a new thing. In the 1860s, a British surgeon named Joseph Lister was the first to perform surgery antiseptically, using carbolic acid as a disinfectant. Inspired by Lister, Lawrence came up with a compound of alcohol and essential oils that seemed to kill whatever bugs it touched. To honor Lister (and presumably to take advantage of his fame), Lawrence named the concoction “Listerine.”
He tried to sell it to dentists but wasn’t getting traction. In 1881, he ran into a local pharmacist, Jordan Lambert, who acquired the secret formula in return for royalties on future sales. Apparently not fully thinking through what “future” meant, Lambert signed a contract that guaranteed payment to Lawrence (and his heirs and successors) $20 for each 144 bottles sold. The contract consisted of two sentences with a total of 127 words.
Later, they agreed to reduce the royalty to $6, and then converted it to ounces, to account for different sized containers. But Lawrence wasn’t earning much on the royalties anyway, because Listerine sales remained sluggish. Even when Lambert took the product directly to the public in 1914, it just didn’t catch on. Maybe it was the foul smell (“like an old shoe”) or the taste (“like petrol”). The company tried promoting various applications besides mouthwash, including as a treatment for dandruff and gonorrhea (don’t ask). They even brought out (very briefly) a Listerine cigarette.
It was Lambert’s son, Gerald, following him as president in 1923, who came up with the idea that would make Listerine the world’s most popular mouthwash – and also make Lawrence’s family rich. If only people could realize that they had a medical condition, they would be willing to use something that tasted awful to fix it. So, Gerald coined the term “halitosis” – from the Latin word for breath and the Greek suffix “osis” which implies some form of disease.
The company spent millions on an aggressive marketing campaign – the equivalent of constant Super Bowl ads – to convince people that “halitosis” was a very serious social problem with a simple, medical solution: Listerine. The ads were early examples of fear-based marketing, usually featuring attractive people who were failing in their personal and professional relationships because of bad breath. Leveraging social anxiety, the ads promised that “your closest friends won’t tell you” and that “they talk about you behind your back.” And worst of all, “you yourself rarely know when you have halitosis.” (You can check out some of the ads here and here.) And if you have something that sounds as serious as halitosis, you need strong medicine, with a real “medicine” taste. A later tag line became “It’s the taste people hate – twice a day.” Advertising professionals now refer to Lambert’s campaign approvingly as a metaphor: using fear to sell a product is called a “halitosis appeal.”
Whatever you think of the social value of fear-based advertising, or about the direct line from there to today’s fear-based social media journalism, it certainly works. For Lambert, the results were astonishing: in the space of five years annual sales of Listerine increased from $115,000 to $8 million (today, U.S. sales exceed $650 million). But all the success attracted other attention to the product, and someone was able to reverse engineer it. The previously-secret formula was published in 1931, leaving the trademark, supported by all that advertising, as the foundation for continued success.
By 1955, when Lambert merged with another company to become Warner-Lambert, Lawrence’s heirs had pulled in a total of $22 million (think of all those actual silver dollars) and continued to be paid $1.5 million a year, even though the property right that Lambert had originally bargained for – a trade secret formula – had effectively disappeared. Figuring that 70 years was more than enough, Warner-Lambert filed a case in New York federal court, asking for a declaration that it could stop paying royalties for something that no longer had any value. It argued that the contract was “indefinite in time” and so should be subject to the rule requiring that a reasonable time limit be inferred. That time, it said, had passed, especially given how much the company had spent on advertising to build the brand.
In its ruling, the court rejected this argument, noting that the promise to pay royalties actually depended on a condition that Warner-Lambert controlled: the continuing sale of Listerine. Just stop selling it, the court explained, and you can stop paying the royalties. The parties to the original contract had to know that there was a risk of disclosure of the secret, and they could have provided for some consequence. Inserting one later would be to rewrite the deal.
As for Warner-Lambert’s huge investment in building the value of its trademark, the judge pointed out that those advertisements promoted the “unique, indeed, almost magical qualities of the formula;” and in any event the company was still benefiting from the “head start” that it had gained in the market, “which has proved of incalculable value through the years.”
Since then, Listerine has continued to sell the terrible-tasting “original” formula, with great success. Perhaps that’s because people still fear “halitosis” and assume that it has to hurt if you’re going to get better. Or perhaps it’s that after 140 years we’ve managed to acquire a taste for it. Just like Australians love Vegemite and Norwegians adore rakfisk. (Don’t know about Norway’s smelly fish? Check it out here). Anyway, everyone seems to be happy, not least the heirs of Dr. Lawrence and those who have bought from them small fractional interests in the continuing royalty stream. Last year, an investor paid $561,000 for just one of those.
So, what is this supposed to teach us? I thought you’d be too distracted by the story to ask. There are actually several good takeaways here.
First, when you’re dealing with trade secrets, the contract matters a lot. Unlike patents, by which the government gives you a limited-time monopoly, trade secrets are by their nature non-exclusionary. So, for the most part (there are some exceptions, which we’ll discuss another time) people and companies are free to draft their contracts as they wish. And that means that those involved have to be sure they read them carefully and understand their implications.
Second, contracts don’t have to be pages long for them to work as intended. This was one of the shortest I’ve seen, and it’s still going strong after almost a century and a half. Lawyers sometimes worry more about the risk of leaving things out than they do about whether everyone understands how the document allocates risk. As the Warner-Lambert case shows, appreciating the risk can be very consequential.
Third, the value of a secret is not entirely about its continued secrecy. Especially in fast-moving sectors, trade secrets can provide what the judge referred to as a “head start,” or what today we call a “first mover advantage.” Where getting access to the secret allows the recipient to capture market share, it may not matter what its lifespan may turn out to be.
Fourth – and this one is important – intellectual property strategy isn’t necessarily about choosing one kind of IP over another, but using them in complementary ways. We’ve already looked at that issue in relation to patents and trade secrets. The Listerine case highlights this same principle regarding trademarks and branding. And it isn’t unique. The 1980s blockbuster sweetener Nutra-Sweet was originally protected by a combination of patents and secret process technology that allowed the company to produce the generic material, aspartame, more cheaply than any competitor. And then to reinforce its dominance, it pressured the makers of Coke and Pepsi to place its trademark on their soda cans – a triumph of brand leverage.
Back in 1881, Lawrence and Lambert probably had no idea about the scope (sorry about that) of commercial possibilities for Listerine. But they managed to strike a deal that benefited both of them and, ultimately, the public. Remember, Listerine is not only “non-poisonous,” but according to other ad copy from 1948, “even the strong odor of fish yields to it.” Somebody please ship a case to Norway.
“Risk management is about people and processes and not about models and technology.”
— Trevor Levine
Have you ever shopped for something dangerous? Back in the 1950s, my mother wanted to buy a pressure cooker to make dinner faster (and use cheaper cuts of meat). That wasn’t an easy decision, because the early models had a reputation for occasionally exploding (there was no Consumer Product Safety Commission then). My father, a self-taught steam engineer, was skeptical that a kitchen appliance could safely contain double the normal atmospheric pressure. But Mom did her homework, researching what the problems were (usually a single pressure valve prone to clogging) and finding cookers with redundant pressure relief systems. It worked for years, and no one went to the hospital.
Companies shopping to buy other companies, or to acquire a license to their technology, also entertain risk. That’s because in the process of interviewing potential targets they can become exposed to highly valuable trade secrets. If any particular transaction doesn’t go forward, but the shopper implements similar technology, the disappointed seller may file a lawsuit claiming misappropriation.
Potential acquirors have ways to protect themselves, including sometimes insisting on contracts that deny a confidential relationship, or that allow them to “retain in unaided memory” any information they learn from the transaction. But most of the time these transactions are based on a traditional nondisclosure agreement, in which the prospective purchaser or licensee agrees to use the target’s confidential information only for the purpose of assessing the potential deal. This can put the recipient company in a very awkward position, unsure of its ability to effectively compete if the deal goes off the rails.
One way that acquisitive companies have tried to reduce this risk is through the use of “clean teams.” The term was adopted from a closely related situation of potential mergers between established competitors, where antitrust regulations prohibit pre-acquisition coordination (something called “gun jumping,” which to me sounds even more dangerous than pressure cookers). This led to the hiring of consulting firms to receive confidential business information from both sides and assess it independently, reporting to each side only “cleansed,” generic observations about the wisdom of the deal.
Clean Teams operated in “Clean Rooms,” a term itself borrowed from the semiconductor industry, where you have to put on a bunny suit to enter the highly purified environment of a manufacturing facility. The common idea here is to prevent any sort of unwanted exposure or contamination. For the traditional “clean team,” their formal independence and professionalism seemed to satisfy the regulators, while allowing informed advice to the participants.
This idea also can work when trying to maintain control of trade secrets. A prospective purchaser can arrange for an independent, trusted third party to have access to the target’s technology and business plans, reporting out only their conclusions about potential value of the deal. In theory at least this can substantially reduce the risk of disputes if the transaction is abandoned.
But not all “clean teams” are made up of external actors. Frequently companies decide to populate them with some of their own staff, either because inserting a consulting firm in the process would be too unwieldy or expensive, or because they want advice that is informed with a full understanding of the potential fit of the target or its technology. The decision to form the group in whole or in part from in-house resources is often influenced by those who want to be a part of the process.
Many of these potential acquisitions or “licensing in” of technology are driven by an unresolved question: should we develop this ourselves or get it from outside? Those within the organization who are inclined to acquire might be part of the sales function, which puts a premium on getting the functionality out to the market quickly. In opposition might be those in R&D or engineering who believe they can do this as well or better themselves. In an effort to respond to these “make vs. buy” tensions, or just to get more granular feedback on the value of the transaction, management will sometimes include insiders in the group who are exposed to the target’s confidential information.
This due diligence team formed with insiders can, in the abstract, be a “clean team,” in the sense that they can be effectively walled off from others doing internal development. In practice, however, they may find it difficult to respect the barriers established to prevent data contamination. Curious colleagues ask probing questions about the target. The risk becomes more apparent and acute when one considers that misappropriation of trade secrets does not require copying or other direct use, but can result from any knowledge that substantially influences the development of a product or process.
And it gets worse, because when the company launches its competitive product, and the jilted target brings a claim, the defense requires proving a negative: despite appearances, our internal work was not at all affected by the exposure of one or two engineers to the other company’s secrets. As many courts have pointed out, misappropriation is almost always proved by circumstantial evidence, and participation in due diligence, followed soon after by marketing of a similar product, can be a bad look.
The operational consequences can be serious. In one case, a potential acquiror gave its outside patent counsel a copy of the target’s confidential patent application, which the lawyer used to inform his own filing, resulting in a $116 million jury verdict. In another case, the diligence team was secretly working on the possible acquisition of a competitor of the target, so the court prohibited that transaction from going forward. In a third case, the potential buyer claimed independent development of its product by a third company, but it turned out that the developer had been visited by a member of the diligence team.
Preventing these kinds of disasters is not terribly complicated. First, it pays not to think of any internal team as reliably “clean,” even if they have the best of intentions. Second, the confidentiality agreement with the target can be negotiated in ways that reduce risk, such as including recitals that the acquiror is actively engaged in competitive development, limiting the scope of protectable information, or terminating restrictions after a period of time. Third, if a true “clean team” is not sufficient and some level of contamination has to be accepted, the company can effectively insulate itself by outsourcing an independent reverse engineering project based on a high level, functional specification. See my earlier post “The Art of Reverse Engineering,” here.
Thoughtful, multilayered efforts are most effective at reducing risks of otherwise dangerous activity. Take my Mom, for example. Even though she found a cooker with a separate release mechanism, she always took the time to thoroughly clean the primary pressure valve. Creating robust structures is important, but process implementation is critical.
“It is impossible to unsign a contract, so do all your thinking before you sign.”
— Warren Buffett
You may remember 2014 as the year when we all discovered a plague of noncompete agreements threatening our economy. No? Let me help you.
In June that year, the New York Times published an expose of sorts relating the story of a 19-year-old summer camp counselor who couldn’t get hired by a certain camp because the year before she signed a contract with another camp that blocked her from working for any nearby competitor. Noncompete contracts, the article suggested, had previously been reserved for high level corporate executives, and suddenly (and “increasingly”) they were being foisted on rank and file employees engaged in event planning, investment management, and even yoga instruction. A follow-on piece in the Times confirmed the emerging crisis by revealing that the Jimmy John’s fast food chain had forced noncompete clauses on all its sandwich makers (acknowledging, however, that there was no evidence that the company had ever tried to enforce the contracts).
The inspiration for this concern may have come from a then-recent book published by Orly Lobel, a California law professor, called Talent Wants to be Free. She argued not only the unsurprising point suggested by the title, but also that it was actually in the interest of businesses to release departing employees from all restrictions, because in some organic way that would redound to the companies’ benefit. Unfortunately, as I reported in a review at the time, this hypothesis was unsupported by any serious evidence.
Nevertheless, the anecdotes about preventing low-level employees from competing caught the attention of other journalists and academics, as well as politicians. Some of those stories were compelling, especially when the employee had no idea that a noncompete would be required until they showed up the first day on the job. A movement to reform the law began to grow. Massachusetts, which for years had resisted tamping down on noncompete agreements, radically amended its law to prohibit them for lower salaried employees, and to require notice to the employee at least 14 days in advance of starting work. Other states have joined in. According to the leading blog on employee contracts, just through the first six months of this year there were 66 bills filed in 25 states.
The federal government has also entered the ring. On July 9, President Biden issued an executive order designed to increase competition in the national economy. Among many other directives to government agencies, he commanded the Federal Trade Commission to examine what action it might take to rein in the negative effects of employee noncompete agreements (a responsive letter crafted by Russell Beck and signed by dozens of practitioners, including myself, has urged caution on the issue).
Why doesn’t everyone see this as a form of social crisis? After all, it looks like a new example of corporate overreach in an economy that has already discounted almost to irrelevance the dignity of work. But in fact, businesses have been using noncompete agreements for more than a century, subject to strict limitations imposed by state law. California, North Dakota and Oklahoma have long refused to enforce them at all. And in the rest of the country, they are enforced only when a judge agrees that they are reasonable in time, subject matter and geography.
There’s no doubt that restricting an employee’s ability to leave and compete can impose serious costs on the individual. And although studies show that it’s impossible to measure any loss of innovative capacity or output, it’s probably safe to assume that some situations prevent competition that might benefit the community. But that doesn’t necessarily mean that the competition would be fair.
In the digital economy, more and more employees have to be trusted with sensitive information in order for the enterprise to succeed in an increasingly competitive environment. To maintain that success a company has to be able to protect its information assets from flowing out the door to the competition. In the U.S. we enjoy robust laws, at both the state and federal level, that are designed to reduce that risk by providing remedies for trade secret misappropriation.
But companies often don’t – and can’t – know when a former employee is using what they know to benefit their new employer. Surveys show that a large percentage of employees, perhaps a majority, are so unsure of their secrecy obligations that they are willing to use sensitive information at the next job. And even if the left-behind company suspects foul play, trade secret litigation can be messy, unpredictable and expensive. It’s certainly not the most efficient way to resolve misunderstandings. So, from the company’s point of view, simply preventing the risk for a limited time with a noncompete clause can seem very attractive. This is especially true for smaller companies whose trade secrets consist of information about customers, in other words the sort of goodwill built up over time that sustains the business.
For the employee, of course the constraints of a noncompete will feel like a blunt weapon, prohibiting not only trade secret theft but also preventing fair competition. And it’s entirely legitimate for a community – say, a state like California – to decide that the obvious individual costs and the possible detriment to the collective economy are not worth preserving the private interests of individual employers. Indeed, some have pointed to the astonishing success of Silicon Valley as proof that the broad social benefits of “knowledge spillovers” from free movement of labor vastly outweigh the private losses from those spillovers.
Unfortunately, the empirical evidence so far doesn’t permit a firm conclusion on that larger point. But it’s clear enough that noncompete agreements have been abused to some extent. States – and perhaps the federal government – will likely continue to press for reforms, especially for categories of employees who are not practically in a position to cause a company damage when they leave.
In the meantime, what’s a business to do? First, you should consider whether noncompete agreements are right for the culture of your company. Do you really need them to protect yourself? What might be the cost in decreased trust and increased resentment among a workforce that expects to enjoy career flexibility? Consider imposing these restrictions only on those senior employees who have access to your most sensitive information. Be prepared to consider relaxing or eliminating constraints in special situations where taking a bit of calculated risk might help establish or improve an important relationship.
Second, whatever you decide to do about noncompete agreements, don’t depend on them as the primary way to protect your trade secrets. Be sure that you have established a comprehensive information security program, including continuous training and robust enforcement. The most reliable way to reduce the risk that you might lose control of your secrets is through active management, not passive dependence on post-employment restrictions.
Third, if you do use noncompete agreements, watch out for changes in state laws that might affect you. If any meaningful reforms emerge from the federal government, you will certainly hear about them. In any event, pay attention and be ready to adjust so that you comply with any new standards.
Outrage over imposition of restrictive contracts on teenage camp counselors or sandwich makers is understandable, but it can lead to careless thinking. Not all employee restraints are unreasonable. We expect that the workplace should provide not only a job but also the opportunity for learning and advancement. In the information economy, that often leads to greater exposure to secrets. And preserving those secrets sustains competitive advantage and creates more jobs.
“Some circumstantial evidence is very strong, as when you find a trout in the milk.”
— Henry David Thoreau
I know that some of you want to dive right into how Thoreau came up with that sardonic and mystifying line. We’ll get there, but let’s start with my high school. I was terrible at math in general, but loved geometry and solving problems about things that you could see or easily imagine. At university, I satisfied my math requirement with a course in logic, which similarly relied on deductive reasoning. And finally, in law school, the reverse engineering of human behavior was fully and elegantly explained in Evidence class, where Judge Weinstein (a beloved jurist in the Eastern District of New York who recently passed away) taught us about the difference between direct and circumstantial evidence.
The job of the trial lawyer starts with figuring out what happened and collecting evidence to use in telling a compelling story to a judge or jury. Direct evidence takes you immediately to the fact you’re trying to prove and is most commonly seen in eyewitness testimony. Betty saw John shoot the gun at Phil, who collapsed on the floor. That’s direct evidence that John murdered Phil. But if Betty had been outside the bar, heard an argument and then a gunshot before entering and seeing John holding a smoking gun, that’s indirect, or circumstantial, evidence of the murder.
People generally think that direct evidence through eyewitnesses must be better than any kind of indirect evidence. They are wrong. Eyewitness testimony in particular is known to be fallible, whether due to bias, or perhaps to a limited capacity to observe. Who can ever forget the scene in My Cousin Vinny (one of the greatest lawyer movies of all time) in which Joe Pesci, playing a brash but inexperienced New York lawyer, successfully cross-examines the sweet old lady who had identified his clients as the perpetrators of a convenience store robbery and murder? If you have forgotten, take a moment to watch it here.
Perhaps the popular preference for eyewitnesses, and the general discounting of “mere circumstantial” evidence, is what Thoreau had in mind when he wrote that line about the trout in 1850. He never explained it, so there’s no direct evidence of what inspired him. But the circumstances are persuasive, as there had been a public scandal the year before, centered on dairy farmers accused of adding water to their milk in order to increase profits.
The quote shines a light on how some indirect evidence can be so convincing, because the inference it calls for – someone poured water from a stream into the milk – is so much more plausible than the only other explanation—that the trout somehow swam into the milk can.
But it’s not typical that a set of facts offers only one logical conclusion. And our search for explanations – especially when we are intent that others accept our interpretation – can be fraught with risk. In these more typical situations, the basic facts are few, but they form the predicate from which we want our audience to reach a conclusion. We see this phenomenon regrettably often in today’s sharply divided political culture, in which a factoid here or there is pumped up with assumption and conjecture to demonstrate the malevolence of some public official. That’s the danger with circumstantial arguments: the mosaic image may have some pieces that represent known facts, but the connections among them are actually obscure.
Sometimes I wonder if the ancient Greeks were playing jokes on us by suggesting that the constellation Canis Minor, which basically comprises two stars, represents a celestial dog. Or that Ursa Major is a bear, instead of a (pretty obvious) big dipper with a lot of other stars scattered around. Scorpius, on the other hand, has enough stars in the right positions that you don’t have to squint too much to imagine the stinging arachnid.
Here’s the point: known facts are like stars in the sky, or dots on a page. You can connect them in various ways to construct a picture. But the one you see, or that you want to see, may not be the only picture that can be made with those dots, especially if there aren’t many of them or they’re far apart. In fact, there may be another way to link them that produces something entirely different, or even contrary to your interpretation.
In the realm of trade secret disputes, there are special challenges in trying to sort out the truth because one side knows the facts and the other doesn’t. As one court famously put it, in Greenberg v Croydon Plastics Co., Inc., 378 F. Supp. 806 (E.D. Pa.1974):
Plaintiffs in trade secret cases, who must prove by a fair preponderance of the evidence disclosure to third parties and use of the trade secret by the third parties, are confronted with an extraordinarily difficult task. Misappropriation and misuse can rarely be proved by convincing direct evidence. In most cases plaintiffs must construct a web of perhaps ambiguous circumstantial evidence from which the trier of fact may draw inferences which convince him that it is more probable than not that what plaintiffs allege happened did in fact take place. Against this often delicate construct of circumstantial evidence there frequently must be balanced defendants and defendants’ witnesses who directly deny everything.
Imagine the common case in which a company has just seen a highly-placed, trusted employee depart for a competitor. A casual remark to a colleague morphs into a threat, and attempts by the employee to clean up her computer on the way out are interpreted as theft. A senior manager, intent on promoting a reason for the departure that doesn’t involve his management style, urges immediate action, and a lawsuit is filed. Crafted like a press release but with more adjectives, the complaint invites the court – and the public – to see the former employee as a thief.
Let’s freeze the action for a moment and look at what has just happened. The former employer can justify its behavior as a rational response to the facts as it knows them. After all, trade secret misappropriation rarely happens in broad daylight, and the complaint is properly based on reasonable suspicion. But although suspicion is enough to permit a lawsuit, it may not be the prudent thing to do. As I have frequently argued, trade secret cases more so than other commercial disputes may be driven by fear, anger and resentment. And those emotions can profoundly affect how otherwise reasonable actors connect the dots to reach a conclusion.
Naturally, this tendency for inference to align with emotion can distort the view of either side. Just as the company may perceive malicious intent due to a few selected circumstances, sometimes innocent explanations offered by the defendant are really excuses wrapped in justification. But it’s because the former employer at the outset knows relatively little about what actually happened that we need to exercise caution and investigate carefully, so as not to mislead ourselves into thinking that the only option is to launch an attack.
When confronted with an emerging story where we don’t have, and maybe can’t have, all the facts, it behooves us to slow down and consider carefully the inferences we are drawing from what we do know. If we believe we’re seeing a trout in the milk, it may be helpful to rub our eyes and take another look.
“Never mistake activity for achievement.”
— Coach John Wooden
We’ve all seen him when driving by the strip mall. Trying to focus on the traffic, our eyes are diverted by “Tube Man,” a 10-foot tall hollow, collapsible stick figure with a fan at the bottom, adjusted so that the body repeatedly folds and then jumps upright, with arms whipping around in a constant frenzy, trying to grab our attention. And that’s the point. Tube Man accomplishes nothing except to demand that we look at what he’s doing.
I was led to Tube Man by a search for “flailing,” a word that seemed an apt label for a spate of new legislation introduced by politicians climbing on top of each other to showcase their zealous antipathy to China. More on that in a minute; but first let’s consider what “flailing” means. It’s a pretty interesting word, and it makes a perfect metaphor.
The original use of “flail” was as a noun, derivative of the Latin flagellum, to describe a threshing tool made of a handle with a “free-swinging stick” loosely attached to the end. The idea was to just wave the thing around and it would end up knocking the grains off the stalk. It didn’t much matter exactly how you moved, so long as you did it with a lot of energy. Now we use machines for threshing, and most of us are not farmers; but we have kept the word, to describe “aimless or ineffectual efforts.”
And that, in my view, describes very well the recent rush of legislative attempts to punish China. That is not to say that China is our best friend. We are in serious competition, and it’s obvious that our leading position in some critical technologies has been targeted. That “giant sucking sound” you hear in the direction of China may be some cutting-edge secrets being displaced. We should be deeply concerned. We need a thoughtful, long-term strategy to respond.
Instead, what’s happening looks more like theater. Here’s the playbill. Early this year, Senator Chris Van Hollen (D-MD) re-introduced the “Protecting American Intellectual Property Act of 2021,” which had passed the Senate in December. It would require the President to impose trade sanctions on “foreign persons” engaging in “significant theft” of U.S. trade secrets, including freezing property and banning visas of individuals and putting companies on the “Entities List” (which makes it hard to do business in the United States). It did not include any path for appeal to the courts.
In April, Senator Lindsey Graham (R-SC) proposed “The Combating Chinese Purloining (CCP) of Trade Secrets Act.” (In his press release he included that parenthetical in the title, presumably to draw attention to the clever word choice that matched the acronym for the Chinese Communist Party.) This bill would have increased jail time for trade secret theft from five to 20 years, and companies found to have participated in or benefited from such theft would be barred from applying for any U.S. patents (any patents, not just related ones). It would also have denied visas to Chinese nationals wanting to pursue graduate studies in certain technical fields.
In May, Senator Chuck Grassley (R-IA) introduced the “Stop Theft of Intellectual Property Act of 2021,” which would bar admission to the United States (or deport them, if already here) of anyone who violates or evades export control laws or commits trade secret misappropriation.
Many aspects of these proposals came together earlier this month, when the Senate passed, with a large bipartisan majority, the “United States Innovation and Competition Act.” Weighing in at 2,376 pages, the omnibus measure contained other bills that were directed at increased government investment in cutting-edge technologies: the “Endless Frontier Act” and the “Strategic Competition Act.” But plenty of room was left for the “Meeting the China Challenge Act of 2021,” which followed the approach of the Van Hollen bill, only with a longer list of sanctions and a requirement that the President must choose at least five from the list (I’m not making that up.)
Separately from this massive omnibus bill, Senators John Cornyn (R-TX) and Chris Coons (D-DE) introduced legislation to create a new committee within the International Trade Commission with the power to perform a very quick (30 days) investigation and then block imports into the country that “contain, were produced using, benefit from, or use any trade secret acquired through improper means or misappropriation by a foreign agent or foreign instrumentality.” Lest we wonder what specific countries the authors had in mind, they inelegantly named the bill the “Stopping and Excluding Chinese Rip-offs and Exports of the United States Trade Secrets Act.”
Even state politicians are jumping on the bandwagon. In the last few weeks, the Florida legislature passed by unanimous vote the “Combating Corporate Espionage in Florida Act,” which makes trafficking in trade secrets a serious felony, with enhancements if it is for the benefit of a foreign government. While lawyers express concern about how the risk of false accusations will discourage labor mobility and harm the economy, Florida’s governor announced his support for the law as a “major pushback against China” in response to its alleged coverup of the origins of the COVID-19 pandemic, as well as to its “infiltration” of universities and companies to steal trade secrets.
Back in 1998, I was part of a delegation of officials, scholars and industry representatives that visited China to help celebrate the opening of its Intellectual Property Training Center in Beijing. The facility was very impressive, and we were told that 600 people a month were receiving instruction in how to work with the country’s new IP systems. This was in the run-up to China’s bid to join the new World Trade Organization (WTO), and I can remember some in the U.S. group who were skeptical that all this activity was just for show, and that China didn’t really intend to make IP a priority.
As it turned out, not only did China join the WTO but it also built a world-class legal and administrative framework for IP rights. Nevertheless, a lot remains to be done, and special challenges persist, particularly in securing even-handed treatment of foreign companies that want to do business in China. Concerns about economic espionage and forced transfer of know-how are legitimate and need to be addressed. It seemed that we were on our way to dealing with a number of these issues through the negotiations that led to the Phase One Agreement early in 2000.
But at the multilateral level – that is, at the WTO, where sovereign countries are supposed to meet, iron out trade problems, and actually sue one another through a carefully negotiated dispute resolution process – the United States has more or less walked away. We have also withdrawn from the one regional trade agreement, the Trans Pacific Partnership (TPP), that we had proposed in order to offset China’s growing economic power in Asia. Simply put, we are not engaging with China.
Some commentators in and outside government suggest that the rise of China will necessarily lead to a “decoupling” of the world’s two largest economies, and that this is appropriate, given China’s anti-democratic approach to governance. But before we allow things to slip that far, we should consider very carefully how the world has benefited from increased trade in the years before tariffs were imposed, and the value of working within institutions like the WTO and agreements like the TPP.
Passing laws that can impose new trade sanctions, freeze property, and even deny companies access to our patent office might help us feel as though we’re solving a serious problem. But we could be creating more problems, as other countries like China watch what we’re up to and pass similar laws targeting U.S. businesses.
Addressing serious issues of IP theft should not lead us into our own corners where we vent and issue pronouncements, making political points with strong rhetoric. To actually achieve progress, we need to engage directly with China, ensuring that it keeps its commitments to respect IP rights and provide fair enforcement. Nothing less than global prosperity is at stake.
“Be careful what you ask for because you just might get it.”
— Anonymous
All the fuss surrounding the proposal by India and South Africa to suspend the TRIPS Agreement to help them produce vaccines to fight COVID-19 has obscured some critical truths. In spite of the rallying cry “Patents versus People,” it’s not really about patents. And merely lifting TRIPS obligations will do nothing to address the current suffering of the world’s poorer populations. In fact, it would hamper efforts to secure global distribution of vaccines, as well as cause real harm in the long term.
The Biden Administration has embraced the proposal in principle and has received plaudits for what many see as a humanitarian and diplomatic breakthrough: choosing people over patents. So how could something that looks so right be so wrong?
First, we have to understand what the TRIPS Agreement is and isn’t. Stay with me here. I know that treaties can be boring, but this one is more important than you may realize.
Since their introduction in 15th century Venice, patents have been strictly territorial, a grant of rights that stops at the country’s border. Indeed, if you found some invention being used in another country, you could bring it back home and get a patent even though you weren’t an inventor at all. We didn’t care much about what was going on next door, just what would benefit the local economy.
Beginning in the late 19th century, as global commerce got seriously underway, a spate of treaties made it easier to claim inventions – and other intellectual property – in multiple countries. For patents, the high-water mark of this business-driven improvement came in 1978 with the Patent Cooperation Treaty (PCT), which bound all signatory countries to accept the priority date of an invention filed in another member country, so long as it was presented within 30 months. This is one of those international treaties that actually works in a practical way to speed the spread of innovation around the world.
But still, patents and other IP protections are decided under national laws, and variations from one country to the next in the scope of rights – especially in enforcement – continued to cause a lot of inefficiency for companies trying to build global markets. So back in the early 1990s, when we all thought tariffs were bad and globalization was good, when everyone seemed to believe that a rising tide of cross-border commerce would lift all national economies, the United States led an effort to establish the agreement that would come to be known as TRIPS, for Trade-Related Aspects of Intellectual Property Rights.
Here’s the thing to remember about TRIPS: it only creates obligations of governments to pass laws supporting intellectual property rights of various kinds: patents, copyrights, designs, trademarks, and trade secrets. It doesn’t affect the private ownership of those rights. That’s an important distinction, especially for trade secrets (or “undisclosed information” as it’s called in TRIPS), because unlike the other “registered” rights, it doesn’t depend on a government grant. It just requires a legal system that enforces confidentiality.
The provisions of TRIPS were not new for industrialized countries. But for the developing world the agreement represented a tradeoff: adopt our framework for protecting IP (including our own, like drug patents), and you’ll get the benefit of increased wealth and productivity that comes with joining the club we’re going to call the World Trade Organization.
What seemed to sell this deal was the expectation that “technology transfer” from industrial north to agricultural, extractive south would happen as a result. Remember that phrase “technology transfer,” because it’s at the hidden heart of the current waiver proposal. You see, published patents are available for anyone to read and learn from, and developing countries still have the option to compel licenses from patent owners if needed to address serious domestic needs, including pandemics. But patents are only a part of most stories of technology transfer, because in order to actually build the factory and produce the goods, you need to know more than what’s in the patents.
When I managed the PCT in Geneva, I heard a lot about this from developing country delegates to WIPO. They expressed great disappointment in how TRIPS seemed to be a “bait and switch” scam, in which the promised benefit never materialized. Patents are fine, but that doesn’t tell you how to adjust the dials on the machines to get the best outcomes. They thought they would be getting all that “know-how,” too.
For some traditional pharmaceuticals, this lack of know-how may not be a showstopper. The patent claims may describe a particular small molecule that provides a certain therapeutic effect. If you already know how to make pills, then manufacturing it can sometimes be relatively straightforward. Sometimes, but not always.
Moreover, biopharma generally, and mRNA vaccine technology in particular, are quite different from traditional drugs. Developing a process to reliably produce these medications at scale is astonishingly difficult and depends on years of experimentation involving cell growth times, temperatures, and other variables. That body of knowledge represents the trade secrets of the developers. It is enormously valuable, and not just for making COVID-19 vaccines. Creating other therapeutics based on the mRNA platform would be much easier and quicker with the benefit of knowing what tends to work and what doesn’t.
So, this is why a temporary waiver of TRIPS—which would suspend national obligations to enforce IP rights—can’t possibly help countries like India get more vaccines to its citizens. The know-how required to manufacture at scale is owned by the companies like Pfizer and Moderna that are producing doses in record volumes. To effect the demanded “technology transfer,” governments would have to secure the agreement of those companies not just to hand over their entire “cookbook” but also to send qualified scientists and technicians to spend time at the foreign facilities, basically consulting on how to implement the secret processes to produce a safe vaccine. And even if that transfer happened tomorrow, getting to the point of actually manufacturing in volume would take more than a year.
Not only would the TRIPS waiver not produce the results the proponents want, it would likely reduce the current level of international distribution of vaccines, by interfering with access to the limited supplies of required ingredients. In fact, this supply chain disruption was recently cited by none other than the government of India in pushing back against popular demands for a compulsory license on Gilead’s Remdesivir and other COVID-19 treatments, noting that the “main constraint” was not intellectual property rights but preventing competition for scarce “raw materials and other essential inputs.”
But there’s more. A waiver would result in even greater harm over the long haul. Drugs typically are not discovered by governments. Instead, we rely on the private sector to respond to new diseases. It seems deeply ironic that while our IP system succeeded in incentivizing the development of a new vaccine only months after the SARS CoV-2 virus appeared, we would now be considering suspending that system. Congratulations and thank you! Now, hand over your trade secrets!
Another irony relates to the fact that these companies have not been producing all the vaccine on their own. Instead, they planned ahead and established collaborative relationships with other manufacturers, leading to quick and effective voluntary technology transfers through licensing. Those who clamor for a waiver seem to ignore that robust, reliable trade secret laws enable such transactions. It may seem counterintuitive, but it’s well established that enforceable secrecy leads to more dissemination of technology, not less. Indeed, without it there would be hoarding of know-how, slowing production of vital medications and other innovations.
It takes more than $1 billion to engage in the risky business of producing a new drug. The willingness of shareholders to invest that kind of money requires a predictable IP system, one in which rights are not imperiled just because some people mistakenly believe those rights are in the way of achieving some laudable goal. Broadly removing IP protections is something governments can do, but they can only do it once, because the next time there may be no innovations available to claw back. Without reliable incentives, private industry simply won’t be able to prepare us for the next pandemic.
Trying to suspend IP rights clearly will not solve the problem and, indeed, risks making it worse. Instead, the international community – including the United States – should focus on diplomatic solutions to the immediate problem by lifting export controls by rich countries and forcing more equitable distribution of the available supplies of vaccines.
For decades, the United States has been vigorously promoting the value to society of a strong, globally harmonized IP system. The success of Operation Warp Speed has demonstrated the value of that system. This is no time to see what it might be like without one.
“In a networked world, trust is the most important currency.”
— Eric Schmidt
I recently finished Gen. Stanley McChrystal’s book, Team of Teams, in which he describes organizational lessons learned as Commander of the Joint Special Operations Command in Iraq. Arriving in 2003, when Al Qaeda in Iraq (AQI) was outsmarting the best special forces that NATO could muster, McChrystal later switched out the traditional military approach of hierarchical control over information and authority to a “shared consciousness” system that pushed authority “to the edges of the organization.” Within two years they had eliminated the head of AQI, Abu Musab al-Zarqawi.
This feat was made possible, McChrystal argues, because the various elite units making up this special force had been transformed into a single organization capable of making decisions without orders from headquarters. While the separate teams of Navy SEALs, Army Rangers and CIA analysts had each proven themselves the best at their particular tasks, they trusted only their own members, and coordination among them was a matter of top-down control by the generals. But to meet the challenge of the elusive, loosely-networked AQI, the Command had to empower these individual teams to work together seamlessly. And that required extreme transparency: each team was aware of the whole mission.
“Need to know” is a bedrock tenet of information security. You only get to see it if you need to see it. The reasoning is that the fewer people who know the details, the lower the risk that information will be compromised by reaching the competition. Another term used among professionals is the “principle of least privilege,” borrowed from the notion in computer science that a user account should be given only that level of privilege that is absolutely necessary to its operation within the system, making failures less likely. By whatever name, the principle increases control by limiting access.
The idea that any one person in an organization probably doesn’t need to know much is rooted in the industrial revolution. When we moved from the age of craftsmen who made an entire product to the assembly line, the worker mounting the wheel didn’t have to know anything about the rest of the car. In fact, mass production efficiency (and profits) resulted from breaking down every process into its predictable steps and assigning each step to a separate worker. The chief architect of this reductionist view of human behavior was Frederick Winslow Taylor, whose 1911 The Principles of Scientific Management has been described as the most influential management book of the 20th century.
Keeping secrets has long been viewed through the same lens: compartmentalization helps keep things under control. But interestingly, it doesn’t always make things more efficient or productive. For example, consider what may have been one of the most important government secrets of the modern age: the wartime Manhattan Project to develop the atomic bomb. Operators of uranium centrifuges at the military headquarters in Oak Ridge, Tennessee knew how to operate the machinery, but didn’t know why they were doing it, until the weapon had been dropped on Japan. In parallel, at the Los Alamos, New Mexico, labs where the physicists and engineers were racing against time and the Nazis, the complex calculations for their work depended on manual punch card inputs to IBM calculators. When management revealed to those clerical workers what all the numbers were for, productivity soared, and they even invented programs to speed the process.
What McChrystal learned in Iraq was that the long-held assumptions of the military about command and control started to break down in the complex, unpredictable environment of modern insurgent warfare. Despite having the best equipment, the most advanced technology and the most thorough training, his finely tuned teams couldn’t match the adversary’s lithe adaptability. The traditional approach of anticipating and carefully planning for every eventuality didn’t work when nothing was predictable, especially when permission had to come from headquarters and each team was operating independently. Instead, he had to scramble the organization chart and develop trust among the teams that equaled the trust they had for one another, so they could act together as a single, responsive organism.
Building trust requires sharing information, and that’s where the lessons lie for modern industry. The adversary is not AQI, but a global swarm of disrupters bent on displacing your business. They operate in a flexible, data-rich, technology-driven environment where the rules of engagement are neither clear nor static.
This is not to say that “need to know” is dead. Not at all. But we shouldn’t think that just because information is not immediately required for a task it should not be widely accessible. Let’s consider a couple of examples.
First, a member of the sales team is attending an industry show (yes, we are going to do those again). She runs into the representative for an important potential customer, who as it turns out has a need for what the company is offering, but only the new, as-yet-unannounced version with some compelling features would suffice. Should she reveal the confidential information she knows, even though there’s no nondisclosure agreement in place? Or should she pass on the potential sale?
Now consider the engineer who has left the company to join a competitor. He’s working in the same general technology. At a meeting with his new colleagues, they describe a challenge they’re facing to decide among several options that seem like fairly straightforward engineering choices. But this employee knows from his most recent experience that one of those options will likely lead to failure. Is that knowledge part of his general skill and experience that he can share, or does he need to take himself out of the conversation?
Whether or not the answers to these questions seemed straightforward to you, the issue is what that employee will decide in the moment. More specifically for management, the question is what you would want them to do, and whether you are confident they will make the right choice.
If your business applies the “need to know” principle in its restrictive sense, it’s possible that your training program does not prepare employees for these kinds of decisions. Companies that tend to lock down information across the board also tend to assume that employees know what to do about confidential information. And anyway, if they don’t have access to it, there can’t be any risk, right?
One of McChrystal’s innovations in Iraq was to conduct mandatory daily briefings with all relevant units connected by video, including back at the Pentagon. It took some time before everyone from the various branches and agencies attended, but they came to understand the value of broadly sharing information. Trust improved, and the previously independent teams began to work organically, anticipating each other’s moves and making on-the-ground decisions. In short, greater access to information made them more effective.
What does this mean for your organization? You likely will benefit from rethinking your approach to access controls. More restrictive is not always better. Trusting people with broader information can improve performance. But to open things up and take full advantage of the capabilities of your workforce, you’ll need to take a hard look at your education program. Expecting employees to exercise good judgment about business secrets requires more than just sharing detailed plans for the next quarter.
McChrystal started with some of the best-trained soldiers in the world. If you want an adaptable workforce able to make smart decisions about when and how to share information in a complex world, you need to educate them thoroughly and continuously. They need to know what the company’s most valuable data assets are. They need to know their role in protecting them. They need to know what everyone else is doing and how they can help. Then you’ll have a team of teams.
In over 40 years of handling trade secret disputes, I have seen plenty of “successful” results, but never a time when my client said, “Gee that was fun; let’s do it again!” They may tell me they’re happy with the outcome, but hey, I know that it also feels good to stop hitting yourself with a hammer.
It’s a fact that more than 90% of trade secret cases settle without a trial. But too often those settlements only happen after years of litigation. There are ways to make that process less painful, and in an earlier article we looked at the advantages and limitations of arbitration and private judging as means to recapture some amount of control over the dispute. But unless the parties already had an arbitration agreement before the problem arose, one of them will probably see an advantage to playing it out in court.
There are plenty of ways to spend time and money in these cases. They begin with a struggle over what the trade secrets actually are. That can take months, even years, while the lawyers also fight about each side making available its documents and witnesses. Sometimes millions of documents and dozens of witnesses. All this is to prepare for a possible trial where, as experienced lawyers will tell you, the outcome usually hangs on just a handful of records and a few critical bits of testimony.
Approaching closer to the actual trial, reality and exhaustion tend to combine, leading the combatants to settle, primarily as a way to avoid looming risk. But this comes at an enormous sunk cost of money, energy and distraction from the actual business. At the end, the silent regret in the room is about not having arrived at this same place a lot sooner. So why do otherwise smart, calculating managers wait so long, and suffer so much, to get to a settlement?
Some apologists for the status quo will tell you that it’s necessary to press every procedural point in order to test the adversary, and that only when you have collected all of the records and examined every possible witness can you engage in “informed” negotiations. Plaintiffs’ lawyers will add that trade secret cases are all about stealth, so there must always be more that the defendant is hiding. Defendants will point out that the lawsuit represents an existential threat to their business. Or, perhaps more likely, to their personal honor.
Why Emotions Drive Trade Secret Litigation
Anecdotal evidence from colleagues, and my own experience, suggests that trade secret warfare has such staying power because it is so often driven by the personal emotions of the participants. Here is the key distinction: unlike any other kind of intellectual property dispute, the trade secret case is all about fault in a relationship.
As I’ve said before, it was my very early experience handling divorces that prepared me for trade secret litigation. Whether it was about employees leaving to start a competing company or join a competitor, or between two companies that had been in some collaboration, there was a rupture in a relationship, and trust was shattered. Sometimes that trust had been built over years, as with the young engineer who was mentored by the company founder only to strike out on his own, or the start-up band of disrupters grown close by fighting the entrenched incumbents, only to see one of their siblings leave for greener pastures (or more stock options). Even in big companies, internal teams develop loyalties as they rely on each other through the tough times.
So when this happens, who feels hurt? Pretty much everybody. The colleagues left behind may include managers and co-workers who feel deceived and abandoned (probably not admitting a touch of envy). The accused misappropriator is startled and in deep denial that anything could be wrong. They may feel scapegoated by their former boss (that venal bastard who never liked my ideas anyway). And hanging over it all is that primal emotion called fear: how long can this go on, and what will happen to me? Again, even in the business-to-business environment, it’s tactically about blaming and avoiding blame, but emotionally about betrayal and treachery.
Not Just Stolen Code, But Bruised Feelings Too
Here lies the root of the problem: the dispute is not just about some software code or customer list, but (to varying degrees of course) about the need to resolve bruised feelings. And without thoughtful intervention, that resolution can take a lot of time.
This may be the point where you expect me to describe the wise and trusted lawyer riding in to solve the case. Sorry. Naturally, there are – ahem – wise and trusted lawyers out there, but often the most they can do is bring down the heat a bit and work to make the litigation process as efficient as possible. Again, emotions run high among the participants in the drama, and clients – at least at the outset of a trade secret fight – may expect their counsel to be warriors first, advisors second. And an outsider might say that the lawyers have a certain conflict of interest that may lead some of them (subconsciously) to want to prolong the struggle.
Indeed, there are lawyers who make themselves part of the problem by acting out, effectively channeling the emotions of their clients. My wife, Laura-Jean, who is a psychotherapist, tells me this is called “merger,” but a different kind than we think of in the corporate world. The lawyer, rather than acting the independent professional, “merges” with the client’s perceived emotional state and then acts on it. Thus, we have the lawyer who, a couple of years ago, threw a cup of coffee at her opponent in a deposition, deservedly leading to dismissal of the case.
Mediation is the Perfect Path to Settlement
In trade secret disputes it’s the responsibility of the lawyers not just to avoid tantrums, but to act in their clients’ interest by guiding them toward settlement early and often. Lawyers are in a position to appreciate when their clients have tunnel vision due to emotional overload, unable to see the actual costs and risks that lie ahead. It’s up to the professional to be practical and help the client look at the situation through a business lens. Naturally, it’s hard to make that shift in the midst of battle.
This is precisely why that other form of alternative dispute resolution, mediation, is the perfect method for resolving trade secret disputes. A neutral facilitator leads the process, allowing counsel to retain some attitude as an advocate. The mediator, as we all know from centuries of experience in relying on intervention from respected elders, is able to see alternatives that the parties can’t. While lawyers have their eye on a future trial, the mediator begins with the solid truth that there was a relationship here once, and so there are always opportunities to tap that reality and, in the process, satisfy some of the unspoken emotional needs that lurk behind the legal advocacy. And the mediator has a broader appreciation for the collateral damage that happens in litigation and can find ways to preserve third-party relationships that might otherwise be battered and lost.
Mediation is the natural, organic solution to the typical trade secret case that takes on a life of its own, becoming a soap opera for the participants. Properly engaged, even at the outset of a case, it supports the parties in identifying the real problems and preparing for solutions to emerge. And it doesn’t have to be a single event. Indeed, at its most effective, mediation is a process that begins as soon as the parties reach some inflection point in the case where it seems acceptable to involve a neutral.
Pick a Mediator Who Will Pick at Your Case
Unlike other, more procedurally predictable IP litigation, such as patent infringement, these inflection points can happen often in trade secret disputes, because judges make decisions that leave both sides dissatisfied, or some new piece of evidence looks like it might shift momentum. That doesn’t mean the litigation has to stop while talks go on. The first session with a mediator may lead to little more than an agreement to share certain information and prepare for a later conversation, while in the meantime the lawyers can consult with the mediator privately, building the kind of trust that will allow a deeper exploration of possibilities at the next stage.
Here’s an important tip: for trade secret cases you need a mediator that is “evaluative” rather than just “facilitative.” That means that the neutral will at some appropriate point share with each party in confidence their view of the merits of the case. Instead of just helping the participants listen to each other, the mediator proactively judges the direction that each side needs to take to find a solution, helping them to come closer – not necessarily to the middle, but to a place that will resolve all of the issues that led to the dispute. Often, the main issues are not about money, but about reputation, respect and cooperation.
Ultimately, the best mediators will help the parties restore some dimension of the trust that they had lost, perhaps discovering some opportunities that they never could have imagined if they had tried to resolve this on their own. And although my guess is that no one, regardless of the outcome, would ever want to re-enroll in Trade Secret University, we lawyers can improve the value of our services, and the happiness of our clients, by helping them to graduate early.
The Lord of the Rings trilogy ends in suitably spectacular fashion with a battle scene following the retreat of all the good people to “Helms Deep,” a tall stone fortress built into the recess of a massive rock mountain. Seemingly impregnable, the thick wall facing the invaders contains a small flaw: a drainage outlet about five feet high, large enough to pile in some spiny medieval bombs. That done, one of the bad guys in heavy armor but inexplicably looking just like the Olympic torch carrier, glides between lines of his cheering comrades and dives in with the flame to blow a hole big enough for the army to pour in.
Now, immediately shift your mind’s eye from New Zealand to New York: you are watching the scene from The Big Short where Ryan Gosling’s character overhears at a bar a secret trading strategy to bet against the subprime housing market (you know how that one turned out), and then proliferates it by making a call to a wrong number. And for something too improbable to qualify as a movie idea, consider this real-life drama from 2010: Apple, a company infinitely obsessive about the secrecy of unreleased products, finds out that an employee left an iPhone 4 prototype in a bar. Then (this is true) the same thing happens the next year with an iPhone 5 prototype, with a different employee, in a different bar.
Protect the Perimeter, or Guard the Core?
The managers of most companies tend to see information security as a Lord of the Rings problem, with the focus on protecting the perimeter. This reflects the popular view. Indeed, from reading headlines about hackers, you might think that cybercrime –malign attacks from evil outsiders – represents the most common way that commercial information is lost. And you would be wrong. It’s not the overlooked vulnerability in the company’s firewall that gets exploited by determined external enemies. Instead, it’s the careless employee who overshares on social media, brags at parties, or leaves a sensitive document in an airport lounge. (Remember traveling on planes?)
According to a 2013 study by Symantec, over half of departing employees believe it’s entirely acceptable to take company data when they go, and they tend to act on that belief. Forty percent have plans to use the information in their new position. This is not necessarily malicious behavior. Many (68%) just think the organization doesn’t care, given a lack of any apparent enforcement. Anyway, if the information is software, 44% believe that because they wrote it, it belongs to them. From my work with clients, I’d say the situation hasn’t changed.
So, it shouldn’t be surprising how often information is lost just because someone sends a sensitive email to the wrong person, or a group text instead of a private exchange, or because an employee decides that the company’s VPN is just too much trouble.
Nevertheless, when corporate managers think about information security, the first place they look at is the ramparts, when it’s what’s happening behind the walls that should keep them up at night. According to a 2017 Gartner report, businesses spend 62% of their security budgets on defending the network, compared to 18% for the “endpoint” devices in the hands of users.
All of this is not to say that we shouldn’t be guarding the perimeter against hackers, who are everywhere and apparently never sleep. Fortunately, the tools available to detect and react to cyberespionage are constantly improving, and despite the occasional disasters (most of which can be traced back to – ahem – human error), we seem to be staying slightly ahead in the cybersecurity arms race.
An Endless Supply of Human Folly
But clearly the more serious and pervasive threat is from insiders. Unlike the hackers who are trying to break into our systems, these are people that we trust with access to sensitive information, because we have to. Given the complexities of the globalized, digital economy, we have no choice but to share our secret data with employees, not to mention the anonymous employees of supply chain partners, all of whom stay connected remotely through multiple devices, and being human, can get easily fatigued or distracted.
Naturally, these risks are amplified as we have shifted to mostly remote work, where insider threats are dispersed and managers can’t always see them, including the subtle cues of individual behavior that might flag a problem. But increasingly, some of the same kinds of technologies that protect us against malicious outsiders are being developed to address the internal threat.
As we have observed before in this space, trade secret problems come in many different dimensions and circumstances, but all of them share a common feature: somebody did something stupid. Try as we might to create policy frameworks, management structures and training programs, the supply of human folly seems inexhaustible.
Machine Learning and Artificial Intelligence as a Possible Solution
The current hope is that machines will be the match for our failings. Artificial Intelligence (AI) has developed a reputation as aspirational, having fallen short of previous predictions. But it’s certainly much improved, and its ability to recognize patterns and make nuanced judgments provides reason for hope that it can be applied to predicting and managing human behavior.
That said, to deploy intelligence you have to first know some facts. And this is where Machine Learning (ML) comes in. While humans constantly demonstrate an inability to learn from their mistakes, for example by continuing to build houses in flood zones and forests, machines are terrific at it. They don’t get defensive when criticized, and like your dog, they just want to know what makes you happy.
So, combining ML’s talent for education with AI’s capacity for analytics and executive thinking seems an ideal way forward. And indeed, industry has stepped up and created some interesting possibilities. Perhaps inevitably, the security vendors seem to be innovating mainly in the area of new acronyms and other jargon designed to reinforce how much you don’t know. But stay with me for a moment and I think you’ll get a sense of where we’re headed.
An Alphabet of Defenses
Once upon a time there was plain old Data Loss Prevention (DLP) software, which sort of did it all and had a nice generic name. Now we have UAM, which stands for User Activity Monitoring, tools that gather data at its most granular, like individual screen captures, text messages and even keystrokes. UAM also sucks up data from DLP applications, as well as from systems engaged in Security Information and Event Management (SIEM) and User and Entity Behavioral Analytics (UEBA – which, wait, is now called SIEM 2.0). Got all that? No?
Okay, here’s a simpler explanation, through an example. We all deal with authentication by passwords, as well as the more annoying two-factor authentication, in which we wait for a code to be delivered to another device. With a process called Risk-Based Authentication (RBA, sorry), the system doesn’t only verify identity. Using a combination of AI and ML to create a baseline understanding of user behavior, it also examines context to search for anomalies and create warnings or blocks against dangerous behavior. It can examine emails from supposedly trusted sources to see if they align with previous messages, looking for very subtle differences in syntax and diction that might indicate a phishing scam.
So, while we’re sitting in front of our computer at home, far away from the office, we have the comfort of knowing that we’re not really on our own, that we have someone watching over us, protecting us against ourselves, and preserving the information assets that make this job possible.
In the final moments of The Lord of the Rings, despite the breach of its fortifications. Helms Deep was saved by the extreme heroics of its defenders. In business, the workforce may look a bit more like the careless traders in The Big Short. They could use some reinforcements.