When Thomas Edison was asked about his years of searching for a long-lasting light bulb filament, he said, “I haven’t failed; I’ve just found ten thousand ways that won’t work.” Experimenting with materials ranging from platinum to beard hair, he eventually zeroed in on carbonized thread, and later, bamboo. At that point, he had two important trade secrets. The first, obviously, was the identity of the best material. But the second was the identity of all the others he had tried. Why should that collection of failures qualify as a trade secret? Because any would-be competitor would love to avoid having to put in the effort and take the risk that Edison did.
This same notion – that information about what doesn’t work, or works less well, is valuable and protectable – applies equally to modern research-based industries like pharmaceuticals and biotech, where thousands or even millions of compounds may be tested in order to arrive at a successful new drug or treatment.
The law didn’t always treat R&D with the same respect as its outputs. Back in Edison’s day, trade secrets were limited to information that was “in continuous use” in a business. If you wanted to protect the records of how you got there, you had to keep them locked up. (Edison was obsessive about keeping people out of his lab.) But by the middle of the twentieth century, just in time for the information economy, rules on trade secrets had relaxed, so that even data with “potential value” could be protected.
In the old days, a lot of confidential information was said not to “rise to the level of a trade secret.” Now, although we still occasionally see this phrase, it’s become virtually meaningless, since the bar is so low: any information qualifies as a trade secret if it’s not generally known and has even the slightest competitive value.
And this is how we get to include so-called “negative know-how” in the asset base of modern enterprises. The trial-and-error method of innovation produces lots of trials and lots of errors, and often requires enormous and risky investments. The ultimate successful product is only the very small tip of a large R&D iceberg.
For the law, dealing with negative data isn’t easy. It can be confused with an employee’s personal skill, which is not protectable as a trade secret. When a dispute goes to court, judges want the secrets specifically defined, and they can get frustrated when referred to gigabytes of experimental data. But this is the reality of developing complex products, where proving that a particular compound or technique doesn’t work can itself be an extremely valuable breakthrough.
Negative information is most commonly put at risk not by theft of the records of R&D, but by departing employees who are familiar with how a particular technical solution was created or optimized. Eager to help their new colleagues, a recent arrival may wince at a suggested development path and blurt out a warning not to go there. Even very general pointers about an engineering direction to try or to avoid can help a competitor reduce risk and shorten development time. That is why hiring someone who has worked on a similar project for a competitor can lead to trouble. See The Most Dangerous Hire.
Closely related to the concept of “negative information” is the idea that you can be guilty of trade secret theft even though your product looks very different, or you made significant investments in your own research. When a company’s work is informed by a competitor’s proprietary R&D, the courts refer to this as indirect misappropriation, using labels like “springboard,” “cornerstone,” or “accelerant” to describe the unfair advantage. In effect, it is enough if information from the first project substantially influences the second.
Proving indirect misappropriation can be a challenge, especially where there is no trail of purloined documents to link the accused derivative work to the original. But even in cases where the information has traveled in the mind of a departing employee, you can sometimes demonstrate an anomaly in the records of the second company’s development. The absence of experiments or research behind an important engineering decision, particularly if coincident with hiring from a competitor, might be an indication that someone directed the choice because they already knew what way to go (or not to go).
For companies that want to compete fairly and avoid litigation, this area can be difficult to manage. There are very few hermetically sealed industrial labs where no one has worked for a competitor. And the problem is particularly acute in fast-growing organizations, or where the industry relies on a rapidly mobile workforce. But in this as in other areas of trade secret loss or contamination, those who pay attention and manage to reduce risks are way ahead of the game.
Recently a client asked me for advice on setting up a reverse engineering project. The company had just hired a senior engineer from a competitor that had pulled ahead of them the year before with the release of a next generation product. They needed to respond soon. The new employee was “clean,” they assured me, having come over without any documents or files. So they proposed to get him going with a small technical team and some samples of the competitor’s product. He no longer had access to any trade secrets of his former employer; what could possibly go wrong?
In the world of trade secrets, reverse engineering is universally embraced as acceptable. It involves starting with a publicly available product or set of information and taking it apart to discover how it was created. Why does anyone do this? To discover, legitimately, a path already taken:
In most circumstances, there is nothing wrong with reverse engineering. The recently-enacted Defend Trade Secrets Act declares that it cannot be an “improper means” of acquiring information. (In fact, if you properly reverse engineer a product, the information you discover can be held by you as your own trade secret.) The reason behind the rule is apparent when you consider the limits of trade secret protection: selling a product that reveals the design and method of its manufacture means the secret is imperiled. If it is very easy to discern, then the secret is lost immediately. If it might take some time to figure out, then that’s called reverse engineering, and anyone is allowed to do it.
Like most rules, this one has its limitations. You can’t use the reverse-engineering process to “discover” and duplicate a patented invention. That is one of the advantages inherent in using patent protection instead of trade secrets. Also, if you haven’t simply purchased the product on the open market, but have acquired it by some form of limited license or other contract that restricts your rights to reverse engineer, the courts normally will enforce those restrictions. Finally, you can’t through reverse engineering simply duplicate a product that is protected by a trademark or otherwise market a product so identical that the public would be confused about its source. Indeed, that conduct deserves the derisive label “knocking off.”
But to appreciate the potential of reverse engineering, consider the case of Chicago Lock Co. v. Fanberg. For fifty years the Chicago Lock Company had marketed its special “Tubular Ace” lock, frequently seen on vending machines where maximum security is required. In order to achieve that level of security, the manufacturer would provide a duplicate key only to an owner registered with the company. The codes necessary to duplicate the keys were strictly controlled. Lost keys could only be replaced by the manufacturer or by a locksmith who could “pick” the lock to discover the appropriate configuration and grind a duplicate tubular key.
Locksmiths typically would record the relevant “key code” along with the serial number of the customer’s lock, to be able to duplicate the key if it was lost again. Fanberg, a locksmith himself, advertised for other locksmiths to provide him with correlations they had recorded over the years. He then compiled all of the correlation codes into a manual and offered it for sale. Chicago Lock Company, understandably upset that its security system was jeopardized, filed a lawsuit.
The court directed judgment for Fanberg. Whatever claims the owners of the locks might have had against their locksmiths for divulging the codes, the manufacturer had sacrificed its products to the possibility of exactly the kind of reverse engineering that occurred. The court explained:
“It is well recognized that a trade secret does not offer protection against discovery by fair and honest means such as by independent invention, accidental disclosure, or by so-called reverse engineering, that is, starting with the known product and working backward to divine the process, Thus, it is the employment of improper means to procure the trade secret, rather than mere copying or use, which is the basis of liability.”
If you intend to reverse-engineer a product, however, be careful how you do it. Acquire the product through a simple purchase. Make sure that there are no conditions attached to the purchase that might prohibit you from reverse engineering. In addition, beware of documentation that is provided as part of the sale that may itself contain confidentiality restrictions. This situation occurs frequently with sophisticated equipment accompanied by maintenance manuals or circuit diagrams with restrictive legends. It also comes up in the disassembly of software acquired under license agreements, where issues of copyright infringement may require special legal advice.
Carefully choose the team that will perform the reverse-engineering tasks. Use only those who have had no exposure to the way it was originally designed and made, and be sure that the team does not have access to any confidential material of the original manufacturer. Maintain detailed records of the entire process, so that it can be demonstrated – to the satisfaction of someone with a technical background – that the process was accomplished “from scratch” and without reference to any restricted information.
As for my client who hired the competitor’s engineer, they agreed they were asking for trouble by involving someone who had previously worked on this technology. Since he was already on board, and as extra insurance against a later claim, they abandoned their internal project and contracted with an outside vendor to perform the work in a “clean room” environment (a term borrowed from semiconductor processing, where particle contamination is strictly controlled), with nothing to refer to but the product itself. Reverse engineering may sound good, but as in so many other areas of trade secret law, the right answer isn’t found in a phrase, but in practical risk management.
Patenting and secrecy are the two major methods of protecting technology that supports competitive advantage.[1] While this has been true for decades, the legal landscape in which businesses must choose between them has changed dramatically in recent years, mainly as a result of two forces. The first of these was a series of court rulings that collectively have narrowed the scope of patentable subject matter and have made patents more difficult to enforce. The second was the America Invents Act of 2011 (the “AIA”), which effectively eliminated or reduced certain risks of choosing secrecy, while providing new ways to challenge patents in administrative proceedings. Considered together, these forces require innovators to reconsider their cost/benefit models for evaluating protection mechanisms. This article discusses risk factors counsel should weigh when advising clients on these issues. I do not advocate one method over the other, but instead suggest that decisions should be guided by clients’ business needs and priorities rather than by patent eligibility alone.
More than forty years ago the U.S. Supreme Court rejected the idea that state common law on trade secrets should be preempted by the federal patent statute. In Kewanee Oil Co. v. Bicron Corp., [2] the Court explained that anyone whose invention clearly qualified under the patent laws would always choose patenting over secrecy. [3] While this was a dubious assumption, a concurring opinion pointed out that Congress had repeatedly amended the patent law without ever questioning its coherence with trade secrets. Nevertheless, popular wisdom among intellectual property lawyers since Kewanee has continued generally to hold that patents are strong, secrets are weak, and unless there are good reasons to elect secrecy (such as the difficulty of proving infringement of process inventions), patenting is the preferred method when it is available.
Over the years, a fairly sophisticated approach to the issue emerged and began to dictate inventors’ preferences. This business-oriented analysis started with the issue of patentability and added more factors to the calculus, including:
I have already noted the two major forces that have combined to challenge the traditional patent/trade secret calculus: judicial decisions making patents more difficult to obtain and enforce, and legislation that has reduced the risk of employing secrecy while arguably reducing the value of patents in general by making their enforceability less reliable. The new calculus takes into account these tectonic shifts in a larger context, in which secrecy has achieved an unprecedented level of attention and importance. We therefore begin our analysis with a brief review of that context.
New Global Emphasis on Secrecy Issues
Establishment of the TRIPS Agreement in 1995 brought trade secret protection to the international stage. [8] The current wave of business globalization had already begun, and TRIPS made clear that industry could count on some level of respect for trade secret rights in cross-border transactions. The next year the Economic Espionage Act became law. [9] More recently, the U.S. government, partly motivated by reports of high profile cyberhacking and other forms of espionage against American companies, issued a number of reports, strategic plans, and executive orders reflecting a heightened interest by the administration in trade secret enforcement. [10] Naturally, this attitude has been reflected in the major bilateral and regional free trade negotiations to which the United States has been a party. [11] In 2016, Congress passed with almost unanimous support the Defend Trade Secrets Act, providing for the first time a civil misappropriation remedy under federal law. [12] Meanwhile, the European Union has issued a new Trade Secrets Directive that is expected to lead to a certain level of harmonization among the member states on major issues of definitions and frameworks for civil enforcement. [13] This interest by governments is consistent with industry surveys that show an increased reliance on secrecy over patenting as a means of protecting competitive advantage. [14]
Of course, enforcement activity in actual transactions is at least as important as policy pronouncements, and here the indications are also encouraging for trade secret owners. In TianRui Group Co. v. ITC, [15] a case involving trade secret misappropriation occurring entirely in a foreign country, the Federal Circuit held that the International Trade Commission properly exercised its authority under 19 U.S.C. § 1337 to bar importation of products manufactured abroad using the misappropriated secret information. A dissenting opinion by Judge Moore objected to what she viewed as an unjustified exercise in extraterritorial application of U.S. law. Although her analysis focused on whether the statute evidenced a congressional intent to apply extraterritorially, it is notable as well for its prediction that the panel’s holding would provide “an additional incentive to inventors to keep their innovation secret,” which she felt would in turn “den[y] society the benefits of disclosure stemming from the patent system, which are anathema to trade secrets.” [16] While I agree with Judge Moore that robust domestic remedies for foreign theft of secrets can provide some additional encouragement to rely on secrecy, I see that as fully consistent with the Supreme Court’s holding in Kewanee that trade secret law is complementary, not contrary, to the patent system. After all, the policy goal of the patent law is not disclosure itself but encouragement of invention, [17] and that is also a primary policy behind trade secret law .[18]
Trade Secret Anxiety and Risk Reduced by the AIA
Before passage of the AIA, decisions about secrecy versus patenting could involve some risk relative to patent law. The most obvious of these was the requirement (imposed uniquely in the U.S.) that the applicant disclose the “best mode” of implementing the claimed invention. [19] A failure to comply could result in the patent being held invalid, and so the best mode defense became a common feature of discovery in patent litigation, with the defendant searching for indications that the inventor’s thinking had been more precise than was revealed in the application. In effect, the patent applicant had to weigh the disadvantages of too much or too little disclosure, and whatever the decision there would always remain a risk either of facing a best mode defense in litigation, or publication of secrets that could properly have been maintained, or both. This risk was for the most part eliminated by the AIA, which maintains the best mode requirement but declares that it cannot be raised as a defense against infringement. Whatever one might say about the lack of elegance or consistency in this approach to patent reform, these special risks and costs of keeping as secrets certain patent-related information have for most practical purposes disappeared.
The AIA also appears to have benefited trade secret holders by abrogating the so-called “forfeiture doctrine” originally described by Judge Learned Hand in the Metallizing Engineering case. [20] The doctrine barred patenting when the inventor had profited from commercial use of the invention for longer than the one-year grace period before filing, even where the use was secret, such that no one could gain access to the invention by inspection of a marketed product. Confirmed in later opinions of the Federal Circuit, this category of “secret prior art” is no longer present in the AIA’s amended § 102(a)(1), which lists the novelty-destroying types of prior art as: matter which was either patented, described in a printed publication, in pubic use, on sale, “or otherwise available to the public.” The clear implication of the latter phrase, according to most commentators, is that the prior art itself, and not just the things made with it, must be “available to the public.” [21]
Finally, the AIA dramatically broadened the prior user rights defense, which under the American Inventors Protection Act of 1999 had been provided only for business methods, by expanding its application to all technologies. [22] So long as the use began before the filing of the relevant patent application (or before an earlier public disclosure by the applicant during the grace period), this defense will protect one who had made a decision to deploy the technology in secret rather than seek a patent. Although subject to certain limitations, [23] the prior user rights defense is now sufficiently comprehensive that a decision to use secrecy can be made in the comfort of knowing that the activity will almost certainly not be prohibited by virtue of a later-issued patent.
Patent Rights Diminished by Court Decisions and Post-Grant Proceedings
If trade secret interests are in the ascendancy, the feeling among the IP bar is that patents, if not directly under attack, have been weakened by a combination of a series of court decisions and the effects of the post-AIA procedures for challenging issued patents. First we should consider what the courts have done to the scope of patentability. KSR adjusted the standard for obviousness, generally making it easier to challenge validity.[24] Bilski made it more difficult to claim business methods. [25] Mayo constrained applications for medical dosing techniques. [26] Nautilus raised the bar for § 112 definiteness. [27] And Alice has called into question the patentability of software inventions. [28] As for enforcement of patent rights, eBay substantially reduced the likelihood of getting an injunction. [29] Sandisk made it easier to file declaratory relief challenges (and therefore more complicated to engage in licensing discussions). [30] Seagate raised the bar for willful infringement. [31] LaserDynamics limited application of the “entire market value” theory of damages .[32] Octane Fitness injected a much more serious risk of fee-shifting if the patentee turned out to be wrong. [33] Whatever your view about the merits of each of these decisions—or all of them as a group—it should be easy to understand how patent owners, looking back over the past decade or so of court opinions, might be feeling shocked.
And then there is the AIA, which introduced reforms to the patent system that have been widely embraced as increasing efficiency, transparency, predictability, and effectiveness of the nation’s innovation engine. [34] But one aspect of this profound reworking introduced the notion of easier public challenges to issued patents, reflected in the processes for post-grant review of the PTO’s decision to issue a patent. [35] While few would question the inefficiency of putting all validity issues in front of a lay jury for determination, the alternative of sending back patents for re-working to the Patent Trial and Appeal Board—which applies a lower standard of proof and seems to be invalidating many more claims than it sustains—has stirred controversy over whether we have turned the system over to “patent death squads.”[36] Putting aside the rhetoric, we should not be surprised that patent owners feel that the traditional grants of “quiet title” in their inventions have been seriously disturbed, and the value of (at least some of) their patents has been reduced. And this is before considering some of the current proposals for further reform. [37]
I do not believe that the patent system is in existential crisis. Any transition to accommodate fundamental reforms will be (and especially will feel to rights holders) profoundly disruptive. But pendulums swing, and systems operating in tension usually return to stability. It should be no surprise, for example, that early PTAB decisions were statistically slanted towards invalidity, because the structural change suddenly addressed a backed-up inventory of questionable claims that previously could only have been challenged in federal courts. We should be patient and allow the new framework to adapt.
That said, the cumulative effect of all of the recent changes is substantial and undeniable. Even though we are in the early stages of adaptation, innovators need to pause and consider the ways in which these shifts are likely to affect their immediate interests and their long-term strategies.
The first point to hold in mind is that the question is not binary. It is not so much “patents versus secrets,” but “patents and secrets.” Both systems can provide benefits to the enterprise looking to profit from its innovative work. Patents remain uniquely valuable as a way to protect the competitive advantage of innovation, including through their “signaling” function. And secrets, while clearly essential to the protection of recipes, processes and transient facts, remain, as the Kewanee court said they were, relatively weak and risky. Moreover, trade secret protection is not “free” just because there are no filing fees. Maintaining a program of secrecy includes significant overhead costs for managing confidential relationships with employees, customers, suppliers, and other partners.
Second, the process of choosing one method over the other is dynamic, not just because the law is in a state of flux, but primarily because of the business conditions that should influence the decision. These include the international aspects of intellectual property protection, the nature of the relevant assets (information-based assets like data analytics favor trade secret protection over invention-based assets), and the behavior of relevant markets (fast-moving markets may make it more difficult to recoup the cost of patenting and to justify teaching the competition). As in many other areas of modern business, breaking old habits and challenging assumptions can be very productive.
Third, there is at least one way to buy time to address inventions that do not obviously fit into a clear decision model for patenting or secrecy. So long as you can accept the constraint of patent protection only in the U.S., it may be advantageous to file a provisional application together with a certification of intent not to file for foreign protection, [38] which will allow the application (including any subsequent non-provisional) to remain unpublished during the examination process. This approach effectively returns the applicant to the situation that applied generally before eighteen-month publication was introduced in 1999, so that, if at any time before allowance it is determined that the matter would be more productively maintained as a trade secret, the application can be withdrawn.
Fourth, irrespective of the decision to use secrecy or patenting for a particular innovation, there is now a greater need to pay attention to how information assets are managed. As I have already noted, confidential information—including unpublished patent applications—constitutes the majority of most companies’ asset base. This is evanescent property and requires special management focus to protect its integrity, whether it is held as a secret or matures into a patent. Indeed, it is something of a dilemma that in the age of global collaborations and “open innovation” this extraordinarily valuable, vulnerable property must be shared with outsiders who are sometimes located in countries with less-than-robust intellectual property regimes. The security challenge grows with the complexity of a company’s sharing network, and now that we are in a first-to-file environment, it has become more important that organizations police their confidential relationships for leaks, maintain scrupulous records of invention activity, and monitor published patent applications by collaboration partners, to identify claims that may have been improperly derived from the collaboration.
Deciding whether to choose secrecy or patenting (or both) used to be a fairly straightforward exercise; or at least we all assumed it was. The framework has now shifted dramatically, not only because of changes in the law, but also because the global business environment is much more complex. The good news is that along with increased risks come new opportunities for developing creative strategies that can leverage the value of our clients’ most important assets.
[1] Trade secrets protect a wide range of confidential information, ranging from customer lists to strategic plans and business methods. See Pooley, Trade Secrets § 4.02[2] (Law Journal Press 2017, updated semiannually). This paper concerns only protection of technical information that could qualify as patentable subject matter, but which might also be protectable as a trade secret.
[2] Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 492 (1974).
[3] Id. at 490 (“The possibility that an inventor who believes his invention meets the standards of patentability will sit back, rely on trade secret law, and after one year of use forfeit any right to patent protection . . . is remote indeed.”).
[4] Mark A. Lemley & Carl Shapiro, Probabilistic Patents, 19 J. Econ. Perspectives 75, 80 (2005) (“Between 55 and 67 percent of issued U.S. patents lapse for failure to pay maintenance fees before the end of their term . . . , which indicates that these patents are of little value to their owners.”).
[5] See F. Andrew Ubel, Who’s on First?—The Trade Secret Prior User or a Subsequent Patentee?, 76 J. Pat. & Trademark Off. Soc’y 401, 407 (1994).
[6] Andrew Beckerman-Rodau, The Choice between Patent Protection and Trade Secret Protection: A Legal and Business Decision, 84 J. Pat. & Trademark Off. Soc’y 371, 400-401 (2002).
[7] Sebastian Hoenen et al., The Diminishing Signaling Value of Patents between Early Rounds of Venture Cap ital Financing, 43 Res. Pol’y 956 (2014).
[8] TRIPS: Agreement on Trade-Related Aspects of Intellectual Property Rights, art. 39.
[9] 18 U.S.C. §§ 1830, 1831-1839.
[10] See, e.g., Office of the Nat’l Counterintelligence Exec., Foreign Spies Stealing U.S. Economic Secrets in Cyberspace: Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011 (2011), available at http://www.ncsc.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf; Victoria Espinel, Launch of the Administration’s Strategy to Mitigate the Theft of U.S. Trade Secrets, White House Blog (Feb. 20, 2013), https://www.whitehouse.gov/blog/2013/02/20/launch-administration-s-strategy-mitigate-theft-us-trade-secrets; U.S. Intell. Property Enforcement Coordinator, Exec. Office of the Pres. of the U.S., 2013 Joint Strategic Plan on Intellectual Property Enforcement (2013), available at https://www.whitehouse.gov/sites/default/files/omb/IPEC/2013-us-ipec-joint-strategic-plan.pdf.
[11] See, e.g., Article 18.78 of the draft Trans-Pacific Partnership agreement, available at https://ustr.gov/sites/default/files/TPP-Final-Text-Intellectual-Property.pdf.
[12] Pub. L. 114-153, effective May 11, 2016, codified as amendments to the Economic Espionage Act, 18 U.S. C. §§ 1831-1839.
[13] Directive (EU) 2016/943, available at http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L0943&from=EN.
[14] See http://www.nsf.gov/statistics/infbrief/nsf12307/ (R&D-intensive companies reported secrecy as “very important” or “somewhat important” at a rate more than twice that of patenting).
[15] TianRui Grp. Co. v. Int’l Trade Comm’n, 661 F.3d 1322 (Fed. Cir. 2011).
[16] Id. at 1343 (Moore, J., dissenting).
[17] See Eldred v. Ashcroft, 537 U.S. 186, 190 (2003) (“[I]mmediate disclosure is not the objective of, but is exacted from, the patentee . . . .”).
[18] Kewanee, 416 U.S. at 493.
[19] 35 U.S.C. § 112.
[20] Metallizing Eng’g Co. v. Kenyon Bearing & Auto Parts Co., 153 F.2d 516, 519-20 (2d Cir. 1946).
[21] See, e.g., Robert R. Armitage, Understanding the America Invents Act and Its Implications for Patenting, 40 AIPLA Q.J. 1, 54 (2012), available at http://www.uspto.gov/sites/default/files/aia_implementation/armitage_pdf.pdf.
[22] See Report on the Prior User Rights Defense (2012), available at http://www.uspto.gov/sites/default/files/aia_implementation/20120113-pur_report.pdf.
[23] The right is personal and may not be transferred; it may be exercised only in the places where the technology was in use at the relevant time; and it does not apply to patents held by universities.
[24] KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398 (2007).
[25] Bilski v. Kappos, 561 U.S. 593 (2010).
[26] Mayo Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct. 1289 (2012).
[27] Nautilus, Inc. v. Biosig Instruments, Inc., 134 S. Ct. 2120 (2014).
[28] Alice Corp. Pty. v. CLS Bank Int’l, 134 S. Ct. 2347 (2014).
[29] eBay Inc. v. MercExchange, L.L.C., 547 U.S. 388 (2006).
[30] SanDisk Corp. v. STMicroelectronics, Inc., 480 F.3d 1372 (Fed. Cir. 2007).
[31] In re Seagate Tech., LLC, 497 F.3d 1360 (Fed. Cir. 2007).
[32] LaserDynamics, Inc. v. Quanta Computer, Inc., 694 F.3d 51 (Fed. Cir. 2012).
[33] Octane Fitness, LLC v. ICON Health & Fitness, Inc., 134 S. Ct. 1749 (2014).
[34] See Armitage, supra note 21, at 4-9.
[35] For a straightforward and concise description of the Inter Partes Review, Post Grant Review, and Covered Business Method programs, see U.S. Pat. & Trademark Office, Major Differences between IPR, PGR, and CBM, www.uspto.gov/sites/default/files/ip/boards/bpai/aia_trial_comparison_chart.pptx (last visited Oct. 9, 2015).
[36] See Peter J. Pitts, “Patent Death Squads” vs. Innovation, Wall St. J. (June 10, 2015), http://www.wsj.com/articles/patent-death-squads-vs-innovation-1433978591.
[37] See, e.g., PATENT Act—Protecting American Talent and Entrepreneurship Act of 2015, S. 1137, 114th Cong. (2015-2016) (requires more specific pleadings and disclosures); STRONG Patents Act of 2015, S.632, 114th Cong. (2015-2016); Shield Act—Saving High-Tech Innovators from Egregious Legal Disputes Act of 2013, H.R. 845, 113th Cong. (2013-2014) (if passed, would permit a patent defendant to move early in a lawsuit to designate a patentee a non-practicing entity and to stay civil discovery while the motion is resolved). See also Senator Grassley Introduces Major U.S. Patent Reform Bill Different from House Bill, Intell. Prop. Owners Ass’n (Apr. 30, 2015), https://www.ipo.org/index.php/daily_news/april-30-2015/ (reviewing the PATENT Act).
[38] See 35 U.S.C. § 122(b)(2)(B).
Every trade secret case is built around a story. Sure, the plaintiff’s story is different than the defendant’s, even though each draws on the same facts. For the rest of us that don’t have a dog in the fight, helpful lessons are available. But sometimes you have to look hard to find them. Here’s one.
When Waymo, the Google self-driving car company, filed its lawsuit against Uber earlier this year, the story was remarkable enough. Anthony Levandowski, the head of Waymo’s research team for several years, had left to start Otto, supposedly to make autonomous long-haul trucks. Six months later Uber had purchased the new company (for $680 million) and hired Levandowski ($250 million in Uber stock) to lead its own team. Thanks to an errant email, Waymo suspected Uber had accessed its secrets, and ultimately discovered that just before leaving Levandowski had downloaded over 14,000 confidential files.
The optics kept getting worse. It turned out that Uber had struck a deal with Levandowski immediately after he left, promising to buy the newly minted Otto months later. And because they knew that litigation was likely, they cloaked the transaction in a shared privilege. It looked like Otto had been just a cover to keep Waymo distracted, and that Uber may have known about the downloaded files.
When it came to the injunction hearing earlier this year, Uber made an impressive showing: 40 attorneys had interviewed 85 witnesses and reviewed over 300,000 documents, demonstrating beyond argument that none of the secret Waymo files had come over to Uber. But the judge persisted: what about conversations Levandowski might have had with the Uber team, making suggestions based on his knowledge of Waymo data? Levandowski wasn’t available to answer, since he had claimed a Fifth Amendment privilege.
But Uber had more to worry about than just Levandowski’s absence. Buried deep in the deal documents was an unusual provision that would illuminate and underscore the judge’s concern.
When the transactional records were released about a month later, they showed that Uber had agreed to indemnify Levandowski, promising to defend him and pay for any judgment based on trade secret misappropriation before the contract was signed. Presumably, this was mainly about the downloaded Waymo files. How could Uber justify taking on that responsibility? By tying the indemnity to a robust and independent investigation of what Levandowski had done. In that way, Uber would know exactly what it was getting into, and would be able to prove that none of the files were actually used at Uber.
It is unusual, but not rare, for a hiring company to indemnify a new employee against claims by a former employer. An indemnity commits the new employer to shared liability, although that risk might be reduced by careful investigation, as Uber apparently did here. And it can be evidence that both parties had something to worry about, and so can fit into a plaintiff’s narrative. A safer approach for the new employer is simply to require, in writing, that the recruit bring no information in any form, perhaps providing independent counsel to help ensure compliance. But where the risks can be managed, and when the perceived value of the new hire is great enough, companies occasionally give in to the demand for indemnity.
In its deal with Levandowski, Uber went further. Having indemnified him against past “Bad Acts” (yes, that was the unfortunate term they used in the documents), it excluded coverage for future misbehavior that was fraudulent or intentional, including misappropriation of trade secrets. But Uber agreed to a significant exception to this exclusion: there would be indemnity for any use of “information . . . retained in [his] unaided memory.” In other words, so long as Levandowski didn’t deliberately memorize something by referring to the Waymo documents, he would be covered for using whatever he happened to recall.
Let’s pause here to briefly address three important points. First, trade secret misappropriation applies to information carried in one’s head, just as if it were on paper or in an electronic file. Second, liability doesn’t depend on direct copying of the information; in this context that means, for example, that suggestions made to Uber’s team could be actionable if based on what Waymo had found didn’t work or worked less well. Third, the kind of exception Uber agreed to here, when used in a nondisclosure agreement between businesses, is called a “residuals clause,” because it carves out from protection the “residual” information that people exposed to the secrets might later remember.
For large companies looking at possible acquisition of a technology or business, the residuals clause makes sense, because it protects against claims over similar activities that they might be pursuing independently in another division or at a later time. But the disclosing party always sees the residuals clause as a red flag and resists it, because the risk of losing valuable secrets is obvious and unpredictable. I have frequently seen transactions fail on this single issue, the discloser claiming that the “residuals” exception swallows the rule on confidentiality.
In effect, Uber granted Levandowski a residuals exception on Waymo’s secrets. Of course, this doesn’t necessarily mean that he misused what he knew from Waymo while guiding the team at Uber. It is at least theoretically possible, for example, that the technology platform at Uber is so different than Waymo’s that nothing from Waymo could possibly be relevant to Uber’s project. But trade secret cases are driven by appearances, and Uber has given Waymo the appealing argument that Levandowski was incentivized to misappropriate.
As I pointed out at the beginning of this piece, the issue is not so much the particular story as it is the lesson we can draw from it. Here, we’re talking about onboarding of high-level talent from a competitor, and the most important lesson for management is to understand the hidden risks. They begin with a fact we too often ignore: those with responsibility for the recruitment are seized with cognitive dissonance. While we say we want them to respect third party IP and avoid contamination of our own information assets, we also know that the recruit with relevant experience at a direct competitor is the “perfect hire.” Sometimes there is too much emphasis on the latter and very little on the former, and the “perfect” hire becomes the dangerous hire.
As we see from the Uber example, this tendency to underestimate or ignore risk can be amplified by a sense of urgency, such as a need to catch up in an emerging market. Paying a lot of money for high-level talent can be justified by the size of the opportunity. But by agreeing to indemnify Levandowski for what he remembered, Uber raised the stakes with risk.
No one can say for sure whether the prize was worth the cost for Uber, not least because there’s been no trial, and perhaps Waymo won’t be able to prove that anything about its project leaked from Levandowski’s brain to Uber’s team. But still, this case is instructive for any business considering hiring an executive from a competitor: be aware that the cost of this recruitment might include the legal fees, disruption and liability risk of a trade secret claim. Manage accordingly.
It’s never good to get a letter accusing you of taking someone else’s property, or worse a lawsuit that can distract or disrupt your business. The key to a good outcome is to remain calm and make sensible decisions. This may be a challenge because the charges against you are freighted with emotion. You are said to have acted willfully, with malicious intent. You need to be stopped and punished because you are a thief and a fraud. But don’t react to the rhetoric.
Unless your company is large and the claim against you is seriously misplaced, your objectives should be simple: bring down the temperature, engage in discussions, and find a way out of the dispute. Of course, you may be facing an irrational opponent and have no choice but to fight. However, in my experience trade secret claims very often result from misunderstandings (in one case a casual joke in passing at an airport led to over a year of intense legal proceedings), and you can end up a hero by keeping a cool head while others are driven by emotions.
Unlike the plaintiff, you may not have much time to prepare your reply, particularly if the claim comes in the form of a lawsuit without a previous warning letter. In the exigency of an immediate demand for an injunction, for example, you will have to multitask in several important areas. You must establish lines of communication and control, to organize your response. You have to secure the relevant documents and electronic records, to avoid claims of destroying evidence. And you must try as best you can to gather the relevant facts, not just to show why you are right, but also to understand the plaintiff’s likely motives and objectives, and the personalities who drove the decision to sue.
Naturally, you should confer with your lawyer and other advisors to define your strategy. But in general, as a defendant your primary goal should be to solve the problem and end the legal fight quickly if possible, since you have many other more productive things to do. Usually this requires a carefully measured, calming first response coupled with a push for early discussions. Perhaps one of your board members can approach a counterpart in the other company and have a helpful conversation. Consider whether there is some action you can take – such as moving an employee to a less sensitive position – that might help build confidence in your good intentions. As long as you are able, continue looking for ways to encourage communication, and keep an open mind about possible settlement options.
If the dispute begins with a warning letter, then typically your reaction should be to buy time to investigate and plan, asking for meetings and exploring possible solutions outside the track of litigation. It is usually difficult for angry disputants, especially early in the process, to see all the possible ways in which the matter could be resolved to everyone’s satisfaction. This is why “alternative dispute resolution” is so well suited to trade secret fights, where emotional drivers can be working beneath the surface to obscure the rational possibilities. Begin by offering to meet. Explore the idea of involving a facilitator, perhaps a senior retired executive from the industry, or a professional mediator. Consider making specific suggestions that might form part of an ultimate resolution, such as the appointment of a technical expert to examine and report on your operations, rather than going through the inefficient and disruptive court process at this point.
If despite your best efforts you can’t find a way to avoid a legal fight, then you need to be ready to shift to a vigorous defense, perhaps also asserting counterclaims, in order to improve the balance of risk between the parties. Part of this is about legal strategy and tactics, but those decisions rely on having comprehensive knowledge of the facts. Therefore, you will usually need a deeper investigation than you may have been able to do at the outset. This should be done under the direction of experienced legal counsel, in order to avoid mistakes and to preserve confidentiality.
Some cases can be transferred into private arbitration, which can be less expensive and more conducive to settlement. For example, if the case grew out of your hiring employees from a competitor, you should examine their employment contracts to see if they contain an arbitration clause. Even though your company was not a party to that contract, some courts have held that deference to the strong public policy in favor of arbitration should allow someone in your situation to take advantage of it.
Another early item on your checklist should be possible insurance coverage for defense of the lawsuit. While specific coverage for such claims is rare, some defendants have been successful in demanding coverage under their general business liability policies.
Turning to the substance of the litigation, these are the traditional defense themes:
From a tactical perspective, in litigation, just as in negotiations, you need time to catch up and make sure that you have a clear understanding of the facts. So absent some good reason to do otherwise, it makes sense to take advantage of any procedural time extensions, especially early in the case. Apart from that general observation, there are two important tactics that you should consider.
First, as soon as possible you should demand a clear definition in writing of the trade secrets that the plaintiff believes have been taken. Remember that secrets, unlike patents, are not examined by a government agency and usually don’t have to be described until they are part of a lawsuit. You need to force that description, and if necessary to repeatedly challenge what the plaintiff proposes. You are entitled to have a definition of the claimed secrets that is specific enough to compare to what is in the public domain and to your own data or products. Without this discipline in the case, the plaintiff will be inclined to make the dimensions of its trade secrets match what it finds out in discovery from you.
Second, you should engage in vigorous discovery against the plaintiff and others who have a relationship with the plaintiff (such as customers, suppliers and investors) and who may have information relevant to the claims. The plaintiff took the decision to start this fight, and it is only fair that it feel the heat, too. And it is usually through discovery – which is why it bears that name – that you come upon facts that can help build a compelling defense.
When I was in Geneva trying to engage developing countries about the value of robust IP laws, occasionally I heard a response like this: “What hypocrites you are! The U.S. economy got its start by stealing from abroad. Why should today’s poor nations be denied the same opportunity to catch up?” The argument stung enough that I thought I should check out the real story. Here’s what I found.
On an early September day in 1789, Samuel Slater, 21 years old, boarded a ship in London to begin a voyage to New York. His family didn’t know he was doing this. He presented himself as a simple laborer, a farm hand. He was lying. Hidden in his pocket were his only official papers, identifying him as a recently-released apprentice to a cotton mill.
Slater had been apprenticed seven years before to Jedediah Strutt, a friend of his father, who operated the Cromford Cotton Mill in Derbyshire. For textiles, Derbyshire was the Silicon Valley of its time. It employed Richard Arkwright’s transformational “water frame” technology of cotton spinning, allowing thread to be spun on dozens of spindles in a single operation. Young Slater had proven to be particularly adept at maintaining and adjusting the machinery, and showed great promise to his employer.
But Slater had two other important attributes: he was ambitious, and he had an extraordinarily good memory. Earlier in 1789 he had heard news that textile manufacturers in America were struggling. The young country was the leading supplier of cotton to the world, but that was in bales of raw material. The high-profit processing center was in England, where Arkwright had made a staggering fortune. But like other monopolies, this one was in imminent danger of disruption.
Most English businesses of the time protected their technology in the traditional way, through guilds and closely controlled apprenticeships where secrets of production could be reliably shared. But the government provided additional help to the textile industry. By 1774, fifteen years before Slater slipped out of the country, England had criminalized both the export of textile machinery and the emigration of textile mechanics. Slater, because he had been trained in the craft, committed a criminal act just by leaving the country.
Slater first came to New York, where he pulled out his apprenticeship papers and got hired at a textile plant. But when he reported for work he was disappointed to find that the machinery was hand-operated and used old technology. A few weeks later he learned that there was a manufacturer in Providence who had been trying, and failing, to replicate the English mechanized cotton-spinning factory. Slater wrote a letter offering his services, emphasizing his experience operating Arkwright’s water frame.
Moses Brown, the proprietor, decided to take a chance, and brought in Slater as a partner. Working only from recollection, making much of the necessary tooling himself, and experimenting with adjustments of his own invention, within a year Slater managed to create America’s first automated textile mill.
Slater’s factory was a huge success, and the technology spread rapidly. By 1815, within a 30-mile radius there were 140 mills operating over 130,000 spindles. This was the launch of the American textile industry, and arguably of the American industrial revolution, upending the client-server relationship between agricultural, extractive America and manufacturing England.
Samuel Slater is remembered well but variously. In the United States, Andrew Jackson dubbed him the “Father of American Manufactures.” In his hometown of Belper in Derbyshire, he is less fondly known as “Slater the Traitor.” (It also bears mention that Slater’s wife, Hannah Wilkinson Slater, became the first woman in America to receive a U.S. patent, covering her invention of cotton sewing thread.)
Is it reasonable to say that the U.S. got an unfair head start on the Industrial Revolution by stealing secrets from Britain? I don’t think so. Industrial espionage had been practiced in Europe throughout the 18th Century, with the British and French particularly active, even using diplomats to get access to valuable commercial information. Moreover, Britain, like some other European countries, frequently granted “patents of importation,” which didn’t require the applicant to be an inventor, if the invention was new within the country’s borders. In this way, governments regularly encouraged people to “steal” ideas from abroad and bring them home.
This opportunistic behavior by nations was seen as acceptable only because of the mercantilist attitude of the time, where national interest was all that mattered. It would be another hundred years before international treaties were established to guarantee respect for foreign intellectual property laws, creating the more integrated environment for IP that promotes global commerce today.
Looking back, we can’t really conclude whether Samuel Slater’s actions would have qualified as trade secret misappropriation under modern laws. We don’t know, for example, how much of his work that first year resulted from his skills and general knowledge about the physics of spinning cotton and about pre-existing mechanical techniques. All of that was his to use freely. And we don’t know to what extent the success of his mills was due to improvements that he came up with on his own.
But there may be a broader lesson to be drawn from the Slater story, one that resonates in the modern, information-based economy. Some scholars think that Massachusetts, near where Slater’s mills were established, lost the march to Silicon Valley because non-competition agreements were regularly enforced against employees there and in other Eastern states. Many of those employees decamped to California, where the law prohibits such restrictions. Undoubtedly some confidential information has been lost along the way. But consider the results. Perhaps we should look to Slater as demonstrating the universal economic value of labor mobility.
I still remember the day I decided never to do another divorce case. My client called to tell me that her ex was taking the kids to his mother’s house where she would look for holes in their socks and then rip them with her fingers. This surely was grounds for a restraining order! No, it wasn’t, I insisted.
Back then we accepted any kind of case that involved a courtroom: accidents, real estate, criminal, contracts, and “domestic relations.” It was the divorces that often involved the worst behaviors, seeming to require more therapy than legal advice.
These were also the early days of Silicon Valley, and it wasn’t long before commercial litigation, and trade secret cases in particular, came to fill up my calendar. Hardly a week went by without a group leaving to do a start-up or join the competition, provoking a lawsuit. After thirty or forty of these, a common theme emerged: somebody always had done something foolish, like overheating the photocopier or bragging about how they were going to destroy their old employer. So it seemed to me that if people just understood the rules, they would never get into these scrapes. But the same kind of mistakes were made even by experienced, sophisticated actors, and the lawsuits kept coming. I was baffled.
Then I married Laura-Jean, who is a psychotherapist. When she learned about my trade secret cases, it was immediately clear to her what was going on. These people were distracted – and sometimes blinded – by their emotions. And that’s when it hit me: trade secret disputes were a lot like divorces, and if you could understand the emotional forces at work, you could do a better job for your clients. The analogy wasn’t perfect, because people choosing to end their marriages were often consumed by their feelings to a level that didn’t usually apply in a business context. But the parallels were striking, and illuminating.
Laura-Jean pointed out that all my trade secret cases involved a relationship of trust. In a start-up, a sense of common purpose forms the framework – a band of disrupters fighting against the entrenched incumbents. And even in large companies, internal teams develop their own organic sense of loyalty to one another, fueled by the challenge of designing breakthrough products. Team members come to rely on each other, and their bonds are, to some extent, emotional.
So when a relationship like that is sundered – particularly when it involves competing against former colleagues – passions take over. Anyone dealing with trade secret litigation needs to understand this dynamic.
Let’s start with the ones left behind. Unless the company has had plenty of advance notice, the shock of learning about the disruption evokes primarily feelings of betrayal, not unlike the discovery that a spouse has been unfaithful. At a superficial level, the affected managers will be disappointed and frustrated, but often their behavior will reflect stronger reactions. They have been deceived. They – and frequently the co-workers too – feel abandoned. Just like the kids who don’t get picked in school sports, they may have feelings of jealousy toward those who have left for the exciting new adventure.
Often, the accused turncoats are also startled by what has hit them. In denial about the effect of their putting important information at risk, or even of just their leaving the team, they tend to justify their actions by thinking that they had been treated poorly, or that the company didn’t want to pursue that line of technology anyway. The accusations sting, and they may feel hurt and bullied, scapegoated by managers who are just looking for a substitute explanation for their own personal failures. The lawsuit can also provoke fear or even panic, as they see their dreams and fortunes fading.
Both sets of players experience some level of anger, and may be inclined toward revenge, again distracted from the risk of digging deeper into the fight. Ironically, each side can feel victimized by the other, seeing whatever they do as a reflection of their more righteous position.
These emotions aren’t just clues to an abstract understanding of the actors in the drama that is your trade secret case. They are drivers of behavior, including the way that the facts are recalled or reported.
As many judges will confirm with a sigh, you can frequently see the emotional content of a trade secret dispute reflected in case filings. This often begins with a complaint that is drafted to read like a combination spy novel and press release, suffused with pejoratives directed at the defendants. It can continue with tit-for-tat motion papers filled with invective. If you think this means that counsel have become part of the problem, you would be right. Recently in San Francisco a trade secret case was dismissed as a sanction for unprofessional conduct by one of the lawyers, who threw a cup of coffee at her opponent during a deposition. Laura-Jean tells me this is a consequence of what psychologists call “identification” or “merger,” in which lawyers mistakenly believe advocacy requires adopting their client’s emotional state as well as their legal position.
Third parties can feel the effects, too. Customers don’t like being dragged into a fight over their business relationships, and sometimes the annoyance leads them to flee both sides.
Giving free rein to emotions in trade secret cases can make them very hard to settle, certainly in the early going. The whole idea of trying to preserve and improve a relationship is lost on combatants who seem committed to batter it. When settlement arrives, as it must in most cases, it is often the product of exhaustion rather than sober assessment of the risks and opportunities.
As I have often told my students, the human drama that characterizes trade secret litigation can be attractive. After all, there’s something to be said for disputes that have a real moral dimension, grounded in the noble tort principle of finding fault. But although these cases are fascinating for their story lines and ethical themes, they come with a special obligation on legal counsel. This includes acting professionally and not throwing coffee at a deposition. But it also means helping our clients by recognizing where their emotional reactions might not be serving them, then guiding them toward a perspective that is more closely aligned with the goals of their business.
After all, these cases aren’t about tearing holes in socks.
In the recent lawsuit filed against Uber by Waymo for hiring the head of its driverless car project, what would have been a normal discovery dispute over access to a report suddenly became a lot more complicated when the former Waymo executive asserted the fifth amendment, claiming that forcing disclosure of the document could incriminate him.
Trade secret litigation between companies is common, but criminal charges—or the threat of them—isn’t. So how is it that commercial disputes become criminal?
The answer usually is that the trade secret holder believes it has very strong evidence of theft and decides to approach the authorities. If you are located in a state with criminal trade secret laws, you have a choice of reporting to the county prosecutor or going to the FBI or Department of Justice, who operate under the authority of the Economic Espionage Act. In a number of states, and in each of the 93 federal districts, there will be prosecutors and investigators trained in handling technology cases. If yours seems sufficiently serious, they may agree to take it on.
But would you want them to? The answer may not be obvious. Certainly, the advantages of referring your trade secret claim for criminal prosecution can seem compelling. Considering the costs and risks of typical civil litigation, the idea of calling in the resources of the public prosecutor and sitting back to watch them annoy your adversary is attractive. So the first advantage is cost. Even though you will still have to spend time to teach the investigators and prosecutors about your industry and the facts of your case, you will be spared the disruption and expense of pretrial depositions, since the discovery process is very limited. And even if you have your own lawyers monitor and coordinate the proceedings, you stand to save a great deal over what you might have had to spend in regular civil litigation.
Second, the results of a successful criminal prosecution can sometimes get you to a civil settlement quickly and with maximum leverage. If the defendant pleads or is found guilty, that result is binding in a civil case and the only issue becomes the kind of remedy or amount of money that should be awarded. And it doesn’t work the same way in reverse. If the defendant is acquitted, the civil case can still proceed and can result in a judgment for the plaintiff. The reason is that the burden of proof (beyond a reasonable doubt) is so much higher in a criminal case. In this sense, using the criminal process is a no risk proposition for the victim.
The third major advantage is speed. Many trial courts are blocked in a logjam of civil litigation, with some cases taking years to get to trial. (Of course, if your case is decided and settled on a preliminary injunction, you can complete the process much faster.) However, the criminal case, unfettered by an extensive discovery process and having special preference on the calendars of most courts, will usually move to a conclusion fairly quickly. And considering the distraction from productive work that usually comes with this kind of case, faster is almost always better.
Fourth, the criminal process gives you a remedy that is usually unavailable in civil litigation: the search warrant. There is always an advantage to seizing evidence before anyone has had a chance even to think about altering or destroying it. And it’s hard to imagine a more impressive way to get someone’s attention than to be visited by armed law enforcement.
Indeed, one overriding advantage of criminal prosecution is its deterrent effect. Because trade secret theft is infrequently prosecuted, the news will travel fast to other employees, vendors, and competitors who might be inclined to be loose with your data. Unless the prosecution is badly mishandled, it almost doesn’t matter what is the outcome of the process. You will be known as having such a serious concern for your rights, that you will call in the police.
So if using the criminal process is such a great idea, why not pursue it in every case? Why bother at all with the expense and uncertainty of civil litigation? To begin with, you may not be able to get the prosecutor to take your case. Even where the authorities are enlightened and enthusiastic about trade secret matters, they want to take on only the ones they can win under the burden of a “beyond reasonable doubt” standard.
But there are a number of potential pitfalls and disadvantages in using the criminal system. First and most important is loss of control. You’ve passed the ball to the prosecutor, who will now call all the plays. Once you’ve started the procedure, you can’t stop it. Most prosecutors will consider input from the victim in deciding what risks to take or whether to dispose of the case before trial. But even though the prosecutor is a lawyer, you’re not the client; the state is. It is the interest of the government in punishing wrongful conduct that controls a criminal case. As a result, the prosecutor has the final say in what happens.
This dimension of the process can be especially frustrating when you want to settle, having achieved your goal of protecting your data. But no matter what agreements, orders, or money the defendant offers, you cannot make the criminal case go away.
Another aspect of this loss of control surfaces when you try to bring or continue a civil suit at the same time that criminal charges are pending. In the typical case of surreptitious misappropriation, you need access to the defendant’s testimony and documents to prove your claim. Ordinarily you get this through discovery. But when a criminal action has been filed, many of the records are in the hands of the authorities, having been seized in executing the search warrant. And if you try to take the defendant’s deposition, you’ll get a refusal to answer based on the right against self-incrimination. In effect, there’s nothing more you can do.
Because trade secret theft is not often prosecuted, you face another risk: the police or prosecutor may mishandle the case in any number of ways. This is especially true with technology matters, where sophisticated handling may be required to preserve secrecy or prevent damage to evidence.
Indeed, another drawback to the criminal process is the possibility that the very information you are trying to protect may be even more widely disclosed. Remember that the criminal defendant has a right to a public trial. Sometimes defendants will exercise this right to the maximum, hoping that the risk of further disclosure will convince you to ask that the charges be dropped. Although the judge will normally issue orders limiting access to confidential information, this may precipitate risky confrontations over just how much of your data actually qualify as trade secrets. In deciding these issues, the judge may be affected not just by the defendant’s demand for an open trial. If the case is at all newsworthy, the press will be pushing to open the courtroom and get access to the records. And not far behind them may be your competitors.
Finally, remember that the public prosecutor may not be able to achieve your goal of winning the case. The burden of proof is very high, and this fact may allow the defendant to “slip through.” In addition, even a very good trade secret case can be lost through lack of resources. There may be few expert witnesses and consultants available to the government to develop the most convincing presentation. In the end, this too is an issue of control: if you want to be able to determine how the case is managed and how vigorously it is pursued, you may have to do it yourself, in the civil courts.
During a recent seminar I was asked, “What can companies do to stop the loss of trade secrets to places like China?” The questioner seemed stressed and a bit angry, perhaps reflecting a certain frustration that there may not really be an answer. While I can understand the concern, and although there is no way to entirely eliminate information security risks when doing business overseas, we certainly can reduce them.
The modern commercial environment is inescapably digital and global. Long supply chains and open innovation strategies require sharing valuable information with actors in countries where legal protection systems are not robust. Companies increasingly employ foreign nationals, both in the U.S. and in installations abroad. And just like any other employees with knowledge of your secrets, they tend to move about.
The legal backdrop for all of this can seem confusing. If you look at the WTO standards for trade secret protection laid out in the 1995 TRIPS Agreement, they look pretty solid. (They also look familiar, since they were adapted from the Uniform Trade Secrets Act.) But the problem lies in enforcement. Bringing a trade secret claim requires access to proof, and civil law countries don’t provide discovery. So you need to perform your own investigation and then deal with the local authorities. We’ll look at some things you can do to improve your chances in litigation; but first let’s consider how to manage relationships to avoid problems in the first place.
First, you need to set a strategy for handling your most valuable data. Inform yourself about the places where you think you might have to expose that data; what cultural differences might influence the way that people there will respect your rights? Are there local laws and policies on employee rights that could affect the trustworthiness of the people who will have access? Some cultural practices, such as the acceptability of “trading favors” or the ability of friendships to trump business obligations, could alter your risk calculus. Note that we are dealing here with the classical “insider threat” through which most critical information is lost. Whether the loss occurs through some electronic connection is not the point; the weak link is the personal actor.
And so in addition to the local cultural and business environment, your strategy has to consider the various relationships that will be implicated: collaborators, outsourcing partners, vendors, distributors and even customers can be vectors of information loss. If you intend to operate through a local subsidiary or establish your own local research facilities, then these too will become “endpoints” in your connected network. Finally, consider how these relationships will play out with other actors in other countries where you have operations.
As in any risk analysis, you have to be sufficiently informed about your environment so that you can make intelligent decisions about your appetite for risk. In this context, that means having a thorough understanding of what information assets you own, how quickly their value degrades, and what are the likely threats of loss. Understanding all of this will help inform the decisions you make about particular deal structures, or about how you package your secrets and where you send them.
Some governments require that, as a condition of entering their markets, you may have to license your relevant know-how or other intellectual property to a local partner. In its most benign form, these requirements are intended to provide a kind of “training” to local industries, to help them move up the value chain and become more productive. In a darker sense, they can also be simply a way of forcing technology transfer to favor domestic companies. Either way, you need to consider the risk of loss as a cost of entering, or staying in, that market.
Some foreign laws regulate contracts, including nondisclosure agreements, to impose time limits on confidentiality. This can provoke surprises when dealing with local licensees, so if the information is particularly valuable look carefully at these restrictions, and at competition laws that regulate issues like territory or use restrictions on dealing with your data.
Of course, some local partners can be very valuable in helping a business succeed, by applying their special knowledge or connections. And some markets, such as China or India, are so huge that the risk of some information loss is deemed acceptable. The point is not to avoid doing business in these places because they are risky, but to consider carefully the nature of the risks so that you can make smart decisions.
Legal issues are only a part of the picture when considering foreign operations. Because trade secret protection fundamentally relies on trust, your first line of defense is the integrity of the people you will be dealing with. So employ a “know your partner” rule. Thoroughly investigate before establishing the relationship, and carefully monitor and manage it throughout. This applies to the usual external relations with collaboration or outsourcing partners, vendors, distributors and customers. It applies with special force to your local managers, who will have ongoing access at some level to inside information, and they should be subject to extensive background checks (as well as solid contracts and ongoing training and close supervision).
For each of your potential corporate partners ask: how well can I trust this company? What will it do to protect the secrets that I will disclose to it? Here, beware of the common but threadbare promise to protect your secrets with “the same level of care as is applied to its own.” Instead, get specific about exactly what they do to manage confidentiality. What sort of contract (confidentiality and noncompete) program do they have in place with their own employees? What is their training program for trade secret protection? Do they do background checks on their employees? What procedures are in place for physical and electronic security? How sophisticated and well-enforced is their own information security policy? Will they subcontract any of the work they are doing for you, and if so how do they protect against problems with the subcontractor, or with that company’s subcontractor? What has been the history of the company’s other commercial relationships? Does it have ties to the government?
In the U.S., contracts are important, but the law often will imply a confidential relationship, such as with employees or a long-standing supplier. The same is not true in most of the rest of the world, where secrets are often legally protected only by contract law. And the difference is even greater when it comes to remedies and enforcement in case of a breach. When dealing with foreign actors with access to your information, what’s in the contract is the most important factor.
Be very detailed about what information is to be protected, and how. This includes who is to get access and for what purposes. Also be specific about exactly what protection measures you expect for the facilities where your information will be kept, the IT systems that may be used with it, and procedures to be followed for return of materials at the end of a project. Where possible, require downstream agreements with all individuals and companies that may be given access (including noncompete provisions where allowed by local law), coupled with recordkeeping that will make monitoring compliance straightforward and easy. In fact, you may want to specify the content of these downstream confidentiality agreements to be sure that they name your company as the beneficiary of the secrecy obligation; in some countries, you may not be able to assert a claim if you are not named in the contract that binds that specific person or organization.
Expect to have to do more to manage and verify compliance when you are dealing with foreign relationships. Be sure that your partner is obliged to tell you when someone leaves the project team, and to take specific steps to follow up and ensure that confidentiality is respected by the departing employee. Require advance approval for any subcontracting. If you can get it, include an indemnity clause that puts the risk of loss on your partner in case there is a problem that happens through the people or companies they work with. Provide for regular audits and any other monitoring procedures that might be helpful.
Where possible, include specific and substantial penalties for any breach of confidentiality. Foreign courts may sometimes recognize these contract clauses and award much more than would have been available as normal damages. To ensure the most robust remedies, try to get the other side to agree to U.S. jurisdiction in the case of any dispute. (This may be most effective with companies that have existing relationships or assets in the U.S. that they want to protect.) Consider including an arbitration clause, which some foreign jurisdictions may be more likely to enforce than a general concession to U.S. jurisdiction. Arbitration has the advantage of privacy, and often can produce more effective remedies than you can get directly from a court.
While contracts are important, the most detailed agreements are not a substitute for close, even obsessive, management. Don’t take anything for granted, and follow up on every issue. Even though it will take up more time, you will be better informed, and your intense attention will serve a message that you are serious about protecting your rights. Encrypt and document all communications. Mark every document prominently as confidential, and create special procedures for handling particularly sensitive records.
Make information security a positive objective for your partner. Create incentives that are connected to good security outcomes. Encourage quick and full disclosures of any problem, including reports on what departing team members are doing. And provide (don’t just require) continuous secrecy training to every person who has access to your data.
Before making any substantial investment in a foreign location, retain legal counsel who is familiar with the practical realities of the jurisdiction and has helpful connections with local law enforcement. It’s not just about the content of the laws, but about how to get enforcement when there’s a problem. Are there special restrictions on employee confidentiality or invention assignment agreements? Do employees have to be paid special compensation for their inventions? Are injunctions available? How much proof do you need to win? What damages can you expect to recover? What are the risks of pursuing a claim in litigation?
One time-tested strategy for managing risks to your trade secret is never to let one person know all that’s necessary to make it valuable. Brought to scale for large organizations, this divide-and-allocate approach can include:
For example, automotive manufacturers going into developing countries have resisted doing their research and design work there. And when Sony increased its manufacturing in China, it clarified that some very important parts, such as the PlayStation game controller chip, would always be made in Japan, for security reasons. These strategies may not be sustainable in the long term, so be realistic about how long it will take for your current secrets to be compromised, so you can be working on making them more or less obsolete through your next generation technology.
Whether or not you establish facilities in foreign markets or enter into relationships that require sending your technology there, you or your colleagues will be “carriers” of your company’s secrets whenever you travel. Here, apply equal doses of common sense and paranoia to avoid mistakes. Consider replacing your electronic gear – laptop and phone – for travel with stripped-down versions that contain only the applications and (encrypted) files you will need for this trip. Have them examined and “scrubbed” on your return, so that you can know whether there has been any attempted compromise and whether it is safe to transfer your updated files. While in the foreign country, assume that all internet traffic is watched and recorded. Always use encryption, and where possible use a Virtual Private Network (VPN) to connect to the internet. Avoid all public wireless networks. When in meetings, assume that conversations are being recorded.
Trade secret litigation is hard, expensive and disruptive. Doing it in a foreign jurisdiction can be all of those things but worse. So first try to find a non-litigation solution to the problem. If that can’t work, consider whether it might be possible to sue only in the U.S. If that is not an option, then consider this:
When we think about trade secrets, we usually focus on keeping our own data safe. But an even bigger risk comes from hiring employees who can infect our systems with confidential information from a competitor. Companies often learn this the hard way. Boeing’s hiring several managers from Lockheed led to a $615 million fine and indictments of the individuals. Hilton poached two Starwood executives to create a competing hotel brand, but they came with thousands of documents and prompted a lawsuit that killed the project and cost $150 million to settle. Recently a similar situation at Zillow required a $130 million settlement.
Contamination also happens through lower level staff. In a survey by Symantec, over half of employees who left their jobs reported keeping data that belonged to their employers, and most of them planned to use it in their new positions. And perhaps most worrying, 68% of them said that their current employers take no action to protect against improper use of third party data.
Worrying but perhaps not surprising. As in other aspects of human behavior, denial plays a leading role here. Employees, anxious to please and “hit the ground running,” convince themselves that downloading a few files for “reference” isn’t wrong. And employers in competitive industries, happy to get access to experienced talent, often ignore the warning signs.
The bad news is that, left alone, third party data infection can gestate for many months or years while it worms through a company’s systems, projects and products, emerging to cause disruption and lawsuits, often long after the bad actors have moved on. The good news is that this is a risk that can be managed, and in the process you can also help prevent your own information from leaking outside the company.
In highly competitive industries with high labor mobility, recruiting poses a conundrum that many managers prefer not to dwell on. The best new employees come from the competition, because they’ve got “relevant experience.” But extending this logic increases the risk: the perfect hire is the one who comes with whatever it takes to solve our problems and leapfrog ahead: the one who has worked on an identical project or product and knows the competitor’s strong and weak points. Any company that projects ambivalence about these ethical risks is bound to attract individuals who are prepared to take risks too, increasing the chance of a trade secrets train wreck.
Proper management of the process begins with designing and advertising the recruitment. What will the announcement say about the job requirements? Ideally, the qualifications should be expressed in generic terms, avoiding anything that could be interpreted as trolling for a source of competitive data.
Of course, if the recruiting isn't entirely honest, and the company is interviewing the competitor's staff in order to find out what they're working on, that's a different kind of risk, layering fraudulent motives on an already tricky transaction. So establishing clear policies and providing appropriate training for the recruiters is critical.
Indeed, guidance and training are especially important for those who conduct the pre-employment interview. Guided by a checklist (see box for a sample), they should be motivated to learn only what is needed in order to assess the candidate's general knowledge and skill set, that part of their experience that they are entitled to take with them. This basic rule has to be communicated to the candidates as well, warning them that they are not to reveal sensitive information of any kind.
This should be confirmed with a brief acknowledgement like this one:
To: Widgets, Inc.I am applying for employment with Widgets, Inc. I assure you that:
Dated: ________________ Signed: _________________________
Occasionally you will want to bring on someone who has been a key performer for a competitor. Highly-placed managers in research and development or marketing are especially likely to cause serious concern when they change jobs. Even if they aren’t subject to a non-compete agreement or a post-employment invention assignment (both issues that require specialized advice), hiring them from a competitor can provoke a lawsuit based on the idea that the person knows so much, and the new job is so much like the previous one, that they can’t possibly do the new one without compromising the confidential information that they know. Whether or not a court might issue an injunction based on a threat of "inevitable disclosure" (a subject for another newsletter) is not the main point; merely provoking litigation is harmful enough.
So when you're dealing with one of these high-level hires, always get advice of experienced counsel in order to identify all the risks and potential mitigation strategies. In special cases you may also need to pay for an attorney for the candidate, to provide a buffer of independent advice on how to leave the current job "clean" and reduce the likelihood of a lawsuit.
You face a similar kind of heightened risk when trying to hire a group of employees from a competitor. The competitor’s speculation is easy to understand: with so many qualified individuals out there, the only reason for going after most or all of a team can be to cause damage, and perhaps also get access to an array of special knowledge that will allow your company to move into a new area or product line, implying an intent to steal trade secrets. This, the competitor will allege, is a “raid." Litigation is likely.
Here, we have to confront the same paradox represented by the “perfectly informed” individual hire who knows everything about what the competition is doing: the potential value is high but so are the risks. And those risks can be much higher with a group, not only because there are more people to make mistakes, but also because the competitor is more likely to feel injured and take aggressive action.
The most common source of a group hire is a current or former manager of the team. Consider someone you already employ who used to be a manager for one of your competitors. One day he or she announces a “great opportunity” to capture some extraordinary talent, a group of people who have let it be known that they are ready to consider leaving. The manager knows them all personally, can tell you who are the stars, what special projects they worked on, and even how much you might have to offer in order to get them to move.
This may in fact be an excellent opportunity, but it is filled with risk that has to be managed. The manager likely has special obligations not to use information about the candidates that was learned while leading them. Your first step normally should be to separate your current employee from the recruiting process. Then bring in legal counsel to make sure that you have protocols in place that reduce the worst risks and that cloak your discussions with a privilege against disclosure, in case there is a lawsuit.
Once these precautions have been taken, you can proceed with interviews, ensuring that the same sort of warnings are given and documents signed as would be required for a single individual. Throughout the process, you should communicate to all involved that the company has a strong policy of respecting the rights of others, that your interest is only in the candidates’ general skills, and that you insist that none of the competitor’s confidential information find its way into your organization.
The company’s culture of respect for others’ information rights should be reinforced during the orientation process. As with the pre-employment interview, your goal is to impress on new employees the importance of coming to the new position “clean.” They have to understand that there is no advantage – and there is considerable risk to them personally – in trying to prove themselves by bringing with them the work they did before.
The “on-boarding” process can be a real opportunity to reinforce the importance of the company’s policies and the confidence you have in the new employee’s ability to get the job done only with the skill and general knowledge that they have accumulated during their career. Be sure to go carefully through the various forms and contracts that have to be signed, and make sure that the new hire knows where to go to get answers or address any concerns about information security.
Hiring consultants and contractors poses more risk than regular employees. Because the relationship is short there is less loyalty built into it, and management needs to be tighter. Also, contractors have often been working recently for competitors, and consultants typically are doing that simultaneously. They bristle with current and potentially dangerous information. Required to do the best they can for you, they engage in mental gymnastics to keep all of their known data properly categorized and walled off.
As with other areas of information security, this is a problem of risk assessment and management. You need to protect yourself first with contracts that make it clear that you don’t want importation of anyone else’s confidential data, putting responsibility on the consultant to prevent that. But before entering into the arrangement at all, you should confront any potential conflicts of interest, forcing the consultant to consider and articulate exactly how your concerns will be met.