Trading Secrets : Trade Secrets Lawyers & Attorneys : Seyfarth Shaw Law Firm : Computer Fraud, Confidentiality Agreements, Corporate Espionage

The first webinar of the 2011 series will focus on trade secret considerations in the banking and finance industry, with a particular focus on a firm's relationship with its FINRA members.  Topics will include:

• What practical steps can financial services institutions implement to protect trade secrets and client relationships
   
• What should you  do if your trade secrets are improperly removed or disclosed, or if your former employee is violating his/her agreements
• How do you prosecute a case against a former employee who is a FINRA member

Our panel consists of attorneys with experience advising clients on international non-compete and trade secret issues. CLE credit will be available for participants.*

Wednesday, April 6, 2011

10:00 am - 11:00 am Pacific
11:00 am - 12:00 pm Mountain 
12:00 pm - 1:00 pm Central
1:00 pm - 2:00 pm Eastern

For questions, please contact events@seyfarth.com and reference this event.

 CLICK HERE TO REGISTER

• Email This
• Print
• Comments
• Share Link

By Robert Milligan and Joshua Salinas

Police officers are free to review private and confidential information stored on your cell phone if the search is incident to an arrest in California. The Supreme Court of California recently upheld the warrantless search of a cell phone text message folder in People v. Diaz, 51 Cal. 4th 84 (2011). The decision places no restraints on the type or amount of data police officers may access when searching an arrestee’s cell phone.

Defendant Gregory Diaz allegedly purchased Ecstasy from a police informant. Police officers arrested Diaz, seized his cell phone from his pocket, and transported him to the sheriff’s station. Ninety minutes later, a police officer searched Diaz’s cell phone text message folder and found an incriminating message. The officer showed Diaz the message and Diaz admitted to the alleged sale of Ecstasy. Diaz later argued that the search of his phone’s text messages folder constituted an unlawful warrantless search.

The Supreme Court of California found the cell phone search a valid search incident to lawful custodial arrest. The court compared the search to previous U.S. Supreme Court cases that allowed the search of a cigarette box (United States v. Robinson, 414 US 218 (1973) and clothing (United States v. Edwards, 415 US 800 (1974) found on the arrestee’s person. The court rejected the argument that a warrantless search of property turns on the character of the property. The court found that the seizure and search was valid because of the reduced expectation of privacy resulting from the arrest. The court rejected the argument that cell phones’ ability to store vast amounts of personal information warrants heightened privacy interests. The court also found that there was no legal basis for distinguishing the contents of an item found on the person from the item itself.

In the dissenting opinion, Justice Moreno criticized the majority’s decision stating it “goes much further, apparently allowing police carte blanche, with no showing of exigency, to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or handheld computer merely because the device was taken from an arrestee’s person. The majority thus sanctions a highly intrusive and unjustified type of search, one meeting neither the warrant requirement nor the reasonableness requirement of the Fourth Amendment to the United States Constitution.”

What does this case mean for those who carry smart phones or other electronic devices that store confidential or private information?

1. Confidential and private information contained on electronic devices can be seized by law enforcement if you are arrested. Technological advancements have shrunk the size of storage devices and simultaneously increased their accessibility and storage capacity. iPhones, Blackberries, and other smart phones have become intertwined with business and personal information, including social networking. Diaz’s phone search involved text messages. However, this case arguably permits police officers to access confidential emails, documents, and voicemail messages that may contain private business or client information and personal information. Additionally, the character of the property seized is irrelevant. Thus, flash drives, digital cameras, and laptops found on the person may also be searched. 

2. Password protecting a device may not be enough. If a device requires a password for access, an arrestee may decide to refuse to provide police officers with his or her password. However, nothing prevents officers from seizing the device and using forensic software to copy and analyze the data and circumvent any password protection.

3. Diaz may be headed to the U.S. Supreme Court. Unlike Diaz, a 2009 Ohio Supreme Court case found a warrantless search of an arrestee’s cell phone unlawful. (State v. Smith, 920 N.E. 2d 949 (2009)). While the Court denied Smith cert., it may take up Diaz in light of the current state split and the scarce case law on cell phone searches.

4. Employers need to be cautious in determining what access to confidential and business information that they permit their employees to have in general, and specifically, through electronic storage devices, such as cell phones, laptops, thumb drives, etc., as sensitive data stored on such devices may be subject to search if the employee is later arrested.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

A few years after ruling that the Air Force violated the confidentiality clauses of contracts with a government contractor by disclosing its proprietary information relating to the manufacturing process for a conveyor used in assembling smart bombs weighing more than a ton each, the Court of Federal Claims recently determined the contractor’s damages. The court treated the controversy as involving a “lost asset” for which there is no known market, and not a “lost profits” case as the Government contended. Therefore, the appropriate measure of damages was an estimate of the amount a willing buyer would have paid a willing seller for the proprietary information. The proper methodology was to multiply the number of conveyor units the Air Force expected to purchase as of the date of the breach, times the contractor’s bid price, times a reasonable profit, and then to discount for the “risk that a potential buyer of [the] proprietary information would associate with realizing the profit stream deriving from the use of that asset.” Spectrum Sciences & Software, Inc. v. U.S., No. 04-1366C (Court of Fed. Claims, Feb. 14, 2011) (the court’s decision regarding liability is reported at 84 Fed. Cl. 716 (2008)). 

Over the course of several decades beginning in the early 1970s, the Air Force developed and upgraded the conveyors. In 2000, Spectrum Sciences & Software (Spectrum) self-funded an effort, which ultimately failed, to become the principal supplier of new versions of the conveyor. However, Spectrum needed the Air Force’s cooperation in order to refine and test its products. So, the parties entered into a Cooperative Research and Development Agreement (CRADA) which prohibited disclosure by either of them of the other’s proprietary information. Since Spectrum’s confidential data was expressly identified in the CRADA, protection should have been assured. Moreover, when Spectrum thereafter submitted a proposal to build the conveyor and the proposal contained the data, the cover page of the submission “warned, inter alia, that ‘[t]he data in this proposal will not be disclosed outside the Government and will not be duplicated, used, or disclosed in whole or in part for any purpose other than to evaluate the proposal.’” 

Ultimately, Spectrum’s proposal was rejected. However, it was not returned to Spectrum, and contrary to orders the contracting officer opened it and circulated it among a number of Air Force officials. Spectrum’s proprietary information then was used extensively by the Air Force procurement team and was incorporated in a subsequent RFP that was distributed to outside vendors, including Spectrum’s competitors. 

The trial with respect to liability was bifurcated from the damages determination. With respect to liability, in 2008 the Court of Federal Claims held that “the Air Force repeatedly breached the CRADA in failing to protect adequately Spectrum’s proprietary information.” Spectrum, 84 Fed. Cir. at 744. At the subsequent trial on damages, each party presented an expert witness. Spectrum’s expert computed its damages as roughly four times the amount proposed by the Government. The final award was $1.2 million.

A significant reason for the difference between the two valuations resulted from Spectrum’s expert basing damages on the number of conveyor units the Air Force anticipated buying as of the date of the breach (2003) whereas the Government’s expert used the much smaller number that had actually been ordered on the date when the court’s liability ruling was issued (2008). The court observed that the number ultimately ordered was irrelevant because it was a function, in part, of the poor performance by Spectrum’s competitor that had been awarded the contract, something that could not have been known or anticipated several years before when the breach occurred.

With regard to the per unit price, Spectrum’s expert used the company’s initial bid. Although that bid had been rejected, and while “unaccepted offers to sell property, like other unconsummated transactions, generally represent poor barometers of value,” in this instance use of the bid price was appropriate. It was well below the Government’s pre-bid estimate, and it approximated Spectrum’s selling price to the United Kingdom for the same product. The Government’s expert, by contrast, suggested use of Spectrum’s bid for a similar product several years after the breach, but the court disagreed because that bid constituted “a last ditch effort by Spectrum to realize something from its efforts . . . [at a time it was competing] with firms that were being handed its intellectual property gratis.” Thus, that bid was “based upon a price cut triggered by the Air Force’s improper release of Spectrum’s proprietary information [and] would effectively reward defendant for the misconduct of its officers in a way that the law simply does not countenance.” 

With respect to the appropriate profit margin, the court held that a reasonable expectation of profit was the 15% ceiling for federal procurement under a cost-plus-fixed-fee contract (even though this procurement involved simply a fixed-fee contract). Finally, the proper way to compute the discount rate was to take the risk-free interest rate (for short-term Treasuries) plus an equity risk premium, plus or minus factors reflecting the riskiness of investing in stock of a company in Spectrum’s industry, of a company Spectrum’s size, and of a company like Spectrum that had a key-customer dependence factor. Having decided that “defendant appropriated significant benefits for itself and inflicted significant harm on plaintiff by breaching the CRADA,” it is not surprising that substantial damages were awarded.

This opinion is significant for several reasons. First, it is a rare example of a court detailing the method of computing damages in a lawsuit involving misappropriation of proprietary information for which there is no known market. Second, the court clearly differentiated between the valuation of a lost asset and the computation of lost profits.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

By Robert Milligan and Joshua Salinas

The Computer Fraud and Abuse Act ("CFAA") remains a potent weapon for employers to use against disgruntled employees who steal company data. The Sixth Circuit in U.S. v. Batti, No. 09-2050, 2011 WL 111745 (6th Cir. 2011) recently upheld the criminal conviction of an employee who allegedly accessed, copied, and leaked confidential information that belonged to his employer’s CEO. The court also awarded the employer restitution for private security investigation costs, despite parallel government investigations. Unfortunately, the court provided no clues into its position regarding the hotly contested “without authorization” interpretation that has split the circuits.

Luay Batti worked in the IT department of Campbell-Ewald, a Michigan advertising company. While employed, Batti allegedly obtained without authorization confidential information that belonged to Campbell-Ewald’s CEO. Six months later, Batti met with Campbell-Ewald’s General Manager to complain about the IT department’s management. Batti also allegedly provided the General Manager a copy of the CEO’s files to reveal the weaknesses in the company’s computer security. Campbell-Ewald fired Batti and contacted the police.

The FBI conducted an investigation into the alleged security breach. Subsequently, Campbell-Ewald hired a security investigation firm and obtained legal advice from outside counsel regarding the alleged security breach.

Butti was convicted for violating the CFAA. The district court awarded Campbell-Ewald $47,565 in restitution for the security firm’s investigation and advice from counsel.

One of the issues Batti raised on appeal was whether Campbell-Ewald could receive restitution when the government had already conducted an investigation.

The Sixth Circuit affirmed the lower court and ordered restitution. The court emphasized that courts are required to award restitution to reimburse necessary expenses incurred when victims investigate offenses. (18 U.S.C. § 3663A). The court echoed the growing majority  of courts that private investigations are necessary responses to security breaches. Thus, Campbell-Ewald could recover for incurred investigation costs, regardless of whether the government already conducted an investigation. In fact, Campbell-Ewald’s continued surveillance allegedly caught Batti attempting to access the company’s computer server after his termination.

This holding is welcome news for employers and other victims of CFAA violations. The growing majority of courts permit the recovery of investigation costs in CFAA civil suits. As reflected in Batti,  criminal proceedings brought by the government against rogue employees who steal company data may be viable options for employers (provided that they can secure the government's attention and support) and reduce the need for costly civil suits, particularly where they can receive restitution for their investigation costs.

Yet, the Sixth Circuit provided no insight into how it would rule regarding the current “without authorization” split. Batti did not raise the issue of authorization on appeal and thus the court was not required to discuss it. The facts of the case provided no opportunity for the court to delve into its interpretation of “without authorization.” Batti’s alleged purpose in providing the GM with a copy of the CEO’s files was to show that someone without authorization could obtain this confidential information. On one side of the circuit split, some courts focus on whether the employee was initially authorized to access the stolen data. On the other side, the Seventh and Eleventh Circuits focus on the purpose and intent of the employee’s conduct, which would terminate any previously granted access. Indeed, Batti apparently never had any authorization to access the CEO’s files and thus his alleged conduct constituted “without authorization” under any circuit’s interpretation.

While Batti provides no clear guidance on how it would side in the "without authorization" split, the Court reinforced the employers’ ability to use the CFAA as a viable claim to combat computer security breaches by employees in certain situations.

• Email This
• Print
• Comments
• Trackbacks
• Share Link