Trading Secrets : Trade Secrets Lawyers & Attorneys : Seyfarth Shaw Law Firm : Computer Fraud, Confidentiality Agreements, Corporate Espionage

A company's trade secrets may be some of its most important assets.  Recent headlines underscore their importance, and vulnerability:

1. Recently, an employee was arrested at the airport and over 1,000 company proprietary documents containing trade secrets were seized that the employee was attempting to transport with her to her new job.
   
2.  A national retailer recently was hit with a $21.5 million verdict after a jury found the retailer liable for stealing the design of a popular home improvement tool. 
   
3. A former employee recently pleaded guilty in a U.S. District Court in California to stealing proprietary technologies from his former employer and selling or offering them for sale to foreign governments and military contractors.

A survey of companies estimated that in just one year, companies likely were to have lost as much as $53 to $59 billion dollars in proprietary information and intellectual property through theft and misappropriation.  Seeking trade secret counseling and an audit can assist clients to determine best practices to help protect their most important assets.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A 49-year-old Missouri woman is being tried in Federal Court in Los Angeles for posing as a young boy and taunting a 13-year-old girl on the social networking site MySpace, leading the girl to hang herself. The woman was charged with conspiracy and violations of the Computer Fraud and Abuse Act (CFAA). This case is the first time the CFAA is being used in a social networking case.

Prosecutors say Lori Drew created a fake MySpace under the name of “Josh Evans” and initiated a fake friendship with Megan Meier. Drew later used the account to send cruel messages to Meier, culminating in an October 2006 message stating “the world would be a better place without you.” After receiving the message, Meier hanged herself and died the following day.

MySpace prohibits the use of fraudulent registration information, the use of accounts to obtain personal information about juvenile users, the use of the site to harass, abuse, or harm other users, and the promotion of false or misleading information.

Drew pleaded not guilty at trial. If found guilty, she could serve up to 5 years for the conspiracy count and up to five years for each of the three CFAA charges. Since the news of Drew’s alleged actions became public, she has been the victim of cyberbullying.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

By Scott Krol, New York

The United States Court of Appeals for the Fourth Circuit recently upheld summary judgment holding that a former employee did not violate the Virginia Computer Crimes Act (“VCCA”) when the former company could not prove that they were unaware of employees’ use of company funds. Further, the employee did not violate the Virginia Uniform Trade Secrets Act (“VUTSA”) when the company could not show any evidence that the employee in fact used any of the otherwise protected trade secrets for his benefit.

The parties to this case are closely linked. Jerry Nims is an entrepreneur who obtained patents on many technologies used in making identification cards more difficult to temper with or counterfeit. Nims started Orasee which owned many of these patents.

In 2003, Nims formed EC4 Technologies Limited (“EC4 UK”), a wholly owned subsidiary of Orasee, to license the technologies.

In 2005, Nims set up Othentec Ltd. (“Othentec UK”) as a subsidiary of EC4 UK.

Nims’s son-in-law, Jeffrey Phelan, was appointed Managing Director of both EC4 UK and Othentec UK, and later was put in charge of better distributing the company’s product in the United States.

On March 17, 2005, Phelan formed EC4 Technologies, Incorporated (“EC4 USA”) and became that company’s CEO. He began to market and distribute Orasee technologies in the U.S. pursuant to a sublicense agreement between the EC4 UK and EC4 USA. In November 2005, another executive formed Othentec Limited (“Othentec USA”) for the same purpose as EC4 USA, this time as wholly owned by Othentec UK.

By early 2006, after a considerable amount of friction developed between the parties, Phelan was discharged from his positions at the UK companies, but continued to do business as EC4 USA. This gave rise to the case at hand, essentially Nims’ companies claimed that Phelan abused his position of power and trust to form EC 4 USA fraudulently and proceeded to use Othentec UK’s money and trade secrets to run the U.S. business successfully. Phelan moved for and won summary judgment against Othentec UK on all issues except whether Phelan breached his fiduciary duty to Othentec UK.

The district court explained that there are three elements of committing a violation of the VCCA: “(1) using a computer or computer network (2) without authority (3) intending to obtain, embezzle, or convert the property of another.” Va. Code Ann, §18.2-152.3.

The Court found that Phelan clearly was authorized to access Othentec UK bank account, Othentec UK was aware of the withdrawals, and Phelan did not directly withdraw the money using a computer. Instead, Phelan merely sent an email to the accountant asking for the withdrawal. Hence, there was no evidence of the unauthorized use of a computer to commit a crime. Othentec UK “produced no evidence outside of self-serving speculations that Phelan committed a violation. of the VCCA.”

The VUTSA makes it illegal for a person to misappropriate trade secrets from another. Othentec UK argued that Phelan, as Managing Director, was intimately familiar with the technology, “unless someone is foolish enough to believe that all that (EC4 USA’s technology) was developed in a clean-room environment without reference to, use of, or attempting to work around” Othentec UK’s proprietary and highly confidential software and manufacturing process, than Othentec UK had no basis for its argument. The Court agreed with the last part, ruling that these “allegations, speculations, and inference are not enough to survive summary judgment.” See Othentec Ltd. v. Phelan, --- F.3d ----, Case No. 06-2297, 2008 WL 2009740 (4th Cir. May 12, 2008) (emphasis added).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A district court in Arizona recently issued a published decision limiting the use of the Computer Fraud and Abuse Act (“CFAA”) by employers who have been the victim of electronic data theft by their former employees. In Shamrock Foods v. Gast, --- F.Supp.2d ----, 2008 WL 450556 (D.Ariz.), the district court held that a departing employee’s transmittal of confidential information to his personal e-mail account prior to his resignation did not give rise to a cause of action under CFAA.

According to the employer’s complaint, the employee, who had executed a confidentiality agreement with the employer, allegedly e-mailed numerous company confidential and proprietary files to his personal e-mail account shortly after the employee had begun employment negotiations with a competitor. The day after he sent the company material to his personal e-mail account he allegedly told his manager that he was considering leaving the company and shortly thereafter informed the company that he was joining a direct competitor.

In its complaint, the company alleged that the employee was acting as an agent of the competitor when he assessed and e-mailed the confidential information. The company further alleged that he provided the information to the competitor and that the competitor was using the information to the company’s detriment.

The company brought suit in federal court asserting CFAA claims under 18 U.S.C. § 1030(a)(2), (4), and (5)(iii), as well as state law misappropriation claims. The employee and the competitor moved to dismiss the CFAA claims for failure to state a claim.

The district court granted the motion to dismiss concluding that 1) a violation for accessing a protected computer “without authorization” occurs only when the initial access is not permitted; and 2) an “exceeds authorized access” violation occurs only when initial access to a protected computer is permitted but the access of certain information is not permitted.

The court analyzed the CFAA statute in some depth and the specific CFAA claims that the employer brought. The court stated that it is a violation of section 1030(a)(2) when a person “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains ... information from any protected computer if the conduct involved an interstate or foreign communication.” Next, the court stated that section 1030(a)(4) is violated when a person “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value....” Finally, the court declared that section (a)(5)(A)(iii) is violated when a person “intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage. . . .”

In sum, the court reasoned that to state a claim under (a)(2) and (a)(4), the employer must allege conduct showing that the employee accessed a protected computer without authorization or exceeded authorized access and under section (a)(5)(A)(iii), the employer must allege conduct showing that the employee accessed a protected computer without authorization.

The competitor and the employee argued the CFAA claims were not actionable because the employee was authorized to access the computer and information at issue. The employer argued that the employee was no longer authorized to access its confidential information once he acquired the improper purpose to use this information to benefit himself and the competitor.

The district court acknowledged that there were two lines of cases interpreting the meaning of “authorization” under the CFAA. According to the court, some courts have applied principles of agency law to the CFAA and have held that an employee accesses a computer “without authorization” whenever the employee, without knowledge of the employer, acquires an adverse interest or is guilty of a serious breach of loyalty. The court cited the following the cases in support of that proposition: Int'l Airport Ctrs., L.L.C. v. Citrin, 440 F.3d 418, 420-421 (7th Cir.2006); ViChip Corp. v. Lee, 438 F.Supp.2d 1087, 1100 (N.D.Cal.2006); Shurgard Storage Ctrs., Inc. v. Safeguard Self Storage, Inc., 119 F.Supp.2d 1121, 1125 (W.D.Wash.2000).

The court also stated that other courts “have opted for a less expansive view, holding that the phrase ‘without authorization’ generally only reaches conduct by outsiders who do not have permission to access the plaintiff's computer in the first place.” The court cited the following cases in support of this contrasting position: Diamond Power Intern., Inc. v. Davidson, Nos. 1:04-CV-0091-RWS-CCH and 1:04-CV-1708-RWS-CCH, 2007 WL 2904119, at *13 (N.D.Ga. Oct.1, 2007); Brett Senior & Assocs., P.C. v. Fitzgerald, No. 06-1412, 2007 WL 2043377, at *2-4 (E.D.Pa. July 13, 2007); Lockheed Martin Corp. v. Speed, No. 6:05-CV-1580-ORL-31, 2006 WL 2683058, at *5 (M.D.Fla. Aug.1, 2006); Int'l Ass'n of Machinists and Aerospace Workers v. Werner-Masuda, 390 F.Supp.2d 479, 495 (D.Md.2005).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Coldwell Banker Residential Brokerage v. D’Ambrosia, No. 08-CV-00166, Complaint (D. Md. Jan. 18, 2008)

On January 18, 2008, Coldwell Banker Residential Brokerage filed a federal lawsuit in Maryland against three former key employees and newly-formed competitor Car-Tay, Inc., an affiliate of GMAC Real Estate. The complaint alleges that the former employees, two of whom had been high-level executives, conspired to form the competing brokerage in violation of their employment agreements, the federal Computer Fraud and Abuse Act, and state law.

Coldwell Banker claims that the former employees began actively, but covertly, planning, staffing, and building the competing venture more than one year before their departure. Key evidence cited in the complaint includes an extensive trail of emails purportedly sent and received by the defendants while still employed by Coldwell Banker. In the emails, the defendants openly discuss solicitation of Coldwell Banker salespersons, tips for persuading Coldwell Banker clients to move their listings to GMAC, how to access Coldwell Banker’s highly-guarded commercial document database, and how to copy data from Coldwell Banker computers. This “scheme,” the complaint says, was a targeted effort “to eviscerate [Coldwell Banker’s] ability to compete with GMAC.”

Indeed, Coldwell Banker points out that the very day following defendant Ann D’Ambrosia’s resignation, the defendants’ GMAC office opened its doors for business. Within one month, two dozen Coldwell Banker salespersons joined the defendants at GMAC. In six weeks time, Coldwell Banker had received requests from approximately ten clients to cancel and void their listing agreements; all of these clients re-listed with GMAC after securing the releases. Each of these results, Coldwell Banker contends, arose directly from the defendants’ pre-resignation solicitation efforts.

In its fourteen-count complaint, Coldwell Banker claims the defendants violated the federal Computer Fraud and Abuse Act by improperly accessing protected computers and removing confidential and proprietary Coldwell Banker information, including client files, listing agreements, contracts, and property records; breached their employment contracts and duty of loyalty owed to Coldwell Banker; tortiously interfered with contractual and prospective economic relations; and misappropriated trade secrets in violation of the Maryland Trade Secrets Act. Coldwell Banker seeks monetary damages in the amount of $2 million – $1 million as compensatory damages and $1 million as punitive damages – as well as injunctive relief enjoining the defendants from soliciting Coldwell Banker’s clients and employees for one year, and from using Coldwell Banker’s confidential and trade secret information.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In Patriot Homes, Inc. v. Forest River Housing, Inc., No. 06-3012, 2008 WL 90081 (7th Cir. Jan. 10, 2008), the U.S. Court of Appeals for the Seventh Circuit vacated an injunction entered by the U.S. District Court for the Northern District of Indiana, ruling that it was insufficiently specific and therefore was not in compliance with Rule 65(d) of the Federal Rules of Civil Procedure.

The facts of the matter as set forth in Patriot Homes are as follows: Forest River hired four employees of Patriot Homes after merger talks between the two companies fell through. Forest River formed a new company named Sterling with the new employees. Patriot Homes, Forest River, and Sterling are all in the modular homes industry. The four employees copied information from Patriot Homes’s computer system before resigning and utilized that information for Sterling. Sterling did not deny that its employees had done so, but it argued that the information taken from Patriot Homes was not a trade secret because it was filed by Patriot Homes with various state governments and could be procured through Freedom of Information Act requests. Discovery revealed that most, but not all, of the information taken from Patriot Homes and used by the four employees could indeed be procured from state governments.

The District Court entered a preliminary injunction forbidding Sterling from “[u]sing, copying, disclosing, converting, appropriating, retaining, selling, transferring, or otherwise exploiting Patriot's copyrights, confidential information, trade secrets, or computer files.” The preliminary injunction also required Sterling to: “[c]ertify that copied data and materials of Patriot's property, confidential information and trade secrets on computer files and removable media (CDs, DVDs, tapes, etc.) have been deleted or rendered unusable.”

The Court of Appeals found that the injunction was not specific enough to put Sterling on notice as to what acts on its part would constitute contempt of court: “The preliminary injunction entered by the district court uses a collection of verbs to prohibit Sterling from engaging in certain conduct, but ultimately it fails to detail what the conduct is, i.e., the substance of the “trade secret” or “confidential information” to which the verbs refer.” The Court of Appeals based its decision on Sterling’s uncertainty as to what information was truly a trade secret or confidential information and what was not entitled to such protection by virtue of being publicly available. The case stands as a reminder that injunctions compelling parties to simply “follow the law” without more instruction do not comply with Rule 65(d).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The taking and using of customer lists is no longer just a matter for civil proceedings and injunctive relief. On Monday, November 26, 2007, the Georgia Court of Appeals affirmed a jury’s criminal conviction of an individual who took and used her former employer’s master client list to solicit customers, who used company computers to plan her new business venture, and otherwise misappropriated client files.

Defendant Shan DuCom was tried and convicted after it was discovered that she had attempted to wipe out her former employer (C&D)’s property management business completely by converting the property management function to her own, newly created entity. Indeed, DuCom conspired with other employees to start a new firm, used C&D’s computers to create new “letterhead and logos, press releases, solicitation postcards, and various ‘to-do’ lists,” as well as to engage in “massive” copying of information maintained on C&D’s computer hard drives to discs. Her actions were apparently so wanton that the day after she left, the former employers’ team came to work and found the office had “been left barren, ‘cleaned out.’ The computer server was turned off, the hard copies of client files were missing, the fax and credit card phone lines had been sabotaged, and office supplies and equipment were missing.” Once the computer service was restored, C&D found that entire databases were missing and that the C&D website had been transferred to DuCom’s new firm. Three of DuCom’s co-workers resigned and joined her new firm as well. Georgia’s Uniform Trade Secrets Act specifically protects client and customer lists as trade secrets, provided they

(A) Derives economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use; and

(B) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

O.C.G.A. § 16-8-13(a)-(b). The appellate court remarked, in particular, that as a new business, DuCom’s new firm “would have opened its doors with little or no property to manage, and with no property to manage, it would have very little income,” reflecting that her head-start approach runs afoul of the law. Noting the damage that she caused by her acts in stealing the client list, the court affirmed the lower court’s award of restitution based on valuation of C&D’s “book of business.”

DuCom also was convicted of “computer theft” under O.C.G.A. § 16-9-93(a) for using C&D’s computers without authorization. The appeals court reflected that she had downloaded data she was not permitted to use and that the jury could have found “beyond a reasonable doubt that DuCom used a computer, owned by her employer, with knowledge that such use was without authority and with the intention of removing programs or data from that computer and appropriating them for her own use.” Under Georgia law, unauthorized use includes “the use of a computer or computer network in a manner that exceeds any right or permission granted by the owner of the computer or computer network” O.C.G.A. 16-9-92(18). With a broad definition and unassailable facts, the appellate court did not waste much time in discussing its reasoning to affirm.

Although it is not unusual to hear tales of such wanton conduct in preparing to compete in a new business, it is not very often that we hear of criminal prosecutions of such matters at the state level in Georgia. We’ll be keeping our eyes and ears open for any further such cases.

• Email This
• Print
• Comments
• Trackbacks
• Share Link