A Ninth Circuit panel consisting of Judges A. Wallace Tashima, Johnnie B. Rawlinson, and Paul J. Watford recently heard oral argument in Anheuser-Busch Companies v. Clark, 17-15591, concerning the denial of a former employee’s anti-SLAPP motion in a trade secret misappropriation and breach of contract case. This is the second time the case has made its way up to the Ninth Circuit. We previously reported on this case in March 2017. The panel has not yet issued its decision but the Ninth Circuit’s decision could have far reaching implications for trade secret and data theft cases involving purported whistleblowing activities. Continue Reading Hold My Beer: Ninth Circuit Hears Oral Argument in Trade Secret/Anti-SLAPP Row for a Second Time
This post originally appeared in the June edition of Cyber Law & Strategy.
Somewhere today at least one data security breach is likely to happen. It might not have been publicized and may not have involved millions of records, but there is no doubt it will happen. That is because cybercrime remains one of the most common crimes in the world, and noncriminal exposures are fairly common as well. Continue Reading Security Breach Responses — As Important and Difficult As Ever
The United States Attorneys’ Offices in Wisconsin criminally prosecuted two trade secret theft cases last week. In the Eastern District of Wisconsin (United States of America v. Tan Liu), the United States charged a former employee, Tan Liu, with 12 counts of stealing trade secrets from his former employer, Rockwell Automation, Inc. According to the government, in the last few weeks of his Rockwell employment, and in anticipation of leaving Rockwell for a new employer, Liu downloaded 2,500 files that contained the proprietary software and source code Rockwell uses to operate various systems and controllers. Continue Reading Wisconsin U.S. Attorneys Actively Prosecuting Trade Secret Theft—With Mixed Results
The use of open file sharing platforms in business continues to increase in 2017; Dropbox alone has over 200,000 active business accounts. Unfortunately, the convenience of these platforms and the increase in use by businesses attracts the attention of hackers as well. File sharing platforms and accounts have a high “hack value”—the overall value of the accounts on the dark web—due to the relative ease with which account can be obtained and the sensitivity of the information stored on these platforms.
The risk associated with the use of file share platforms is twofold. First, company supported file share is attractive to attackers because it is guaranteed to contain sensitive information. Second, file share platforms available to employees outside of the company—e.g. the employee Google Drive account—may be used to store company information, but likely do not use the same security standards as those enforced by the company. Attacks on file share platforms are also very real. In August of 2016 Dropbox forced users to reset their passwords based on a breach—60 million account credentials compromised—that had been discovered but was executed four years earlier in 2012. Continue Reading File Share Platforms and Business Risk
As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Charlie Platt, a director at iDiscovery Solutions.
It’s Friday afternoon and the conversation goes a little like this, “Wait, what? They’re leaving? Where are they going? Is there any opportunity to help them reconsider?”
When a key employee departs an organization, it can take a toll on clients and colleagues, productivity, and morale. What follows is a rush of activity: current projects are reviewed, transition plans are quickly drawn up and put in place, and decisions are made about how to replace the departing employee and how to communicate the departure to the rest of the firm and clients. Continue Reading Key Employee Departures and Trade Secret Risk Assessment
As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Supreet Singh, a senior consultant at iDiscovery Solutions, Inc.
It’s hard to believe the first smartphone was released over 20 years ago. At that time, few thought it would become such an integral part of our lives. Additionally, this year marks the 10th anniversary of the iPhone and its introduction altered the world of digital forensics. Smartphones contain a wealth of personal and sensitive information like passwords, security or access codes, account numbers, electronic communications, and much more. But they are more than mere containers of data. Between the operating system, installed applications, and service providers, there’s a wealth of information that can provide dramatic insight into conversations, activities, habits, preferences, and movements of the phone’s user.
There are essentially three places where smartphone related data can be found: on the phone itself, with mobile app providers (e.g. Facebook, Snapchat, or Yelp), and with the service provider (e.g. AT&T or Verizon). Data from all three sources can be very useful in civil lawsuits, criminal cases, or internal investigations, depending on the needs of the case. Continue Reading The Smartphone: A Treasure Trove of Evidence in Trade Secret Cases
As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Charlie Platt, a director at iDiscovery Solutions and a Certified Ethical Hacker. He advises clients on data analytics, digital forensics, and cybersecurity.
At the airport recently, waiting for boarding, flipping through an issue of United States Cybersecurity Magazine, an article about detecting insider threats caught my eye. It was loosely based on a list of behaviors it claimed were ideal indicators for detecting insider threats. I thought, “Wow, this is great! I know plenty of clients who could benefit from this information.” Insider threats are difficult to detect, and I was excited by the opportunity to get new insight, but I became more and more distraught as I read on. The longer I read, the more I saw myself, and many of my cyber-colleagues, being described by the author’s so-called threat indicators. How could we, the good guys, be mistaken for threats?
I read through the list again, and for each point, I asked, “Is this a reliable indicator of a real threat, or a false positive?” I’ve provided the entire list below with my thoughts on each item. Continue Reading Great Employee or Insider Threat?
We are pleased to announce the webinar “2016
National Year In Review: What You Need to Know About the Recent Cases/Developments in Trade Secrets, Non-Compete, and Computer Fraud Law” is now available as a webinar recording.
In Seyfarth’s first installment of its 2017 Trade Secrets Webinar series, Seyfarth attorneys reviewed noteworthy cases and other legal developments from across the nation over the last year in the areas of trade secrets and data theft, non-competes and other restrictive covenants, and computer fraud. Plus, they provided their predictions for what to watch for in 2017.
As a conclusion to this well-received webinar, we compiled a summary of three takeaways that were discussed during the webinar:
- The DTSA can be a powerful tool to protect intellectual capital. However, in order to take full advantage of the DTSA, businesses should carefully check their agreements with employees, handbooks and equity awards to make sure they contain language mandated by the Defend Trade Secrets Act.
- 2016 was a record year for data and information security breaches. Organizations should alert and train employees on following company policies, spotting potential social engineering attacks, and having a clear method to escalate potential security risks. Employee awareness, coupled with technological changes towards better security will reduce risk and exposure to liability.
- Several states enacted laws to limit the scope and duration of non-competes in 2016. There were also some significant decisions limiting their scope and enforceability in 2016 as well. Companies should have their non-disclosure and non-compete agreements reviewed to ensure that they comply with the latest state and federal laws, including the new Defend Trade Secrets Act.
As we previously reported, the FBI has been investigating the St. Louis Cardinals for hacking into the Houston Astros’ internal computer network and stealing proprietary information, including internal discussions about trades, proprietary statistics, and scouting reports. The investigation has now concluded, the Cardinals’ former director of baseball development, Chris Correa, pleaded guilty to five counts of unauthorized access of a protected computer in January, and he has now been sentenced to 46 months in federal prison. He also must pay $279,038 in restitution. According to NPR, “U.S. District Judge Lynn Hughes, as she sentenced Correa, noted that the crime has resulted in stricter security at other baseball teams, according to a press release from the Justice Department. When Correa apologized and called his actions ‘reckless,’ [Judge] Hughes replied, ‘No, you intentionally and knowingly did these acts.’”
As the Department of Justice reported at the time of Correa’s plea:
The plea agreement details a selection of instances in which Correa unlawfully accessed the Astros’ computers. For example, during 2013, he was able to access scout rankings of every player eligible for the draft. He also viewed, among other things, an Astros weekly digest page which described the performance and injuries of prospects who the Astros were considering, and a regional scout’s estimates of prospects’ peak rise and the bonus he proposed be offered. He also viewed the team’s scouting crosscheck page, which listed prospects seen by higher level scouts. During the June 2013 amateur draft, he intruded into that account again and viewed information on players who had not yet been drafted as well as several players drafted by the Astros and other teams.
Correa later intruded into that account during the July 31, 2013, trade deadline and viewed notes of Astros’ trade discussions with other teams.
Another set of intrusions occurred in March 2014. The Astros reacted by implementing security precautions to include the actual Ground Control website address (URL) and required all users to change their passwords to more complex passwords. The team also reset all Ground Control passwords to a more complex default password and quickly e mailed the new default password and the new URL to all Ground Control users.
Shortly thereafter, Correa illegally accessed the aforementioned person’s e mail account and found the e mails that contained Ground Control’s new URL and the newly-reset password for all users. A few minutes later, Correa used this information to access another person’s Ground Control account without authorization. There, he viewed a total of 118 webpages including lists ranking the players whom Astros scouts desired in the upcoming draft, summaries of scouting evaluations and summaries of college players identified by the Astros’ analytics department as top performers.
On two more occasions, he again illicitly accessed that account and viewed confidential information such as projects the analytics department was researching, notes of Astros’ trade discussions with other Major League Baseball teams and reports of players in the Astros’ system and their development.
The parties agreed that Correa masked his identity, his location and the type of device that he used, and that the total intended loss for all of the intrusions is approximately $1.7 million.
Michael McCann provides a good analysis of the sentence for Sports Illustrated and describes potential penalties Major League Baseball may pursue against the Cardinals.
In the second installment, Seyfarth attorneys, Richard D. Lutkus and James S. Yu, was joined by Joseph Martinez, Chief Technology Officer and Vice President of Forensics at Innovative Discovery. This program covered considerations that attorneys should take into account when in possession of any client data. Coverage included both technical considerations, best practices and policies, as well as practical advice to steer clear of ethical violations.
As a conclusion to this well-received webinar, we compiled a list of brief summaries of the more significant cases that were discussed during the webinar:
- Whether corporate or outside counsel, there are basic steps that can dramatically increase the security of your or your client’s data. Management of data will continue to be a necessity for any entity. Proper policies, protocols, and training should be developed and put into place to protect data in transit and at rest. Use of encryption and access control are both key to proper protection of data.
- Social engineering is the number one cause of data breaches, leaks, and information theft. Organizations should alert and train employees on following policy, spotting potential social engineering attacks, and having a clear method to escalate potential security risks. Employee awareness, coupled with technological changes towards better security will reduce risk and exposure to liability.
- Lawyers have an ethical duty to ensure that reasonable steps are taken to protect their client’s and employer’s data. Significant statistics have shown that many law firms and practitioners are behind the curve in terms of information security preparedness. Hackers have recently focused their targets on the lax security practices of law firms to obtain client data or inside information.
Join us Tuesday, March 29 at 12:00 p.m. Central. for our next webinar, “New Year, New Progress: 2016 Update on Defend Trade Secrets Act & EU Directive.” To register, click here.