Burroughs Payment Services manufactures document scanning equipment for banks and others. Embedded in the equipment are copyrighted computer programs, accessible only by entering a password, which provide the user with software to diagnose problems with the equipment. While servicing the equipment of a Burroughs customer, Symco Group allegedly accessed and used Burroughs’ software without that company’s authorization. 

Burroughs promptly sued Symco in the federal court in Atlanta, alleging copyright infringement and trade secret misappropriation. More than 18 months later, following various rulings by the Atlanta court, Burroughs dismissed its complaint there without prejudice and re-filed early this year in the Northern District of California. A few weeks ago, Magistrate Judge Spero in the California court denied most of Symco’s Rule 12(b)(6) motion to dismiss. Burroughs Payment Sys., Inc. v. Symco Group, Inc., 2012 WL 1670163 (N.D. Calif., May 14, 2012).

Copyright infringement. Symco asserted that its affirmative defense based on 17 U.S.C. § 117(a)(1) (the owner of a copy of a computer program may make or authorize the making of another copy if doing so is “an essential step in the utilization of the computer program in conjunction with a machine,” provided that the copy “is used in no other manner”) is not rebutted in Burroughs’ complaint and is dispositive because Symco’s conduct constituted a category of copying that is “lawful per se.” Clearly, Burroughs’ customers purchased or leased equipment, but Burroughs alleged that they were neither owners nor licensees of the software at issue here and, therefore, they could not lawfully authorize Symco to make or use a copy of the software.   The court held that the question of whether Symco’s §117(a)(1) defense defeats Burroughs’ copyright infringement claim required development of a factual record.  

Symco also raised an affirmative defense based on 17 U.S.C. § 117(c) (under specified circumstances, the owner or lessee of a machine that contains an authorized copy of a computer program may make a copy for the purpose of maintenance or repair of the machine). The court said that without a factual record it could not determine whether Symco’s conduct was permitted by §117(c). For these reasons, Symco’s motion to dismiss Burroughs’ copyright infringement claim was denied.

Trade secret misappropriation. Symco insisted that, in the case of computer software, under the applicable statute (the California Uniform Trade Secret Act) only the source code can be a trade secret, that Burroughs did not aver that Symco misappropriated the source code, and that the images appearing on a screen when Burroughs’ software programs are run do not constitute trade secrets. Symco argued that Silvaco Data Systems v. Intel Corp., 184 Cal.App.4th 210(2010) compelled dismissal of the claim. The court disagreed and stated that Silvaco does not support a contrary result. In that case, the court held on summary judgment that where the alleged trade secret was the source code, merely executing and running the programs did not constitute misappropriation because there was no “use” within the meaning of the CUTSA.

The court further reasoned that:

The reasoning in Silvaco does not apply here, however, because the alleged trade secrets are the materials and screen images that are allegedly accessed by Symco without authorization rather than the source code. Thus, in contrast to simply executing source code, which the court in Silvaco likened to eating a pie made with a secret recipe, Symco is alleged to have used secret information it improperly obtained to service the equipment of Burroughs customers, which might be analogized to actually reading the secret recipe in order to bake the pie. Therefore, the Court concludes that Silvaco does not support dismissal of Burroughs’ trade secret misappropriation claim at this stage of the case.

Burroughs also responded that the images relevant here are not publicly available because of the required and protected password. Thus, Symco could not access the images by proper means, and they are the subject of reasonable efforts by Burroughs to maintain secrecy. The court concluded that “the alleged trade secrets are the materials and screen images that are allegedly accessed by Symco without authorization.” Therefore, sufficient facts were alleged to preclude dismissal of the complaint.

DMCA. The only part of Symco’s Rule 12(b)(6) motion that was granted pertained to a count in Burroughs complaint based on the Digital Millennium Copyright Act, 17 U.S.C. § 512 (a service provider is not liable for infringement of material transmitted by an automatic technical process, at the request of another person, without selection or copying of the material by the service provider). A similar count had been included in Burroughs’ complaint in Atlanta, but the court there dismissed that count with prejudice. Symco argued ”res judicata.” Burroughs countered that there never was a final adjudication on the merits in Atlanta. The court concluded that both issue and claim preclusion barred Burroughs from proceeding with its DMCA claim except for misconduct, if any, occurring after that claim was dismissed in Atlanta.

This case teaches that the unauthorized use of copyrighted and password-protected computer applications can constitute copyright infringement and trade secret misappropriation. However, the particular facts and circumstances here will determine whether Symco’s affirmative defenses ultimately defeat Burroughs’ copyright infringement claims, and whether Symco benefitted from accessing Burroughs’ alleged trade secrets without authorization.

The U.S. Circuit Courts of Appeals are currently split over how broadly the Computer Fraud and Abuse Act (“CFAA”) should be interpreted. A recent decision out of the Eastern District of Michigan highlights this split and examines the ways in which the courts have interpreted the statute before deciding to adopt a narrow interpretation of civil liability under the CFAA.

On May 14, 2012, Judge Marianne O. Battani of the Eastern District of Michigan decided the case of Ajuba International , LLC v. Saharia. As a condition of his employment, Mr. Saharia, the defendant, signed an employment agreement with the plaintiffs, along with a non-compete agreement prohibiting him from competing with Ajuba International or soliciting any of its employees. Once the agreement expired, Saharia entered into a new agreement with Ajuba International’s subsidiary, Ajuba India. Under the terms of this agreement, Saharia acted as Ajuba India’s president. Unbeknownst to the plaintiffs, however, at the same time, Saharia had established his own company, AGS India, to compete directly with their company. Allegedly, Saharia then hired multiple key management personnel from AGS India, interfered with the plaintiffs’ business relationships to advance his own interests, and misappropriated trade secrets and other confidential information. The plaintiffs sued in federal court alleging a number of causes of actions, including a violation of the CFAA.

The dispute between the parties over whether a CFAA violation actually occurred highlights an ongoing circuit split over the statute’s prohibition of unauthorized use. Under the CFAA (18 U.S.C. §1030(a)(5)(c)), it is a crime for a current or former employee to intentionally access a protected computer issued or owned by their employer “without authorization” or in a manner that “exceeds authorized access” leading to damage and loss. However, how the phrases “without authorization” and “exceeds authorized access” are interpreted varies between the circuits.

Some courts, including the Ninth Circuit, have construed the terms of the statute in a narrow manner. In LVRC Holdings L.L.C. v. Brekka, the court found that an employee’s misuse or misappropriation of an employer’s confidential or proprietary information is not “without authorization” as long as the employer has given permission to the employee to access this information. Similarly, federal district courts in the Southern District of New York and the District of Arizona, adopted narrow approaches in Orbit One Communications v. Numerex and Shamrock Foods Co v. Gast, respectively. In both cases, the courts held that the CFAA prohibits improper access of computer information, but did not prohibit misuse or misappropriation. As such, once an employee receives authorization to access the employer’s computer, he or she does not violate the CFAA if he proceeds to subsequently use that information improperly.

By contrast, other courts, including the First, Eleventh, Fifth and Seventh Circuit, have interpreted the CFAA more broadly, finding that it prohibits violations of an employer’s computer use restrictions, or a breach of the employee’s duty of loyalty to the employer, which stems from the agency doctrine. Under this approach, “an employee accesses a computer without authorization whenever, without the employer’s knowledge, acquires an interest that is adverse to that of his employer or is guilty of a serious breach of loyalty.” Guest-Tek Interactive Entm’t, Inc. v. Pullen, 665 F. Supp. 2d 42, 45 (D. Mass. 2009).

In examining this particular case, Judge Battani found that the Sixth Circuit yet to address the meaning of either “without authorization” or “exceeds authorized access” within an employment context, however, in other contexts, the court had taken the narrow approach. Similarly, two separate district courts within the Sixth Circuit had both confronted the circuit split, and each had adopted the narrow approach. As such, Judge Battani chose to adopt the narrow approach in this case, finding that even if misappropriation occurred, because the initial access was authorized, it was not in violation of the CFAA.

Judge Battani relied on three main principles in adopting the narrower interpretation of the CFAA: first, the legislative history was consistent with such a finding; second, the statutory canon of avoiding absurd results and the rule of lenity find in favor of such a holding; finally, the plain meaning of the statute compels a narrow interpretation. Similarly, the court’s holding suggests that the broader interpretation is not based on statutory authority suggesting that misappropriation is included under the CFAA, nor is there any reason to suggest that Congress intended to interpret the CFAA so broadly as to convert a violation of the duty of loyalty into a federal offense.

The Solicitor General is presently deciding whether to seek Supreme Court review of the Ninth Circuit’s decision in U.S. v. Nosal, which reached a similar result as Judge Battani in Ajuba International , LLC v. Saharia.

By Robert Milligan and Jeffrey Oh

In a recent federal case out of California, Judge Morrison C. England, Jr. of the U.S. District Court for the Eastern District of California examined the issue of personal jurisdiction in an international trade secret misappropriation and breach of contract dispute. The case, Vance’s Foods, Inc. v. Special Diets Europe Limited, et al., No. 2:11-cv-02943-MCE-GGH, centers around contracts governing the business relationship between an American company and a European distributor based out of Ireland. Using a three-prong test promulgated by the Ninth Circuit to determine the court’s right to exercise specific jurisdiction over a defendant, Judge England granted in part and denied in part Defendants’ Motion to Dismiss.

The Plaintiff, Vance’s Foods, Inc. (“VF”), is an Alaskan corporation with its principal place of business in Sacramento, CA. VF produces and distributes a non-dairy milk substitute called DariFree™. According to the court’s order, in October 2007, VF entered into two written agreements with the Defendants, Special Diets Europe Limited (“SDE”). The first contract, referred to as the “Distribution Agreement,” made SDE the exclusive distributor for DariFree™ in a specified area of Europe. The second contract, known as the “Product Development Agreement” gave SDE permission to use VF’s product formula, manufacturing process, and list of ingredient suppliers to develop and distribute a liquid stable version of DariFree™ in Europe. VF gave SDE this information with the caveat that they keep it confidential, use it only for the stated purpose of the contract (successful development of the liquid stable version within 8 months), and return the information upon VF’s request or the termination of the agreement. In its initial complaint, VF claims that SDE, along with its owners and directors Eamon and Mariel Cotter, entered into this agreement with the sole intention of misappropriating and using VF’s confidential information. In response, SDE and the Cotters filed a Motion to Dismiss for Lack of Personal Jurisdiction pursuant to Federal Rule of Procedure 12(b)(2). SDE is an Irish corporation with its offices located in Ireland. Individual defendants Eamon Cotter and Mariel Cotter are citizens and residents of Ireland. The Cotters are the sole owners and directors of SDE.

The Defendants did not challenge general jurisdiction over them, so the Court employed the “three prong test to determine whether a court can exercise specific jurisdiction over a defendant” first used by the Ninth Circuit in Brayton Purcell LLP v. Recordon & Recordon, 606 F.3d 1124, 1128 (9th Cir.2010). The first prong of this test requires that the non-resident defendant must purposefully direct his activities or consummate some transaction with the forum or resident thereof; or perform some act by which he purposefully avails himself of the privilege of conducting activities in the forum, thereby invoking the benefits and protections of its laws.

This first prong is primarily concerned with establishing a link between a defendant and the forum in which the case is being heard. This link is best established by either showing proof of direct activity related to the complaint within the forum, or by showing that the defendant has deliberately created an ongoing business relationship with forum residents and is therefore subject to “the burden of litigating in that state as well.”

Defendants argued that SDE lacks the requisite “minimum contacts” with California because: 1) SDE does not have any offices, employees or agents, bank accounts, or real property in California; 2) SDE does not conduct any business in California, is not licensed to do business in California, and does not directly advertize or solicit business in California; 3) SDE’s only purpose was to import and distribute Plaintiff’s products in Europe; 4) both the Distribution Agreement and Product Development Agreement were negotiated and entered into in Ireland; and 5) any products that SDE received from Plaintiff were shipped from Plaintiff’s plant in Utah, not from California.

Created with the primary purpose of developing a distributorship relationship with VF, SDE – through its owner and director Mr. Cotter – allegedly solicited VF’s founder in 2003 at his home in Sacramento, California. This initial meeting allegedly led to the development of a relationship between the two companies that culminated four years later in the signing of two business agreements in 2007. These agreements entered SDE into a long-term contractual obligation with an entity principally operating out of Sacramento, as specifically noted in the agreements. The court noted that both agreements provide that any dispute arising between the parties would be governed by California law and the parties would attempt to mediate such a dispute in California. The court found that while the choice-of-law clause is not sufficient by itself to determine that Defendants availed themselves of the benefits and protections of the laws of the forum state, it is a relevant factor. 

The court found that SDE – in addition to Mr. Cotter, the corporate officer who served as the “’guiding spirit’ behind the wrongful act” – both satisfy the standard of purposeful availment within the first prong. In Davis, 885 F.2d at 520-21, the Ninth Circuit allowed that “courts can exercise jurisdiction over an individual acting in an official capacity…where ‘the corporation is the agent or alter ego of the individual defendant.’” According to the Court, Mr. Cotter’s many trips to California and communications with VF executives in which he refers to SDE in the first person made his role as an alter ego of the company hard to deny. In contrast, Ms. Cotter’s lack of consistent communication with VF employees in either the negotiation process or the subsequent business relationship, as well as her never having visited California, led Judge England to rule that VF has failed to establish purposeful availment in her case.

The second prong of the Ninth Circuit’s test holds that the claim must be one which arises out of or relates to the defendant’s forum-related activities.

The standard laid out in this prong of the test requires that the conduct and contacts used to prove purposeful availment in the first prong gave rise to the current dispute. To evaluate this prong judges use the “’but for’ test,” where “’but for’ the contacts between the defendant and the forum state, the cause of action would not have arisen.” Terracom, 49 F.3d at 561.

Applied to SDE, the court found that but for SDE’s solicitation of the contractual relationship with a California-based Plaintiff and entering into two long-term agreements with Plaintiff, Defendants would not have obtained Plaintiff’s confidential information, and thus Plaintiff’s causes of action for breach of contract would not have arisen.

Given Mr. Cotter’s status within the court’s eyes as the “alter ego” of SDE, Judge England extended his rationale for SDE meeting the standard for the second prong to Mr. Cotter. However, since Ms. Cotter’s lack of purposeful availment in the matter precluded the possibility of her being brought into court under specific jurisdiction, the Court did not analyze her under the second prong.

In the first two prongs, the burden rests on the Plaintiff to prove that the Defendant meets all necessary requirements for specific jurisdiction. Once standing under the first two prongs has been established, the burden shifts to the Defendant to argue the third and final prong of the test, the exercise of jurisdiction must comport with fair play and substantial justice, i.e. it must be reasonable.

For a defendant to defeat jurisdictional claims under this test, they must prove that litigating in the current forum would be too difficult as to put them at a significant disadvantage. In deciding this prong, courts use the seven “reasonableness” factors laid out in Bancroft, 223 F.3d at 1088. They are: purposeful interjection; burden on Defendant; sovereignty concerns; the forum state’s interest in adjudicating the matter; the efficiency of resolution in the forum; the importance of Plaintiff receiving a convenient and effective resolution; and the availability of an alternative forum. Given the high level of interaction with residents of the forum, the nature of the contractual language linking SDE and Mr. Cotter to California, including a California choice of law provision, California’s strong interest in protecting its residents, the parties’ inclusion of an arbitration provision providing for arbitration in Illinois for disputes, and the benefits of technology and modern travel which have lowered the costs and burden of litigating in the current forum, the Court found that the majority of the “reasonableness” factors weighed in favor of the Plaintiff. Evaluating SDE and Mr. Cotter simultaneously, the court found that neither had presented compelling evidence why the specific personal jurisdiction in the current forum would be unreasonable.

After evaluating each defendant against the Ninth Circuit’s three prong test, the Court denied the motion to dismiss in the case of both SDE and Mr. Cotter, and granted the motion to dismiss with leave to amend in the case of Ms. Cotter.

Because both of Plaintiff’s claims, including the claim for misappropriation of trade secrets, arise out of the parties’ contractual relationship, the court reasoned that it was not necessary for the court to conduct the “purposeful direction” analysis which is typically analyzed in tort suits. However, the court found that were it to consider the “purposeful direction” prong, it would conclude that Plaintiff has sufficiently demonstrated that SDE purposefully directed its alleged tortious actions at California under the “effects” test. The court reasoned that the Plaintiff has alleged that SDE engaged in intentional tortious acts of trade secret misappropriation, thus satisfying the first prong of the “effects” test. The court further found that the second prong is also satisfied because SDE allegedly “engaged in wrongful conduct targeted at a plaintiff whom [SDE] knows to be a resident of the forum state.” Finally, if SDE misappropriated Plaintiff’s trade secrets, it should have known that Plaintiff would likely suffer harm in California, which is where Plaintiff’s principal place of business is located.

In the end, the court refused to grant the motion to dismiss because the court was convinced that SDE initiated a long-term business arrangement with a company it knew to be principally located in Sacramento, CA. In addition, according to the court, Mr. Cotter’s intertwined existence with SDE as its founder, owner, director and alter ego made him equally suspectible to personal jurisdiction in California federal court. Ms. Cotter’s lack of identifiable involvement in the business relationship between VF and SDE led the Court to rule that Plaintiff “failed to allege sufficient personal conduct directed at California that would justify hailing [her] into this Court.” A subsequent filing in the case reveals that SDE’s and Mr. Cotter’s attorneys are now seeking to withdraw from the case based in part on the Defendants’ continued contention that the court does not have proper jurisdiction over them.  

This decision highlights the importance of including enforceable choice of law, forum selection, and consent to jurisdiction provisions in your company’s business agreements involving international transactions and parties, as well as suing in your home forum first should there later be a dispute to attempt to secure jurisdiction. Critical contract components such as these are essential because the chosen substantive law governing the dispute is typically more favorable in the selected forum for the resident party and there may be increased costs of suit and lack of familiarity and/or level of comfort in the selected forum by the foreign party that may prove dispositive.

As a special feature of our blog –special guest postings by experts, clients, and other professionals –please enjoy the second part of a three part blog series by digital forensics expert Jim Vaughn, a Managing Director of Intelligent Discovery Solutions.

By Jim Vaughn

This post is designed to build on Part 1 of this three part series on digital forensics. Part 1 addressed the subject of BYODs ("Bring Your Own Devices) in the workplace.

Staying on the subject of BYODs, what are the company policies and rules for these hybrid-devices? Does your company have well written policies, such as whether the employer can remotely “wipe” the entire device (business and personal data) if the device is lost, or if the employee and the company part ways? Have you considered how to deal with that issue before it happens?

IT departments originally focused on managing infrastructure, (tier 1 support), but this causes new challenges as employees use a greater variety of devices to access data in both the employer’s network (or cloud) and from their own personal sources. 

From a digital forensic perspective, this may have implications that counsel should address. If a company does not ban BYOD outright, they should try to manage the risk of security breaches, prepare for the worst, and manage employee expectations.

In addition to implementing and reinforcing a culture of security, and reserving the ability to "wipe" devices if they are lost or stolen; companies should also consider ongoing training, annual acknowledgements, and otherwise set and manage employee expectations about the privacy they will have to surrender in exchange for the convenience of using their personal devices for work.

Privacy? Aren’t employees already mixing personal and business information? Yes, they are. But in a non-BYOD environment, this is typically an employee putting personal information on a portable work device. This does not trouble privacy experts and judges as much as an employee putting work information on a portable personal device.

Should the need to examine portable devices arise, what are some of the artifacts one could look for to ensure confidential company data has not been taken, or no longer resides on a departed employee’s device? In my Part 1 post I mentioned backup jobs created by portable computing devices, such as Blackerry’s, iPhones/iPads or Android devices. 

Let’s assume you have reason to inspect a portable computing device (e.g. your forensic examiner found applicable backup jobs on the departed employee’s work computer). 

Examples of artifacts to look for may include; attachments that have been broken apart from an email and saved to the device, installed software that allows a direct connection to a company computer that may bypass a particular security protocol, names of file attachments that may exist within personal email accounts on the device, pictures that may have been taken of a trade secret document in lieu of the actual file being taken, Internet history and/or text messages, just to name a few. The data on the actual device may differ from the last backup, especially if the device is used more frequently and more recently than the last backup.

Similar to an official BYOD policy – what about the usage of personal or home computers for work? It is not uncommon for employers to allow employees to utilize home computers for work, whether they realize they are allowing it or not. Some of the ways this occurs is by enabling web access to company email; allowing a personal computer to connect to a company network through a virtual private network connection (aka VPN connection); by allowing access to personal email accounts while at work; by allowing access to personal cloud storage areas while at work; or by allowing un-controlled portable devices to be used on work computers with no controls in place.

Many of these access rights can be monitored, limited or excluded, according to your needs and situation. For example, USB ports can be configured as read-only, essentially preventing the exportation of data.

What if the user is actually someone who is granted certain administrative rights within the company because it is part of their job responsibility, but they have then allegedly abused those rights post-employment or prior to departure?   

In a recent case, an employee is actually accused of setting up Dropbox™ on the company server before leaving the company and having the software automatically backup (export) the company data on a near-real-time basis.

In my experience as a forensic expert (I am not an attorney), there has always been a delicate balance of interest by courts regarding the importance of preserving potentially relevant data from home computers while maintaining individual privacy concerns. Sometimes referred to as proportionality, sometimes referred to as the balance between relevancy and prejudice.

Continue Reading The Use of Digital Forensics in Trade Secret Matters (Part 2 of 3)

Seyfarth Shaw LLP has released its 2012 edition of Cal-Peculiarities: How California Employment Law is Different, an authoritative guide to the ever-expansive rulings, regulations, and bills that have transformed California into one of the most employee- and plaintiff-friendly venues in the nation.

The 247-page guide is the work of the firm’s California Workplace Solutions Group, which includes many of Seyfarth’s 125 California-based labor and employment attorneys. During the past 13 years, Cal-Peculiarities has earned a national reputation as the must-have manual for executives, line managers, human resources professionals, general counsel, and others whose workplace practices may come under California jurisdiction.

Robert Milligan and Jim McNairy edited the section of the guide regarding non-competes and trade secrets. To obtain hard copies of the complete book or the CD-ROM, please send an email with your contact information to Calpeculiarities@seyfarth.com.

In addition, as we have done the past two years — we are planning a series of events to follow the release of the Cal-Pecs publication. This year we will be conducting our annual webinar on May 31, 2012. You can register for the webinar here.

A collaboration between Beacon Wireless Solutions and Garmin International, to integrate Beacon’s Global Positioning System fleet management vehicle tracking program into Garmin’s personal navigation devices, went awry. Allegedly without Beacon’s knowledge or consent, in order to boost Garmin’s sales, Garmin allegedly published to Beacon’s competitors Beacon’s confidential integration application specifications. Beacon sued, alleging trade secret misappropriation, breach of contract, and unjust enrichment. A few days ago, basing his decision on Kansas law, a U.S. District Court Judge in Virginia denied most of Garmin’s motions for summary judgment. Beacon Wireless Solutions, Inc. v. Garmin Int’l, Inc., Civ. Ac. No. 5:11-cv-0025 (May 9, 2012).

In its motion directed at the misappropriation count, Garmin asserted that, far from being kept confidential, Beacon’s supposed design trade secrets are displayed to Beacon’s customers and derive no value other than by public use. Beacon responded that it is not the individual features but their combination that is confidential, is not easily duplicated, and that enables Beacon’s fleet management system to communicate with a Garmin device. In addition, Beacon maintained that it transferred technical information to Garmin which was a trade secret and did not, as Garmin insisted, constitute mere problem-solving support. The court determined that a jury trial is necessary because genuine issues of material fact exist with regard to whether the combination of design features, and the transferred technical information, constitute trade secrets under Kansas law. However, Garmin’s summary judgment motion was granted as it related to Beacon’s source code and other technical details of Beacon’s software to which Garmin did not have access.

Beacon also avoided summary judgment on its breach of contract count. Under the parties’ non-disclosure agreement, “Confidential information” was defined “to include, but is not limited to” data “relating to a party, its business or products which is marked as confidential or proprietary.” Beacon claimed Garmin breached by disclosing data even though it was not marked “confidential or proprietary” because either (a) the agreement expressly prohibited such disclosure (by using the phrase “includ[ing] but not limited to”), or (b) a question was raised, to be determined by the court, as to whether the agreement was ambiguous in this respect. 

The court ruled that the agreement was unambiguous and clearly requires that information must be labeled as confidential or proprietary to qualify as “Confidential Information.” Surprisingly, however, the court went on to say that “this legal conclusion does not end the analysis” and that a material question of fact remains. 

Beacon and Garmin exchanged unlabeled information and mutually promised to treat it as confidential. Despite a clause in the original contract stating that it could only be amended by a writing signed by both parties, “there is persuasive authority under Kansas law . . . supporting the proposition that an unambiguous written agreement . . . may be modified by a subsequent” unwritten accord. A “reasonable jury could determine that there was a meeting of the minds by the parties, evidenced by their course of conduct, to enter into an agreement to modify the Nondisclosure Agreement’s clause regarding how information exchanged by the parties could qualify as ‘Confidential Information’ under the contract.” 

Finally, Beacon dodged a summary judgment bullet regarding the unjust enrichment count because Beacon gave Garmin more than simply trade secrets. In the court’s view, “a reasonable jury could find that [Beacon’s] provision of ancillary services to [Garmin], which falls outside the purview of the Nondisclosure Agreement, bestowed a benefit upon [Garmin] under circumstances that would render inequitable the retention of that benefit.” 

Recent case law is consistent with the court’s conclusion that a unique combination of secret and non-secret information, that affords a competitive advantage and is not readily ascertainable, is a trade secret. See, e.g., Avid Air Helicopter Supply, Inc. v. Rolls-Royce Corp., 663 F.3d 966, 972 (8th Cir. 2011) (Indiana and Missouri law) (this case was the subject of a recent Seyfarth Shaw trade secrets blog); Tewari De-Ox Syst. v. Mountain States/Rosen, L.L.C., 637 F.3d 604, 613 (5th Cir. 2011) (Texas law); and the dissent in a recent unreported Fourth Circuit decision, Hill Holliday Connors Cosmopulos, Inc. v. Greenfield,433 Fed. Appx. 207, 222-23 (2011 U.S. App. LEXIS 11241). The more unusual ruling in the Beacon-Garmin litigation is that a written contract can be deemed modified by the parties’ course of conduct despite a provision precluding unwritten-unsigned amendments. Readers of this blog should take particular note of that risk. 

During the past week, federal courts around the country have seen a handful of high profile pleas, convictions and sentencing in cases in which defendants are accused of stealing their former employer’s trade secrets. 

On May 7, 2012, Yuan Li, a former research scientist with Sanofi Aventis, who had pled guilty to one count of violating 18 U.S.C. § 1832 (the section of the Economic Espionage Act dealing with commercial economic espionage) in January 2012, was sentenced to 18 months in prison by the United States District Court for the District of New Jersey. In pleading guilty, Li, a Chinese national, admitted to stealing data on Sanofi’s compounds, including their chemical structures, and sending that data via email or through use of a thumb drive to her home computer. Li was also ordered to pay $131,000 in restitution damages to Sanofi.

Later that same week, on May 9, 2012, the United States District Court for the Northern District of California convicted former Silicon Valley engineer, Suibin Zhang, of five counts; three counts for his theft and copying of trade secrets and downloading the trade secrets from a secure database, one count for duplication of trade secrets, and one count for possession of stolen trade secrets. This verdict followed a two-week bench trial before Judge Ronald M. Whyte, which concluded on November 9, 2011.

The evidence presented against Zhang during trial showed that, while employed as a project engineer for Netgear, Inc., he accessed the secure database of Marvell Semiconductor, Inc., downloading information with the intent of using that information after accepting a job at Marvell’s chief competitor, Broadcom Corporation and later loading Marvell’s trade secret information onto his Broadcom laptop. Zhang will be sentenced on August 27, 2012, and could face 10 years in prison, up to $250,000 in fines, plus restitution damages to Marvell if the court deemed such restitution damages appropriate.

Also last week, on May 11, 2012, former Frontier Scientist Inc. chemist, Prabhu Mohaptra, entered a guilty plea in the United States District Court for the District of Utah, pleading guilty to one count of unlawful access to a protected computer. Mohaptra’s guilty plead was in exchange for the government dropping 25 other charges against him. 

Mohaptra admitted to improperly accessing Frontier’s chemical resource notebook and emailing certain chemical formulas to his brother-in-law in India. Mohaptra’s case marks the first time that the Economic Espionage Act was used to prosecute a case in Utah. Mohaptra is scheduled for sentencing on August 28, 2012, at which time he faces up to five years in prison.

Each of these cases highlight the need for companies to monitor the access of its employees to secure databases. Companies should consider using additional preventive means to prohibit employees from stealing trade secrets, such as configuring the operating system to restrict access to external devices, thus, restricting the ability to download information to an external device; blocking a user from uploading information to a web-based site; and/or utilizing software that blocks employees from sending emails to certain domain names. In situations like this, companies may also wish to consider placing blocks on the ability of its employees to email certain domain names that are known to be used for personal email accounts. In an era in which data is becoming increasingly portable, companies much increase their vigilance in monitoring use and exporting of its data and trade secrets.

By Daniel Hart and Bob Stevens

Friday, May 11, 2012 marked the one-year anniversary of Georgia’s new Restrictive Covenant Act ("New Act"). As we have written on this blog before (here and here), passage of the New Act marked a dramatic change in Georgia’s public policy regarding restrictive covenants in employment agreements. Prior to passage of the New Act, Georgia was one of the most difficult jurisdictions for employers to enforce restrictive covenants against former employees. With the passage of the New Act, Georgia is now a comparatively favorable forum for employers seeking to enforce restrictive covenants against former employees.

Among other changes, the New Act creates statutory presumptions under which courts must presume that restrictive covenants two years or less in duration are reasonable in time and that restrictive covenants more than two years in time are unreasonable. It also eases the drafting requirements for specific restrictive covenants, abolishes the previously existing requirement of a time-restriction for non-disclosure provisions, and creates a statutory burden-shifting regime whereby, if employers can meet an initial burden of showing that restrictive covenants are in compliance with the statute, parties challenging such restrictive covenants bear the burden of establishing that the covenants are unreasonable.

Perhaps most significantly, the New Act also permits Georgia courts to "blue pencil" (i.e., partially enforce) restrictive covenants that otherwise would be overbroad and, therefore, completely unenforceable under prior Georgia law. Because the New Act applies only to restrictive covenants entered into on or after May 11, 2011, few court decisions have construed the New Act in the one-year since its passage. But in one decision, the United States District Court for the Northern District of Georgia exercised its power under the New Act to modify a restrictive covenant that would have been unenforceable under previous Georgia law.

In that decision, Pointenorth Ins. Group v. Zander, No. 1:11-cv-3262-RWS, 2011 U.S. Dist. LEXIS 113413 (N.D. Ga. 2011), an employer sought to preliminarily enjoin its former employee from violating customer nonsolicitation covenants in an employment agreement that she signed on May 11, 2011 – the same day that the New Act went into effect. The covenant prohibited the employee from soliciting, accepting, or attempting to solicit or accept, "any of the Employer’s clients which would be in competition with the products or services offered by the Employer, including actively sought prospective clients, with whom Employee had any contact or who were clients of Employer within the three months immediately preceding such termination of this Agreement." The district court granted the employer’s motion for preliminary injunction. Although the covenant was overbroad because it extended to all of the employer’s customers, and not merely those with whom the employee had interacted, the court blue-penciled the provision to prohibit the employee only from soliciting customers whom she had contacted and assisted with insurance. By prohibiting the employee only from "soliciting" these customers, the court also effectively struck the term "accepting" from the provision.

The Pointenorth decision remains significant in that it is the first – and, to date, only – published opinion in which a court has used its power under the New Act to modify an overbroad restrictive covenant. Although only time will tell whether other courts follow the lead of the Pointenorth court, this decision – and the language of the New Act itself – suggest that employers will have considerably greater ease in enforcing restrictive covenants in Georgia than they did prior to enactment of the New Act.

Despite this positive trend for employers, it is also clear that Georgia courts will continue to apply previous Georgia law to agreements that pre-date the New Act, as illustrated by another decision of the United States District Court for the Northern District of Georgia that we previously discussed here. In that case, Boone v. Volt Information Sciences, Inc. v. Corestaff Support Servs., Inc., No. 1:11-CV-1175-RWS 2011, U.S. Dist. LEXIS 119297 (N.D. Ga. 2011), a former employee and his new employer filed a declaratory judgment action against a former employer, seeking a declaration that a noncompete agreement between the employee and former employer was unenforceable under Georgia law. The noncompete agreement had a Delaware choice-of-law provision, and the district court initially concluded that Delaware law would apply to the agreement because Delaware law is in accord with Georgia’s new public policy position on restrictive covenants in employment agreements. On a motion for reconsideration, the district court vacated its prior order, holding that, under the Georgia Court of Appeals’ decision in Bunker Hill Int’l, Ltd. v. Nationsbuilder Ins. Servs., Inc., 710 S.E.2d 662 (Ga. Ct. App. 2011), courts must apply Georgia public policy in effect at the time the agreement was entered into. Because the agreement was signed in 2008, it was subject to Georgia’s old public policy, which was not in accord with Delaware law. Finding that the noncompete agreement was unenforceable as a matter of law under old Georgia law, the court granted summary judgment to the plaintiffs on their claim for declaratory relief.

Despite the limited number of published decisions that have interpreted the New Act in the first year of its existence, three trends appear clear: (1) Georgia courts are considerably more likely to enforce restrictive covenants under the New Act than they were under prior Georgia law, (2) Georgia courts will "blue pencil" overbroad restrictive covenants, and (3) Georgia courts will continue to apply prior Georgia law to agreements that predate the New Act. If you have employees in Georgia and have not yet updated your standard restrictive covenant agreements to take advantage of the New Act, now is an excellent time to take advantage of this change in the law. If you are interested in reviewing your existing restrictive covenant agreements for compliance with the New Act, or if you would like assistance drafting such agreements for your workforce, contact a Seyfarth Shaw Trade Secrets Group attorney.

On April 25, 2012, a federal judge in North Carolina issued a ruling granting in part and denying in part motions to dismiss involving claims for trade secret misappropriation, breach of contract, and conversion in a dispute between two pharmaceutical companies in the case of River’s Edge Pharmaceuticals v. Gorbec Pharmaceutical Services, Inc. This decision confirms, to an extent, the need to plead actual, rather than speculative harm to prevent dismissal for failure to state a claim.

River’s Edge Pharmaceuticals (“River’s Edge”) is a company which distributes pharmaceutical products and aims to provide “reasonably priced alternatives to costly name brand pharmaceuticals.” The company began marketing and developing certain alleged unapproved pharmaceutical products through an FDA approved process known as Drug Efficacy Study Implementation (“DESI”).

In 2007, River’s Edge began working with another pharmaceutical company, Gorbec, to manufacture DESI drugs and test and formulate generic drugs under the Abbreviated New Drug Application (“ANDA”) process. According to the pleadings, the parties agreed to a contract, and agreed the terms would be memorialized in writing, however this was never actually done. River’s Edge began submitting purchase orders to Gorbec, however, and Gorbec performed according to the agreed upon terms.

River’s Edge alleges that beginning in 2010, Gorbec’s executives began making statements about how they owned the “know-how, intellectual property, and regulatory approvals” which River’s Edge had hired and paid them to develop. According to River’s Edge, these statements were made despite the fact that River’s Edge was the actual owner. In addition, Gorbec threatened to stop work on River’s Edge’s products, and made statements of intent to compete with the company. River’s Edge alleges that all of these actions would harm the company and would worsen its chances of getting FDA approval. Gorbec, by contrast, alleged it had agreed to manufacture these drugs based on River’s Edge’s representations and proceeded to do so for three years. However, Gorbec alleges that during that time, River’s Edge received a warning letter from the FDA asking the company to cease sales. River’s Edge allegedly failed to tell Gorbec about it. Gorbec alleges River’s Edge also failed to pay in full for the work they had performed.

River’s Edge filed a complaint against Gorbec and its President, J. Michael Gorman, in the Middle District of North Carolina, requesting declaratory relief, and alleging breach of contract, breach of fiduciary duty, constructive fraud, promissory estoppel, unjust enrichment, conversion, misappropriation of trade secrets, and punitive damages. Gorbec filed a counterclaim, alleging breach of contract, unjust enrichment, negligent misrepresentation, fraud, and unfair and deceptive trade practices.

Both parties recently filed motions to dismiss. Gorbec moved to dismiss all counts of the amended complaint, except for declaratory relief, while River’s Edge moved to dismiss each and every one of Gorbec’s counterclaims.

With regard to breach of contract claim, the court granted Gorbec’s motion in part to the extent the claimed breach was based on Gorbec’s statements of ownership or intent to compete, but denied the motion to the extent the breach alleged pertained to Gorbec’s cessation of ANDA-related work.

Similarly, with respect to the breach of fiduciary duty claim, the court granted the motion to dismiss to the extent the claim was based on Gorbec’s threatened or potential conduct, but denied the motion to the extent the claim was based on Gorbec’s refusal to provide River’s Edge with complete copies of communications with the FDA and info regarding pending ANDAs and said things suggesting ownership of River’s Edge’s intellectual property. The court also dismissed the claims for constructive fraud and unjust enrichment, holding the plaintiff’s allegations failed to state a claim. The court however found that there were sufficient facts to state a claim for both conversion and misappropriation of trade secrets. On the misappropriation of trade secrets cause of action, however, the court held that while there was sufficient facts to state a claim, the burden would be on River’s Edge to show Grobec had the opportunity to acquire, use and disclose such information without consent.

With respect to Gorbec’s counterclaims, the court dismissed the claim for negligent misrepresentation and denied the motion to dismiss for unfair and deceptive trade practices and unjust enrichment, finding sufficient information to state a claim. Additionally, the court found Gorbec had sufficiently alleged a claim for breach of contract regarding the work Gorbec had done for the ANDA process, but dismissed the claim to the extent it was based on River’s Edge’s failure to enter into a marketing agreement. Similarly, the court denied the motion to dismiss the count of fraud to the extent it was based around River’s Edge’s fraudulent concealment of the warning letter, but dismissed the claim to the extent it was based on the idea that River’s Edge formed its own manufacturing company in order to get around its contract.

The Court’s ruling suggests the need to plead with specificity. Here, claims based on speculative damages, and threatened or potential conduct failed to survive dismissal. This confirms the importance of alleging clear harm in one’s pleadings, and shows that to gain a more favorable result for a client, a pleading needs to be framed in such a way that it avoids speculation.

According to a recent filing with the California federal district court in the United States v. Nosal case, the Solicitor General, in consultation with the Criminal Division of the Department of Justice and the United States Attorney’s Office, is still deciding whether to file a writ of certiorari with the United States Supreme Court.

The writ would challenge the Ninth Circuit’s recent decision in the case which circumscribes the use of the Computer Fraud and Abuse Act to primarily hacking activities, rather than violations of employer computer usage policies or internet service providers’ terms of service/use, and request that the Supreme Court resolve the current circuit split. We previously discussed the Court’s decision and its impact. Other legal commentators such as John Marsh, Ken Vanko, and Nick Akerman have weighed in on the decision. The parties’ stipulation indicates that the government’s deadline to file the writ is July 9, 2012.

Should your company be interested in taking a side in the dispute, including joining a letter to the Solicitor General or participating in an amicus filing, please contact your Seyfarth attorney contact or submit your interest here.