By Robert Milligan and Jeffrey Oh

A recent California federal court decision has permitted an employer to pursue a former employee for alleged violations of the employer’s computer usage policies under the Computer Fraud and Abuse Act (“CFAA”), while an en banc Ninth Circuit panel considers the validity of such claims. The Ninth Circuit’s decision in the United States v. Nosal provided employers with a potentially powerful tool under the CFAA to combat data theft by employees and other insiders, only to see the decision rendered non-citable in October 2011 while an en banc Ninth Circuit panel reconsiders the issue.  A recent decision from federal district judge Larry Alan Burns of the United States District Court, Southern District of California, reflects a willingness to allow employers to continue to use the CFAA to combat data theft at least until the en banc panel rules in Nosal.

The case, Platinum Logistics v. Mainfreight and Melissa Ysais, centers around Ms. Ysais, a former sales manager at Platinum Logistics who allegedly violated a binding nondisclosure agreement by taking customer lists and rate sheets in her transition to a competitor.  Platinum Logistics claims that in taking these electronic documents without permission Ms. Ysais violated the CFAA.

In its initial complaint, Platinum Logistics specifically cited § 1030(a)(5)(C), a subsection of the CFAA which prohibits “intentionally access[ing] a protected computer without authorization, and as a result of such conduct, caus[ing] damage and loss.” Ruling on a motion to dismiss, the Court cited the Ninth Circuit’s interpretation of § 1030(a)(5)(C) given in LVRC Holdings LLC v. Brekka in which access without authorization is defined as “without any permission at all.” Given that Ms. Ysais accessed the documents in question while still employed at Platinum Logistics and had accessed them previously within the scope of her job, the Court granted the defendant’s motion to dismiss, but without prejudice to Platinum Logistics. In his discussion on the matter, the Court provided Platinum Logistics with the opportunity to file an amended complaint, citing a different subsection of the CFAA as the potential basis for a valid claim.

According to the Court, Platinum Logistics may have a valid claim under §§ 1030(a)(2) and (a)(4), which offers legal recourse for cases where authorized access is exceeded. As interpreted by the Ninth Circuit in Nosal, “an employee ‘exceeds authorized access’ under § 1030 when he or she violates the employer’s computer access restrictions – including use restrictions.” In the case of Platinum Logistics, Ms. Ysais’s alleged apparent disregard of the company’s non-disclosure agreements in taking electronic documents puts her in violation of the CFAA as it is currently interpreted. Accordingly, the Court provided the plaintiff with an opportunity to amend its complaint to state this claim under the CFAA. Should the plaintiff elect to assert the CFAA claim, the Court ordered the claim stayed pending resolution of Nosal.  

As modern computer technology continues to change the work place and how companies operate, the CFAA continues to serve as an increasingly important legal tool in preventing data theft by employees and insiders. The outcome of Nosal is being closely watched by employers and employees and United States Supreme Court challenge is probably inevitable once the Ninth Circuit renders its decision.

In an a recently published opinion, the Ninth Circuit answered the question whether “LinkedIn, the professional networking website, [may] prevent a competitor, hiQ, from collecting and using information that LinkedIn users have shared on their public profiles, available for viewing by anyone with a web browser?” In affirming the trial court’s injunction enjoining LinkedIn from blocking hiQ’s access to its users’ public profiles, the Ninth Circuit held, among other things, that hiQ’s scraping did not amount to accessing LinkedIn’s users’ data “without authorization,” in violation of the Computer Fraud and Abuse Act (“CFAA”), because the data hiQ was accessing was publicly available and therefore did not fall within the scope of the CFAA. Continue Reading 9th Circuit Takes Narrow View of the Computer Fraud and Abuse Act in LinkedIn Data Scraping Case

Continuing our annual tradition, we present the top developments/headlines for 2017/2018 in trade secret, computer fraud, and non-compete law.

1. Notable Defend Trade Secrets Act Developments

Just two years after its enactment, the Defend Trade Secrets Act (“DTSA”) continues to be one of the most significant and closely followed developments in trade secret law. The statute provides for a federal civil cause of action for trade secret theft, protections for whistleblowers, and new remedies (e.g., ex parte seizure of property), that were not previously available under state trade secret laws. Continue Reading Top Developments/Headlines in Trade Secret, Computer Fraud, and Non-Compete Law in 2017/2018

On Tuesday, October 10, 2017, the United States Supreme Court denied certiorari in Nosal v. United States, 16-1344. Nosal asked the Court to determine whether a person violates the Computer Fraud and Abuse Act’s prohibition of accessing a computer “without authorization” when using someone else’s credentials (with that other user’s permission) after the owner of the computer expressly revoked the first person’s own access rights. In denying certiorari, the Court effectively killed the petitioner’s legal challenge to his conviction in a long-running case that we have extensively covered here, here, here, here, here, here, and here (among other places). The denial of certiorari leaves further development of the scope of the CFAA in the hands of the lower courts. Continue Reading Supreme Court Refuses to Hear Password-Sharing Case, Leaving Scope of Criminal Liability Under Computer Fraud and Abuse Act Unclear

MEME_Cal Pecs eBookSeyfarth Shaw LLP has released its 2017 Edition of Cal-Peculiarities: How California Employment Law Is Different. Included within the publication is an overview of how California law is different in the areas of restrictive covenants , trade secrets, and computer fraud. For example, highlights include:

  • But for a narrow exception, new law provides that a California employer cannot in an employment agreement with an employee who primarily resides and works in California require the employee to (1) adjudicate outside of California a claim arising in California, or (2) accept the application of substantive law other than California’s with respect to a controversy arising in California. Cal. Labor Code § 925.
  • Also, although the Defend Trade Secrets Act of 2016 (DTSA) provides for a federal cause of action for trade secret misappropriation that may be pled in California courts, case law interpreting and applying the preemptive scope of California’s Uniform Trade Secrets Act (CUTSA) may impact what state law tort claims can be pleaded in conjunction with a DTSA claim, even where no CUTSA claim is pleaded.
  • Finally, in 2016, the Ninth Circuit published its opinion in United States v. Nosal, 844 F.3d 1024 (2016), where the court held that unequivocal revocation of computer access makes use of a password shared by an authorized system user to circumvent the revocation of a former employee’s access a crime.

Cal-Pecs provides many more useful details in the areas of areas of restrictive covenants, trade secrets, and computer fraud law. Cal-Pecs is available in an eBook to approved requestors.

submit request button

shutterstock_533123590Continuing our annual tradition, we present the top developments/headlines for 2016 in trade secret, computer fraud, and non-compete law. Please join us for our first webinar of the New Year on February 2, 2017, at 12:00 p.m. Central, where we will discuss these new developments, their potential implications, and our predictions for 2017.

1. Defend Trade Secrets Act

One of the most significant developments of 2016 that will likely have a profound impact on trade secret cases in the coming years was the enactment of the Defend Trade Secrets Act (“DTSA”). The DTSA creates a new federal cause of action for trade secret misappropriation, albeit it does not render state law causes of action irrelevant or unimportant. The DTSA was passed after several years and many failed attempts. The bill was passed with overwhelming bipartisan, bicameral support, as well as backing from the business community.

The DTSA now allows trade secret owners to sue in federal court for trade secret misappropriation, and seek remedies previously unavailable. Employers should be aware that the DTSA contains a whistleblower immunity provision, which protects individuals from criminal or civil liability for disclosing a trade secret if such disclosure is made in confidence to a government official or attorney, indirectly or directly. The provision applies to those reporting violations of law or who file lawsuits alleging employer retaliation for reporting a suspected violation of law, subject to certain specifications (i.e., trade secret information to be used in a retaliation case must be filed under seal). This is significant for employers because it places an affirmative duty on them to give employees notice of this provision in “any contract or agreement with an employee that governs the use of a trade secret or other confidential information.” Employers who do not comply with this requirement forfeit the ability to recoup exemplary damages or attorneys’ fees under the DTSA in an action against an employee to whom no notice was ever provided.

At least one federal district court has rejected an employee’s attempts to assert whistleblower immunity under the DTSA. In Unum Group v. Loftus, No. 4:16-CV-40154-TSH, 2016 WL 7115967 (D. Mass. Dec. 6, 2016), the federal district court for the district of Massachusetts denied a defendant employee’s motion to dismiss and held that a defendant must present evidence to justify the whistleblower immunity.

We anticipate cases asserting claims under the DTSA will be a hot trend and closely followed in 2017. For further information about the DTSA, please see our webinar “New Year, New Progress: 2016 Update on Defend Trade Secrets Act & EU Directive.”

2. EU Trade Secrets Directive

On May 27, 2016, the European Council unanimously approved its Trade Secrets Directive, which marks a sea-change in protection of trade secrets throughout the European Union (“EU”). Each of the EU’s 28 member states will have a period of 24 months to enact national laws that provide at least the minimum levels of protections afforded to trade secrets by the directive. Similar to the DTSA, the purpose of the EU’s Trade Secrets Directive was to provide greater consistency in trade secrets protection throughout the EU. For further information about the EU’s Trade Secrets Directive, please see our webinar “New Year, New Progress: 2016 Update on Defend Trade Secrets Act & EU Directive.”

3. Government Agencies Continue to Scrutinize the Scope of Non-Disclosure and Restrictive Covenant Agreements

Fresh off of signing the DTSA, the Obama White House released a report entitled “Non-Compete Reform: A Policymaker’s Guide to State Policies,” which relied heavily on Seyfarth Shaw’s “50 State Desktop Reference: What Employers Need to Know About Non-Compete and Trade Secrets Law” and contained information on state policies related to the enforcement of non-compete agreements. Additionally, the White House issued a “Call to Action” that encouraged state legislators to adopt policies to reduce the misuse of non-compete agreements and recommended certain reforms to state law books. The Non-Compete Reform report analyzed the various states that have enacted statutes governing the enforcement of non-compete agreements and the ways in which those statutes address aspects of non-compete enforceability, including durational limitations; occupation-specific exemptions; wage thresholds; “garden leave;” enforcement doctrines; and prior notice requirements.

With those issues in mind, the Call to Action encourages state policymakers to pursue three “best-practice policy objectives”: (1) ban non-competes for categories of workers, including workers under a certain wage threshold; workers in occupations that promote public health and safety; workers who are unlikely to possess trade secrets; or workers who may suffer adverse impacts from non-competes, such as workers terminated without cause; (2) improve transparency and fairness of non-competes by, for example, disallowing non-competes unless they are proposed before a job offer or significant promotion has been accepted; providing consideration over and above continued employment; or encouraging employers to better inform workers about the law in their state and the existence of non-competes in contracts and how they work; and (3) incentivize employers to write enforceable contracts and encourage the elimination of unenforceable provisions by, for example, promotion of the use of the “red pencil doctrine,” which renders contracts with unenforceable provisions void in their entirety.

While some large employers have embraced the Call to Action, even reform-minded employers are likely to be wary of some of these proposals. Moreover, this initiative may die or be limited with the new Trump administration.

On October 20, 2016, the Department of Justice (“DOJ”) and the Federal Trade Commission (“FTC”) jointly issued their “Antitrust Guidance for Human Resource Professionals.” The Guidance explains how antitrust law applies to employee hiring and compensation practices. The agencies also issued a “quick reference card” that lists a number of “antitrust red flags for employment practices.” In a nutshell, agreements (whether formal or informal) among employers to limit or fix the compensation paid to employees or to refrain from soliciting or hiring each other’s employees are per se violations of the antitrust laws. Also, even if competitors don’t explicitly agree to limit or suppress compensation, the mere exchange of compensation information among employers may violate the antitrust laws if it has the effect of suppressing compensation.

In recent years, the National Labor Relations Board (“NLRB”) has issued numerous decisions in which workplace rules were found to unlawfully restrict employees’ Section 7 rights. Last year, the U.S. Court of Appeals for the D.C. Circuit denied Quicken Loans, Inc.’s petition for review of an NLRB decision finding that confidentiality and non-disparagement provisions in the company’s Mortgage Banker Employment Agreement unreasonably burdened employees’ rights under Section 7 of the NLRA.

4. New State Legislation Regarding Restrictive Covenants

Oregon has limited the duration of employee non-competes to two years effective January 1, 2016. Utah has enacted the Post-Employment Restrictions Amendments, which limits restrictive covenants to a one-year time period from termination. Any restrictive covenant that is entered into on or after May 10, 2016, for more than one year will be void. Notably, Utah’s new law does not provide for a court to blue pencil an agreement (i.e., revise/modify to the extent it becomes enforceable), rather the agreement as a whole will be deemed void if it is determined to be unreasonable.

In what appears to have become an annual tradition, Massachusetts legislators have attempted to pass legislation regarding non-competes, to no avail. Two other states in New England, however, are able to claim accomplishments in that regard. Specifically, Connecticut and Rhode Island each enacted statutes last summer imposing significant restrictions on the use of non-compete provisions in any agreement that establishes employment or any other form of professional relationship with physicians. While Connecticut’s law limits only the duration and geographic scope of physician non-competes, Rhode Island completely banned such provisions in almost all agreements entered into with physicians.

5. Noteworthy Trade Secret, Computer Fraud, and Non-Compete Cases

In Golden Road Motor Inn, Inc. v. Islam, 132 Nev. Adv. Op. 49 (2016), the Supreme Court of Nevada refused to adopt the “blue pencil” doctrine when it ruled that an unreasonable provision in a non-compete agreement rendered the entire agreement unenforceable. Accordingly, this means that employers conducting business in Nevada should ensure that non-compete agreements with their employees are reasonably necessary to protect the employers’ interests. Specifically, the scope of activities prohibited, the time limits, and geographic limitations contained in the non-compete agreements should all be reasonable. If an agreement contains even one overbroad or unreasonable provision, the employer risks having the entire agreement invalidated and being left without any recourse against an employee who violates the agreement.

The Louisiana Court of Appeal affirmed a $600,000 judgment, plus attorneys’ fees and costs, against an ex-employee who violated his non-compete when he assisted his son’s start-up company compete with the ex-employee’s former employer. See Pattridge v. Starks, No. 50,351-CA (Louisiana Court of Appeal, Feb. 24, 2016) (Endurall III).

A Massachusetts Superior Court judge struck down a skin care salon’s attempt to make its non-compete agreement seem prettier than it actually was. In denying the plaintiff’s motion for a preliminary injunction, the court stressed that employees’ conventional job knowledge and skills, without more, would not constitute a legitimate business interest worth safeguarding. See Elizabeth Grady Face First, Inc. v. Garabedian et al., No. 16-799-D (Mass. Super. Ct. March 25, 2016).

In a case involving alleged violations of the Kansas Uniform Trade Secrets Act (“KUTSA”) and the Computer Fraud and Abuse Act (“CFAA”), a Kansas federal district court granted a defendant’s motion for summary judgment, holding that (a) payments to forensic experts did not satisfy the KUTSA requirement of showing an “actual loss caused by misappropriation” (K.S.A. 60-3322(a)), and (b) defendant was authorized to access the company’s shared files and, therefore, he did not violate the CFAA. See Tank Connection, LLC v. Haight, No. 6:13-cv-01392-JTM (D. Kan., Feb. 5, 2016) (Marten, C.J.).

The Tennessee Court of Appeals held that the employee’s restrictive covenants were unenforceable when the employer had not provided the employee with any confidential information or specialized training. See Davis v. Johnstone Group, Inc., No. W2015-01884-COA-R3-CV (Mar. 9, 2016).

Reversing a 2-1 decision of the North Carolina Court of Appeals, the state’s Supreme Court held unanimously that an assets purchase-and-sale contract containing an unreasonable territorial non-competition restriction is unenforceable Further, a court in that state must strike, and may not modify, the unreasonable provision. See Beverage Systems of the Carolinas, LLC v. Associated Beverage Repair, LLC, No. 316A14 (N.C. Sup. Court, Mar. 18, 2016).

The Ohio Court of Appeal upheld a non-compete giving the former employer discretion to determine whether an ex-employee was working for a competitor. See Saunier v. Stark Truss Co., Case No. 2015CA00202 (Ohio App., May 23, 2016).

In a clash between two major oil companies, the Texas Supreme Court ruled on May 20, 2016, that the recently enacted Texas Uniform Trade Secrets Act (“TUTSA”) allows the trial court discretion to exclude a company representative from portions of a temporary injunction hearing involving trade secret information. The Court further held a party has no absolute constitutional due-process right to have a designated representative present at the hearing.

A Texas Court of Appeals held on August 22, 2016, that a former employer was entitled to $2.8 million in attorneys’ fees against a former employee who used the employer’s information to compete against it. The Court reached this ruling despite the fact that the jury found no evidence that the employer sustained any damages or that the employee misappropriated trade secrets.

In Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., Case No. 4:13-CV-4021 (7th Cir., Jan. 21, 2016), the Seventh Circuit Court of Appeals affirmed a district court’s conclusion that a plaintiff had produced no evidence refuting the defendant’s contention that it honestly believed it was engaging in lawful business practices rather than intentionally deceiving or defrauding the plaintiff. Even though the plaintiff’s technology did not expressly permit third parties to access the digitized records and use the information without printing copies, thereby avoiding payment of fees to plaintiff, such access and use were not prohibited.

A divided Ninth Circuit panel affirmed the conviction of a former employee under the CFAA, holding that “[u]nequivocal revocation of computer access closes both the front door and the back door” to protected computers, and that using a password shared by an authorized system user to circumvent the revocation of the former employee’s access is a crime. See United States v. Nosal, (“Nosal II”) Nos. 14-10037, 14-10275 (9th Cir. July 5, 2016).

The Ninth Circuit in Facebook v. Power Ventures, Case No. 13-17154 (9th Cir. Jul. 12, 2016), held that defendant Power Ventures did not violate the CFAA when it made copies and extracted data from the social media website despite receiving a cease and desist letter. The court noted that Power’s users “arguably gave Power permission to use Facebook’s computers to disseminate messages” (further stating that “Power reasonably could have thought that consent from Facebook users to share the [Power promotion] was permission for Power to access Facebook’s computers”) (emphasis in original). Importantly, the court found that “[b]ecause Power had at least arguable permission to access Facebook’s computers, it did not initially access Facebook’s computers ‘without authorization’ within the meaning of the CFAA.”

6. Forum Selection Clauses

California enacted a new law (Labor Code § 925) that restrains the ability of employers to require employees to litigate or arbitrate employment disputes (1) outside of California or (2) under the laws of another state. The only exception is where the employee was individually represented by a lawyer in negotiating an employment contract. For companies with headquarters outside of California and employees who work and reside in California, this assault on the freedom of contract is not welcome news.

We also continued to see federal district courts enforcing forum selection clauses in restrictive covenant agreements. For example, a Massachusetts federal district court last fall transferred an employee’s declaratory judgment action to the Eastern District of Michigan pursuant to a forum-selection clause in a non-compete agreement over the employee’s argument that he had signed the agreement under duress because he was not told he would need to sign it until he had already spent the money and traveled all the way from India to the United States.

7. Security Breaches and Data Theft Remain Prevalent

2016 was a record year for data and information security breaches, one of the most notably being WikiLeaks’ release of emails purportedly taken from the Democratic National Committee’s email server. According to a report from the Identity Theft Resource Center, U.S. companies and government agencies saw a 40% increase in data breaches from 2015 and suffered over a thousand data breaches. Social engineering has become the number one cause of data breaches, leaks, and information theft. Organizations should alert and train employees on following policy, spotting potential social engineering attacks, and having a clear method to escalate potential security risks. Employee awareness, coupled with technological changes towards better security will reduce risk and exposure to liability. For technical considerations and best practices and policies of attorneys when in the possession of client data, please view our webinar, “A Big Target—Cybersecurity for Attorneys and Law Firms.”

8. The ITC’s Extraterritorial Authority in Trade Secret Disputes

In a case involving the misappropriation of U.S. trade secrets in China, the U.S. Supreme Court was asked to decide whether Section 337 of the Tariff Act does, in fact, authorize the U.S. International Trade Commission (“ITC”) to investigate misappropriation that occurred entirely outside the United States. See Sino Legend (Zhangjiangang) Chemical Co. Ltd. v. ITC. The crux of Sino Legend’s argument was that for a statute to apply abroad, there must be express congressional intent. Not surprisingly, Sino Legend argued that such intent was missing from Section 337 of the Tariff Act. In Tianrui Group Co. Ltd. v. ITC, 661 F.3d 1322 (Fed. Cir. 2011), the Federal Circuit held that such intent was manifest in the express inclusion of “the importation of articles … into the United States” which evidenced that Congress had more than domestic concerns in mind. On January 9, 2017, the Supreme Court denied Sino Legend’s petition for certiorari, thereby keeping the ITC’s doors open to trade secret holders seeking to remedy misappropriation occurring abroad. For valuable insight on protecting trade secrets and confidential information in China and other Asian countries, including the effective use of non-compete and non-disclosure agreements, please check out our recent webinar titled, “Trade Secret and Non-Compete Considerations in Asia.”

We thank everyone who followed us this year and we really appreciate all of your support. We will continue to provide up-to-the-minute information on the latest legal trends and cases in the U.S. and across the world, as well as important thought leadership and resource links and materials.

shutterstock_236620168On July 12, 2016, the Ninth Circuit filed its published opinion in Facebook, Inc. v. Power Ventures, Inc., et al., Case No. 13-17154 (“Power Ventures”).  Power Ventures is the latest in a series of decisions from the Ninth Circuit relating to the type of activities potentially giving rise to liability under the Computer Fraud and Abuse Act (18 U.S.C. §1030) (“CFAA”). Power Ventures has potentially important implications for the ways that businesses create, store, and monetize data through computers and web-based applications. Unlike the court’s Nosal line of decisions, Power Ventures is focused more on internet-based conduct that may violate the CFAA.

The underlying legal dispute between the parties began in 2008, when Facebook filed suit against Power Ventures, Inc. (“Power”) in the USDC for the Northern District of California. Power, which aggregated data from different social networking sites using, among other things, automated scripts (i.e., “scraping”), enabled people with various social media accounts to access all of their information in one place. Power used user-provided social media log-in information to import people’s information to a Power portal. In an effort to promote itself and attract users, Power then contacted via e-mail Facebook users’ friends, making it appear as if the e-mails came from Facebook.

Upon learning of Power’s activities, Facebook sent Power a cease and desist letter and used IP blocks in an attempt to prevent Power from obtaining Facebook data (IP blocking is a process by which a computer or network is directed to ignore all communications from a particular IP address). But Power continued to copy Facebook data and took measures to evade the IP blocks.

Although the Ninth Circuit analyzed whether Power’s conduct violated the federal CAN-SPAM Act (finding that it did not, and reversing District Court Judge Lucy Koh), the court’s analysis of the CFAA issues are most noteworthy. The court first walked through its United States v. Nosal CFAA decisions (from 2012 and July 5, 2016; see our coverage of these decisions here and here) to “distill two general rules” in analyzing the issue of authorized access under the CFAA:

(1) “a defendant can run afoul of the CFAA when he or she has no permission to access a computer or when such permission has been revoked explicitly” (noting that “once permission has been revoked, technological gamesmanship or the enlisting of a third party to aid in access will not excuse liability”); and

(2) “a violation of the terms of use of a website—without more—cannot be the basis for liability under the CFAA.”

Applying these rules, the court noted that Power users “arguably gave Power permission to use Facebook’s computers to disseminate messages” (further stating that “Power reasonably could have thought that consent from Facebook users to share the [Power promotion] was permission for Power to access Facebook’s computers”) (emphasis in original). Importantly, the court found that “[b]ecause Power had at least arguable permission to access Facebook’s computers, it did not initially access Facebook’s computers ‘without authorization’ within the meaning of the CFAA.”

The court declined, in a footnote, to “decide whether websites such as Facebook are presumptively open to all comers, unless and until permission is revoked expressly” (citing to a law review article asserting that “websites are the cyber-equivalent of an open public square in the physical world”).
Instead, the court found that a cease and desist letter sent to Power by Facebook expressly rescinded the permission granted by Facebook users to Power and put Power on notice that it “was no longer authorized to access Facebook’s computers.” The letter informed Power that, in Facebook’s view, Power had violated Facebook’s Terms of Use and directed Power to cease using Facebook content or otherwise interacting with Facebook through automated scripts.

Power continued to access Facebook and took steps to evade the IP blocks that Facebook put in place. The court noted discovery from the trial court that appears to reflect a concerted effort by Power to wire around Facebook’s countermeasures and a likely awareness that Power’s conduct implicated the CFAA.

To explain its finding that the Facebook cease and desist letter had revoked Power’s permission to access Facebook, the court analogized the circumstances to a person who wanted to borrow a friend’s jewelry held in a bank safe deposit box. The court said that the borrower would need permission from the bank and the safe deposit box holder to access the box if the bank had determined that it did not want the borrower on its premises (in the court’s example, because the borrower brought a shotgun to the bank when entering to access the safe deposit box).

Although the court’s analogy might have helped it better understand the technology and information flow at issue in Power Ventures, it lacks the nuance that can swirl around alleged “scraping” scenarios where there are sometimes questions concerning whether “access” under the CFAA has occurred and whether there is a protectable or property interest in the data scraped (in the court’s analogy, the jewelry was the safe deposit box holder’s property, but what was the data equivalent in Power Ventures and, under different facts, what might be the bank’s property interest?).

The court then went on to distinguish Power from its Nosal decisions and, in doing so made some interesting observations (arguably in dictum) about the legal effect of Facebook’s Terms of Use. The court observed that “Facebook and Power had no direct relationship, and it does not appear that Power was subject to any contractual terms that it could have breached.” It is unclear whether, by making this statement, the court is saying that, by its conduct, Power and Facebook had not entered into a contract (e.g., the Facebook Terms of Use) or rather there simply were no terms within the Terms of Use that prohibited Power’s conduct.

Notably, Facebook does not appear to have pleaded a breach of contract claim in the trial court.

In any event, whether a website’s terms of use will apply to and bind a party that attempts to “scrape” data from the website is likely to be further litigated as the intersection of traditional contact formation principles meet the evolving standards under “browser-wrap” and “click-wrap” agreements.

This much is clear from Power Ventures: Those who use websites to conduct business would be well-served to (1) carefully consider the drafting and use of website terms of use; (2) diligently monitor their websites and associated computers/servers for any access, and the means of access, by anyone other than authorized users; and (3) where unauthorized access is detected, to act promptly to notify in writing those who have potentially made such access of the conduct alleged to be improper/unlawful and demand that such conduct cease.

Cyberspace and e-commerce law will continue to evolve rapidly, so banks best keep an eye out for those skilled in the programming arts along with shotgun-toting borrowers of jewelry.

shutterstock_414545476Not exactly. A divided Ninth Circuit panel recently affirmed the conviction of a former employee under the Computer Fraud and Abuse Act (“CFAA”), holding that “[u]nequivocal revocation of computer access closes both the front door and the back door” to protected computers, and that using a password shared by an authorized system user to circumvent the revocation of the former employee’s access is a crime. United States v. Nosal, (“Nosal II”) Nos. 14-10037, 14-10275 (9th Cir. July 5, 2016). The dissenting opinion raised concerns that the majority opinion would criminalize password-sharing in a wide variety of contexts where the password was shared by an authorized user but in violation of a service provider’s terms of service, such as for email or social networking.

An inside job

David Nosal was a recruiter employed by the executive search firm Korn/Ferry. To serve its clients and help place executives in response to talent searches, Korn/Ferry maintained a confidential, proprietary database containing detailed personal information about over one million executives. Nosal left Korn/Ferry and launched a competing firm with two other Korn/Ferry colleagues. Korn/Ferry revoked Nosal and his colleagues’ authorization to access its database. After Nosal and his colleagues left Korn/Ferry, Nosal’s colleagues accessed the database at his behest using the log-in credentials of Nosal’s former executive assistant, who remained employed at Korn/Ferry and who was authorized to access the database. They used the assistant’s valid credentials in order to run searches for candidates and thereby compete with Korn/Ferry. Nosal was convicted of violating the CFAA on a theory of accomplice liability based on his colleagues’ actions. He was ordered to pay a sizeable restitution award to Korn/Ferry.

What does “without authorization” mean, anyway?

The CFAA imposes criminal penalties on whoever “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value . . . .” 18 U.S.C. § 1030(a)(4) (emphasis added). In a previous appeal in the Nosal case (“Nosal I”), the Ninth Circuit held that the “exceeds authorized access” prong makes criminal conduct out of “violations of [a company’s] use restrictions.” The Ninth Circuit’s decision in Nosal II, however, focused entirely on the “without authorization” prong of the CFAA.

The majority concluded that “without authorization” is unambiguous, and that the Ninth Circuit’s ruling in LVCR Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009) applied to Nosal’s conduct: “[A] person uses a computer ‘without authorization’ under [the CFAA] . . . when the employer has rescinded permission to access the computer and the defendant uses the computer anyway.” The court stated that refusing to apply the CFAA to circumstances where an authorized user shared log-in credentials with a person whose credentials had been revoked by the owner of a protected computer system would “remove from the scope of the CFAA any hacking conspiracy with an inside person. That surely was not Congress’s intent.”

So is password-sharing now a crime?

Judge Reinhardt dissented from the majority’s opinion, expressing concerns that the ruling would criminalize “password sharing.” Judge Reinhardt warned that the majority opinion “threatens to criminalize all sorts of innocuous conduct” and does not provide “a workable line which separates the consensual password sharing in this case from the consensual password sharing of millions of legitimate account holders, which may also be contrary to the policies of system owners” like email service providers or social networking sites. Judge Reinhardt asserted that, in order to avoid criminalizing such commonplace conduct, the “best reading of ‘without authorization’ in the CFAA is a narrow one: a person accesses an account ‘without authorization’ if he does so without having the permission of either the system owner or a legitimate account holder.” (Emphasis original.)

It will be left to future cases to ascertain the outer boundaries of the majority’s holding. It seems unlikely that the Ninth Circuit would uphold a CFAA conviction of a person who watched Netflix using a friend’s login credentials, but Judge Reinhart correctly points out that there is no inherently limiting language in the statute itself. So, future litigants may focus on the Nosal II majority’s discussion of “revocation of access” as a means to distinguish simple password sharing. It would be one thing for a person to use a friend’s Netflix account to watch movies; it would be another thing if the person had previously had a Netflix account revoked for downloading and selling pirated copyrighted works, then used a friend’s account to circumvent the “revocation of access” and continue such piracy. The problem is, the statute’s language does not make any distinctions based on “revocation of access.” It remains to be seen whether Nosal II provides a workable rule for applying the CFAA in future cases.

Practical Implications for Employers

Setting aside the great password-sharing debate, Nosal II makes clear that criminal sanctions can be imposed against former employees who improperly access their employer’s systems after their authorization to do so is revoked by the employer. Whether former employees use their old log-in credentials or use those of current employees who are themselves authorized to use the employer’s systems, Nosal II means that any such access is “without authorization” under the CFAA.

shutterstock_208633174Background

Imagine if you could manage all of your social media platforms on one app.  Believe it or not, there was an app for that (or, at least a website), created by a company named Power Ventures (“Power”).  Back in 2008, Power instituted its “Power 100” campaign, which offered its users the chance to win $100 if they invited 100 friends to join.  After asking its users’ permission, Power would access its users’ Facebook accounts to send messages to friends of its users to encourage them to join Power.  These messages were sent to friends of Power users from email addresses containing Facebook in the source name (e.g., amy@facebookmail.com), thus giving the impression that the messages came from Facebook personnel, not from Power.

Lo and behold, the “real” Facebook became aware of Power’s plan and tried to stop it through the use of an IP block, which Power was able to overcome.  Facebook continued combatting Power’s activity by sending cease and desist letters, reiterating how Power’s activities went beyond the scope of its authorized use, but Power failed to act in compliance with these requests.  Thereafter, Facebook slapped Power with a lawsuit, alleging (among other things) a violation of the Computer Fraud and Abuse Act (“CFAA”), primarily based on Power’s unauthorized use of Facebook data and systems.  Four years later in 2012, the U.S. District Court for the Northern District of California found that Power indeed violated Section (a)(2)(C) of the CFAA.  The following year, the district court issued an order granting not only a permanent injunction against Power, but also prescribed damages in excess of $3 million to be paid to Facebook.

Status of the Case

As perhaps any party would do following such a dismal outcome at district court, Power decided to appeal to the Court of Appeals for the Ninth Circuit.  Oral arguments were heard in December, and a Ninth Circuit court opinion is expected to come down in the coming months.

Ninth Circuit Oral Argument

At oral argument, counsel for Power argued that Power could not have violated the CFAA because it never owned the data at issue in the case.  As such, it was beyond Facebook’s power to grant or deny authorization to user accounts to third-parties.  Counsel pressed that acting with authorization means one has authorization from the owner of the data; Facebook, according to Power’s counsel, explicitly disclaimed ownership of such data.  In other words, because individual Facebook users granted Power access to their accounts, Power was acting within the scope of authorization, and is therefore not liable to Facebook under the CFAA.

From another standpoint came Power’s former CEO, Steve Vachani, who made a statement that Facebook, now a social media giant, is acting anti-competitively by still litigating this case after seven years.  Counsel for Facebook disagreed, saying that his client was not being anti-competitive, but rather acting in compliance with its legal obligations.

Third-Party Perspectives

This is not the only CFAA-related case the Ninth Circuit has faced as of late.  Some time ago, the court heard oral arguments for the U.S. v. Nosal case, blogged here.  Given the recent interest in this CFAA line of cases, commentators have piped up and expressed their thoughts on the CFAA and its application to password sharing scenarios.

For instance, the Electronic Frontier Foundation (“EFF”) wrote as amici in support of Power’s position, noting that Facebook’s use of the CFAA is “dangerous to follow-on innovators and consumers and would criminalize widely accepted Internet behavior.”

Additionally, Professor Orin Kerr appears to support curbing the interpretation and application of the CFAA to password sharing scenarios and believes any user of a personal account may authorize a third-party agent to access the account, but such would not be the case if the individual were acting within the scope of employment.  In other words, if the individual gave her employer’s account credentials to a third-party agent for the third-party’s own purposes, that would not constitute authorization because it would be beyond the employer’s grant of authorization to its employee.

Takeaways

Given the compensatory and equitable damages awarded to Facebook at the district court level, it will be especially interesting to see if the Ninth Circuit upholds the district court findings and damages, especially against a now defunct company.  Upholding the district court’s damages award will certainly call practitioners and their clients to attention.

It will also be interesting to see if the Ninth Circuit somehow consolidates its rationale in Nosal into this case, and finally carves a distinction between password sharing in the workplace and personal password sharing scenarios.

shutterstock_334793126Continuing our tradition of presenting annually our thoughts concerning the top 10 developments/headlines this past year in trade secret, computer fraud, and non-compete law, here—in no particular order—is our listing for 2015 and a few predictions for 2016.  Please join us for our first webinar of the New Year on January 29, 2016 discussing these developments/headlines.

1) Enactment of federal trade secret legislation moves closer, while federal non-compete bill gains no traction.  In last year’s Top 10 listing, and in several blog posts from 2015, we described the ongoing effort of a large bipartisan group of U.S. Senators and Representatives to create a federal civil cause of action for trade secret misappropriation (according to govtrack.us, as of January 11, 2016 there were 23 cosponsors of such legislation in the Senate and 107 in the House).  The proposed bill is entitled “The Defend Trade Secrets Act of 2015” (“DTSA”).  On December 2, 2015, the Senate Judiciary Committee held a hearing on the DTSA and it received a positive reaction from the Committee. We expect that the DTSA will be voted on by Congress in the spring of 2016.

Many industry representatives who have written or spoken on the subject support the DTSA.  They cite such reasons as: (a) it will provide uniform statutory provisions in contrast to the “Uniform Trade Secrets Act” (“UTSA”)—adopted by every state except New York and Massachusetts—but which contains some significant state variations; (b) rather than litigate in state courts, some attorneys and companies prefer federal courts, particularly because of federal bench experience with patent, trademark, and copyright cases; (c) personal jurisdiction over defendants may be easier to obtain in a federal court than in a state court with respect to individuals or businesses charged with claims involving overseas trade secret misappropriation or computer fraud and discovery of parties and non-parties may be easier to conduct in federal court; and (d) the statute of limitations in the proposed DTSA is longer, and the maximum amount that can be awarded as punitive damages is higher than the amount available under the UTSA.

A number of academics oppose adoption of the DTSA.  They suggest that the expense of litigating in federal court often exceeds the cost of handling a case in a state court.  Some also take issue with, among other sections, the ex parte seizure provisions in the DTSA (although proponents cite those provisions as advantages).  Opponents of the DTSA mention that the UTSA has had years of judicial interpretation that provides some measure of predictability.  Opponents have also voiced concern with respect to some potentially ambiguous terms in the proposed DTSA.

We also reported on proposed federal legislation to ban enforcement of non-competes against low wage employees and to require employers to disclose in advance that employees must sign non-competes.  The Senate bill is called “Mobility and Opportunity for Vulnerable Employees” (“MOVE”).  At present, MOVE has few sponsors and does not appear to be gaining any traction.

Please see our dedicated page for the latest updates on the proposed federal trade secret legislation. As discussed below, we expect regulators and employees to continue to challenge the necessity and breadth and scope of non-compete agreements in certain industries.

2) Watch for challenges to (a) confidentiality covenants interpreted as discouraging cooperation with government agency investigations or chilling Section 7 rights and (b) “do-not-hire” agreements.  In 2015, federal government agencies such as the SEC took aim at confidentiality clauses seemingly intended to dissuade employees from whistleblowing with respect to alleged employer misconduct.  Additionally, the NLRB continued its crusade of striking employer confidentiality agreements/policies that may chill employees from exercising their rights under the National Labor Relations Act. Accordingly, we expect that non-disclosure provisions that interfere with government investigations or chill Section 7 rights will continue to be scrutinized in 2016.  Further, the government previously challenged agreements among competitors that prohibited them from hiring their competitors’ employees.  Plaintiffs’ attorneys have attempted to capitalize on such efforts by bringing class actions for alleged unlawful “do-not-hire” arrangements between competitors and some cases have resulted in large settlements. We expect to see more such cases in 2016.

3) The Ninth Circuit’s narrow interpretation of the Computer Fraud and Abuse Act (“CFAA”) was supported by some courts in other circuits, but rejected by others, and other computer hacking issues continue to percolate.  The CFAA states that one who “intentionally accesses a computer without authorization or exceeds authorized access” commits a crime.  18 U.S.C. § 1030.  In 2012, in U.S. v. Nosal, the Ninth Circuit Court of Appeals (in a divided en banc decision) adopted the narrow interpretation that the only intended targets of the law were hackers who “break into” a computer and that the statute does not criminalize the unauthorized use of computerized data by misguided employees.  676 F.2d 854.  The same court reiterated that view in U.S. v. Christensen, Nos. 08-50531, et al. (Aug. 28, 2015).  The court added, however, that California Penal Code § 502, which prohibits taking or using information on a computer without permission, does not require unauthorized access and, therefore, is markedly unlike 18 U.S.C. § 1030.

In decisions announced before 2015, the Fourth Circuit concurred with Nosal, but the First, Fifth, Seventh, and Eleventh disagreed.  Judicial decisions in 2015 supported each position and, therefore, further muddied the waters.

In U.S. v. Valle, Nos. 14-2710-cr and 14-4396-cr (2d Cir., Dec. 3, 2015) (2-1 decision), the majority concluded that there is equal merit to the narrow statutory interpretation announced in Nosal, and the diametrically opposed, broader interpretation set forth by courts disagreeing with Nosal.  Based solely on the doctrine of lenity, the Second Circuit adopted the narrow view.

Judges have reached opposite conclusions regarding Nosal (compare, for example, Experian Marketing Solutions, Inc. v. Lehman, No. 15-cv-476 (W.D. Mich., Sept. 25, 2015) and Allied Portables v. Youmans, 2015 WL 6813669 (June 15, 2015) (following Nosal), with Epic Systems Corp. v. Tata Consultancy Services Ltd., No. 14-cv-748 (W.D. Wis., Nov. 18, 2015) (rejecting Nosal)).  A judge in the Eastern District of Michigan wrote a lengthy criticism of Nosal, and a prediction that the Sixth Circuit would not follow the Ninth, but the judge ultimately decided that the complaint before him stated a cause of action regardless of which statutory interpretation was intended.  American Furukawa, Inc. v. Hossain, No. 14-cv-13633 (May 6, 2015).  These widely disparate rulings will leave many employers without a clear path to follow.

Moreover, one Assistant U.S. Attorney told Congress in 2015 that the CFAA should be amended to clarify which of the two conflicting views Congress intended.  We predict that, unless the statute is amended, the U.S. Supreme Court will have to resolve the circuit court split.

Additionally, we expect that the Ninth Circuit will issue another decision in the U.S. v. Nosal case this year to address whether password sharing to obtain access to a protected computer is actionable under the CFAA. Additionally, we expect to see more Penal Code section 502 claims in California based upon the alleged misuse of company information “without permission.”

4) Security breaches continue to plague owners of confidential data.  Hackers, nation states, competitors, and disgruntled employees are among those responsible for the breach and dissemination of confidential data.  Following the Ashley Madison incident and some other highly publicized incidents, we expect to see more data breaches and resulting litigation in 2016, particularly in those jurisdictions where courts have been willing to soften the standing requirements for maintaining such suits. To guard against this risk, it is essential that companies have comprehensive information security policies and solid data breach response plans in place.

Sometimes the breach benefits only a single individual or entity, such as when an employee transfers employers and provides proprietary information belonging to the former employer to the new employer.  However, the more serious consequences occur when, without the owner’s authorization, such data is published on-line for all the world to see.  To make matters worse, social media privacy legislation and other privacy laws can often frustrate efforts to identify the thief and to abort the publication.

In connection with a recent New York Supreme Court—New York’s trial court—injunction hearing, a party accidentally filed its trade secrets on the New York State Courts Electronic Filing system.  The adversary insisted, over the vehement objection of the party that made the inadvertent filing, that this act constituted a posting on the Internet that rendered the information publicly available.  The court has delayed making a definitive ruling. On the other coast, the Northern District of California recognized that the issue occurring in New York could arise in California.  The court, proactively, promulgated guidelines on its website for the prompt and effective removal of erroneous e-filings.

5) Employers’ attempts to enforce non-compete and non-solicitation covenants against lower level employees troubles courts and legislators.  At one time, courts normally appeared sympathetic to the principle espoused by employers that parties’ non-competition and non-solicitation covenants were contracts that should be enforced.  In 2015, although some courts enforced restrictive covenants, a number of judges refused to grant preliminary injunctions sought by former employers against ex-employees.  See, e.g., Great Lakes Home Health Services Inc. v. Crissman, No. 15-cv-11053 (E.D. Mich., Nov. 2, 2015); Evans v. Generic Solutions Engineering, No. 5D15-578 (Fla. App., Oct. 30, 2015); Burleigh v. Center Point Contractors, 2015 Ark. App. 615 (Oct. 28, 2015).  Each of these courts concluded that the employers had not demonstrated the requisite extreme need for injunctive relief and protection.  We expect courts to continue to make it difficult on employers to obtain injunctive relief in 2016, particularly where the employee is lower level and there is no clear evidence of imminent harm. We also saw some efforts (though not successful) in Michigan, Washington, Iowa, and Massachusetts to ban or otherwise limit non-competes.

6) Enforcement of restrictive covenants against franchisees gains traction.  The NLRB signaled in 2015 its view that a franchisor’s control over the business practices of franchisees may lead to treating the franchisor as a joint employer of the franchisees’ employees.  Additionally, some courts held in 2015 that restrictive covenants in a franchise agreement could be enforced by the franchisor against both the franchisees and persons who benefit from but are not signatories to the franchise agreement.

Some franchisors have sued to enforce covenants in contracts with franchisees.  An Ohio federal judge in 2015 ordered an ex-franchisee that had signed a confidentiality agreement to return to the franchisor its operations manual, brochures, contracts, correspondence, client files, computer database, and other records relating to the franchise agreement.  H.H. Franchising Sys., Inc. v. Aronson, No. ­12-cv-708 (Jan. 28, 2015).  Additionally, a Wisconsin judge held that an individual who was not a signatory to a franchise agreement that included a confidentiality clause, but who had benefitted from the franchise, was prohibited from using the franchisor’s trade secrets.  Everett v. Paul Davis Restoration, Inc., No. 10-C-634 (E.D. Wis., Apr. 20, 2015). We expect to see more litigation involving franchisees and related parties in 2016.

7) Courts struggle with issues relating to the adequacy of consideration for restrictive covenants.  The controversial Fifield decision by the Illinois Appellate Court several years ago continued to make waves in 2015.  The court in Fifield held that a restrictive covenant executed by an at-will employee is unenforceable, for lack of adequate consideration, unless the employment relationship lasts at least two years beyond the date of execution.  Fifield v. Premier Dealer Service, 993 N.E.2d 938 (Il. App (1st) 2013).  The Illinois Supreme Court has not yet opined on that holding.  This past year, several Chicago federal trial judges, adjudicating cases in which they decided it was necessary to predict whether the Illinois Supreme Court would agree with Fifield, reached opposing conclusions.  Moreover, in McInnis v. OAG Motorcycle Ventures, Inc., 35 N.E.3d 1076 (Il. App. (1st) 2015), a panel of the Illinois Appellate Court split 2-1 on the question of whether Fifield should be followed.

Another wrinkle involving consideration arose in Pennsylvania, which adopted the so-called “Uniform Written Obligations Act” (“UWOA”) (solely in force in Pennsylvania).  Under the UWOA, if a written contract contains a commitment to which the parties “intend to be legally bound,” then the parties may not question the adequacy of consideration for the agreement.  On the other hand, the state has a long history of disfavoring restrictive covenants in employment agreements.  This past year, the Pennsylvania Supreme Court ruled unenforceable for lack of consideration a covenant entered into after the commencement of employment, but for which no benefit or favorable change in employment status was given to the employee.  Socko v. Mid-Atlantic Systems of CPA, Inc., Case No. 3-40-2015 (Nov. 18, 2015).  This ruling came down notwithstanding the UWOA, even though the agreement expressly quoted the “legally bound” language of that law.  See id.  This decision does not alter the doctrine that covenants signed by employees upon hire are supported by adequate consideration. We expect to see more challenges to the adequacy of consideration by employees in 2016.

8) New state legislation concerning restrictive covenants.  State legislatures have enacted, and probably will continue to enact, new laws bearing on restrictive covenants.

  1. New Hawaii statute. Passed in 2015, it provides that a non-compete or non-solicit clause in an employment contract for an employee of a technology business is void.
  2. New Connecticut, Montana, and Virginia statutes. In 2015, these three states joined more than a dozen others by enacting laws that restrict employer access to personal social media accounts of employees and job applicants.  We predict that these laws will adversely impact employers’ efforts to uncover trade secret theft.
  3. New Mexico health care practitioner statute. A law passed in 2015 provides that an employer of a health care practitioner may not enforce a non-compete covenant restricting the practitioner from providing post-termination clinical health care services.
  4. Alabama and Oregon statutes. Alabama revised its non-compete statute (effective January 1, 2016). The revised statute will make it easier for employers to enforce non-competes against Alabama employees. Additionally, Oregon limited the duration of non-competes with employees to 18 months. The new law is also effective January 1, 2016.

9) Rulings regarding validity of forum selection provisions in restrictive covenant agreements.  Some multi-state employers use one-size-fits-all covenants, and that practice—coupled with a litigant’s forum shopping—sometimes leads to unexpected inconsistencies.  California’s policy, articulated in Business and Professions Code Section 16600 (which provides that employee non-compete  clauses are typically void), has figured in a number of these cases and likely will continue to do so.  California courts continue to dismiss or transfer such cases to other states in accordance with contracting parties’ forum choice notwithstanding employees’ arguments that the forum state might enforce covenants which seemingly are void in California. We did see some reluctance by courts in Delaware and New York to impose broad restrictive covenants on employees in 2015, particularly where the designated choice of law may unfairly impact the employee.

10) Proposed EU Directive to protect trade secrets makes progress; vote nears on U.S. involvement in Trans Pacific Partnership. The European Union and other foreign countries have varying rules with regard to the protection of trade secrets.  In some instances, there are no rules regarding trade secret protection or the laws are not enforced.  A U.S. company doing business abroad may encounter a wide variety of practices applicable to trade secrets. There has been an effort to harmonize trade secrets law abroad to provide minimum standards as exemplified by the proposed EU Directive.

As we reported, the proposed EU Directive crossed yet one more procedural hurdle with a provisional agreement on the Directive reached by the European Council (represented by the Luxembourg presidency) and representatives of the European Parliament. Now that the provisional agreement has been reached, the Parliament and Council will conduct a legal-linguistic review of the text.  Once that process has been completed, the proposed Directive will then be submitted to the full Parliament for approval.  Currently, the Parliament is expected to vote on the Directive around March 2016, but the precise date for a first reading has yet to be determined.

Additionally, as we reported, a proposed trade agreement, the Trans Pacific Partnership, was reached in October 2015 among a dozen Pacific Rim countries and the U.S.  While the implementing legislation still needs to be passed by the signatory countries, the agreement will require signatory nations,  such as Australia, Canada, Singapore, and Malaysia, to implement criminal procedures and penalties for the unauthorized misappropriation of trade secrets.  The agreement signifies the Obama Administration’s continued effort to enhance trade secret protections at home and abroad for the benefit of U.S. companies.